16725 Commits

Author	SHA1	Message	Date
Greg Kroah-Hartman	7d3ca1ed3f	This is the 5.10.226 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmbiry8ACgkQONu9yGCS aT6N3g//bWYo3l5q543ygloK7UBTkuyJFWb0ENBbu0J9qlnYaSeKDvqjmMUPBHKi ZCAzL5nHmAfPMSbjRnltsl54Z7X69264BNLv62M86VnGVDrD7Y93Sn+Ts9jJoTYR k97HrSojKsqrC2MZLaLuDnoeReoHpeAn4rwIs8mAaApxv48NfRh65KRkipkkRi0N S7UXC82a8NyjF9wQaB2+Cdt2S0SD2706074X/0jXBAM3YR+5lF3NFgXylmUULTWi kmCCauGhvfsR9vGIXBAYfX/thF3FSuffJjrWQ3i3/v75PyfoLZ4CruRGXIKM5UBN TDEqx1Fx+fDXjgH07DYjFLBxQnv9wTgAtflXJj4qfaULO3NonBZHW3xIBe8foO2b 6858JdPcSA2LJ1wUxTc8BuYzgiwz5aCbGa0cLJCyJKYhJXGToweFyDM1nS2V66MD TF43J/8zv9OAbj6TIT8WisfCgDMIIeMg/RsoaduGZViEN2Sg46XHN4ciZ7eakJOq j3JFaAan+WPDlYpBLv1tCz+e6IDexugnbP43+E+eY8Xl6UDKUaXd3NiT728W84ll 0KULycqOteiFy7KN6NJx0oLA3YarQciatRm99zA8pnBBvqy0yJXYxWxmmaSQiGo+ VvNTrz6uc+ISP9TJfuPm8KH7NwQVhrjsndXaW2HWgoQ+fWgSZjU= =abQi -----END PGP SIGNATURE----- Merge 5.10.226 into android12-5.10-lts Changes in 5.10.226 drm: panel-orientation-quirks: Add quirk for OrangePi Neo ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown i2c: Fix conditional for substituting empty ACPI functions dma-debug: avoid deadlock between dma debug vs printk and netconsole net: usb: qmi_wwan: add MeiG Smart SRM825L drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: fix uninitialized scalar variable warning drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amdgpu: avoid reading vf2pf info size from FB drm/amd/display: Check gpio_id before used as array index drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device apparmor: fix possible NULL pointer dereference drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries wifi: iwlwifi: remove fw_running op PCI: al: Check IORESOURCE_BUS existence during probe hwspinlock: Introduce hwspin_lock_bust() ionic: fix potential irq name truncation usbip: Don't submit special requests twice usb: typec: ucsi: Fix null pointer dereference in trace fsnotify: clear PARENT_WATCHED flags lazily smack: tcp: ipv4, fix incorrect labeling drm/meson: plane: Add error handling wifi: cfg80211: make hash table duplicates more survivable block: remove the blk_flush_integrity call in blk_integrity_unregister drm/amd/display: Skip wbscl_set_scaler_filter if filter is null media: uvcvideo: Enforce alignment of frame and interval block: initialize integrity buffer to zero before writing it to media drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode net: set SOCK_RCU_FREE before inserting socket into hashtable virtio_net: Fix napi_skb_cache_put warning rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow udf: Limit file size to 4TB ext4: handle redirtying in ext4_bio_write_page() i2c: Use IS_REACHABLE() for substituting empty ACPI functions bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt sch/netem: fix use after free in netem_dequeue ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices ALSA: hda/realtek: add patch for internal mic in Lenovo V145 ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx ata: libata: Fix memory leak for error path in ata_host_alloc() irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K mmc: sdhci-of-aspeed: fix module autoloading fuse: update stats for pages in dropped aux writeback list fuse: use unsigned type for getxattr/listxattr size truncation clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open tracing: Avoid possible softlockup in tracing_iter_reset() ila: call nf_unregister_net_hooks() sooner sched: sch_cake: fix bulk flow accounting logic for host fairness nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function btrfs: fix use-after-free after failure to create a snapshot mptcp: pr_debug: add missing \n at the end mptcp: pm: avoid possible UaF when selecting endp nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: simplify error paths in nfsd_svc() NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global ALSA: hda: Add input value sanity checks to HDMI channel map controls smack: unix sockets: fix accept()ed socket label irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 af_unix: Remove put_pid()/put_cred() in copy_peercred(). iommu: sun50i: clear bypass register netfilter: nf_conncount: fix wrong variable type udf: Avoid excessive partition lengths media: vivid: fix wrong sizeimage value for mplane leds: spi-byte: Call of_node_put() on error path wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 usb: uas: set host status byte on data completion error media: vivid: don't set HDMI TX controls if there are no HDMI outputs PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse pcmcia: Use resource_size function on resource object can: bcm: Remove proc entry when dev is unregistered. igb: Fix not clearing TimeSync interrupts for 82580 svcrdma: Catch another Reply chunk overflow case platform/x86: dell-smbios: Fix error path in dell_smbios_init() tcp_bpf: fix return value of tcp_bpf_sendmsg() igc: Unlock on error in igc_io_resume() drivers/net/usb: Remove all strcpy() uses net: usb: don't write directly to netdev->dev_addr usbnet: modern method to get random MAC bareudp: Fix device stats updates. fou: remove sparse errors gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers fou: Fix null-ptr-deref in GRO. net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN net: dsa: vsc73xx: fix possible subblocks range of CAPT block ASoC: topology: Properly initialize soc_enum values dm init: Handle minors larger than 255 iommu/vt-d: Handle volatile descriptor status read cgroup: Protect css->cgroup write under css_set_lock um: line: always fill *error_out in setup_one_line() devres: Initialize an uninitialized struct member pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes libbpf: Add NULL checks to bpf_object__{prev_map,next_map} wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete PCI: Add missing bridge lock to pci_bus_lock() net: dpaa: avoid on-stack arrays of NR_CPUS elements kselftests: dmabuf-heaps: Ensure the driver name is null-terminated btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() s390/vmlinux.lds.S: Move ro_after_init section behind rodata section HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Input: uinput - reject requests with unreasonable number of slots usbnet: ipheth: race between ipheth_close and error handling Squashfs: sanity check symbolic link size of/irq: Prevent device address out-of-bounds read in interrupt map walk lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed ata: pata_macio: Use WARN instead of BUG NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations staging: iio: frequency: ad9834: Validate frequency parameter value iio: buffer-dmaengine: fix releasing dma channel on error iio: fix scale application in iio_convert_raw_to_processed_unlocked iio: adc: ad7124: fix chip ID mismatch binder: fix UAF caused by offsets overwrite nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic VMCI: Fix use-after-free when removing resource in vmci_resource_remove() clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime clocksource/drivers/timer-of: Remove percpu irq related code uprobes: Use kzalloc to allocate xol area perf/aux: Fix AUX buffer serialization nilfs2: replace snprintf in show functions with sysfs_emit nilfs2: protect references to superblock parameters exposed in sysfs ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Move get_cpu_for_acpi_id() to a header arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry nvmet-tcp: fix kernel crash if commands allocation fails drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused mmc: cqhci: Fix checking of CQHCI_HALT state rtmutex: Drop rt_mutex::wait_lock before scheduling x86/mm: Fix PTI for i386 some more net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket memcg: protect concurrent access to mem_cgroup_idr Linux 5.10.226 Change-Id: I3c0afd32ba78775f67cde6d73b4dbf931bbc4770 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-09-14 20:53:50 +00:00
Shakeel Butt	912736a043	memcg: protect concurrent access to mem_cgroup_idr ... commit 9972605a238339b85bd16b084eed5f18414d22db upstream. Commit 73f576c04b ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus are protected through cgroup_mutex from concurrent modifications. However idr_remove() for mem_cgroup_idr was not protected against concurrency and can be run concurrently for different memcgs when they hit their refcnt to zero. Fix that. We have been seeing list_lru based kernel crashes at a low frequency in our fleet for a long time. These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. Upon further inspection, it looked like for a given object (dentry and inode), the super_block's list_lru didn't have list_lru_one for the memcg of that object. The initial suspicions were either the object is not allocated through kmem_cache_alloc_lru() or somehow memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but returned success. No evidence were found for these cases. Looking more deeply, we started seeing situations where valid memcg's id is not present in mem_cgroup_idr and in some cases multiple valid memcgs have same id and mem_cgroup_idr is pointing to one of them. So, the most reasonable explanation is that these situations can happen due to race between multiple idr_remove() calls or race between idr_alloc()/idr_replace() and idr_remove(). These races are causing multiple memcgs to acquire the same ID and then offlining of one of them would cleanup list_lrus on the system for all of them. Later access from other memcgs to the list_lru cause crashes due to missing list_lru_one. Link: https://lkml.kernel.org/r/20240802235822.1830976-1-shakeel.butt@linux.dev Fixes: 73f576c04b ("mm: memcontrol: fix cgroup creation failure after many small jobs") Signed-off-by: Shakeel Butt <shakeel.butt@linux.dev> Acked-by: Muchun Song <muchun.song@linux.dev> Reviewed-by: Roman Gushchin <roman.gushchin@linux.dev> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [ Adapted due to commit be740503ed03 ("mm: memcontrol: fix cannot alloc the maximum memcg ID") and 6f0df8e16eb5 ("memcontrol: ensure memcg acquired by id is properly set up") not in the tree ] Signed-off-by: Tomas Krcka <krckatom@amazon.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-09-12 11:06:51 +02:00
Greg Kroah-Hartman	4951c68022	Merge 5.10.225 into android12-5.10-lts ... Changes in 5.10.225 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration thunderbolt: Mark XDomain as unplugged when router is removed s390/dasd: fix error recovery leading to data corruption on ESE devices arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure vfs: Don't evict inode under the inode lru traversing context bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() btrfs: tree-checker: add dev extent item checks drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops drm/amdgpu/jpeg2: properly set atomics vmid field s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() s390/uv: Panic for set and remove shared access UVC errors net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: axienet: Fix register defines comment description net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size netfilter: flowtable: initialise extack before use net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: mac80211: fix BA session teardown race wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero RDMA/rtrs: Fix the problem of variable not initialized fully s390/smp,mcck: fix early IPI handling media: radio-isa: use dev_name to fill in bus_info staging: iio: resolver: ad2s1210: fix use before initialization drm/amd/display: Validate hw_points_num before using it staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount media: qcom: venus: fix incorrect return value scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu nvmet-trace: avoid dereferencing pointer too early ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output drm/lima: set gp bus_stop bit before hard reset virtiofs: forbid newlines in tags netlink: hold nlk->cb_mutex longer in __netlink_dump_start() md: clean up invalid BUG_ON in md_ioctl x86: Increase brk randomness entropy for 64-bit systems memory: stm32-fmc2-ebi: check regmap_read return value parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access net: hns3: add checking for vf id of mailbox nvmet-tcp: do not continue for invalid icreq NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) dm suspend: return -ERESTARTSYS instead of -EINTR Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator tc-testing: don't access non-existent variable on exception kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ip6_tunnel: Fix broken GRO bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave ice: fix ICE_LAST_OFFSET formula net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: Fix out-of-bound access netem: fix return value if duplicate enqueue fails ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses drm/msm/dpu: don't play tricks with debug macros drm/msm/dp: reset the link phy params before link training mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() binfmt_misc: pass binfmt_misc flags to the interpreter MIPS: Loongson64: Set timer mode in cpu-probe HID: wacom: Defer calculation of resolution until resolution_code is known HID: microsoft: Add rumble support to latest xbox controllers cxgb4: add forgotten u64 ivlan cast before shift KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 mmc: dw_mmc: allow biu and ciu clocks to defer Revert "drm/amd/display: Validate hw_points_num before using it" ALSA: timer: Relax start tick time check for slave timer elements nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc KVM: arm64: Don't use cbz/adr with external symbols pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances mptcp: sched: check both backup in retrans ipc: replace costly bailout check in sysvipc_find_ipc() drm/amdkfd: don't allow mapping the MMIO HDP page with large pages media: uvcvideo: Fix integer overflow calculating timestamp Revert "Input: ioc3kbd - convert to platform remove callback returning void" ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() net:rds: Fix possible deadlock in rds_message_put ovl: do not fail because of O_NOATIME soundwire: stream: fix programming slave ports for non-continous port maps dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification ethtool: check device is present when getting link settings gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() nfc: pn533: Add poll mod list filling check soc: qcom: cmd-db: Map shared memory as WC, not WB cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure apparmor: fix policy_unpack_test on big endian systems Linux 5.10.225 Change-Id: I5028ef07db680262d45fba4096094fe8b19dd052 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-09-11 14:51:02 +00:00
Al Viro	ad149f5585	memcg_write_event_control(): fix a user-triggerable oops ... commit 046667c4d3196938e992fba0dfcde570aa85cd0e upstream. we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). Fixes: 0dea116876 ("cgroup: implement eventfd-based generic API for notifications") Cc: stable@vger.kernel.org Cc: Andrew Morton <akpm@linux-foundation.org> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-09-04 13:17:30 +02:00
Greg Kroah-Hartman	b7647fb740	Merge branch 'android12-5.10' into branch 'android12-5.10-lts' ... Do a backmerge to catch the android12-5.10-lts branch up with recent changes done in android12-5.10. Included in here are the following commits: * c761121f9a Merge tag 'android12-5.10.218_r00' into android12-5.10 * e0ab5345d6 UPSTREAM: f2fs: avoid false alarm of circular locking * 758dd4cd50 UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock * 6f61666ab1 ANDROID: userfaultfd: Fix use-after-free in userfaultfd_using_sigbus() * 441ca240dd ANDROID: 16K: Don't set padding vm_flags on 32-bit archs * 3889296829 FROMLIST: binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues * 6d9feaf249 ANDROID: fix kernelci build breaks due to hid/uhid cyclic dependency * b07354bd32 Merge tag 'android12-5.10.214_r00' into android12-5.10 * 0a36a75b28 UPSTREAM: af_unix: Fix garbage collector racing against connect() * 5fd2d91390 ANDROID: uid_sys_stats: Use llist for deferred work * dbfd6a5812 ANDROID: uid_sys_stats: Use a single work for deferred updates * 98440be320 ANDROID: GKI: Add new ABI symbol list * 93bad8a473 ANDROID: 16K: Only check basename of linker context * f91f368b2e UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight. * 732004ab69 ANDROID: GKI: Update symbols to symbol list * 9d06d47cd2 ANDROID: ABI fixup for abi break in struct dst_ops * bff4c6bace BACKPORT: net: fix __dst_negative_advice() race Change-Id: Ibe1bb644ae24c59bf17c9b8fec0cabe8f8288733 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-07-22 10:30:32 +00:00
Greg Kroah-Hartman	c761121f9a	Merge tag 'android12-5.10.218_r00' into android12-5.10 ... This merges the 5.10.218 LTS kernel into the android12-5.10 branch. Included in here are the following commits: * 3a2d2273f6 Merge 5.10.218 into android12-5.10-lts |\ | * 61458c864c Linux 5.10.218 | * 04a5842ed7 docs: kernel_include.py: Cope with docutils 0.21 | * b5fb355c9f serial: kgdboc: Fix NMI-safety problems from keyboard reset code | * 7ed7748c94 usb: typec: ucsi: displayport: Fix potential deadlock | * 0eb296233f drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() | * c48ab6a4cd btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() | * 99951b62bf mptcp: ensure snd_nxt is properly initialized on connect | * f2277d9e2a firmware: arm_scmi: Harden accesses to the reset domains | * 546751d9d4 KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection | * 05c9e3fc93 netlink: annotate lockless accesses to nlk->max_recvmsg_len | * eb15243bc9 ima: fix deadlock when traversing "ima_default_rules". | * db7aa45c71 net: bcmgenet: synchronize UMAC_CMD access | * b8d75bb01c net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access | * 719225b0f9 Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" | * 1424ab4bb3 x86/xen: Drop USERGS_SYSRET64 paravirt call | * 8869c2916d pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() * | dde5ece421 Merge 5.10.217 into android12-5.10-lts |\| | * ce3838dbef Linux 5.10.217 | * fb5b347efd md: fix kmemleak of rdev->serial | * ad2011ea78 keys: Fix overwrite of key expiration on instantiation | * 324be157e0 regulator: core: fix debugfs creation regression | * 7788fc8a8b hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us | * 0c3248bc70 net: fix out-of-bounds access in ops_init | * 3cd682357c drm/vmwgfx: Fix invalid reads in fence signaled events | * 49e0911887 mei: me: add lunar lake point M DID | * 41d8ac238a dyndbg: fix old BUG_ON in >control parser | * 7fbcbb96ae ASoC: tegra: Fix DSPK 16-bit playback | * f6c807e853 net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() | * 367766ff9e tipc: fix UAF in error path | * e2648b3d17 iio: accel: mxc4005: Interrupt handling fixes | * 0ba169bb80 iio:imu: adis16475: Fix sync mode setting | * e6ba44f832 ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU | * 72410925c8 usb: dwc3: core: Prevent phy suspend during init | * 15165b5258 usb: xhci-plat: Don't include xhci.h | * ffb06cb324 usb: gadget: f_fs: Fix a race condition when processing setup packets. | * 31cfe4e156 usb: gadget: composite: fix OS descriptors w_value logic | * 3afc842e66 usb: ohci: Prevent missed ohci interrupts | * 399ca46db7 usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device | * 3a970e41c3 usb: typec: ucsi: Fix connector check on init | * 3b0b6b3276 usb: typec: ucsi: Check for notifications after init | * 09b3536d98 arm64: dts: qcom: Fix 'interrupt-map' parent address cells | * cca330c59c firewire: nosy: ensure user_length is taken into account when fetching packet contents | * a2fb0eefa4 btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() | * 3284447d66 net: hns3: use appropriate barrier function after setting a bit value | * 674c951ab8 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() | * 9a2a5cd84f net: bridge: fix corrupted ethernet header on multicast-to-unicast | * e7eb0737c6 kcov: Remove kcov include from sched.h and move it to its users. | * f085e02f0a phonet: fix rtm_phonet_notify() skb allocation | * b33ae32b6d hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock | * 5b37ce7bb2 hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() | * 549e740bad hwmon: (corsair-cpro) Use a separate buffer for sending commands | * 6c8f44b025 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation | * 06acb75e7e Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout | * 33a6e92161 Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout | * 1d9cf07810 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). | * 413c33b9f3 tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets | * a4b7606732 xfrm: Preserve vlan tags for transport mode software GRO | * 17f8b8d432 net:usb:qmi_wwan: support Rolling modules | * e09096291f drm/nouveau/dp: Don't probe eDP ports twice harder | * 09be6fa6af fs/9p: drop inodes immediately on non-.L too | * c43463fa3f clk: Don't hold prepare_lock when calling kref_put() | * c8e9cc2fa9 gpio: crystalcove: Use -ENOTSUPP consistently | * 09c733cde5 gpio: wcove: Use -ENOTSUPP consistently | * dca2b31cf4 9p: explicitly deny setlease attempts | * c38c45304b fs/9p: translate O_TRUNC into OTRUNC | * 5a605930e1 fs/9p: only translate RWX permissions for plain 9P2000 | * a79b53d0d9 selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior | * 7c355faad0 MIPS: scall: Save thread_info.syscall unconditionally on entry | * 09888cff32 gpu: host1x: Do not setup DMA for virtual devices | * 62accf6c1d blk-iocost: avoid out of bounds shift | * 7ba3962c9e scsi: target: Fix SELinux error when systemd-modules loads the target module | * b34fdb24ab btrfs: always clear PERTRANS metadata during commit | * e2a3a1df2f btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve | * 2214d3a5d9 tools/power turbostat: Fix Bzy_MHz documentation typo | * 413dbd60ea tools/power turbostat: Fix added raw MSR output | * fa273f3123 firewire: ohci: mask bus reset interrupts between ISR and bottom half | * e8b125df34 ata: sata_gemini: Check clk_enable() result | * 1fb7ab9a6e net: bcmgenet: Reset RBUF on first open | * 602dd9d99a ALSA: line6: Zero-initialize message buffers | * e2f5d61b5a btrfs: return accurate error code on open failure in open_fs_devices() | * ad498539dd scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload | * d21475d29d net: mark racy access on sk->sk_rcvbuf | * a762b8e041 wifi: cfg80211: fix rdev_dump_mpp() arguments order | * a21712550a wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc | * a7fb16ff62 gfs2: Fix invalid metadata access in punch_hole | * e7e50ac5f4 scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic | * 4404465a1b KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() | * 4563a0afd9 KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id | * bfc78b4628 clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change | * 7df798dd59 net: gro: add flush check in udp_gro_receive_segment | * adbce6d20d tipc: fix a possible memleak in tipc_buf_append | * faa83a7797 net: core: reject skb_copy(_expand) for fraglist GSO skbs | * 48ab384d2b net: bridge: fix multicast-to-unicast with fraglist GSO | * a0e3faf29e net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 | * ea6213141e cxgb4: Properly lock TX queue for the selftest. | * aa50658c70 ASoC: meson: cards: select SND_DYNAMIC_MINORS | * f25b4c829e ASoC: Fix 7/8 spaces indentation in Kconfig | * bf9e84ae15 net: qede: use return from qede_parse_actions() | * 99c9baffcf net: qede: use return from qede_parse_flow_attr() for flow_spec | * fff2c7a02b net: qede: use return from qede_parse_flow_attr() for flower | * 4a0c24cc14 net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() | * 96a592f160 s390/vdso: Add CFI for RA register to asm macro vdso_func | * 553b2f6c34 net l2tp: drop flow hash on forward | * bbccf0caef nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). | * bcdac70adc octeontx2-af: avoid off-by-one read from userspace | * 6f0f19b79c bna: ensure the copied buf is NUL terminated | * 78ad3b01ca s390/mm: Fix clearing storage keys for huge pages | * e93c82fa96 s390/mm: Fix storage key clearing for guest huge pages | * 3994f81ab6 regulator: mt6360: De-capitalize devicetree regulator subnodes | * 35ab679e8b pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() | * 5ea5d06197 power: rt9455: hide unused rt9455_boost_voltage_values | * d4891d8173 nfs: Handle error of rpc_proc_register() in nfs_net_init(). | * afdbc21a92 nfs: make the rpc_stat per net namespace | * 6eef21eb7a nfs: expose /proc/net/sunrpc/nfs in net namespaces | * 95ebd5fc15 sunrpc: add a struct rpc_stats arg to rpc_create_args | * a3f1a38733 pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE | * e0e916a21e pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback | * d676152a7b pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic | * 288bc4aa75 pinctrl: core: delete incorrect free in pinctrl_enable() | * 734d2dad60 pinctrl/meson: fix typo in PDM's pin name | * 20c91ac14b pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T | * c850f71fca eeprom: at24: fix memory corruption race condition | * ec9dbddea2 eeprom: at24: Probe for DDR3 thermal sensor in the SPD case | * b2643d2532 eeprom: at24: Use dev_err_probe for nvmem register failure | * 5a730a161a wifi: nl80211: don't free NULL coalescing rule | * 00d09857f8 dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" | * db6740b4e1 dmaengine: pl330: issue_pending waits until WFP state * | d39363d4d0 ANDROID: update .xml file due to struct clk_core abi change * | c15c1199d6 Merge 5.10.216 into android12-5.10-lts |\| | * 39fbb15b4a Linux 5.10.216 | * 1897993bb8 riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled | * ba7bc80da3 serial: core: fix kernel-doc for uart_port_unlock_irqrestore() | * 16affc4d73 udp: preserve the connected status if only UDP cmsg | * 66297b2ced bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS | * 5095b93021 HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up | * 5fd7240458 i2c: smbus: fix NULL function pointer dereference | * 04bf2e5f95 riscv: Fix TASK_SIZE on 64-bit NOMMU | * d5cc3498f0 riscv: fix VMALLOC_START definition | * fcdd5bb4a8 dma: xilinx_dpdma: Fix locking | * 5129f84bc3 idma64: Don't try to serve interrupts when device is powered off | * 4d051d6f9c dmaengine: owl: fix register access functions | * ab31bc5022 tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() | * 74e5e5601d tcp: Clean up kernel listener's reqsk in inet_twsk_purge() | * 179a890ee4 mtd: diskonchip: work around ubsan link failure | * f99de42b80 stackdepot: respect __GFP_NOLOCKDEP allocation flag | * c9d5f3b5af net: b44: set pause params only when interface is up | * f3a2f186a1 ethernet: Add helper for assigning packet type when dest address does not match device address | * aa44d21574 irqchip/gic-v3-its: Prevent double free on error | * 5ab19dc55c drm/amdgpu: Fix leak when GPU memory allocation fails | * 48a92487db drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 | * b2d5ef07dd arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma | * af6d6a923b cpu: Re-enable CPU mitigations by default for !X86 architectures | * 30189e54ba btrfs: fix information leak in btrfs_ioctl_logical_to_ino() | * 6dc5afe8f2 Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 | * de657b2109 Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() | * 087de000e4 PM / devfreq: Fix buffer overflow in trans_stat_show | * 772a23d60a tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together | * ffbeb5d4f9 tracing: Show size of requested perf buffer | * 98f282c351 net/mlx5e: Fix a race in command alloc flow | * 2862578fcd Revert "crypto: api - Disallow identical driver names" | * 0dc0637e6b serial: mxs-auart: add spinlock around changing cts state | * fc955bdeba serial: core: Provide port lock wrappers | * ae7c8f52aa af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). | * dd0eb1dab9 net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets | * d51037994f iavf: Fix TC config comparison with existing adapter TC config | * 3a4677b219 i40e: Report MFS in decimal base instead of hex | * fbbb240434 i40e: Do not use WQ_MEM_RECLAIM flag for workqueue | * e4bb6da24d netfilter: nf_tables: honor table dormant flag from netdev release event path | * 857ed80013 mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work | * 09846c2309 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage | * 1d76bd2a00 mlxsw: spectrum_acl_tcam: Fix warning during rehash | * 617e98ba4c mlxsw: spectrum_acl_tcam: Fix memory leak during rehash | * 3c443a34a0 mlxsw: spectrum_acl_tcam: Rate limit error message | * a429a912d6 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash | * e24d248742 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update | * e1ad8eaa80 mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work | * 35880c3fa6 net: openvswitch: Fix Use-After-Free in ovs_ct_exit | * aca5dadab1 ipvs: Fix checksumming on GSO of SCTP packets | * 0caff3e639 net: gtp: Fix Use-After-Free in gtp_dellink | * 9bda5e2f62 net: usb: ax88179_178a: stop lying about skb->truesize | * 7da0f91681 ipv4: check for NULL idev in ip_route_use_hint() | * c676c68e48 NFC: trf7970a: disable all regulators on removal | * 6496fadf2a mlxsw: core: Unregister EMAD trap using FORWARD action | * e860a87054 vxlan: drop packets from invalid src-address | * 4dc8beb887 wifi: iwlwifi: mvm: remove old PASN station when adding a new one | * b4a29e1835 ARC: [plat-hsdk]: Remove misplaced interrupt-cells property | * 4c7a2f71b5 arm64: dts: mediatek: mt2712: fix validation errors | * 755703e68d arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block | * ed993f7448 arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" | * 819da78e4c arm64: dts: mediatek: mt7622: fix IR nodename | * 55d07efd38 arm64: dts: mediatek: mt7622: fix clock controllers | * 136c8e0169 arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch | * 57ff09043f arm64: dts: mediatek: mt7622: add support for coherent DMA | * f993087135 arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts | * 759796d768 arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma | * 38db853f7c arm64: dts: rockchip: fix alphabetical ordering RK3399 puma | * 7061c7efbb nilfs2: fix OOB in nilfs_set_de_type | * 13d76b2f44 nouveau: fix instmem race condition around ptr stores | * 1fd7db5c16 drm/amdgpu: validate the parameters of bo mapping operations more clearly | * 2ef607ea10 init/main.c: Fix potential static_command_line memory overflow | * 84bd4c2ae9 fs: sysfs: Fix reference leak in sysfs_break_active_protection() | * 6401038acf speakup: Avoid crash on very long word | * bf786df6bd mei: me: disable RPL-S on SPS and IGN firmwares | * 5160b4bd4d usb: Disable USB3 LPM at shutdown | * 26fde0ea40 usb: dwc2: host: Fix dereference issue in DDMA completion flow. | * ab92e11b73 Revert "usb: cdc-wdm: close race between read and workqueue" | * ba11df453e USB: serial: option: add Telit FN920C04 rmnet compositions | * 33b29a5007 USB: serial: option: add Rolling RW101-GL and RW135-GL support | * 6e7cdfd6c7 USB: serial: option: support Quectel EM060K sub-models | * b5c3eceec2 USB: serial: option: add Lonsung U8300/U9300 product | * e32faa0e9d USB: serial: option: add support for Fibocom FM650/FG650 | * 3366e4fdfe USB: serial: option: add Fibocom FM135-GL variants | * ab86cf6f8d serial/pmac_zilog: Remove flawed mitigation for rx irq flood | * f15370e315 comedi: vmk80xx: fix incomplete endpoint checking | * 5a7e30d9be thunderbolt: Fix wake configurations after device unplug | * e6245ed822 thunderbolt: Avoid notify PM core about runtime PM resume | * 48a1f83ca9 binder: check offset alignment in binder_get_object() | * 2e212ae066 x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ | * 4af115f1a2 clk: Get runtime PM before walking tree during disable_unused | * d339ce2739 clk: Initialize struct clk_core kref earlier | * 83e6e77f68 clk: Print an info line before disabling unused clocks | * c04fc24403 clk: remove extra empty line | * f5591ad6e2 clk: Mark 'all_lists' as const | * bde446f167 clk: Remove prepare_lock hold assertion in __clk_release() | * f3d4f01737 drm/panel: visionox-rm69299: don't unregister DSI device | * 097c7918fc drm: nv04: Fix out of bounds access | * 5ebbbeb295 RDMA/mlx5: Fix port number for counter query in multi-port configuration | * 40c4858623 RDMA/cm: Print the old state when cm_destroy_id gets timeout | * 2e45acd12c RDMA/rxe: Fix the problem "mutex_destroy missing" | * 14cdb43dbc tun: limit printing rate when illegal packet received by tun dev | * e3b887a9c1 netfilter: nft_set_pipapo: do not free live element | * 934e66e231 netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() | * 26ebeffff2 Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" | * 5062d1f4f0 kprobes: Fix possible use-after-free issue on kprobe registration | * 1d9ff61160 selftests/ftrace: Limit length in subsystem-enable tests | * 9abc3e6f11 riscv: process: Fix kernel gp leakage | * 11a821ee5e riscv: Enable per-task stack canaries | * 4c5e9eaa70 btrfs: record delayed inode root in transaction | * c38ea6f1ea irqflags: Explicitly ignore lockdep_hrtimer_exit() argument | * 85df831dc5 x86/apic: Force native_apic_mem_read() to use the MOV instruction | * 4979a581c7 selftests: timers: Fix abs() warning in posix_timers test | * 30da4180fd x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n | * a75a785dbe vhost: Add smp_rmb() in vhost_vq_avail_empty() | * 4158648776 drm/client: Fully protect modes[] with dev->mode_config.mutex | * fb9f76b2a2 btrfs: qgroup: correctly model root qgroup rsv in convert | * b43ff11736 mailbox: imx: fix suspend failue | * 5ef15c06ac iommu/vt-d: Allocate local memory for page request queue | * b26aa765f7 net: ena: Fix incorrect descriptor free behavior | * c3b3b0c1ac net: ena: Wrong missing IO completions check order | * 02c42a2774 net: ena: Fix potential sign extension issue | * 2e2a03787f af_unix: Fix garbage collector racing against connect() | * 14bea27d1c af_unix: Do not use atomic ops for unix_sk(sk)->inflight. | * 3d90ca9145 net/mlx5: Properly link new fs rules into the tree | * cf4bc359b7 netfilter: complete validation of user input | * b0e30c3769 Bluetooth: SCO: Fix not validating setsockopt user input | * 3fb02ec57e ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr | * 9e55a650ac ipv4/route: avoid unused-but-set-variable warning | * 1afc86bcfb ipv6: fib: hide unused 'pn' variable | * 434aabb6c1 octeontx2-af: Fix NIX SQ mode and BP config | * 10204df9be geneve: fix header validation in geneve[6]_xmit_skb | * a82984b3c6 xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING | * 69fbe5bf31 u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file | * 583b7b856f net: openvswitch: fix unwanted error log on timeout policy probing | * e252fc8279 nouveau: fix function cast warning | * 7dc2f7b2c3 media: cec: core: remove length check of Timer Status | * 8478394f76 Bluetooth: Fix memory leak in hci_req_sync_complete() | * 70a8be9dc2 batman-adv: Avoid infinite loop trying to resize local TT * | ce4609a54d ANDROID: mark DRM_VMWGFX as BROKEN * | 48fcb2dadf Revert "ANDROID: Setting up GS before calling __restore_processor_state." * | be9f128eaf Revert "block: introduce zone_write_granularity limit" * | 767bb1b3ae Revert "block: Clear zone limits for a non-zoned stacked queue" * | 213d8963dc Revert "scsi: sd: Fix wrong zone_write_granularity value during revalidate" * | eaaff97d11 Revert "PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()" * | 60f9b585da Revert "PCI: Cache PCIe Device Capabilities register" * | 54292b6722 Revert "PCI: Work around Intel I210 ROM BAR overlap defect" * | a4a9cf2ab5 Revert "PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited" * | 49a81ed542 Revert "PCI/DPC: Quirk PIO log size for certain Intel Root Ports" * | 478632cd90 Revert "PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports" * | 58574fb618 Revert "PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports" * | 3f602a77d6 Revert "timers: Rename del_timer_sync() to timer_delete_sync()" * | 9100d24dfd Merge 5.10.215 into android12-5.10-lts |\| | * e2e4e7b4ae Linux 5.10.215 | * cea750c99d x86/head/64: Re-enable stack protection | * 0bdc64e9e7 x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk | * 85d11ded2d scsi: sd: Fix wrong zone_write_granularity value during revalidate | * 44900a8bec kbuild: dummy-tools: adjust to stricter stackprotector check | * 682f6ca967 VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() | * f7d846acf9 Bluetooth: btintel: Fixe build regression | * fe34587acc drm/i915/gt: Reset queue_priority_hint on parking | * c2b2430b48 x86/mm/pat: fix VM_PAT handling in COW mappings | * 3b29694dde virtio: reenable config if freezing device failed | * ada28eb4b9 tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc | * b58d0ac35f netfilter: nf_tables: discard table flag update with pending basechain deletion | * 2cee2ff7f8 netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path | * 453c8da7ef netfilter: nf_tables: release batch on table validation from abort path | * 951838fee4 fbmon: prevent division by zero in fb_videomode_from_videomode() | * c6e0de1e07 drivers/nvme: Add quirks for device 126f:2262 | * 19536fe420 fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 | * e9efe31e6b usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined | * 8406161fbe usb: typec: tcpci: add generic tcpci fallback compatible | * e0184c95aa tools: iio: replace seekdir() in iio_generic_buffer | * 91698804bb ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment | * 694b7fa79e ktest: force $buildonly = 1 for 'make_warnings_file' test type | * 804ed6c3ac platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet | * 95bd7e317d Input: allocate keycode for Display refresh rate toggle | * d4b856aaaa RDMA/cm: add timeout to cm_destroy_id wait | * b0cb5564c3 block: prevent division by zero in blk_rq_stat_sum() | * d2341dc41a libperf evlist: Avoid out-of-bounds access | * 5e0a89c49f Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" | * 4b676584d0 SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int | * 0b5668a87c drm/amd/display: Fix nanosec stat overflow | * 48882b489f ext4: forbid commit inconsistent quota data when errors=remount-ro | * 6545e1307a ext4: add a hint for block bitmap corrupt state in mb_groups | * 2fef005985 media: sta2x11: fix irq handler cast | * bd12d39aaf isofs: handle CDs with bad root inode but good Joliet root directory | * c473288f27 scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() | * 674c1c4229 sysv: don't call sb_bread() with pointers_lock held | * 94b01bdf49 pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs | * fd238540fb Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails | * 86e9b47e8a Bluetooth: btintel: Fix null ptr deref in btintel_read_version | * bc4d1ebca1 net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() | * 4720d590c4 btrfs: send: handle path ref underflow in header iterate_inode_ref() | * 0002df7380 btrfs: export: handle invalid inode or root reference in btrfs_get_parent() | * 87299cdaae btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() | * a2e43c53b8 tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() | * 98e2b97acb pstore/zone: Add a null pointer check to the psz_kmsg_read | * a3cd110463 ionic: set adminq irq affinity | * bd365f0644 arm64: dts: rockchip: fix rk3399 hdmi ports node | * 3ea4717296 arm64: dts: rockchip: fix rk3328 hdmi ports node | * 5b71a921db panic: Flush kernel log buffer at the end | * ad78c5047d VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() | * 46e219d886 wifi: ath9k: fix LNA selection in ath_ant_try_scan() | * 1a038ea9f9 objtool: Add asm version of STACK_FRAME_NON_STANDARD | * bb5fb12c50 x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word | * c137ee44c5 mptcp: don't account accept() of non-MPC client as fallback to TCP | * aae6464684 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO | * f5e9b93fbe x86/bugs: Fix the SRSO mitigation on Zen3/4 | * 2cba2ba2a8 riscv: Fix spurious errors from __get/put_kernel_nofault | * 9fd381feaf s390/entry: align system call table on 8 bytes | * f5e65b782f x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() | * 3127b2ee50 of: dynamic: Synchronize of_changeset_destroy() with the devlink removals | * 7f62d985e9 driver core: Introduce device_link_wait_removal() | * 976b0215f6 ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone | * 75c3348796 ata: sata_mv: Fix PCI device ID table declaration compilation warning | * ca22295535 scsi: mylex: Fix sysfs buffer lengths | * dff4cd7de1 ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit | * aa5936f5ec ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw | * 21d2994c74 arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken | * a6186caf17 arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor | * ae5f35ff24 net: ravb: Always process TX descriptor ring | * 3391b15778 udp: do not accept non-tunnel GSO skbs landing in a tunnel | * 43183be84a Revert "usb: phy: generic: Get the vbus supply" | * 00810a2464 scsi: qla2xxx: Update manufacturer detail | * 20414bdc32 scsi: qla2xxx: Update manufacturer details | * b8e82128b4 i40e: fix vf may be used uninitialized in this function warning | * a88765b0a5 i40e: fix i40e_count_filters() to count only active/new filters | * 6ebcf688ae octeontx2-pf: check negative error code in otx2_open() | * 360edeb621 udp: do not transition UDP GRO fraglist partial checksums to unnecessary | * fd307f2d91 ipv6: Fix infinite recursion in fib6_dump_done(). | * ed2bdbf5d2 selftests: reuseaddr_conflict: add missing new line at the end of the output | * b14b9f9503 erspan: make sure erspan_base_hdr is present in skb->head | * 42852763a0 net: stmmac: fix rx queue priority assignment | * 5e45dc4408 net/sched: act_skbmod: prevent kernel-infoleak | * dd54b48db0 bpf, sockmap: Prevent lock inversion deadlock in map delete elem | * aedc6cfb71 vboxsf: Avoid an spurious warning if load_nls_xxx() fails | * 0f038242b7 netfilter: validate user input for expected length | * 940d41caa7 netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() | * 46c4481938 netfilter: nf_tables: flush pending destroy work before exit_net release | * 7b6fba6918 netfilter: nf_tables: reject new basechain after table flag update | * 8f6dfa1f1e block: add check that partition length needs to be aligned with block size | * e7ea043bc3 x86/srso: Add SRSO mitigation for Hygon processors | * af47e6a95e mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations | * a15bcaa75d Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." | * 1eff09acc8 io_uring: ensure '0' is returned on file registration success | * a563fc1858 vfio/fsl-mc: Block calling interrupt handler without trigger | * 09452c8fcb vfio/platform: Create persistent IRQ handlers | * 27d40bf72d vfio/pci: Create persistent INTx handler | * d6f77b5e47 vfio: Introduce interface to flush virqfd inject workqueue | * 3dd9be6cb5 vfio/pci: Lock external INTx masking ops | * 561d5e1998 vfio/pci: Disable auto-enable of exclusive INTx IRQ | * cfb786b03b net/rds: fix possible cp null dereference | * 6f3ae02bbb netfilter: nf_tables: disallow timeout for anonymous sets | * e470880754 Bluetooth: Fix TOCTOU in HCI debugfs implementation | * 7160569281 Bluetooth: hci_event: set the conn encrypted before conn establishes | * 89583ff143 x86/cpufeatures: Add new word for scattered features | * 77a82b9611 r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d | * e4be2df1b1 dm integrity: fix out-of-range warning | * c583066909 Octeontx2-af: fix pause frame configuration in GMP mode | * 9970e059af bpf: Protect against int overflow for stack access size | * e8ed357a6f ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() | * e3e27d2b44 tcp: properly terminate timers for kernel sockets | * 10b1273d8a ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() | * 755e53bbc6 nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet | * e451709573 USB: core: Fix deadlock in usb_deauthorize_interface() | * bb22d3689e scsi: lpfc: Correct size for wqe for memset() | * f49642661f PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports | * 34a81f5259 x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled | * 72ba168746 scsi: qla2xxx: Delay I/O Abort on PCI error | * 67b2d35853 scsi: qla2xxx: Fix command flush on cable pull | * a56b2033f1 scsi: qla2xxx: Split FCE|EFT trace control | * db0f08a6b6 usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset | * e9042f4e71 usb: typec: ucsi: Ack unsupported commands | * 3e944ddc17 usb: udc: remove warning when queue disabled ep | * fd84c4eb4d usb: dwc2: gadget: LPM flow fix | * db4fa0c8e8 usb: dwc2: host: Fix ISOC flow in DDMA mode | * 85ebae7707 usb: dwc2: host: Fix hibernation flow | * c63869e990 usb: dwc2: host: Fix remote wakeup from hibernation | * 8e047bc5a5 USB: core: Add hub_get() and hub_put() routines | * 6f4953255b staging: vc04_services: fix information leak in create_component() | * 3be3809b5d staging: vc04_services: changen strncpy() to strscpy_pad() | * 5c2386ba80 scsi: core: Fix unremoved procfs host directory regression | * aa39e6878f ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs | * 9b319f4a88 usb: cdc-wdm: close race between read and workqueue | * 6d9395ba7f net: ll_temac: platform_get_resource replaced by wrong function | * 2b539c8894 mmc: core: Avoid negative index with array access | * bce3a98352 mmc: core: Initialize mmc_blk_ioc_data | * 51c99c6795 hexagon: vmlinux.lds.S: handle attributes section | * 73b3ea4673 exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() | * e8b067c405 wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes | * f8f76b7574 init: open /initrd.image with O_LARGEFILE | * 2e5fe74034 mm/migrate: set swap entry values of THP tail pages properly. | * 38753f1ada mm/memory-failure: fix an incorrect use of tail pages | * 4e37416e4e serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO | * 9c5f4014f6 powerpc: xor_vmx: Add '-mhard-float' to CFLAGS | * f33255ccbb efivarfs: Request at most 512 bytes for variable names | * 33414e560f perf/core: Fix reentry problem in perf_output_read_group() | * 91cf85f753 KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests | * 66d5260fc7 x86/rfds: Mitigate Register File Data Sampling (RFDS) | * 5fbd9f6c39 Documentation/hw-vuln: Add documentation for RFDS | * 6e04cae36b x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set | * b9a97767c6 KVM/VMX: Move VERW closer to VMentry for MDS mitigation | * 52aad34ee3 KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH | * 6192d9ed31 x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key | * 50f021f0b9 x86/entry_32: Add VERW just before userspace transition | * edc702b4a8 x86/entry_64: Add VERW just before userspace transition | * 35e36eac88 x86/bugs: Add asm helpers for executing VERW | * 8b20c6f894 x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix | * b422358490 btrfs: allocate btrfs_ioctl_defrag_range_args on stack | * 3377090b81 printk: Update @console_may_schedule in console_trylock_spinning() | * 0fc88aeb2e xen/events: close evtchn after mapping cleanup | * bc40ded92a tee: optee: Fix kernel panic caused by incorrect error handling | * 94eb029370 fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion | * 1ce408f75c vt: fix unicode buffer corruption when deleting characters | * 28924c43ce mei: me: add arrow lake point H DID | * 4ba385d29e mei: me: add arrow lake point S DID | * bb664ed988 tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled | * 1d14247972 usb: port: Don't try to peer unused USB ports based on location | * ef846cdbd1 usb: gadget: ncm: Fix handling of zero block length packets | * 284fb1003d USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command | * 24427b02bf ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform | * 2d13b79640 KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() | * 6406c55fdc xfrm: Avoid clang fortify warning in copy_to_user_tmpl() | * d2951b72ea Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory | * 2863e2f062 netfilter: nf_tables: reject constant set with timeout | * fe40ffbca1 netfilter: nf_tables: disallow anonymous set with timeout flag | * e2d45f4670 netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout | * 449b8bdcde cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" | * ac816bbb10 comedi: comedi_test: Prevent timers rescheduling during deletion | * d430e29854 scripts: kernel-doc: Fix syntax error due to undeclared args variable | * d0838b0729 x86/pm: Work around false positive kmemleak report in msr_build_context() | * f594871732 x86/stackprotector/32: Make the canary into a regular percpu variable | * 6d22547437 vxge: remove unnecessary cast in kfree() | * 9759ff196e dm snapshot: fix lockup in dm_exception_table_exit | * b074a76cbd drm/amd/display: Fix noise issue on HDMI AV mute | * 1a77ee0f06 drm/amd/display: Return the correct HDCP error code | * 2f83291543 ahci: asm1064: asm1166: don't limit reported ports | * ce4c5d2787 ahci: asm1064: correct count of reported ports | * 493aa6bdcf wireguard: netlink: access device through ctx instead of peer | * f52be46e3e wireguard: netlink: check for dangling peer via is_dead instead of empty list | * ec5098d4c8 net: hns3: tracing: fix hclgevf trace event strings | * bce7345ee0 x86/CPU/AMD: Update the Zenbleed microcode revisions | * 224ec95f63 cpufreq: dt: always allocate zeroed cpumask | * f0fe7ad5af nilfs2: prevent kernel bug at submit_bh_wbc() | * c3b5c5c31e nilfs2: fix failure to detect DAT corruption in btree and direct mappings | * 7607860ae4 memtest: use {READ,WRITE}_ONCE in memory scanning | * c734f9c198 drm/vc4: hdmi: do not return negative values from .get_modes() | * 51c519d79f drm/imx/ipuv3: do not return negative values from .get_modes() | * a8cb3b0724 drm/exynos: do not return negative values from .get_modes() | * 9aaa60f35b drm/panel: do not return negative error codes from drm_panel_get_modes() | * 6470078ab3 s390/zcrypt: fix reference counting on zcrypt card objects | * 32edca2f03 soc: fsl: qbman: Use raw spinlock for cgr_lock | * 39ed969a7a soc: fsl: qbman: Add CGR update function | * c542f3a705 soc: fsl: qbman: Add helper for sanity checking cgr ops | * dd199e5b75 soc: fsl: qbman: Always disable interrupts when taking cgr_lock | * 47ad5c133e ring-buffer: Fix full_waiters_pending in poll | * 616a78bd68 ring-buffer: Fix resetting of shortest_full | * 756934d840 ring-buffer: Do not set shortest_full when full target is hit | * 3d4873cf80 ring-buffer: Fix waking up ring buffer readers | * ad68ce4936 vfio/platform: Disable virqfds on cleanup | * ef73db1cc8 PCI: dwc: endpoint: Fix advertised resizable BAR size | * 70077e0af5 kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 | * 4595d90b5d nfs: fix UAF in direct writes | * 7e55155db0 PCI/AER: Block runtime suspend when handling errors | * 648906b645 PCI/ERR: Clear AER status only when we control AER | * bb317bba5b speakup: Fix 8bit characters from direct synth | * 92eac4c00d usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic | * a799864b9e usb: gadget: tegra-xudc: Use dev_err_probe() | * 350aeb14aa phy: tegra: xusb: Add API to retrieve the port number of phy | * 0213b8bf71 slimbus: core: Remove usage of the deprecated ida_simple_xx() API | * b45970fc0a nvmem: meson-efuse: fix function pointer type mismatch | * e8e8b19731 ext4: fix corruption during on-line resize | * 89bc7ed740 hwmon: (amc6821) add of_match table | * 37005a1b85 drm/etnaviv: Restore some id values | * a1d62c0651 mmc: core: Fix switch on gp3 partition | * d85c11c97e mm: swap: fix race between free_swap_and_cache() and swapoff() | * 068ab2759b mac802154: fix llsec key resources release in mac802154_llsec_key_del | * 1302344f8a dm-raid: fix lockdep waring in "pers->hot_add_disk" | * b073267479 Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" | * be7f399e3f PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports | * a654d0a186 PCI/DPC: Quirk PIO log size for certain Intel Root Ports | * 51411a4d0a PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited | * 81d9ca1597 PCI: Work around Intel I210 ROM BAR overlap defect | * 619013d797 PCI: Cache PCIe Device Capabilities register | * 1f5ea9e3ae PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() | * bbe068b244 PCI/PM: Drain runtime-idle callbacks before driver removal | * 39f7310eaa PCI: Drop pci_device_remove() test of pci_dev->driver | * d2a9709728 btrfs: fix off-by-one chunk length calculation at contains_pending_extent() | * d7800338a2 serial: Lock console when calling into driver before registration | * 590326a5d4 printk/console: Split out code that enables default console | * a0e8272533 usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros | * c71ac0596e fuse: don't unhash root | * 853f0c0d34 fuse: fix root lookup with nonzero generation | * ab166a9445 mmc: tmio: avoid concurrent runs of mmc_request_done() | * 40dda05486 PM: sleep: wakeirq: fix wake irq warning in system suspend | * ad5b7fc6a7 USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M | * fec4dea54d USB: serial: option: add MeiG Smart SLM320 product | * 76b4979096 USB: serial: cp210x: add ID for MGP Instruments PDS100 | * cc235a4b8a USB: serial: add device ID for VeriFone adapter | * dccd649747 USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB | * a51a65d33e powerpc/fsl: Fix mfpmr build errors with newer binutils | * 3ff4a0f6a8 clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays | * a09aecb6cb clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays | * 851cc19bdb clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays | * ae60e33422 clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays | * 0aa06ebe69 PM: suspend: Set mem_sleep_current during kernel command line setup | * 47cad45f8b parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds | * d4a20501dd parisc: Fix csum_ipv6_magic on 64-bit systems | * 2a318f10d4 parisc: Fix csum_ipv6_magic on 32-bit systems | * 27b0db8def parisc: Fix ip_fast_csum | * 8b8019f9d7 parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros | * c2f8af101c mtd: rawnand: meson: fix scrambling mode value in command macro | * 7a9337af5b ubi: correct the calculation of fastmap size | * 0a16a633a2 ubi: Check for too small LEB size in VTBL code | * 8f599ab6fa ubifs: Set page uptodate in the correct place | * a276c595c3 fat: fix uninitialized field in nostale filehandles | * 83a2275f9d bounds: support non-power-of-two CONFIG_NR_CPUS | * 96661f8c3d block: Clear zone limits for a non-zoned stacked queue | * 6b4bb49e34 block: introduce zone_write_granularity limit | * 0eb348f4d7 ext4: correct best extent lstart adjustment logic | * 8f5dfcbf96 selftests/mqueue: Set timeout to 180 seconds | * d03092550f crypto: qat - resolve race condition during AER recovery | * 02fa834fb4 crypto: qat - fix double free during reset | * 6796844c05 sparc: vDSO: fix return value of __setup handler | * 308b721d69 sparc64: NMI watchdog: fix return value of __setup handler | * f8730d6335 KVM: Always flush async #PF workqueue when vCPU is being destroyed | * 7936e5c8da media: xc4000: Fix atomicity violation in xc4000_get_frequency | * c45e53c27b serial: max310x: fix NULL pointer dereference in I2C instantiation | * c560327d90 drm/vmwgfx: Fix possible null pointer derefence with invalid contexts | * 675ebda69c drm/vmwgfx: Fix some static checker warnings | * dc7cd107ce drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' | * b6fc792bf8 drm/vmwgfx: switch over to the new pin interface v2 | * 1502b87c65 drm/vmwgfx: stop using ttm_bo_create v2 | * 7f0de642ac arm: dts: marvell: Fix maxium->maxim typo in brownstone dts | * fbda83d03f smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() | * a354d9e3b6 smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() | * 1c18c1541f clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd | * b3afaa407d media: staging: ipu3-imgu: Set fields before media_entity_pads_init() | * bacb8c3ab8 wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach | * d8166e8adb timers: Rename del_timer_sync() to timer_delete_sync() | * fa576cdd4d timers: Use del_timer_sync() even on UP | * 127dbb3d8b timers: Update kernel-doc for various functions | * 6487fb01b7 x86/bugs: Use sysfs_emit() | * d3084b0309 x86/cpu: Support AMD Automatic IBRS | * 2c1a504931 Documentation/hw-vuln: Update spectre doc | * fcbd99b3c7 amdkfd: use calloc instead of kzalloc to avoid integer overflow * e9b3e47f65 Merge branch 'android12-5.10' into branch 'android12-5.10-lts' Change-Id: If920bf57647a5b27994daf5704a4cb27f1d651bb Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-07-20 13:37:42 +00:00
Greg Kroah-Hartman	875057880e	This is the 5.10.222 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmaY9zYACgkQONu9yGCS aT6v5g//WMifSZz85CUFaqgs65rwVfhTMpYtUeL5LiDuy+SMou6ViV3A93FpTkmj FJBvrr2y0bn8Y5Dp/fwYj10XUz+THZte/yEVnPh/NkV107FZD3fKa6GTnJY7H/XY 4SoOGfPB4yfx+MpN6ZpLsu4cAt6FW8P+QfKOxBEboGkJSGpjEbGYFMtyZAMjknia QE8cKQ3LnMrQzHIizil5dZVlYaiMgJtlKTtUeVI1ixmaGDb3rCsnCVvMRvZnW95V aSgyJNrNix7a5tRgYwZHZp4t3p9iT2lyIFM3/y7TKcglVCMPw4nbsDdLNNq11qrk RdTdScR+9eKyJsEGVYOhXZFUFzOgHW22xyx0CCZmDMeu08WPNl4vhGewnndQy3yd 6jdTRYDrU6SQNQ0AjRZXcdmfopIQxetHE7ZEKvbgBW6+u9oySYU8phPCNkma2JWr O2eY5AOF8zgPAdAzvF9Bt/qTlwLNjP0zczoIRX7HSvV03Nh9cQvgzKdSCfuPDU4a FX7mlokgweYa7WoWGPkzOlgMaJZksqstDnhbuwONoMPrNFTUjgm429K87iPdwzqC Yv4uDrpFXgkhfD4Aoks4wDpE2LgBKWz5Wnpo+WW4fjcrXtcIV2tTD9FkMjBv3ECv A8TTWsXxQtm3V54R4h7fAXg9KnZBuIYYDnB2u1317ZdaDkZRuPQ= =X2/A -----END PGP SIGNATURE----- Merge 5.10.222 into android12-5.10-lts Changes in 5.10.222 Compiler Attributes: Add __uninitialized macro drm/lima: fix shared irq handling on driver remove media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() IB/core: Implement a limit on UMAD receive List scsi: qedf: Make qedf_execute_tmf() non-preemptible crypto: aead,cipher - zeroize key buffer after use drm/amdgpu: Initialize timestamp for some legacy SOCs drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id media: dw2102: Don't translate i2c read into write sctp: prefer struct_size over open coded arithmetic firmware: dmi: Stop decoding on broken entry Input: ff-core - prefer struct_size over open coded arithmetic net: dsa: mv88e6xxx: Correct check for empty list media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow i2c: i801: Annotate apanel_addr as __ro_after_init powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n orangefs: fix out-of-bounds fsid access kunit: Fix timeout message powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD jffs2: Fix potential illegal address access in jffs2_free_inode s390/pkey: Wipe sensitive data on failure UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() tcp_metrics: validate source addr length wifi: wilc1000: fix ies_len type in connect path bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest inet_diag: Initialize pad field in struct inet_diag_req_v2 nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries mm: optimize the redundant loop of mm_update_owner_next() mm: avoid overflows in dirty throttling logic Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/amdgpu/atomfirmware: silence UBSAN warning mtd: rawnand: Bypass a couple of sanity checks during NAND identification bnx2x: Fix multiple UBSAN array-index-out-of-bounds bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues ima: Avoid blocking in RCU read-side critical section media: dw2102: fix a potential buffer overflow i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 nvme-multipath: find NUMA path only for online numa-node nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro nvmet: fix a possible leak when destroy a ctrl during qp establishment kbuild: fix short log for AS in link-vmlinux.sh nilfs2: fix incorrect inode allocation from reserved inodes mm: prevent derefencing NULL ptr in pfn_section_valid() filelock: fix potential use-after-free in posix_lock_inode fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading vfs: don't mod negative dentry count when on shrinker list tcp: fix incorrect undo caused by DSACK of TLP retransmit octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() net: lantiq_etop: add blank line after declaration net: ethernet: lantiq_etop: fix double free in detach ppp: reject claimed-as-LCP but actually malformed packets ethtool: netlink: do not return SQI value if link is down udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). net/sched: Fix UAF when resolving a clash s390: Mark psw in __load_psw_mask() as __unitialized ARM: davinci: Convert comma to semicolon octeontx2-af: fix detection of IP layer tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets net: ks8851: Fix potential TX stall after interface reopen USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Fibocom FM350-GL USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add Rolling RW350-GL variants USB: serial: mos7840: fix crash on resume USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor hpet: Support 32-bit userspace nvmem: meson-efuse: Fix return value of nvmem callbacks ALSA: hda/realtek: Enable Mute LED on HP 250 G7 ALSA: hda/realtek: Limit mic boost on VAIO PRO PX libceph: fix race between delayed_work() and ceph_monc_stop() wireguard: allowedips: avoid unaligned 64-bit memory accesses wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk efi: ia64: move IA64-only declarations to new asm/efi.h header ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() bpf: Allow reads from uninit stack nilfs2: fix kernel bug on rename operation of broken directory i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: Add R-Car Gen4 support i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: rcar: clear NO_RXDMA flag after resetting i2c: rcar: fix error code in probe() Linux 5.10.222 Change-Id: I39dedaef039a49c1b8b53dd83b83d481593ffb95 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-07-20 13:33:30 +00:00
Lokesh Gidra	6f61666ab1	ANDROID: userfaultfd: Fix use-after-free in userfaultfd_using_sigbus() ... In 582c6d188ec1 ("ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon"), we allowed userfaultfd registered VMAs using SIGBUS to be handled with SPF. But during page-fault handling, before userfaultfd_ctx is dereferenced, another thread may call userfaultfd_release(), unlink the VMA and then deallocate the same userfaultfd_ctx, leaving a dangling pointer behind for dereference. It is insufficient to do the access under rcu read-lock as the context may have been deallocated before entering the critical section. Checking vma has not changed in the critical section ensures we are not looking at dangling pointer to userfaultfd_ctx. Change-Id: I9c3ba0f1352e49f0ea387b92c18b5f1b5dcad7f1 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 349936398 (cherry picked from commit c75b369e72da0283a20f794c0070c478b490f453)	2024-07-19 16:36:44 +00:00
Kalesh Singh	441ca240dd	ANDROID: 16K: Don't set padding vm_flags on 32-bit archs ... vma_pad_fixup_flags() and is_mergable_pad_vma() were inadvertently affecting the vm_flags on 32-bit arch, making some VMAs not mergable. This causes zygote to crash as the Art GC's heap compaction fails. The compaction depends on mremap() which will fail when operating on a range that spans multiple VMAs [1]. This can happen now due to the incorrect is_mergable_pad_vma() check. Make all the pgsize_migration APIs no-ops in 32-bit architectures, since Android only performs ELF segment extension in 64-bit archs. [1] https://github.com/torvalds/linux/blob/v6.9/mm/mremap.c#L841-L843 Bug: 353667356 Change-Id: Id9b0076ef173d75a4afc85577355d340fce03e65 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> (cherry picked from commit f3437db87063f624f189e1cd38347a971fdd3fa0)	2024-07-18 19:59:13 +00:00
Jan Kara	145faa3d03	Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" ... commit 30139c702048f1097342a31302cbd3d478f50c63 upstream. Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot. Link: https://lkml.kernel.org/r/20240621144017.30993-1-jack@suse.cz Link: https://lkml.kernel.org/r/20240621144246.11148-1-jack@suse.cz Fixes: 9319b647902c ("mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again") Signed-off-by: Jan Kara <jack@suse.cz> Reviewed-By: Zach O'Keefe <zokeefe@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-07-18 13:05:43 +02:00
Jan Kara	7a49389771	mm: avoid overflows in dirty throttling logic ... commit 385d838df280eba6c8680f9777bfa0d0bfe7e8b2 upstream. The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB. Link: https://lkml.kernel.org/r/20240621144246.11148-2-jack@suse.cz Signed-off-by: Jan Kara <jack@suse.cz> Reported-by: Zach O'Keefe <zokeefe@google.com> Reviewed-By: Zach O'Keefe <zokeefe@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-07-18 13:05:42 +02:00
Greg Kroah-Hartman	88eb084d18	Revert "Merge 5.10.220 into android12-5.10-lts" ... This reverts commit 87a7f35a24, reversing changes made to 640645c85b. 5.10.220 is a bunch of vfs and nfs changes that are not needed in Android systems, so revert the whole lot all at once, except for the version number bump. Change-Id: If28dc2231f27d326d3730716f23545dd0a2cdc75 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-07-16 16:33:14 +00:00
