b22678f8ef
36857 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
b22678f8ef |
Merge ddee5b4b6a ("mptcp: pm: avoid possible UaF when selecting endp") into android12-5.10-lts
Steps on the way to 5.10.226 Change-Id: I4ee8b8e793b6ecb98c7078125d994b46b1165c2e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Zheng Yejian
|
e3ad85c477 |
tracing: Avoid possible softlockup in tracing_iter_reset()
commit 49aa8a1f4d6800721c7971ed383078257f12e8f9 upstream.
In __tracing_open(), when max latency tracers took place on the cpu,
the time start of its buffer would be updated, then event entries with
timestamps being earlier than start of the buffer would be skipped
(see tracing_iter_reset()).
Softlockup will occur if the kernel is non-preemptible and too many
entries were skipped in the loop that reset every cpu buffer, so add
cond_resched() to avoid it.
Cc: stable@vger.kernel.org
Fixes:
|
||
Connor O'Brien
|
06e7be6934 |
bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
From: Daniel Borkmann <daniel@iogearbox.net>
commit 78cc316e9583067884eb8bd154301dc1e9ee945c upstream.
If cgroup_sk_alloc() is called from interrupt context, then just assign the
root cgroup to skcd->cgroup. Prior to commit 8520e224f547 ("bpf, cgroups:
Fix cgroup v2 fallback on v1/v2 mixed mode") we would just return, and later
on in sock_cgroup_ptr(), we were NULL-testing the cgroup in fast-path, and
iff indeed NULL returning the root cgroup (v ?: &cgrp_dfl_root.cgrp). Rather
than re-adding the NULL-test to the fast-path we can just assign it once from
cgroup_sk_alloc() given v1/v2 handling has been simplified. The migration from
NULL test with returning &cgrp_dfl_root.cgrp to assigning &cgrp_dfl_root.cgrp
directly does /not/ change behavior for callers of sock_cgroup_ptr().
syzkaller was able to trigger a splat in the legacy netrom code base, where
the RX handler in nr_rx_frame() calls nr_make_new() which calls sk_alloc()
and therefore cgroup_sk_alloc() with in_interrupt() condition. Thus the NULL
skcd->cgroup, where it trips over on cgroup_sk_free() side given it expects
a non-NULL object. There are a few other candidates aside from netrom which
have similar pattern where in their accept-like implementation, they just call
to sk_alloc() and thus cgroup_sk_alloc() instead of sk_clone_lock() with the
corresponding cgroup_sk_clone() which then inherits the cgroup from the parent
socket. None of them are related to core protocols where BPF cgroup programs
are running from. However, in future, they should follow to implement a similar
inheritance mechanism.
Additionally, with a !CONFIG_CGROUP_NET_PRIO and !CONFIG_CGROUP_NET_CLASSID
configuration, the same issue was exposed also prior to 8520e224f547 due to
commit
|
||
Nikita Kiryushin
|
17c43211d4 |
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
commit cc5645fddb0ce28492b15520306d092730dffa48 upstream.
There is a possibility of buffer overflow in
show_rcu_tasks_trace_gp_kthread() if counters, passed
to sprintf() are huge. Counter numbers, needed for this
are unrealistically high, but buffer overflow is still
possible.
Use snprintf() with buffer size instead of sprintf().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes:
|
||
|
Connor O'Brien
|
cf002be3b8 |
bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
From: Daniel Borkmann <daniel@iogearbox.net> commit 8520e224f547cd070c7c8f97b1fc6d58cff7ccaa upstream. Fix cgroup v1 interference when non-root cgroup v2 BPF programs are used. Back in the days, commit |
||
Rik van Riel
|
ff5af3f9b5 |
dma-debug: avoid deadlock between dma debug vs printk and netconsole
[ Upstream commit bd44ca3de49cc1badcff7a96010fa2c64f04868c ] Currently the dma debugging code can end up indirectly calling printk under the radix_lock. This happens when a radix tree node allocation fails. This is a problem because the printk code, when used together with netconsole, can end up inside the dma debugging code while trying to transmit a message over netcons. This creates the possibility of either a circular deadlock on the same CPU, with that CPU trying to grab the radix_lock twice, or an ABBA deadlock between different CPUs, where one CPU grabs the console lock first and then waits for the radix_lock, while the other CPU is holding the radix_lock and is waiting for the console lock. The trace captured by lockdep is of the ABBA variant. -> #2 (&dma_entry_hash[i].lock){-.-.}-{2:2}: _raw_spin_lock_irqsave+0x5a/0x90 debug_dma_map_page+0x79/0x180 dma_map_page_attrs+0x1d2/0x2f0 bnxt_start_xmit+0x8c6/0x1540 netpoll_start_xmit+0x13f/0x180 netpoll_send_skb+0x20d/0x320 netpoll_send_udp+0x453/0x4a0 write_ext_msg+0x1b9/0x460 console_flush_all+0x2ff/0x5a0 console_unlock+0x55/0x180 vprintk_emit+0x2e3/0x3c0 devkmsg_emit+0x5a/0x80 devkmsg_write+0xfd/0x180 do_iter_readv_writev+0x164/0x1b0 vfs_writev+0xf9/0x2b0 do_writev+0x6d/0x110 do_syscall_64+0x80/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 -> #0 (console_owner){-.-.}-{0:0}: __lock_acquire+0x15d1/0x31a0 lock_acquire+0xe8/0x290 console_flush_all+0x2ea/0x5a0 console_unlock+0x55/0x180 vprintk_emit+0x2e3/0x3c0 _printk+0x59/0x80 warn_alloc+0x122/0x1b0 __alloc_pages_slowpath+0x1101/0x1120 __alloc_pages+0x1eb/0x2c0 alloc_slab_page+0x5f/0x150 new_slab+0x2dc/0x4e0 ___slab_alloc+0xdcb/0x1390 kmem_cache_alloc+0x23d/0x360 radix_tree_node_alloc+0x3c/0xf0 radix_tree_insert+0xf5/0x230 add_dma_entry+0xe9/0x360 dma_map_page_attrs+0x1d2/0x2f0 __bnxt_alloc_rx_frag+0x147/0x180 bnxt_alloc_rx_data+0x79/0x160 bnxt_rx_skb+0x29/0xc0 bnxt_rx_pkt+0xe22/0x1570 __bnxt_poll_work+0x101/0x390 bnxt_poll+0x7e/0x320 __napi_poll+0x29/0x160 net_rx_action+0x1e0/0x3e0 handle_softirqs+0x190/0x510 run_ksoftirqd+0x4e/0x90 smpboot_thread_fn+0x1a8/0x270 kthread+0x102/0x120 ret_from_fork+0x2f/0x40 ret_from_fork_asm+0x11/0x20 This bug is more likely than it seems, because when one CPU has run out of memory, chances are the other has too. The good news is, this bug is hidden behind the CONFIG_DMA_API_DEBUG, so not many users are likely to trigger it. Signed-off-by: Rik van Riel <riel@surriel.com> Reported-by: Konstantin Ovsepian <ovs@meta.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
52c4910c65 |
ANDROID: fix up crc issue for cpuset_cpus_allowed()
In commit |
||
|
Greg Kroah-Hartman
|
4951c68022 |
Merge 5.10.225 into android12-5.10-lts
Changes in 5.10.225 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration thunderbolt: Mark XDomain as unplugged when router is removed s390/dasd: fix error recovery leading to data corruption on ESE devices arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure vfs: Don't evict inode under the inode lru traversing context bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() btrfs: tree-checker: add dev extent item checks drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops drm/amdgpu/jpeg2: properly set atomics vmid field s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() s390/uv: Panic for set and remove shared access UVC errors net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: axienet: Fix register defines comment description net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size netfilter: flowtable: initialise extack before use net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: mac80211: fix BA session teardown race wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero RDMA/rtrs: Fix the problem of variable not initialized fully s390/smp,mcck: fix early IPI handling media: radio-isa: use dev_name to fill in bus_info staging: iio: resolver: ad2s1210: fix use before initialization drm/amd/display: Validate hw_points_num before using it staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount media: qcom: venus: fix incorrect return value scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu nvmet-trace: avoid dereferencing pointer too early ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output drm/lima: set gp bus_stop bit before hard reset virtiofs: forbid newlines in tags netlink: hold nlk->cb_mutex longer in __netlink_dump_start() md: clean up invalid BUG_ON in md_ioctl x86: Increase brk randomness entropy for 64-bit systems memory: stm32-fmc2-ebi: check regmap_read return value parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access net: hns3: add checking for vf id of mailbox nvmet-tcp: do not continue for invalid icreq NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) dm suspend: return -ERESTARTSYS instead of -EINTR Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator tc-testing: don't access non-existent variable on exception kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ip6_tunnel: Fix broken GRO bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave ice: fix ICE_LAST_OFFSET formula net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: Fix out-of-bound access netem: fix return value if duplicate enqueue fails ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses drm/msm/dpu: don't play tricks with debug macros drm/msm/dp: reset the link phy params before link training mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() binfmt_misc: pass binfmt_misc flags to the interpreter MIPS: Loongson64: Set timer mode in cpu-probe HID: wacom: Defer calculation of resolution until resolution_code is known HID: microsoft: Add rumble support to latest xbox controllers cxgb4: add forgotten u64 ivlan cast before shift KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 mmc: dw_mmc: allow biu and ciu clocks to defer Revert "drm/amd/display: Validate hw_points_num before using it" ALSA: timer: Relax start tick time check for slave timer elements nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc KVM: arm64: Don't use cbz/adr with external symbols pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances mptcp: sched: check both backup in retrans ipc: replace costly bailout check in sysvipc_find_ipc() drm/amdkfd: don't allow mapping the MMIO HDP page with large pages media: uvcvideo: Fix integer overflow calculating timestamp Revert "Input: ioc3kbd - convert to platform remove callback returning void" ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() net:rds: Fix possible deadlock in rds_message_put ovl: do not fail because of O_NOATIME soundwire: stream: fix programming slave ports for non-continous port maps dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification ethtool: check device is present when getting link settings gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() nfc: pn533: Add poll mod list filling check soc: qcom: cmd-db: Map shared memory as WC, not WB cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure apparmor: fix policy_unpack_test on big endian systems Linux 5.10.225 Change-Id: I5028ef07db680262d45fba4096094fe8b19dd052 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Chen Ridong
|
688325078a |
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
commit 1be59c97c83ccd67a519d8a49486b3a8a73ca28a upstream.
An UAF can happen when /proc/cpuset is read as reported in [1].
This can be reproduced by the following methods:
1.add an mdelay(1000) before acquiring the cgroup_lock In the
cgroup_path_ns function.
2.$cat /proc/<pid>/cpuset repeatly.
3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/
$umount /sys/fs/cgroup/cpuset/ repeatly.
The race that cause this bug can be shown as below:
(umount) | (cat /proc/<pid>/cpuset)
css_release | proc_cpuset_show
css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id);
css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...);
cgroup_destroy_root | mutex_lock(&cgroup_mutex);
rebind_subsystems |
cgroup_free_root |
| // cgrp was freed, UAF
| cgroup_path_ns_locked(cgrp,..);
When the cpuset is initialized, the root node top_cpuset.css.cgrp
will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will
allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated
&cgroup_root.cgrp. When the umount operation is executed,
top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.
The problem is that when rebinding to cgrp_dfl_root, there are cases
where the cgroup_root allocated by setting up the root for cgroup v1
is cached. This could lead to a Use-After-Free (UAF) if it is
subsequently freed. The descendant cgroups of cgroup v1 can only be
freed after the css is released. However, the css of the root will never
be released, yet the cgroup_root should be freed when it is unmounted.
This means that obtaining a reference to the css of the root does
not guarantee that css.cgrp->root will not be freed.
Fix this problem by using rcu_read_lock in proc_cpuset_show().
As cgroup_root is kfree_rcu after commit d23b5c577715
("cgroup: Make operations on the cgroup root_list RCU safe"),
css->cgroup won't be freed during the critical section.
To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to
replace task_get_css with task_css.
