android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,035,723 Commits 2 Branches 0 Tags 2.3 GiB
lineage-22.0
Commit Graph

67453 Commits

Author SHA1 Message Date
Michael Bestas
6725684c74
Merge tag 'ASB-2024-12-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio 
https://source.android.com/docs/security/bulletin/2024-12-01

* tag 'ASB-2024-12-05_12-5.10' of https://android.googlesource.com/kernel/common: (649 commits)
  ANDROID: ABI: update symbol list for honor
  ANDROID: fs: add vendor hook to collect IO statistics
  ANDROID: tools/objtool: Pass CFLAGS to libsubcmd build via EXTRA_CFLAGS
  UPSTREAM: HID: core: zero-initialize the report buffer
  ANDROID: libsubcmd: Hoist iterator variable declarations in parse_options_subcommand()
  ANDROID: mm: Fix SPF-aware fast-mremap
  UPSTREAM: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
  UPSTREAM: f2fs: support SEEK_DATA and SEEK_HOLE for compression files
  Revert "genetlink: hold RCU in genlmsg_mcast()"
  ANDROID: add file for recording allowed ABI breaks
  ANDROID: GKI: update symbol list for honor
  ANDROID: Allow vendor modules perform more operations on memleak detect
  UPSTREAM: drm/omap: fix misleading indentation in pixinc()
  UPSTREAM: bitfield: build kunit tests without structleak plugin
  BACKPORT: FROMGIT: binder: add delivered_freeze to debugfs output
  BACKPORT: FROMGIT: binder: fix memleak of proc->delivered_freeze
  FROMGIT: binder: allow freeze notification for dead nodes
  FROMGIT: binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs
  FROMGIT: binder: fix BINDER_WORK_FROZEN_BINDER debug logs
  BACKPORT: FROMGIT: binder: fix freeze UAF in binder_release_work()
  ...

 Conflicts:
	android/abi_gki_aarch64.xml
	net/qrtr/af_qrtr.c

Change-Id: I4f416cf6c90e71fbdc0bea2c76a620842a2a2288
 2024-12-16 00:43:42 +02:00
Greg Kroah-Hartman
b0e9b554c3 Merge tag 'android12-5.10.228_r00' into android12-5.10 
This merges up to the 5.10.228 LTS release into the android12-5.10
branch.  Changes included in here are:

* 38dc270ca0 Revert "genetlink: hold RCU in genlmsg_mcast()"
*   c515597aec Merge 02874ca52d ("tracing: Consider the NULL character when validating the event length") into android12-5.10-lts
|\
| * 02874ca52d tracing: Consider the NULL character when validating the event length
| * df848523d6 jfs: Fix sanity check in dbMount
| * 8605ca4bd0 arm64: Force position-independent veneers
| * 0329056e07 ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
| * 75f828e944 drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
| * 649d646506 iomap: update ki_pos a little later in iomap_dio_complete
| * c9b7743807 exec: don't WARN for racy path_noexec check
| * 20e27c7739 block, bfq: fix procress reference leakage for bfqq in merge chain
| * bf83ba3c55 KVM: s390: gaccess: Check if guest address is in memslot
| * 6e1659b674 KVM: s390: gaccess: Cleanup access to guest pages
| * 472088ffb1 KVM: s390: gaccess: Refactor access address range check
| * 511ca93509 KVM: s390: gaccess: Refactor gpa and length calculation
| * cf9ddf9ed9 arm64: probes: Fix uprobes for big-endian kernels
| * 7f1ef59185 arm64:uprobe fix the uprobe SWBP_INSN in big-endian
| * 6c151aeb6d Bluetooth: bnep: fix wild-memory-access in proto_unregister
| * 5c345c47e8 s390: Initialize psw mask in perf_arch_fetch_caller_regs()
| * 6af43ec3bf usb: typec: altmode should keep reference to parent
| * ed31aba8ce smb: client: fix OOBs when building SMB2_IOCTL request
| * 8c1e6717f6 scsi: target: core: Fix null-ptr-deref in target_alloc_device()
| * 4af714e823 genetlink: hold RCU in genlmsg_mcast()
| * b632114677 net: systemport: fix potential memory leak in bcm_sysport_xmit()
| * f48eaf4e88 net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
| * aacf6e28ae net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
| * 56dbb74b6a macsec: don't increment counters for an unrelated SA
| * 2c7dd3ca6b drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
| * df6fed0a2a RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
| * 78aaf54ad5 RDMA/bnxt_re: Return more meaningful error
| * 718609f518 ipv4: give an IPv4 dev to blackhole_netdev
| * 59df170bde RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
| * 9076d449e7 ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
| * dbe51dd516 RDMA/bnxt_re: Add a check for memory allocation
| * c17e5cbbb1 RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
* | 012423e6bd Merge 5.10.228 into android12-5.10-lts
|\|
| * 5a8fa04b2a Linux 5.10.228
| * 2abe57d62a ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2
| * 25e86fb0ae powerpc/mm: Always update max/min_low_pfn in mem_topology_setup()
| * c1d0476885 nilfs2: propagate directory read errors from nilfs_find_entry()
| * c38add9ac0 tcp: fix mptcp DSS corruption due to large pmtu xmit
| * fde99e972b mptcp: handle consistently DSS corruption
| * 609937aa96 mptcp: track and update contiguous data status
| * b7d7b7fc87 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
| * 6f44a5fc15 x86/entry_32: Clear CPU buffers after register restore in NMI return
| * 9ab38a1cdb x86/entry_32: Do not clobber user EFLAGS.ZF
| * 8462805788 x86/apic: Always explicitly disarm TSC-deadline timer
| * e475220d64 x86/resctrl: Annotate get_mem_config() functions as __init
| * 1826b6d69b parport: Proper fix for array out-of-bounds access
| * 9f8ddf14fa USB: serial: option: add Telit FN920C04 MBIM compositions
| * 0fc55ec9fc USB: serial: option: add support for Quectel EG916Q-GL
| * 608b626f71 xhci: Fix incorrect stream context type macro
| * fc2cb5e3af Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
| * 63d6a3b078 Bluetooth: Remove debugfs directory on module init failure
| * 516655749a iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * f80375f275 iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * dc99dfa2ba iio: light: opt3001: add missing full-scale range value
| * bf3ab8e1c2 iio: light: veml6030: fix IIO device retrieval from embedded device
| * 2d06787b70 iio: light: veml6030: fix ALS sensor resolution
| * ffc4174309 iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency()
| * 9504153a48 iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * c27133637a iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
| * c4c2211b12 iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
| * 3abc1ebea3 iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
| * 0782809c01 drm/vmwgfx: Handle surface check failure correctly
| * df75c78bfe drm/radeon: Fix encoder->possible_clones
| * 6ddcaee244 io_uring/sqpoll: close race on waiting for sqring entries
| * 3bc6d0f8b7 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
| * eca3edf876 x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
| * e7c0f8ca3b x86/bugs: Skip RSB fill at VMEXIT
| * 0ab77a47e3 x86/entry: Have entry_ibpb() invalidate return predictions
| * c5e57863d7 x86/cpufeatures: Add a IBPB_NO_RET BUG flag
| * 77fa260620 x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
| * dfa4b5d4ba KVM: s390: Change virtual to physical address access in diag 0x258 handler
| * d047095095 s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
| * b12ef2d4df io_uring/sqpoll: do not put cpumask on stack
| * 66b98c4f18 io_uring/sqpoll: retain test for whether the CPU is valid
| * 54a987b41d io_uring/sqpoll: do not allow pinning outside of cpuset
| * 71fbc3af3d KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
| * e8e599a635 wifi: mac80211: fix potential key use-after-free
| * 417d5838ca mm/swapfile: skip HugeTLB pages for unuse_vma
| * 043f055261 fat: fix uninitialized variable
| * bf1a022222 irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
| * cafa5942bd net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY
| * ce43c48cdc arm64: probes: Fix simulate_ldr*_literal()
| * 3728b4eb27 arm64: probes: Remove broken LDR (literal) uprobe support
| * 673a1c5a29 posix-clock: Fix missing timespec64 check in pc_clock_settime()
| * dbe055567a net: enetc: add missing static descriptor and inline keyword
| * 5f47cdeeef ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
* | af2f7573ea Revert "xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup"
* | 705b091042 Revert "net: Handle l3mdev in ip_tunnel_init_flow"
* | 0ba4653710 Merge 5.10.227 into android12-5.10-lts
|\|
| * eac1c5bfc1 Linux 5.10.227
| * 9350016415 net: dsa: microchip: fix build warning
| * 9f76a9d184 RDMA/hns: Fix uninitialized variable
* | 7ad1ad5a55 Merge 4911610c7a ("ext4: fix warning in ext4_dio_write_end_io()") into android12-5.10-lts
|\|
| * 4911610c7a ext4: fix warning in ext4_dio_write_end_io()
* | b585ecc2c9 Merge 05cc42d601 ("netfilter: ip6t_rpfilter: Fix regression with VRF interfaces") into android12-5.10-lts
|\|
| * 05cc42d601 netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
| * 95f62e5a78 net: vrf: determine the dst using the original ifindex for multicast
| * 3adb1be04f net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev
| * ab6c9463b1 net: Handle l3mdev in ip_tunnel_init_flow
| * 0825c5ff24 xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup
| * 4bf1bd3fff net: geneve: add missing netlink policy and size for IFLA_GENEVE_INNER_PROTO_INHERIT
| * 73f75d2b5a nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
| * 548d0102dc net: dsa: lan9303: ensure chip reset and wait for READY status
| * 68ad5da6ca net: Fix an unsafe loop on the list
| * fcda074c98 hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
| * e7a1d51b39 usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
| * 1d7fc802a7 usb: xhci: Fix problem with xhci resume from suspend
| * f8dea2fede usb: dwc3: core: Stop processing of pending events if controller is halted
* | 9b1caf0550 Merge a7564b1606 ("Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"") into android12-5.10-lts
|\|
| * a7564b1606 Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
| * 8669bca53f HID: plantronics: Workaround for an unexcepted opposite volume key
| * 799a06ca7f hwmon: (adm9240) Add missing dependency on REGMAP_I2C
| * ab6bc15e99 hwmon: (tmp513) Add missing dependency on REGMAP_I2C
| * 1d5f85f1b7 resource: fix region_intersects() vs add_memory_driver_managed()
| * 36b054324d slip: make slhc_remember() more robust against malicious packets
| * 30d91a478d ppp: fix ppp_async_encode() illegal access
* | 4098b69102 Revert "net: Add l3mdev index to flow struct and avoid oif reset for port devices"
* | 5cb5d15755 Revert "netfilter: rpfilter/fib: Populate flowic_l3mdev field"
* | 6fc602a28c Revert "netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces."
* | 7253529039 Revert "netfilter: fib: check correct rtable in vrf setups"
* | 81d8cb7a3e Merge 3502b1a297 ("netfilter: fib: check correct rtable in vrf setups") into android12-5.10-lts
|\|
| * 3502b1a297 netfilter: fib: check correct rtable in vrf setups
| * 037145e2a2 netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.
| * d98558fe26 netfilter: rpfilter/fib: Populate flowic_l3mdev field
| * 740de19877 net: Add l3mdev index to flow struct and avoid oif reset for port devices
* | ff0e27a0f9 Merge 265bf63e24 ("sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start") into android12-5.10-lts
|\|
| * 265bf63e24 sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
| * 23e139f90b net: ibm: emac: mal: fix wrong goto
| * adbc3eef43 net/sched: accept TCA_STAB only for root qdisc
| * d79af3af2f igb: Do not bring the device up after non-fatal error
| * c70e05b929 gpio: aspeed: Use devm_clk api to manage clock source
| * 36fd66cb51 gpio: aspeed: Add the flush write to ensure the write complete.
* | ca21e0d3a8 Merge 0e91c4b484 ("net: dsa: b53: fix jumbo frames on 10/100 ports") into android12-5.10-lts
|\|
| * 0e91c4b484 net: dsa: b53: fix jumbo frames on 10/100 ports
| * a7c9402bbc net: dsa: b53: allow lower MTUs on BCM5325/5365
| * 9f3407aa6c net: dsa: b53: fix max MTU for BCM5325/BCM5365
| * 0109267c1e net: dsa: b53: fix max MTU for 1g switches
| * a625acf221 net: dsa: b53: fix jumbo frame mtu check
| * e13ffbf5fd net: phy: bcm84881: Fix some error handling paths
| * ef44274dae Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
| * cce8419b81 netfilter: br_netfilter: fix panic with metadata_dst skb
| * 8a517d1845 tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
| * fe238ddf85 tcp: fix to allow timestamp undo if no retransmits were sent
* | 6c71f56f4f Merge 21b5af7f0c ("net: phy: dp83869: fix memory corruption when enabling fiber") into android12-5.10-lts
|\|
| * 21b5af7f0c net: phy: dp83869: fix memory corruption when enabling fiber
| * f892165c56 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
| * 64f1b4922b SUNRPC: Fix integer overflow in decode_rc_list()
| * 1fc13f6a41 ice: fix VLAN replay after reset
| * 993ce09fe6 NFSD: Mark filecache "down" if init fails
* | e22e091f95 Merge de5a059e36 ("RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt") into android12-5.10-lts
|\|
| * de5a059e36 RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
| * 252f147b18 fbdev: sisfb: Fix strbuf array overflow
| * f4149eec96 drm/amd/display: Check null pointer before dereferencing se
| * 56452dbc0a driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute
| * d8ac7378bc tools/iio: Add memory allocation failure check for trigger_name
| * 4ce662fe4b virtio_pmem: Check device status before requesting flush
| * 30ea38665d usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario
| * 4c83143fc6 usb: chipidea: udc: enable suspend interrupt after usb reset
| * b677b94a91 clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
| * 37c181e389 media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
| * b650189687 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
| * 63047187a5 PCI: Mark Creative Labs EMU20k2 INTx masking as broken
| * a28703d4d4 i2c: i801: Use a different adapter-name for IDF adapters
| * e4f218455c PCI: Add ACS quirk for Qualcomm SA8775P
| * f3e0a8b7d4 clk: bcm: bcm53573: fix OF node leak in init
| * b10c1ca941 PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
| * 713adaf0ec RDMA/mad: Improve handling of timed out WRs of mad agent
| * 24318116c4 ktest.pl: Avoid false positives with grub2 skip regex
| * 345d3c0bf2 s390/cpum_sf: Remove WARN_ON_ONCE statements
| * c2097d5efb ext4: nested locking for xattr inode
| * dced2c9d66 s390/mm: Add cond_resched() to cmm_alloc/free_pages()
| * 1cd197813e s390/facility: Disable compile time optimization for decompressor code
| * 029aa36ba3 bpf: Check percpu map value size first
| * 4f4a6d70d7 Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
| * 546fb43a2e tracing/kprobes: Fix symbol counting logic by looking at modules as well
| * 90a6a070a8 tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
* | 2a22a03cae Merge 2622c805ab ("kallsyms: Make module_kallsyms_on_each_symbol generally available") into android12-5.10-lts
|\|
| * 2622c805ab kallsyms: Make module_kallsyms_on_each_symbol generally available
| * 2aa861ec72 kallsyms: Make kallsyms_on_each_symbol generally available
| * 9b82d737d2 virtio_console: fix misc probe bugs
| * f2fd1a9597 tracing: Have saved_cmdlines arrays all in one allocation
| * 25b0021620 s390/zcore: release dump save area on restart or power down
| * 0b4dc46f87 s390/zcore: no need to check return value of debugfs_create functions
| * 421795b064 drm/crtc: fix uninitialized variable use even harder
| * a009e88cc9 tracing: Remove precision vsnprintf() check from print event
| * 6063d72b61 net: ethernet: cortina: Drop TSO support
| * 39fffca572 unicode: Don't special case ignorable code points
| * 6592347f06 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
| * 2f6da71e9d ext4: fix inode tree inconsistency caused by ENOMEM
| * da964de4c1 ACPI: battery: Fix possible crash when unregistering a battery hook
| * 20557232c9 ACPI: battery: Simplify battery hook locking
| * 991e8b0bab r8169: add tally counter fields added with RTL8125
| * 238d5c541e r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
| * 281edfa1cd clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
* | 96a5139526 Merge 570e257621 ("drm/rockchip: vop: clear DMA stop bit on RK3066") into android12-5.10-lts
|\|
| * 570e257621 drm/rockchip: vop: clear DMA stop bit on RK3066
| * 411e2e1d01 drm/rockchip: support gamma control on RK3399
| * 1aeaa7e8d8 drm/rockchip: define gamma registers for RK3399
| * f561b48d63 uprobes: fix kernel info leak via "[uprobes]" vma
* | 042d3e2676 Merge 24afda0421 ("arm64: errata: Expand speculative SSBS workaround once more") into android12-5.10-lts
|\|
| * 24afda0421 arm64: errata: Expand speculative SSBS workaround once more
| * 9df353ca13 arm64: cputype: Add Neoverse-N3 definitions
| * c45edd5942 arm64: Add Cortex-715 CPU part definition
* | ce691439c0 Revert "ext4: properly sync file size update after O_SYNC direct IO"
* | f46870ab3d Revert "ext4: dax: fix overflowing extents beyond inode size when partially writing"
* | 5d9c84863f Merge f8a7c34232 ("ext4: dax: fix overflowing extents beyond inode size when partially writing") into android12-5.10-lts
|\|
| * f8a7c34232 ext4: dax: fix overflowing extents beyond inode size when partially writing
* | 8fb88ba5de Merge dde4c1e166 ("ext4: properly sync file size update after O_SYNC direct IO") into android12-5.10-lts
|\|
| * dde4c1e166 ext4: properly sync file size update after O_SYNC direct IO
* | e62d85f9ba Merge 6ff56ef7f7 ("i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled") into android12-5.10-lts
|\|
| * 6ff56ef7f7 i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
* | b5e0cda160 Merge d223126bb0 ("i2c: xiic: Use devm_clk_get_enabled()") into android12-5.10-lts
|\|
| * d223126bb0 i2c: xiic: Use devm_clk_get_enabled()
* | ed3c358943 Merge 9bd3443e34 ("i2c: xiic: Simplify with dev_err_probe()") into android12-5.10-lts
|\|
| * 9bd3443e34 i2c: xiic: Simplify with dev_err_probe()
* | 93d28c0f5a Merge 8b55076b7b ("kconfig: qconf: fix buffer overflow in debug links") into android12-5.10-lts
|\|
| * 8b55076b7b kconfig: qconf: fix buffer overflow in debug links
* | 6e988ae353 Merge bfab5fbc12 ("drm/sched: Add locking to drm_sched_entity_modify_sched") into android12-5.10-lts
|\|
| * bfab5fbc12 drm/sched: Add locking to drm_sched_entity_modify_sched
* | 25d36c65fb Merge c54aa7d750 ("gpio: davinci: fix lazy disable") into android12-5.10-lts
|\|
| * c54aa7d750 gpio: davinci: fix lazy disable
* | 9fbdcfe7bb Merge 70b60c8d9b ("btrfs: wait for fixup workers before stopping cleaner kthread during umount") into android12-5.10-lts
|\|
| * 70b60c8d9b btrfs: wait for fixup workers before stopping cleaner kthread during umount
* | d476e18cbf Merge d73d48acf3 ("btrfs: fix a NULL pointer dereference when failed to start a new trasacntion") into android12-5.10-lts
|\|
| * d73d48acf3 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
* | 657f07546b Merge 67db431b85 ("ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]") into android12-5.10-lts
|\|
| * 67db431b85 ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
* | 17c42250e8 Merge 1a819c7f85 ("ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]") into android12-5.10-lts
|\|
| * 1a819c7f85 ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
* | c53240428e Revert "clk: qcom: clk-rpmh: Fix overflow in BCM vote"
* | 509ddbb2b8 Merge f976d964a6 ("Input: adp5589-keys - fix adp5589_gpio_get_value()") into android12-5.10-lts
|\|
| * f976d964a6 Input: adp5589-keys - fix adp5589_gpio_get_value()
| * bf8363e46f rtc: at91sam9: fix OF node leak in probe() error path
| * e33fe25b1e net: stmmac: Fix zero-division error when disabling tc cbs
| * 68e579316c tomoyo: fallback to realpath if symlink's pathname does not exist
| * 68c77a70e3 iio: magnetometer: ak8975: Fix reading for ak099xx sensors
| * 1d108095d5 clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
| * 60b6968341 media: venus: fix use after free bug in venus_remove due to race condition
| * 4445bc6e9f clk: qcom: clk-rpmh: Fix overflow in BCM vote
| * 3f73da56af media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
| * 5443e70fb7 media: sun4i_csi: Implement link validate for sun4i_csi subdev
| * ed0d5103f9 clk: rockchip: fix error for unknown clocks
| * f63461af2c aoe: fix the potential use-after-free problem in more places
| * 7ae7ada29a NFSD: Fix NFSv4's PUTPUBFH operation
| * 0ea4333c67 nfsd: map the EBADMSG to nfserr_io to avoid warning
| * 96cad5da79 nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
| * f692160d3e exfat: fix memory leak in exfat_load_bitmap()
| * e01e9ae43e riscv: define ILLEGAL_POINTER_VALUE for 64bit
| * 61b84013e5 ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
| * bf605ae98d ocfs2: fix null-ptr-deref when journal load failed.
| * 3f1ca6ba54 ocfs2: remove unreasonable unlock in ocfs2_read_blocks
| * 14114d8148 ocfs2: cancel dqi_sync_work before freeing oinfo
| * aac31d654a ocfs2: reserve space for inline xattr before attaching reflink tree
| * 8e3bf36636 ocfs2: fix uninit-value in ocfs2_get_block()
| * ff1500fe26 ocfs2: fix the la space leak when unmounting an ocfs2 volume
| * a543785856 mm: krealloc: consider spare memory for __GFP_ZERO
| * 7fabacb337 jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
| * 481e8f18a2 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
| * 2bda897351 drm: omapdrm: Add missing check for alloc_ordered_workqueue
| * 3e8862875f of/irq: Support #msi-cells=<0> in of_msi_get_domain
| * a63fdf20cc parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
| * ea7dead204 parisc: Fix 64-bit userspace syscall path
| * 25ec5c873c ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
| * 6766937d03 ext4: update orig_path in ext4_find_extent()
| * b6c29c8f3d ext4: fix double brelse() the buffer of the extents path
| * 5e811066c5 ext4: aovid use-after-free in ext4_ext_insert_extent()
| * 8c26d9e53e ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
| * 4286a04183 ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
| * 7bcdef04d0 ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
| * e52f933598 ext4: fix slab-use-after-free in ext4_split_extent_at()
| * 133ff0d78f ext4: no need to continue when the number of entries is 1
* | 6a00671aec Merge 2c08dfc99f ("ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9") into android12-5.10-lts
|\|
| * 2c08dfc99f ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
| * c36ff6948c ALSA: line6: add hw monitor volume control to POD HD500X
| * 64d315aeec ALSA: core: add isascii() check to card ID generator
| * b078a7eee1 drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
| * afa9990523 parisc: Fix itlb miss handler for 64-bit programs
| * d6b22a2d55 perf/core: Fix small negative period being ignored
| * 8ab638bb49 spi: bcm63xx: Fix module autoloading
| * f53c2b55d0 firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
| * 2c1effc225 i2c: xiic: Wait for TX empty to avoid missed TX NAKs
| * 46c72b0139 i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
| * 9b8bc33ad6 i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
| * 10dde0c1fb selftests/mm: fix charge_reserved_hugetlb.sh test
| * e45803c71f selftests: vDSO: fix vDSO symbols lookup for powerpc64
| * 7624223155 selftests: breakpoints: use remaining time to check if suspend succeed
| * eda94fc74b spi: s3c64xx: fix timeout counters in flush_fifo
| * e3b57186f4 spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
| * 53b1999cfd ext4: fix i_data_sem unlock order in ext4_ind_migrate()
| * b0cb4561fc ext4: avoid use-after-free in ext4_ext_show_leaf()
| * a34416ec26 ext4: ext4_search_dir should return a proper error
| * e82df17e5f of/irq: Refer to actual buffer size in of_irq_parse_one()
| * 29f3889457 drm/amd/pm: ensure the fw_info is not null before using it
| * 0a377fcace drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
| * aec72bfbc1 scsi: aacraid: Rearrange order of struct aac_srb_unit
| * cf387300b8 drm/printer: Allow NULL data in devcoredump printer
| * f921335123 drm/amd/display: Initialize get_bytes_per_element's default to 1
| * 7ab69af56a drm/amd/display: Fix index out of bounds in DCN30 color transformation
| * c130a3c09e drm/amd/display: Fix index out of bounds in degamma hardware format translation
| * ad89f83343 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
| * 0167d570f6 drm/amd/display: Check stream before comparing them
| * e2743d0a03 platform/x86: touchscreen_dmi: add nanote-next quirk
| * 831e8a816e drm/amdgpu: enable gfxoff quirk on HP 705G4
| * e407715e7a drm/amdgpu: add raven1 gfxoff quirk
| * 8b1dcf25c2 jfs: Fix uninit-value access of new_ea in ea_buffer
| * 2451e5917c jfs: check if leafidx greater than num leaves per dmap tree
| * fd026b6b67 jfs: Fix uaf in dbFreeBits
| * f9db7bb112 jfs: UBSAN: shift-out-of-bounds in dbFindBits
| * 8d54001f8d drm/amd/display: Check null pointers before using dc->clk_mgr
| * 49ded70954 ata: sata_sil: Rename sil_blacklist to sil_quirks
* | b48eba851f Merge 1ebfa66638 ("drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream") into android12-5.10-lts
|\|
| * 1ebfa66638 drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
| * de9e7f6876 iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count
| * 5652c448da iommu/vt-d: Always reserve a domain ID for identity setup
| * 9e493f002d power: reset: brcmstb: Do not go into infinite loop if reset fails
| * d9245b9296 iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
| * ceff6f5e71 rcuscale: Provide clear error when async specified without primitives
| * e6897e299f fbdev: pxafb: Fix possible use after free in pxafb_task()
| * 79681036a3 x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
| * 98111af338 ALSA: hdsp: Break infinite MIDI input flush loop
| * 219587bca2 ALSA: asihpi: Fix potential OOB array access
| * e2b200c502 ALSA: usb-audio: Add logitech Audio profile quirk
| * 35733d1a60 ALSA: usb-audio: Define macros for quirk table entries
| * 6ee6835f82 signal: Replace BUG_ON()s
| * aa4e9056df nfp: Use IRQF_NO_AUTOEN flag in request_irq()
| * 1756918f51 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
| * 47be40b698 proc: add config & param to block forcing mem writes
| * 02c1725eb2 ACPICA: iasl: handle empty connection_node