Greg Kroah-Hartman	87a7f35a24	Merge 5.10.220 into android12-5.10-lts ... Changes in 5.10.220 SUNRPC: Rename svc_encode_read_payload() NFSD: Invoke svc_encode_result_payload() in "read" NFSD encoders NFSD: A semicolon is not needed after a switch statement. nfsd/nfs3: remove unused macro nfsd3_fhandleres NFSD: Clean up the show_nf_may macro NFSD: Remove extra "0x" in tracepoint format specifier NFSD: Add SPDX header for fs/nfsd/trace.c nfsd: Fix error return code in nfsd_file_cache_init() SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer() SUNRPC: Prepare for xdr_stream-style decoding on the server-side NFSD: Add common helpers to decode void args and encode void results NFSD: Add tracepoints in nfsd_dispatch() NFSD: Add tracepoints in nfsd4_decode/encode_compound() NFSD: Replace the internals of the READ_BUF() macro NFSD: Replace READ* macros in nfsd4_decode_access() NFSD: Replace READ* macros in nfsd4_decode_close() NFSD: Replace READ* macros in nfsd4_decode_commit() NFSD: Change the way the expected length of a fattr4 is checked NFSD: Replace READ* macros that decode the fattr4 size attribute NFSD: Replace READ* macros that decode the fattr4 acl attribute NFSD: Replace READ* macros that decode the fattr4 mode attribute NFSD: Replace READ* macros that decode the fattr4 owner attribute NFSD: Replace READ* macros that decode the fattr4 owner_group attribute NFSD: Replace READ* macros that decode the fattr4 time_set attributes NFSD: Replace READ* macros that decode the fattr4 security label attribute NFSD: Replace READ* macros that decode the fattr4 umask attribute NFSD: Replace READ* macros in nfsd4_decode_fattr() NFSD: Replace READ* macros in nfsd4_decode_create() NFSD: Replace READ* macros in nfsd4_decode_delegreturn() NFSD: Replace READ* macros in nfsd4_decode_getattr() NFSD: Replace READ* macros in nfsd4_decode_link() NFSD: Relocate nfsd4_decode_opaque() NFSD: Add helpers to decode a clientid4 and an NFSv4 state owner NFSD: Add helper for decoding locker4 NFSD: Replace READ* macros in nfsd4_decode_lock() NFSD: Replace READ* macros in nfsd4_decode_lockt() NFSD: Replace READ* macros in nfsd4_decode_locku() NFSD: Replace READ* macros in nfsd4_decode_lookup() NFSD: Add helper to decode NFSv4 verifiers NFSD: Add helper to decode OPEN's createhow4 argument NFSD: Add helper to decode OPEN's openflag4 argument NFSD: Replace READ* macros in nfsd4_decode_share_access() NFSD: Replace READ* macros in nfsd4_decode_share_deny() NFSD: Add helper to decode OPEN's open_claim4 argument NFSD: Replace READ* macros in nfsd4_decode_open() NFSD: Replace READ* macros in nfsd4_decode_open_confirm() NFSD: Replace READ* macros in nfsd4_decode_open_downgrade() NFSD: Replace READ* macros in nfsd4_decode_putfh() NFSD: Replace READ* macros in nfsd4_decode_read() NFSD: Replace READ* macros in nfsd4_decode_readdir() NFSD: Replace READ* macros in nfsd4_decode_remove() NFSD: Replace READ* macros in nfsd4_decode_rename() NFSD: Replace READ* macros in nfsd4_decode_renew() NFSD: Replace READ* macros in nfsd4_decode_secinfo() NFSD: Replace READ* macros in nfsd4_decode_setattr() NFSD: Replace READ* macros in nfsd4_decode_setclientid() NFSD: Replace READ* macros in nfsd4_decode_setclientid_confirm() NFSD: Replace READ* macros in nfsd4_decode_verify() NFSD: Replace READ* macros in nfsd4_decode_write() NFSD: Replace READ* macros in nfsd4_decode_release_lockowner() NFSD: Replace READ* macros in nfsd4_decode_cb_sec() NFSD: Replace READ* macros in nfsd4_decode_backchannel_ctl() NFSD: Replace READ* macros in nfsd4_decode_bind_conn_to_session() NFSD: Add a separate decoder to handle state_protect_ops NFSD: Add a separate decoder for ssv_sp_parms NFSD: Add a helper to decode state_protect4_a NFSD: Add a helper to decode nfs_impl_id4 NFSD: Add a helper to decode channel_attrs4 NFSD: Replace READ* macros in nfsd4_decode_create_session() NFSD: Replace READ* macros in nfsd4_decode_destroy_session() NFSD: Replace READ* macros in nfsd4_decode_free_stateid() NFSD: Replace READ* macros in nfsd4_decode_getdeviceinfo() NFSD: Replace READ* macros in nfsd4_decode_layoutcommit() NFSD: Replace READ* macros in nfsd4_decode_layoutget() NFSD: Replace READ* macros in nfsd4_decode_layoutreturn() NFSD: Replace READ* macros in nfsd4_decode_secinfo_no_name() NFSD: Replace READ* macros in nfsd4_decode_sequence() NFSD: Replace READ* macros in nfsd4_decode_test_stateid() NFSD: Replace READ* macros in nfsd4_decode_destroy_clientid() NFSD: Replace READ* macros in nfsd4_decode_reclaim_complete() NFSD: Replace READ* macros in nfsd4_decode_fallocate() NFSD: Replace READ* macros in nfsd4_decode_nl4_server() NFSD: Replace READ* macros in nfsd4_decode_copy() NFSD: Replace READ* macros in nfsd4_decode_copy_notify() NFSD: Replace READ* macros in nfsd4_decode_offload_status() NFSD: Replace READ* macros in nfsd4_decode_seek() NFSD: Replace READ* macros in nfsd4_decode_clone() NFSD: Replace READ* macros in nfsd4_decode_xattr_name() NFSD: Replace READ* macros in nfsd4_decode_setxattr() NFSD: Replace READ* macros in nfsd4_decode_listxattrs() NFSD: Make nfsd4_ops::opnum a u32 NFSD: Replace READ* macros in nfsd4_decode_compound() NFSD: Remove macros that are no longer used nfsd: only call inode_query_iversion in the I_VERSION case nfsd: simplify nfsd4_change_info nfsd: minor nfsd4_change_attribute cleanup nfsd4: don't query change attribute in v2/v3 case Revert "nfsd4: support change_attr_type attribute" nfsd: add a new EXPORT_OP_NOWCC flag to struct export_operations nfsd: allow filesystems to opt out of subtree checking nfsd: close cached files prior to a REMOVE or RENAME that would replace target exportfs: Add a function to return the raw output from fh_to_dentry() nfsd: Fix up nfsd to ensure that timeout errors don't result in ESTALE nfsd: Set PF_LOCAL_THROTTLE on local filesystems only nfsd: Record NFSv4 pre/post-op attributes as non-atomic exec: Don't open code get_close_on_exec exec: Move unshare_files to fix posix file locking during exec exec: Simplify unshare_files exec: Remove reset_files_struct kcmp: In kcmp_epoll_target use fget_task bpf: In bpf_task_fd_query use fget_task proc/fd: In proc_fd_link use fget_task Revert "fget: clarify and improve __fget_files() implementation" file: Rename __fcheck_files to files_lookup_fd_raw file: Factor files_lookup_fd_locked out of fcheck_files file: Replace fcheck_files with files_lookup_fd_rcu file: Rename fcheck lookup_fd_rcu file: Implement task_lookup_fd_rcu proc/fd: In tid_fd_mode use task_lookup_fd_rcu kcmp: In get_file_raw_ptr use task_lookup_fd_rcu file: Implement task_lookup_next_fd_rcu proc/fd: In proc_readfd_common use task_lookup_next_fd_rcu proc/fd: In fdinfo seq_show don't use get_files_struct file: Merge __fd_install into fd_install file: In f_dupfd read RLIMIT_NOFILE once. file: Merge __alloc_fd into alloc_fd file: Rename __close_fd to close_fd and remove the files parameter file: Replace ksys_close with close_fd inotify: Increase default inotify.max_user_watches limit to 1048576 fs/lockd: convert comma to semicolon NFSD: Fix sparse warning in nfssvc.c NFSD: Restore NFSv4 decoding's SAVEMEM functionality SUNRPC: Make trace_svc_process() display the RPC procedure symbolically SUNRPC: Display RPC procedure names instead of proc numbers SUNRPC: Move definition of XDR_UNIT NFSD: Update GETATTR3args decoder to use struct xdr_stream NFSD: Update ACCESS3arg decoder to use struct xdr_stream NFSD: Update READ3arg decoder to use struct xdr_stream NFSD: Update WRITE3arg decoder to use struct xdr_stream NFSD: Update READLINK3arg decoder to use struct xdr_stream NFSD: Fix returned READDIR offset cookie NFSD: Add helper to set up the pages where the dirlist is encoded NFSD: Update READDIR3args decoders to use struct xdr_stream NFSD: Update COMMIT3arg decoder to use struct xdr_stream NFSD: Update the NFSv3 DIROPargs decoder to use struct xdr_stream NFSD: Update the RENAME3args decoder to use struct xdr_stream NFSD: Update the LINK3args decoder to use struct xdr_stream NFSD: Update the SETATTR3args decoder to use struct xdr_stream NFSD: Update the CREATE3args decoder to use struct xdr_stream NFSD: Update the MKDIR3args decoder to use struct xdr_stream NFSD: Update the SYMLINK3args decoder to use struct xdr_stream NFSD: Update the MKNOD3args decoder to use struct xdr_stream NFSD: Update the NFSv2 GETATTR argument decoder to use struct xdr_stream NFSD: Update the NFSv2 READ argument decoder to use struct xdr_stream NFSD: Update the NFSv2 WRITE argument decoder to use struct xdr_stream NFSD: Update the NFSv2 READLINK argument decoder to use struct xdr_stream NFSD: Add helper to set up the pages where the dirlist is encoded NFSD: Update the NFSv2 READDIR argument decoder to use struct xdr_stream NFSD: Update NFSv2 diropargs decoding to use struct xdr_stream NFSD: Update the NFSv2 RENAME argument decoder to use struct xdr_stream NFSD: Update the NFSv2 LINK argument decoder to use struct xdr_stream NFSD: Update the NFSv2 SETATTR argument decoder to use struct xdr_stream NFSD: Update the NFSv2 CREATE argument decoder to use struct xdr_stream NFSD: Update the NFSv2 SYMLINK argument decoder to use struct xdr_stream NFSD: Remove argument length checking in nfsd_dispatch() NFSD: Update the NFSv2 GETACL argument decoder to use struct xdr_stream NFSD: Add an xdr_stream-based decoder for NFSv2/3 ACLs NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream NFSD: Update the NFSv2 ACL GETATTR argument decoder to use struct xdr_stream NFSD: Update the NFSv2 ACL ACCESS argument decoder to use struct xdr_stream NFSD: Clean up after updating NFSv2 ACL decoders NFSD: Update the NFSv3 GETACL argument decoder to use struct xdr_stream NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream NFSD: Clean up after updating NFSv3 ACL decoders nfsd: remove unused stats counters nfsd: protect concurrent access to nfsd stats counters nfsd: report per-export stats nfsd4: simplify process_lookup1 nfsd: simplify process_lock nfsd: simplify nfsd_renew nfsd: rename lookup_clientid->set_client nfsd: refactor set_client nfsd: find_cpntf_state cleanup nfsd: remove unused set_client argument nfsd: simplify nfsd4_check_open_reclaim nfsd: cstate->session->se_client -> cstate->clp NFSv4_2: SSC helper should use its own config. nfs: use change attribute for NFS re-exports nfsd: skip some unnecessary stats in the v4 case inotify, memcg: account inotify instances to kmemcg module: unexport find_module and module_mutex module: use RCU to synchronize find_module kallsyms: refactor {,module_}kallsyms_on_each_symbol kallsyms: only build {,module_}kallsyms_on_each_symbol when required fs: add file and path permissions helpers namei: introduce struct renamedata NFSD: Extract the svcxdr_init_encode() helper NFSD: Update the GETATTR3res encoder to use struct xdr_stream NFSD: Update the NFSv3 ACCESS3res encoder to use struct xdr_stream NFSD: Update the NFSv3 LOOKUP3res encoder to use struct xdr_stream NFSD: Update the NFSv3 wccstat result encoder to use struct xdr_stream NFSD: Update the NFSv3 READLINK3res encoder to use struct xdr_stream NFSD: Update the NFSv3 READ3res encode to use struct xdr_stream NFSD: Update the NFSv3 WRITE3res encoder to use struct xdr_stream NFSD: Update the NFSv3 CREATE family of encoders to use struct xdr_stream NFSD: Update the NFSv3 RENAMEv3res encoder to use struct xdr_stream NFSD: Update the NFSv3 LINK3res encoder to use struct xdr_stream NFSD: Update the NFSv3 FSSTAT3res encoder to use struct xdr_stream NFSD: Update the NFSv3 FSINFO3res encoder to use struct xdr_stream NFSD: Update the NFSv3 PATHCONF3res encoder to use struct xdr_stream NFSD: Update the NFSv3 COMMIT3res encoder to use struct xdr_stream NFSD: Add a helper that encodes NFSv3 directory offset cookies NFSD: Count bytes instead of pages in the NFSv3 READDIR encoder NFSD: Update the NFSv3 READDIR3res encoder to use struct xdr_stream NFSD: Update NFSv3 READDIR entry encoders to use struct xdr_stream NFSD: Remove unused NFSv3 directory entry encoders NFSD: Reduce svc_rqst::rq_pages churn during READDIR operations NFSD: Update the NFSv2 stat encoder to use struct xdr_stream NFSD: Update the NFSv2 attrstat encoder to use struct xdr_stream NFSD: Update the NFSv2 diropres encoder to use struct xdr_stream NFSD: Update the NFSv2 READLINK result encoder to use struct xdr_stream NFSD: Update the NFSv2 READ result encoder to use struct xdr_stream NFSD: Update the NFSv2 STATFS result encoder to use struct xdr_stream NFSD: Add a helper that encodes NFSv3 directory offset cookies NFSD: Count bytes instead of pages in the NFSv2 READDIR encoder NFSD: Update the NFSv2 READDIR result encoder to use struct xdr_stream NFSD: Update the NFSv2 READDIR entry encoder to use struct xdr_stream NFSD: Remove unused NFSv2 directory entry encoders NFSD: Add an xdr_stream-based encoder for NFSv2/3 ACLs NFSD: Update the NFSv2 GETACL result encoder to use struct xdr_stream NFSD: Update the NFSv2 SETACL result encoder to use struct xdr_stream NFSD: Update the NFSv2 ACL GETATTR result encoder to use struct xdr_stream NFSD: Update the NFSv2 ACL ACCESS result encoder to use struct xdr_stream NFSD: Clean up after updating NFSv2 ACL encoders NFSD: Update the NFSv3 GETACL result encoder to use struct xdr_stream NFSD: Update the NFSv3 SETACL result encoder to use struct xdr_stream NFSD: Clean up after updating NFSv3 ACL encoders NFSD: Add a tracepoint to record directory entry encoding NFSD: Clean up NFSDDBG_FACILITY macro nfsd: helper for laundromat expiry calculations nfsd: Log client tracking type log message as info instead of warning nfsd: Fix typo "accesible" nfsd: COPY with length 0 should copy to end of file nfsd: don't ignore high bits of copy count nfsd: report client confirmation status in "info" file SUNRPC: Export svc_xprt_received() UAPI: nfsfh.h: Replace one-element array with flexible-array member NFSD: Use DEFINE_SPINLOCK() for spinlock fsnotify: allow fsnotify_{peek,remove}_first_event with empty queue Revert "fanotify: limit number of event merge attempts" fanotify: reduce event objectid to 29-bit hash fanotify: mix event info and pid into merge key hash fsnotify: use hash table for faster events merge fanotify: limit number of event merge attempts fanotify: configurable limits via sysfs fanotify: support limited functionality for unprivileged users fanotify_user: use upper_32_bits() to verify mask nfsd: remove unused function nfsd: removed unused argument in nfsd_startup_generic() nfsd: hash nfs4_files by inode number nfsd: track filehandle aliasing in nfs4_files nfsd: reshuffle some code nfsd: grant read delegations to clients holding writes nfsd: Fix fall-through warnings for Clang NFSv4.2: Remove ifdef CONFIG_NFSD from NFSv4.2 client SSC code. NFS: fix nfs_fetch_iversion() fanotify: fix permission model of unprivileged group NFSD: Add an RPC authflavor tracepoint display helper NFSD: Add nfsd_clid_cred_mismatch tracepoint NFSD: Add nfsd_clid_verf_mismatch tracepoint NFSD: Remove trace_nfsd_clid_inuse_err NFSD: Add nfsd_clid_confirmed tracepoint NFSD: Add nfsd_clid_reclaim_complete tracepoint NFSD: Add nfsd_clid_destroyed tracepoint NFSD: Add a couple more nfsd_clid_expired call sites NFSD: Add tracepoints for SETCLIENTID edge cases NFSD: Add tracepoints for EXCHANGEID edge cases NFSD: Constify @fh argument of knfsd_fh_hash() NFSD: Capture every CB state transition NFSD: Drop TRACE_DEFINE_ENUM for NFSD4_CB_<state> macros NFSD: Add cb_lost tracepoint NFSD: Adjust cb_shutdown tracepoint NFSD: Enhance the nfsd_cb_setup tracepoint NFSD: Add an nfsd_cb_lm_notify tracepoint NFSD: Add an nfsd_cb_offload tracepoint NFSD: Replace the nfsd_deleg_break tracepoint NFSD: Add an nfsd_cb_probe tracepoint NFSD: Remove the nfsd_cb_work and nfsd_cb_done tracepoints NFSD: Update nfsd_cb_args tracepoint nfsd: Prevent truncation of an unlinked inode from blocking access to its directory nfsd: move some commit_metadata()s outside the inode lock NFSD add vfs_fsync after async copy is done NFSD: delay unmount source's export after inter-server copy completed. nfsd: move fsnotify on client creation outside spinlock nfsd4: Expose the callback address and state of each NFS4 client nfsd: fix kernel test robot warning in SSC code NFSD: Fix error return code in nfsd4_interssc_connect() nfsd: rpc_peeraddr2str needs rcu lock lockd: Remove stale comments lockd: Create a simplified .vs_dispatch method for NLM requests lockd: Common NLM XDR helpers lockd: Update the NLMv1 void argument decoder to use struct xdr_stream lockd: Update the NLMv1 TEST arguments decoder to use struct xdr_stream lockd: Update the NLMv1 LOCK arguments decoder to use struct xdr_stream lockd: Update the NLMv1 CANCEL arguments decoder to use struct xdr_stream lockd: Update the NLMv1 UNLOCK arguments decoder to use struct xdr_stream lockd: Update the NLMv1 nlm_res arguments decoder to use struct xdr_stream lockd: Update the NLMv1 SM_NOTIFY arguments decoder to use struct xdr_stream lockd: Update the NLMv1 SHARE arguments decoder to use struct xdr_stream lockd: Update the NLMv1 FREE_ALL arguments decoder to use struct xdr_stream lockd: Update the NLMv1 void results encoder to use struct xdr_stream lockd: Update the NLMv1 TEST results encoder to use struct xdr_stream lockd: Update the NLMv1 nlm_res results encoder to use struct xdr_stream lockd: Update the NLMv1 SHARE results encoder to use struct xdr_stream lockd: Update the NLMv4 void arguments decoder to use struct xdr_stream lockd: Update the NLMv4 TEST arguments decoder to use struct xdr_stream lockd: Update the NLMv4 LOCK arguments decoder to use struct xdr_stream lockd: Update the NLMv4 CANCEL arguments decoder to use struct xdr_stream lockd: Update the NLMv4 UNLOCK arguments decoder to use struct xdr_stream lockd: Update the NLMv4 nlm_res arguments decoder to use struct xdr_stream lockd: Update the NLMv4 SM_NOTIFY arguments decoder to use struct xdr_stream lockd: Update the NLMv4 SHARE arguments decoder to use struct xdr_stream lockd: Update the NLMv4 FREE_ALL arguments decoder to use struct xdr_stream lockd: Update the NLMv4 void results encoder to use struct xdr_stream lockd: Update the NLMv4 TEST results encoder to use struct xdr_stream lockd: Update the NLMv4 nlm_res results encoder to use struct xdr_stream lockd: Update the NLMv4 SHARE results encoder to use struct xdr_stream nfsd: remove redundant assignment to pointer 'this' NFSD: Prevent a possible oops in the nfs_dirent() tracepoint nfsd: fix NULL dereference in nfs3svc_encode_getaclres kernel/pid.c: remove static qualifier from pidfd_create() kernel/pid.c: implement additional checks upon pidfd_create() parameters fanotify: minor cosmetic adjustments to fid labels fanotify: introduce a generic info record copying helper fanotify: add pidfd support to the fanotify API fsnotify: replace igrab() with ihold() on attach connector fsnotify: count s_fsnotify_inode_refs for attached connectors fsnotify: count all objects with attached connectors fsnotify: optimize the case of no marks of any type NFSD: Clean up splice actor SUNRPC: Add svc_rqst_replace_page() API NFSD: Batch release pages during splice read NFSD: remove vanity comments sysctl: introduce new proc handler proc_dobool lockd: change the proc_handler for nsm_use_hostnames nlm: minor nlm_lookup_file argument change nlm: minor refactoring lockd: update nlm_lookup_file reexport comment Keep read and write fds with each nlm_file nfs: don't atempt blocking locks on nfs reexports lockd: don't attempt blocking locks on nfs reexports nfs: don't allow reexport reclaims SUNRPC: Add svc_rqst::rq_auth_stat SUNRPC: Set rq_auth_stat in the pg_authenticate() callout SUNRPC: Eliminate the RQ_AUTHERR flag NFS: Add a private local dispatcher for NFSv4 callback operations NFS: Remove unused callback void decoder fsnotify: fix sb_connectors leak NLM: Fix svcxdr_encode_owner() nfsd: Fix a warning for nfsd_file_close_inode fsnotify: pass data_type to fsnotify_name() fsnotify: pass dentry instead of inode data fsnotify: clarify contract for create event hooks fsnotify: Don't insert unmergeable events in hashtable fanotify: Fold event size calculation to its own function fanotify: Split fsid check from other fid mode checks inotify: Don't force FS_IN_IGNORED fsnotify: Add helper to detect overflow_event fsnotify: Add wrapper around fsnotify_add_event fsnotify: Retrieve super block from the data field fsnotify: Protect fsnotify_handle_inode_event from no-inode events fsnotify: Pass group argument to free_event fanotify: Support null inode event in fanotify_dfid_inode fanotify: Allow file handle encoding for unhashed events fanotify: Encode empty file handle when no inode is provided fanotify: Require fid_mode for any non-fd event fsnotify: Support FS_ERROR event type fanotify: Reserve UAPI bits for FAN_FS_ERROR fanotify: Pre-allocate pool of error events fanotify: Support enqueueing of error events fanotify: Support merging of error events fanotify: Wrap object_fh inline space in a creator macro fanotify: Add helpers to decide whether to report FID/DFID fanotify: WARN_ON against too large file handles fanotify: Report fid info for file related file system errors fanotify: Emit generic error info for error event fanotify: Allow users to request FAN_FS_ERROR events SUNRPC: Trace calls to .rpc_call_done NFSD: Optimize DRC bucket pruning NFSD: move filehandle format declarations out of "uapi". NFSD: drop support for ancient filehandles NFSD: simplify struct nfsfh NFSD: Initialize pointer ni with NULL and not plain integer 0 NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() SUNRPC: Replace the "__be32 *p" parameter to .pc_decode SUNRPC: Change return value type of .pc_decode NFSD: Save location of NFSv4 COMPOUND status SUNRPC: Replace the "__be32 *p" parameter to .pc_encode SUNRPC: Change return value type of .pc_encode nfsd: update create verifier comment NFSD:fix boolreturn.cocci warning nfsd4: remove obselete comment NFSD: Fix exposure in nfsd4_decode_bitmap() NFSD: Fix READDIR buffer overflow fsnotify: clarify object type argument fsnotify: separate mark iterator type from object type enum fanotify: introduce group flag FAN_REPORT_TARGET_FID fsnotify: generate FS_RENAME event with rich information fanotify: use macros to get the offset to fanotify_info buffer fanotify: use helpers to parcel fanotify_info buffer fanotify: support secondary dir fh and name in fanotify_info fanotify: record old and new parent and name in FAN_RENAME event fanotify: record either old name new name or both for FAN_RENAME fanotify: report old and/or new parent+name in FAN_RENAME event fanotify: wire up FAN_RENAME event exit: Implement kthread_exit exit: Rename module_put_and_exit to module_put_and_kthread_exit NFSD: Fix sparse warning NFSD: handle errors better in write_ports_addfd() SUNRPC: change svc_get() to return the svc. SUNRPC/NFSD: clean up get/put functions. SUNRPC: stop using ->sv_nrthreads as a refcount nfsd: make nfsd_stats.th_cnt atomic_t SUNRPC: use sv_lock to protect updates to sv_nrthreads. NFSD: narrow nfsd_mutex protection in nfsd thread NFSD: Make it possible to use svc_set_num_threads_sync SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NFSD: simplify locking for network notifier. lockd: introduce nlmsvc_serv lockd: simplify management of network status notifiers lockd: move lockd_start_svc() call into lockd_create_svc() lockd: move svc_exit_thread() into the thread lockd: introduce lockd_put() lockd: rename lockd_create_svc() to lockd_get() SUNRPC: move the pool_map definitions (back) into svc.c SUNRPC: always treat sv_nrpools==1 as "not pooled" lockd: use svc_set_num_threads() for thread start and stop NFS: switch the callback service back to non-pooled. NFSD: Remove be32_to_cpu() from DRC hash function NFSD: Fix inconsistent indenting NFSD: simplify per-net file cache management NFSD: Combine XDR error tracepoints nfsd: improve stateid access bitmask documentation NFSD: De-duplicate nfsd4_decode_bitmap4() nfs: block notification on fs with its own ->lock nfsd4: add refcount for nfsd4_blocked_lock NFSD: Fix zero-length NFSv3 WRITEs nfsd: map EBADF nfsd: Add errno mapping for EREMOTEIO nfsd: Retry once in nfsd_open on an -EOPENSTALE return NFSD: Clean up nfsd_vfs_write() NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() NFSD: Write verifier might go backwards NFSD: Clean up the nfsd_net::nfssvc_boot field NFSD: Rename boot verifier functions NFSD: Trace boot verifier resets Revert "nfsd: skip some unnecessary stats in the v4 case" NFSD: Move fill_pre_wcc() and fill_post_wcc() nfsd: fix crash on COPY_NOTIFY with special stateid fanotify: remove variable set but not used lockd: fix server crash on reboot of client holding lock lockd: fix failure to cleanup client locks NFSD: Fix the behavior of READ near OFFSET_MAX NFSD: Fix ia_size underflow NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes NFSD: COMMIT operations must not return NFS?ERR_INVAL NFSD: Deprecate NFS_OFFSET_MAX nfsd: Add support for the birth time attribute NFSD: De-duplicate hash bucket indexing NFSD: Skip extra computation for RC_NOCACHE case NFSD: Streamline the rare "found" case SUNRPC: Remove the .svo_enqueue_xprt method SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() SUNRPC: Remove svo_shutdown method SUNRPC: Rename svc_create_xprt() SUNRPC: Rename svc_close_xprt() SUNRPC: Remove svc_shutdown_net() NFSD: Remove svc_serv_ops::svo_module NFSD: Move svc_serv_ops::svo_function into struct svc_serv NFSD: Remove CONFIG_NFSD_V3 NFSD: Clean up _lm_ operation names nfsd: fix using the correct variable for sizeof() fsnotify: fix merge with parent's ignored mask fsnotify: optimize FS_MODIFY events with no ignored masks fsnotify: remove redundant parameter judgment SUNRPC: Return true/false (not 1/0) from bool functions nfsd: Fix a write performance regression nfsd: Clean up nfsd_file_put() fanotify: do not allow setting dirent events in mask of non-dir fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. inotify: move control flags from mask to mark flags fsnotify: pass flags argument to fsnotify_alloc_group() fsnotify: make allow_dups a property of the group fsnotify: create helpers for group mark_mutex lock inotify: use fsnotify group lock helpers nfsd: use fsnotify group lock helpers dnotify: use fsnotify group lock helpers fsnotify: allow adding an inode mark without pinning inode fanotify: create helper fanotify_mark_user_flags() fanotify: factor out helper fanotify_mark_update_flags() fanotify: implement "evictable" inode marks fanotify: use fsnotify group lock helpers fanotify: enable "evictable" inode marks fsnotify: introduce mark type iterator fsnotify: consistent behavior for parent not watching children fanotify: fix incorrect fmode_t casts NFSD: Clean up nfsd_splice_actor() NFSD: add courteous server support for thread with only delegation NFSD: add support for share reservation conflict to courteous server NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd fs/lock: add helper locks_owner_has_blockers to check for blockers fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict NFSD: add support for lock conflict to courteous server NFSD: Show state of courtesy client in client info NFSD: Clean up nfsd3_proc_create() NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() NFSD: Refactor nfsd_create_setattr() NFSD: Refactor NFSv3 CREATE NFSD: Refactor NFSv4 OPEN(CREATE) NFSD: Remove do_nfsd_create() NFSD: Clean up nfsd_open_verified() NFSD: Instantiate a struct file when creating a regular NFSv4 file NFSD: Remove dprintk call sites from tail of nfsd4_open() NFSD: Fix whitespace NFSD: Move documenting comment for nfsd4_process_open2() NFSD: Trace filecache opens NFSD: Clean up the show_nf_flags() macro SUNRPC: Use RMW bitops in single-threaded hot paths nfsd: Unregister the cld notifier when laundry_wq create failed nfsd: Fix null-ptr-deref in nfsd_fill_super() nfsd: destroy percpu stats counters after reply cache shutdown NFSD: Modernize nfsd4_release_lockowner() NFSD: Add documenting comment for nfsd4_release_lockowner() NFSD: nfsd_file_put() can sleep NFSD: Fix potential use-after-free in nfsd_file_put() SUNRPC: Optimize xdr_reserve_space() fanotify: refine the validation checks on non-dir inode mask NFS: restore module put when manager exits. NFSD: Decode NFSv4 birth time attribute lockd: set fl_owner when unlocking files lockd: fix nlm_close_files fs: inotify: Fix typo in inotify comment fanotify: prepare for setting event flags in ignore mask fanotify: cleanups for fanotify_mark() input validations fanotify: introduce FAN_MARK_IGNORE fsnotify: Fix comment typo nfsd: eliminate the NFSD_FILE_BREAK_* flags SUNRPC: Fix xdr_encode_bool() NLM: Defend against file_lock changes after vfs_test_lock() NFSD: Fix space and spelling mistake nfsd: remove redundant assignment to variable len NFSD: Demote a WARN to a pr_warn() NFSD: Report filecache LRU size NFSD: Report count of calls to nfsd_file_acquire() NFSD: Report count of freed filecache items NFSD: Report average age of filecache items NFSD: Add nfsd_file_lru_dispose_list() helper NFSD: Refactor nfsd_file_gc() NFSD: Refactor nfsd_file_lru_scan() NFSD: Report the number of items evicted by the LRU walk NFSD: Record number of flush calls NFSD: Zero counters when the filecache is re-initialized NFSD: Hook up the filecache stat file NFSD: WARN when freeing an item still linked via nf_lru NFSD: Trace filecache LRU activity NFSD: Leave open files out of the filecache LRU NFSD: Fix the filecache LRU shrinker NFSD: Never call nfsd_file_gc() in foreground paths NFSD: No longer record nf_hashval in the trace log NFSD: Remove lockdep assertion from unhash_and_release_locked() NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode NFSD: Refactor __nfsd_file_close_inode() NFSD: nfsd_file_hash_remove can compute hashval NFSD: Remove nfsd_file::nf_hashval NFSD: Replace the "init once" mechanism NFSD: Set up an rhashtable for the filecache NFSD: Convert the filecache to use rhashtable NFSD: Clean up unused code after rhashtable conversion NFSD: Separate tracepoints for acquire and create NFSD: Move nfsd_file_trace_alloc() tracepoint NFSD: NFSv4 CLOSE should release an nfsd_file immediately NFSD: Ensure nf_inode is never dereferenced NFSD: refactoring v4 specific code to a helper in nfs4state.c NFSD: keep track of the number of v4 clients in the system NFSD: limit the number of v4 clients to 1024 per 1GB of system memory nfsd: silence extraneous printk on nfsd.ko insertion NFSD: Optimize nfsd4_encode_operation() NFSD: Optimize nfsd4_encode_fattr() NFSD: Clean up SPLICE_OK in nfsd4_encode_read() NFSD: Add an nfsd4_read::rd_eof field NFSD: Optimize nfsd4_encode_readv() NFSD: Simplify starting_len NFSD: Use xdr_pad_size() NFSD: Clean up nfsd4_encode_readlink() NFSD: Fix strncpy() fortify warning NFSD: nfserrno(-ENOMEM) is nfserr_jukebox NFSD: Shrink size of struct nfsd4_copy_notify NFSD: Shrink size of struct nfsd4_copy NFSD: Reorder the fields in struct nfsd4_op NFSD: Make nfs4_put_copy() static NFSD: Replace boolean fields in struct nfsd4_copy NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) NFSD: Refactor nfsd4_do_copy() NFSD: Remove kmalloc from nfsd4_do_async_copy() NFSD: Add nfsd4_send_cb_offload() NFSD: Move copy offload callback arguments into a separate structure NFSD: drop fh argument from alloc_init_deleg NFSD: verify the opened dentry after setting a delegation NFSD: introduce struct nfsd_attrs NFSD: set attributes when creating symlinks NFSD: add security label to struct nfsd_attrs NFSD: add posix ACLs to struct nfsd_attrs NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NFSD: always drop directory lock in nfsd_unlink() NFSD: only call fh_unlock() once in nfsd_link() NFSD: reduce locking in nfsd_lookup() NFSD: use explicit lock/unlock for directory ops NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NFSD: discard fh_locked flag and fh_lock/fh_unlock lockd: detect and reject lock arguments that overflow NFSD: fix regression with setting ACLs. nfsd_splice_actor(): handle compound pages NFSD: move from strlcpy with unused retval to strscpy lockd: move from strlcpy with unused retval to strscpy NFSD enforce filehandle check for source file in COPY NFSD: remove redundant variable status nfsd: Avoid some useless tests nfsd: Propagate some error code returned by memdup_user() NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND NFSD: Protect against send buffer overflow in NFSv2 READDIR NFSD: Protect against send buffer overflow in NFSv3 READDIR NFSD: Protect against send buffer overflow in NFSv2 READ NFSD: Protect against send buffer overflow in NFSv3 READ NFSD: drop fname and flen args from nfsd_create_locked() NFSD: Fix handling of oversized NFSv4 COMPOUND requests nfsd: clean up mounted_on_fileid handling nfsd: remove nfsd4_prepare_cb_recall() declaration NFSD: Add tracepoints to report NFSv4 callback completions NFSD: Add a mechanism to wait for a DELEGRETURN NFSD: Refactor nfsd_setattr() NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY NFSD: keep track of the number of courtesy clients in the system NFSD: add shrinker to reap courtesy clients on low memory condition SUNRPC: Parametrize how much of argsize should be zeroed NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing NFSD: Refactor common code out of dirlist helpers NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks NFSD: Clean up WRITE arg decoders NFSD: Clean up nfs4svc_encode_compoundres() NFSD: Remove "inline" directives on op_rsize_bop helpers NFSD: Remove unused nfsd4_compoundargs::cachetype field NFSD: Pack struct nfsd4_compoundres nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops NFSD: Rename the fields in copy_stateid_t NFSD: Cap rsize_bop result based on send buffer size nfsd: only fill out return pointer on success in nfsd4_lookup_stateid nfsd: fix comments about spinlock handling with delegations nfsd: make nfsd4_run_cb a bool return function nfsd: extra checks when freeing delegation stateids fs/notify: constify path fsnotify: remove unused declaration fanotify: Remove obsoleted fanotify_event_has_path() nfsd: fix nfsd_file_unhash_and_dispose nfsd: rework hashtable handling in nfsd_do_file_acquire NFSD: unregister shrinker when nfsd_init_net() fails nfsd: fix net-namespace logic in __nfsd_file_cache_purge nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint nfsd: put the export reference in nfsd4_verify_deleg_dentry NFSD: Fix reads with a non-zero offset that don't end on a page boundary filelock: add a new locks_inode_context accessor function lockd: use locks_inode_context helper nfsd: use locks_inode_context helper NFSD: Simplify READ_PLUS NFSD: Remove redundant assignment to variable host_err NFSD: Finish converting the NFSv2 GETACL result encoder NFSD: Finish converting the NFSv3 GETACL result encoder nfsd: ignore requests to disable unsupported versions nfsd: move nfserrno() to vfs.c nfsd: allow disabling NFSv2 at compile time exportfs: use pr_debug for unreachable debug statements NFSD: Pass the target nfsd_file to nfsd_commit() NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection NFSD: Flesh out a documenting comment for filecache.c NFSD: Clean up nfs4_preprocess_stateid_op() call sites NFSD: Trace stateids returned via DELEGRETURN NFSD: Trace delegation revocations NFSD: Use const pointers as parameters to fh_ helpers NFSD: Update file_hashtbl() helpers NFSD: Clean up nfsd4_init_file() NFSD: Add a nfsd4_file_hash_remove() helper NFSD: Clean up find_or_add_file() NFSD: Refactor find_file() NFSD: Use rhashtable for managing nfs4_file objects NFSD: Fix licensing header in filecache.c nfsd: remove the pages_flushed statistic from filecache nfsd: reorganize filecache.c nfsd: fix up the filecache laundrette scheduling NFSD: Add an nfsd_file_fsync tracepoint lockd: set other missing fields when unlocking files nfsd: return error if nfs4_setacl fails NFSD: Use struct_size() helper in alloc_session() lockd: set missing fl_flags field when retrieving args lockd: ensure we use the correct file descriptor when unlocking lockd: fix file selection in nlmsvc_cancel_blocked NFSD: pass range end to vfs_fsync_range() instead of count NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker NFSD: add support for sending CB_RECALL_ANY NFSD: add delegation reaper to react to low memory condition NFSD: Use only RQ_DROPME to signal the need to drop a reply NFSD: Avoid clashing function prototypes nfsd: rework refcounting in filecache nfsd: fix handling of cached open files in nfsd4_open codepath Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" NFSD: Use set_bit(RQ_DROPME) NFSD: fix use-after-free in nfsd4_ssc_setup_dul() NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time NFSD: replace delayed_work with work_struct for nfsd_client_shrinker nfsd: don't free files unconditionally in __nfsd_file_cache_purge nfsd: don't destroy global nfs4_file table in per-net shutdown NFSD: enhance inter-server copy cleanup nfsd: allow nfsd_file_get to sanely handle a NULL pointer nfsd: clean up potential nfsd_file refcount leaks in COPY codepath NFSD: fix leaked reference count of nfsd4_ssc_umount_item nfsd: don't hand out delegation on setuid files being opened for write NFSD: fix problems with cleanup on errors in nfsd4_copy nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open nfsd: don't fsync nfsd_files on last close NFSD: copy the whole verifier in nfsd_copy_write_verifier NFSD: Protect against filesystem freezing lockd: set file_lock start and end when decoding nlm4 testargs nfsd: don't replace page in rq_pages if it's a continuation of last page NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL nfsd: call op_release, even when op_func returns an error nfsd: don't open-code clear_and_wake_up_bit nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator nfsd: don't kill nfsd_files because of lease break error nfsd: add some comments to nfsd_file_do_acquire nfsd: don't take/put an extra reference when putting a file nfsd: update comment over __nfsd_file_cache_purge nfsd: allow reaping files still under writeback NFSD: Convert filecache to rhltable nfsd: simplify the delayed disposal list code NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop nfsd: make a copy of struct iattr before calling notify_change nfsd: fix double fget() bug in __write_ports_addfd() lockd: drop inappropriate svc_get() from locked_get() NFSD: Add an nfsd4_encode_nfstime4() helper nfsd: Fix creation time serialization order nfsd: don't allow nfsd threads to be signalled. nfsd: Simplify code around svc_exit_thread() call in nfsd() nfsd: separate nfsd_last_thread() from nfsd_put() Documentation: Add missing documentation for EXPORT_OP flags NFSD: fix possible oops when nfsd/pool_stats is closed. nfsd: call nfsd_last_thread() before final nfsd_put() nfsd: drop the nfsd_put helper nfsd: fix RELEASE_LOCKOWNER nfsd: don't take fi_lock in nfsd_break_deleg_cb() nfsd: don't call locks_release_private() twice concurrently nfsd: Fix a regression in nfsd_setattr() Linux 5.10.220 Change-Id: I589ec5e63d1f985ab69f9755b9a87330627d44c5 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-07-16 15:58:54 +00:00