[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd
Fixes:
|
||
Phil Chang
|
5970a540da |
hrtimer: Prevent queuing of hrtimer without a function callback
[ Upstream commit 5a830bbce3af16833fe0092dec47b6dd30279825 ] The hrtimer function callback must not be NULL. It has to be specified by the call side but it is not validated by the hrtimer code. When a hrtimer is queued without a function callback, the kernel crashes with a null pointer dereference when trying to execute the callback in __run_hrtimer(). Introduce a validation before queuing the hrtimer in hrtimer_start_range_ns(). [anna-maria: Rephrase commit message] Signed-off-by: Phil Chang <phil.chang@mediatek.com> Signed-off-by: Anna-Maria Behnsen <anna-maria@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Anna-Maria Behnsen <anna-maria@linutronix.de> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
0c105dabe6 |
Revert "genirq: Allow the PM device to originate from irq domain"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
e62a1579e0 |
Revert "genirq: Allow irq_chip registration functions to take a const irq_chip"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
b84ad15be5 |
This is the 5.10.224 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmbCv24ACgkQONu9yGCS
aT7lNRAAzP2lSCUHROaMTldoQdahqoWqwFSiMI9p32HYLTerpg1GHVsi1IUvD+pv
zhmUG9w+ACbSbZ9337G61FeEDCIBzgqaIXLCtbK2Be9nWMa9I1ZtMSFUKoSmVJBw
YbrI/UOscJmAf44G6DeMp+N+/S2o7INK463u51SYjufo/zhFF8KsYElm23p06kgn
lTkkUAoo9mSVvEr64zbjwLrWyBWTlcvYH/xrkWeJWXl+hBv0K5Ig9IBm0sc0DSQR
fErADzDLFkmD9pduZbMwbzUUzC8ST41KKjTgClaHQhSMeoLoWT8CJM5Swwds4XVE
JkoClkqnj3+stYFpLFm9UUgZ12wu/9slzgRCN6fTraSNT8gE9F9BRJXFGL+3S5OO
oHKZYEEPTZDsD3PihgufJ4Ft27+KpMUzAgQUmVH/y47wrVJ2pf4fCK8LKT0MbjBi
pjZaDRCxwo1aORL3+jYJBVRecrNqQ0DhacYOKznhb2KKeaHojIwLaE6k/W/0Q8U5
1uMYv+NJ3LWDNzGcNUTCfNtuDELOpkp24Xc8RN0MK2iMMMyfjMpgKssjSBZtz0QW
NH0UVpfiWKECKH+m03NeFnYdMuK8/VyM8vatkcemz0FfgJP2UazeiVwSujfS2r2S
0TtsCMPP3kgKa9mAnni7lQs4wkG+OTNDNZqbuDqFZ1rHUS2Usrg=
=8i2e
-----END PGP SIGNATURE-----
Merge 5.10.224 into android12-5.10-lts
Changes in 5.10.224
EDAC/skx_common: Add new ADXL components for 2-level memory
EDAC, i10nm: make skx_common.o a separate module
platform/chrome: cros_ec_debugfs: fix wrong EC message version
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: qcom: sdm845: add power-domain to UFS PHY
soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
soc: qcom: pdr: protect locator_addr with the main mutex
soc: qcom: pdr: fix parsing of domains lists
arm64: dts: rockchip: Increase VOP clk rate on RK3328
ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node
ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
ARM: dts: imx6qdl-kontron-samx6i: fix board reset
ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
arm64: dts: amlogic: gx: correct hdmi clocks
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
ARM: pxa: spitz: use gpio descriptors for audio
ARM: spitz: fix GPIO assignment for backlight
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Initialize completion before mailbox
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
selftests/bpf: Fix prog numbers in test_sockmap
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
net/smc: Allow SMC-D 1MB DMB allocations
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
lib: objagg: Fix general protection fault
mlxsw: spectrum_acl_erp: Fix object nesting warning
mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible
mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
ath11k: dp: stop rx pktlog before suspend
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
netfilter: nf_tables: rise cap on SELinux secmark context
perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
qed: Improve the stack space of filter_config()
wifi: virt_wifi: avoid reporting connection success with wrong SSID
gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
wifi: virt_wifi: don't use strlen() in const context
selftests/bpf: Close fd in error path in drop_on_reuseport
bpf: annotate BTF show functions with __printf
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
selftests: forwarding: devlink_lib: Wait for udev events after reloading
xdp: fix invalid wait context of page_pool_destroy()
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
media: imon: Fix race getting ictx->lock
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Allow entity-defined get_info and get_cur
media: uvcvideo: Override default flags
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
leds: trigger: Unregister sysfs attributes before calling deactivate()
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
drm/qxl: Add check for drm_cvt_mode
Revert "leds: led-core: Fix refcount leak in of_led_get()"
ext4: fix infinite loop when replaying fast_commit
media: venus: flush all buffers in output plane streamoff
mfd: omap-usb-tll: Use struct_size to allocate tll
xprtrdma: Rename frwr_release_mr()
xprtrdma: Fix rpcrdma_reqs_reset()
SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
SUNRPC: Fixup gss_status tracepoint error output
PCI: Fix resource double counting on remove & rescan
coresight: Fix ref leak when of_coresight_parse_endpoint() fails
Input: qt1050 - handle CHIP_ID reading error
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
ASoC: max98088: Check for clk_prepare_enable() error
mtd: make mtd_test.c a separate module
RDMA/device: Return error earlier if port in not valid
Input: elan_i2c - do not leave interrupt disabled on suspend failure
MIPS: Octeron: remove source file executable bit
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
RDMA/hns: Fix missing pagesize and alignment check in FRMR
bnxt_re: Fix imm_data endianness
netfilter: ctnetlink: use helper function to calculate expect ID
net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
pinctrl: rockchip: update rk3308 iomux routes
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
fs/nilfs2: remove some unused macros to tame gcc
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
rtc: interface: Add RTC offset to alarm after fix-up
dt-bindings: thermal: correct thermal zone node name limit
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
ipv6: take care of scope when choosing the src addr
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
ext2: Verify bitmap and itable block numbers before using them
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
scsi: qla2xxx: Fix optrom version displayed in FDMI
drm/amd/display: Check for NULL pointer
sched/fair: Use all little CPUs for CPU-bound workloads
apparmor: use kvfree_sensitive to free data->data
task_work: s/task_work_cancel()/task_work_cancel_func()/
task_work: Introduce task_work_cancel() again
udf: Avoid using corrupted block bitmap buffer
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
wifi: mwifiex: Fix interface type change
leds: ss4200: Convert PCIBIOS_* return codes to errnos
jbd2: make jbd2_journal_get_max_txn_bufs() internal
KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
binder: fix hang of unregistered readers
dev/parport: fix the array out-of-bounds risk
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to don't dirty inode for readonly filesystem
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kbuild: Fix '-S -c' in x86 stack protector scripts
kobject_uevent: Fix OOB access within zap_modalias_env()
devres: Fix devm_krealloc() wasting memory
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: Fix for possible memory corruption
scsi: qla2xxx: Fix flash read failure
scsi: qla2xxx: Complete command early within lock
scsi: qla2xxx: validate nvme_local_port correctly
perf/x86/intel/pt: Fix topa_entry base length
perf/x86/intel/pt: Fix a topa_entry base address calculation
rtc: isl1208: Fix return value of nvmem callbacks
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
rbd: don't assume rbd_is_lock_owner() for exclusive mappings
MIPS: ip30: ip30-console: Add missing include
MIPS: Loongson64: env: Hook up Loongsson-2K
drm/panfrost: Mark simple_ondemand governor as softdep
rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
io_uring/io-wq: limit retrying worker initialisation
kernel: rerun task_work while freezing in get_signal()
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
um: time-travel: fix time-travel-start option
f2fs: fix start segno of large section
libbpf: Fix no-args func prototype BTF dumping syntax
dma: fix call order in dmam_free_coherent
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
netfilter: nft_set_pipapo_avx2: disable softinterrupts
tipc: Return non-zero value from tipc_udp_addr2str() on error
net: stmmac: Correct byte order of perfect_match
net: nexthop: Initialize all fields in dumped nexthops
bpf: Fix a segment issue when downgrading gso_size
mISDN: Fix a use after free in hfcmulti_tx()
apparmor: Fix null pointer deref when receiving skb during sock creation
powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
lirc: rc_dev_get_from_fd(): fix file leak
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
ceph: fix incorrect kmalloc size of pagevec mempool
nvme: split command copy into a helper
nvme-pci: add missing condition check for existence of mapped data
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
fuse: name fs_context consistently
fuse: verify {g,u}id mount options correctly
sysctl: always initialize i_uid/i_gid
ext4: factor out a common helper to query extent map
ext4: check the extent status again before inserting delalloc block
soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver
drivers: soc: xilinx: check return status of get_api_version()
driver core: Cast to (void *) with __force for __percpu pointer
devres: Fix memory leakage caused by driver API devm_free_percpu()
genirq: Allow the PM device to originate from irq domain
irqchip/imx-irqsteer: Constify irq_chip struct
irqchip/imx-irqsteer: Add runtime PM support
irqchip/imx-irqsteer: Handle runtime power management correctly
remoteproc: imx_rproc: ignore mapping vdev regions
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Skip over memory region when node value is NULL
drm/nouveau: prime: fix refcount underflow
drm/vmwgfx: Fix overlay when using Screen Targets
sched: act_ct: take care of padding in struct zones_ht_key
net/iucv: fix use after free in iucv_sock_close()
net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
ipv6: fix ndisc_is_useropt() handling for PIO
riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
platform/chrome: cros_ec_proto: Lock device when updating MKBP version
HID: wacom: Modify pen IDs
protect the fetch of ->fd[fd] in do_dup2() from mispredictions
ALSA: usb-audio: Correct surround channels in UAC1 channel map
ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
mptcp: fix duplicate data handling
netfilter: ipset: Add list flush to cancel_gc
genirq: Allow irq_chip registration functions to take a const irq_chip
irqchip/mbigen: Fix mbigen node address layout
x86/mm: Fix pti_clone_pgtable() alignment assumption
x86/mm: Fix pti_clone_entry_text() for i386
sctp: move hlist_node and hashent out of sctp_ep_common
sctp: Fix null-ptr-deref in reuseport_add_sock().