| * 95a91802e4 tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
| * b7cbdd6b1b net: atlantic: Avoid warning about potential string truncation
| * a479b653d5 ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
| * 669d337aa1 ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
| * bf60b4f587 net: mvpp2: Increase size of queue_name buffer
| * e2b2558971 tipc: guard against string buffer overrun
| * cbb67e245d ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
| * a40e7a2b80 ACPI: EC: Do not release locks during operation region accesses
| * 7cd004102b wifi: rtw88: select WANT_DEV_COREDUMP
| * 0f26f26944 wifi: ath11k: fix array out-of-bound access in SoC stats
| * 1f61d50925 blk_iocost: fix more out of bound shifts
| * 62b8a46ba8 net: sched: consistently use rcu_replace_pointer() in taprio_change()
* | baa474b078 Merge 74c63fd016 ("ACPICA: Fix memory leak if acpi_ps_get_next_field() fails") into android12-5.10-lts
|\|
| * 74c63fd016 ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
| * 30cd2158f2 ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
| * 4440bac6f0 net: hisilicon: hns_mdio: fix OF node leak in probe()
| * 1245542856 net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
| * ac6e862b8d net: hisilicon: hip04: fix OF node leak in probe()
| * a7f0073fcd net/xen-netback: prevent UAF in xenvif_flush_hash()
| * ed418cad83 ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node()
| * b02eb7c86f wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
| * 2171e1d750 wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
| * 000bab8753 f2fs: Require FMODE_WRITE for atomic write ioctls
| * b820cb910f ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
| * f7785c4498 ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
| * f10d29b108 ALSA: hda/realtek: Fix the push button function for the ALC257
| * 7c93044298 ALSA: mixer_oss: Remove some incorrect kfree_const() usages
| * f13b04cf65 Bluetooth: L2CAP: Fix not validating setsockopt user input
| * 4ec4641df5 media: usbtv: Remove useless locks in usbtv_video_free()
| * a73d996436 i2c: xiic: Try re-initialization on bus busy timeout
| * c9668503e4 i2c: xiic: improve error message when transfer fails to start
| * 2d320d9de7 i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
| * 148fdc3c7d i2c: xiic: Fix RX IRQ busy check
| * 30def367fa i2c: xiic: Switch from waitqueue to completion
| * 6da4bbeb16 i2c: xiic: Fix broken locking on tx_msg
| * dd70c8a89e sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
| * 16b66c46b6 ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
| * 566a931a14 net: add more sanity checks to qdisc_pkt_len_init()
| * ba26060a29 net: avoid potential underflow in qdisc_pkt_len_init() with UFO
| * 185df15984 net: ethernet: lantiq_etop: fix memory disclosure
| * c8bb4e2d5f Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
* | 6f91c0260d Merge 531754952f ("netfilter: nf_tables: prevent nf_skb_duplicated corruption") into android12-5.10-lts
|\|
| * 531754952f netfilter: nf_tables: prevent nf_skb_duplicated corruption
| * 7675fe977b net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
| * 181fbbdd46 netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
* | 6136b834d6 Merge cdd86fb75f ("net/mlx5: Added cond_resched() to crdump collection") into android12-5.10-lts
|\|
| * cdd86fb75f net/mlx5: Added cond_resched() to crdump collection
| * ca36d6c1a4 net/mlx5: Fix error path in multi-packet WQE transmit
| * fd7fcd802e ieee802154: Fix build error
| * f55e003d26 ceph: remove the incorrect Fw reference check when dirtying pages
| * 32ee78823d mailbox: bcm2835: Fix timeout during suspend mode
| * 3948c73c92 mailbox: rockchip: fix a typo in module autoloading
| * 6b9a551b83 spi: lpspi: Simplify some error message
| * 767b71f292 usb: yurex: Fix inconsistent locking bug in yurex_read()
| * 9f1c4edee8 i2c: isch: Add missed 'else'
| * 742a1b69c0 i2c: aspeed: Update the stop sw state when the bus recovery occurs
| * 52f7cab290 mm: only enforce minimum stack gap size if it's sensible
| * 1472dd897f lockdep: fix deadlock issue between lockdep and rcu
| * 118a0c3e55 xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
| * cc1de44135 usb: renesas-xhci: Remove renesas_xhci_pci_exit()
| * 0f8e74a061 pps: add an error check in parport_attach
| * 0e50834814 pps: remove usage of the deprecated ida_simple_xx() API
| * 47a632e5c6 USB: misc: yurex: fix race between read and write
| * bf509ca62f usb: yurex: Replace snprintf() with the safer scnprintf() variant
| * 6ea76e19d6 soc: versatile: realview: fix soc_dev leak during device remove
| * 6b3b25311d soc: versatile: realview: fix memory leak during device remove
| * 263d04df06 PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
| * 6dacc0b667 PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
| * 46c4079460 padata: use integer wrap around to prevent deadlock on seq_nr overflow
| * 7d0079d644 nfs: fix memory leak in error path of nfs4_do_reclaim
| * a239ff33c5 fs: Fix file_set_fowner LSM hook inconsistencies
| * 47a68c7505 vfs: fix race between evice_inodes() and find_inode()&iput()
| * 0eecd2ee23 arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity
| * b2cb101b9b arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
| * d41d665346 hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
| * 1b2137f6c9 hwrng: mtk - Use devm_pm_runtime_enable
| * cef1056ee6 f2fs: avoid potential int overflow in sanity_check_area_boundary()
| * 85c2f7bd57 f2fs: prevent possible int overflow in dir_block_index()
| * 5e3a031dfa debugobjects: Fix conditions in fill_pool()
| * dbffe7be55 wifi: rtw88: 8822c: Fix reported RX band width
| * 44f1816749 perf/x86/intel/pt: Fix sampling synchronization
| * f76b69ab9c efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
| * 45a765f4ba ACPI: resource: Add another DMI match for the TongFang GMxXGxx
| * 4b081991c4 ACPI: sysfs: validate return type of _STR method
| * 2e20b69b86 drbd: Add NULL check for net_conf to prevent dereference in state validation
| * 62720f2daa drbd: Fix atomicity violation in drbd_uuid_set_bm()
| * a295fa38dc crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
| * c7148bf45d tty: rp2: Fix reset with non forgiving PCIe host bridges
| * c30558e6c5 firmware_loader: Block path traversal
| * e89f925093 bus: integrator-lm: fix OF node leak in probe()
| * 61c12c72b1 USB: class: CDC-ACM: fix race between get_serial and set_serial
| * fa83e1df43 USB: misc: cypress_cy7c63: check for short transfer
| * 1c5cd41b4b USB: appledisplay: close race between probe and completion handler
| * 84f4d44703 drm/amd/display: Round calculated vtotal
| * 60aadf84be Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
| * 13175be789 Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
| * bf3f1affba Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
| * cb9897b946 soc: versatile: integrator: fix OF node leak in probe() error path
| * c55ebcb216 ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
| * aaaf3cd0a7 Remove *.orig pattern from .gitignore
| * f291dc4cbc mptcp: fix sometimes-uninitialized warning
| * 2dbc4b7bac selinux,smack: don't bypass permissions check in inode_setsecctx hook
| * 4b81a9f92b bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
| * 0e6378dd9b Revert "bpf: Eliminate rlimit-based memory accounting for devmap maps"
| * bfe249c151 Revert "bpf: Fix DEVMAP_HASH overflow check on 32-bit arches"
| * 8926201447 x86/mm: Switch to new Intel CPU model defines
| * 089aece01a powercap: RAPL: fix invalid initialization for pl4_supported field
| * ba624f656a Input: goodix - use the new soc_intel_is_byt() helper
| * 50460579fe drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
* | f6317d304f Merge e0dbda9f26 ("netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS") into android12-5.10-lts
|\|
| * e0dbda9f26 netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS
* | 0e233e78a8 Merge db9c5f08ee ("netfilter: nf_tables: Keep deleted flowtable hooks until after RCU") into android12-5.10-lts
|\|
| * db9c5f08ee netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
* | e45c637aa5 Merge 6c36857fe5 ("net: qrtr: Update packets cloning when broadcasting") into android12-5.10-lts
|\|
| * 6c36857fe5 net: qrtr: Update packets cloning when broadcasting
* | 8acb711851 Merge ec31cf42fc ("tcp: check skb is non-NULL in tcp_rto_delta_us()") into android12-5.10-lts
|\|
| * ec31cf42fc tcp: check skb is non-NULL in tcp_rto_delta_us()
* | 69acbd5795 Merge 98d14164c0 ("net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL") into android12-5.10-lts
|\|
| * 98d14164c0 net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
* | 13cdfa4cd3 Merge 338a0582b2 ("net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition") into android12-5.10-lts
|\|
| * 338a0582b2 net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
* | 973b583bb8 Merge dcf48ab3ca ("netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()") into android12-5.10-lts
|\|
| * dcf48ab3ca netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
* | 0407f5e40e Merge 1429a9260f ("Revert "dm: requeue IO if mapping table not yet available"") into android12-5.10-lts
|\|
| * 1429a9260f Revert "dm: requeue IO if mapping table not yet available"
| * 0c170b1e91 vhost_vdpa: assign irq bypass producer token correctly
| * 10348fb6fe vdpa: Add eventfd for the vdpa callback
| * 64add9aaf7 interconnect: qcom: sm8250: Enable sync_state
| * d4951dd16e coresight: tmc: sg: Do not leak sg_table
| * cf0674248d iio: adc: ad7606: fix standby gpio state to match the documentation
| * 1ea56cd9a6 iio: adc: ad7606: fix oversampling gpio array
| * b7413dbc63 spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
| * 0ed35dd547 spi: lpspi: release requested DMA channels
| * d612d419a5 spi: lpspi: Silence error message upon deferred probe
| * 6f2eeba7c3 f2fs: reduce expensive checkpoint trigger frequency
| * 3dc483f0e6 f2fs: remove unneeded check condition in __f2fs_setxattr()
| * 87aceb1ce6 f2fs: fix to update i_ctime in __f2fs_setxattr()
| * db930da947 f2fs: fix typo
| * 7b5476f061 f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
| * 0f1d007bbe nfsd: return -EINVAL when namelen is 0
| * 9f03f0016f nfsd: call cache_put if xdr_reserve_space returns NULL
| * 40d5787354 ntb_perf: Fix printk format
| * ef7e34237e ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
| * dd598ac57d RDMA/cxgb4: Added NULL check for lookup_atid
| * 502dac909e riscv: Fix fp alignment bug in perf_callchain_user()
| * 322911a2e6 RDMA/hns: Optimize hem allocation performance
| * 07f0f643d7 RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
| * 1e6195dc7a RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
| * 6258c4fb8d RDMA/hns: Refactor root BT allocation for MTR
| * d06fbe0b87 RDMA/hns: Add mapped page count checking for MTR
| * 2a2894e90c watchdog: imx_sc_wdt: Don't disable WDT in suspend
| * 5353f8ec59 pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
| * d8c75b8a91 pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
| * 6007359143 nfsd: fix refcount leak when file is unhashed after being found
| * 6fcb4bbbec nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
* | da5751e56b Revert "device property: Add const qualifier to device_get_match_data() parameter"
* | 47d930c2c7 Revert "i2c: Add i2c_get_match_data()"
* | a99e4337ab Revert "hwmon: (max16065) Remove use of i2c_match_id()"
* | 9c428fa328 Revert "hwmon: (max16065) Fix alarm attributes"
* | 246d613c20 Revert "cgroup: Make operations on the cgroup root_list RCU safe"
* | 77867ef6d4 Revert "cgroup: Move rcu_head up near the top of cgroup_root"
* | 8cf71990ea Revert "inet: inet_defrag: prevent sk release while still in use"
* | 3ce4532099 Revert "bareudp: Pull inner IP header in bareudp_udp_encap_recv()."
* | 9e57ad4546 Merge 0ce9d89343 ("clk: ti: dra7-atl: Fix leak of of_nodes") into android12-5.10-lts
|\|
| * 0ce9d89343 clk: ti: dra7-atl: Fix leak of of_nodes
| * 88ba7cd9f4 pinctrl: single: fix missing error code in pcs_probe()
| * 2efe8da2dd RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
| * f29951897a PCI: xilinx-nwl: Fix register misspelling
| * c289903b7a PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
| * badbd736e6 drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
| * 6ae3b9aee4 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
| * 45f826f6c8 clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
| * ca34aa3782 clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
| * 11396ba4f8 perf time-utils: Fix 32-bit nsec parsing
| * a10a7d6d17 perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time
| * 727660723e perf sched timehist: Fix missing free of session in perf_sched__timehist()
| * ea837ae511 bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
| * d20674f316 nilfs2: fix potential oob read in nilfs_btree_check_delete()
| * e2290906bb nilfs2: determine empty node blocks as corrupted
| * 24bf40740a nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
| * 7fc22c3b3f ext4: avoid OOB when system.data xattr changes underneath the filesystem
| * e65f698736 ext4: return error on ext4_find_inline_entry
| * 2e073a579f ext4: avoid negative min_clusters in find_group_orlov()
| * 22d591d916 ext4: avoid potential buffer_head leak in __ext4_new_inode()
| * 08c63b7962 ext4: avoid buffer_head leak in ext4_mark_inode_used()
| * c4227a38ab smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
| * 4766ba108b ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
| * 3a1a31a38f kthread: fix task state in kthread worker if being frozen
| * 28fbbd0ce7 kthread: add kthread_work tracepoints
| * dd417529c0 xz: cleanup CRC32 edits from 2018
| * 4e1c8c12ca selftests/bpf: Fix C++ compile error from missing _Bool type
| * 9374068b36 selftests/bpf: Fix error compiling test_lru_map.c
| * c2db6acd8c selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc
| * 3467a94126 selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
| * 5ad69f5a04 selftests/bpf: Fix compiling flow_dissector.c with musl-libc
| * 306efef84b selftests/bpf: Fix compiling kfree_skb.c with musl-libc
| * cc52d5282a selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
| * 04eb60af43 selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
| * 2c9b228938 tpm: Clean up TPM space after command failure
| * a0a8b7bebe xen/swiotlb: add alignment check for dma buffers
| * cb9134aa09 xen: use correct end address of kernel for conflict checking
| * 86da3c79b8 drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
| * 02657ced60 drm/msm: fix %s null argument error
| * 72fa5f700e ipmi: docs: don't advertise deprecated sysfs entries
| * e9e482e1e5 drm/msm/a5xx: workaround early ring-buffer emptiness check
| * d041301f30 drm/msm: Drop priv->lastctx
| * 9dffbbd7b8 drm/msm: Add priv->mm_lock to protect active/inactive lists
| * 5ce4075dde drm/msm/a5xx: fix races in preemption evaluation stage
| * cfca8b26a9 drm/msm/a5xx: properly clear preemption records on resume
| * fe93cd6635 drm/msm/a5xx: disable preemption in submits by default
| * 14531e3b82 drm/msm: Fix incorrect file name output in adreno_request_fw()
| * 0338e66cba jfs: fix out-of-bounds in dbNextAG() and diAlloc()
| * 36820265a0 drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
| * 6b38aedfdc drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
| * 5f37e8c415 drm/rockchip: vop: Allow 4096px width scaling
| * e37fead06a drm/radeon: properly handle vbios fake edid sizing
| * af2fb608e9 drm/radeon: Replace one-element array with flexible-array member
| * 5f943045ec drm/amdgpu: properly handle vbios fake edid sizing
| * cd88105616 drm/amdgpu: Replace one-element array with flexible-array member
| * 65f9be0348 drm/stm: Fix an error handling path in stm_drm_platform_probe()
| * 278ec25952 mtd: powernv: Add check devm_kasprintf() returned value
| * 7661e90a60 fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
| * 9fb482fdf3 power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
| * 5c1997f7ad power: supply: axp20x_battery: Remove design from min and max voltage
| * c59f57f3f1 power: supply: axp20x_battery: allow disabling battery charging
| * 8202306e9f hwmon: (ntc_thermistor) fix module autoloading
| * 9efa58381a mtd: slram: insert break after errors in parsing the map
| * d7a7dd2966 hwmon: (max16065) Fix alarm attributes
| * 932559f25a hwmon: (max16065) Remove use of i2c_match_id()
| * 514a1508c3 i2c: Add i2c_get_match_data()
| * 167e4371ef device property: Add const qualifier to device_get_match_data() parameter
| * aeed49dd2b hwmon: (max16065) Fix overflows seen when writing limits
| * cdb20b703e m68k: Fix kernel_clone_args.flags in m68k_clone()
| * 42a9899e56 clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init()
| * 97586fbd69 reset: berlin: fix OF node leak in probe() error path
| * ad0b53e4b5 ARM: versatile: fix OF node leak in CPUs prepare
| * 06ceed8eff ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
| * fb3cd974fb ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks
| * 5f19060ab0 spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
| * 63c7417ad4 spi: ppc4xx: handle irq_of_parse_and_map() errors
| * 4bc4272e25 block: fix potential invalid pointer dereference in blk_add_partition
| * 4d2760df0f block: print symbolic error name instead of error code
| * 3630a18846 block, bfq: don't break merge chain in bfq_split_bfqq()
| * a819a496d2 block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
| * e1277ae780 block, bfq: fix possible UAF for bfqq->bic with merge chain
| * cab9ff7fe8 net: tipc: avoid possible garbage value
| * 207503742c net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
| * 3df68f37c5 r8169: disable ALDPS per default for RTL8125
| * 5755eabda2 net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
| * e296245ca8 bareudp: Pull inner IP header on xmit.
| * b48fae6788 geneve: Fix incorrect inner network header offset when innerprotoinherit is set
| * 3b84799ea2 net: geneve: support IPv4/IPv6 as inner protocol
| * 76851c70a5 bareudp: Pull inner IP header in bareudp_udp_encap_recv().
| * cb1f7ef1f4 bareudp: allow redirecting bareudp packets to eth devices
| * 2accdb38c1 Bluetooth: btusb: Fix not handling ZPL/short-transfer
| * 3703e18a91 can: m_can: m_can_close(): stop clocks after device has been shut down
| * b6dce5b5a8 can: m_can: Add support for transceiver as phy
| * 5cc00913c1 can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
| * 1a11a1a532 sock_map: Add a cond_resched() in sock_hash_free()
| * 557418e170 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
| * f232916fab wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
| * 793e01f996 wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
| * f8e0ca3049 wifi: mt76: mt7915: fix rx filter setting for bfee functionality
| * 635ccdcd98 wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
| * 7b0724f7a9 cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
| * 0723ddb2d1 netfilter: nf_tables: reject expiration higher than timeout
| * 39c1012f5f netfilter: nf_tables: reject element expiration with no timeout
| * 1c0c097ded netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
| * 4bb459040d can: j1939: use correct function name in comment
| * b0947eca2a padata: Honor the caller's alignment in case of chunk_size 0
| * 60da25076f mount: handle OOM on mnt_warn_timestamp_expiry
| * f0a39ba6e0 fs/namespace: fnic: Switch to use %ptTd
| * 396e9c5cbf mount: warn only once about timestamp range expiration
| * 9722aa53fa fs: explicitly unregister per-superblock BDIs
| * 005dcd6bc4 ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
| * a0c1e2da65 wifi: rtw88: always wait for both firmware loading attempts
| * 16e0ab9ed3 USB: usbtmc: prevent kernel-usb-infoleak
| * 50cff34dee USB: serial: pl2303: add device id for Macrosilicon MS3020
| * 31292316c5 usb: dwc3: Fix a typo in field name
| * 4abf184168 cgroup: Move rcu_head up near the top of cgroup_root
| * 65fd90e354 gpiolib: cdev: Ignore reconfiguration without direction
| * 1880a324af ftrace: Fix possible use-after-free issue in ftrace_location()
| * e6be2e1ebc x86/ibt,ftrace: Search for __fentry__ location
| * 9705f447bf inet: inet_defrag: prevent sk release while still in use
| * 0e7814b028 mptcp: pm: Fix uaf in __timer_delete_sync
| * 6a53e5def7 mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer
| * a684b45a77 mptcp: export lookup_anno_list_by_saddr
| * 9d682e89c4 gpio: prevent potential speculation leaks in gpio_device_get_desc()
| * 5badd0ae8b netfilter: nf_tables: missing iterator type in lookup walk
| * ff89db14c6 netfilter: nft_set_pipapo: walk over current view on netlink dump
| * 45a81667e0 cgroup: Make operations on the cgroup root_list RCU safe
| * 57a3d89831 ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
| * 34759b7e44 ocfs2: add bounds checking to ocfs2_xattr_find_entry()
| * d5624db232 x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
| * bbd11db41b spi: bcm63xx: Enable module autoloading
| * 040511d9f2 drm: komeda: Fix an issue related to normalized zpos
| * 3d39061b7b ASoC: tda7419: fix module autoloading
| * 9c6d4649f2 ASoC: intel: fix module autoloading
| * de46b1d24f wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
| * db81677f4b wifi: iwlwifi: lower message level for FW buffer destination
| * dd34ef88d5 net: ftgmac100: Ensure tx descriptor updates are visible
| * 1a8e85289e microblaze: don't treat zero reserved memory regions as error
| * 2e5052143c pinctrl: at91: make it work with current gpiolib
| * 9f08d024ed ALSA: hda/realtek - FIxed ALC285 headphone no sound
| * fff183aa3c ALSA: hda/realtek - Fixed ALC256 headphone no sound
| * 0f4da063a1 ASoC: allow module autoloading for table db1200_pids
| * 007180fcb6 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
| * 5a2cc2bb81 ASoC: meson: axg-card: fix 'use-after-free'
* | 1f05cd743b Merge ae96b02b9d ("soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"") into android12-5.10-lts
|\|
| * ae96b02b9d soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"
| * 609260542c spi: nxp-fspi: fix the KASAN report out-of-bounds bug
| * 1f31f51bfc net: dpaa: Pad packets to ETH_ZLEN
| * f2b13ec208 net: ftgmac100: Enable TX interrupt to avoid TX timeout
| * 392f6a97fc fou: fix initialization of grc
| * b9063702a0 net/mlx5e: Add missing link modes to ptys2ethtool_map
| * 097cc80396 net/mlx5: Update the list of the PCI supported devices
| * e7a9cca35e ice: fix accounting for filters shared by multiple VSIs
| * a38c552abf hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2
| * b9d15b50b2 hwmon: (pmbus) Introduce and use write_byte_data callback
| * e829dbaf76 minmax: reduce min/max macro expansion in atomisp driver
| * 78078862f0 arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma
| * 14341f28a3 NFS: Avoid unnecessary rescanning of the per-server delegation list
| * 4f0e491644 Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
| * 00d54431b0 drm/msm/adreno: Fix error return if missing firmware-name
| * 44eb665889 scripts: kconfig: merge_config: config files: add a trailing newline
| * 9deecde637 Input: synaptics - enable SMBus for HP Elitebook 840 G2
| * 3f7183e28f Input: ads7846 - ratelimit the spi_sync error message
| * f08589057f btrfs: update target inode's ctime on unlink
| * 43662ba6ca powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
| * acb4baa484 net: phy: vitesse: repair vsc73xx autonegotiation
| * 3b9ca02300 net: ethernet: use ip_hdrlen() instead of bit shift
| * b06bb81ef9 usbnet: ipheth: fix carrier detection in modes 1 and 4
* | 8441327954 Revert "Merge 8a30bee7f5 ("usb: dwc3: core: update LC timer as per USB Spec V3.2") into android12-5.10-lts"
* | 18eef3d55a Merge 8a30bee7f5 ("usb: dwc3: core: update LC timer as per USB Spec V3.2") into android12-5.10-lts
|\|
| * 8a30bee7f5 usb: dwc3: core: update LC timer as per USB Spec V3.2
| * 1ac0667658 usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug
| * 6b3af2ad53 usb: dwc3: Decouple USB 2.0 L1 & L2 events
* e477d44e5f Merge branch 'android12-5.10' into android12-5.10-lts