Greg Kroah-Hartman	b07354bd32	Merge tag 'android12-5.10.214_r00' into android12-5.10 ... This catches the android12-5.10 branch up to the 5.10.214 LTS release. Included in here are the following commits: * ca0eb54113 ANDROID: cpufreq: brcmstb-avs-cpufreq: fix build error * 8215d23ef6 Revert "remoteproc: Add new get_loaded_rsc_table() to rproc_ops" * 453106487d Revert "remoteproc: stm32: Move resource table setup to rproc_ops" * 14fe873d43 Revert "remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef" * 7cb2a3c384 Revert "remoteproc: stm32: fix phys_addr_t format string" * a626900b07 Revert "remoteproc: stm32: use correct format strings on 64-bit" * b05356dd8a Revert "remoteproc: stm32: Fix incorrect type in assignment for va" * f21d21f05e Revert "block: add a new set_read_only method" * 560f181cad Revert "md: implement ->set_read_only to hook into BLKROSET processing" * 2c7d369ecc Revert "md: Don't clear MD_CLOSING when the raid is about to stop" * e2ddf25269 Revert "bpf: Defer the free of inner map when necessary" * 38a24db1c2 Revert "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()" * dd27b89022 Merge 5.10.214 into android12-5.10-lts |\ | * dfa3825910 Linux 5.10.214 | * 5148026b65 remoteproc: stm32: fix phys_addr_t format string | * a943eb8283 regmap: Add missing map->bus check | * bcfcdf1969 spi: spi-mt65xx: Fix NULL pointer access in interrupt handler | * 6c46d680e4 bpf: report RCU QS in cpumap kthread | * aad6bb260b rcu: add a helper to report consolidated flavor QS | * fcf32a5bfc netfilter: nf_tables: do not compare internal table flags on updates | * 096245bb7f ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 | * f205ed8d9e scsi: fc: Update formal FPIN descriptor definitions | * b36b83297f netfilter: nft_set_pipapo: release elements in clone only from destroy path | * 766c2627ac octeontx2-af: Use separate handlers for interrupts | * 8eebff95ce net/bnx2x: Prevent access to a freed page in page_pool | * f6c6ca618e hsr: Handle failures in module init | * 1e1e4316fc rds: introduce acquire/release ordering in acquire/release_in_xmit() | * f87884e0df wireguard: receive: annotate data-race around receiving_counter.counter | * d0ab075e34 net: dsa: mt7530: prevent possible incorrect XTAL frequency selection | * 68e8412031 packet: annotate data-races around ignore_outgoing | * 7fb2d4d6bb hsr: Fix uninit-value access in hsr_get_node() | * cdff6144b0 soc: fsl: dpio: fix kcalloc() argument order | * 76d1394d9b s390/vtime: fix average steal time calculation | * ce061bf4ef octeontx2-af: Use matching wake_up API variant in CGX command interface | * 2ddc931ccc io_uring: don't save/restore iowait state | * ed71e73693 usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin | * 745c27184b staging: greybus: fix get_channel_from_mode() failure path | * a4d503856a serial: 8250_exar: Don't remove GPIO device on suspend | * 864f17c134 rtc: mt6397: select IRQ_DOMAIN instead of depending on it | * 87ddba29e7 kconfig: fix infinite loop when expanding a macro at the end of file | * 1639e9c7a3 tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT | * 1eb9ab1f9f serial: max310x: fix syntax error in IRQ error message | * 6199e1942e tty: vt: fix 20 vs 0x20 typo in EScsiignore | * 40260d0649 remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef | * 0dd5b63ae2 remoteproc: stm32: Fix incorrect type in assignment for va | * f0b0a4de78 remoteproc: stm32: use correct format strings on 64-bit | * 9d057eacf8 remoteproc: stm32: Move resource table setup to rproc_ops | * 7b95472049 remoteproc: Add new get_loaded_rsc_table() to rproc_ops | * 1d7e9bc40a remoteproc: stm32: Constify st_rproc_ops | * b94f434fe9 afs: Revert "afs: Hide silly-rename files from userspace" | * b8c52f7d08 NFS: Fix an off by one in root_nfs_cat() | * 32903ecf21 watchdog: stm32_iwdg: initialize default timeout | * 916ee6deae NFSv4.2: fix listxattr maximum XDR buffer size | * 4403438eac NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 | * 84ec5c0a7f net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() | * a2b74f35ee scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn | * 11adfabee1 RDMA/device: Fix a race between mad_client and cm_client init | * 3ac85382bc scsi: csiostor: Avoid function pointer casts | * 6370d070e2 f2fs: compress: fix to check unreleased compressed cluster | * bdd895e019 RDMA/srpt: Do not register event handler until srpt device is fully setup | * 5cd466673b ALSA: usb-audio: Stop parsing channels bits when all channels are found. | * 4266f6e726 ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops | * 239174535d clk: Fix clk_core_get NULL dereference | * e55a601463 sparc32: Fix section mismatch in leon_pci_grpci | * 6ec49d0790 backlight: lp8788: Fully initialize backlight_properties during probe | * ad70a7888e backlight: lm3639: Fully initialize backlight_properties during probe | * f3bd1e36f0 backlight: da9052: Fully initialize backlight_properties during probe | * f58ce2bed9 backlight: lm3630a: Don't set bl->props.brightness in get_brightness | * fc43d668c9 backlight: lm3630a: Initialize backlight_properties on init | * 97b397aa3f leds: sgm3140: Add missing timer cleanup and flash gpio control | * b9040d5746 leds: aw2013: Unlock mutex before destroying it | * 72f9bf6ddb powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. | * cfb3a57e7b drm/msm/dpu: add division of drm_display_mode's hskew parameter | * fd639cb8fa powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks | * 4688be96d2 drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip | * 6c5a15622e media: mediatek: vcodec: avoid -Wcast-function-type-strict warning | * 910363473e media: ttpci: fix two memleaks in budget_av_attach | * b49fe84c6c media: go7007: fix a memleak in go7007_load_encoder | * fb07104a02 media: dvb-frontends: avoid stack overflow warnings with clang | * ab896d93fd media: pvrusb2: fix uaf in pvr2_context_set_notify | * 1c5620f99a drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() | * 24d71c7e46 ASoC: meson: axg-tdm-interface: add frame rate constraint | * 4bc8e7f3a1 ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs | * fe9796edda mtd: rawnand: lpc32xx_mlc: fix irq handler prototype | * 2c8a6d2bef mtd: maps: physmap-core: fix flash size larger than 32-bit | * 858839c64b drm/tidss: Fix initial plane zpos values | * 9e42bebd4b crypto: arm/sha - fix function cast warnings | * 9883ac6894 mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref | * df6924449f mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref | * bd5f2747e3 drm/tegra: put drm_gem_object ref on error in tegra_fb_create | * 2d476959f2 clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() | * 7057b8fa76 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken | * 792e642859 drm/mediatek: dsi: Fix DSI RGB666 formats and definitions | * 85e2d91660 clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times | * 0680a58e2d media: pvrusb2: fix pvr2_stream_callback casts | * 964f45a784 media: pvrusb2: remove redundant NULL check | * 1f8d45cd0e media: go7007: add check of return value of go7007_read_addr() | * 5d9fe604bf media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak | * c753ca1e5a media: sun8i-di: Fix chroma difference threshold | * 6b5791c540 media: sun8i-di: Fix power on/off sequences | * d2f806664c media: sun8i-di: Fix coefficient writes | * 47588154b1 ASoC: meson: t9015: fix function pointer type mismatch | * 3df9cd610b ASoC: meson: aiu: fix function pointer type mismatch | * ac85b84241 ASoC: meson: Use dev_err_probe() helper | * bae8577ea7 perf stat: Avoid metric-only segv | * eca94a4b07 ALSA: seq: fix function cast warnings | * 33a44d8759 drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() | * 89526d7728 perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() | * 8a01335aed crypto: xilinx - call finalize with bh disabled | * 38e61b7511 PCI: switchtec: Fix an error handling path in switchtec_pci_probe() | * ca1cd5605a quota: Fix rcu annotations of inode dquot pointers | * 61380537aa quota: Fix potential NULL pointer dereference | * 00684e9328 quota: simplify drop_dquot_ref() | * 2e005642a6 clk: qcom: reset: Ensure write completion on reset de/assertion | * b30800467c clk: qcom: reset: Commonize the de/assert functions | * 160095aada pinctrl: mediatek: Drop bogus slew rate register range for MT8192 | * 096237039d media: edia: dvbdev: fix a use-after-free | * afd2a82fe3 media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity | * 94303a06e1 media: v4l2-tpg: fix some memleaks in tpg_alloc | * 19cb33fa22 media: em28xx: annotate unchecked call to media_device_register() | * 892d955f8e perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() | * 330caa061a drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' | * ff28893c96 drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' | * 53dea95c23 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd | * 7007354d0c perf record: Fix possible incorrect free in record__switch_output() | * ed2be47b8d PCI/DPC: Print all TLP Prefixes, not just the first | * 610f20e5cf media: tc358743: register v4l2 async device only after successful setup | * 2c58c4dda2 dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA | * f2e80ac934 drm/lima: fix a memleak in lima_heap_alloc | * e0d4850ecd drm/rockchip: lvds: do not print scary message when probing defer | * 375a60fce4 drm/rockchip: lvds: do not overwrite error code | * 2cb881069e drm: Don't treat 0 as -1 in drm_fixp2int_ceil | * fbb37b3977 drm/rockchip: inno_hdmi: Fix video timing | * b7a82cfb85 drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() | * f95401a509 drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() | * 317155c5fa drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() | * 0e8c9283e5 drm/tegra: dsi: Make use of the helper function dev_err_probe() | * 92003981a6 drm/tegra: dsi: Add missing check for of_find_device_by_node | * f89bd27709 dm: call the resume method on internal suspend | * 94a6a9cfbf dm raid: fix false positive for requeue needed during reshape | * 928705e341 nfp: flower: handle acti_netdevs allocation failure | * e9b72f729d net/x25: fix incorrect parameter validation in the x25_getsockopt() function | * 3627f21b9e net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function | * 03c74f548f udp: fix incorrect parameter validation in the udp_lib_getsockopt() function | * b42e564358 l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function | * 5a98fa3332 ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function | * 8693e3cf0c bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument | * 415edd2d66 net/ipv4/ipv6: Replace one-element arraya with flexible-array members | * 7394669d59 net/ipv4: Revert use of struct_size() helper | * 1ebd0d898f net/ipv4: Replace one-element array with flexible-array member | * c805987631 tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function | * 1f6244e995 OPP: debugfs: Fix warning around icc_get_name() | * 6cf2e53315 net: phy: dp83822: Fix RGMII TX delay configuration | * c44a5aa4be net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii | * a352d039ff net: hns3: fix port duplex configure error in IMP reset | * 06dd21045a net: phy: fix phy_get_internal_delay accessing an empty array | * 77fd5294ea net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() | * edcec23634 ipv6: fib6_rules: flush route cache when rule is changed | * 15641007df bpf: Fix stackmap overflow check on 32-bit arches | * 64f00b4df0 bpf: Fix hashtab overflow check on 32-bit arches | * 225da02acd bpf: Fix DEVMAP_HASH overflow check on 32-bit arches | * 70294d8bc3 bpf: Eliminate rlimit-based memory accounting for devmap maps | * 6b4a39acaf sr9800: Add check for usbnet_get_endpoints | * d47e6c1932 Bluetooth: hci_core: Fix possible buffer overflow | * 69d9425b88 Bluetooth: Remove superfluous call to hci_conn_check_pending() | * cbe742db8b igb: Fix missing time sync events | * 02cba67662 igb: move PEROUT and EXTTS isr logic to separate functions | * f873b85ec7 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected | * f858c084eb PCI: Make pci_dev_is_disconnected() helper public for other drivers | * 722c24cddc wifi: rtw88: 8821c: Fix false alarm count | * c55cc63638 mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function | * bb336cd8d5 SUNRPC: fix some memleaks in gssx_dec_option_array | * a4e7ff1a74 x86, relocs: Ignore relocations in .notes section | * 47a429a524 ACPI: scan: Fix device check notification handling | * 5f99b46dce arm64: dts: marvell: reorder crypto interrupts on Armada SoCs | * 46792f9ba3 ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node | * 2d1e515789 ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address | * 23d0549448 ARM: dts: imx6dl-yapp4: Move phy reset into switch node | * 229563e216 ARM: dts: arm: realview: Fix development chip ROM compatible value | * 2478026f94 net: ena: Remove ena_select_queue | * 98d186a142 wifi: brcmsmac: avoid function pointer casts | * fb7601ebf6 iommu/amd: Mark interrupt as managed | * be8c53390a bus: tegra-aconnect: Update dependency to ARCH_TEGRA | * c2a30c81bf ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() | * 5956f4203b wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces | * 115252fc61 wireless: Remove redundant 'flush_workqueue()' calls | * 23278c845a bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly | * c5f2076aaa bpf: Factor out bpf_spin_lock into helpers. | * dfd8a62a10 arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes | * f0dd27314c wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() | * 7d4b47f20f net: blackhole_dev: fix build warning for ethh set but not used | * 918d7f0d3e wifi: iwlwifi: fix EWRD table validity check | * fabe2db7de wifi: iwlwifi: dbg-tlv: ensure NUL termination | * 1bc5461a21 wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete | * bdaf08b472 af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). | * 1524f46376 bpftool: Silence build warning about calloc() | * 926d95eb39 inet_diag: annotate data-races around inet_diag_table[] | * 784412247e sock_diag: annotate data-races around sock_diag_handlers[family] | * 9127599c07 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value | * 11824d6a8a wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() | * 5aa586bf80 wifi: wilc1000: fix multi-vif management when deleting a vif | * dddedfa3b2 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work | * b4bbf38c35 wifi: wilc1000: fix RCU usage in connect path | * fd86efb897 wifi: wilc1000: fix declarations ordering | * caa839d40e wifi: b43: Disable QoS for bcm4331 | * 39c915a323 wifi: b43: Stop correct queue in DMA worker when QoS is disabled | * 871788995c wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled | * 49f067726a wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled | * e1dc7aa814 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() | * c6fd906c3c timekeeping: Fix cross-timestamp interpolation for non-x86 | * 763a009228 timekeeping: Fix cross-timestamp interpolation corner case decision | * fe90806209 timekeeping: Fix cross-timestamp interpolation on counter wrap | * faf0b4c5e0 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts | * bb567cb5cd md: Don't clear MD_CLOSING when the raid is about to stop | * ab25f7cd49 md: implement ->set_read_only to hook into BLKROSET processing | * 2a0f8202f7 block: add a new set_read_only method | * a0bccba5f5 fs/select: rework stack allocation hack for clang | * 4af837db0f nbd: null check for nla_nest_start | * cde76b3af2 do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak | * cc6ddd6fa9 x86/paravirt: Fix build due to __text_gen_insn() backport | * 0344b12a97 ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll | * cd72f7de5b ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode | * 423d747fa3 ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC | * 442864752b Input: gpio_keys_polled - suppress deferred probe error for gpio | * 020601445f ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet | * 713eaf5c51 firewire: core: use long bus reset on gap count error | * 81d7d920a2 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security | * ba3a55d118 scsi: mpt3sas: Prevent sending diag_reset when the controller is ready | * e30b8525e1 dm-verity, dm-crypt: align "struct bvec_iter" correctly | * 87221877ed block: sed-opal: handle empty atoms when parsing response | * d2e2cb5258 parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check | * 3e0f73be40 net/iucv: fix the allocation size of iucv_path_table array | * 6e4694e65b x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() | * aa64355c45 x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h | * 434a709df1 RDMA/mlx5: Relax DEVX access upon modify commands | * d27c48dc30 RDMA/mlx5: Fix fortify source warning while accessing Eth segment | * 0f9fa4e6b2 gen_compile_commands: fix invalid escape sequence warning | * a8fee6674b HID: multitouch: Add required quirk for Synaptics 0xcddc device | * df14e946ea MIPS: Clear Cause.BD in instruction_pointer_set | * eb279074ba x86/xen: Add some null pointer checking to smp.c | * eddf7e95b8 ASoC: rt5645: Make LattePanda board DMI match more precise | * 8e2113f61d selftests: tls: use exact comparison in recv_partial | * 90c445799f bpf: Defer the free of inner map when necessary | * 93c37f1c63 rcu-tasks: Provide rcu_trace_implies_rcu_gp() | * a6771f343a io_uring: drop any code related to SCM_RIGHTS | * 875f5fed30 io_uring/unix: drop usage of io_uring socket * | 4a3d04deae Revert "regmap: allow to define reg_update_bits for no bus configuration" * | d499d2888d Revert "regmap: Add bulk read/write callbacks into regmap_config" * | 2f6cd4ffaf Revert "serial: max310x: make accessing revision id interface-agnostic" * | 505653748e Revert "serial: max310x: implement I2C support" * | d845bebb84 Revert "serial: max310x: fix IO data corruption in batched operations" * | bbcfe35f4e Revert "geneve: make sure to pull inner header in geneve_rx()" * | 578a3af78b Merge 5.10.213 into android12-5.10-lts |\| | * d35f38551c Linux 5.10.213 | * 738845b022 serial: max310x: fix IO data corruption in batched operations | * 85d7947871 serial: max310x: implement I2C support | * 8082cc992d serial: max310x: make accessing revision id interface-agnostic | * f36ef837a7 regmap: Add bulk read/write callbacks into regmap_config | * 915848be2f regmap: allow to define reg_update_bits for no bus configuration | * 82a62478b9 Drivers: hv: vmbus: Drop error message when 'No request id available' | * 74d83d0fe0 serial: max310x: Unprepare and disable clock in error path | * f610023e67 getrusage: use sig->stats_lock rather than lock_task_sighand() | * 9ca9786820 getrusage: use __for_each_thread() | * 21677f35e1 getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() | * 811415fe76 getrusage: add the "signal_struct *sig" local variable | * 14136bed41 mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE | * 05edf43452 mm/hugetlb: change hugetlb_reserve_pages() to type bool | * 5b10a88f64 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed | * 8f41b33d24 hv_netvsc: use netif_is_bond_master() instead of open code | * 0d54d2240d hv_netvsc: Make netvsc/VF binding check both MAC and serial number | * 3cfee5668b hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove | * 0db98ee09b hv_netvsc: Wait for completion on request SWITCH_DATA_PATH | * cdba035680 hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening | * 2ce3663500 Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening | * 58bf67d524 ext4: convert to exclusive lock while inserting delalloc extents | * 5b69dabd7e ext4: refactor ext4_da_map_blocks() | * b3bca5e8c7 ext4: make ext4_es_insert_extent() return void | * c09ffff246 lsm: fix default return value of the socket_getpeersec_*() hooks | * ea6e87db90 lsm: make security_socket_getpeersec_stream() sockptr_t safe | * a9482f3b48 bpf: net: Change sk_getsockopt() to take the sockptr_t argument | * be155e9466 net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr | * 518ec3da99 serial: max310x: prevent infinite while() loop in port startup | * fe0d16b3a3 serial: max310x: use a separate regmap for each port | * c1ecaadbcd serial: max310x: use regmap methods for SPI batch operations | * 32e32ab1da serial: max310x: Make use of device properties | * c7e9e6d5ee serial: max310x: fail probe if clock crystal is unstable | * c2b9cbf09e serial: max310x: Try to get crystal clock rate from property | * 569154b29a serial: max310x: Use devm_clk_get_optional() to get the input clock | * 696e4112e5 xhci: handle isoc Babble and Buffer Overrun events properly | * fe2322caa0 xhci: process isoc TD properly when there was a transaction error mid TD. | * fa5aaf31e5 xhci: prevent double-fetch of transfer and transfer event TRBs | * 89ed7ebae4 xhci: remove extra loop in interrupt context | * 9c398afd49 um: allow not setting extra rpaths in the linux binary | * c9c3cc6a13 selftests: mm: fix map_hugetlb failure on 64K page size systems | * 1dee72c021 selftests/mm: switch to bash from sh | * bbf950a6e9 netrom: Fix data-races around sysctl_net_busy_read | * cfe0f73fb3 netrom: Fix a data-race around sysctl_netrom_link_fails_count | * b7d33e083f netrom: Fix a data-race around sysctl_netrom_routing_control | * 01d4e3afe2 netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout | * 652b0b3581 netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size | * f3315a6eda netrom: Fix a data-race around sysctl_netrom_transport_busy_delay | * 34c84e0036 netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay | * 34a164d244 netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries | * 291d36d772 netrom: Fix a data-race around sysctl_netrom_transport_timeout | * d1261bde59 netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser | * 18c95d11c3 netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser | * e041df5dc9 netrom: Fix a data-race around sysctl_netrom_default_path_quality | * ccd1108b16 netfilter: nf_conntrack_h323: Add protection for bmp length out of range | * 2b4e7cb7d5 netfilter: nft_ct: fix l3num expectations with inet pseudo family | * 9dfc15a10d net/rds: fix WARNING in rds_conn_connect_if_down | * 5f4e51abfb cpumap: Zero-initialise xdp_rxq_info struct before running XDP program | * 79ce2e54cc net/ipv6: avoid possible UAF in ip6_route_mpath_notify() | * 37fe99016b net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() | * c713790069 geneve: make sure to pull inner header in geneve_rx() | * fdb63c179f tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string | * 71e21eb1f8 i40e: disable NAPI right after disabling irqs when handling xsk_pool | * ad91d5d1b6 ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able | * 336261af04 net: lan78xx: fix runtime PM count underflow on link stop | * 11a3c9f489 lan78xx: Fix race conditions in suspend/resume handling | * 69215f8eda lan78xx: Fix partial packet errors on suspend/resume | * e5d7f43c4c lan78xx: Add missing return code checks | * 061336268e lan78xx: Fix white space and style issues | * 0224cbc53b mmc: mmci: stm32: fix DMA API overlapping mappings warning | * abda366ece mmc: mmci: stm32: use a buffer for unaligned DMA requests * | 52795b4903 Merge 5.10.212 into android12-5.10-lts |\| | * 7cfcd0ed92 Linux 5.10.212 | * f74362a004 mptcp: fix double-free on socket dismantle | * 30d84d87c3 mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG | * 1805131d8f gpio: fix resource unwinding order in error path | * 51f7044d10 gpiolib: Fix the error path order in gpiochip_add_data_with_key() | * 947baae185 gpio: 74x164: Enable output pins after registers are reset | * 80d8522999 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super | * 43eccc5823 cachefiles: fix memory leak in cachefiles_add_cache() | * 2871728127 ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() | * 70e5b01353 mptcp: fix possible deadlock in subflow diag | * 36103f8cb9 x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers | * 7a7cb5266b pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation | * 36b02df0a6 mmc: sdhci-xenon: fix PHY init clock stability | * d3c703c22b mmc: sdhci-xenon: add timeout for PHY init complete | * 3fd14520dd mmc: core: Fix eMMC initialization with 1-bit bus connection | * 9579a21e99 dmaengine: fsl-qdma: init irq after reg initialization | * bb3a06e9b9 dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read | * 2886fe308a btrfs: dev-replace: properly validate device names | * 99eb215968 wifi: nl80211: reject iftype change with mesh ID change | * e668b92a3a gtp: fix use-after-free and null-ptr-deref in gtp_newlink() | * a23ac1788e tomoyo: fix UAF write bug in tomoyo_write_control() | * 8af1c121b0 riscv: Sparse-Memory/vmemmap out-of-bounds fix | * 96370ba395 afs: Fix endless loop in directory parsing | * 14aacfcd73 ALSA: Drop leftover snd-rtctimer stuff from Makefile | * d7acc4a569 power: supply: bq27xxx-i2c: Do not free non existing IRQ | * 537e3f49db efi/capsule-loader: fix incorrect allocation size | * 882a51a10e rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back | * 80fabcd5d1 netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() | * e24acaefdd Bluetooth: Enforce validation on max value of connection interval | * df193568d6 Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST | * 0309b68aea Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR | * 6dd0a9dfa9 Bluetooth: Avoid potential use-after-free in hci_error_reset | * 6782a54e1a net: usb: dm9601: fix wrong return value in dm9601_mdio_read | * c1c7396b57 lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected | * 810fa7d5e5 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() | * 906986fed8 tun: Fix xdp_rxq_info's queue_index when detaching | * 2e95350fe9 net: ip_tunnel: prevent perpetual headroom growth | * f19d1f98e6 netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter | * acd9f6d481 mtd: spinand: gigadevice: Fix the get ecc status issue | * 8e3a867593 mtd: spinand: gigadevice: Support GD5F1GQ5UExxG | * 37077ed16c crypto: virtio/akcipher - Fix stack overflow on memcpy | * bf85def4b6 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names * | 67b086c845 Revert "mptcp: fix lockless access in subflow ULP diag" * | 92a0d7e20f Revert "net: dev: Convert sa_data to flexible array in struct sockaddr" * | bb807b14f3 Revert "arp: Prevent overflow in arp_req_get()." * | 888e5e5b56 Revert "usb: roles: fix NULL pointer issue when put module's reference" * | 72f354f396 Revert "usb: roles: don't get/set_role() when usb_role_switch is unregistered" * | e92b643b4b Merge 5.10.211 into android12-5.10-lts |/ * 9985c44f23 Linux 5.10.211 * 94ebf71bdd ext4: regenerate buddy after block freeing failed if under fc replay * dbc9b22d0e arp: Prevent overflow in arp_req_get(). * ea1cd64d59 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio * bff0a0658e block: ataflop: more blk-mq refactoring fixes * b49b022f7d drm/amd/display: Fix memory leak in dm_sw_fini() * c6551ff227 drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set * 144ec5e1ce drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 * 31ea574aec netfilter: nf_tables: set dormant flag on hook register failure * 31e10d6cb0 tls: stop recv() if initial process_rx_list gave us non-DATA * 7c54eaa3b0 tls: rx: drop pointless else after goto * 4820e84e28 tls: rx: jump to a more appropriate label * 5d4e4eff79 s390: use the correct count for __iowrite64_copy() * f6ce90567e net: dev: Convert sa_data to flexible array in struct sockaddr * c1b447a21a packet: move from strlcpy with unused retval to strscpy * 65c38f23d1 ipv6: sr: fix possible use-after-free and null-ptr-deref * d9b5e2b7a8 afs: Increase buffer size in afs_update_volume_status() * 2f56d71262 ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid * dcc1375d41 ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid * fc30793e06 nouveau: fix function cast warnings * 49ef33a90e scsi: jazz_esp: Only build if SCSI core is builtin * b42b801aba bpf, scripts: Correct GPL license name * a2d1e1f8f0 RDMA/srpt: fix function pointer cast warnings * 905de68fcd arm64: dts: rockchip: set num-cs property for spi on px30 * 5639414a52 RDMA/qedr: Fix qedr_create_user_qp error flow * 5a5c039dac RDMA/srpt: Support specifying the srpt_service_guid parameter * 179bb08834 RDMA/bnxt_re: Return error for SRQ resize * 3fa240bb6b IB/hfi1: Fix a memleak in init_credit_return * 8affdbb3e2 mptcp: fix lockless access in subflow ULP diag * eb3693454b usb: roles: don't get/set_role() when usb_role_switch is unregistered * e279bf8e51 usb: roles: fix NULL pointer issue when put module's reference * 57ca0e16f3 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs * 1e204a8e9e usb: cdns3: fix memory double free when handle zero packet * b40328eea9 usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() * 1dfe6393d1 x86/alternative: Make custom return thunk unconditional * dd1a169b44 Revert "x86/alternative: Make custom return thunk unconditional" * e8e9d1f6cf x86/returnthunk: Allow different return thunks * 4eb421fa71 x86/ftrace: Use alternative RET encoding * b253061d4b x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() * e752912ce1 x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR * c13d426040 Revert "x86/ftrace: Use alternative RET encoding" * 70d92abbe2 ARM: ep93xx: Add terminator to gpiod_lookup_table * dcb4d14268 l2tp: pass correct message length to ip6_append_data * 03366ad111 PCI/MSI: Prevent MSI hardware interrupt number truncation * 2e534fd15e gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() * 6e5069b40f KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() * 615af9cb3e KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler * 3c652f6fa1 dm-crypt: don't modify the data when using authenticated encryption * f6a765a61e s390/cio: fix invalid -EBUSY on ccw_device_start * 3f38d22e64 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error * a0180e940c erofs: fix lz4 inplace decompression * 841b9f6f68 x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() * 6360869cc4 jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint * 69389d82ab jbd2: recheck chechpointing non-dirty buffer * cb1609ef8a jbd2: remove redundant buffer io error checks * 52b9609b89 iwlwifi: mvm: write queue_sync_state only for sync * f5e6da2ca1 iwlwifi: mvm: do more useful queue sync accounting * 87b7d049ce platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC * 6c367739cd lan743x: fix for potential NULL pointer dereference with bare card * a1ccc4f441 btrfs: do not pin logs too early during renames * 16b70511bd btrfs: unify lookup return value when dir entry is missing * fccb8a6109 btrfs: introduce btrfs_lookup_match_dir * aaf2d6b7ec btrfs: tree-checker: check for overlapping extent items * b8034ca2fd task_stack, x86/cea: Force-inline stack helpers * 68ffe3ec19 ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use * edeef1b4fb ASoC: Intel: boards: get codec device with ACPI instead of bus search * 151b360f47 ASoC: Intel: boards: harden codec property handling * 877037eff7 mtd: spinand: macronix: Add support for MX35LFxGE4AD * b6c4a44e89 cifs: add a warning when the in-flight count goes negative * e410dfaaac powerpc/watchpoints: Annotate atomic context in more places * 2641aa3f56 powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions * d021ba1142 block: ataflop: fix breakage introduced at blk-mq refactoring * 1dd3dc3892 seccomp: Invalidate seccomp mode to catch death failures * 7ab8a3bac5 x86/uaccess: Implement macros for CMPXCHG on user addresses * 13f6937f53 hsr: Avoid double remove of a node. * b2e72d88c3 hvc/xen: prevent concurrent accesses to the shared ring * 86ba65e535 media: av7110: prevent underflow in write_ts_to_decoder() * d6e60c53d2 ASoC: fsl_micfil: register platform component before registering cpu dai * de899edac7 ARM: dts: imx: Set default tuning step for imx6sx usdhc * 51582123dd irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable * ef6128a1ba ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger * a4c0234b16 pmdomain: renesas: r8a77980-sysc: CR7 must be always on * 5fe446b245 virtio-blk: Ensure no requests in virtqueues before deleting vqs. * 92a1090b47 firewire: core: send bus reset promptly on gap count error * 6a375022b0 scsi: lpfc: Use unsigned type for num_sge * 7fb1979274 hwmon: (coretemp) Enlarge per package core count limit * 988ae00e69 efi: Don't add memblocks for soft-reserved memory * 4fff3d735b efi: runtime: Fix potential overflow of soft-reserved region size * 865f99f641 Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table * 30a8784572 ext4: correct the hole length returned by ext4_map_blocks() * a72037da4a nvmet-fc: abort command when there is no binding * a0fa157bd4 nvmet-fc: release reference on target port * 5da866be3d nvmet-fcloop: swap the list_add_tail arguments * 4f2c95015e nvme-fc: do not wait in vain when unloading module * f82ed69f6a netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new * da47fc8d30 spi: sh-msiof: avoid integer overflow in constants * 0a840d7984 ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 * 5b33bbeefb nvmet-tcp: fix nvme tcp ida memory leak * d21c122de3 regulator: pwm-regulator: Add validity checks in continuous .get_voltage * c432094aa7 dmaengine: ti: edma: Add some null pointer checks to the edma_probe * ffeb72a80a ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() * 927794a021 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() * 2b39c1a0a8 ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers * 15bb22da0f ahci: asm1166: correct count of reported ports * e94da8aca2 spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected * cd36da760b fbdev: sis: Error out if pixclock equals zero * 512ee6d604 fbdev: savage: Error out if pixclock equals zero * 5ffab99e07 wifi: mac80211: fix race condition on enabling fast-xmit * 7e71fbc68d wifi: cfg80211: fix missing interfaces when dumping * 17c976fe2c dmaengine: fsl-qdma: increase size of 'irq_name' * d94a80da90 dmaengine: shdma: increase size of 'dev_id' * 168ed59170 scsi: target: core: Add TMF to tmr_list handling * e4bc311745 sched/rt: Disallow writing invalid values to sched_rt_period_us * 13c6bce76d sched/rt: Fix sysctl_sched_rr_timeslice intial value * b1ba065137 zonefs: Improve error handling * 19087d70e9 userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb * 18d88bf9c2 sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset * 94b064984a smb: client: fix parsing of SMB3.1.1 POSIX create context * 13fb0fc491 smb: client: fix potential OOBs in smb2_parse_contexts() * b03c8099a7 smb: client: fix OOB in receive_encrypted_standard() * 3fa31e7a9d net/sched: Retire dsmark qdisc * 71925d6863 net/sched: Retire ATM qdisc * 56a6720d9b net/sched: Retire CBQ qdisc Change-Id: Ifcdb2a0a24ed57b62d73c24ab1e6d8918b9c4068 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-06-28 16:12:51 +00:00