net: usb: qmi_wwan: fix memory leak for not ip packets
net: linkwatch: use system_unbound_wq
Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
l2tp: fix lockdep splat
net: fec: Stop PPS on driver remove
rcutorture: Fix rcu_torture_fwd_cb_cr() data race
md: do not delete safemode_timer in mddev_suspend
md/raid5: avoid BUG_ON() while continue reshape after reassembling
clocksource/drivers/sh_cmt: Address race condition for clock events
ACPI: battery: create alarm sysfs attribute atomically
ACPI: SBS: manage alarm sysfs attribute through psy core
selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
PCI: Add Edimax Vendor ID to pci_ids.h
udf: prevent integer overflow in udf_bitmap_free_blocks()
wifi: nl80211: don't give key data to userspace
btrfs: fix bitmap leak when loading free space cache on duplicate entry
drm/amdgpu: Fix the null pointer dereference to ras_manager
drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
media: uvcvideo: Ignore empty TS packets
media: uvcvideo: Fix the bandwdith quirk on USB 3.x
jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
s390/sclp: Prevent release of buffer in I/O
SUNRPC: Fix a race to wake a sync task
sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
ext4: fix wrong unit use in ext4_mb_find_by_goal
arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
arm64: Add Neoverse-V2 part
arm64: cputype: Add Cortex-X4 definitions
arm64: cputype: Add Neoverse-V3 definitions
arm64: errata: Add workaround for Arm errata 3194386 and 3312417
arm64: cputype: Add Cortex-X3 definitions
arm64: cputype: Add Cortex-A720 definitions
arm64: cputype: Add Cortex-X925 definitions
arm64: errata: Unify speculative SSBS errata logic
arm64: errata: Expand speculative SSBS workaround
arm64: cputype: Add Cortex-X1C definitions
arm64: cputype: Add Cortex-A725 definitions
arm64: errata: Expand speculative SSBS workaround (again)
i2c: smbus: Improve handling of stuck alerts
ASoC: codecs: wsa881x: Correct Soundwire ports mask
i2c: smbus: Send alert notifications to all devices if source not found
bpf: kprobe: remove unused declaring of bpf_kprobe_override
kprobes: Fix to check symbol prefixes correctly
spi: spi-fsl-lpspi: Fix scldiv calculation
ALSA: usb-audio: Re-add ScratchAmp quirk entries
drm/client: fix null pointer dereference in drm_client_modeset_probe
ALSA: line6: Fix racy access to midibuf
ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
usb: vhci-hcd: Do not drop references before new references are gained
USB: serial: debug: do not echo input by default
usb: gadget: core: Check for unset descriptor
usb: gadget: u_serial: Set start_delayed during suspend
scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
tick/broadcast: Move per CPU pointer access into the atomic section
ntp: Clamp maxerror and esterror to operating range
driver core: Fix uevent_show() vs driver detach race
ntp: Safeguard against time_constant overflow
scsi: mpt3sas: Remove scsi_dma_map() error messages
scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
irqchip/meson-gpio: support more than 8 channels gpio irq
irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t'
serial: core: check uartclk for zero to avoid divide by zero
irqchip/xilinx: Fix shift out of bounds
genirq/irqdesc: Honor caller provided affinity in alloc_desc()
power: supply: axp288_charger: Fix constant_charge_voltage writes
power: supply: axp288_charger: Round constant_charge_voltage writes down
tracing: Fix overflow in get_free_elt()
padata: Fix possible divide-by-0 panic in padata_mt_helper()
x86/mtrr: Check if fixed MTRRs exist before saving them
drm/bridge: analogix_dp: properly handle zero sized AUX transactions
drm/mgag200: Set DDC timeout in milliseconds
mptcp: sched: check both directions for backup
mptcp: distinguish rcv vs sent backup flag in requests
mptcp: fix NL PM announced address accounting
mptcp: mib: count MPJ with backup flag
mptcp: export local_address
mptcp: pm: fix backup support in signal endpoints
samples: Add fs error monitoring example
samples: Make fs-monitor depend on libc and headers
Add gitignore file for samples/fanotify/ subdirectory
Fix gcc 4.9 build issue in 5.10.y
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
netfilter: nf_tables: set element extended ACK reporting support
netfilter: nf_tables: use timestamp to check for set element timeout
netfilter: nf_tables: allow clone callbacks to sleep
netfilter: nf_tables: prefer nft_chain_validate
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
arm64: cpufeature: Fix the visibility of compat hwcaps
media: uvcvideo: Use entity get_cur in uvc_ctrl_set
exec: Fix ToCToU between perm check and set-uid/gid usage
nvme/pci: Add APST quirk for Lenovo N60z laptop
vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"
Linux 5.10.224
Change-Id: I7cd19d506c4c86df918a280598946060a494a161
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
95fd17f446 |
Merge tag 'android12-5.10.223_r00' into android12-5.10
This merges up to the 5.10.222 LTS release into the android12-5.10 branch. Included in here are the following commits: * |
||
Waiman Long
|
ab8b397d59 |
padata: Fix possible divide-by-0 panic in padata_mt_helper()
commit 6d45e1c948a8b7ed6ceddb14319af69424db730c upstream.
We are hit with a not easily reproducible divide-by-0 panic in padata.c at
bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
[ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
[ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
[ 10.017908] Workqueue: events_unbound padata_mt_helper
[ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
:
[ 10.017963] Call Trace:
[ 10.017968] <TASK>
[ 10.018004] ? padata_mt_helper+0x39/0xb0
[ 10.018084] process_one_work+0x174/0x330
[ 10.018093] worker_thread+0x266/0x3a0
[ 10.018111] kthread+0xcf/0x100
[ 10.018124] ret_from_fork+0x31/0x50
[ 10.018138] ret_from_fork_asm+0x1a/0x30
[ 10.018147] </TASK>
Looking at the padata_mt_helper() function, the only way a divide-by-0
panic can happen is when ps->chunk_size is 0. The way that chunk_size is
initialized in padata_do_multithreaded(), chunk_size can be 0 when the
min_chunk in the passed-in padata_mt_job structure is 0.
Fix this divide-by-0 panic by making sure that chunk_size will be at least
1 no matter what the input parameters are.
Link: https://lkml.kernel.org/r/20240806174647.1050398-1-longman@redhat.com
Fixes:
|
||
Tze-nan Wu
|
eb223bf01e |
tracing: Fix overflow in get_free_elt()
commit bcf86c01ca4676316557dd482c8416ece8c2e143 upstream.
"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.
Once it overflows, new elements can still be inserted into the tracing_map
even though the maximum number of elements (`max_elts`) has been reached.
Continuing to insert elements after the overflow could result in the
tracing_map containing "tracing_map->max_size" elements, leaving no empty
entries.
If any attempt is made to insert an element into a full tracing_map using
`__tracing_map_insert()`, it will cause an infinite loop with preemption
disabled, leading to a CPU hang problem.
Fix this by preventing any further increments to "tracing_map->next_elt"
once it reaches "tracing_map->max_elt".
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes:
|
||
Shay Drory
|
a26bcfeea3 |
genirq/irqdesc: Honor caller provided affinity in alloc_desc()
commit edbbaae42a56f9a2b39c52ef2504dfb3fb0a7858 upstream.
Currently, whenever a caller is providing an affinity hint for an
interrupt, the allocation code uses it to calculate the node and copies the
cpumask into irq_desc::affinity.
If the affinity for the interrupt is not marked 'managed' then the startup
of the interrupt ignores irq_desc::affinity and uses the system default
affinity mask.
Prevent this by setting the IRQD_AFFINITY_SET flag for the interrupt in the
allocator, which causes irq_setup_affinity() to use irq_desc::affinity on
interrupt startup if the mask contains an online CPU.
[ tglx: Massaged changelog ]
Fixes:
|
||
Justin Stitt
|
f3405f4997 |
ntp: Safeguard against time_constant overflow
commit 06c03c8edce333b9ad9c6b207d93d3a5ae7c10c0 upstream. Using syzkaller with the recently reintroduced signed integer overflow sanitizer produces this UBSAN report: UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:738:18 9223372036854775806 + 4 cannot be represented in type 'long' Call Trace: handle_overflow+0x171/0x1b0 __do_adjtimex+0x1236/0x1440 do_adjtimex+0x2be/0x740 The user supplied time_constant value is incremented by four and then clamped to the operating range. Before commit |
||
|
Justin Stitt
|
dc335b92e5 |
ntp: Clamp maxerror and esterror to operating range
[ Upstream commit 87d571d6fb77ec342a985afa8744bb9bb75b3622 ] Using syzkaller alongside the newly reintroduced signed integer overflow sanitizer spits out this report: UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:461:16 9223372036854775807 + 500 cannot be represented in type 'long' Call Trace: handle_overflow+0x171/0x1b0 second_overflow+0x2d6/0x500 accumulate_nsecs_to_secs+0x60/0x160 timekeeping_advance+0x1fe/0x890 update_wall_time+0x10/0x30 time_maxerror is unconditionally incremented and the result is checked against NTP_PHASE_LIMIT, but the increment itself can overflow, resulting in wrap-around to negative space. Before commit |
||
Thomas Gleixner
|
668c6c4a7e |
tick/broadcast: Move per CPU pointer access into the atomic section
commit 6881e75237a84093d0986f56223db3724619f26e upstream.
The recent fix for making the take over of the broadcast timer more
reliable retrieves a per CPU pointer in preemptible context.
This went unnoticed as compilers hoist the access into the non-preemptible
region where the pointer is actually used. But of course it's valid that
the compiler keeps it at the place where the code puts it which rightfully
triggers:
BUG: using smp_processor_id() in preemptible [00000000] code:
caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0
Move it to the actual usage site which is in a non-preemptible region.
Fixes: f7d43dd206e7 ("tick/broadcast: Make takeover of broadcast hrtimer reliable")
Reported-by: David Wang <00107082@163.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Yu Liao <liaoyu15@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/87ttg56ers.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Masami Hiramatsu (Google)
|
c6ba514732 |
kprobes: Fix to check symbol prefixes correctly
[ Upstream commit 8c8acb8f26cbde665b233dd1b9bbcbb9b86822dc ] Since str_has_prefix() takes the prefix as the 2nd argument and the string as the first, is_cfi_preamble_symbol() always fails to check the prefix. Fix the function parameter order so that it correctly check the prefix. Link: https://lore.kernel.org/all/172260679559.362040.7360872132937227206.stgit@devnote2/ Fixes: de02f2ac5d8c ("kprobes: Prohibit probing on CFI preamble symbol") Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Zheng Zucheng
|
1d21d41750 |
sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
commit 77baa5bafcbe1b2a15ef9c37232c21279c95481c upstream.
In extreme test scenarios:
the 14th field utime in /proc/xx/stat is greater than sum_exec_runtime,
utime = 18446744073709518790 ns, rtime = 135989749728000 ns
In cputime_adjust() process, stime is greater than rtime due to
mul_u64_u64_div_u64() precision problem.
before call mul_u64_u64_div_u64(),
stime = 175136586720000, rtime = 135989749728000, utime = 1416780000.
after call mul_u64_u64_div_u64(),
stime = 135989949653530
unsigned reversion occurs because rtime is less than stime.
utime = rtime - stime = 135989749728000 - 135989949653530
= -199925530
= (u64)18446744073709518790
Trigger condition:
1). User task run in kernel mode most of time
2). ARM64 architecture
3). TICK_CPU_ACCOUNTING=y
CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set
Fix mul_u64_u64_div_u64() conversion precision by reset stime to rtime
Fixes:
|
||
Paul E. McKenney
|
464d242868 |
rcutorture: Fix rcu_torture_fwd_cb_cr() data race
[ Upstream commit 6040072f4774a575fa67b912efe7722874be337b ] On powerpc systems, spinlock acquisition does not order prior stores against later loads. This means that this statement: rfcp->rfc_next = NULL; Can be reordered to follow this statement: WRITE_ONCE(*rfcpp, rfcp); Which is then a data race with rcu_torture_fwd_prog_cr(), specifically, this statement: rfcpn = READ_ONCE(rfcp->rfc_next) KCSAN located this data race, which represents a real failure on powerpc. Signed-off-by: Paul E. McKenney <paulmck@kernel.org> Acked-by: Marco Elver <elver@google.com> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: <kasan-dev@googlegroups.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Marc Zyngier
|
c476c5c7bb |
genirq: Allow irq_chip registration functions to take a const irq_chip
[ Upstream commit 393e1280f765661cf39785e967676a4e57324126 ] In order to let a const irqchip be fed to the irqchip layer, adjust the various prototypes. An extra cast in irq_set_chip()() is required to avoid a warning. Signed-off-by: Marc Zyngier <maz@kernel.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Link: https://lore.kernel.org/r/20220209162607.1118325-3-maz@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Marc Zyngier
|
652e7b4d73 |
genirq: Allow the PM device to originate from irq domain
[ Upstream commit 1f8863bfb5ca500ea1c7669b16b1931ba27fce20 ]
As a preparation to moving the reference to the device used for
runtime power management, add a new 'dev' field to the irqdomain
structure for that exact purpose.
The irq_chip_pm_{get,put}() helpers are made aware of the dual
location via a new private helper.
No functional change intended.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Tony Lindgren <tony@atomide.com>
Acked-by: Bartosz Golaszewski <brgl@bgdev.pl>
Link: https://lore.kernel.org/r/20220201120310.878267-2-maz@kernel.org
Stable-dep-of: 33b1c47d1fc0 ("irqchip/imx-irqsteer: Handle runtime power management correctly")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Lance Richardson
|
257193083e |
dma: fix call order in dmam_free_coherent
[ Upstream commit 28e8b7406d3a1f5329a03aa25a43aa28e087cb20 ]
dmam_free_coherent() frees a DMA allocation, which makes the
freed vaddr available for reuse, then calls devres_destroy()
to remove and free the data structure used to track the DMA
allocation. Between the two calls, it is possible for a
concurrent task to make an allocation with the same vaddr
and add it to the devres list.
If this happens, there will be two entries in the devres list
with the same vaddr and devres_destroy() can free the wrong
entry, triggering the WARN_ON() in dmam_match.