Change-Id: I8bacb03dd3c3b30729c5ec54bdd57a03f6ff7fe1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-28 17:25:42 +00:00
Pedro Tammela
b396c229b4 UPSTREAM: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT 
[ Upstream commit 2e95c4384438adeaa772caa560244b1a2efef816 ]

In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed
to be either root or ingress. This assumption is bogus since it's valid
to create egress qdiscs with major handle ffff:
Budimir Markovic found that for qdiscs like DRR that maintain an active
class list, it will cause a UAF with a dangling class pointer.

In 066a3b5b23, the concern was to avoid iterating over the ingress
qdisc since its parent is itself. The proper fix is to stop when parent
TC_H_ROOT is reached because the only way to retrieve ingress is when a
hierarchy which does not contain a ffff: major handle call into
qdisc_lookup with TC_H_MAJ(TC_H_ROOT).

In the scenario where major ffff: is an egress qdisc in any of the tree
levels, the updates will also propagate to TC_H_ROOT, which then the
iteration must stop.

Fixes: 066a3b5b23 ("[NET_SCHED] sch_api: fix qdisc_tree_decrease_qlen() loop")
Reported-by: Budimir Markovic <markovicbudimir@gmail.com>
Suggested-by: Jamal Hadi Salim <jhs@mojatatu.com>
Tested-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>

 net/sched/sch_api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Horman <horms@kernel.org>

Bug: 377197048
Link: https://patch.msgid.link/20241024165547.418570-1-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 597cf9748c3477bf61bc35f0634129f56764ad24)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I4ef8bee1095f7c51e4d458b25cd331018188b3d6
 2024-11-26 16:28:46 +00:00
Greg Kroah-Hartman
38dc270ca0 Revert "genetlink: hold RCU in genlmsg_mcast()" 
This reverts commit 4af714e823 which is
commit 56440d7ec28d60f8da3bfa09062b3368ff9b16db upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I812d261d139e7f73a135c3445b7733b7611c23e0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-21 23:32:11 +00:00
Greg Kroah-Hartman
c515597aec Merge 02874ca52d ("tracing: Consider the NULL character when validating the event length") into android12-5.10-lts 
Steps on the way to 5.10.229

Resolves conflicts in:
	drivers/net/macsec.c

Change-Id: Ibc2583ddd810808fa9ce619e71935aeb5f97805a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-21 22:24:39 +00:00
Greg Kroah-Hartman
012423e6bd Merge 5.10.228 into android12-5.10-lts 
Changes in 5.10.228
	ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
	net: enetc: add missing static descriptor and inline keyword
	posix-clock: Fix missing timespec64 check in pc_clock_settime()
	arm64: probes: Remove broken LDR (literal) uprobe support
	arm64: probes: Fix simulate_ldr*_literal()
	net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY
	irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
	fat: fix uninitialized variable
	mm/swapfile: skip HugeTLB pages for unuse_vma
	wifi: mac80211: fix potential key use-after-free
	KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
	io_uring/sqpoll: do not allow pinning outside of cpuset
	io_uring/sqpoll: retain test for whether the CPU is valid
	io_uring/sqpoll: do not put cpumask on stack
	s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
	KVM: s390: Change virtual to physical address access in diag 0x258 handler
	x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
	x86/cpufeatures: Add a IBPB_NO_RET BUG flag
	x86/entry: Have entry_ibpb() invalidate return predictions
	x86/bugs: Skip RSB fill at VMEXIT
	x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
	blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
	io_uring/sqpoll: close race on waiting for sqring entries
	drm/radeon: Fix encoder->possible_clones
	drm/vmwgfx: Handle surface check failure correctly
	iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
	iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
	iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
	iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
	iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency()
	iio: light: veml6030: fix ALS sensor resolution
	iio: light: veml6030: fix IIO device retrieval from embedded device
	iio: light: opt3001: add missing full-scale range value
	iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
	iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
	Bluetooth: Remove debugfs directory on module init failure
	Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
	xhci: Fix incorrect stream context type macro
	USB: serial: option: add support for Quectel EG916Q-GL
	USB: serial: option: add Telit FN920C04 MBIM compositions
	parport: Proper fix for array out-of-bounds access
	x86/resctrl: Annotate get_mem_config() functions as __init
	x86/apic: Always explicitly disarm TSC-deadline timer
	x86/entry_32: Do not clobber user EFLAGS.ZF
	x86/entry_32: Clear CPU buffers after register restore in NMI return
	irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
	mptcp: track and update contiguous data status
	mptcp: handle consistently DSS corruption
	tcp: fix mptcp DSS corruption due to large pmtu xmit
	nilfs2: propagate directory read errors from nilfs_find_entry()
	powerpc/mm: Always update max/min_low_pfn in mem_topology_setup()
	ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2
	Linux 5.10.228

Change-Id: I46a08618e1091915449af89690af27a230a28855
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 20:12:50 +00:00
Greg Kroah-Hartman
af2f7573ea Revert "xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup" 
This reverts commit 0825c5ff24 which is
commit 748b82c23e25310fec54e1eff2cb63936f391b24 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: Ib3f614c0ff41f47d5b7c6b15df0c5d90f1e1cd32
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 12:10:06 +00:00
Greg Kroah-Hartman
705b091042 Revert "net: Handle l3mdev in ip_tunnel_init_flow" 
This reverts commit ab6c9463b1 which is
commit db53cd3d88dc328dea2e968c9c8d3b4294a8a674 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: Ib56a76ee38637a3ed8f7d64df69be28d42db8578
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 12:10:06 +00:00
Greg Kroah-Hartman
b585ecc2c9 Merge 05cc42d601 ("netfilter: ip6t_rpfilter: Fix regression with VRF interfaces") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I4384ca5cd2e6994725dc962097643972212adf37
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 12:04:04 +00:00
Greg Kroah-Hartman
4098b69102 Revert "net: Add l3mdev index to flow struct and avoid oif reset for port devices" 
This reverts commit 740de19877 which is
commit 40867d74c374b235e14d839f3a77f26684feefe5 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I338a2fc5a37732a8e54dfdadf37b360cd1881991
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:54:26 +00:00
Greg Kroah-Hartman
5cb5d15755 Revert "netfilter: rpfilter/fib: Populate flowic_l3mdev field" 
This reverts commit d98558fe26 which is
commit acc641ab95b66b813c1ce856c377a2bbe71e7f52 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: Id5c8d6759b996ff84343f011ed32aec76d8b7260
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:54:26 +00:00
Greg Kroah-Hartman
6fc602a28c Revert "netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces." 
This reverts commit 037145e2a2 which is
commit 1fcc064b305a1aadeff0d4bff961094d27660acd upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: If0e64467cafe9c0a5c8be91c38525358c798e968
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:54:26 +00:00
Greg Kroah-Hartman
7253529039 Revert "netfilter: fib: check correct rtable in vrf setups" 
This reverts commit 3502b1a297 which is
commit 05ef7055debc804e8083737402127975e7244fc4 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I5cd8320012dc4a5e9f3257124af4b2ff1792bc40
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:54:26 +00:00
Greg Kroah-Hartman
81d8cb7a3e Merge 3502b1a297 ("netfilter: fib: check correct rtable in vrf setups") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I8c942c5c9bd222d1b7b04fdf45f17f1ca0bc5d1c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:54:04 +00:00
Greg Kroah-Hartman
ff0e27a0f9 Merge 265bf63e24 ("sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: Icd51aea58e6744d6fa9097da88dd177513a532c6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:52:50 +00:00
Greg Kroah-Hartman
ca21e0d3a8 Merge 0e91c4b484 ("net: dsa: b53: fix jumbo frames on 10/100 ports") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: Icd295683946d347d25cacf37500bb3031ef41621
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-17 11:51:44 +00:00
Greg Kroah-Hartman
b48eba851f Merge 1ebfa66638 ("drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I5e69192f2ecbbda523c18c2749bb1f181837e99c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 11:32:05 +00:00
Greg Kroah-Hartman
baa474b078 Merge 74c63fd016 ("ACPICA: Fix memory leak if acpi_ps_get_next_field() fails") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: Ie190b64ce17dea26ec0ac8910bbcb5fb144aede0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 11:30:34 +00:00
Greg Kroah-Hartman
6f91c0260d Merge 531754952f ("netfilter: nf_tables: prevent nf_skb_duplicated corruption") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: Ib618ae4b21061bc48e1a821a0bdb35811495f7b2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 10:00:24 +00:00
Greg Kroah-Hartman
f6317d304f Merge e0dbda9f26 ("netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I0b10c995547c8a307f9f22bfec8158d76554904f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 07:22:25 +00:00
Greg Kroah-Hartman
0e233e78a8 Merge db9c5f08ee ("netfilter: nf_tables: Keep deleted flowtable hooks until after RCU") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I8c3d60e94c855f9577feac89b5a7a94160a60409
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 07:22:20 +00:00
Greg Kroah-Hartman
e45c637aa5 Merge 6c36857fe5 ("net: qrtr: Update packets cloning when broadcasting") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I6aae8d9eaa56b925be94f78db8370923ae39cfea
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 07:22:14 +00:00
Greg Kroah-Hartman
69acbd5795 Merge 98d14164c0 ("net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I84ad7d7d2ac58b270427706e75d3d0cc71aadbe6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 07:22:03 +00:00
Greg Kroah-Hartman
973b583bb8 Merge dcf48ab3ca ("netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()") into android12-5.10-lts 
Steps on the way to 5.10.227

Change-Id: I19961d9222e571548302376f06845533f21f1496
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-14 07:21:52 +00:00
Greg Kroah-Hartman
8cf71990ea Revert "inet: inet_defrag: prevent sk release while still in use" 
This reverts commit 9705f447bf which is
commit 18685451fc4e546fc0e718580d32df3c0e5c8272 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I049667ee9c932c352643b7f1c743b2025c4b284c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-12 17:33:20 +00:00
Greg Kroah-Hartman
9e57ad4546 Merge 0ce9d89343 ("clk: ti: dra7-atl: Fix leak of of_nodes") into android12-5.10-lts 
Steps on the way to 5.10.226

Resolves merge conflicts in:
	drivers/dma-buf/heaps/heap-helpers.c
	drivers/usb/dwc3/core.h
	fs/ext4/inline.c

Change-Id: Id7ab496884e549fc85b6fff8254fb56d6785d78c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-12 17:29:46 +00:00
Greg Kroah-Hartman
1f05cd743b Merge ae96b02b9d ("soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"") into android12-5.10-lts 
Steps on the way to 5.10.226

Change-Id: I92c594018a2ec1c562a580e493117d780fade779
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-11-12 12:44:11 +00:00
Arend van Spriel
de373c691b UPSTREAM: cfg80211: add VHT rate entries for MCS-10 and MCS-11 
Observed the warning in cfg80211_calculate_bitrate_vht() using an
11ac chip reporting MCS-11. Since devices reporting non-standard
MCS-9 is already supported add similar entries for MCS-10 and MCS-11.
Actually, the value of MCS-9@20MHz is slightly off so corrected that.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Link: https://lore.kernel.org/r/20210105105839.3795-1-arend.vanspriel@broadcom.com
[fix array size]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Bug: 378419526
Change-Id: I81f5fc902c909b4d3ba8006c69363f875f6451ea
(cherry picked from commit c27aa56a72b8ea6d3bef6fcb1be1a85cf78b0673)
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-11-11 21:04:43 +00:00
Ye Bin
6c151aeb6d Bluetooth: bnep: fix wild-memory-access in proto_unregister 
[ Upstream commit 64a90991ba8d4e32e3173ddd83d0b24167a5668c ]

There's issue as follows:
  KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]
  CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G        W
  RIP: 0010:proto_unregister+0xee/0x400
  Call Trace:
   <TASK>
   __do_sys_delete_module+0x318/0x580
   do_syscall_64+0xc1/0x1d0
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init()
will cleanup all resource. Then when remove bnep module will call
bnep_sock_cleanup() to cleanup sock's resource.
To solve above issue just return bnep_sock_init()'s return value in
bnep_exit().

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-11-08 16:21:58 +01:00
Eric Dumazet
4af714e823 genetlink: hold RCU in genlmsg_mcast() 
[ Upstream commit 56440d7ec28d60f8da3bfa09062b3368ff9b16db ]

While running net selftests with CONFIG_PROVE_RCU_LIST=y I saw
one lockdep splat [1].

genlmsg_mcast() uses for_each_net_rcu(), and must therefore hold RCU.

Instead of letting all callers guard genlmsg_multicast_allns()
with a rcu_read_lock()/rcu_read_unlock() pair, do it in genlmsg_mcast().

This also means the @flags parameter is useless, we need to always use
GFP_ATOMIC.

[1]
[10882.424136] =============================
[10882.424166] WARNING: suspicious RCU usage
[10882.424309] 6.12.0-rc2-virtme #1156 Not tainted
[10882.424400] -----------------------------
[10882.424423] net/netlink/genetlink.c:1940 RCU-list traversed in non-reader section!!
[10882.424469]
other info that might help us debug this:

[10882.424500]
rcu_scheduler_active = 2, debug_locks = 1
[10882.424744] 2 locks held by ip/15677:
[10882.424791] #0: ffffffffb6b491b0 (cb_lock){++++}-{3:3}, at: genl_rcv (net/netlink/genetlink.c:1219)
[10882.426334] #1: ffffffffb6b49248 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg (net/netlink/genetlink.c:61 net/netlink/genetlink.c:57 net/netlink/genetlink.c:1209)
[10882.426465]
stack backtrace:
[10882.426805] CPU: 14 UID: 0 PID: 15677 Comm: ip Not tainted 6.12.0-rc2-virtme #1156
[10882.426919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[10882.427046] Call Trace:
[10882.427131]  <TASK>
[10882.427244] dump_stack_lvl (lib/dump_stack.c:123)
[10882.427335] lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)
[10882.427387] genlmsg_multicast_allns (net/netlink/genetlink.c:1940 (discriminator 7) net/netlink/genetlink.c:1977 (discriminator 7))
[10882.427436] l2tp_tunnel_notify.constprop.0 (net/l2tp/l2tp_netlink.c:119) l2tp_netlink
[10882.427683] l2tp_nl_cmd_tunnel_create (net/l2tp/l2tp_netlink.c:253) l2tp_netlink
[10882.427748] genl_family_rcv_msg_doit (net/netlink/genetlink.c:1115)
[10882.427834] genl_rcv_msg (net/netlink/genetlink.c:1195 net/netlink/genetlink.c:1210)
[10882.427877] ? __pfx_l2tp_nl_cmd_tunnel_create (net/l2tp/l2tp_netlink.c:186) l2tp_netlink
[10882.427927] ? __pfx_genl_rcv_msg (net/netlink/genetlink.c:1201)
[10882.427959] netlink_rcv_skb (net/netlink/af_netlink.c:2551)
[10882.428069] genl_rcv (net/netlink/genetlink.c:1220)
[10882.428095] netlink_unicast (net/netlink/af_netlink.c:1332 net/netlink/af_netlink.c:1357)
[10882.428140] netlink_sendmsg (net/netlink/af_netlink.c:1901)
[10882.428210] ____sys_sendmsg (net/socket.c:729 (discriminator 1) net/socket.c:744 (discriminator 1) net/socket.c:2607 (discriminator 1))

Fixes: 33f72e6f0c ("l2tp : multicast notification to the registered listeners")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: James Chapman <jchapman@katalix.com>
Cc: Tom Parkin <tparkin@katalix.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20241011171217.3166614-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-11-08 16:21:57 +01:00
Li RongQing
f48eaf4e88 net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid 
[ Upstream commit 82ac39ebd6db0c9f7a97a934bda1e3e101a9d201 ]

pnetid of pi (not newly allocated pe) should be compared

Fixes: e888a2e833 ("net/smc: introduce list of pnetids for Ethernet devices")
Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Gerd Bayer <gbayer@linux.ibm.com>
Link: https://patch.msgid.link/20241014115321.33234-1-lirongqing@baidu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-11-08 16:21:57 +01:00
Xin Long
718609f518 ipv4: give an IPv4 dev to blackhole_netdev 
[ Upstream commit 22600596b6756b166fd052d5facb66287e6f0bad ]

After commit 8d7017fd62 ("blackhole_netdev: use blackhole_netdev to
invalidate dst entries"), blackhole_netdev was introduced to invalidate
dst cache entries on the TX path whenever the cache times out or is
flushed.

When two UDP sockets (sk1 and sk2) send messages to the same destination
simultaneously, they are using the same dst cache. If the dst cache is
invalidated on one path (sk2) while the other (sk1) is still transmitting,
sk1 may try to use the invalid dst entry.

         CPU1                   CPU2

      udp_sendmsg(sk1)       udp_sendmsg(sk2)
      udp_send_skb()
      ip_output()
                                             <--- dst timeout or flushed
                             dst_dev_put()
      ip_finish_output2()
      ip_neigh_for_gw()

This results in a scenario where ip_neigh_for_gw() returns -EINVAL because
blackhole_dev lacks an in_dev, which is needed to initialize the neigh in
arp_constructor(). This error is then propagated back to userspace,
breaking the UDP application.

The patch fixes this issue by assigning an in_dev to blackhole_dev for
IPv4, similar to what was done for IPv6 in commit e5f80fcf869a ("ipv6:
give an IPv6 dev to blackhole_netdev"). This ensures that even when the
dst entry is invalidated with blackhole_dev, it will not fail to create
the neigh entry.

As devinet_init() is called ealier than blackhole_netdev_init() in system
booting, it can not assign the in_dev to blackhole_dev in devinet_init().
As Paolo suggested, add a separate late_initcall() in devinet.c to ensure
inet_blackhole_dev_init() is called after blackhole_netdev_init().

Fixes: 8d7017fd62 ("blackhole_netdev: use blackhole_netdev to invalidate dst entries")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/3000792d45ca44e16c785ebe2b092e610e5b3df1.1728499633.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-11-08 16:21:57 +01:00
Michael Bestas
529ffa5672
Merge tag 'ASB-2024-11-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio 
https://source.android.com/docs/security/bulletin/2024-11-01
CVE-2024-36978
CVE-2024-46740

* tag 'ASB-2024-11-05_12-5.10' of https://android.googlesource.com/kernel/common: (702 commits)
  UPSTREAM: dma-buf: heaps: Fix off-by-one in CMA heap fault handler
  BACKPORT: firmware: arm_scmi: Queue in scmi layer for mailbox implementation
  BACKPORT: gso: fix udp gso fraglist segmentation after pull from frag_list
  ANDROID: usb: Optimization the transfer rate of accessory mode in USB3.2 mode
  UPSTREAM: unicode: Don't special case ignorable code points
  ANDROID: 16K: Fixup padding vm_flags bits on VMA splits
  ANDROID: 16K: Introduce pgsize_migration_inline.h
  Revert "udf: Avoid excessive partition lengths"
  Revert "bareudp: Fix device stats updates."
  ANDROID: fix up change to pti_clone_pgtable()
  Revert "perf/aux: Fix AUX buffer serialization"
  Revert "clocksource/drivers/timer-of: Remove percpu irq related code"
  Revert "Merge 751777a79a ("nfsd: make svc_stat per-network namespace instead of global") into android12-5.10-lts"
  Revert "hwspinlock: Introduce hwspin_lock_bust()"
  Revert "bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode"
  Revert "bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt"
  Linux 5.10.226
  memcg: protect concurrent access to mem_cgroup_idr
  net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
  x86/mm: Fix PTI for i386 some more
  ...