Christian Brauner	b0fa673c8c	fs: add file and path permissions helpers ... [ Upstream commit 02f92b3868a1b34ab98464e76b0e4e060474ba10 ] Add two simple helpers to check permissions on a file and path respectively and convert over some callers. It simplifies quite a few codepaths and also reduces the churn in later patches quite a bit. Christoph also correctly points out that this makes codepaths (e.g. ioctls) way easier to follow that would otherwise have to do more complex argument passing than necessary. Link: https://lore.kernel.org/r/20210121131959.646623-4-christian.brauner@ubuntu.com Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Suggested-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: James Morris <jamorris@linux.microsoft.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-06-21 14:52:58 +02:00
Kalesh Singh	93bad8a473	ANDROID: 16K: Only check basename of linker context ... Depending on the platform binary being executed, the linker (interpreter) requested can be one of: 1) /system/bin/bootstrap/linker64 2) /system/bin/linker64 3) /apex/com.android.runtime/bin/linker64 Relax the check to the basename (linker64), instead of the path. Bug: 330767927 Bug: 335584973 Change-Id: I4a1f95b7cecd126f85ad8cefd9ff10d272947f9e Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-06-12 03:25:30 +00:00
Greg Kroah-Hartman	9100d24dfd	This is the 5.10.215 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmYaZdgACgkQONu9yGCS aT4oMxAA0pATFAq8RN5f9CmYlMg5HqHgzZ8lJv8P0/reOINhUa+F5sJb1n+x+Ch4 WQbmiFeZRzfsKZ2qKhIdNR0Lg+9JOr/DtYXdSBZ6InfSWrTAIrQ9fjl5Warkmcgg O4WbgF5BVgU3vGFATgxLvnUZwhR1D7WK93oMDunzrT7+OqyncU3f1Uj53ZAu9030 z18UNqnTxDLYH/CMGwAeRkaZqBev9gZ1HdgQWA27SVLqWQwZq0al81Cmlo+ECVmk 5dF6V2pid4qfKGJjDDfx1NS0PVnoP68iK4By1SXyoFV9VBiSwp77nUUyDr7YsHsT u8GpZHr9jZvSO5/xtKv20NPLejTPCRKc06CbkwpikDRtGOocBL8em0GuVqlf8hMs KwDb6ZEzYhXZGPJHbJM+aRD1tq/KHw9X7TrldOszMQPr6lubBtscPbg1FCg3OlcC HUrtub0i275x7TH0dJeRTD8TRE9jRmF+tl7KQytEJM3JRrquFjLyhDj+/VJnZkiB lzj3FRf4zshzgz4+CAeqXO/8Lu8b3fGYmcW1acCmk7emjDcXUKojPj/Aig6T4l7P oCWDY3+w1E6eiyE8BazxY1KUa/41ld0VJnlW5JWGRaDFTJwrk0h6/rvf9qImSckw IGx24UezRyp6NS1op3Qm2iwHLr41pFRfKxNm9ppgH9iBPzOhe38= =pkLL -----END PGP SIGNATURE----- Merge 5.10.215 into android12-5.10-lts Changes in 5.10.215 amdkfd: use calloc instead of kzalloc to avoid integer overflow Documentation/hw-vuln: Update spectre doc x86/cpu: Support AMD Automatic IBRS x86/bugs: Use sysfs_emit() timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach media: staging: ipu3-imgu: Set fields before media_entity_pads_init() clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() arm: dts: marvell: Fix maxium->maxim typo in brownstone dts drm/vmwgfx: stop using ttm_bo_create v2 drm/vmwgfx: switch over to the new pin interface v2 drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' drm/vmwgfx: Fix some static checker warnings drm/vmwgfx: Fix possible null pointer derefence with invalid contexts serial: max310x: fix NULL pointer dereference in I2C instantiation media: xc4000: Fix atomicity violation in xc4000_get_frequency KVM: Always flush async #PF workqueue when vCPU is being destroyed sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler crypto: qat - fix double free during reset crypto: qat - resolve race condition during AER recovery selftests/mqueue: Set timeout to 180 seconds ext4: correct best extent lstart adjustment logic block: introduce zone_write_granularity limit block: Clear zone limits for a non-zoned stacked queue bounds: support non-power-of-two CONFIG_NR_CPUS fat: fix uninitialized field in nostale filehandles ubifs: Set page uptodate in the correct place ubi: Check for too small LEB size in VTBL code ubi: correct the calculation of fastmap size mtd: rawnand: meson: fix scrambling mode value in command macro parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds PM: suspend: Set mem_sleep_current during kernel command line setup clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays powerpc/fsl: Fix mfpmr build errors with newer binutils USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB USB: serial: add device ID for VeriFone adapter USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M PM: sleep: wakeirq: fix wake irq warning in system suspend mmc: tmio: avoid concurrent runs of mmc_request_done() fuse: fix root lookup with nonzero generation fuse: don't unhash root usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros printk/console: Split out code that enables default console serial: Lock console when calling into driver before registration btrfs: fix off-by-one chunk length calculation at contains_pending_extent() PCI: Drop pci_device_remove() test of pci_dev->driver PCI/PM: Drain runtime-idle callbacks before driver removal PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI: Cache PCIe Device Capabilities register PCI: Work around Intel I210 ROM BAR overlap defect PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" dm-raid: fix lockdep waring in "pers->hot_add_disk" mac802154: fix llsec key resources release in mac802154_llsec_key_del mm: swap: fix race between free_swap_and_cache() and swapoff() mmc: core: Fix switch on gp3 partition drm/etnaviv: Restore some id values hwmon: (amc6821) add of_match table ext4: fix corruption during on-line resize nvmem: meson-efuse: fix function pointer type mismatch slimbus: core: Remove usage of the deprecated ida_simple_xx() API phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Use dev_err_probe() usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic speakup: Fix 8bit characters from direct synth PCI/ERR: Clear AER status only when we control AER PCI/AER: Block runtime suspend when handling errors nfs: fix UAF in direct writes kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 PCI: dwc: endpoint: Fix advertised resizable BAR size vfio/platform: Disable virqfds on cleanup ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock s390/zcrypt: fix reference counting on zcrypt card objects drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() memtest: use {READ,WRITE}_ONCE in memory scanning nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() cpufreq: dt: always allocate zeroed cpumask x86/CPU/AMD: Update the Zenbleed microcode revisions net: hns3: tracing: fix hclgevf trace event strings wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer ahci: asm1064: correct count of reported ports ahci: asm1064: asm1166: don't limit reported ports drm/amd/display: Return the correct HDCP error code drm/amd/display: Fix noise issue on HDMI AV mute dm snapshot: fix lockup in dm_exception_table_exit vxge: remove unnecessary cast in kfree() x86/stackprotector/32: Make the canary into a regular percpu variable x86/pm: Work around false positive kmemleak report in msr_build_context() scripts: kernel-doc: Fix syntax error due to undeclared args variable comedi: comedi_test: Prevent timers rescheduling during deletion cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory xfrm: Avoid clang fortify warning in copy_to_user_tmpl() KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command usb: gadget: ncm: Fix handling of zero block length packets usb: port: Don't try to peer unused USB ports based on location tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID vt: fix unicode buffer corruption when deleting characters fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion tee: optee: Fix kernel panic caused by incorrect error handling xen/events: close evtchn after mapping cleanup printk: Update @console_may_schedule in console_trylock_spinning() btrfs: allocate btrfs_ioctl_defrag_range_args on stack x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests perf/core: Fix reentry problem in perf_output_read_group() efivarfs: Request at most 512 bytes for variable names powerpc: xor_vmx: Add '-mhard-float' to CFLAGS serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO mm/memory-failure: fix an incorrect use of tail pages mm/migrate: set swap entry values of THP tail pages properly. init: open /initrd.image with O_LARGEFILE wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() hexagon: vmlinux.lds.S: handle attributes section mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access net: ll_temac: platform_get_resource replaced by wrong function usb: cdc-wdm: close race between read and workqueue ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs scsi: core: Fix unremoved procfs host directory regression staging: vc04_services: changen strncpy() to strscpy_pad() staging: vc04_services: fix information leak in create_component() USB: core: Add hub_get() and hub_put() routines usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix usb: udc: remove warning when queue disabled ep usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports scsi: lpfc: Correct size for wqe for memset() USB: core: Fix deadlock in usb_deauthorize_interface() nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() tcp: properly terminate timers for kernel sockets ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() bpf: Protect against int overflow for stack access size Octeontx2-af: fix pause frame configuration in GMP mode dm integrity: fix out-of-range warning r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d x86/cpufeatures: Add new word for scattered features Bluetooth: hci_event: set the conn encrypted before conn establishes Bluetooth: Fix TOCTOU in HCI debugfs implementation netfilter: nf_tables: disallow timeout for anonymous sets net/rds: fix possible cp null dereference vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger io_uring: ensure '0' is returned on file registration success Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations x86/srso: Add SRSO mitigation for Hygon processors block: add check that partition length needs to be aligned with block size netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() netfilter: validate user input for expected length vboxsf: Avoid an spurious warning if load_nls_xxx() fails bpf, sockmap: Prevent lock inversion deadlock in map delete elem net/sched: act_skbmod: prevent kernel-infoleak net: stmmac: fix rx queue priority assignment erspan: make sure erspan_base_hdr is present in skb->head selftests: reuseaddr_conflict: add missing new line at the end of the output ipv6: Fix infinite recursion in fib6_dump_done(). udp: do not transition UDP GRO fraglist partial checksums to unnecessary octeontx2-pf: check negative error code in otx2_open() i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Revert "usb: phy: generic: Get the vbus supply" udp: do not accept non-tunnel GSO skbs landing in a tunnel net: ravb: Always process TX descriptor ring arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() s390/entry: align system call table on 8 bytes riscv: Fix spurious errors from __get/put_kernel_nofault x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO mptcp: don't account accept() of non-MPC client as fallback to TCP x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word objtool: Add asm version of STACK_FRAME_NON_STANDARD wifi: ath9k: fix LNA selection in ath_ant_try_scan() VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() panic: Flush kernel log buffer at the end arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node ionic: set adminq irq affinity pstore/zone: Add a null pointer check to the psz_kmsg_read tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Bluetooth: btintel: Fix null ptr deref in btintel_read_version Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs sysv: don't call sb_bread() with pointers_lock held scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() isofs: handle CDs with bad root inode but good Joliet root directory media: sta2x11: fix irq handler cast ext4: add a hint for block bitmap corrupt state in mb_groups ext4: forbid commit inconsistent quota data when errors=remount-ro drm/amd/display: Fix nanosec stat overflow SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" libperf evlist: Avoid out-of-bounds access block: prevent division by zero in blk_rq_stat_sum() RDMA/cm: add timeout to cm_destroy_id wait Input: allocate keycode for Display refresh rate toggle platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet ktest: force $buildonly = 1 for 'make_warnings_file' test type ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment tools: iio: replace seekdir() in iio_generic_buffer usb: typec: tcpci: add generic tcpci fallback compatible usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 drivers/nvme: Add quirks for device 126f:2262 fbmon: prevent division by zero in fb_videomode_from_videomode() netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings drm/i915/gt: Reset queue_priority_hint on parking Bluetooth: btintel: Fixe build regression VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() kbuild: dummy-tools: adjust to stricter stackprotector check scsi: sd: Fix wrong zone_write_granularity value during revalidate x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/head/64: Re-enable stack protection Linux 5.10.215 Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-06-01 11:03:55 +00:00
Greg Kroah-Hartman	e9b3e47f65	Merge branch 'android12-5.10' into branch 'android12-5.10-lts' ... Catch up with the latest android12-5.10 changes into android12-5.10-lts. Included in here are the following commits: * e265882155 ANDROID: Add __nocfi return for swsusp_arch_resume * 028de5c48b BACKPORT: arm64: mm: Make hibernation aware of KFENCE * d615d2d800 Merge tag 'android12-5.10.210_r00' into branch android12-5.10 * 178bf27b97 UPSTREAM: selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior * 9f5f2481c9 ANDROID: kbuild: Search external devicetree path when running clean target * 50b4a2a7e1 ANDROID: kbuild: add support for compiling external device trees * fe033e0b34 ANDROID: usb: gadget: ncm: Introduce vendor opts to deal with ABI breakage * 19eb358ded UPSTREAM: usb: gadget: ncm: Fix endianness of wMaxSegmentSize variable in ecm_desc * 38958820bd UPSTREAM: usb: gadget: ncm: Add support to update wMaxSegmentSize via configfs * 43bb9f846d ANDROID: usb: Optimize the problem of slow transfer rate in USB accessory mode * b2c2d74cae ANDROID: ABI: Update honor symbol list * 33c78af45a ANDROID: add vendor hook in do_read_fault to tune fault_around_bytes * 7fc588d60f FROMGIT: usb: dwc3: Wait unconditionally after issuing EndXfer command * 923b677c93 ANDROID: irq: put irq_resolve_mapping under protection of __irq_enter_raw * 602a22e77a ANDROID: abi_gki_aarch64_qcom: Add clk_restore_context and clk_save_context * b493b35d3a UPSTREAM: usb: gadget: ncm: Fix handling of zero block length packets * c344c3ebe3 UPSTREAM: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs * 626e5dce00 ANDROID: 16K: Fix show maps CFI failure * 09da1d141d ANDROID: 16K: Handle pad VMA splits and merges * 162de86e24 ANDROID: 16K: madvise_vma_pad_pages: Remove filemap_fault check * 000bbad86c ANDROID: 16K: Only madvise padding from dynamic linker context * ebf0750ad2 ANDROID: 16K: Separate padding from ELF LOAD segment mappings * abbc0d53ee ANDROID: 16K: Exclude ELF padding for fault around range * 778abad3ac ANDROID: 16K: Use MADV_DONTNEED to save VMA padding pages. * 37d6ffe5ca ANDROID: 16K: Introduce ELF padding representation for VMAs * 38c464b4a4 ANDROID: 16K: Introduce /sys/kernel/mm/pgsize_miration/enabled * 280193753c ANDROID: GKI: Update symbols to symbol list * 1016230309 UPSTREAM: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path * 582e001b25 UPSTREAM: netfilter: nf_tables: release batch on table validation from abort path * cd2fc5a605 UPSTREAM: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout * 5fa7520118 UPSTREAM: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain * ecd8068fb4 BACKPORT: mm: update mark_victim tracepoints fields * 4571e647cc Revert "FROMGIT: BACKPORT: mm: update mark_victim tracepoints fields" * beecd97e3a UPSTREAM: usb: gadget: uvc: decrease the interrupt load to a quarter * ad31e24641 UPSTREAM: netfilter: nft_set_pipapo: release elements in clone only from destroy path Change-Id: I0f7cad212c9425224ade80ed88ef8f0b8046827a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-06-01 11:00:17 +00:00
Greg Kroah-Hartman	d615d2d800	Merge tag 'android12-5.10.210_r00' into branch android12-5.10 ... This merges the 5.10.210 LTS releases into the android12-5.10 branch. Included in here are the following commits: * 47e789159e Revert "hrtimer: Report offline hrtimer enqueue" * c5fa21f10b Revert "scsi: core: Introduce enum scsi_disposition" * 7c333b5976 Revert "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler" * d32a2a4b7b Revert "scsi: core: Move scsi_host_busy() out of host lock if it is for per-command" * b2600e62c4 Revert "bpf: Add map and need_defer parameters to .map_fd_put_ptr()" * 379ac05cc3 Revert "drm/mipi-dsi: Fix detach call without attach" * 0412bcfd88 Revert "serial: Add rs485_supported to uart_port" * 8e1cc643b1 Revert "serial: 8250_exar: Fill in rs485_supported" * e18733695d Revert "serial: 8250_exar: Set missing rs485_supported flag" * 8755d58540 Revert "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()" * 66e91da883 Merge 5.10.210 into android12-5.10-lts |\ | * aa6ca808a4 Linux 5.10.210 | * cf5a69e355 PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() | * 9f53d24852 net: bcmgenet: Fix EEE implementation | * 9a865a11d6 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() | * 67f386f756 drm/msm/dsi: Enable runtime PM | * 21b38d85f6 PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() | * ede393e118 PM: runtime: add devm_pm_runtime_enable helper | * a891a0621e dm: limit the number of targets and parameter size area | * c90746c03b nilfs2: replace WARN_ONs for invalid DAT metadata block requests | * f3e4963566 nilfs2: fix potential bug in end_buffer_async_write | * db896bbe4a sched/membarrier: reduce the ability to hammer on sys_membarrier | * 8f8f185643 net: prevent mss overflow in skb_segment() | * f7e0231eea Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" | * 70ca0dbae4 hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() | * c80ddc1092 netfilter: ipset: Missing gc cancellations fixed | * a24d5f2ac8 netfilter: ipset: fix performance regression in swap operation | * 583a6c76b9 scripts/decode_stacktrace.sh: optionally use LLVM utilities | * 0f906882eb scripts: decode_stacktrace: demangle Rust symbols | * a3d71b6ae9 scripts/decode_stacktrace.sh: support old bash version | * ae992f14b1 scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm | * 00f09825e1 serial: 8250_exar: Set missing rs485_supported flag | * 84bf7b8759 serial: 8250_exar: Fill in rs485_supported | * dfd8b9d26b serial: Add rs485_supported to uart_port | * 0c36878222 crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init | * e0d2eeec88 mips: Fix max_mapnr being uninitialized on early stages | * 41a4bd51d8 PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support | * ff67f77fb0 bus: moxtet: Add spi device table | * 88ec9bbcd3 Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" | * 6a42eb0d21 tracing: Inform kmemleak of saved_cmdlines allocation | * 3a6e27dbe2 pmdomain: core: Move the unused cleanup to a _sync initcall | * 978e50ef8c can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) | * e4a6d3acad of: property: fix typo in io-channels | * 8180d0c27b ceph: prevent use-after-free in encode_cap_msg() | * 2e9506c9e0 s390/qeth: Fix potential loss of L3-IP@ in case of network issues | * 888679afbf irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update | * 2809645d8a irqchip/irq-brcmstb-l2: Add write memory barrier before exit | * 45a3657c3f wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() | * c7fa9590a9 nfp: flower: prevent re-adding mac index for bonded port | * 962091c408 nfp: use correct macro for LengthSelect in BAR config | * 58054faf3b crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked | * 98a4026b22 nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() | * 364a66be2a nilfs2: fix data corruption in dsync block recovery for small block sizes | * a643d8d179 ALSA: hda/conexant: Add quirk for SWS JS201D | * ca0533fe66 mmc: slot-gpio: Allow non-sleeping GPIO ro | * bdc29f9ca3 x86/mm/ident_map: Use gbpages only where full GB page should be mapped. | * 09f21bee5b x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 | * 1a8a72ee17 serial: max310x: improve crystal stable clock detection | * 6f248ee7aa serial: max310x: set default value when reading clock ready bit | * 92a0a5d613 ring-buffer: Clean ring_buffer_poll_wait() error return | * 9ec807e7b6 hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove | * 93d8109bf1 media: rc: bpf attach/detach requires write permission | * a98ccbcddb iio: accel: bma400: Fix a compilation problem | * 36a49290d7 iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC | * fa5884dd5b staging: iio: ad5933: fix type mismatch regression | * 8a744f925d tracing: Fix wasted memory in saved_cmdlines logic | * d033a555d9 ext4: fix double-free of blocks due to wrong extents moved_len | * f86e12415b misc: fastrpc: Mark all sessions as invalid in cb_remove | * a423042052 binder: signal epoll threads of self-work | * 6d11240dd1 ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL | * cdaddb457d xen-netback: properly sync TX responses | * 0d8011a878 net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() | * 2f6d16f052 nfc: nci: free rx_data_reassembly skb on NCI device cleanup | * 5abf3e8af2 kbuild: Fix changing ELF file type for output of gen_btf for big endian | * 6717c593c7 firewire: core: correct documentation of fw_csr_string() kernel API | * 2dc1d93b2c lsm: fix the logic in security_inode_getsecctx() | * 7d4e19f7ff scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" | * ca188f2512 modpost: trim leading spaces when processing source files list | * 7a14b8a477 i2c: i801: Fix block process call transactions | * 5e8a6140d4 i2c: i801: Remove i801_set_block_buffer_mode | * 230e89b5ad powerpc/kasan: Fix addr error caused by page alignment | * 486a4176bc media: ir_toy: fix a memleak in irtoy_tx | * b8da59ad91 usb: f_mass_storage: forbid async queue when shutdown happen | * 9a8ccbc6ec USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT | * 9d07bdbfa4 usb: ucsi_acpi: Fix command completion handling | * f304eb4833 HID: wacom: Do not register input devices until after hid_hw_start | * 4f7927310e HID: wacom: generic: Avoid reporting a serial of '0' to userspace | * d51fc41e15 ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx | * 8da18c51ce ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 | * 81e7d2530d mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again | * 56cfbe6071 tracing/trigger: Fix to return error if failed to alloc snapshot | * 6d05659b60 i40e: Fix waiting for queues of all VSIs to be disabled | * f026f23849 MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler | * ed8c87ac8a net: sysfs: Fix /sys/class/net/<iface> path for statistics | * 4a98bc739d ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() | * f8cd86c67d spi: ppc4xx: Drop write-only variable | * 55cfccb658 net: openvswitch: limit the number of recursions from action sets | * 3f9b9585b7 of: unittest: Fix compile in the non-dynamic case | * dc8bce9c71 btrfs: send: return EOPNOTSUPP on unknown flags | * 22965e4fee btrfs: forbid deleting live subvol qgroup | * 3f5d47eb16 btrfs: do not ASSERT() if the newly created subvolume already got read | * d7247ce32a btrfs: forbid creating subvol qgroups | * 4cee42fcf5 netfilter: nft_set_rbtree: skip end interval element from gc | * feace3c240 net: stmmac: xgmac: fix a typo of register name in DPP safety handling | * 78115a3473 net: stmmac: xgmac: use #define for string constants | * 8868106251 clocksource: Skip watchdog check for large watchdog intervals | * cda4ca038c vhost: use kzalloc() instead of kmalloc() followed by memset() | * 63d97c3aba Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID | * 9a564a9a07 Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU | * b1f576be92 hrtimer: Report offline hrtimer enqueue | * b87060b3e8 usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK | * 34fd6f444b USB: serial: cp210x: add ID for IMST iM871A-USB | * 53479fcfd0 USB: serial: option: add Fibocom FM101-GL variant | * c537b88b39 USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e | * e800ef36d1 net/af_iucv: clean up a try_then_request_module() | * 9f56f38331 blk-iocost: Fix an UBSAN shift-out-of-bounds warning | * 9878c660d1 scsi: core: Move scsi_host_busy() out of host lock if it is for per-command | * 1dd947c21d netfilter: nft_set_pipapo: remove scratch_aligned pointer | * d6fcad0da2 netfilter: nft_set_pipapo: add helper to release pcpu scratch area | * 1771e8347f netfilter: nft_set_pipapo: store index in scratch maps | * d1ec65c49e netfilter: nft_ct: reject direction for ct id | * 730fce47e5 netfilter: nft_compat: restrict match/target protocol to u16 | * 78909916a2 netfilter: nft_compat: reject unused compat flag | * b06e067e93 ppp_async: limit MRU to 64K | * 19d7314f2f tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() | * 09e91f3e7e rxrpc: Fix response to PING RESPONSE ACKs to a dead call | * 88081ba415 inet: read sk->sk_family once in inet_recv_error() | * 7e42379d29 hwmon: (coretemp) Fix bogus core_id to attr name mapping | * f0da068c75 hwmon: (coretemp) Fix out-of-bounds memory access | * 9551de5caa hwmon: (aspeed-pwm-tacho) mutex for tach reading | * edfd328fe7 atm: idt77252: fix a memleak in open_card_ubr0 | * e77bf828f1 tunnels: fix out of bounds access when building IPv6 PMTU error | * fd473100bf selftests: net: avoid just another constant wait | * 2fc45a4631 net: stmmac: xgmac: fix handling of DPP safety error for DMA channels | * 66c8243e61 drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case | * be3b82e487 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP | * 784d315482 dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV | * 68459d2b0c phy: renesas: rcar-gen3-usb2: Fix returning wrong error code | * ae6769ba51 dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA | * fbe1c5c6a8 dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA | * 3496a1da71 dmaengine: ti: k3-udma: Report short packet errors | * b7dbf4115b dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools | * 6db18971f7 PM: sleep: Fix error handling in dpm_prepare() | * 6388d0e320 uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ | * 2563e7c687 bonding: remove print in bond_verify_device_path | * d1a9900e64 HID: apple: Add 2021 magic keyboard FN key mapping | * b1e3ea7c48 HID: apple: Add support for the 2021 Magic Keyboard | * e5eca7954a net: sysfs: Fix /sys/class/net/<iface> path | * f199018dc7 af_unix: fix lockdep positive in sk_diag_dump_icons() | * 9c9cab01c7 net: ipv4: fix a memleak in ip_setup_cork | * 65ee90efc9 netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations | * 32fa7abb18 netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger | * d0b5b1f124 llc: call sock_orphan() at release time | * e34c91e7e8 ipv6: Ensure natural alignment of const ipv6 loopback and router addresses | * b45fae96bd ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() | * f8bccfa175 ixgbe: Refactor overtemp event handling | * e16c254f60 ixgbe: Refactor returning internal error codes | * 2499c0661b ixgbe: Remove non-inclusive language | * f48bf9a83b tcp: add sanity checks to rx zerocopy | * 14690e419b net-zerocopy: Refactor frag-is-remappable test. | * a9bc32879a ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() | * a57b114a84 ip6_tunnel: use dev_sw_netstats_rx_add() | * f5944853f7 scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler | * 7efadce40a scsi: core: Introduce enum scsi_disposition | * dca11bfa01 scsi: isci: Fix an error code problem in isci_io_request_build() | * 948090f66a drm: using mul_u32_u32() requires linux/math64.h | * 02161f622d wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update | * b54eecdc08 perf: Fix the nr_addr_filters fix | * 73eda26931 drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' | * feacc80040 drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' | * e016e35846 ceph: fix deadlock or deadcode of misusing dget() | * 7610ba1319 blk-mq: fix IO hang from sbitmap wakeup race | * 27ae156e63 virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings | * 0079078f5e libsubcmd: Fix memory leak in uniq() | * 32a8243788 PCI/AER: Decode Requester ID when no error info found | * feaf0752b3 fs/kernfs/dir: obey S_ISGID | * 6f921430b0 tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE | * e962b59d37 usb: hub: Replace hardcoded quirk value with BIT() macro | * 4a5d0528cf PCI: switchtec: Fix stdev_release() crash after surprise hot remove | * 385e49a40f PCI: Only override AMD USB controller if required | * bb59b30a5c mfd: ti_am335x_tscadc: Fix TI SoC dependencies | * e4fdf3b176 xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import | * 89bdf3a9f9 i3c: master: cdns: Update maximum prescaler value for i2c