Fix by destroying the devres entry before freeing the DMA
allocation.
Tested:
kokonut //net/encryption
http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03
Fixes:
|
||
Douglas Anderson
|
1c089efe76 |
kdb: Use the passed prompt in kdb_position_cursor()
[ Upstream commit e2e821095949cde46256034975a90f88626a2a73 ]
The function kdb_position_cursor() takes in a "prompt" parameter but
never uses it. This doesn't _really_ matter since all current callers
of the function pass the same value and it's a global variable, but
it's a bit ugly. Let's clean it up.
Found by code inspection. This patch is expected to functionally be a
no-op.
Fixes: 09b35989421d ("kdb: Use format-strings rather than '\0' injection in kdb_read()")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20240528071144.1.I0feb49839c6b6f4f2c4bf34764f5e95de3f55a66@changeid
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Arnd Bergmann
|
f0ad62559f |
kdb: address -Wformat-security warnings
[ Upstream commit 70867efacf4370b6c7cdfc7a5b11300e9ef7de64 ]
When -Wformat-security is not disabled, using a string pointer
as a format causes a warning:
kernel/debug/kdb/kdb_io.c: In function 'kdb_read':
kernel/debug/kdb/kdb_io.c:365:36: error: format not a string literal and no format arguments [-Werror=format-security]
365 | kdb_printf(kdb_prompt_str);
| ^~~~~~~~~~~~~~
kernel/debug/kdb/kdb_io.c: In function 'kdb_getstr':
kernel/debug/kdb/kdb_io.c:456:20: error: format not a string literal and no format arguments [-Werror=format-security]
456 | kdb_printf(kdb_prompt_str);
| ^~~~~~~~~~~~~~
Use an explcit "%s" format instead.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes:
|
||
Pavel Begunkov
|
65dba3c9ce |
kernel: rerun task_work while freezing in get_signal()
commit 943ad0b62e3c21f324c4884caa6cb4a871bca05c upstream. io_uring can asynchronously add a task_work while the task is getting freezed. TIF_NOTIFY_SIGNAL will prevent the task from sleeping in do_freezer_trap(), and since the get_signal()'s relock loop doesn't retry task_work, the task will spin there not being able to sleep until the freezing is cancelled / the task is killed / etc. Run task_works in the freezer path. Keep the patch small and simple so it can be easily back ported, but we might need to do some cleaning after and look if there are other places with similar problems. Cc: stable@vger.kernel.org Link: https://github.com/systemd/systemd/issues/33626 Fixes: 12db8b690010c ("entry: Add support for TIF_NOTIFY_SIGNAL") Reported-by: Julian Orth <ju.orth@gmail.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/89ed3a52933370deaaf61a0a620a6ac91f1e754d.1720634146.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
19f108b3d1 |
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
commit f944ffcbc2e1c759764850261670586ddf3bdabb upstream.
For systems on which the performance counter can expire early due to turbo
modes the watchdog handler has a safety net in place which validates that
since the last watchdog event there has at least 4/5th of the watchdog
period elapsed.
This works reliably only after the first watchdog event because the per
CPU variable which holds the timestamp of the last event is never
initialized.
So a first spurious event will validate against a timestamp of 0 which
results in a delta which is likely to be way over the 4/5 threshold of the
period. As this might happen before the first watchdog hrtimer event
increments the watchdog counter, this can lead to false positives.
Fix this by initializing the timestamp before enabling the hardware event.
Reset the rearm counter as well, as that might be non zero after the
watchdog was disabled and reenabled.
Link: https://lkml.kernel.org/r/87frsfu15a.ffs@tglx
Fixes:
|
||
Frederic Weisbecker
|
5c59cb8dd9 |
task_work: Introduce task_work_cancel() again
commit f409530e4db9dd11b88cb7703c97c8f326ff6566 upstream. Re-introduce task_work_cancel(), this time to cancel an actual callback and not *any* callback pointing to a given function. This is going to be needed for perf events event freeing. Signed-off-by: Frederic Weisbecker <frederic@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-3-frederic@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Frederic Weisbecker
|
1fd27cc6f0 |
task_work: s/task_work_cancel()/task_work_cancel_func()/
commit 68cbd415dd4b9c5b9df69f0f091879e56bf5907a upstream. A proper task_work_cancel() API that actually cancels a callback and not *any* callback pointing to a given function is going to be needed for perf events event freeing. Do the appropriate rename to prepare for that. Signed-off-by: Frederic Weisbecker <frederic@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-2-frederic@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Pierre Gondois
|
eb46367187 |
sched/fair: Use all little CPUs for CPU-bound workloads
commit 3af7524b14198f5159a86692d57a9f28ec9375ce upstream.
Running N CPU-bound tasks on an N CPUs platform:
- with asymmetric CPU capacity
- not being a DynamIq system (i.e. having a PKG level sched domain
without the SD_SHARE_PKG_RESOURCES flag set)
.. might result in a task placement where two tasks run on a big CPU
and none on a little CPU. This placement could be more optimal by
using all CPUs.
Testing platform:
Juno-r2:
- 2 big CPUs (1-2), maximum capacity of 1024
- 4 little CPUs (0,3-5), maximum capacity of 383
Testing workload ([1]):
Spawn 6 CPU-bound tasks. During the first 100ms (step 1), each tasks
is affine to a CPU, except for:
- one little CPU which is left idle.
- one big CPU which has 2 tasks affine.
After the 100ms (step 2), remove the cpumask affinity.
Behavior before the patch:
During step 2, the load balancer running from the idle CPU tags sched
domains as:
- little CPUs: 'group_has_spare'. Cf. group_has_capacity() and
group_is_overloaded(), 3 CPU-bound tasks run on a 4 CPUs
sched-domain, and the idle CPU provides enough spare capacity
regarding the imbalance_pct
- big CPUs: 'group_overloaded'. Indeed, 3 tasks run on a 2 CPUs
sched-domain, so the following path is used:
group_is_overloaded()
\-if (sgs->sum_nr_running <= sgs->group_weight) return true;
The following path which would change the migration type to
'migrate_task' is not taken:
calculate_imbalance()
\-if (env->idle != CPU_NOT_IDLE && env->imbalance == 0)
as the local group has some spare capacity, so the imbalance
is not 0.
The migration type requested is 'migrate_util' and the busiest
runqueue is the big CPU's runqueue having 2 tasks (each having a
utilization of 512). The idle little CPU cannot pull one of these
task as its capacity is too small for the task. The following path
is used:
detach_tasks()
\-case migrate_util:
\-if (util > env->imbalance) goto next;
After the patch:
As the number of failed balancing attempts grows (with
'nr_balance_failed'), progressively make it easier to migrate
a big task to the idling little CPU. A similar mechanism is
used for the 'migrate_load' migration type.
Improvement:
Running the testing workload [1] with the step 2 representing
a ~10s load for a big CPU:
Before patch: ~19.3s
After patch: ~18s (-6.7%)
Similar issue reported at:
https://lore.kernel.org/lkml/20230716014125.139577-1-qyousef@layalina.io/
Suggested-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Acked-by: Qais Yousef <qyousef@layalina.io>
Link: https://lore.kernel.org/r/20231206090043.634697-1-pierre.gondois@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Tejun Heo
|
cf0c713c69 |
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
commit d329605287020c3d1c3b0dadc63d8208e7251382 upstream.
When a task's weight is being changed, set_load_weight() is called with
@update_load set. As weight changes aren't trivial for the fair class,
set_load_weight() calls fair.c::reweight_task() for fair class tasks.
However, set_load_weight() first tests task_has_idle_policy() on entry and
skips calling reweight_task() for SCHED_IDLE tasks. This is buggy as
SCHED_IDLE tasks are just fair tasks with a very low weight and they would
incorrectly skip load, vlag and position updates.
Fix it by updating reweight_task() to take struct load_weight as idle weight
can't be expressed with prio and making set_load_weight() call
reweight_task() for SCHED_IDLE tasks too when @update_load is set.
Fixes:
|
||
Yu Liao
|
9ef7190228 |
tick/broadcast: Make takeover of broadcast hrtimer reliable
commit f7d43dd206e7e18c182f200e67a8db8c209907fa upstream.
Running the LTP hotplug stress test on a aarch64 machine results in
rcu_sched stall warnings when the broadcast hrtimer was owned by the
un-plugged CPU. The issue is the following:
CPU1 (owns the broadcast hrtimer) CPU2
tick_broadcast_enter()
// shutdown local timer device
broadcast_shutdown_local()
...
tick_broadcast_exit()
clockevents_switch_state(dev, CLOCK_EVT_STATE_ONESHOT)
// timer device is not programmed
cpumask_set_cpu(cpu, tick_broadcast_force_mask)
initiates offlining of CPU1
take_cpu_down()
/*
* CPU1 shuts down and does not
* send broadcast IPI anymore
*/
takedown_cpu()
hotplug_cpu__broadcast_tick_pull()
// move broadcast hrtimer to this CPU
clockevents_program_event()
bc_set_next()
hrtimer_start()
/*
* timer device is not programmed
* because only the first expiring
* timer will trigger clockevent
* device reprogramming
*/
What happens is that CPU2 exits broadcast mode with force bit set, then the
local timer device is not reprogrammed and CPU2 expects to receive the
expired event by the broadcast IPI. But this does not happen because CPU1
is offlined by CPU2. CPU switches the clockevent device to ONESHOT state,
but does not reprogram the device.
The subsequent reprogramming of the hrtimer broadcast device does not
program the clockevent device of CPU2 either because the pending expiry
time is already in the past and the CPU expects the event to be delivered.
As a consequence all CPUs which wait for a broadcast event to be delivered
are stuck forever.
Fix this issue by reprogramming the local timer device if the broadcast
force bit of the CPU is set so that the broadcast hrtimer is delivered.
[ tglx: Massage comment and change log. Add Fixes tag ]
Fixes:
|
||
Alan Maguire
|
859bc76374 |
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
[ Upstream commit 2454075f8e2915cebbe52a1195631bc7efe2b7e1 ]
As reported by Mirsad [1] we still see format warnings in kernel/bpf/btf.o
at W=1 warning level:
CC kernel/bpf/btf.o
./kernel/bpf/btf.c: In function ‘btf_type_seq_show_flags’:
./kernel/bpf/btf.c:7553:21: warning: assignment left-hand side might be a candidate for a format attribute [-Wsuggest-attribute=format]
7553 | sseq.showfn = btf_seq_show;
| ^
./kernel/bpf/btf.c: In function ‘btf_type_snprintf_show’:
./kernel/bpf/btf.c:7604:31: warning: assignment left-hand side might be a candidate for a format attribute [-Wsuggest-attribute=format]
7604 | ssnprintf.show.showfn = btf_snprintf_show;
| ^
Combined with CONFIG_WERROR=y these can halt the build.
The fix (annotating the structure field with __printf())
suggested by Mirsad resolves these. Apologies I missed this last time.
No other W=1 warnings were observed in kernel/bpf after this fix.
[1] https://lore.kernel.org/bpf/92c9d047-f058-400c-9c7d-81d4dc1ef71b@gmail.com/
Fixes: b3470da314fd ("bpf: annotate BTF show functions with __printf")
Reported-by: Mirsad Todorovac <mtodorovac69@gmail.com>
Suggested-by: Mirsad Todorovac <mtodorovac69@gmail.com>
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20240712092859.1390960-1-alan.maguire@oracle.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Alan Maguire
|
28c8fce207 |
bpf: annotate BTF show functions with __printf
[ Upstream commit b3470da314fd8018ee237e382000c4154a942420 ]
-Werror=suggest-attribute=format warns about two functions
in kernel/bpf/btf.c [1]; add __printf() annotations to silence
these warnings since for CONFIG_WERROR=y they will trigger
build failures.
[1] https://lore.kernel.org/bpf/a8b20c72-6631-4404-9e1f-0410642d7d20@gmail.com/
Fixes:
|
||
Adrian Hunter
|
7f132aca18 |
perf: Prevent passing zero nr_pages to rb_alloc_aux()
[ Upstream commit dbc48c8f41c208082cfa95e973560134489e3309 ]
nr_pages is unsigned long but gets passed to rb_alloc_aux() as an int,
and is stored as an int.