 Conflicts:
	Documentation/devicetree/bindings/thermal/thermal-zones.yaml

Change-Id: Ic0be4604440e84cc31e9cfc7ea7d72ebc3d7d64f
 2024-11-07 10:53:18 +02:00
Greg Kroah-Hartman
b9d4c135c7 Merge tag 'android12-5.10.226_r00' into android12-5.10 
This merges up to the 5.10.226 LTS release into android12-5.10.
Included in here are the following commits:

* bfa0f472d5 Revert "udf: Avoid excessive partition lengths"
* 90336334a0 Revert "bareudp: Fix device stats updates."
* bcfc839140 ANDROID: fix up change to pti_clone_pgtable()
* ebdacb6176 Revert "perf/aux: Fix AUX buffer serialization"
* 3c59c9aebf Revert "clocksource/drivers/timer-of: Remove percpu irq related code"
*   7d3ca1ed3f Merge 5.10.226 into android12-5.10-lts
|\
| * ceb091e2c4 Linux 5.10.226
| * 912736a043 memcg: protect concurrent access to mem_cgroup_idr
| * 02ee1976ed net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
| * dad75cf2c3 x86/mm: Fix PTI for i386 some more
| * 1401da1486 rtmutex: Drop rt_mutex::wait_lock before scheduling
| * c6bd80f585 mmc: cqhci: Fix checking of CQHCI_HALT state
| * b35d3c8181 drm/i915/fence: Mark debug_fence_free() with __maybe_unused
| * b8dfa35f00 drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
| * 50632b877c nvmet-tcp: fix kernel crash if commands allocation fails
| * 4c3b21204a arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
| * ccb95b37e9 arm64: acpi: Move get_cpu_for_acpi_id() to a header
| * 3658388cd3 ACPI: processor: Fix memory leaks in error paths of processor_add()
| * 5dac987d1b ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()
| * 157c0d94b4 nilfs2: protect references to superblock parameters exposed in sysfs
| * 0630e3d435 nilfs2: replace snprintf in show functions with sysfs_emit
| * 7882923f1c perf/aux: Fix AUX buffer serialization
| * 0f511f2840 uprobes: Use kzalloc to allocate xol area
| * 0af6b80dac clocksource/drivers/timer-of: Remove percpu irq related code
| * 3ded318cf0 clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
| * cf6ffb1688 clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
| * 6c563a2985 VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
| * 359ea5edc9 Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
| * 1d8e020e51 uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
| * 38cd8bde8a nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
| * 3a8154bb4a binder: fix UAF caused by offsets overwrite
| * d0d3edb56e iio: adc: ad7124: fix chip ID mismatch
| * 1719ebc8e3 iio: fix scale application in iio_convert_raw_to_processed_unlocked
| * f3a54c27ba iio: buffer-dmaengine: fix releasing dma channel on error
| * 41cc91e313 staging: iio: frequency: ad9834: Validate frequency parameter value
| * d8a61e69f8 NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
| * 6fb7b7f5ba ata: pata_macio: Use WARN instead of BUG
| * d3ff0f98a5 MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
| * 99418ec776 lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
| * 9d1e9f0876 of/irq: Prevent device address out-of-bounds read in interrupt map walk
| * 5c8906de98 Squashfs: sanity check symbolic link size
| * 2f14160d9f usbnet: ipheth: race between ipheth_close and error handling
| * 51fa08edd8 Input: uinput - reject requests with unreasonable number of slots
| * 34185de73d HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
| * 3206e4a4b0 s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
| * 912bcdc51b btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
| * 3eaad59258 kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
| * e6f3008de8 net: dpaa: avoid on-stack arrays of NR_CPUS elements
| * e2355d513b PCI: Add missing bridge lock to pci_bus_lock()
| * c60676b81f btrfs: clean up our handling of refs == 0 in snapshot delete
| * ed1b61398c btrfs: replace BUG_ON with ASSERT in walk_down_proc()
| * 8780129cbc smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
| * 9813770f25 wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
| * fb2257089a libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
| * 56cfdeb2c7 hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
| * 8a1e958e26 hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
| * 59c1fb9874 hwmon: (lm95234) Fix underflows seen when writing limit attributes
| * 2a3add62f1 hwmon: (adc128d818) Fix underflows seen when writing limit attributes
| * bc1faed19d pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
| * 9b884bdc29 devres: Initialize an uninitialized struct member
| * c8944d449f um: line: always fill *error_out in setup_one_line()
| * 1434b72a2d cgroup: Protect css->cgroup write under css_set_lock
| * 70854bf003 iommu/vt-d: Handle volatile descriptor status read
| * 8a7ef20bf7 dm init: Handle minors larger than 255
| * 583b5d2d43 ASoC: topology: Properly initialize soc_enum values
| * 43b442c972 net: dsa: vsc73xx: fix possible subblocks range of CAPT block
| * 19af8a23a1 net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
| * 231c235d2f fou: Fix null-ptr-deref in GRO.
| * 0ea3f2798d gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers
| * 77ad44ee33 gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers
| * bc18f3c806 fou: remove sparse errors
| * 3c0cedc22c bareudp: Fix device stats updates.
| * 32cbafeebf usbnet: modern method to get random MAC
| * 594cc1dba0 net: usb: don't write directly to netdev->dev_addr
| * 98a4cabf87 drivers/net/usb: Remove all strcpy() uses
| * acd2985137 igc: Unlock on error in igc_io_resume()
| * 3efe53eb22 tcp_bpf: fix return value of tcp_bpf_sendmsg()
| * ee1c2ecf7b platform/x86: dell-smbios: Fix error path in dell_smbios_init()
| * 45c0c747df svcrdma: Catch another Reply chunk overflow case
| * 449d70b16b igb: Fix not clearing TimeSync interrupts for 82580
| * aec92dbebd can: bcm: Remove proc entry when dev is unregistered.
| * ee50abebdc pcmcia: Use resource_size function on resource object
| * 9380fe33ab media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
| * ebbdbbc580 PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
| * 1fa40e0d27 media: vivid: don't set HDMI TX controls if there are no HDMI outputs
| * 44a595f897 usb: uas: set host status byte on data completion error
| * 3ab3ee4125 wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
| * 9e28a1df18 leds: spi-byte: Call of_node_put() on error path
| * e73b63f138 media: vivid: fix wrong sizeimage value for mplane
| * 551966371e udf: Avoid excessive partition lengths
| * 66234da64d netfilter: nf_conncount: fix wrong variable type
| * f56089a180 iommu: sun50i: clear bypass register
| * 1c5bad90e0 af_unix: Remove put_pid()/put_cred() in copy_peercred().
| * ec08e30082 irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
| * 500e4bf673 smack: unix sockets: fix accept()ed socket label
| * 414736fcb7 ALSA: hda: Add input value sanity checks to HDMI channel map controls
* | 70fe52b634 Revert "Merge 751777a79a ("nfsd: make svc_stat per-network namespace instead of global") into android12-5.10-lts"
* | c3e9a280ba Merge 751777a79a ("nfsd: make svc_stat per-network namespace instead of global") into android12-5.10-lts
|\|
| * 751777a79a nfsd: make svc_stat per-network namespace instead of global
| * f8219c4b80 nfsd: remove nfsd_stats, make th_cnt a global counter
| * f2fe1ec906 nfsd: make all of the nfsd stats per-network namespace
| * 5545496966 nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
| * fec6561e75 nfsd: rename NFSD_NET_* to NFSD_STATS_*
| * 9eb5d44b8f sunrpc: use the struct net as the svc proc private
| * e0fba78ab9 sunrpc: remove ->pg_stats from svc_program
| * 7f2476914e sunrpc: pass in the sv_stats struct through svc_create_pooled
| * d06254ae7d nfsd: stop setting ->pg_stats for unused stats
| * 2197b23eda sunrpc: don't change ->sv_stats if it doesn't exist
| * d47c660e8c NFSD: Fix frame size warning in svc_export_parse()
| * a8aaffc0c1 NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
| * c532274202 NFSD: simplify error paths in nfsd_svc()
| * ebfce8dd7e NFSD: Refactor the duplicate reply cache shrinker
| * 895807268a NFSD: Replace nfsd_prune_bucket()
| * a02f9d6ea3 NFSD: Rename nfsd_reply_cache_alloc()
| * 73b72f4b3b NFSD: Refactor nfsd_reply_cache_free_locked()
| * 3025d489f9 nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
| * 4e18b58b10 nfsd: move reply cache initialization into nfsd startup
* | 00588cd66d Revert "hwspinlock: Introduce hwspin_lock_bust()"
* | c2345ad899 Revert "bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode"
* | fe709a1a77 Revert "bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt"
* | b22678f8ef Merge ddee5b4b6a ("mptcp: pm: avoid possible UaF when selecting endp") into android12-5.10-lts
|\|
| * ddee5b4b6a mptcp: pm: avoid possible UaF when selecting endp
| * 91fb0512a0 mptcp: pr_debug: add missing \n at the end
| * 7e4c72dbaf btrfs: fix use-after-free after failure to create a snapshot
| * efdde00d4a nilfs2: fix state management in error path of log writing function
| * 07e4dc2fe0 nilfs2: fix missing cleanup on rollforward recovery error
| * 7725152b54 sched: sch_cake: fix bulk flow accounting logic for host fairness
| * 93ee345ba3 ila: call nf_unregister_net_hooks() sooner
| * e3ad85c477 tracing: Avoid possible softlockup in tracing_iter_reset()
| * 3a49b6b1ca can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
| * 6949a97f6d clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
| * f540bc71d5 clk: qcom: clk-alpha-pll: Fix the pll post div mask
| * 0811d57384 fuse: use unsigned type for getxattr/listxattr size truncation
| * 9d38c704b4 fuse: update stats for pages in dropped aux writeback list
| * 4be36d9d18 mmc: sdhci-of-aspeed: fix module autoloading
| * 2793f42389 mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
| * b2ead09489 Bluetooth: MGMT: Ignore keys being loaded with invalid type
| * 029e462bb4 Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
| * cb27399b3d irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
| * e0b122a8f6 ata: libata: Fix memory leak for error path in ata_host_alloc()
| * 0f27b8c07e ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
| * 2ef683b058 ALSA: hda/realtek: add patch for internal mic in Lenovo V145
| * adc688a505 ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
| * 8ca21e7a27 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
| * 98c75d7618 sch/netem: fix use after free in netem_dequeue
| * 06e7be6934 bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
| * b140074560 i2c: Use IS_REACHABLE() for substituting empty ACPI functions
| * dfc8eb4d7e ext4: handle redirtying in ext4_bio_write_page()
| * 5895541d73 udf: Limit file size to 4TB
| * 17c43211d4 rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
| * 842a97b5e4 virtio_net: Fix napi_skb_cache_put warning
| * c8e5439b5b net: set SOCK_RCU_FREE before inserting socket into hashtable
| * cf002be3b8 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
| * 2ac9deb7e0 drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
| * 3fd11fe4f2 block: initialize integrity buffer to zero before writing it to media
| * 0623c9f371 media: uvcvideo: Enforce alignment of frame and interval
| * c083c8be6b drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
| * 5eb04f9894 block: remove the blk_flush_integrity call in blk_integrity_unregister
| * 0305a885cc wifi: cfg80211: make hash table duplicates more survivable
| * d24bc270b7 drm/meson: plane: Add error handling
| * a948ec9935 smack: tcp: ipv4, fix incorrect labeling
| * 3f3ef1d9f6 fsnotify: clear PARENT_WATCHED flags lazily
| * 7e64cabe81 usb: typec: ucsi: Fix null pointer dereference in trace
| * bd13c1119a usbip: Don't submit special requests twice
| * c7975f09ae ionic: fix potential irq name truncation
| * e85cf9a5a4 hwspinlock: Introduce hwspin_lock_bust()
| * 7eb7888021 PCI: al: Check IORESOURCE_BUS existence during probe
| * 9aa7dd5e31 wifi: iwlwifi: remove fw_running op
| * ed7e9ed973 drm/amd/pm: check negtive return for table entries
| * 614564a5b2 drm/amdgpu: the warning dereferencing obj for nbio_v7_4
| * 008933832a drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs
| * 52338a3aa7 apparmor: fix possible NULL pointer dereference
| * 0842db679d drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device
| * 310b9d8363 drm/amdgpu: fix mc_data out-of-bounds read warning
| * 5f09fa5e0a drm/amdgpu: fix ucode out-of-bounds read warning
| * 725b728cc0 drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
| * c253b87c7c drm/amdgpu: Fix out-of-bounds write warning
| * 60097df938 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
| * 74c5d8b057 drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create
| * 9160830546 drm/amd/display: Check msg_id before processing transcation
| * 7c47dd2e92 drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
| * 2a63c90c7a drm/amd/display: Add array index check for hdcp ddc access
| * 754321ed63 drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
| * 40c2e8bc11 drm/amd/display: Check gpio_id before used as array index
| * e24fa82729 drm/amdgpu: avoid reading vf2pf info size from FB
| * 1d0c85d0fc drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
| * 59ac791297 drm/amdgpu: fix uninitialized scalar variable warning
| * 38e32a0d83 drm/amd/pm: fix the Out-of-bounds read warning
| * d592768c17 drm/amd/pm: fix warning using uninitialized value of max_vid_step
| * a601129c78 drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
| * 774bae3b8d drm/amdgpu: fix overflowed array index read warning
| * 28b539bbcc drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
| * 40d0fedacf net: usb: qmi_wwan: add MeiG Smart SRM825L
| * ff5af3f9b5 dma-debug: avoid deadlock between dma debug vs printk and netconsole
| * 712921d2ab i2c: Fix conditional for substituting empty ACPI functions
| * 0e69cf9b65 ALSA: hda/conexant: Mute speakers at suspend / shutdown
| * 221ebded43 ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
| * e78bc7099c drm: panel-orientation-quirks: Add quirk for OrangePi Neo
* | 52c4910c65 ANDROID: fix up crc issue for cpuset_cpus_allowed()
* | 4951c68022 Merge 5.10.225 into android12-5.10-lts
|\|
| * b57d01c66f Linux 5.10.225
| * 7e8bad2cf3 apparmor: fix policy_unpack_test on big endian systems
| * 9e96dea7ef scsi: aacraid: Fix double-free on probe failure
| * 4538335cc2 usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()
| * 59579a627a usb: dwc3: st: add missing depopulate in probe error path
| * 6aee4c5635 usb: dwc3: st: fix probed platform device ref count on probe error path
| * b72da4d89b usb: dwc3: core: Prevent USB core invalid event buffer address access
| * 16cc6114c9 usb: dwc3: omap: add missing depopulate in probe error path
| * f84d5dccc8 USB: serial: option: add MeiG Smart SRM825L
| * 612843f842 cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
| * f5a5a5a0e9 soc: qcom: cmd-db: Map shared memory as WC, not WB
| * 8ddaea033d nfc: pn533: Add poll mod list filling check
| * 7e5d5c4ae7 net: busy-poll: use ktime_get_ns() instead of local_clock()
| * 8bbb9e4e0e gtp: fix a potential NULL pointer dereference
| * 842a40c727 ethtool: check device is present when getting link settings
| * 2e8e93dea0 dmaengine: dw: Add memory bus width verification
| * 9cfe7c53fe dmaengine: dw: Add peripheral bus width verification
| * f8e1c92868 soundwire: stream: fix programming slave ports for non-continous port maps
| * acddd7c6b7 ovl: do not fail because of O_NOATIME
| * 338a3ba30c net:rds: Fix possible deadlock in rds_message_put
| * 688325078a cgroup/cpuset: Prevent UAF in proc_cpuset_show()
| * e83405e75d ata: libata-core: Fix null pointer dereference on error
| * f2b6cd1335 Revert "Input: ioc3kbd - convert to platform remove callback returning void"
| * 777d9c223e media: uvcvideo: Fix integer overflow calculating timestamp
| * f7276cdc19 drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
| * 0365c9029a ipc: replace costly bailout check in sysvipc_find_ipc()
| * 2933b4f8a6 mptcp: sched: check both backup in retrans
| * 1388df72dc wifi: mwifiex: duplicate static structs used in driver instances
| * 4e9436375f pinctrl: single: fix potential NULL dereference in pcs_get_function()
| * d57e6298cc pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
| * a45ee4c98d KVM: arm64: Don't use cbz/adr with external symbols
| * df02642c21 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
| * 239b1cacce tools: move alignment-related macros to new <linux/align.h>
| * 05dd9aabd0 Input: MT - limit max slots
| * 56b82e6ff3 Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
| * 93000b2949 nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg().
| * b009444700 ALSA: timer: Relax start tick time check for slave timer elements
| * b891438bc3 Revert "drm/amd/display: Validate hw_points_num before using it"
| * 92915fa734 mmc: dw_mmc: allow biu and ciu clocks to defer
| * 15818af2f7 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
| * 65e79c9437 cxgb4: add forgotten u64 ivlan cast before shift
| * d1623e7b43 HID: microsoft: Add rumble support to latest xbox controllers
| * 8c0a21d37d HID: wacom: Defer calculation of resolution until resolution_code is known
| * fc73103a94 MIPS: Loongson64: Set timer mode in cpu-probe
| * 7fd3a59268 binfmt_misc: pass binfmt_misc flags to the interpreter
| * 9df9783bd8 Bluetooth: MGMT: Add error handling to pair_device()
| * 9b9ba386d7 mmc: mmc_test: Fix NULL dereference on allocation failure
| * 4370448fca drm/msm/dp: reset the link phy params before link training
| * e54b082752 drm/msm/dpu: don't play tricks with debug macros
| * ff6607a477 net: xilinx: axienet: Fix dangling multicast addresses
| * 2884e73978 net: xilinx: axienet: Always disable promiscuous mode
| * cb5880a0de ipv6: prevent UAF in ip6_send_skb()
| * c414000da1 netem: fix return value if duplicate enqueue fails
| * 050e7274ab net: dsa: mv88e6xxx: Fix out-of-bound access
| * 5885217d66 net: dsa: mv88e6xxx: replace ATU violation prints with trace points
| * 5d8aed3ca6 net: dsa: mv88e6xxx: read FID when handling ATU violations
| * 544571911b ice: fix ICE_LAST_OFFSET formula
| * 5c14483544 bonding: fix xfrm state handling when clearing active slave
| * 21816b696c bonding: fix xfrm real_dev null pointer dereference
| * 81216b9352 bonding: fix null pointer deref in bond_ipsec_offload_ok
| * e8c85f2ff3 bonding: fix bond_ipsec_offload_ok return type
| * 6e630e1d77 ip6_tunnel: Fix broken GRO
| * 4d42a2257b netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
| * eb06c8d302 kcm: Serialise kcm_sendmsg() for the same socket.
| * f4b762cf7e tc-testing: don't access non-existent variable on exception
| * 095a1f19d4 Bluetooth: SMP: Fix assumption of Central always being Initiator
| * 7a4e7a0c6b Bluetooth: hci_core: Fix LE quote calculation
| * ce70b09150 dm suspend: return -ERESTARTSYS instead of -EINTR
| * 0ba3401777 media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
| * d1bd8e0a11 block: use "unsigned long" for blk_validate_block_size().
| * cbb9a969fc gtp: pull network headers in gtp_dev_xmit()
| * 5970a540da hrtimer: Prevent queuing of hrtimer without a function callback
| * b09a5ec8de nvmet-rdma: fix possible bad dereference when freeing rsps
| * 2143cba143 ext4: set the type of max_zeroout to unsigned int to avoid overflow
| * f14cd61826 irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
| * 9e1c4d0d6a usb: dwc3: core: Skip setting event buffers for host only controllers
| * 1b8e318f99 s390/iucv: fix receive buffer virtual vs physical address confusion
| * d0414f5436 openrisc: Call setup_memory() earlier in the init sequence
| * e5272645a0 NFS: avoid infinite loop in pnfs_update_layout.
| * 9e0414220b nvmet-tcp: do not continue for invalid icreq
| * 5ee7495ac2 net: hns3: add checking for vf id of mailbox
| * c7c43a784f Bluetooth: bnep: Fix out-of-bound access
| * bf2f79970b usb: gadget: fsl: Increase size of name buffer for endpoints
| * bf0c603ab4 f2fs: fix to do sanity check in update_sit_entry
| * 8ec052c544 btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent()
| * 0c1d7b960f btrfs: send: handle unexpected data in header buffer in begin_cmd()
| * 94a7dff229 btrfs: handle invalid root reference found in may_destroy_subvol()
| * 3dd13074e7 btrfs: change BUG_ON to assertion when checking for delayed_node root
| * e21448a49b powerpc/boot: Only free if realloc() succeeds
| * 486fb5ebd5 powerpc/boot: Handle allocation failure in simple_realloc()
| * 05c21f285d parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367
| * 4e5464005b memory: stm32-fmc2-ebi: check regmap_read return value
| * 25d31baf92 x86: Increase brk randomness entropy for 64-bit systems
| * 76ec27b709 md: clean up invalid BUG_ON in md_ioctl
| * 95e49b9258 netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
| * 316bf51edd virtiofs: forbid newlines in tags
| * be49c4f2a1 drm/lima: set gp bus_stop bit before hard reset
| * aa469c3d28 net/sun3_82586: Avoid reading past buffer in debug output
| * 5fb0cbf84b scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
| * a441ce39ad fs: binfmt_elf_efpic: don't use missing interpreter's properties
| * e7385510e2 media: pci: cx23885: check cx23885_vdev_init() return
| * 00d4f971fa quota: Remove BUG_ON from dqget()
| * 239c5e988e ext4: do not trim the group with corrupted block bitmap
| * 0f6425d90d nvmet-trace: avoid dereferencing pointer too early
| * 5380f1b2b9 powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu
| * 372928e8be IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock
| * 7138c59856 wifi: iwlwifi: abort scan when rfkill on but device enabled
| * d483de53d4 gfs2: setattr_chown: Add missing initialization
| * 80456d39f0 scsi: spi: Fix sshdr use
| * 3663e78fab media: qcom: venus: fix incorrect return value
| * a43edc7abc binfmt_misc: cleanup on filesystem umount
| * c13541c5ef staging: ks7010: disable bh on tx_dev_lock
| * db3b679f66 drm/amd/display: Validate hw_points_num before using it
| * cc49ee3433 staging: iio: resolver: ad2s1210: fix use before initialization
| * 01fa4415c3 media: radio-isa: use dev_name to fill in bus_info
| * 0f83d77926 s390/smp,mcck: fix early IPI handling
| * aeda7043c4 RDMA/rtrs: Fix the problem of variable not initialized fully
| * bbb662d0c2 i2c: riic: avoid potential division by zero
| * 5335c7f8db wifi: cw1200: Avoid processing an invalid TIM IE
| * 11b0c7323c wifi: mac80211: fix BA session teardown race
| * 5fe7bdbe4f ssb: Fix division by zero issue in ssb_calc_clock_rate
| * dfa894f7ea ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
| * fc250eca15 net: hns3: fix a deadlock problem when config TC during resetting
| * dbdbadec8a net: hns3: fix wrong use of semaphore up
| * e5ceff2196 netfilter: flowtable: initialise extack before use
| * 50c914b0e6 mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
| * 8e8d306f3b net: dsa: vsc73xx: check busy flag in MDIO operations
| * 351ad72c50 net: dsa: vsc73xx: use read_poll_timeout instead delay loop
| * 665a4caa9c net: dsa: vsc73xx: pass value in phy_write operation
| * aa9ce4193c net: axienet: Fix register defines comment description
| * 1cece837e3 atm: idt77252: prevent use after free in dequeue_rx()
| * 4b730a1475 net/mlx5e: Correctly report errors for ethtool rx flows
| * 8e0e6b15ab s390/uv: Panic for set and remove shared access UVC errors
| * 6bcd0f95b8 btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
| * c10ac31a72 s390/cio: rename bitmap_size() -> idset_bitmap_size()
| * e24625310c drm/amdgpu/jpeg2: properly set atomics vmid field
| * ad149f5585 memcg_write_event_control(): fix a user-triggerable oops
| * 0452e15e7f drm/amdgpu: Actually check flags for all context ops.
| * d88083916f btrfs: tree-checker: add dev extent item checks
| * bbcdda4b0d selinux: fix potential counting error in avc_add_xperms_decision()
| * fe5bf14881 fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
| * de7be1940c bitmap: introduce generic optimized bitmap_size()
| * 03880af02a vfs: Don't evict inode under the inode lru traversing context
| * ee030e4ffa dm persistent data: fix memory allocation failure
| * 63fd38af88 dm resume: don't return EINVAL when signalled
| * 1b21a791af arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE
| * e245a18281 s390/dasd: fix error recovery leading to data corruption on ESE devices
| * 747bc15457 thunderbolt: Mark XDomain as unplugged when router is removed
| * 0f0654318e xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
| * 4905e56f7b ALSA: usb-audio: Support Yamaha P-125 quirk entry
| * 4690e2171f fuse: Initialize beyond-EOF page contents before setting uptodate
* | 39a8a0618d ANDROID: Fix gki allmodconfig build errors in mptcp
* | 0c105dabe6 Revert "genirq: Allow the PM device to originate from irq domain"
* | e62a1579e0 Revert "genirq: Allow irq_chip registration functions to take a const irq_chip"
* | b5df17128a Revert "irqchip/imx-irqsteer: Constify irq_chip struct"
* | 6943c015b0 Revert "irqchip/imx-irqsteer: Add runtime PM support"
* | 3141b23999 Revert "irqchip/imx-irqsteer: Handle runtime power management correctly"
* | b84ad15be5 Merge 5.10.224 into android12-5.10-lts
|\|
| * b2add7c50b Linux 5.10.224
| * 2de18b5cc3 media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"
| * e1ee1c4198 ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
| * 80ac0cc9c0 wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
| * a563f12430 vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
| * 06e9e6ac59 vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
| * b21ea49e6e nvme/pci: Add APST quirk for Lenovo N60z laptop
| * 15469d46ba exec: Fix ToCToU between perm check and set-uid/gid usage
| * d39e0f582b media: uvcvideo: Use entity get_cur in uvc_ctrl_set
| * ec54634f91 arm64: cpufeature: Fix the visibility of compat hwcaps
| * fb6675db04 powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
| * 50111a8098 drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
| * 31c35f9f89 netfilter: nf_tables: prefer nft_chain_validate
| * d5f87c1111 netfilter: nf_tables: allow clone callbacks to sleep
| * 7b17de2a71 netfilter: nf_tables: use timestamp to check for set element timeout
| * 191fc44395 netfilter: nf_tables: set element extended ACK reporting support
| * c52f9e1a9e PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
| * 7e62564d5e Fix gcc 4.9 build issue in 5.10.y
| * 329eae03d0 Add gitignore file for samples/fanotify/ subdirectory
| * 9bdf0624bd samples: Make fs-monitor depend on libc and headers
| * 5b9f49cc86 samples: Add fs error monitoring example
| * 3f84b37abb mptcp: pm: fix backup support in signal endpoints
| * 44165604dd mptcp: export local_address
| * 9b9a64ef9a mptcp: mib: count MPJ with backup flag
| * 96f3c8a850 mptcp: fix NL PM announced address accounting
| * 1008f2bcbc mptcp: distinguish rcv vs sent backup flag in requests
| * 381cad7a08 mptcp: sched: check both directions for backup
| * 32b133fb78 drm/mgag200: Set DDC timeout in milliseconds
| * fd65cf86ca drm/bridge: analogix_dp: properly handle zero sized AUX transactions
| * 450b6b22ac x86/mtrr: Check if fixed MTRRs exist before saving them
| * ab8b397d59 padata: Fix possible divide-by-0 panic in padata_mt_helper()
| * eb223bf01e tracing: Fix overflow in get_free_elt()
| * ca2ea2dec1 power: supply: axp288_charger: Round constant_charge_voltage writes down
| * 51e8360d94 power: supply: axp288_charger: Fix constant_charge_voltage writes
| * a26bcfeea3 genirq/irqdesc: Honor caller provided affinity in alloc_desc()
| * db959cdfe6 irqchip/xilinx: Fix shift out of bounds
| * 52b138f102 serial: core: check uartclk for zero to avoid divide by zero
| * 227d455e6c irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t'
| * 7dddf560e2 irqchip/meson-gpio: support more than 8 channels gpio irq
| * 5f1aa8ce64 scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
| * 8f209716ea scsi: mpt3sas: Remove scsi_dma_map() error messages
| * f3405f4997 ntp: Safeguard against time_constant overflow
| * f098e8fc72 driver core: Fix uevent_show() vs driver detach race
| * dc335b92e5 ntp: Clamp maxerror and esterror to operating range
| * 668c6c4a7e tick/broadcast: Move per CPU pointer access into the atomic section
| * 005c318981 scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
| * ef1b208ca8 usb: gadget: u_serial: Set start_delayed during suspend
| * 7cc9ebcfe5 usb: gadget: core: Check for unset descriptor
| * f1205a5aad USB: serial: debug: do not echo input by default
| * 4dacdb9720 usb: vhci-hcd: Do not drop references before new references are gained
| * d993cb25ef ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
| * c7c1ca6e25 ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
| * e7e7d2b180 ALSA: line6: Fix racy access to midibuf
| * 5291d4f734 drm/client: fix null pointer dereference in drm_client_modeset_probe
| * 44e11ae8f9 ALSA: usb-audio: Re-add ScratchAmp quirk entries
| * c9c11ece5a spi: spi-fsl-lpspi: Fix scldiv calculation
| * c6ba514732 kprobes: Fix to check symbol prefixes correctly
| * 9ddd5e7835 bpf: kprobe: remove unused declaring of bpf_kprobe_override
| * 455769ebb6 i2c: smbus: Send alert notifications to all devices if source not found
| * 56f106d2c4 ASoC: codecs: wsa881x: Correct Soundwire ports mask
| * 5605992ad4 i2c: smbus: Improve handling of stuck alerts
| * 706f18a8fa arm64: errata: Expand speculative SSBS workaround (again)
| * f261c5d8d0 arm64: cputype: Add Cortex-A725 definitions
| * bdae104b09 arm64: cputype: Add Cortex-X1C definitions
| * 4a500d4bdc arm64: errata: Expand speculative SSBS workaround
| * bf0d247dfb arm64: errata: Unify speculative SSBS errata logic
| * 17ff37fe45 arm64: cputype: Add Cortex-X925 definitions
| * 77741cdc25 arm64: cputype: Add Cortex-A720 definitions
| * b8d683f5b5 arm64: cputype: Add Cortex-X3 definitions
| * 9f7ba00782 arm64: errata: Add workaround for Arm errata 3194386 and 3312417
| * d8029a49c8 arm64: cputype: Add Neoverse-V3 definitions
| * c46b7570c9 arm64: cputype: Add Cortex-X4 definitions
| * 55920e407a arm64: Add Neoverse-V2 part
| * 5b9ae6bb33 arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
| * 69299a4282 ext4: fix wrong unit use in ext4_mb_find_by_goal
| * 1d21d41750 sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
| * 3b2b169fad SUNRPC: Fix a race to wake a sync task
| * a3e52a4c22 s390/sclp: Prevent release of buffer in I/O
| * 1a6b4240b0 jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
| * e48a901ce6 media: uvcvideo: Fix the bandwdith quirk on USB 3.x
| * de305abd36 media: uvcvideo: Ignore empty TS packets
| * c1749313f3 drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
| * d81c1eeb33 drm/amdgpu: Fix the null pointer dereference to ras_manager
| * 1d4e65fa62 btrfs: fix bitmap leak when loading free space cache on duplicate entry
| * 29ce18d767 wifi: nl80211: don't give key data to userspace
| * 934f815345 udf: prevent integer overflow in udf_bitmap_free_blocks()
| * 65b982b9af PCI: Add Edimax Vendor ID to pci_ids.h
| * 55985e3aa1 selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
| * 8e665ccc52 ACPI: SBS: manage alarm sysfs attribute through psy core
| * 85d8fe79a3 ACPI: battery: create alarm sysfs attribute atomically
| * 64ac0c0235 clocksource/drivers/sh_cmt: Address race condition for clock events
| * c384dd4f1f md/raid5: avoid BUG_ON() while continue reshape after reassembling
| * 5ccf99545c md: do not delete safemode_timer in mddev_suspend
| * 464d242868 rcutorture: Fix rcu_torture_fwd_cb_cr() data race
| * adc491f3e7 net: fec: Stop PPS on driver remove
| * 865948628a l2tp: fix lockdep splat
| * b7b8d9f5e6 net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
| * 01150020c0 Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
| * 085fb116c4 net: linkwatch: use system_unbound_wq
| * e87f52225e net: usb: qmi_wwan: fix memory leak for not ip packets
| * 52319d9d2f sctp: Fix null-ptr-deref in reuseport_add_sock().
| * 17a93a8201 sctp: move hlist_node and hashent out of sctp_ep_common
| * ba4e59f34c x86/mm: Fix pti_clone_entry_text() for i386
| * d00c9b4bbc x86/mm: Fix pti_clone_pgtable() alignment assumption
| * 75880302cf irqchip/mbigen: Fix mbigen node address layout
| * c476c5c7bb genirq: Allow irq_chip registration functions to take a const irq_chip
| * 12fa993433 netfilter: ipset: Add list flush to cancel_gc
| * e93fa44f07 mptcp: fix duplicate data handling
| * 3deac6f686 r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
| * 646e9e9071 net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
| * 8b0a5709ac ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
| * 7b745257ff ALSA: usb-audio: Correct surround channels in UAC1 channel map
| * 08775b3d6e protect the fetch of ->fd[fd] in do_dup2() from mispredictions
| * e4b2b0306b HID: wacom: Modify pen IDs
| * b12a67976b platform/chrome: cros_ec_proto: Lock device when updating MKBP version
| * 59be4a1677 riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
| * 7d72f51951 ipv6: fix ndisc_is_useropt() handling for PIO
| * 8e97cc828d net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
| * c65f72eec6 net/iucv: fix use after free in iucv_sock_close()
| * 7c03ab555e sched: act_ct: take care of padding in struct zones_ht_key
| * b17eeed7cd drm/vmwgfx: Fix overlay when using Screen Targets
| * 906372e753 drm/nouveau: prime: fix refcount underflow
| * 6b50462b47 remoteproc: imx_rproc: Skip over memory region when node value is NULL
| * 5991ef8e7a remoteproc: imx_rproc: Fix ignoring mapping vdev regions
| * a4ed3286a5 remoteproc: imx_rproc: ignore mapping vdev regions
| * 3a2884a44e irqchip/imx-irqsteer: Handle runtime power management correctly
| * 0548b54d0a irqchip/imx-irqsteer: Add runtime PM support
| * 06a93b7203 irqchip/imx-irqsteer: Constify irq_chip struct
| * 652e7b4d73 genirq: Allow the PM device to originate from irq domain
| * ef56dcdca8 devres: Fix memory leakage caused by driver API devm_free_percpu()
| * 81484ab285 driver core: Cast to (void *) with __force for __percpu pointer
| * 6bb9cc6e25 drivers: soc: xilinx: check return status of get_api_version()
| * 79ec4cde1d soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver
| * 58b07286ae ext4: check the extent status again before inserting delalloc block
| * 4b6d9a0fe7 ext4: factor out a common helper to query extent map
| * b2591c89a6 sysctl: always initialize i_uid/i_gid
| * 88f053a1dd fuse: verify {g,u}id mount options correctly
| * 997d3c9cbe fuse: name fs_context consistently
| * 2fa82af6fd powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
| * d28869a145 fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
| * be23ae6308 nvme-pci: add missing condition check for existence of mapped data
| * ce90f30157 nvme: split command copy into a helper
| * b59013d264 ceph: fix incorrect kmalloc size of pagevec mempool
| * eb1b7575fe ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
| * 3ff4316953 lirc: rc_dev_get_from_fd(): fix file leak
| * ea72a88810 powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
| * 347dcb84a4 apparmor: Fix null pointer deref when receiving skb during sock creation
| * 9460ac3dd1 mISDN: Fix a use after free in hfcmulti_tx()
| * dda518dea6 bpf: Fix a segment issue when downgrading gso_size
| * 5cc4d71dda net: nexthop: Initialize all fields in dumped nexthops
| * dc2a655437 net: stmmac: Correct byte order of perfect_match
| * aa38bf7489 tipc: Return non-zero value from tipc_udp_addr2str() on error
| * cf791b98fe netfilter: nft_set_pipapo_avx2: disable softinterrupts
| * c8ae5939f4 net: bonding: correctly annotate RCU in bond_should_notify_peers()
| * 3bf09eab40 ipv4: Fix incorrect source address in Record Route option
| * f62a9cc0c2 MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
| * 257193083e dma: fix call order in dmam_free_coherent
| * 641b7a8920 libbpf: Fix no-args func prototype BTF dumping syntax
| * ff2387553f f2fs: fix start segno of large section
| * 721190921a um: time-travel: fix time-travel-start option
| * 538a27c804 jfs: Fix array-index-out-of-bounds in diFree
| * 1c089efe76 kdb: Use the passed prompt in kdb_position_cursor()
| * f0ad62559f kdb: address -Wformat-security warnings
| * 65dba3c9ce kernel: rerun task_work while freezing in get_signal()
| * b839175c06 io_uring/io-wq: limit retrying worker initialisation
| * 5f0a6800b8 nilfs2: handle inconsistent state in nilfs_btnode_create_block()
| * 9fa8eca259 Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
| * 4d3eb40ccd Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
| * 1fccae3fd7 rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
| * 52d8d27fd6 rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
| * 76b62f3035 drm/panfrost: Mark simple_ondemand governor as softdep
| * 77411a2d22 MIPS: Loongson64: env: Hook up Loongsson-2K
| * 636163de03 MIPS: ip30: ip30-console: Add missing include
| * 4e8f70d3cc rbd: don't assume rbd_is_lock_owner() for exclusive mappings
| * 24933a55bf selftests/sigaltstack: Fix ppc64 GCC build
| * 94ee7ff99b RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
| * 9667d46f8a platform: mips: cpu_hwmon: Disable driver on unsupported hardware
| * 19f108b3d1 watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
| * 9cba1ec637 rtc: isl1208: Fix return value of nvmem callbacks
| * a49321257f perf/x86/intel/pt: Fix a topa_entry base address calculation
| * 3b8e1b7d26 perf/x86/intel/pt: Fix topa_entry base length
| * a3ab508a48 scsi: qla2xxx: validate nvme_local_port correctly
| * 57ba756371 scsi: qla2xxx: Complete command early within lock
| * b0c39dcbd8 scsi: qla2xxx: Fix flash read failure
| * 87db8d7b75 scsi: qla2xxx: Fix for possible memory corruption
| * e5ed6a26ff scsi: qla2xxx: During vport delete send async logout explicitly
| * 2fcd485289 rtc: cmos: Fix return value of nvmem callbacks
| * d4d814159f devres: Fix devm_krealloc() wasting memory
| * 648d549046 kobject_uevent: Fix OOB access within zap_modalias_env()
| * 41dd963641 kbuild: Fix '-S -c' in x86 stack protector scripts
| * 0730ea8502 decompress_bunzip2: fix rare decompression failure
| * bed9580165 ubi: eba: properly rollback inside self_check_eba
| * ae99754cd8 clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
| * 54bc4e8844 f2fs: fix to don't dirty inode for readonly filesystem
| * b848b40794 scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
| * a44f88f757 dev/parport: fix the array out-of-bounds risk
| * 388ee7a4d3 binder: fix hang of unregistered readers
| * ac2459460c PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
| * e5bae95306 PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
| * af1d27f88e hwrng: amd - Convert PCIBIOS_* return codes to errnos
| * 43aab4483d tools/memory-model: Fix bug in lock.cat
| * 9d289ce917 KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
| * cdbcb4e9f6 jbd2: make jbd2_journal_get_max_txn_bufs() internal
| * 6d5223be13 leds: ss4200: Convert PCIBIOS_* return codes to errnos
| * 35f8c9ac0c wifi: mwifiex: Fix interface type change
| * de2a011a13 ext4: make sure the first directory block is not a hole
| * 42d4205170 ext4: check dot and dotdot of dx_root before making dir indexed
| * 3846394785 m68k: amiga: Turn off Warp1260 interrupts during boot
| * 2199e157a4 udf: Avoid using corrupted block bitmap buffer
| * 5c59cb8dd9 task_work: Introduce task_work_cancel() again
| * 1fd27cc6f0 task_work: s/task_work_cancel()/task_work_cancel_func()/
| * 973155ca67 apparmor: use kvfree_sensitive to free data->data
| * eb46367187 sched/fair: Use all little CPUs for CPU-bound workloads
| * 9ce89824ff drm/amd/display: Check for NULL pointer
| * 748e9ad7c0 scsi: qla2xxx: Fix optrom version displayed in FDMI
| * 6735d02ead drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
| * b6ac46a001 drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
| * 86f4ca8b3b ext2: Verify bitmap and itable block numbers before using them
| * 10f7163bfb hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
| * 4c9d235630 media: venus: fix use after free in vdec_close
| * e65cccfae7 char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
| * cf0c713c69 sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
| * 5c5b02d489 ipv6: take care of scope when choosing the src addr
| * 83e2dfadcb af_packet: Handle outgoing VLAN packets without hardware offloading
| * 7e36a3c701 net: netconsole: Disable target before netpoll cleanup
| * 9ef7190228 tick/broadcast: Make takeover of broadcast hrtimer reliable
| * f2c2c4cc5a dt-bindings: thermal: correct thermal zone node name limit
| * 14083dc69b rtc: interface: Add RTC offset to alarm after fix-up
| * 84ffa27eb0 nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
| * 9d6571b1c4 fs/nilfs2: remove some unused macros to tame gcc
| * 3c6fa67023 fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
| * 21a15d52bc pinctrl: freescale: mxs: Fix refcount of child
| * d2de7746e5 pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
| * 73303a4a8f pinctrl: ti: ti-iodelay: Drop if block with always false condition
| * 15014206f9 pinctrl: single: fix possible memory leak when pinctrl_enable() fails
| * 8c3bef7ca8 pinctrl: core: fix possible memory leak when pinctrl_enable() fails
| * 53f2d5bce1 pinctrl: rockchip: update rk3308 iomux routes
| * 01c0341e98 net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
| * ef6af29942 net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
| * eb4ca1a97e netfilter: ctnetlink: use helper function to calculate expect ID
| * 9118c408ee bnxt_re: Fix imm_data endianness
| * edc2dee07a RDMA/hns: Fix missing pagesize and alignment check in FRMR
| * 29723ad948 macintosh/therm_windtunnel: fix module unload.
| * 445ffbccd0 powerpc/xmon: Fix disassembly CPU feature checks
| * 38a7e4b8bf MIPS: Octeron: remove source file executable bit
| * 3009d371a2 Input: elan_i2c - do not leave interrupt disabled on suspend failure
| * 37a484f771 RDMA/device: Return error earlier if port in not valid
| * 695d70c60b mtd: make mtd_test.c a separate module
| * ab2114f6ff ASoC: max98088: Check for clk_prepare_enable() error
| * 771f129bed RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
| * 506e71b0e1 RDMA/mlx4: Fix truncated output warning in alias_GUID.c
| * 6bf3cf61f3 RDMA/mlx4: Fix truncated output warning in mad.c
| * 26b6512d5d Input: qt1050 - handle CHIP_ID reading error
| * 2be7e24056 coresight: Fix ref leak when of_coresight_parse_endpoint() fails
| * 3d1c4bf57d PCI: Fix resource double counting on remove & rescan
| * 8105318210 SUNRPC: Fixup gss_status tracepoint error output
| * 8f1dc3f33f sparc64: Fix incorrect function signature and add prototype for prom_cif_init
| * 3d096f2a99 ext4: avoid writing unitialized memory to disk in EA inodes
| * 91c22df701 SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
| * 84edcf61bd xprtrdma: Fix rpcrdma_reqs_reset()
| * 974294806b xprtrdma: Rename frwr_release_mr()
| * cf9141d2f7 mfd: omap-usb-tll: Use struct_size to allocate tll
| * 72ac78ec1a media: venus: flush all buffers in output plane streamoff
| * 5ed0496e38 ext4: fix infinite loop when replaying fast_commit
| * c9106ad5ea Revert "leds: led-core: Fix refcount leak in of_led_get()"
| * 4e87f592a4 drm/qxl: Add check for drm_cvt_mode
| * cd105977b1 drm/etnaviv: fix DMA direction handling for cached RW buffers
| * 6ef4f1e981 perf report: Fix condition in sort__sym_cmp()
| * 09c1583f0e leds: trigger: Unregister sysfs attributes before calling deactivate()
| * 3c9071a871 media: renesas: vsp1: Store RPF partition configuration per RPF instance
| * 3944484005 media: renesas: vsp1: Fix _irqsave and _irq mix
| * 9459f33175 media: uvcvideo: Override default flags
| * 115d814d6a media: uvcvideo: Allow entity-defined get_info and get_cur
| * e470e95616 saa7134: Unchecked i2c_transfer function result fixed
| * f3968b3d3c media: imon: Fix race getting ictx->lock
| * bcc963f591 media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
| * 7aaa368c68 drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
| * fb20da8338 drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
| * be9d08ff10 xdp: fix invalid wait context of page_pool_destroy()
| * 96178b12c8 selftests: forwarding: devlink_lib: Wait for udev events after reloading
| * 859bc76374 bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
| * 6ce46045f9 bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
| * 28c8fce207 bpf: annotate BTF show functions with __printf
| * 1ccb1399bd selftests/bpf: Close fd in error path in drop_on_reuseport
| * be53b70fc0 wifi: virt_wifi: don't use strlen() in const context
| * f851ff5c6e gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
| * 05c4488a0e wifi: virt_wifi: avoid reporting connection success with wrong SSID
| * b33dd45086 qed: Improve the stack space of filter_config()
| * 7f132aca18 perf: Prevent passing zero nr_pages to rb_alloc_aux()
| * a2450206c0 perf: Fix perf_aux_size() for greater-than 32-bit size
| * a497a6b72b perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
| * d4f4188ecf netfilter: nf_tables: rise cap on SELinux secmark context
| * 0d08015bee ipvs: Avoid unnecessary calls to skb_is_gso_sctp
| * 2912a0d136 net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
| * 29254059a1 net: fec: Refactor: #define magic constants
| * 2e201b3d16 wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
| * 72e470089f wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
| * 4055275ca3 wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
| * 2aa1739334 ath11k: dp: stop rx pktlog before suspend
| * dae1ab7040 mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
| * aa98eb0740 mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible
| * 36a9996e02 mlxsw: spectrum_acl_erp: Fix object nesting warning
| * 22ae17a267 lib: objagg: Fix general protection fault
| * ada0c31925 selftests/bpf: Check length of recv in test_sockmap
| * 249adb30cb net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
| * 15c2ec7c28 net/smc: Allow SMC-D 1MB DMB allocations
| * 8d0d50a8b7 net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
| * 2f5738bdd6 selftests/bpf: Fix prog numbers in test_sockmap
| * 1302433dc6 wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
| * 1eb5751e23 firmware: turris-mox-rwtm: Initialize completion before mailbox
| * 085dc94289 firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
| * 6f3cb1fd6b ARM: spitz: fix GPIO assignment for backlight
| * 7b7d06a310 ARM: pxa: spitz: use gpio descriptors for audio
| * 3ae2ec97d8 m68k: cmpxchg: Fix return value for default case in __arch_xchg()
| * ba1d2ecfcf x86/xen: Convert comma to semicolon
| * 4a49ce2d63 m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
| * e04654f425 arm64: dts: amlogic: gx: correct hdmi clocks
| * 4745535fce arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
| * be5ca40647 arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
| * b1e9396ac4 ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
| * a992c88fbb ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
| * c79a7cad41 ARM: dts: imx6qdl-kontron-samx6i: fix board reset
| * efd89b5db5 ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
| * bbfa9a71ae ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node
| * 31a9a0958b arm64: dts: rockchip: Increase VOP clk rate on RK3328
| * 5cc525351b soc: qcom: pdr: fix parsing of domains lists
| * eab05737ee soc: qcom: pdr: protect locator_addr with the main mutex
| * a584e5d3f7 arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
| * eedd9fd986 soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
| * 39f4cb508e arm64: dts: qcom: sdm845: add power-domain to UFS PHY
| * d3e6b30c9c hwmon: (max6697) Fix swapped temp{1,8} critical alarms
| * 15770a1476 hwmon: (max6697) Fix underflow when writing limit attributes
| * ae8bd075a9 pwm: stm32: Always do lazy disabling
| * d8571b9a83 hwmon: (adt7475) Fix default duty on fan is disabled
| * 685976438b x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
| * 010441f083 x86/pci/xen: Fix PCIBIOS_* return code handling
| * c995bea85e x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
| * e2fdf7b79f x86/of: Return consistent error type from x86_of_pci_irq_enable()
| * 97795f23a8 hfsplus: fix to avoid false alarm of circular locking
| * c0748b7684 platform/chrome: cros_ec_debugfs: fix wrong EC message version
| * 3070e81609 EDAC, i10nm: make skx_common.o a separate module
| * 9bff9479e1 EDAC/skx_common: Add new ADXL components for 2-level memory
* 767b3cdf4f Merge branch 'android12-5.10' into android12-5.10-lts