clock | * b345f330ae um: net: Fix return type of uml_net_start_xmit() | * ef21984653 um: Don't use vfprintf() for os_info() | * e4cc555388 um: Fix naming clash between UML and scheduler | * d47f5d41d8 leds: trigger: panic: Don't register panic notifier if creating the trigger failed | * 8342ac4a55 drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' | * 48bb06f8e3 drm/amdgpu: Let KFD sync with VM fences | * e90c8f9785 watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 | * 6f59516a36 clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() | * 2cb6059468 clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() | * 5fd28ab1c8 drm/msm/dpu: Ratelimit framedone timeout msgs | * 179fe24bd6 media: ddbridge: fix an error code problem in ddb_probe | * ac2630fd3c IB/ipoib: Fix mcast list locking | * 9503ce5f87 drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time | * 1eeca000f2 ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL | * 3841b8a64e ALSA: hda: Intel: add HDA_ARL PCI ID support | * 56d717aa7b PCI: add INTEL_HDA_ARL to pci_ids.h | * b68e373dc0 media: rockchip: rga: fix swizzling for RGB formats | * 32c5e3f808 media: stk1160: Fixed high volume of stk1160_dbg messages | * 425a441c5c drm/mipi-dsi: Fix detach call without attach | * 0ec29a0f03 drm/framebuffer: Fix use of uninitialized variable | * d7b81afa11 drm/drm_file: fix use of uninitialized variable | * 9a572fc1f6 f2fs: fix write pointers on zoned device after roll forward | * 7fb8c13273 drm/amd/display: Fix tiled display misalignment | * 3a1da8abd7 RDMA/IPoIB: Fix error code return in ipoib_mcast_join | * 13d20b2c20 fast_dput(): handle underflows gracefully | * 706fb30da0 ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument | * 354785abdf ALSA: hda: Refer to correct stream index at loops | * 80c69f576f f2fs: fix to check return value of f2fs_reserve_new_block() | * e474e7a7d6 i40e: Fix VF disable behavior to block all traffic | * ed6de41473 Bluetooth: L2CAP: Fix possible multiple reject send | * e1bcd9a42e Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 | * 27575c2f1f wifi: cfg80211: free beacon_ies when overridden from hidden BSS | * 40bcbf7d90 wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() | * 1632481a99 wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices | * 2131606a5f arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property | * 4668f3e6ac arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property | * 82f6e7e68e md: Whenassemble the array, consult the superblock of the freshest device | * 1746cd95a5 block: prevent an integer overflow in bvec_try_merge_hw_page | * 1335310a6a net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path | * 9c51d26ff9 ARM: dts: imx23/28: Fix the DMA controller node name | * 6c22388d96 ARM: dts: imx23-sansa: Use preferred i2c-gpios properties | * fb9bdf84b6 ARM: dts: imx27-apf27dev: Fix LED name | * 1dd3a37909 ARM: dts: imx25/27: Pass timing0 | * 3c2bce8976 ARM: dts: imx25: Fix the iim compatible string | * 95bc866c11 block/rnbd-srv: Check for unlikely string overflow | * 03ca1d3d8f ionic: pass opcode to devcmd_wait | * ba108f3db9 ARM: dts: imx1: Fix sram node | * 2f22ce556e ARM: dts: imx27: Fix sram node | * e6c0ea054c ARM: dts: imx: Use flash@0,0 pattern | * bfbaf1551b ARM: dts: imx25/27-eukrea: Fix RTC node name | * 24bb6b2647 ARM: dts: rockchip: fix rk3036 hdmi ports node | * 11c1fc73bf bpf: Set uattr->batch.count as zero before batched update or deletion | * 2e7f8d05ec scsi: libfc: Fix up timeout error in fc_fcp_rec_error() | * a72670f465 scsi: libfc: Don't schedule abort twice | * 80700978cb bpf: Add map and need_defer parameters to .map_fd_put_ptr() | * 84770a996a wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() | * c390b6a2c3 ARM: dts: imx7s: Fix nand-controller #size-cells | * d7cb295b53 ARM: dts: imx7s: Fix lcdif compatible | * 73ead7a37a ARM: dts: imx7d: Fix coresight funnel ports | * 86781b3a8e scsi: arcmsr: Support new PCI device IDs 1883 and 1886 | * db516f6030 bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk | * 4f87b8d932 PCI: Add no PM reset quirk for NVIDIA Spectrum devices | * 9bc7617a0d scsi: lpfc: Fix possible file string name overflow when updating firmware | * 9b9bbba16b selftests/bpf: Fix pyperf180 compilation failure with clang18 | * 747838941f selftests/bpf: satisfy compiler by having explicit return in btf test | * 69e905beca wifi: rt2x00: restart beacon queue when hardware reset | * cfbbb3199e ext4: avoid online resizing failures due to oversized flex bg | * e7b9fa6c29 ext4: remove unnecessary check from alloc_flex_gd() | * b960192422 ext4: unify the type of flexbg_size to unsigned int | * 64448275f8 ext4: fix inconsistent between segment fstrim and full fstrim | * 5183595c0b ecryptfs: Reject casefold directory inodes | * c430e6bb43 SUNRPC: Fix a suspicious RCU usage warning | * 150a3a3871 KVM: s390: fix setting of fpc register | * 856caf2730 s390/ptrace: handle setting of fpc register correctly | * e2b77d107b jfs: fix array-index-out-of-bounds in diNewExt | * 5f1f459520 rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() | * ae53c54ed7 afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() | * a02356d996 afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() | * 108c4db057 crypto: stm32/crc32 - fix parsing list of devices | * a63e48cd83 pstore/ram: Fix crash when setting number of cpus to an odd number | * bc6ef64dbe jfs: fix uaf in jfs_evict_inode | * 2037cb9d95 jfs: fix array-index-out-of-bounds in dbAdjTree | * 1c40ca3d39 jfs: fix slab-out-of-bounds Read in dtSearch | * 7aa3385447 UBSAN: array-index-out-of-bounds in dtSplitRoot | * de34de6e57 FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree | * 95c864c811 ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events | * 3399cc7013 PM / devfreq: Synchronize devfreq_monitor_[start/stop] | * b17a71435e ACPI: extlog: fix NULL pointer dereference check | * c261594853 PNP: ACPI: fix fortify warning | * 3a13ed6298 ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop | * c74b2af2cc audit: Send netlink ACK before setting connection in auditd_set | * 37e00ed71e regulator: core: Only increment use_count when enable_count changes | * 19c7132270 debugobjects: Stop accessing objects after releasing hash bucket lock | * c57cb397fe perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file | * 5224b9db24 x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel | * beee482cc4 powerpc/lib: Validate size for vector operations | * 24a58abcff powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE | * 02e5b2ff47 x86/boot: Ignore NMIs during very early boot | * 9d06c199d8 powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() | * 3928c06363 powerpc: Fix build error due to is_valid_bugaddr() | * 353496cb35 drivers/perf: pmuv3: don't expose SW_INCR event in sysfs | * aa28eecb43 powerpc/mm: Fix null-pointer dereference in pgtable_cache_add | * 4e806600eb x86/entry/ia32: Ensure s32 is sign extended to s64 | * cdc01845df tick/sched: Preserve number of idle sleeps across CPU hotplug events | * 3736a7832b mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan | * 95a8a5193e spi: bcm-qspi: fix SFDP BFPT read by usig mspi read | * f1ba5bf9e0 gpio: eic-sprd: Clear interrupt after set the interrupt type | * 0924bcd2fd drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume | * b6abe30de3 drm/exynos: fix accidental on-stack copy of exynos_drm_plane | * 4e56c5a9b9 drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] | * e1c50b0c62 btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted | * d073f4608b btrfs: remove err variable from btrfs_delete_subvolume | * 90ad17575d mm/sparsemem: fix race in accessing memory_section->usage | * 74a80f8dda mm: use __pfn_to_section() instead of open coding it | * 43872f44ee media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run | * 9087d0c2ba arm64: dts: qcom: sc7180: fix USB wakeup interrupt types | * 3de807b140 arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts | * 8b2c7bb605 ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 | * 162ae0e78b pipe: wakeup wr_wait after setting max_usage | * b6f27626f5 fs/pipe: move check to pipe_has_watch_queue() | * f46eb83238 PM: sleep: Fix possible deadlocks in core system-wide PM code | * 8b604883d4 PM: core: Remove unnecessary (void *) conversions | * 57df40f800 PM: sleep: Avoid calling put_device() under dpm_list_mtx | * 2245a84985 PM: sleep: Use dev_printk() when possible | * 8a6a51b80b drm/bridge: nxp-ptn3460: simplify some error checking | * bedbbdf056 drm/tidss: Fix atomic_flush check | * ea19252691 drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking | * f55261469b drm: Don't unref the same fb many times by mistake due to deadlock handling | * bb575bc3e7 gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 | * 55a60251fa netfilter: nf_tables: reject QUEUE/DROP verdict parameters | * 9489e214ea netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain | * 05dd9facfb wifi: iwlwifi: fix a memory corruption | * c0760a5c3e exec: Fix error handling in begin_new_exec() | * 30f38928b6 rbd: don't move requests to the running list on errors | * 2bdf872bcf btrfs: don't abort filesystem when attempting to snapshot deleted subvolume | * 5d3687baa9 btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args | * f27937426b btrfs: don't warn if discard range is not aligned to sector | * f8a7a51a6c btrfs: tree-checker: fix inline ref size in error messages | * be90e25880 btrfs: ref-verify: free ref cache before clearing mount opt | * 7c3a572e15 net: fec: fix the unhandled context fault from smmu | * a52b2faf60 fjes: fix memleaks in fjes_hw_setup | * e1bf3ec97a selftests: netdevsim: fix the udp_tunnel_nic test | * 83f99138bf net: mvpp2: clear BM pool before initialization | * 6a2e2d9890 netfilter: nf_tables: validate NFPROTO_* family | * 4fbdc3a18f netfilter: nf_tables: restrict anonymous set and map names to 16 bytes | * cf116d9c3c net/mlx5e: fix a double-free in arfs_create_groups | * 1123661a08 net/mlx5: DR, Use the right GVMI number for drop action | * a3eba5989f ipv6: init the accept_queue's spinlocks in inet6_create | * be8d1f619e netlink: fix potential sleeping issue in mqueue_flush_file | * 69ca75e063 tcp: Add memory barrier to tcp_push() | * 8499e2f121 afs: Hide silly-rename files from userspace | * ef70dfa0b1 tracing: Ensure visibility when inserting an element into tracing_map | * 5ae8d50044 net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv | * 9ccdef19cf llc: Drop support for ETH_P_TR_802_2. | * 04f2a74b56 llc: make llc_ui_sendmsg() more robust against bonding changes | * ea4c3cb7fd vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING | * fc74f86a33 bnxt_en: Wait for FLR to complete during probe | * bc99dcedd2 tcp: make sure init the accept_queue's spinlocks once | * 5fed92ca32 net/smc: fix illegal rmb_desc access in SMC-D connection dump | * c71e1c1a08 KVM: use __vcalloc for very large allocations | * 95670878a6 mm: vmalloc: introduce array allocation functions | * 02f629bb46 smb3: Replace smb2pdu 1-element arrays with flex-arrays | * 443b16ee3d stddef: Introduce DECLARE_FLEX_ARRAY() helper | * bfc0647791 block: Remove special-casing of compound pages | * ff4332f1ec rename(): fix the locking of subdirectories | * d132010e6d ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path | * c6e6640784 nouveau/vmm: don't set addr on the fail path to avoid warning | * 83217f1bcb rtc: Adjust failure return code for cmos_set_alarm() | * b51578bd86 mmc: mmc_spi: remove custom DMA mapped buffers | * 59020bf099 mmc: core: Use mrq.sbc in close-ended ffu | * 625cb3f3bc scripts/get_abi: fix source path leak | * 311dc5afad lsm: new security_file_ioctl_compat() hook | * f726690397 arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts | * dfc2c685f3 arm64: dts: qcom: sdm845: fix USB wakeup interrupt types | * ac4dcccbe9 async: Introduce async_schedule_dev_nocall() | * 9ef68b58fd async: Split async_schedule_node_domain() | * 1dd8449e20 parisc/firmware: Fix F-extend for PDC addresses | * 20a6dea2d1 bus: mhi: host: Drop chan lock before queuing buffers | * 69ca89d80f rpmsg: virtio: Free driver_override when rpmsg_remove() | * cd51e26a3b crypto: s390/aes - Fix buffer overread in CTR mode | * c6a8111aac hwrng: core - Fix page fault dead lock on mmap-ed hwrng | * 981a31b754 PM: hibernate: Enforce ordering during image compression/decompression | * 462c383e73 crypto: api - Disallow identical driver names | * fa94912241 ext4: allow for the last group to be marked as trimmed | * d173ef1255 iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. | * 9de69732dd dmaengine: fix NULL pointer in channel unregistration function | * 653d289060 iio: adc: ad7091r: Enable internal vref if external vref is not supplied | * 1eba6f7ffa iio: adc: ad7091r: Allow users to configure device events | * 9ec7498a25 iio: adc: ad7091r: Set alert bit in config register | * be5d6a297d serial: sc16is7xx: add check for unsupported SPI modes during probe | * 8df2aec94b spi: introduce SPI_MODE_X_MASK macro | * 6ec08ce3bf serial: sc16is7xx: set safe default SPI clock frequency | * e83f114994 units: add the HZ macros | * 762217e973 units: change from 'L' to 'UL' | * f37f4a0c53 PCI: mediatek: Clear interrupt status before dispatching handler | * 490eaca842 usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled | * bf70321419 usb: cdns3: fix iso transfer error when mult is not zero | * 6aec2f089d usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config | * 2fdc98b05c usb: cdns3: fix uvc failure work since sg support enabled | * 67d3c71cf8 usb: cdns3: Fixes for sparse warnings * bb4ccced84 Merge branch 'android12-5.10' into branch 'android12-5.10-lts' Change-Id: I426dde9c00dda717bda1273bfda50890d07f6610 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-05-30 15:24:20 +00:00
Dezhi Huang	33c78af45a	ANDROID: add vendor hook in do_read_fault to tune fault_around_bytes ... with this vendor_hook, oem can dynamically adjust fault_around_bytes to balance memory usage and performance Bug: 340744332 Change-Id: I24414c7ba7e77ae06ce5e8cf52377c3485185cfe Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com>	2024-05-16 16:19:54 +00:00
Kalesh Singh	626e5dce00	ANDROID: 16K: Fix show maps CFI failure ... If the kernel is built CONFIG_CFI_CLANG=y, reading smaps may cause a panic. This is due to a failed CFI check; which is triggered becuase the signature of the function pointer for printing smaps padding VMAs does not match exactly with that for show_smap(). Fix this by casting the function pointer to the expected type based on whether printing maps or smaps padding. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I65564a547dacbc4131f8557344c8c96e51f90cd5 Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	09da1d141d	ANDROID: 16K: Handle pad VMA splits and merges ... In some cases a VMA with padding representation may be split, and therefore the padding flags must be updated accordingly. There are 3 cases to handle: Given: | DDDDPPPP | where: - D represents 1 page of data; - P represents 1 page of padding; - | represents the boundaries (start/end) of the VMA 1) Split exactly at the padding boundary | DDDDPPPP | --> | DDDD | PPPP | - Remove padding flags from the first VMA. - The second VMA is all padding 2) Split within the padding area | DDDDPPPP | --> | DDDDPP | PP | - Subtract the length of the second VMA from the first VMA's padding. - The second VMA is all padding, adjust its padding length (flags) 3) Split within the data area | DDDDPPPP | --> | DD | DDPPPP | - Remove padding flags from the first VMA. - The second VMA is has the same padding as from before the split. To simplify the semantics merging of padding VMAs is not allowed. If a split produces a VMA that is entirely padding, show_[s]maps() only outputs the padding VMA entry (as the data entry is of length 0). Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: Ie2628ced5512e2c7f8af25fabae1f38730c8bb1a Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	162de86e24	ANDROID: 16K: madvise_vma_pad_pages: Remove filemap_fault check ... Some file systems like F2FS use a custom filemap_fault ops. Remove this check, as checking vm_file is sufficient. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: Id6a584d934f06650c0a95afd1823669fc77ba2c2 Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	000bbad86c	ANDROID: 16K: Only madvise padding from dynamic linker context ... Only preform padding advise from the execution context on bionic's dynamic linker. This ensures that madvise() doesn't have unwanted side effects. Also rearrange the order of fail checks in madvise_vma_pad_pages() in order of ascending cost. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I3e05b8780c6eda78007f86b613f8c11dd18ac28f Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	ebf0750ad2	ANDROID: 16K: Separate padding from ELF LOAD segment mappings ... In has been found that some in-field apps depend on the output of /proc/*/maps to determine the address ranges of other operations. With the extension of LOAD segments VMAs to be contiguous in memory, the apps may perform operations on an area that is not backed by the underlying file, which results in a SIGBUS. Other apps have crashed with yet unindentified reasons. To avoid breaking in-field apps, maintain the output of /proc/*/[s]maps with PROT_NONE VMAs for the padding pages of LOAD segmetns instead of showing the segment extensions. NOTE: This does not allocate actual backing VMAs for the shown PROT_NONE mappings. This approach maintains 2 possible assumptions that userspace (apps) could be depending on: 1) That LOAD segment mappings are "contiguous" (not speparated by unrelated mappings) in memory. 2) That no virtual address space is available between mappings of consecutive LOAD segments for the same ELF. For example the output of /proc/*/[s]maps before and after this change is shown below. Segments maintain PROT_NONE gaps ("[page size compat]") for app compatiblity but these are not backed by actual slab VMA memory. Maps Before: 7fb03604d000-7fb036051000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so 7fb036051000-7fb036055000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so 7fb036055000-7fb036059000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so 7fb036059000-7fb03605a000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so Maps After: 7fc707390000-7fc707393000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so 7fc707393000-7fc707394000 ---p 00000000 00:00 0 [page size compat] 7fc707394000-7fc707398000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so 7fc707398000-7fc707399000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so 7fc707399000-7fc70739c000 ---p 00000000 00:00 0 [page size compat] 7fc70739c000-7fc70739d000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so Smaps Before: 7fb03604d000-7fb036051000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 16 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 16 kB Pss: 0 kB Pss_Dirty: 0 kB Shared_Clean: 16 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 16 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd mr mw me 7fb036051000-7fb036055000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 16 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 16 kB Pss: 0 kB Pss_Dirty: 0 kB Shared_Clean: 16 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 16 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd ex mr mw me 7fb036055000-7fb036059000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 16 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 4 kB Pss: 4 kB Pss_Dirty: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd mr mw me ac 7fb036059000-7fb03605a000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 4 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 4 kB Pss: 4 kB Pss_Dirty: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd wr mr mw me ac Smaps After: 7fc707390000-7fc707393000 r--p 00000000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 12 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 12 kB Pss: 0 kB Shared_Clean: 12 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 12 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd mr mw me ?? 7fc707393000-7fc707394000 ---p 00000000 00:00 0 [page size compat] Size: 4 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 0 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 0 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: mr mw me 7fc707394000-7fc707398000 r-xp 00004000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 16 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 16 kB Pss: 0 kB Shared_Clean: 16 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 16 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd ex mr mw me 7fc707398000-7fc707399000 r--p 00008000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 4 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd mr mw me ac ?? ?? 7fc707399000-7fc70739c000 ---p 00000000 00:00 0 [page size compat] Size: 12 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 0 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 0 kB Anonymous: 0 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: mr mw me ac 7fc70739c000-7fc70739d000 rw-p 0000c000 fe:09 21935719 /system/lib64/libnetd_client.so Size: 4 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB LazyFree: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 0 VmFlags: rd wr mr mw me ac Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I12bf2c106fafc74a500d79155b81dde5db42661e Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	abbc0d53ee	ANDROID: 16K: Exclude ELF padding for fault around range ... Userspace apps often analyze memory consumption by the use of mm rss_stat counters -- via the kmem/rss_stat trace event or from /proc/<pid>/statm. rss_stat counters are only updated when the PTEs are updated. What this means is that pages can be present in the page cache from readahead but not visible to userspace (not attributed to the app) as there is no corresponding VMA (PTEs) for the respective page cache pages. A side effect of the loader now extending ELF LOAD segments to be contiguously mapped in the virtual address space, means that the VMA is extended to cover the padding pages. When filesystems, such as f2fs and ext4, that implement vm_ops->map_pages() attempt to perform a do_fault_around() the extent of the fault around is restricted by the area of the enclosing VMA. Since the loader extends LOAD segment VMAs to be contiguously mapped, the extent of the fault around is also increased. The result of which, is that the PTEs corresponding to the padding pages are updated and reflected in the rss_stat counters. It is not common that userspace application developers be aware of this nuance in the kernel's memory accounting. To avoid apparent regressions in memory usage to userspace, restrict the fault around range to only valid data pages (i.e. exclude the padding pages at the end of the VMA). Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I2c7a39ec1b040be2b9fb47801f95042f5dbf869d Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	778abad3ac	ANDROID: 16K: Use MADV_DONTNEED to save VMA padding pages. ... When performing LOAD segment extension, the dynamic linker knows what portion of the VMA is padding. In order for the kernel to implement mitigations that ensure app compatibility, the extent of the padding must be made available to the kernel. To achieve this, reuse MADV_DONTNEED on single VMAs to hint the padding range to the kernel. This information is then stored in vm_flag bits. This allows userspace (dynamic linker) to set the padding pages on the VMA without a need for new out-of-tree UAPI. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I3421de32ab38ad3cb0fbce73ecbd8f7314287cde Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:14 -07:00
Kalesh Singh	37d6ffe5ca	ANDROID: 16K: Introduce ELF padding representation for VMAs ... The dynamic linker may extend ELF LOAD segment mappings to be contiguous in memory when loading a 16kB compatible ELF on a 4kB page-size system. This is done to reduce the use of unreclaimable VMA slab memory for the otherwise necessary "gap" VMAs. The extended portion of the mapping (VMA) can be viewed as "padding", meaning that the mapping in that range corresponds to an area of the file that does not contain contents of the respective segments (maybe zero's depending on how the ELF is built). For some compatibility mitigations, the region of a VMA corresponding to these padding sections need to be known. In order to represent such regions without adding addtional overhead or breaking ABI, some upper bits of vm_flags are used. Add the VMA padding pages representation and the necessary APIs to manipulate it. Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: Ieb9fa98e30ec9b0bec62256624f14e3ed6062a75 Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:13 -07:00
Kalesh Singh	38c464b4a4	ANDROID: 16K: Introduce /sys/kernel/mm/pgsize_miration/enabled ... Migrating from 4kB to 16kB page-size in Android requires first making the platform page-agnostic, which involves increasing Android-ELFs' max-page-size (p_align) from 4kB to 16kB. Increasing the ELF max-page-size was found to cause compatibility issues in apps that use obfuscation or depend on the ELF segments being mapped based on 4kB-alignment. Working around these compatibility issues involves both kernel and userspace (dynamic linker) changes. Introduce a knob for userspace (dynamic linker) to determine whether the kernel supports the mitigations needed for page-size migration compatibility. The knob also allows for userspace to turn on or off these mitigations by writing 1 or 0 to /sys/kernel/mm/pgsize_miration/enabled: echo 1 > /sys/kernel/mm//pgsize_miration/enabled # Enable echo 0 > /sys/kernel/mm//pgsize_miration/enabled # Disable Bug: 330117029 Bug: 327600007 Bug: 330767927 Bug: 328266487 Bug: 329803029 Change-Id: I9ac1d15d397b8226b27827ecffa30502da91e10e Signed-off-by: Kalesh Singh <kaleshsingh@google.com>	2024-05-02 15:06:11 -07:00
Greg Kroah-Hartman	578a3af78b	Merge 5.10.213 into android12-5.10-lts ... Changes in 5.10.213 mmc: mmci: stm32: use a buffer for unaligned DMA requests mmc: mmci: stm32: fix DMA API overlapping mappings warning lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling net: lan78xx: fix runtime PM count underflow on link stop ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string geneve: make sure to pull inner header in geneve_rx() net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() cpumap: Zero-initialise xdp_rxq_info struct before running XDP program net/rds: fix WARNING in rds_conn_connect_if_down netfilter: nft_ct: fix l3num expectations with inet pseudo family netfilter: nf_conntrack_h323: Add protection for bmp length out of range netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read selftests/mm: switch to bash from sh selftests: mm: fix map_hugetlb failure on 64K page size systems um: allow not setting extra rpaths in the linux binary xhci: remove extra loop in interrupt context xhci: prevent double-fetch of transfer and transfer event TRBs xhci: process isoc TD properly when there was a transaction error mid TD. xhci: handle isoc Babble and Buffer Overrun events properly serial: max310x: Use devm_clk_get_optional() to get the input clock serial: max310x: Try to get crystal clock rate from property serial: max310x: fail probe if clock crystal is unstable serial: max310x: Make use of device properties serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: prevent infinite while() loop in port startup net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr bpf: net: Change sk_getsockopt() to take the sockptr_t argument lsm: make security_socket_getpeersec_stream() sockptr_t safe lsm: fix default return value of the socket_getpeersec_*() hooks ext4: make ext4_es_insert_extent() return void ext4: refactor ext4_da_map_blocks() ext4: convert to exclusive lock while inserting delalloc extents Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening hv_netvsc: Wait for completion on request SWITCH_DATA_PATH hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove hv_netvsc: Make netvsc/VF binding check both MAC and serial number hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed mm/hugetlb: change hugetlb_reserve_pages() to type bool mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() serial: max310x: Unprepare and disable clock in error path Drivers: hv: vmbus: Drop error message when 'No request id available' regmap: allow to define reg_update_bits for no bus configuration regmap: Add bulk read/write callbacks into regmap_config serial: max310x: make accessing revision id interface-agnostic serial: max310x: implement I2C support serial: max310x: fix IO data corruption in batched operations Linux 5.10.213 Change-Id: I3450b2b1b545eeb2e3eb862f39d1846a31d17a0a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-05-01 06:27:24 +00:00
Greg Kroah-Hartman	e92b643b4b	Merge 5.10.211 into android12-5.10-lts ... Changes in 5.10.211 net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb zonefs: Improve error handling sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us scsi: target: core: Add TMF to tmr_list handling dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' wifi: cfg80211: fix missing interfaces when dumping wifi: mac80211: fix race condition on enabling fast-xmit fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected ahci: asm1166: correct count of reported ports ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() dmaengine: ti: edma: Add some null pointer checks to the edma_probe regulator: pwm-regulator: Add validity checks in continuous .get_voltage nvmet-tcp: fix nvme tcp ida memory leak ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 spi: sh-msiof: avoid integer overflow in constants netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: abort command when there is no binding ext4: correct the hole length returned by ext4_map_blocks() Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory hwmon: (coretemp) Enlarge per package core count limit scsi: lpfc: Use unsigned type for num_sge firewire: core: send bus reset promptly on gap count error virtio-blk: Ensure no requests in virtqueues before deleting vqs. pmdomain: renesas: r8a77980-sysc: CR7 must be always on ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable ARM: dts: imx: Set default tuning step for imx6sx usdhc ASoC: fsl_micfil: register platform component before registering cpu dai media: av7110: prevent underflow in write_ts_to_decoder() hvc/xen: prevent concurrent accesses to the shared ring hsr: Avoid double remove of a node. x86/uaccess: Implement macros for CMPXCHG on user addresses seccomp: Invalidate seccomp mode to catch death failures block: ataflop: fix breakage introduced at blk-mq refactoring powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions powerpc/watchpoints: Annotate atomic context in more places cifs: add a warning when the in-flight count goes negative mtd: spinand: macronix: Add support for MX35LFxGE4AD ASoC: Intel: boards: harden codec property handling ASoC: Intel: boards: get codec device with ACPI instead of bus search ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use task_stack, x86/cea: Force-inline stack helpers btrfs: tree-checker: check for overlapping extent items btrfs: introduce btrfs_lookup_match_dir btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames lan743x: fix for potential NULL pointer dereference with bare card platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC iwlwifi: mvm: do more useful queue sync accounting iwlwifi: mvm: write queue_sync_state only for sync jbd2: remove redundant buffer io error checks jbd2: recheck chechpointing non-dirty buffer jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() erofs: fix lz4 inplace decompression IB/hfi1: Fix sdma.h tx->num_descs off-by-one error s390/cio: fix invalid -EBUSY on ccw_device_start dm-crypt: don't modify the data when using authenticated encryption KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() PCI/MSI: Prevent MSI hardware interrupt number truncation l2tp: pass correct message length to ip6_append_data ARM: ep93xx: Add terminator to gpiod_lookup_table Revert "x86/ftrace: Use alternative RET encoding" x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks Revert "x86/alternative: Make custom return thunk unconditional" x86/alternative: Make custom return thunk unconditional usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered mptcp: fix lockless access in subflow ULP diag IB/hfi1: Fix a memleak in init_credit_return RDMA/bnxt_re: Return error for SRQ resize RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/qedr: Fix qedr_create_user_qp error flow arm64: dts: rockchip: set num-cs property for spi on px30 RDMA/srpt: fix function pointer cast warnings bpf, scripts: Correct GPL license name scsi: jazz_esp: Only build if SCSI core is builtin nouveau: fix function cast warnings ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid afs: Increase buffer size in afs_update_volume_status() ipv6: sr: fix possible use-after-free and null-ptr-deref packet: move from strlcpy with unused retval to strscpy net: dev: Convert sa_data to flexible array in struct sockaddr s390: use the correct count for __iowrite64_copy() tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto tls: stop recv() if initial process_rx_list gave us non-DATA netfilter: nf_tables: set dormant flag on hook register failure drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/amd/display: Fix memory leak in dm_sw_fini() block: ataflop: more blk-mq refactoring fixes fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio arp: Prevent overflow in arp_req_get(). ext4: regenerate buddy after block freeing failed if under fc replay Linux 5.10.211 Note, this merges away the following commit: a0180e940c ("erofs: fix lz4 inplace decompression") as it conflicted too badly with the existing erofs changes in this branch that are not upstream. If it is needed, it can be brought back in the future in a safe way. Change-Id: I432a4a0964e0708d2cd337872ad75d57cbf92cce Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-04-16 15:38:10 +00:00