Only power-of-2 values are accepted, so if nr_pages is a 64_bit value, it
will be passed to rb_alloc_aux() as zero.
That is not ideal because:
1. the value is incorrect
2. rb_alloc_aux() is at risk of misbehaving, although it manages to
return -ENOMEM in that case, it is a result of passing zero to get_order()
even though the get_order() result is documented to be undefined in that
case.
Fix by simply validating the maximum supported value in the first place.
Use -ENOMEM error code for consistency with the current error code that
is returned in that case.
Fixes:
|
||
|
Adrian Hunter
|
a2450206c0 |
perf: Fix perf_aux_size() for greater-than 32-bit size
[ Upstream commit 3df94a5b1078dfe2b0c03f027d018800faf44c82 ]
perf_buffer->aux_nr_pages uses a 32-bit type, so a cast is needed to
calculate a 64-bit size.
Fixes:
|
||
|
Greg Kroah-Hartman
|
8c417688f0 |
This is the 5.10.223 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmaksnwACgkQONu9yGCS
aT4PcQ//fATT8wjblT5zZ2dKy/LsTD8xKD8YfNKJDYvuYIMtli1hXmpQeeY237yt
d/zepYo4pN6onVa00S0gob2TUeR+Zz1/o++blIGsHzU26wme6hkSyvrFys88dR+h
BDTscrW9Q5ApFg7pJxvqkj+kpirqskXVXS1g2b7OA/8JY1hmDX6X9vxlwXJTaam2
wjUv+xblOAptmuTmZWxvgiezqJ6nwU8085+F60TOhDdOjx5MAmDbdVqDv2hXQE/U
VIjZqhUFXxomckwjaN9B2lAFYWxT30aR9+OKUzuck3eLEe4xrcohv6NdZ88obHRM
8YWqjjubYhpkfnQ+AsCTPFFNeK3NbnhDADwLIazPdyNUnd76HhVfs/yZOuE/hWPi
mLz7o+UUBwdmR13qJzYwAgN/ddLZV4VGCmRma3XneSwOAQhEkHomlSjplOc7GafG
QgKTxM7tmbcdM/NTH6Am+Bc3y9nI2NkjgV5fafant6xj++n7HDAI07UK5L/vUMcF
QxA/jn74MB9YG71BKXRT6xfVRhUGLQ/OMXBxdyUvUOFCa7nggYm7qCI+S5KdUz50
UP7KPmBBntsd6Mr06QaH+fgXszjZSSHXhHgeL5QRFZDUVvOWK66XS5S3Z+Ll3xgc
/26iJ1qYuGFj4k34ab6lM3q2ZuHAT1jS5URY6uVwxWN2BJDvGDQ=
=7Kf2
-----END PGP SIGNATURE-----
Merge 5.10.223 into android12-5.10-lts
Changes in 5.10.223
gcc-plugins: Rename last_stmt() for GCC 14+
filelock: Remove locks reliably when fcntl/close race is detected
scsi: qedf: Set qed_slowpath_params to zero before use
ACPI: EC: Abort address space access upon error
ACPI: EC: Avoid returning AE_OK on errors in address space handler
wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
selftests/openat2: Fix build warnings on ppc64
Input: silead - Always support 10 fingers
net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
ila: block BH in ila_output()
arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process
null_blk: fix validation of block size
kconfig: gconf: give a proper initial state to the Save button
kconfig: remove wrong expr_trans_bool()
fs/file: fix the check in find_next_fd()
mei: demote client disconnect warning on suspend to debug
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
ALSA: hda/realtek: Add more codec ID to no shutup pins list
mips: fix compat_sys_lseek syscall
Input: elantech - fix touchpad state on resume for Lenovo N24
Input: i8042 - add Ayaneo Kun to i8042 quirk table
bytcr_rt5640 : inverse jack detect for Archos 101 cesium
ALSA: dmaengine: Synchronize dma channel after drop()
ASoC: ti: davinci-mcasp: Set min period size using FIFO config
ASoC: ti: omap-hdmi: Fix too long driver name
can: kvaser_usb: fix return value for hif_usb_send_regout
s390/sclp: Fix sclp_init() cleanup on failure
btrfs: qgroup: fix quota root leak after quota disable failure
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
ALSA: dmaengine_pcm: terminate dmaengine before synchronize
net: usb: qmi_wwan: add Telit FN912 compositions
net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()
powerpc/pseries: Whitelist dtl slub object for copying to userspace
powerpc/eeh: avoid possible crash when edev->pdev changes
scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
fs: better handle deep ancestor chains in is_subdir()
spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
selftests/vDSO: fix clang build errors and warnings
hfsplus: fix uninit-value in copy_name
spi: mux: set ctlr->bits_per_word_mask
ARM: 9324/1: fix get_user() broken with veneer
ACPI: processor_idle: Fix invalid comparison with insertion sort for latency
bpf: Fix overrunning reservations in ringbuf
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
scsi: core: Fix a use-after-free
ext4: fix error code saved on super block during file system abort
ext4: Send notifications on error
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
net: relax socket state check at accept time.
ocfs2: add bounds checking to ocfs2_check_dir_entry()
jfs: don't walk off the end of ealist
ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB
ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused
filelock: Fix fcntl/close race recovery compat path
tun: add missing verification for short frame
tap: add missing verification for short frame
Linux 5.10.223
Change-Id: I588f4e47f0b1d442e0bf6d14ac923105e2e1909c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Daniel Borkmann
|
be35504b95 |
bpf: Fix overrunning reservations in ringbuf
commit cfa1a2329a691ffd991fcf7248a57d752e712881 upstream.
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
Fixes:
|
||
|
Greg Kroah-Hartman
|
7541015675 |
ANDROID: GKI: remove export of tracing control functions
Android GKI kernel modules should NOT have the ability to control the system-wide tracing functionality, nor query to determine if it is on or not. So remove the exports of these functions. Upstream does not wish to do this, so an Android-only change is required. See the bug id for details. Bug: 355584612 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I50f69cd9930ddc6b876c5c1dd86f51cfb2ee1bac |
||
|
Greg Kroah-Hartman
|
875057880e |
This is the 5.10.222 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmaY9zYACgkQONu9yGCS aT6v5g//WMifSZz85CUFaqgs65rwVfhTMpYtUeL5LiDuy+SMou6ViV3A93FpTkmj FJBvrr2y0bn8Y5Dp/fwYj10XUz+THZte/yEVnPh/NkV107FZD3fKa6GTnJY7H/XY 4SoOGfPB4yfx+MpN6ZpLsu4cAt6FW8P+QfKOxBEboGkJSGpjEbGYFMtyZAMjknia QE8cKQ3LnMrQzHIizil5dZVlYaiMgJtlKTtUeVI1ixmaGDb3rCsnCVvMRvZnW95V aSgyJNrNix7a5tRgYwZHZp4t3p9iT2lyIFM3/y7TKcglVCMPw4nbsDdLNNq11qrk RdTdScR+9eKyJsEGVYOhXZFUFzOgHW22xyx0CCZmDMeu08WPNl4vhGewnndQy3yd 6jdTRYDrU6SQNQ0AjRZXcdmfopIQxetHE7ZEKvbgBW6+u9oySYU8phPCNkma2JWr O2eY5AOF8zgPAdAzvF9Bt/qTlwLNjP0zczoIRX7HSvV03Nh9cQvgzKdSCfuPDU4a FX7mlokgweYa7WoWGPkzOlgMaJZksqstDnhbuwONoMPrNFTUjgm429K87iPdwzqC Yv4uDrpFXgkhfD4Aoks4wDpE2LgBKWz5Wnpo+WW4fjcrXtcIV2tTD9FkMjBv3ECv A8TTWsXxQtm3V54R4h7fAXg9KnZBuIYYDnB2u1317ZdaDkZRuPQ= =X2/A -----END PGP SIGNATURE----- Merge 5.10.222 into android12-5.10-lts Changes in 5.10.222 Compiler Attributes: Add __uninitialized macro drm/lima: fix shared irq handling on driver remove media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() IB/core: Implement a limit on UMAD receive List scsi: qedf: Make qedf_execute_tmf() non-preemptible crypto: aead,cipher - zeroize key buffer after use drm/amdgpu: Initialize timestamp for some legacy SOCs drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id media: dw2102: Don't translate i2c read into write sctp: prefer struct_size over open coded arithmetic firmware: dmi: Stop decoding on broken entry Input: ff-core - prefer struct_size over open coded arithmetic net: dsa: mv88e6xxx: Correct check for empty list media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow i2c: i801: Annotate apanel_addr as __ro_after_init powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n orangefs: fix out-of-bounds fsid access kunit: Fix timeout message powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD jffs2: Fix potential illegal address access in jffs2_free_inode s390/pkey: Wipe sensitive data on failure UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() tcp_metrics: validate source addr length wifi: wilc1000: fix ies_len type in connect path bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest inet_diag: Initialize pad field in struct inet_diag_req_v2 nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries mm: optimize the redundant loop of mm_update_owner_next() mm: avoid overflows in dirty throttling logic Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/amdgpu/atomfirmware: silence UBSAN warning mtd: rawnand: Bypass a couple of sanity checks during NAND identification bnx2x: Fix multiple UBSAN array-index-out-of-bounds bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues ima: Avoid blocking in RCU read-side critical section media: dw2102: fix a potential buffer overflow i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 nvme-multipath: find NUMA path only for online numa-node nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro nvmet: fix a possible leak when destroy a ctrl during qp establishment kbuild: fix short log for AS in link-vmlinux.sh nilfs2: fix incorrect inode allocation from reserved inodes mm: prevent derefencing NULL ptr in pfn_section_valid() filelock: fix potential use-after-free in posix_lock_inode fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading vfs: don't mod negative dentry count when on shrinker list tcp: fix incorrect undo caused by DSACK of TLP retransmit octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() net: lantiq_etop: add blank line after declaration net: ethernet: lantiq_etop: fix double free in detach ppp: reject claimed-as-LCP but actually malformed packets ethtool: netlink: do not return SQI value if link is down udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). net/sched: Fix UAF when resolving a clash s390: Mark psw in __load_psw_mask() as __unitialized ARM: davinci: Convert comma to semicolon octeontx2-af: fix detection of IP layer tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets net: ks8851: Fix potential TX stall after interface reopen USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Fibocom FM350-GL USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add Rolling RW350-GL variants USB: serial: mos7840: fix crash on resume USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor hpet: Support 32-bit userspace nvmem: meson-efuse: Fix return value of nvmem callbacks ALSA: hda/realtek: Enable Mute LED on HP 250 G7 ALSA: hda/realtek: Limit mic boost on VAIO PRO PX libceph: fix race between delayed_work() and ceph_monc_stop() wireguard: allowedips: avoid unaligned 64-bit memory accesses wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk efi: ia64: move IA64-only declarations to new asm/efi.h header ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() bpf: Allow reads from uninit stack nilfs2: fix kernel bug on rename operation of broken directory i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: Add R-Car Gen4 support i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: rcar: clear NO_RXDMA flag after resetting i2c: rcar: fix error code in probe() Linux 5.10.222 Change-Id: I39dedaef039a49c1b8b53dd83b83d481593ffb95 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eduard Zingerman
|
ca42be8dd1 |
bpf: Allow reads from uninit stack
commit 6715df8d5d24655b9fd368e904028112b54c7de1 upstream.
This commits updates the following functions to allow reads from
uninitialized stack locations when env->allow_uninit_stack option is
enabled:
- check_stack_read_fixed_off()
- check_stack_range_initialized(), called from:
- check_stack_read_var_off()
- check_helper_mem_access()
Such change allows to relax logic in stacksafe() to treat STACK_MISC
and STACK_INVALID in a same way and make the following stack slot
configurations equivalent:
| Cached state | Current state |
| stack slot | stack slot |
|------------------+------------------|
| STACK_INVALID or | STACK_INVALID or |
| STACK_MISC | STACK_SPILL or |
| | STACK_MISC or |
| | STACK_ZERO or |
| | STACK_DYNPTR |
This leads to significant verification speed gains (see below).