Change-Id: I0e05e42a679534cd2d7254df19f21f2d8732df5f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-10-28 18:51:06 +00:00
Paolo Abeni
c38add9ac0 tcp: fix mptcp DSS corruption due to large pmtu xmit 
commit 4dabcdf581217e60690467a37c956a5b8dbc6bd9 upstream.

Syzkaller was able to trigger a DSS corruption:

  TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695
  Modules linked in:
  CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
  RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695
  Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff
  RSP: 0018:ffffc90000006db8 EFLAGS: 00010246
  RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00
  RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0
  RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8
  R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000
  R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5
  FS:  000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  Call Trace:
   <IRQ>
   move_skbs_to_msk net/mptcp/protocol.c:811 [inline]
   mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854
   subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490
   tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283
   tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237
   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915
   tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350
   ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205
   ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
   __netif_receive_skb_one_core net/core/dev.c:5662 [inline]
   __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775
   process_backlog+0x662/0x15b0 net/core/dev.c:6107
   __napi_poll+0xcb/0x490 net/core/dev.c:6771
   napi_poll net/core/dev.c:6840 [inline]
   net_rx_action+0x89b/0x1240 net/core/dev.c:6962
   handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
   do_softirq+0x11b/0x1e0 kernel/softirq.c:455
   </IRQ>
   <TASK>
   __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
   local_bh_enable include/linux/bottom_half.h:33 [inline]
   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
   __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451
   dev_queue_xmit include/linux/netdevice.h:3094 [inline]
   neigh_hh_output include/net/neighbour.h:526 [inline]
   neigh_output include/net/neighbour.h:540 [inline]
   ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236
   ip_local_out net/ipv4/ip_output.c:130 [inline]
   __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536
   __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466
   tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]
   tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]
   tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752
   __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015
   tcp_push_pending_frames include/net/tcp.h:2107 [inline]
   tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]
   tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239
   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915
   sk_backlog_rcv include/net/sock.h:1113 [inline]
   __release_sock+0x214/0x350 net/core/sock.c:3072
   release_sock+0x61/0x1f0 net/core/sock.c:3626
   mptcp_push_release net/mptcp/protocol.c:1486 [inline]
   __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625
   mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903
   sock_sendmsg_nosec net/socket.c:730 [inline]
   __sock_sendmsg+0x1a6/0x270 net/socket.c:745
   ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603
   ___sys_sendmsg net/socket.c:2657 [inline]
   __sys_sendmsg+0x2aa/0x390 net/socket.c:2686
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f
  RIP: 0033:0x7fb06e9317f9
  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
  RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
  RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9
  RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
  RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000
  R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406
  R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003
   </TASK>

Additionally syzkaller provided a nice reproducer. The repro enables
pmtu on the loopback device, leading to tcp_mtu_probe() generating
very large probe packets.

tcp_can_coalesce_send_queue_head() currently does not check for
mptcp-level invariants, and allowed the creation of cross-DSS probes,
leading to the mentioned corruption.