David Hildenbrand	c2b2430b48	x86/mm/pat: fix VM_PAT handling in COW mappings ... commit 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 upstream. PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david@redhat.com> Reported-by: Wupeng Ma <mawupeng1@huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b19 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo@kernel.org> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Borislav Petkov <bp@alien8.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David Hildenbrand <david@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-13 12:59:56 +02:00
Vlastimil Babka	af47e6a95e	mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations ... commit 803de9000f334b771afacb6ff3e78622916668b0 upstream. Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d05 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Reported-by: Sven van Ashbrook <svenva@chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBzPUVOZF%2Bg@mail.gmail.com/ Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org> Cc: Brian Geffon <bgeffon@google.com> Cc: Curtis Malainey <cujomalainey@chromium.org> Cc: Jaroslav Kysela <perex@perex.cz> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Michal Hocko <mhocko@kernel.org> Cc: Takashi Iwai <tiwai@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-13 12:59:22 +02:00
Zi Yan	2e5fe74034	mm/migrate: set swap entry values of THP tail pages properly. ... The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bd ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b837153 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae52 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_charante@quicinc.com/ Fixes: 616b837153 ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy@nvidia.com> Acked-by: David Hildenbrand <david@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-13 12:59:02 +02:00
Liu Shixin	38753f1ada	mm/memory-failure: fix an incorrect use of tail pages ... When backport commit c79c5a0a00a9 to 5.10-stable, there is a mistake change. The head page instead of tail page should be passed to try_to_unmap(), otherwise unmap will failed as follows. Memory failure: 0x121c10: failed to unmap page (mapcount=1) Memory failure: 0x121c10: recovery action for unmapping failed page: Ignored Fixes: 70168fdc74 ("mm/memory-failure: check the mapcount of the precise page") Signed-off-by: Liu Shixin <liushixin2@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-13 12:59:01 +02:00
Qiang Zhang	7607860ae4	memtest: use {READ,WRITE}_ONCE in memory scanning ... [ Upstream commit 82634d7e24271698e50a3ec811e5f50de790a65f ] memtest failed to find bad memory when compiled with clang. So use {WRITE,READ}_ONCE to access memory to avoid compiler over optimization. Link: https://lkml.kernel.org/r/20240312080422.691222-1-qiang4.zhang@intel.com Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com> Cc: Bill Wendling <morbo@google.com> Cc: Justin Stitt <justinstitt@google.com> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-04-13 12:58:39 +02:00
Ryan Roberts	d85c11c97e	mm: swap: fix race between free_swap_and_cache() and swapoff() ... [ Upstream commit 82b1c07a0af603e3c47b906c8e991dc96f01688e ] There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com Fixes: 7c00bafee8 ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redhat.com/ Signed-off-by: Ryan Roberts <ryan.roberts@arm.com> Cc: David Hildenbrand <david@redhat.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-04-13 12:58:26 +02:00
Greg Kroah-Hartman	66e91da883	This is the 5.10.210 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmXYTLkACgkQONu9yGCS aT4+fhAAqqR/Cvx53ZKMQ8GZTCudAZnr/Dz6kWYwxhhhIbQjDpCaf9mgsrEDaQS2 ancSZjzYaOUIXq/IsthXxQIUhiZbuM3iuSEi7+odWgSYdkFyzuUt8MWLBGSaB5Er ojn+APtq7vPXTSnp7uMwqMC3/BHCKkeYIjRVevhhHBKG5d3lzkV1xU8NcvMkLaly CIRxpWXD3w2b7K0GEbb/zN1GQEHDCQcxjuaJoe/5FKGJkqd3T31eyiJTRumCCMcz j8vkGkYmcMJpWf04iLgVA1p13I5/HGrXdEBI/GutN8IABIC3Cp42jW8phHYKW5ZM a4R25LZG5buND1Ubpq+EDrYn3EaPek5XRki0w8ZAXfNa3rYc+N6mQjkzNSOzhJ/5 VNsn3EAE1Dwtar5Z3ASe9ugDbh+0bgx85PbfaADK88V+qWb3DVr1TBWmDNu2vfVP rv4I0EKu9r3vOE8aNMEBuhAVkIK3mEQUxwab6RKNrMby/5Uwa+ugrrUtQd8V+T1S j6r6v7u7aZ8mhYO7d6WSvAKL85lCWGbs3WRIKCJZmDRyqWrWW9tVWRN9wrZ2QnRr iaCQKk8P474P7/j1zwnmih8l4wS1oszveNziWwd0fi1Nn/WQYM+JKYQvpuQijmQ+ J9jLyWo7a59zffIE6mzJdNwFy9hlw9X+VnJmExk/Q88Z7Bt5wPQ= =laYd -----END PGP SIGNATURE----- Merge 5.10.210 into android12-5.10-lts Changes in 5.10.210 usb: cdns3: Fixes for sparse warnings usb: cdns3: fix uvc failure work since sg support enabled usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config usb: cdns3: fix iso transfer error when mult is not zero usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled PCI: mediatek: Clear interrupt status before dispatching handler units: change from 'L' to 'UL' units: add the HZ macros serial: sc16is7xx: set safe default SPI clock frequency spi: introduce SPI_MODE_X_MASK macro serial: sc16is7xx: add check for unsupported SPI modes during probe iio: adc: ad7091r: Set alert bit in config register iio: adc: ad7091r: Allow users to configure device events iio: adc: ad7091r: Enable internal vref if external vref is not supplied dmaengine: fix NULL pointer in channel unregistration function iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. ext4: allow for the last group to be marked as trimmed crypto: api - Disallow identical driver names PM: hibernate: Enforce ordering during image compression/decompression hwrng: core - Fix page fault dead lock on mmap-ed hwrng crypto: s390/aes - Fix buffer overread in CTR mode rpmsg: virtio: Free driver_override when rpmsg_remove() bus: mhi: host: Drop chan lock before queuing buffers parisc/firmware: Fix F-extend for PDC addresses async: Split async_schedule_node_domain() async: Introduce async_schedule_dev_nocall() arm64: dts: qcom: sdm845: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts lsm: new security_file_ioctl_compat() hook scripts/get_abi: fix source path leak mmc: core: Use mrq.sbc in close-ended ffu mmc: mmc_spi: remove custom DMA mapped buffers rtc: Adjust failure return code for cmos_set_alarm() nouveau/vmm: don't set addr on the fail path to avoid warning ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path rename(): fix the locking of subdirectories block: Remove special-casing of compound pages stddef: Introduce DECLARE_FLEX_ARRAY() helper smb3: Replace smb2pdu 1-element arrays with flex-arrays mm: vmalloc: introduce array allocation functions KVM: use __vcalloc for very large allocations net/smc: fix illegal rmb_desc access in SMC-D connection dump tcp: make sure init the accept_queue's spinlocks once bnxt_en: Wait for FLR to complete during probe vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING llc: make llc_ui_sendmsg() more robust against bonding changes llc: Drop support for ETH_P_TR_802_2. net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv tracing: Ensure visibility when inserting an element into tracing_map afs: Hide silly-rename files from userspace tcp: Add memory barrier to tcp_push() netlink: fix potential sleeping issue in mqueue_flush_file ipv6: init the accept_queue's spinlocks in inet6_create net/mlx5: DR, Use the right GVMI number for drop action net/mlx5e: fix a double-free in arfs_create_groups netfilter: nf_tables: restrict anonymous set and map names to 16 bytes netfilter: nf_tables: validate NFPROTO_* family net: mvpp2: clear BM pool before initialization selftests: netdevsim: fix the udp_tunnel_nic test fjes: fix memleaks in fjes_hw_setup net: fec: fix the unhandled context fault from smmu btrfs: ref-verify: free ref cache before clearing mount opt btrfs: tree-checker: fix inline ref size in error messages btrfs: don't warn if discard range is not aligned to sector btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't abort filesystem when attempting to snapshot deleted subvolume rbd: don't move requests to the running list on errors exec: Fix error handling in begin_new_exec() wifi: iwlwifi: fix a memory corruption netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain netfilter: nf_tables: reject QUEUE/DROP verdict parameters gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 drm: Don't unref the same fb many times by mistake due to deadlock handling drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm/tidss: Fix atomic_flush check drm/bridge: nxp-ptn3460: simplify some error checking PM: sleep: Use dev_printk() when possible PM: sleep: Avoid calling put_device() under dpm_list_mtx PM: core: Remove unnecessary (void *) conversions PM: sleep: Fix possible deadlocks in core system-wide PM code fs/pipe: move check to pipe_has_watch_queue() pipe: wakeup wr_wait after setting max_usage ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts arm64: dts: qcom: sc7180: fix USB wakeup interrupt types media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run mm: use __pfn_to_section() instead of open coding it mm/sparsemem: fix race in accessing memory_section->usage btrfs: remove err variable from btrfs_delete_subvolume btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] drm/exynos: fix accidental on-stack copy of exynos_drm_plane drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume gpio: eic-sprd: Clear interrupt after set the interrupt type spi: bcm-qspi: fix SFDP BFPT read by usig mspi read mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan tick/sched: Preserve number of idle sleeps across CPU hotplug events x86/entry/ia32: Ensure s32 is sign extended to s64 powerpc/mm: Fix null-pointer dereference in pgtable_cache_add drivers/perf: pmuv3: don't expose SW_INCR event in sysfs powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() x86/boot: Ignore NMIs during very early boot powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE powerpc/lib: Validate size for vector operations x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file debugobjects: Stop accessing objects after releasing hash bucket lock regulator: core: Only increment use_count when enable_count changes audit: Send netlink ACK before setting connection in auditd_set ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop PNP: ACPI: fix fortify warning ACPI: extlog: fix NULL pointer dereference check PM / devfreq: Synchronize devfreq_monitor_[start/stop] ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree UBSAN: array-index-out-of-bounds in dtSplitRoot jfs: fix slab-out-of-bounds Read in dtSearch jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix uaf in jfs_evict_inode pstore/ram: Fix crash when setting number of cpus to an odd number crypto: stm32/crc32 - fix parsing list of devices afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() jfs: fix array-index-out-of-bounds in diNewExt s390/ptrace: handle setting of fpc register correctly KVM: s390: fix setting of fpc register SUNRPC: Fix a suspicious RCU usage warning ecryptfs: Reject casefold directory inodes ext4: fix inconsistent between segment fstrim and full fstrim ext4: unify the type of flexbg_size to unsigned int ext4: remove unnecessary check from alloc_flex_gd() ext4: avoid online resizing failures due to oversized flex bg wifi: rt2x00: restart beacon queue when hardware reset selftests/bpf: satisfy compiler by having explicit return in btf test selftests/bpf: Fix pyperf180 compilation failure with clang18 scsi: lpfc: Fix possible file string name overflow when updating firmware PCI: Add no PM reset quirk for NVIDIA Spectrum devices bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk scsi: arcmsr: Support new PCI device IDs 1883 and 1886 ARM: dts: imx7d: Fix coresight funnel ports ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7s: Fix nand-controller #size-cells wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() bpf: Add map and need_defer parameters to .map_fd_put_ptr() scsi: libfc: Don't schedule abort twice scsi: libfc: Fix up timeout error in fc_fcp_rec_error() bpf: Set uattr->batch.count as zero before batched update or deletion ARM: dts: rockchip: fix rk3036 hdmi ports node ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx27: Fix sram node ARM: dts: imx1: Fix sram node ionic: pass opcode to devcmd_wait block/rnbd-srv: Check for unlikely string overflow ARM: dts: imx25: Fix the iim compatible string ARM: dts: imx25/27: Pass timing0 ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx23/28: Fix the DMA controller node name net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path block: prevent an integer overflow in bvec_try_merge_hw_page md: Whenassemble the array, consult the superblock of the freshest device arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: cfg80211: free beacon_ies when overridden from hidden BSS Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Bluetooth: L2CAP: Fix possible multiple reject send i40e: Fix VF disable behavior to block all traffic f2fs: fix to check return value of f2fs_reserve_new_block() ALSA: hda: Refer to correct stream index at loops ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument fast_dput(): handle underflows gracefully RDMA/IPoIB: Fix error code return in ipoib_mcast_join drm/amd/display: Fix tiled display misalignment f2fs: fix write pointers on zoned device after roll forward drm/drm_file: fix use of uninitialized variable drm/framebuffer: Fix use of uninitialized variable drm/mipi-dsi: Fix detach call without attach media: stk1160: Fixed high volume of stk1160_dbg messages media: rockchip: rga: fix swizzling for RGB formats PCI: add INTEL_HDA_ARL to pci_ids.h ALSA: hda: Intel: add HDA_ARL PCI ID support ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time IB/ipoib: Fix mcast list locking media: ddbridge: fix an error code problem in ddb_probe drm/msm/dpu: Ratelimit framedone timeout msgs clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 drm/amdgpu: Let KFD sync with VM fences drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' leds: trigger: panic: Don't register panic notifier if creating the trigger failed um: Fix naming clash between UML and scheduler um: Don't use vfprintf() for os_info() um: net: Fix return type of uml_net_start_xmit() i3c: master: cdns: Update maximum prescaler value for i2c clock xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import mfd: ti_am335x_tscadc: Fix TI SoC dependencies PCI: Only override AMD USB controller if required PCI: switchtec: Fix stdev_release() crash after surprise hot remove usb: hub: Replace hardcoded quirk value with BIT() macro tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE fs/kernfs/dir: obey S_ISGID PCI/AER: Decode Requester ID when no error info found libsubcmd: Fix memory leak in uniq() virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings blk-mq: fix IO hang from sbitmap wakeup race ceph: fix deadlock or deadcode of misusing dget() drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' perf: Fix the nr_addr_filters fix wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update drm: using mul_u32_u32() requires linux/math64.h scsi: isci: Fix an error code problem in isci_io_request_build() scsi: core: Introduce enum scsi_disposition scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler ip6_tunnel: use dev_sw_netstats_rx_add() ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() net-zerocopy: Refactor frag-is-remappable test. tcp: add sanity checks to rx zerocopy ixgbe: Remove non-inclusive language ixgbe: Refactor returning internal error codes ixgbe: Refactor overtemp event handling ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ipv6: Ensure natural alignment of const ipv6 loopback and router addresses llc: call sock_orphan() at release time netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations net: ipv4: fix a memleak in ip_setup_cork af_unix: fix lockdep positive in sk_diag_dump_icons() net: sysfs: Fix /sys/class/net/<iface> path HID: apple: Add support for the 2021 Magic Keyboard HID: apple: Add 2021 magic keyboard FN key mapping bonding: remove print in bond_verify_device_path uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ PM: sleep: Fix error handling in dpm_prepare() dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools dmaengine: ti: k3-udma: Report short packet errors dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA phy: renesas: rcar-gen3-usb2: Fix returning wrong error code dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case net: stmmac: xgmac: fix handling of DPP safety error for DMA channels selftests: net: avoid just another constant wait tunnels: fix out of bounds access when building IPv6 PMTU error atm: idt77252: fix a memleak in open_card_ubr0 hwmon: (aspeed-pwm-tacho) mutex for tach reading hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping inet: read sk->sk_family once in inet_recv_error() rxrpc: Fix response to PING RESPONSE ACKs to a dead call tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() ppp_async: limit MRU to 64K netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_ct: reject direction for ct id netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: remove scratch_aligned pointer scsi: core: Move scsi_host_busy() out of host lock if it is for per-command blk-iocost: Fix an UBSAN shift-out-of-bounds warning net/af_iucv: clean up a try_then_request_module() USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e USB: serial: option: add Fibocom FM101-GL variant USB: serial: cp210x: add ID for IMST iM871A-USB usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK hrtimer: Report offline hrtimer enqueue Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID vhost: use kzalloc() instead of kmalloc() followed by memset() clocksource: Skip watchdog check for large watchdog intervals net: stmmac: xgmac: use #define for string constants net: stmmac: xgmac: fix a typo of register name in DPP safety handling netfilter: nft_set_rbtree: skip end interval element from gc btrfs: forbid creating subvol qgroups btrfs: do not ASSERT() if the newly created subvolume already got read btrfs: forbid deleting live subvol qgroup btrfs: send: return EOPNOTSUPP on unknown flags of: unittest: Fix compile in the non-dynamic case net: openvswitch: limit the number of recursions from action sets spi: ppc4xx: Drop write-only variable ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() net: sysfs: Fix /sys/class/net/<iface> path for statistics MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler i40e: Fix waiting for queues of all VSIs to be disabled tracing/trigger: Fix to return error if failed to alloc snapshot mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx HID: wacom: generic: Avoid reporting a serial of '0' to userspace HID: wacom: Do not register input devices until after hid_hw_start usb: ucsi_acpi: Fix command completion handling USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT usb: f_mass_storage: forbid async queue when shutdown happen media: ir_toy: fix a memleak in irtoy_tx powerpc/kasan: Fix addr error caused by page alignment i2c: i801: Remove i801_set_block_buffer_mode i2c: i801: Fix block process call transactions modpost: trim leading spaces when processing source files list scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" lsm: fix the logic in security_inode_getsecctx() firewire: core: correct documentation of fw_csr_string() kernel API kbuild: Fix changing ELF file type for output of gen_btf for big endian nfc: nci: free rx_data_reassembly skb on NCI device cleanup net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() xen-netback: properly sync TX responses ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL binder: signal epoll threads of self-work misc: fastrpc: Mark all sessions as invalid in cb_remove ext4: fix double-free of blocks due to wrong extents moved_len tracing: Fix wasted memory in saved_cmdlines logic staging: iio: ad5933: fix type mismatch regression iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC iio: accel: bma400: Fix a compilation problem media: rc: bpf attach/detach requires write permission hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove ring-buffer: Clean ring_buffer_poll_wait() error return serial: max310x: set default value when reading clock ready bit serial: max310x: improve crystal stable clock detection x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 x86/mm/ident_map: Use gbpages only where full GB page should be mapped. mmc: slot-gpio: Allow non-sleeping GPIO ro ALSA: hda/conexant: Add quirk for SWS JS201D nilfs2: fix data corruption in dsync block recovery for small block sizes nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked nfp: use correct macro for LengthSelect in BAR config nfp: flower: prevent re-adding mac index for bonded port wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() irqchip/irq-brcmstb-l2: Add write memory barrier before exit irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update s390/qeth: Fix potential loss of L3-IP@ in case of network issues ceph: prevent use-after-free in encode_cap_msg() of: property: fix typo in io-channels can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) pmdomain: core: Move the unused cleanup to a _sync initcall tracing: Inform kmemleak of saved_cmdlines allocation Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" bus: moxtet: Add spi device table PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support mips: Fix max_mapnr being uninitialized on early stages crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init serial: Add rs485_supported to uart_port serial: 8250_exar: Fill in rs485_supported serial: 8250_exar: Set missing rs485_supported flag scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm scripts/decode_stacktrace.sh: support old bash version scripts: decode_stacktrace: demangle Rust symbols scripts/decode_stacktrace.sh: optionally use LLVM utilities netfilter: ipset: fix performance regression in swap operation netfilter: ipset: Missing gc cancellations fixed hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" net: prevent mss overflow in skb_segment() sched/membarrier: reduce the ability to hammer on sys_membarrier nilfs2: fix potential bug in end_buffer_async_write nilfs2: replace WARN_ONs for invalid DAT metadata block requests dm: limit the number of targets and parameter size area PM: runtime: add devm_pm_runtime_enable helper PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() drm/msm/dsi: Enable runtime PM netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() net: bcmgenet: Fix EEE implementation PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Linux 5.10.210 Change-Id: I5e7327f58dd6abd26ac2b1e328a81c1010d1147c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-04-10 07:10:03 +00:00
Carlos Galo	ecd8068fb4	BACKPORT: mm: update mark_victim tracepoints fields ... The current implementation of the mark_victim tracepoint provides only the process ID (pid) of the victim process. This limitation poses challenges for userspace tools requiring real-time OOM analysis and intervention. Although this information is available from the kernel logs, it’s not the appropriate format to provide OOM notifications. In Android, BPF programs are used with the mark_victim trace events to notify userspace of an OOM kill. For consistency, update the trace event to include the same information about the OOMed victim as the kernel logs. - UID In Android each installed application has a unique UID. Including the `uid` assists in correlating OOM events with specific apps. - Process Name (comm) Enables identification of the affected process. - OOM Score Will allow userspace to get additional insight of the relative kill priority of the OOM victim. In Android, the oom_score_adj is used to categorize app state (foreground, background, etc.), which aids in analyzing user-perceptible impacts of OOM events [1]. - Total VM, RSS Stats, and pgtables Amount of memory used by the victim that will, potentially, be freed up by killing it. [1] 246dc8fc95:frameworks/base/services/core/java/com/android/server/am/ProcessList.java;l=188-283 Signed-off-by: Carlos Galo <carlosgalo@google.com> Reviewed-by: Steven Rostedt <rostedt@goodmis.org> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Michal Hocko <mhocko@suse.com> Cc: "Masami Hiramatsu (Google)" <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Bug: 331214192 (cherry picked from commit 72ba14deb40a9e9668ec5e66a341ed657e5215c2) [ carlosgalo: Manually added struct cred change in mark_oom_victim function ] Link: https://lore.kernel.org/all/20240223173258.174828-1-carlosgalo@google.com/ Change-Id: I24f503ceca04b83f8abf42fcd04a3409e17be6b5	2024-04-08 18:40:58 +00:00
Carlos Galo	4571e647cc	Revert "FROMGIT: BACKPORT: mm: update mark_victim tracepoints fields" ... This reverts commit 050c668fef. Reason for revert: b/331214192 Signed-off-by: Carlos Galo <carlosgalo@google.com> Change-Id: I64e551ef5114f602c3300ed576de61ab3332ffc2	2024-04-08 18:38:42 +00:00
Greg Kroah-Hartman	17d3242550	Merge tag 'android12-5.10.209_r00' into android12-5.10 ... This merges up to the 5.10.209 LTS release into the android12-5.10 branch. included in here are the following commits: * f5f23fd864 ANDROID: GKI: db845c: Update symbols list and ABI * 717f23122d Merge "Merge branch 'android12-5.10' into branch 'android12-5.10-lts'" into android12-5.10-lts |\ | * 10896fff34 Merge branch 'android12-5.10' into branch 'android12-5.10-lts' * | 6f5d6d6de5 UPSTREAM: drm/msm/dsi: Enable runtime PM * | 5a2e61dcbd UPSTREAM: PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() * | cb06375abb UPSTREAM: PM: runtime: add devm_pm_runtime_enable helper |/ * 7edcfba384 Revert "clk: fixed-rate: add devm_clk_hw_register_fixed_rate" * a8a9ceb11a Revert "clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw" * 7e6944b050 Merge 5.10.209 into android12-5.10-lts |\ | * 16ad71c250 Linux 5.10.209 | * 66e4f4a847 arm64: dts: armada-3720-turris-mox: set irq type for RTC | * 2e23761beb i2c: s3c24xx: fix transferring more than one message in polling mode | * da60686bab i2c: s3c24xx: fix read transfers in polling mode | * 8ba74e9016 selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes | * 3e1ca80659 selftests: mlxsw: qos_pfc: Convert to iproute2 dcb | * 56750ea5d1 mlxsw: spectrum_acl_tcam: Fix stack corruption | * a9b233b287 mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations | * d3669ebc4c mlxsw: spectrum_acl_tcam: Make fini symmetric to init | * a557dbda64 mlxsw: spectrum_acl_tcam: Add missing mutex_destroy() | * 936d06d699 mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable | * e8bfdf6301 mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure | * f90b1cebc4 ethtool: netlink: Add missing ethnl_ops_begin/complete | * b44e1aec80 kdb: Fix a potential buffer overflow in kdb_local() | * 977c2cf563 ipvs: avoid stat macros calls from preemptible context | * 00a86f81c8 netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description | * 9a4d25267d netfilter: nf_tables: skip dead set elements in netlink dump | * 2d4c0798a1 netfilter: nf_tables: do not allow mismatch field size and set key length | * b099b495e1 net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe | * 6c8a5bbca6 net: ravb: Fix dma_addr_t truncation in error case | * ba77c8b4e1 net: phy: micrel: populate .soft_reset for KSZ9131 | * 1658d7a7a2 net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames | * 2295c22348 net: qualcomm: rmnet: fix global oob in rmnet_policy | * b55808b96e s390/pci: fix max size calculation in zpci_memcpy_toio() | * 178b437344 PCI: keystone: Fix race condition when initializing PHYs | * 0de2e62067 nvmet-tcp: Fix the H2C expected PDU len calculation | * 172276460a serial: imx: Correct clock error message in function probe() | * 5ff00408e5 apparmor: avoid crash when parsed profile name is empty | * 866d32bff0 perf env: Avoid recursively taking env->bpf_progs.lock | * 39669fae69 nvmet-tcp: fix a crash in nvmet_req_complete() | * f775f2621c nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length | * 1550b870ae usb: cdc-acm: return correct error code on unsupported break | * d7c74b010a tty: use 'if' in send_break() instead of 'goto' | * 3483ca0390 tty: don't check for signal_pending() in send_break() | * 2cf81d3440 tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK | * 4e76dbd7c3 tty: change tty_write_lock()'s ndelay parameter to bool | * abcc25a237 perf genelf: Set ELF program header addresses properly | * 1e17feb4ad iio: adc: ad9467: fix scale setting | * a3167e5ab5 iio: adc: ad9467: don't ignore error codes | * 00e916d998 iio: adc: ad9467: fix reset gpio handling | * 8083d68401 iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify | * 6e04a9d305 serial: imx: fix tx statemachine deadlock | * 6746f3e893 software node: Let args be NULL in software_node_get_reference_args | * 381bea33a8 acpi: property: Let args be NULL in __acpi_node_get_property_reference | * 7166e8e913 libapi: Add missing linux/types.h header to get the __u64 type on io.h | * bc57f3ef8a serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed | * 89b97e6b19 power: supply: cw2015: correct time_to_empty units in sysfs | * 5e3995ec39 MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() | * c3ed63f6a1 MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() | * 9995dee8b9 mips: Fix incorrect max_low_pfn adjustment | * 5cdda6239c mips: dmi: Fix early remap on MIPS32 | * b152868773 leds: aw2013: Select missing dependency REGMAP_I2C | * 927626a207 mfd: syscon: Fix null pointer dereference in of_syscon_register() | * c964a0597b HID: wacom: Correct behavior when processing some confidence == false touches | * c7883c9f83 iio: adc: ad7091r: Pass iio_dev to event handler | * ba7be66674 KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache | * 9b5a278594 KVM: arm64: vgic-v4: Restore pending state on host userspace write | * 7521ea8f62 x86/kvm: Do not try to disable kvmclock if it was not enabled | * 322c5fe40f wifi: mwifiex: configure BSSID consistently when starting AP | * ba8a4fba62 wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors | * 3dc3122b0b wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code | * 5e9142b6a2 iommu/arm-smmu-qcom: Add missing GMU entry to match table | * 394c6c0b6d Bluetooth: Fix atomicity violation in {min,max}_key_size_set | * 3b8d7a1b85 rootfs: Fix support for rootfstype= when root= is given | * 8c0b563e9b io_uring/rw: ensure io->bytes_done is always initialized | * daa61bacd3 pwm: jz4740: Don't use dev_err_probe() in .request() | * a7d4ec5672 fbdev: flush deferred work in fb_deferred_io_fsync() | * ff2d54d9cc ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx | * b5c2a32621 ALSA: oxygen: Fix right channel of capture volume mixer | * 57f34589e9 serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock | * b7747ca58e usb: mon: Fix atomicity violation in mon_bin_vma_fault | * 5e5ab50eff usb: typec: class: fix typec_altmode_put_partner to put plugs | * baaa6d8e3f Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" | * f5c09e1d6e usb: chipidea: wait controller resume finished for wakeup irq | * 084de4c659 Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" | * 1af0423587 Revert "usb: dwc3: Soft reset phy on probe for host" | * 3253888660 usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart | * e70b17282a usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() | * d65cade544 tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug | * 7e7a0d8654 binder: fix race between mmput() and do_exit() | * cce8ba6fa4 xen-netback: don't produce zero-size SKB frags | * d1e68ad279 net: ethernet: mtk_eth_soc: remove duplicate if statements | * 8a29463915 kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list | * c02cdc2c5e Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" | * 79026a2d0a virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() | * dfdb686d1b virtio-crypto: fix memory-leak | * c3b3389ad0 dma-mapping: Fix build error unused-value | * 0dfe57f1f2 Input: atkbd - use ab83 as id when skipping the getid command | * c8c1158ffb binder: fix use-after-free in shinker's callback | * abbb909287 binder: fix unused alloc->free_async_space | * fa62c9050e binder: fix async space check for 0-sized buffers | * 4533e7623e keys, dns: Fix size check of V1 server-list header | * 9e8a31c1aa of: unittest: Fix of_count_phandle_with_args() expected value message | * d5f490343c of: Fix double free in of_parse_phandle_with_args_map | * c9ee325bae IB/iser: Prevent invalidating wrong MR | * bedecbb5a5 mmc: sdhci_omap: Fix TI SoC dependencies | * 613af7d576 mmc: sdhci_am654: Fix TI SoC dependencies | * 8da3a51f74 pwm: stm32: Fix enable count for clk in .probe() | * e33e1bdbe6 pwm: stm32: Use hweight32 in stm32_pwm_detect_channels | * 5af4ce2a54 pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable | * bed5ec2a59 clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw | * 764b78b927 clk: fixed-rate: add devm_clk_hw_register_fixed_rate | * e5236e58cc clk: si5341: fix an error code problem in si5341_output_clk_set_rate | * 428381fbcb watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused | * d83662bb90 watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling | * 6c93290da9 watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO | * cbc15095d1 watchdog: set cdev owner before adding | * e4f4a2cb74 drivers: clk: zynqmp: update divider round rate logic | * af0b86199b clk: zynqmp: Add a check for NULL pointer | * 45b4ea38c9 clk: zynqmp: make bestdiv unsigned | * 7fdcd873c0 drivers: clk: zynqmp: calculate closest mux rate | * 6cccbfafc0 clk: qcom: videocc-sm8150: Add missing PLL config property | * 84ee04572f clk: qcom: videocc-sm8150: Update the videocc resets | * 74bbdacf1b dt-bindings: clock: Update the videocc resets for sm8150 | * 0c8ba6937a gpu/drm/radeon: fix two memleaks in radeon_vm_init | * 520e213a0b drivers/amd/pm: fix a use-after-free in kv_parse_power_table | * aeed2b4e4a drm/amd/pm: fix a double-free in si_dpm_init | * d53fee9e34 drm/amdgpu/debugfs: fix error code when smc register accessors are NULL | * 56a79c68b5 media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() | * b5ebb9b4c1 media: dvbdev: drop refcount on error path in dvb_device_open() | * 9284f409e4 f2fs: fix to update iostat correctly in f2fs_filemap_fault() | * 40d36882c7 f2fs: fix to check compress file in f2fs_move_file_range() | * b864287581 media: rkisp1: Disable runtime PM in probe error path | * 962b35733b clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config | * 21a30b5969 media: cx231xx: fix a memleak in cx231xx_init_isoc | * abd50cebf9 drm/bridge: tc358767: Fix return value on error case | * 3f6932b5ba drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table | * e646308eda drm/radeon/dpm: fix a memleak in sumo_parse_power_table | * 57ca798480 drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() | * c20a6aa0a3 drm/drv: propagate errors from drm_modeset_register_all() | * da5e0feb12 drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks | * b704eabe87 drm/msm/mdp4: flush vblank event on disable | * 96f5856867 ASoC: cs35l34: Fix GPIO name and drop legacy include | * defe0327f5 ASoC: cs35l33: Fix GPIO name and drop legacy include | * 1421b06618 drm/radeon: check return value of radeon_ring_lock() | * 9924469212 drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() | * ca267f79a5 drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() | * 6f866885e1 f2fs: fix to avoid dirent corruption | * 13ea8af957 drm/bridge: Fix typo in post_disable() description | * 3233d8bf78 media: pvrusb2: fix use after free on context disconnection | * 53926e2a39 drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function | * 1eb7ceae48 drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer | * b1a07165be rcu: Create an unrcu_pointer() to remove __rcu from a pointer | * 1d1d5b90ea drm/panel-elida-kd35t133: hold panel in reset for unprepare | * 7794c14812 RDMA/usnic: Silence uninitialized symbol smatch warnings | * d807f4ef22 ARM: davinci: always select CONFIG_CPU_ARM926T | * da23bd709b ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() | * 4e09df9b24 Bluetooth: btmtkuart: fix recv_buf() return value | * fd54d16613 Bluetooth: Fix bogus check for re-auth no supported with non-ssp | * 15be96e1a6 netfilter: nf_tables: mark newset as dead on transaction abort | * 6f39bea662 wifi: rtlwifi: rtl8192se: using calculate_bit_shift() | * c713826653 wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() | * 99f56c3f7c wifi: rtlwifi: rtl8192de: using calculate_bit_shift() | * b75b68dde5 rtlwifi: rtl8192de: make arrays static const, makes object smaller | * df14e43219 wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() | * 016781c16e wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() | * bf277a76d3 wifi: rtlwifi: rtl8192c: using calculate_bit_shift() | * 483c975e40 wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() | * 31b651a7a1 wifi: rtlwifi: add calculate_bit_shift() | * 64299791d0 dma-mapping: clear dev->dma_mem to NULL after freeing it | * a6dd109564 dma-mapping: Add dma_release_coherent_memory to DMA API | * ad43344ab4 virtio/vsock: fix logic which reduces credit update messages | * 30ae0c6631 selftests/net: fix grep checking for fib_nexthop_multiprefix | * 7a0f8295e7 scsi: hisi_sas: Replace with standard error code return value | * afea95d319 bpf: Fix verification of indirect var-off stack access | * 419ab8f74a arm64: dts: qcom: sdm845-db845c: correct LED panic indicator | * 812cebdc5f arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator | * ba31bb08c1 scsi: fnic: Return error if vmalloc() failed | * 2757f17972 bpf: fix check for attempt to corrupt spilled pointer | * 7e98bbeb07 arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type | * d49863ed28 wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior | * 2799324d92 firmware: meson_sm: populate platform devices from sm device tree data | * 3959dbb375 firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() | * 01f9feb5ed net/ncsi: Fix netlink major/minor version numbers | * 7bcddd12a9 ncsi: internal.h: Fix a spello | * ae98b7f7bb ARM: dts: qcom: apq8064: correct XOADC register address | * 4675cacd6b wifi: libertas: stop selecting wext | * 24d8aef5d9 wifi: ath11k: Defer on rproc_get failure | * 91f3111558 bpf: Add crosstask check to __bpf_get_stack | * d5d181df8d bpf, lpm: Fix check prefixlen before walking trie | * eb0eac5736 wifi: rtw88: fix RX filter in FIF_ALLMULTI flag | * d8caf15ab1 NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT | * 722c700dd8 blocklayoutdriver: Fix reference leak of pnfs_device_node | * 4518dc468c crypto: scomp - fix req->dst buffer overflow | * 1798c8fd00 crypto: sahara - do not resize req->src when doing hash operations | * 67ae336f3b crypto: sahara - fix processing hash requests with req->nbytes < sg->length | * b3287c8a7e crypto: sahara - improve error handling in sahara_sha_process() | * 98985edab6 crypto: sahara - fix wait_for_completion_timeout() error handling | * 69451bf97c crypto: sahara - fix ahash reqsize | * d8d9580831 crypto: sahara - handle zero-length aes requests | * b839648d05 crypto: sahara - avoid skcipher fallback code duplication | * 14f57a013a crypto: virtio - Wait for tasklet to complete on device remove | * 5c28478af3 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump | * 57c7b331f0 gfs2: Also reflect single-block allocations in rgd->rd_extfail_pt | * 22f63f9bc8 Revert "gfs2: Don't reject a supposedly full bitmap if we have blocks reserved" | * cd48d2a8e6 fs: indicate request originates from old mount API | * acd413da3e pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() | * c60fd7a663 crypto: sahara - fix error handling in sahara_hw_descriptor_create() | * 25b7ca747b crypto: sahara - fix processing requests with cryptlen < sg->length | * fc91d32c7d crypto: sahara - fix ahash selftest failure | * 4f4786b818 crypto: sahara - fix cbc selftest failure | * ccdb86c339 crypto: sahara - remove FLAGS_NEW_KEY logic | * 7f807dc073 crypto: af_alg - Disallow multiple in-flight AIO requests | * 97f9d0455b crypto: ccp - fix memleak in ccp_init_dm_workarea | * 95586bb74b crypto: sa2ul - Return crypto_aead_setkey to transfer the error | * 0eb69890e8 crypto: virtio - Handle dataq logic with tasklet | * 0dee72f9b7 virtio-crypto: wait ctrl queue instead of busy polling | * 4ee475e76b virtio-crypto: use private buffer for control request | * 7d386768ef virtio-crypto: change code style | * 1ff5742889 virtio-crypto: implement RSA algorithm | * f32dfee5a6 virtio-crypto: introduce akcipher service | * b2092cdcda virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC | * 1bc7a682ed selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket | * 001a3f59d8 mtd: Fix gluebi NULL pointer dereference caused by ftl notifier | * 1d7b39c842 ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error | * 46e3dc02a4 spi: sh-msiof: Enforce fixed DTDL for R-Car H3 | * 94c742324e efivarfs: force RO when remounting if SetVariable is not supported | * 44a88650ba calipso: fix memory leak in netlbl_calipso_add_pass() | * 5ac84b01a0 netlabel: remove unused parameter in netlbl_netlink_auditinfo() | * 47210a5754 net: netlabel: Fix kerneldoc warnings | * d5ce66bdf6 cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() | * fda1309205 cpufreq: Use of_property_present() for testing DT property presence | * ba7c7e3530 of: Add of_property_present() helper | * ded221bf4c of: property: define of_property_read_u{8,16,32,64}_array() unconditionally | * f39c3d578c ACPI: LPIT: Avoid u32 multiplication overflow | * c4e1a0ef0b ACPI: video: check for error while searching for backlight device parent | * 11ac297aba mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response | * f8df7c9886 spi: spi-zynqmp-gqspi: fix driver kconfig dependencies | * 5a669f3511 powerpc/imc-pmu: Add a null pointer check in update_events_in_group() | * a67a04ad05 powerpc/powernv: Add a null pointer check in opal_powercap_init() | * e6ad05e3ae powerpc/powernv: Add a null pointer check in opal_event_init() | * 1eefa93faf powerpc/powernv: Add a null pointer check to scom_debug_init_one() | * 428ab6a9dd selftests/powerpc: Fix error handling in FPU/VMX preemption tests | * b582aa1f66 powerpc/pseries/memhp: Fix access beyond end of drmem array | * f2ec41874b powerpc/pseries/memhotplug: Quieten some DLPAR operations | * 81dce186f1 powerpc/44x: select I2C for CURRITUCK | * d67339e9c8 powerpc: Remove in_kernel_text() | * ecbbd90e70 powerpc: add crtsavres.o to always-y instead of extra-y | * 6aa7865ba7 EDAC/thunderx: Fix possible out-of-bounds string access | * 36dbbfff28 x86/lib: Fix overflow when counting digits | * 83da4fc5aa coresight: etm4x: Fix width of CCITMIN field | * 67d3d17e31 PCI: Add ACS quirk for more Zhaoxin Root Ports | * e5457b54ad parport: parport_serial: Add Brainboxes device IDs and geometry | * 937293ff64 parport: parport_serial: Add Brainboxes BAR details | * 5e0be1229a uio: Fix use-after-free in uio_open | * 214aac202d binder: fix comment on binder_alloc_new_buf() return value | * 689f13128f binder: fix trivial typo of binder_free_buf_locked() | * e18d60757b binder: use EPOLLERR from eventpoll.h | * 19d949b37e ACPI: resource: Add another DMI match for the TongFang GMxXGxx | * f138fb6e64 drm/crtc: fix uninitialized variable use | * 7ba78e0823 ARM: sun9i: smp: fix return code check of of_property_match_string | * 01d8918415 net: qrtr: ns: Return 0 if server port is not present | * dbf8b0d938 ida: Fix crash in ida_free when the bitmap is empty | * d8a07ba130 i2c: rk3x: fix potential spinlock recursion on poll | * a57c59c85c Input: xpad - add Razer Wolverine V2 support | * 86e4e2eea4 ARC: fix spare error | * 9700ff5a4f s390/scm: fix virtual vs physical address confusion | * 6e17155869 Input: i8042 - add nomux quirk for Acer P459-G2-M | * b0e82ef611 Input: atkbd - skip ATKBD_CMD_GETID in translated mode | * 6f1614080f reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning | * 8d6913d050 ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI | * 439f3bbf75 tracing: Add size check when printing trace_marker output | * bc6619c9aa tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing | * c0f1db7380 jbd2: fix soft lockup in journal_finish_inode_data_buffers() | * cd94f81f77 neighbour: Don't let neigh_forced_gc() disable preemption for long | * 3887ba7198 drm/crtc: Fix uninit-value bug in drm_mode_setcrtc | * 956b740f3e jbd2: correct the printing of write_flags in jbd2_write_superblock() | * 656d684109 clk: rockchip: rk3128: Fix HCLK_OTG gate register | * 05644e6365 drm/exynos: fix a wrong error checking | * 0fc35b0d9f drm/exynos: fix a potential error pointer dereference | * fb2f34d939 nvme: introduce helper function to get ctrl state | * a8b1ddeeac ASoC: da7219: Support low DC impedance headset | * 1059aa41c5 net/tg3: fix race condition in tg3_reset_task() | * 44ad1b9eb3 nouveau/tu102: flush all pdbs on vmm flush | * ffe13302b8 ASoC: rt5650: add mutex to avoid the jack detection failure | * 8b50b177bf ASoC: cs43130: Fix incorrect frame delay configuration | * 921ff9f2b1 ASoC: cs43130: Fix the position of const qualifier | * 304529d564 ASoC: Intel: Skylake: mem leak in skl register function | * 1e31b47b2e ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 | * 9c89777c7d ASoC: Intel: Skylake: Fix mem leak in few functions | * c78083013b ASoC: wm8974: Correct boost mixer inputs | * 06a33eec1d nvme-core: check for too small lba shift | * 974f127fcf drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer | * 52a33dbeac debugfs: fix automount d_fsdata usage | * 65bde47aad mptcp: fix uninit-value in mptcp_incoming_options | * 6b00598b64 ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro | * 94e192054f pinctrl: lochnagar: Don't build on MIPS | * 3e47740091 f2fs: explicitly null-terminate the xattr list * | 62f62d810d Revert "ipv6: remove max_size check inline with ipv4" * | 08731a14db Merge "Merge 5.10.208 into android12-5.10-lts" into android12-5.10-lts |\ \ | * | 680475ab46 Merge 5.10.208 into android12-5.10-lts | |\| | | * 3fee45ee55 Linux 5.10.208 | | * 929ba86476 Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()" | | * 8a10841c1a PCI: Disable ATS for specific Intel IPU E2000 devices | | * b74a0c4ddf PCI: Extract ATS disabling to a helper function | | * 25d1e7be85 netfilter: nf_tables: Reject tables of unsupported family | | * 03585b18b7 drm/qxl: fix UAF on handle creation | | * dd56c5790d ipv6: remove max_size check inline with ipv4 | | * c6b2a6b827 net: tls, update curr on splice as well | | * d36b6b152f powerpc: update ppc_save_regs to save current r1 in pt_regs | | * ae64985e0e mmc: sdhci-sprd: Fix eMMC init failure after hw reset | | * f7796d76bd mmc: core: Cancel delayed work before releasing host | | * c29da60e1f mmc: rpmb: fixes pause retune on all RPMB partitions. | | * c82efcaad2 mmc: meson-mx-sdhc: Fix initialization frozen issue | | * 73704c6b35 mm: fix unmap_mapping_range high bits shift bug | | * 4aca0af447 i2c: core: Fix atomic xfer check for non-preempt config | | * 0ba8c7ef19 x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect | | * 23c006a760 firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards | | * 70168fdc74 mm/memory-failure: check the mapcount of the precise page | | * 18203c4484 net: Implement missing SO_TIMESTAMPING_NEW cmsg support | | * 701b03fc14 bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() | | * cfbf618e9a asix: Add check for usbnet_get_endpoints | | * 0fc5fe6e41 net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues | | * c492f9c7d3 net/qla3xxx: switch from 'pci_' to 'dma_' API | | * 53e92564c5 i40e: Restore VF MSI-X state during PCI reset | | * 6d3465c3dd ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux | | * e08399e812 ASoC: meson: g12a-toacodec: Fix event generation | | * 51e88b2cef ASoC: meson: g12a-tohdmitx: Validate written enum values | | * 85f8d007de ASoC: meson: g12a-toacodec: Validate written enum values | | * 21ecce2456 i40e: fix use-after-free in i40e_aqc_add_filters() | | * f8c03fd826 net: Save and restore msg_namelen in sock_sendmsg | | * 06ce3b8ec4 netfilter: nft_immediate: drop chain reference counter on error | | * cf3c516dec netfilter: nftables: add loop check helper function | | * 4366b7e1f5 net: bcmgenet: Fix FCS generation for fragmented skbuffs | | * d1eb795385 sfc: fix a double-free bug in efx_probe_filters | | * cb69cad457 ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init | | * 8abb7ab7cf net: sched: em_text: fix possible memory leak in em_text_destroy() | | * ecdfb0970c i40e: Fix filter input checks to prevent config with invalid values | | * 8d4ae760c7 drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern | | * 3ff482518b octeontx2-af: Fix marking couple of structure as __packed | | * 6adeb15cb6 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local | | * 74c9135d16 ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 | | * 132ba71b4e block: Don't invalidate pagecache for invalid falloc modes | | * ef1d1d7c10 keys, dns: Fix missing size check of V1 server-list header * | | 274aa12c42 ANDROID: db845c: Enable device tree overlay support |/ / * | c925f18af7 Merge 5.10.207 into android12-5.10-lts |\| | * 03a0e87f70 Linux 5.10.207 | * a7fd5c7ba4 scsi: core: Always send batch on reset or error handling command | * e30419672e Revert "scsi: core: Add scsi_prot_ref_tag() helper" | * f60f60e1de Revert "scsi: core: Introduce scsi_get_sector()" | * a5edb40702 Revert "scsi: core: Make scsi_get_lba() return the LBA" | * 2129297760 Revert "scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request" | * cea19678bf Revert "scsi: core: Use a structure member to track the SCSI command submitter" | * 6963d049a4 Revert "scsi: core: Always send batch on reset or error handling command" * | 3d0828af52 Revert "ANDROID: GKI: Fix abi break in struct scsi_cmd" * | ffc061ba7d ANDROID: GKI: Fix abi break in struct scsi_cmd * | 8a9d593fd6 Merge 5.10.206 into android12-5.10-lts |/ * cf13ba74e8 Linux 5.10.206 * 2df1e1887c spi: atmel: Fix PDC transfer setup bug * 2a0a658ed6 Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled * ecd50f820d Revert "MIPS: Loongson64: Enable DMA noncoherent support" * 9175341bd8 dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() * 73117ea033 netfilter: nf_tables: skip set commit for deleted/destroyed sets * 8bf79dec73 tracing: Fix blocked reader of snapshot buffer * 0afe420228 ring-buffer: Fix wake ups when buffer_percent is set to 100 * 9db5239d75 scsi: core: Always send batch on reset or error handling command * f2d30198c0 scsi: core: Use a structure member to track the SCSI command submitter * df83ca8e98 scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request * d054858a9c scsi: core: Make scsi_get_lba() return the LBA * f230e6d424 scsi: core: Introduce scsi_get_sector() * 294d66c35a scsi: core: Add scsi_prot_ref_tag() helper * 929f475eba spi: atmel: Fix CS and initialization bug * 23d9267c54 spi: atmel: Switch to transfer_one transfer method * db1b14eec8 Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg * 0c54b79d1d smb: client: fix OOB in smbCalcSize() * 203a412e52 smb: client: fix OOB in SMB2_query_info_init() * 79e158ddc3 usb: fotg210-hcd: delete an incorrect bounds test * da448f145f Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE * 4bc912140b Bluetooth: use inclusive language in SMP * e219c3110a Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg * cdbc4a1115 ARM: dts: Fix occasional boot hang for am3 usb * 1e2db0124c 9p/net: fix possible memory leak in p9_check_errors() * c4a22227f7 x86/alternatives: Sync core before enabling interrupts * 7d407ef183 lib/vsprintf: Fix %pfwf when current node refcount == 0 * 565fadc3ea bus: ti-sysc: Flush posted write only after srst_udelay * e50cfb5447 tracing / synthetic: Disable events after testing in synth_event_gen_test_init() * cd6e41593e dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp * 786788bb13 net: ks8851: Fix TX stall caused by TX buffer overrun * 391c1019a0 net: rfkill: gpio: set GPIO direction * 6d7b8e5a6d net: 9p: avoid freeing uninit memory in p9pdu_vreadf * 45b63f09ba Input: soc_button_array - add mapping for airplane mode button * 2aa744ad0e Bluetooth: L2CAP: Send reject on command corrupted request * 25a6fdd26d Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent * 71e1c76540 USB: serial: option: add Quectel RM500Q R13 firmware support * d521896bcc USB: serial: option: add Foxconn T99W265 with new baseline * d0cf8a4bee USB: serial: option: add Quectel EG912Y module support * f41f44cea9 USB: serial: ftdi_sio: update Actisense PIDs constant names * 20d84a1946 wifi: cfg80211: fix certs build to not depend on file order * 7a0a5cbfea wifi: cfg80211: Add my certificate * 9dcf50da59 iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() * abbebddb19 iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table * c40db29812 scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() * e3749f85fd Input: ipaq-micro-keys - add error handling for devm_kmemdup * b5f67cea27 iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw * 505df1c0ab interconnect: Treat xlate() returning NULL node as an error * cc5eec86a4 btrfs: do not allow non subvolume root targets for snapshot * bd267af18f smb: client: fix NULL deref in asn1_ber_decoder() * 41350e813a ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB * a4692c38cd ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 * e032ddb0e3 pinctrl: at91-pio4: use dedicated lock class for IRQ * 0b85149a9d i2c: aspeed: Handle the coalesced stop conditions with the start conditions. * 3dce7a52b2 afs: Fix overwriting of result of DNS query * 97be1e865e keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry * 9e0d18f946 net: check dev->gso_max_size in gso_features_check() * 59dc16ce09 net: warn if gso_type isn't set for a GSO SKB * 63ad66d484 afs: Fix dynamic root lookup DNS check * 65d2c287fc afs: Fix the dynamic root's d_delete to always delete unused dentries * a3218319ee net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() * 12e5a4719c net/rose: fix races in rose_kill_by_device() * be0988c9b0 ethernet: atheros: fix a memleak in atl1e_setup_ring_resources * 8b6f8bfe3a net: sched: ife: fix potential use-after-free * f245312e9f net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors * e8ba688a64 net/mlx5: Fix fw tracer first block check * fc4c53f8e9 net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() * 50aa92e699 Revert "net/mlx5e: fix double free of encap_header" * b851889e91 wifi: mac80211: mesh_plink: fix matches_local logic * 717f08fb51 s390/vx: fix save/restore of fpu kernel context * c48219fad1 reset: Fix crash when freeing non-existent optional resets * c999682ce8 ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init * dbc8edb80f smb: client: fix OOB in smb2_query_reparse_point() * bc3c57493b ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Updates the .xml file to track the new symbol that is required: Leaf changes summary: 1 artifact changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 1 Added function: [A] 'function int devm_pm_runtime_enable(device*)' Change-Id: I68d1c499f716926e1e84a98895170b9d192019e8 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-03-28 10:29:56 +00:00
Lokesh Gidra	a0b6273ec3	ANDROID: userfaultfd: abort uffdio ops if mmap_lock is contended ... Check if the mmap_lock is contended when looping over the pages that are requested to be filled. When it is observed, we rely on the already existing mechanism to return bytes copied/filled and -EAGAIN as error. This helps by avoiding contention of mmap_lock for long running userfaultfd operations. The userspace can perform other tasks before retrying the operation for the remaining pages. Bug: 320478828 Change-Id: I6d485fd03c96a826956ee3962e58058be3cf81c1 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>	2024-03-15 19:49:14 +00:00
Lokesh Gidra	e3aabbf867	ANDROID: userfaultfd: add MMAP_TRYLOCK mode for COPY/ZEROPAGE ... In case mmap_lock is contended, it is possible that userspace can spend time performing other tasks rather than waiting in uninterruptible-sleep state for the lock to become available. Even if no other task is available, it is better to yield or sleep rather than adding contention to already contended lock. We introduce MMAP_TRYLOCK mode so that when possible, userspace can request to use mmap_read_trylock(), returning -EAGAIN if and when it fails. Bug: 320478828 Change-Id: I2d196fd317e054af03dbd35ac1b0c7634cb370dc Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>	2024-03-15 19:49:14 +00:00
Mike Kravetz	05edf43452	mm/hugetlb: change hugetlb_reserve_pages() to type bool ... [ Upstream commit 33b8f84a4ee78491a8f4f9e4c5520c9da4a10983 ] While reviewing a bug in hugetlb_reserve_pages, it was noticed that all callers ignore the return value. Any failure is considered an ENOMEM error by the callers. Change the function to be of type bool. The function will return true if the reservation was successful, false otherwise. Callers currently assume a zero return code indicates success. Change the callers to look for true to indicate success. No functional change, only code cleanup. Link: https://lkml.kernel.org/r/20201221192542.15732-1-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: David Hildenbrand <david@redhat.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Stable-dep-of: e656c7a9e596 ("mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE") Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-03-15 10:48:22 -04:00
Jinjie Ruan	4955298720	UPSTREAM: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() ... When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed. So use damon_destroy_target to free all the damon_regions and damon_target. unreferenced object 0xffff888107c9a940 (size 64): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `............... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9af40 (size 64): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.011s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 20 a2 76 07 81 88 ff ff b8 a6 76 07 81 88 ff ff .v.......v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776a200 (size 56): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.011s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776a740 (size 56): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.025s) hex dump (first 32 bytes): 3d 00 00 00 00 00 00 00 3f 00 00 00 00 00 00 00 =.......?....... 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819bfcc2>] damon_set_regions+0x4c2/0x8e0 [<ffffffff819c7dbb>] damon_do_test_apply_three_regions.constprop.0+0xfb/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888108038240 (size 64): comm "kunit_try_catch", pid 1075, jiffies 4294670600 (age 733.022s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 03 00 00 00 6b 6b 6b 6b ............kkkk 48 ad 76 07 81 88 ff ff 98 ae 76 07 81 88 ff ff H.v.......v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c898d>] damon_test_apply_three_regions4+0x1cd/0x210 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776ad28 (size 56): comm "kunit_try_catch", pid 1075, jiffies 4294670600 (age 733.022s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819bfcc2>] damon_set_regions+0x4c2/0x8e0 [<ffffffff819c7dbb>] damon_do_test_apply_three_regions.constprop.0+0xfb/0x3e0 [<ffffffff819c898d>] damon_test_apply_three_regions4+0x1cd/0x210 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 Bug: 254441685 Link: https://lkml.kernel.org/r/20230925072100.3725620-1-ruanjinjie@huawei.com Fixes: 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables") Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Reviewed-by: SeongJae Park <sj@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 45120b15743fa7c0aa53d5db6dfb4c8f87be4abd) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: Iaf32fde644a1ce95a5f3f1261009feb30764f780	2024-03-13 13:35:31 +00:00
Lokesh Gidra	a905086c85	ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon ... Currently we bail out of speculative page fault when we detect that the fault address is in a userfaultfd registered vma. However, if userfaultfd is being used with UFFD_FEATURE_SIGBUS feature, then handle_userfault() doesn't do much and is easiest to handle with SPF. This patch lets MISSING userfaultfs on private anonymous mappings be allowed with SPF if UFFD_FEATURE_SIGBUS is used. With this patch we get >99% success rate for userfaults caused during userfaultfd GC's compaction phase. This translates into eliminating uninterruptible sleep time in do_page_fault() due to userfaults. Bug: 320478828 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Change-Id: Ic7fde0fde03602b35179bc0cf891ddbbc434190f (cherry picked from commit 582c6d188ec138d8ed9c6ef235bf5698d80d7d6b)	2024-03-05 19:08:29 +00:00
Lokesh Gidra	19087d70e9	userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb ... commit 67695f18d55924b2013534ef3bdc363bc9e14605 upstream. In mfill_atomic_hugetlb(), mmap_changing isn't being checked again if we drop mmap_lock and reacquire it. When the lock is not held, mmap_changing could have been incremented. This is also inconsistent with the behavior in mfill_atomic(). Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com Fixes: df2cc96e77 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Mike Rapoport <rppt@kernel.org> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: Brian Geffon <bgeffon@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Kalesh Singh <kaleshsingh@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Nicolas Geoffray <ngeoffray@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-03-01 13:16:43 +01:00
Zach O'Keefe	81e7d2530d	mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again ... commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78 upstream. (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the "is this a safe division" check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32) Link: https://lkml.kernel.org/r/20240118181954.1415197-1-zokeefe@google.com Fixes: f6789593d5 ("mm/page-writeback.c: fix divide by zero in bdi_dirty_limits()") Signed-off-by: Zach O'Keefe <zokeefe@google.com> Cc: Maxim Patlasov <MPatlasov@parallels.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-23 08:42:24 +01:00
Charan Teja Kalla	90ad17575d	mm/sparsemem: fix race in accessing memory_section->usage ... [ Upstream commit 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 ] The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When from other core, the section mappings are being removed for the ZONE_DEVICE region, that the PFN in question belongs to, on which compaction is currently being operated is resulting into the kernel crash with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1]. compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid(): valid_section()//return true (b)__remove_pages()-> sparse_remove_section()-> section_deactivate(): [Free the array ms->usage and set ms->usage = NULL] pfn_section_valid() [Access ms->usage which is NULL] NOTE: From the above it can be said that the race is reduced to between the pfn_valid()/pfn_section_valid() and the section deactivate with SPASEMEM_VMEMAP enabled. The commit b943f045a9af("mm/sparse: fix kernel crash with pfn_section_valid check") tried to address the same problem by clearing the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns false thus ms->usage is not accessed. Fix this issue by the below steps: a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage. b) RCU protected read side critical section will either return NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage. c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No attempt will be made to access ->usage after this as the SECTION_HAS_MEM_MAP is cleared thus valid_section() return false. Thanks to David/Pavan for their inputs on this patch. [1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/ On Snapdragon SoC, with the mentioned memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of issues daily while testing on a device farm. For this particular issue below is the log. Though the below log is not directly pointing to the pfn_section_valid(){ ms->usage;}, when we loaded this dump on T32 lauterbach tool, it is pointing. [ 540.578056] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 540.578068] Mem abort info: [ 540.578070] ESR = 0x0000000096000005 [ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits [ 540.578077] SET = 0, FnV = 0 [ 540.578080] EA = 0, S1PTW = 0 [ 540.578082] FSC = 0x05: level 1 translation fault [ 540.578085] Data abort info: [ 540.578086] ISV = 0, ISS = 0x00000005 [ 540.578088] CM = 0, WnR = 0 [ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--) [ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [ 540.579454] lr : compact_zone+0x994/0x1058 [ 540.579460] sp : ffffffc03579b510 [ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c [ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001 [ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000001 [ 540.579518] x2 : ffffffdebf7e3940 x1 : 0000000000235c00 x0 :0000000000235800 [ 540.579524] Call trace: [ 540.579527] __pageblock_pfn_to_page+0x6c/0x14c [ 540.579533] compact_zone+0x994/0x1058 [ 540.579536] try_to_compact_pages+0x128/0x378 [ 540.579540] __alloc_pages_direct_compact+0x80/0x2b0 [ 540.579544] __alloc_pages_slowpath+0x5c0/0xe10 [ 540.579547] __alloc_pages+0x250/0x2d0 [ 540.579550] __iommu_dma_alloc_noncontiguous+0x13c/0x3fc [ 540.579561] iommu_dma_alloc+0xa0/0x320 [ 540.579565] dma_alloc_attrs+0xd4/0x108 [quic_charante@quicinc.com: use kfree_rcu() in place of synchronize_rcu(), per David] Link: https://lkml.kernel.org/r/1698403778-20938-1-git-send-email-quic_charante@quicinc.com Link: https://lkml.kernel.org/r/1697202267-23600-1-git-send-email-quic_charante@quicinc.com Fixes: f46edbd1b1 ("mm/sparsemem: add helpers track active portions of a section at boot") Signed-off-by: Charan Teja Kalla <quic_charante@quicinc.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: David Hildenbrand <david@redhat.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Oscar Salvador <osalvador@suse.de> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-02-23 08:42:00 +01:00
Paolo Bonzini	95670878a6	mm: vmalloc: introduce array allocation functions ... commit a8749a35c39903120ec421ef2525acc8e0daa55c upstream. Linux has dozens of occurrences of vmalloc(array_size()) and vzalloc(array_size()). Allow to simplify the code by providing vmalloc_array and vcalloc, as well as the underscored variants that let the caller specify the GFP flags. Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alexander Ofitserov <oficerovas@altlinux.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-23 08:41:55 +01:00