The idea was suggested by Andrii Nakryiko [1] and initial patch was
created by Alexei Starovoitov [2].
Currently the env->allow_uninit_stack is allowed for programs loaded
by users with CAP_PERFMON or CAP_SYS_ADMIN capabilities.
A number of test cases from verifier/*.c were expecting uninitialized
stack access to be an error. These test cases were updated to execute
in unprivileged mode (thus preserving the tests).
The test progs/test_global_func10.c expected "invalid indirect read
from stack" error message because of the access to uninitialized
memory region. This error is no longer possible in privileged mode.
The test is updated to provoke an error "invalid indirect access to
stack" because of access to invalid stack address (such error is not
verified by progs/test_global_func*.c series of tests).
The following tests had to be removed because these can't be made
unprivileged:
- verifier/sock.c:
- "sk_storage_get(map, skb->sk, &stack_value, 1): partially init
stack_value"
BPF_PROG_TYPE_SCHED_CLS programs are not executed in unprivileged mode.
- verifier/var_off.c:
- "indirect variable-offset stack access, max_off+size > max_initialized"
- "indirect variable-offset stack access, uninitialized"
These tests verify that access to uninitialized stack values is
detected when stack offset is not a constant. However, variable
stack access is prohibited in unprivileged mode, thus these tests
are no longer valid.
* * *
Here is veristat log comparing this patch with current master on a
set of selftest binaries listed in tools/testing/selftests/bpf/veristat.cfg
and cilium BPF binaries (see [3]):
$ ./veristat -e file,prog,states -C -f 'states_pct<-30' master.log current.log
File Program States (A) States (B) States (DIFF)
-------------------------- -------------------------- ---------- ---------- ----------------
bpf_host.o tail_handle_ipv6_from_host 349 244 -105 (-30.09%)
bpf_host.o tail_handle_nat_fwd_ipv4 1320 895 -425 (-32.20%)
bpf_lxc.o tail_handle_nat_fwd_ipv4 1320 895 -425 (-32.20%)
bpf_sock.o cil_sock4_connect 70 48 -22 (-31.43%)
bpf_sock.o cil_sock4_sendmsg 68 46 -22 (-32.35%)
bpf_xdp.o tail_handle_nat_fwd_ipv4 1554 803 -751 (-48.33%)
bpf_xdp.o tail_lb_ipv4 6457 2473 -3984 (-61.70%)
bpf_xdp.o tail_lb_ipv6 7249 3908 -3341 (-46.09%)
pyperf600_bpf_loop.bpf.o on_event 287 145 -142 (-49.48%)
strobemeta.bpf.o on_event 15915 4772 -11143 (-70.02%)
strobemeta_nounroll2.bpf.o on_event 17087 3820 -13267 (-77.64%)
xdp_synproxy_kern.bpf.o syncookie_tc 21271 6635 -14636 (-68.81%)
xdp_synproxy_kern.bpf.o syncookie_xdp 23122 6024 -17098 (-73.95%)
-------------------------- -------------------------- ---------- ---------- ----------------
Note: I limited selection by states_pct<-30%.
Inspection of differences in pyperf600_bpf_loop behavior shows that
the following patch for the test removes almost all differences:
- a/tools/testing/selftests/bpf/progs/pyperf.h
+ b/tools/testing/selftests/bpf/progs/pyperf.h
@ -266,8 +266,8 @ int __on_event(struct bpf_raw_tracepoint_args *ctx)
}
if (event->pthread_match || !pidData->use_tls) {
- void* frame_ptr;
- FrameData frame;
+ void* frame_ptr = 0;
+ FrameData frame = {};
Symbol sym = {};
int cur_cpu = bpf_get_smp_processor_id();
W/o this patch the difference comes from the following pattern
(for different variables):
static bool get_frame_data(... FrameData *frame ...)
{
...
bpf_probe_read_user(&frame->f_code, ...);
if (!frame->f_code)
return false;
...
bpf_probe_read_user(&frame->co_name, ...);
if (frame->co_name)
...;
}
int __on_event(struct bpf_raw_tracepoint_args *ctx)
{
FrameData frame;
...
get_frame_data(... &frame ...) // indirectly via a bpf_loop & callback
...
}
SEC("raw_tracepoint/kfree_skb")
int on_event(struct bpf_raw_tracepoint_args* ctx)
{
...
ret |= __on_event(ctx);
ret |= __on_event(ctx);
...
}
With regards to value `frame->co_name` the following is important:
- Because of the conditional `if (!frame->f_code)` each call to
__on_event() produces two states, one with `frame->co_name` marked
as STACK_MISC, another with it as is (and marked STACK_INVALID on a
first call).
- The call to bpf_probe_read_user() does not mark stack slots
corresponding to `&frame->co_name` as REG_LIVE_WRITTEN but it marks
these slots as BPF_MISC, this happens because of the following loop
in the check_helper_call():
for (i = 0; i < meta.access_size; i++) {
err = check_mem_access(env, insn_idx, meta.regno, i, BPF_B,
BPF_WRITE, -1, false);
if (err)
return err;
}
Note the size of the write, it is a one byte write for each byte
touched by a helper. The BPF_B write does not lead to write marks
for the target stack slot.
- Which means that w/o this patch when second __on_event() call is
verified `if (frame->co_name)` will propagate read marks first to a
stack slot with STACK_MISC marks and second to a stack slot with
STACK_INVALID marks and these states would be considered different.
[1] https://lore.kernel.org/bpf/CAEf4BzY3e+ZuC6HUa8dCiUovQRg2SzEk7M-dSkqNZyn=xEmnPA@mail.gmail.com/
[2] https://lore.kernel.org/bpf/CAADnVQKs2i1iuZ5SUGuJtxWVfGYR9kDgYKhq3rNV+kBLQCu7rA@mail.gmail.com/
[3] git@github.com:anakryiko/cilium.git
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Co-developed-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230219200427.606541-2-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
GUO Zihua
|
a6176a802c |
ima: Avoid blocking in RCU read-side critical section
commit 9a95c5bfbf02a0a7f5983280fe284a0ff0836c34 upstream.
A panic happens in ima_match_policy:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
PGD 42f873067 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 5 PID:
|
||
Jinliang Zheng
|
f033241a7c |
mm: optimize the redundant loop of mm_update_owner_next()
commit cf3f9a593dab87a032d2b6a6fb205e7f3de4f0a1 upstream. When mm_update_owner_next() is racing with swapoff (try_to_unuse()) or /proc or ptrace or page migration (get_task_mm()), it is impossible to find an appropriate task_struct in the loop whose mm_struct is the same as the target mm_struct. If the above race condition is combined with the stress-ng-zombie and stress-ng-dup tests, such a long loop can easily cause a Hard Lockup in write_lock_irq() for tasklist_lock. Recognize this situation in advance and exit early. Link: https://lkml.kernel.org/r/20240620122123.3877432-1-alexjlzheng@tencent.com Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Christian Brauner <brauner@kernel.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Mateusz Guzik <mjguzik@gmail.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Tycho Andersen <tandersen@netflix.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2ebd481b31 |
Merge 5.10.221 into android12-5.10-lts
Changes in 5.10.221 tracing/selftests: Fix kprobe event name test for .isra. functions null_blk: Print correct max open zones limit in null_init_zoned_dev() wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: pmsr: use correct nla_get_uX functions wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef wifi: iwlwifi: mvm: check n_ssids before accessing the ssids wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: mac80211: correctly parse Spatial Reuse Parameter Set element net/ncsi: add NCSI Intel OEM command to keep PHY up net/ncsi: Simplify Kconfig/dts control flow net/ncsi: Fix the multi thread manner of NCSI driver ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net: sched: sch_multiq: fix possible OOB write in multiq_tune() vxlan: Fix regression when dropping packets due to invalid src addresses tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ptp: Fix error message on failed pin verification af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: fix possible race in __fib6_drop_pcpu_from() usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete drm/amd/display: Handle Y carry-over in VCP X.Y calculation serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler mmc: davinci: Don't strip remove function when driver is builtin selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: conform test to TAP format output selftests/mm: compaction_test: fix bogus test success on Aarch64 btrfs: fix leak of qgroup extent records after transaction abort nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages mei: me: release irq in mei_me_pci_resume error path jfs: xattr: fix buffer overflow for invalid xattr xhci: Set correct transferred length for cancelled bulk transfers xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory powerpc/uaccess: Fix build errors seen with GCC 13/14 Input: try trimming too long modalias strings SUNRPC: return proper error from gss_wrap_req_priv gpio: tqmx86: fix typo in Kconfig label HID: core: remove unnecessary WARN_ON() in implement() gpio: tqmx86: store IRQ trigger type and unmask status separately iommu/amd: Introduce pci segment structure iommu/amd: Fix sysfs leak in iommu init iommu: Return right value in iommu_sva_bind_device() HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() drm/vmwgfx: 3D disabled should not effect STDU memory limits net: sfp: Always call `sfp_sm_mod_remove()` on remove net: hns3: add cond_resched() to hns3 ring buffer init process liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet drm/komeda: check for error-valued pointer drm/bridge/panel: Fix runtime warning on panel bridge release tcp: fix race in tcp_v6_syn_recv_sock() net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net/ipv6: Fix the RT cache flush via sysctl using a previous delay ionic: fix use after netif_napi_del() iio: adc: ad9467: fix scan type sign iio: dac: ad5592r: fix temperature channel scaling value iio: imu: inv_icm42600: delete unneeded update watermark call drivers: core: synchronize really_probe() and dev_uevent() drm/exynos/vidi: fix memory leak in .get_modes() drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found vmci: prevent speculation leaks by sanitizing event in event_deliver() fs/proc: fix softlockup in __read_vmcore ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id dmaengine: axi-dmac: fix possible race in remove() remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support nilfs2: fix potential kernel bug due to lack of writeback flag waiting tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level hugetlb_encode.h: fix undefined behaviour (34 << 26) mptcp: ensure snd_una is properly initialized on connect mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect remoteproc: k3-r5: Jump to error handling labels in start/stop errors greybus: Fix use-after-free bug in gb_interface_release due to race condition. usb-storage: alauda: Check whether the media is initialized i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING padata: Disable BH when taking works lock on MT path rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment rcutorture: Fix invalid context warning when enable srcu barrier testing block/ioctl: prefer different overflow check selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh selftests/bpf: Fix flaky test btf_map_in_map/lookup_update batman-adv: bypass empty buckets in batadv_purge_orig_ref() wifi: ath9k: work around memset overflow warning af_packet: avoid a false positive warning in packet_setsockopt() drop_monitor: replace spin_lock by raw_spin_lock scsi: qedi: Fix crash while reading debugfs attribute kselftest: arm64: Add a null pointer check netpoll: Fix race condition in netpoll_owner_active HID: Add quirk for Logitech Casa touchpad ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl drm/amd/display: Exit idle optimizations before HDCP execution ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset powerpc/pseries: Enforce hcall result buffer validity and size powerpc/io: Avoid clang null pointer arithmetic warnings power: supply: cros_usbpd: provide ID table for avoiding fallback match iommu/arm-smmu-v3: Free MSIs in case of ENOMEM f2fs: remove clear SB_INLINECRYPT flag in default_options usb: misc: uss720: check for incompatible versions of the Belkin F5U002 udf: udftime: prevent overflow in udf_disk_stamp_to_time() PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports MIPS: Octeon: Add PCIe link status check serial: exar: adding missing CTI and Exar PCI ids MIPS: Routerboard 532: Fix vendor retry check code mips: bmips: BCM6358: make sure CBR is correctly set tracing: Build event generation tests only as modules cipso: fix total option length computation netrom: Fix a memory leak in nr_heartbeat_expiry() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() netns: Make get_net_ns() handle zero refcount net qca_spi: Make interrupt remembering atomic