Address the issue teaching tcp_can_coalesce_send_queue_head() about
mptcp using the tcp_skb_can_collapse(), also reducing the code
duplication.

Fixes: 8571248411 ("tcp: coalesce/collapse must respect MPTCP extensions")
Cc: stable@vger.kernel.org
Reported-by: syzbot+d1bff73460e33101f0e7@syzkaller.appspotmail.com
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e551@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ Conflict in tcp_output.c, because commit 65249feb6b3d ("net: add
  support for skbs with unreadable frags"), and commit 9b65b17db723
  ("net: avoid double accounting for pure zerocopy skbs") are not in
  this version. These commits are linked to new features and introduce
  new conditions which cause the conflicts. Resolving this is easy: we
  can ignore the missing new condition, and use tcp_skb_can_collapse()
  like in the original patch. ]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-22 15:39:30 +02:00
Paolo Abeni
fde99e972b mptcp: handle consistently DSS corruption 
commit e32d262c89e2b22cb0640223f953b548617ed8a6 upstream.

Bugged peer implementation can send corrupted DSS options, consistently
hitting a few warning in the data path. Use DEBUG_NET assertions, to
avoid the splat on some builds and handle consistently the error, dumping
related MIBs and performing fallback and/or reset according to the
subflow type.

Fixes: 6771bfd9ee ("mptcp: update mptcp ack sequence from work queue")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-1-c6fb8e93e551@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ Conflicts in mib.[ch], because commit 104125b82e5c ("mptcp: add mib
  for infinite map sending") is linked to a new feature, not available
  in this version. Resolving the conflicts is easy, simply adding the
  new lines declaring the new "DSS corruptions" MIB entries.
  Also removed in protocol.c and subflow.c all DEBUG_NET_WARN_ON_ONCE
  because they are not defined in this version: enough with the MIB
  counters that have been added in this commit. ]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-22 15:39:29 +02:00
Geliang Tang
609937aa96 mptcp: track and update contiguous data status 
commit 0530020a7c8f2204e784f0dbdc882bbd961fdbde upstream.

This patch adds a new member allow_infinite_fallback in mptcp_sock,
which is initialized to 'true' when the connection begins and is set
to 'false' on any retransmit or successful MP_JOIN. Only do infinite
mapping fallback if there is a single subflow AND there have been no
retransmissions AND there have never been any MP_JOINs.

Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: e32d262c89e2 ("mptcp: handle consistently DSS corruption")
[ Conflicts in protocol.c, because commit 3e5014909b56 ("mptcp: cleanup
  MPJ subflow list handling") is not in this version. This commit is
  linked to a new feature, changing the context around. The new line
  can still be added at the same place.
  Conflicts in protocol.h, because commit 4f6e14bd19d6 ("mptcp: support
  TCP_CORK and TCP_NODELAY") is not in this version. This commit is
  linked to a new feature, changing the context around. The new line can
  still be added at the same place.
  Conflicts in subflow.c, because commit 0348c690ed37 ("mptcp: add the
  fallback check") is not in this version. This commit is linked to a
  new feature, changing the context around. The new line can still be
  added at the same place.
  Extra conflicts in v5.10, because the context has been changed. ]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-22 15:39:29 +02:00
Aaron Thompson
63d6a3b078 Bluetooth: Remove debugfs directory on module init failure 
commit 1db4564f101b47188c1b71696bd342ef09172b22 upstream.

If bt_init() fails, the debugfs directory currently is not removed. If
the module is loaded again after that, the debugfs directory is not set
up properly due to the existing directory.

  # modprobe bluetooth
  # ls -laF /sys/kernel/debug/bluetooth
  total 0
  drwxr-xr-x  2 root root 0 Sep 27 14:26 ./
  drwx------ 31 root root 0 Sep 27 14:25 ../
  -r--r--r--  1 root root 0 Sep 27 14:26 l2cap
  -r--r--r--  1 root root 0 Sep 27 14:26 sco
  # modprobe -r bluetooth
  # ls -laF /sys/kernel/debug/bluetooth
  ls: cannot access '/sys/kernel/debug/bluetooth': No such file or directory
  #

  # modprobe bluetooth
  modprobe: ERROR: could not insert 'bluetooth': Invalid argument
  # dmesg | tail -n 6
  Bluetooth: Core ver 2.22
  NET: Registered PF_BLUETOOTH protocol family
  Bluetooth: HCI device and connection manager initialized
  Bluetooth: HCI socket layer initialized
  Bluetooth: Faking l2cap_init() failure for testing
  NET: Unregistered PF_BLUETOOTH protocol family
  # ls -laF /sys/kernel/debug/bluetooth
  total 0
  drwxr-xr-x  2 root root 0 Sep 27 14:31 ./
  drwx------ 31 root root 0 Sep 27 14:26 ../
  #

  # modprobe bluetooth
  # dmesg | tail -n 7
  Bluetooth: Core ver 2.22
  debugfs: Directory 'bluetooth' with parent '/' already present!
  NET: Registered PF_BLUETOOTH protocol family
  Bluetooth: HCI device and connection manager initialized
  Bluetooth: HCI socket layer initialized
  Bluetooth: L2CAP socket layer initialized
  Bluetooth: SCO socket layer initialized
  # ls -laF /sys/kernel/debug/bluetooth
  total 0
  drwxr-xr-x  2 root root 0 Sep 27 14:31 ./
  drwx------ 31 root root 0 Sep 27 14:26 ../
  #

Cc: stable@vger.kernel.org
Fixes: ffcecac6a7 ("Bluetooth: Create root debugfs directory during module init")
Signed-off-by: Aaron Thompson <dev@aaront.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-22 15:39:28 +02:00
Johannes Berg
e8e599a635 wifi: mac80211: fix potential key use-after-free 
commit 31db78a4923ef5e2008f2eed321811ca79e7f71b upstream.

When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
ieee80211_gtk_rekey_add() will still return a pointer into the
key, in a potential use-after-free. This normally doesn't happen
since it's only called by iwlwifi in case of WoWLAN rekey offload
which has its own KRACK protection, but still better to fix, do
that by returning an error code and converting that to success on
the cfg80211 boundary only, leaving the error for bad callers of
ieee80211_gtk_rekey_add().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: fdf7cb4185 ("mac80211: accept key reinstall without changing anything")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Sherry: bp to fix CVE-2023-52530, resolved minor conflicts in
  net/mac80211/cfg.c because of context change due to missing commit
  23a5f0af6ff4 ("wifi: mac80211: remove cipher scheme support")
  ccdde7c74ffd ("wifi: mac80211: properly implement MLO key handling")]
Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-22 15:39:24 +02:00
Willem de Bruijn
53a61c62da BACKPORT: gso: fix udp gso fraglist segmentation after pull from frag_list 
Detect gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.

Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size

Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.

In extreme cases they pull all data into skb linear. For UDP, this
causes a NULL ptr deref in __udpv4_gso_segment_list_csum at
udp_hdr(seg->next)->dest.

Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.

Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediatek.com/
Fixes: 9fd1ff5d2a ("udp: Support UDP fraglist GRO/GSO.")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Bug: 373245346
Bug: 333849117
Change-Id: I5a317e002f149cf9d399dce9bf87cd649a24da19
(cherry picked from commit a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab)
Signed-off-by: Lena Wang <lena.wang@mediatek.corp-partner.google.com>
(cherry picked from commit 42c2d1ea7c1bf984372f0ca1711d91165cbb87a6)
(cherry picked from commit 7376b8e51c4ddaa8e36b2b33d6ac3392135183b1)
 2024-10-21 19:59:57 +00:00
Phil Sutter
05cc42d601 netfilter: ip6t_rpfilter: Fix regression with VRF interfaces 
commit efb056e5f1f0036179b2f92c1c15f5ea7a891d70 upstream.

When calling ip6_route_lookup() for the packet arriving on the VRF
interface, the result is always the real (slave) interface. Expect this
when validating the result.

Fixes: acc641ab95b66 ("netfilter: rpfilter/fib: Populate flowic_l3mdev field")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-17 15:08:38 +02:00
Andrea Mayer
3adb1be04f net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev 
commit a3bd2102e464202b58d57390a538d96f57ffc361 upstream.

Commit 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif
reset for port devices") adds a new entry (flowi_l3mdev) in the common
flow struct used for indicating the l3mdev index for later rule and
table matching.
The l3mdev_update_flow() has been adapted to properly set the
flowi_l3mdev based on the flowi_oif/flowi_iif. In fact, when a valid
flowi_iif is supplied to the l3mdev_update_flow(), this function can
update the flowi_l3mdev entry only if it has not yet been set (i.e., the
flowi_l3mdev entry is equal to 0).

The SRv6 End.DT6 behavior in VRF mode leverages a VRF device in order to
force the routing lookup into the associated routing table. This routing
operation is performed by seg6_lookup_any_nextop() preparing a flowi6
data structure used by ip6_route_input_lookup() which, in turn,
(indirectly) invokes l3mdev_update_flow().

However, seg6_lookup_any_nexthop() does not initialize the new
flowi_l3mdev entry which is filled with random garbage data. This
prevents l3mdev_update_flow() from properly updating the flowi_l3mdev
with the VRF index, and thus SRv6 End.DT6 (VRF mode)/DT46 behaviors are
broken.

This patch correctly initializes the flowi6 instance allocated and used
by seg6_lookup_any_nexhtop(). Specifically, the entire flowi6 instance
is wiped out: in case new entries are added to flowi/flowi6 (as happened
with the flowi_l3mdev entry), we should no longer have incorrectly
initialized values. As a result of this operation, the value of
flowi_l3mdev is also set to 0.

The proposed fix can be tested easily. Starting from the commit
referenced in the Fixes, selftests [1],[2] indicate that the SRv6
End.DT6 (VRF mode)/DT46 behaviors no longer work correctly. By applying
this patch, those behaviors are back to work properly again.

[1] - tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh
[2] - tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh

Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices")
Reported-by: Anton Makarov <am@3a-alliance.com>
Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220608091917.20345-1-andrea.mayer@uniroma2.it
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-17 15:08:38 +02:00
David Ahern
ab6c9463b1 net: Handle l3mdev in ip_tunnel_init_flow 
commit db53cd3d88dc328dea2e968c9c8d3b4294a8a674 upstream.

Ido reported that the commit referenced in the Fixes tag broke
a gre use case with dummy devices. Add a check to ip_tunnel_init_flow
to see if the oif is an l3mdev port and if so set the oif to 0 to
avoid the oif comparison in fib_lookup_good_nhc.

Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices")
Reported-by: Ido Schimmel <idosch@idosch.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-17 15:08:38 +02:00
David Ahern
0825c5ff24 xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup 
commit 748b82c23e25310fec54e1eff2cb63936f391b24 upstream.

The commit referenced in the Fixes tag no longer changes the
flow oif to the l3mdev ifindex. A xfrm use case was expecting
the flowi_oif to be the VRF if relevant and the change broke
that test. Update xfrm_bundle_create to pass oif if set and any
potential flowi_l3mdev if oif is not set.

Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-17 15:08:38 +02:00
Anastasia Kovaleva
68ad5da6ca net: Fix an unsafe loop on the list 
commit 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 upstream.

The kernel may crash when deleting a genetlink family if there are still
listeners for that family:

Oops: Kernel access of bad area, sig: 11 [#1]
  ...
  NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0
  LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0
  Call Trace:
__netlink_clear_multicast_users+0x74/0xc0
genl_unregister_family+0xd4/0x2d0

Change the unsafe loop on the list to a safe one, because inside the
loop there is an element removal from this list.

Fixes: b8273570f8 ("genetlink: fix netns vs. netlink table locking (2)")
Cc: stable@vger.kernel.org
Signed-off-by: Anastasia Kovaleva <a.kovaleva@yadro.com>
Reviewed-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241003104431.12391-1-a.kovaleva@yadro.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2024-10-17 15:08:37 +02:00
Florian Westphal
3502b1a297 netfilter: fib: check correct rtable in vrf setups 
[ Upstream commit 05ef7055debc804e8083737402127975e7244fc4 ]

We need to init l3mdev unconditionally, else main routing table is searched
and incorrect result is returned unless strict (iif keyword) matching is
requested.

Next patch adds a selftest for this.

Fixes: 2a8a7c0eaa87 ("netfilter: nft_fib: Fix for rpath check with VRF devices")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1761
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-10-17 15:08:36 +02:00
Guillaume Nault
037145e2a2 netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. 
[ Upstream commit 1fcc064b305a1aadeff0d4bff961094d27660acd ]

Currently netfilter's rpfilter and fib modules implicitely initialise
->flowic_uid with 0. This is normally the root UID. However, this isn't
the case in user namespaces, where user ID 0 is mapped to a different
kernel UID. By initialising ->flowic_uid with sock_net_uid(), we get
the root UID of the user namespace, thus keeping the same behaviour
whether or not we're running in a user namepspace.

Note, this is similar to commit 8bcfd0925e ("ipv4: add missing
initialization for flowi4_uid"), which fixed the rp_filter sysctl.

Fixes: 622ec2c9d5 ("net: core: add UID to flows, rules, and routes")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 05ef7055debc ("netfilter: fib: check correct rtable in vrf setups")
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-10-17 15:08:36 +02:00
Phil Sutter
d98558fe26 netfilter: rpfilter/fib: Populate flowic_l3mdev field 
[ Upstream commit acc641ab95b66b813c1ce856c377a2bbe71e7f52 ]

Use the introduced field for correct operation with VRF devices instead
of conditionally overwriting flowic_oif. This is a partial revert of
commit b575b24b8e ("netfilter: Fix rpfilter dropping vrf packets by
mistake"), implementing a simpler solution.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Stable-dep-of: 05ef7055debc ("netfilter: fib: check correct rtable in vrf setups")
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-10-17 15:08:36 +02:00
Xin Long
265bf63e24 sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start 
[ Upstream commit 4d5c70e6155d5eae198bade4afeab3c1b15073b6 ]

If hashing fails in sctp_listen_start(), the socket remains in the
LISTENING state, even though it was not added to the hash table.
This can lead to a scenario where a socket appears to be listening
without actually being accessible.

This patch ensures that if the hashing operation fails, the sk_state
is set back to CLOSED before returning an error.

Note that there is no need to undo the autobind operation if hashing
fails, as the bind port can still be used for next listen() call on
the same socket.

Fixes: 76c6d988ae ("sctp: add sock_reuseport for the sock in __sctp_hash_endpoint")
Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-10-17 15:08:35 +02:00
David Ahern
740de19877 net: Add l3mdev index to flow struct and avoid oif reset for port devices 
[ Upstream commit 40867d74c374b235e14d839f3a77f26684feefe5 ]

The fundamental premise of VRF and l3mdev core code is binding a socket
to a device (l3mdev or netdev with an L3 domain) to indicate L3 scope.
Legacy code resets flowi_oif to the l3mdev losing any original port
device binding. Ben (among others) has demonstrated use cases where the
original port device binding is important and needs to be retained.
This patch handles that by adding a new entry to the common flow struct
that can indicate the l3mdev index for later rule and table matching
avoiding the need to reset flowi_oif.

In addition to allowing more use cases that require port device binds,
this patch brings a few datapath simplications:

1. l3mdev_fib_rule_match is only called when walking fib rules and
   always after l3mdev_update_flow. That allows an optimization to bail
   early for non-VRF type uses cases when flowi_l3mdev is not set. Also,
   only that index needs to be checked for the FIB table id.

2. l3mdev_update_flow can be called with flowi_oif set to a l3mdev
   (e.g., VRF) device. By resetting flowi_oif only for this case the
   FLOWI_FLAG_SKIP_NH_OIF flag is not longer needed and can be removed,
   removing several checks in the datapath. The flowi_iif path can be
   simplified to only be called if the it is not loopback (loopback can
   not be assigned to an L3 domain) and the l3mdev index is not already
   set.

3. Avoid another device lookup in the output path when the fib lookup
   returns a reject failure.

Note: 2 functional tests for local traffic with reject fib rules are
updated to reflect the new direct failure at FIB lookup time for ping
rather than the failure on packet path. The current code fails like this:

    HINT: Fails since address on vrf device is out of device scope
    COMMAND: ip netns exec ns-A ping -c1 -w1 -I eth1 172.16.3.1
    ping: Warning: source address might be selected on device other than: eth1
    PING 172.16.3.1 (172.16.3.1) from 172.16.3.1 eth1: 56(84) bytes of data.

    --- 172.16.3.1 ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms

where the test now directly fails:

    HINT: Fails since address on vrf device is out of device scope
    COMMAND: ip netns exec ns-A ping -c1 -w1 -I eth1 172.16.3.1
    ping: connect: No route to host

Signed-off-by: David Ahern <dsahern@kernel.org>
Tested-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20220314204551.16369-1-dsahern@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 05ef7055debc ("netfilter: fib: check correct rtable in vrf setups")
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-10-17 15:08:35 +02:00