net/sched: act_api: rely on rcu in tcf_idr_check_alloc net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() tipc: force a dst refcount before doing decryption net/sched: act_ct: set 'net' pointer when creating new nf_flow_table sched: act_ct: add netns into the key of tcf_ct_flow_table net: stmmac: No need to calculate speed divider when offload is disabled virtio_net: checksum offloading handling fix netfilter: ipset: Fix suspicious rcu_dereference_protected() net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings regulator: core: Fix modpost error "regulator_get_regmap" undefined dmaengine: ioat: switch from 'pci_' to 'dma_' API dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioat: use PCI core macros for PCIe Capability dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." RDMA/mlx5: Add check for srq max_sge attribute ALSA: hda/realtek: Limit mic boost on N14AP7 drm/radeon: fix UBSAN warning in kv_dpm.c gcov: add support for GCC 14 kcov: don't lose track of remote references during softirqs i2c: ocores: set IACK bit after core is enabled dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema drm/amd/display: revert Exit idle optimizations before HDCP execution ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat rtlwifi: rtl8192de: Style clean-ups wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power pmdomain: ti-sci: Fix duplicate PD referrals knfsd: LOOKUP can return an illegal error value spmi: hisi-spmi-controller: Do not override device identifier bcache: fix variable length array abuse in btree_iter tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL r8169: remove unneeded memory barrier in rtl_tx r8169: improve rtl_tx r8169: improve rtl8169_start_xmit r8169: remove nr_frags argument from rtl_tx_slots_avail r8169: remove not needed check in rtl8169_start_xmit r8169: Fix possible ring buffer corruption on fragmented Tx packets. Revert "kheaders: substituting --sort in archive creation" kheaders: explicitly define file modes for archived headers perf/core: Fix missing wakeup when waiting for context reference PCI: Add PCI_ERROR_RESPONSE and related definitions x86/amd_nb: Check for invalid SMN reads cifs: missed ref-counting smb session in find smb: client: fix deadlock in smb2_find_smb_tcon() ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable ACPI: x86: Add another system to quirk list for forcing StorageD3Enable ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Input: ili210x - fix ili251x_read_touch_data() return value pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl/rockchip: separate struct rockchip_pin_bank to a head file pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set drm/amdgpu: fix UBSAN warning in kv_dpm.c netfilter: nf_tables: validate family when identifying table via handle SUNRPC: Fix null pointer dereference in svc_rqst_free() SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation nfsd: hold a lighter-weight client reference over CB_RECALL_ANY ASoC: fsl-asoc-card: set priv->pdev before using it net: dsa: microchip: fix initial port flush problem net: phy: micrel: add Microchip KSZ 9477 to the device table xdp: Move the rxq_info.mem clearing to unreg_mem_model() xdp: Allow registering memory model without rxq reference xdp: Remove WARN() from __xdp_reg_mem_model() sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep mtd: partitions: redboot: Added conversion of operands to a larger type bpf: Add a check for struct bpf_fib_lookup size net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack ALSA: emux: improve patch ioctl data validation media: dvbdev: Initialize sbuf soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message drm/radeon/radeon_display: Decrease the size of allocated memory nvme: fixup comment for nvme RDMA Provider Type drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA gpio: davinci: Validate the obtained number of IRQs gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) x86: stop playing stack games in profile_pc() ocfs2: fix DIO failure due to insufficient transaction credits mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() counter: ti-eqep: enable clock at probe iio: adc: ad7266: Fix variable checking bug iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation net: usb: ax88179_178a: improve link status logs usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable usb: musb: da8xx: fix a resource leak in probe() usb: atm: cxacru: fix endpoint checking in cxacru_bind() serial: 8250_omap: Implementation of Errata i2310 tty: mcf: MCF54418 has 10 UARTS net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new kbuild: Install dtb files as 0644 in Makefile.dtbinst csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/i915/gt: Fix potential UAF by revoke of fence registers drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes batman-adv: Don't accept TT entries for out-of-spec VIDs ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage mtd: spinand: macronix: Add support for serial NAND flash pwm: stm32: Refuse too small period requests nfs: Leave pages in the pagecache if readpage failed ipv6: annotate some data-races around sk->sk_prot ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. drivers: fix typo in firmware/efi/memmap.c efi: Correct comment on efi_memmap_alloc efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node arm64: dts: rockchip: Add sound-dai-cells for RK3368 xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). serial: 8250_omap: Fix Errata i2310 with RX FIFO level check tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Linux 5.10.221 Change-Id: Icac1c62fcbda5102be7ea031121f28d6fee36875 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
88eb084d18 |
Revert "Merge 5.10.220 into android12-5.10-lts"
This reverts commit |
||
|
Greg Kroah-Hartman
|
87a7f35a24 |
Merge 5.10.220 into android12-5.10-lts
Changes in 5.10.220
SUNRPC: Rename svc_encode_read_payload()
NFSD: Invoke svc_encode_result_payload() in "read" NFSD encoders
NFSD: A semicolon is not needed after a switch statement.
nfsd/nfs3: remove unused macro nfsd3_fhandleres
NFSD: Clean up the show_nf_may macro
NFSD: Remove extra "0x" in tracepoint format specifier
NFSD: Add SPDX header for fs/nfsd/trace.c
nfsd: Fix error return code in nfsd_file_cache_init()
SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer()
SUNRPC: Prepare for xdr_stream-style decoding on the server-side
NFSD: Add common helpers to decode void args and encode void results
NFSD: Add tracepoints in nfsd_dispatch()
NFSD: Add tracepoints in nfsd4_decode/encode_compound()
NFSD: Replace the internals of the READ_BUF() macro
NFSD: Replace READ* macros in nfsd4_decode_access()
NFSD: Replace READ* macros in nfsd4_decode_close()
NFSD: Replace READ* macros in nfsd4_decode_commit()
NFSD: Change the way the expected length of a fattr4 is checked
NFSD: Replace READ* macros that decode the fattr4 size attribute
NFSD: Replace READ* macros that decode the fattr4 acl attribute
NFSD: Replace READ* macros that decode the fattr4 mode attribute
NFSD: Replace READ* macros that decode the fattr4 owner attribute
NFSD: Replace READ* macros that decode the fattr4 owner_group attribute
NFSD: Replace READ* macros that decode the fattr4 time_set attributes
NFSD: Replace READ* macros that decode the fattr4 security label attribute
NFSD: Replace READ* macros that decode the fattr4 umask attribute
NFSD: Replace READ* macros in nfsd4_decode_fattr()
NFSD: Replace READ* macros in nfsd4_decode_create()
NFSD: Replace READ* macros in nfsd4_decode_delegreturn()
NFSD: Replace READ* macros in nfsd4_decode_getattr()
NFSD: Replace READ* macros in nfsd4_decode_link()
NFSD: Relocate nfsd4_decode_opaque()
NFSD: Add helpers to decode a clientid4 and an NFSv4 state owner
NFSD: Add helper for decoding locker4
NFSD: Replace READ* macros in nfsd4_decode_lock()
NFSD: Replace READ* macros in nfsd4_decode_lockt()
NFSD: Replace READ* macros in nfsd4_decode_locku()
NFSD: Replace READ* macros in nfsd4_decode_lookup()
NFSD: Add helper to decode NFSv4 verifiers
NFSD: Add helper to decode OPEN's createhow4 argument
NFSD: Add helper to decode OPEN's openflag4 argument
NFSD: Replace READ* macros in nfsd4_decode_share_access()
NFSD: Replace READ* macros in nfsd4_decode_share_deny()
NFSD: Add helper to decode OPEN's open_claim4 argument
NFSD: Replace READ* macros in nfsd4_decode_open()
NFSD: Replace READ* macros in nfsd4_decode_open_confirm()
NFSD: Replace READ* macros in nfsd4_decode_open_downgrade()
NFSD: Replace READ* macros in nfsd4_decode_putfh()
NFSD: Replace READ* macros in nfsd4_decode_read()
NFSD: Replace READ* macros in nfsd4_decode_readdir()
NFSD: Replace READ* macros in nfsd4_decode_remove()
NFSD: Replace READ* macros in nfsd4_decode_rename()
NFSD: Replace READ* macros in nfsd4_decode_renew()
NFSD: Replace READ* macros in nfsd4_decode_secinfo()
NFSD: Replace READ* macros in nfsd4_decode_setattr()
NFSD: Replace READ* macros in nfsd4_decode_setclientid()
NFSD: Replace READ* macros in nfsd4_decode_setclientid_confirm()
NFSD: Replace READ* macros in nfsd4_decode_verify()
NFSD: Replace READ* macros in nfsd4_decode_write()
NFSD: Replace READ* macros in nfsd4_decode_release_lockowner()
NFSD: Replace READ* macros in nfsd4_decode_cb_sec()
NFSD: Replace READ* macros in nfsd4_decode_backchannel_ctl()
NFSD: Replace READ* macros in nfsd4_decode_bind_conn_to_session()
NFSD: Add a separate decoder to handle state_protect_ops
NFSD: Add a separate decoder for ssv_sp_parms
NFSD: Add a helper to decode state_protect4_a
NFSD: Add a helper to decode nfs_impl_id4
NFSD: Add a helper to decode channel_attrs4
NFSD: Replace READ* macros in nfsd4_decode_create_session()
NFSD: Replace READ* macros in nfsd4_decode_destroy_session()
NFSD: Replace READ* macros in nfsd4_decode_free_stateid()
NFSD: Replace READ* macros in nfsd4_decode_getdeviceinfo()
NFSD: Replace READ* macros in nfsd4_decode_layoutcommit()
NFSD: Replace READ* macros in nfsd4_decode_layoutget()
NFSD: Replace READ* macros in nfsd4_decode_layoutreturn()
NFSD: Replace READ* macros in nfsd4_decode_secinfo_no_name()
NFSD: Replace READ* macros in nfsd4_decode_sequence()
NFSD: Replace READ* macros in nfsd4_decode_test_stateid()
NFSD: Replace READ* macros in nfsd4_decode_destroy_clientid()
NFSD: Replace READ* macros in nfsd4_decode_reclaim_complete()
NFSD: Replace READ* macros in nfsd4_decode_fallocate()
NFSD: Replace READ* macros in nfsd4_decode_nl4_server()
NFSD: Replace READ* macros in nfsd4_decode_copy()
NFSD: Replace READ* macros in nfsd4_decode_copy_notify()
NFSD: Replace READ* macros in nfsd4_decode_offload_status()
NFSD: Replace READ* macros in nfsd4_decode_seek()
NFSD: Replace READ* macros in nfsd4_decode_clone()
NFSD: Replace READ* macros in nfsd4_decode_xattr_name()
NFSD: Replace READ* macros in nfsd4_decode_setxattr()
NFSD: Replace READ* macros in nfsd4_decode_listxattrs()
NFSD: Make nfsd4_ops::opnum a u32
NFSD: Replace READ* macros in nfsd4_decode_compound()
NFSD: Remove macros that are no longer used
nfsd: only call inode_query_iversion in the I_VERSION case
nfsd: simplify nfsd4_change_info
nfsd: minor nfsd4_change_attribute cleanup
nfsd4: don't query change attribute in v2/v3 case
Revert "nfsd4: support change_attr_type attribute"
nfsd: add a new EXPORT_OP_NOWCC flag to struct export_operations
nfsd: allow filesystems to opt out of subtree checking
nfsd: close cached files prior to a REMOVE or RENAME that would replace target
exportfs: Add a function to return the raw output from fh_to_dentry()
nfsd: Fix up nfsd to ensure that timeout errors don't result in ESTALE
nfsd: Set PF_LOCAL_THROTTLE on local filesystems only
nfsd: Record NFSv4 pre/post-op attributes as non-atomic
exec: Don't open code get_close_on_exec
exec: Move unshare_files to fix posix file locking during exec
exec: Simplify unshare_files
exec: Remove reset_files_struct
kcmp: In kcmp_epoll_target use fget_task
bpf: In bpf_task_fd_query use fget_task
proc/fd: In proc_fd_link use fget_task
Revert "fget: clarify and improve __fget_files() implementation"
file: Rename __fcheck_files to files_lookup_fd_raw
file: Factor files_lookup_fd_locked out of fcheck_files
file: Replace fcheck_files with files_lookup_fd_rcu
file: Rename fcheck lookup_fd_rcu
file: Implement task_lookup_fd_rcu
proc/fd: In tid_fd_mode use task_lookup_fd_rcu
kcmp: In get_file_raw_ptr use task_lookup_fd_rcu
file: Implement task_lookup_next_fd_rcu
proc/fd: In proc_readfd_common use task_lookup_next_fd_rcu
proc/fd: In fdinfo seq_show don't use get_files_struct
file: Merge __fd_install into fd_install
file: In f_dupfd read RLIMIT_NOFILE once.
file: Merge __alloc_fd into alloc_fd
file: Rename __close_fd to close_fd and remove the files parameter
file: Replace ksys_close with close_fd
inotify: Increase default inotify.max_user_watches limit to 1048576
fs/lockd: convert comma to semicolon
NFSD: Fix sparse warning in nfssvc.c
NFSD: Restore NFSv4 decoding's SAVEMEM functionality
SUNRPC: Make trace_svc_process() display the RPC procedure symbolically
SUNRPC: Display RPC procedure names instead of proc numbers
SUNRPC: Move definition of XDR_UNIT
NFSD: Update GETATTR3args decoder to use struct xdr_stream
NFSD: Update ACCESS3arg decoder to use struct xdr_stream
NFSD: Update READ3arg decoder to use struct xdr_stream
NFSD: Update WRITE3arg decoder to use struct xdr_stream
NFSD: Update READLINK3arg decoder to use struct xdr_stream
NFSD: Fix returned READDIR offset cookie
NFSD: Add helper to set up the pages where the dirlist is encoded
NFSD: Update READDIR3args decoders to use struct xdr_stream
NFSD: Update COMMIT3arg decoder to use struct xdr_stream
NFSD: Update the NFSv3 DIROPargs decoder to use struct xdr_stream
NFSD: Update the RENAME3args decoder to use struct xdr_stream
NFSD: Update the LINK3args decoder to use struct xdr_stream
NFSD: Update the SETATTR3args decoder to use struct xdr_stream
NFSD: Update the CREATE3args decoder to use struct xdr_stream
NFSD: Update the MKDIR3args decoder to use struct xdr_stream
NFSD: Update the SYMLINK3args decoder to use struct xdr_stream
NFSD: Update the MKNOD3args decoder to use struct xdr_stream
NFSD: Update the NFSv2 GETATTR argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 READ argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 WRITE argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 READLINK argument decoder to use struct xdr_stream
NFSD: Add helper to set up the pages where the dirlist is encoded
NFSD: Update the NFSv2 READDIR argument decoder to use struct xdr_stream
NFSD: Update NFSv2 diropargs decoding to use struct xdr_stream
NFSD: Update the NFSv2 RENAME argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 LINK argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 SETATTR argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 CREATE argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 SYMLINK argument decoder to use struct xdr_stream
NFSD: Remove argument length checking in nfsd_dispatch()
NFSD: Update the NFSv2 GETACL argument decoder to use struct xdr_stream
NFSD: Add an xdr_stream-based decoder for NFSv2/3 ACLs
NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 ACL GETATTR argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 ACL ACCESS argument decoder to use struct xdr_stream
NFSD: Clean up after updating NFSv2 ACL decoders
NFSD: Update the NFSv3 GETACL argument decoder to use struct xdr_stream
NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream
NFSD: Clean up after updating NFSv3 ACL decoders
nfsd: remove unused stats counters
nfsd: protect concurrent access to nfsd stats counters
nfsd: report per-export stats
nfsd4: simplify process_lookup1
nfsd: simplify process_lock
nfsd: simplify nfsd_renew
nfsd: rename lookup_clientid->set_client
nfsd: refactor set_client
nfsd: find_cpntf_state cleanup
nfsd: remove unused set_client argument
nfsd: simplify nfsd4_check_open_reclaim
nfsd: cstate->session->se_client -> cstate->clp
NFSv4_2: SSC helper should use its own config.
nfs: use change attribute for NFS re-exports
nfsd: skip some unnecessary stats in the v4 case
inotify, memcg: account inotify instances to kmemcg
module: unexport find_module and module_mutex
module: use RCU to synchronize find_module
kallsyms: refactor {,module_}kallsyms_on_each_symbol
kallsyms: only build {,module_}kallsyms_on_each_symbol when required
fs: add file and path permissions helpers
namei: introduce struct renamedata
NFSD: Extract the svcxdr_init_encode() helper
NFSD: Update the GETATTR3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 ACCESS3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 LOOKUP3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 wccstat result encoder to use struct xdr_stream
NFSD: Update the NFSv3 READLINK3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 READ3res encode to use struct xdr_stream
NFSD: Update the NFSv3 WRITE3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 CREATE family of encoders to use struct xdr_stream
NFSD: Update the NFSv3 RENAMEv3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 LINK3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 FSSTAT3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 FSINFO3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 PATHCONF3res encoder to use struct xdr_stream
NFSD: Update the NFSv3 COMMIT3res encoder to use struct xdr_stream
NFSD: Add a helper that encodes NFSv3 directory offset cookies
NFSD: Count bytes instead of pages in the NFSv3 READDIR encoder
NFSD: Update the NFSv3 READDIR3res encoder to use struct xdr_stream
NFSD: Update NFSv3 READDIR entry encoders to use struct xdr_stream
NFSD: Remove unused NFSv3 directory entry encoders
NFSD: Reduce svc_rqst::rq_pages churn during READDIR operations
NFSD: Update the NFSv2 stat encoder to use struct xdr_stream
NFSD: Update the NFSv2 attrstat encoder to use struct xdr_stream
NFSD: Update the NFSv2 diropres encoder to use struct xdr_stream
NFSD: Update the NFSv2 READLINK result encoder to use struct xdr_stream
NFSD: Update the NFSv2 READ result encoder to use struct xdr_stream
NFSD: Update the NFSv2 STATFS result encoder to use struct xdr_stream
NFSD: Add a helper that encodes NFSv3 directory offset cookies
NFSD: Count bytes instead of pages in the NFSv2 READDIR encoder
NFSD: Update the NFSv2 READDIR result encoder to use struct xdr_stream
NFSD: Update the NFSv2 READDIR entry encoder to use struct xdr_stream
NFSD: Remove unused NFSv2 directory entry encoders
NFSD: Add an xdr_stream-based encoder for NFSv2/3 ACLs
NFSD: Update the NFSv2 GETACL result encoder to use struct xdr_stream
NFSD: Update the NFSv2 SETACL result encoder to use struct xdr_stream
NFSD: Update the NFSv2 ACL GETATTR result encoder to use struct xdr_stream
NFSD: Update the NFSv2 ACL ACCESS result encoder to use struct xdr_stream
NFSD: Clean up after updating NFSv2 ACL encoders
NFSD: Update the NFSv3 GETACL result encoder to use struct xdr_stream
NFSD: Update the NFSv3 SETACL result encoder to use struct xdr_stream
NFSD: Clean up after updating NFSv3 ACL encoders
NFSD: Add a tracepoint to record directory entry encoding
NFSD: Clean up NFSDDBG_FACILITY macro
nfsd: helper for laundromat expiry calculations
nfsd: Log client tracking type log message as info instead of warning
nfsd: Fix typo "accesible"
nfsd: COPY with length 0 should copy to end of file
nfsd: don't ignore high bits of copy count
nfsd: report client confirmation status in "info" file
SUNRPC: Export svc_xprt_received()
UAPI: nfsfh.h: Replace one-element array with flexible-array member
NFSD: Use DEFINE_SPINLOCK() for spinlock
fsnotify: allow fsnotify_{peek,remove}_first_event with empty queue
Revert "fanotify: limit number of event merge attempts"
fanotify: reduce event objectid to 29-bit hash
fanotify: mix event info and pid into merge key hash
fsnotify: use hash table for faster events merge
fanotify: limit number of event merge attempts
fanotify: configurable limits via sysfs
fanotify: support limited functionality for unprivileged users
fanotify_user: use upper_32_bits() to verify mask
nfsd: remove unused function
nfsd: removed unused argument in nfsd_startup_generic()
nfsd: hash nfs4_files by inode number
nfsd: track filehandle aliasing in nfs4_files
nfsd: reshuffle some code
nfsd: grant read delegations to clients holding writes
nfsd: Fix fall-through warnings for Clang
NFSv4.2: Remove ifdef CONFIG_NFSD from NFSv4.2 client SSC code.
NFS: fix nfs_fetch_iversion()
fanotify: fix permission model of unprivileged group
NFSD: Add an RPC authflavor tracepoint display helper
NFSD: Add nfsd_clid_cred_mismatch tracepoint
NFSD: Add nfsd_clid_verf_mismatch tracepoint
NFSD: Remove trace_nfsd_clid_inuse_err
NFSD: Add nfsd_clid_confirmed tracepoint
NFSD: Add nfsd_clid_reclaim_complete tracepoint
NFSD: Add nfsd_clid_destroyed tracepoint
NFSD: Add a couple more nfsd_clid_expired call sites
NFSD: Add tracepoints for SETCLIENTID edge cases
NFSD: Add tracepoints for EXCHANGEID edge cases
NFSD: Constify @fh argument of knfsd_fh_hash()
NFSD: Capture every CB state transition
NFSD: Drop TRACE_DEFINE_ENUM for NFSD4_CB_<state> macros
NFSD: Add cb_lost tracepoint
NFSD: Adjust cb_shutdown tracepoint
NFSD: Enhance the nfsd_cb_setup tracepoint
NFSD: Add an nfsd_cb_lm_notify tracepoint
NFSD: Add an nfsd_cb_offload tracepoint
NFSD: Replace the nfsd_deleg_break tracepoint
NFSD: Add an nfsd_cb_probe tracepoint
NFSD: Remove the nfsd_cb_work and nfsd_cb_done tracepoints
NFSD: Update nfsd_cb_args tracepoint
nfsd: Prevent truncation of an unlinked inode from blocking access to its directory
nfsd: move some commit_metadata()s outside the inode lock
NFSD add vfs_fsync after async copy is done
NFSD: delay unmount source's export after inter-server copy completed.
nfsd: move fsnotify on client creation outside spinlock
nfsd4: Expose the callback address and state of each NFS4 client
nfsd: fix kernel test robot warning in SSC code
NFSD: Fix error return code in nfsd4_interssc_connect()
nfsd: rpc_peeraddr2str needs rcu lock
lockd: Remove stale comments
lockd: Create a simplified .vs_dispatch method for NLM requests
lockd: Common NLM XDR helpers
lockd: Update the NLMv1 void argument decoder to use struct xdr_stream
lockd: Update the NLMv1 TEST arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 LOCK arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 CANCEL arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 UNLOCK arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 nlm_res arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 SM_NOTIFY arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 SHARE arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 FREE_ALL arguments decoder to use struct xdr_stream
lockd: Update the NLMv1 void results encoder to use struct xdr_stream
lockd: Update the NLMv1 TEST results encoder to use struct xdr_stream
lockd: Update the NLMv1 nlm_res results encoder to use struct xdr_stream
lockd: Update the NLMv1 SHARE results encoder to use struct xdr_stream
lockd: Update the NLMv4 void arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 TEST arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 LOCK arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 CANCEL arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 UNLOCK arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 nlm_res arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 SM_NOTIFY arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 SHARE arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 FREE_ALL arguments decoder to use struct xdr_stream
lockd: Update the NLMv4 void results encoder to use struct xdr_stream
lockd: Update the NLMv4 TEST results encoder to use struct xdr_stream
lockd: Update the NLMv4 nlm_res results encoder to use struct xdr_stream
lockd: Update the NLMv4 SHARE results encoder to use struct xdr_stream
nfsd: remove redundant assignment to pointer 'this'
NFSD: Prevent a possible oops in the nfs_dirent() tracepoint
nfsd: fix NULL dereference in nfs3svc_encode_getaclres
kernel/pid.c: remove static qualifier from pidfd_create()
kernel/pid.c: implement additional checks upon pidfd_create() parameters
fanotify: minor cosmetic adjustments to fid labels
fanotify: introduce a generic info record copying helper
fanotify: add pidfd support to the fanotify API
fsnotify: replace igrab() with ihold() on attach connector
fsnotify: count s_fsnotify_inode_refs for attached connectors
fsnotify: count all objects with attached connectors
fsnotify: optimize the case of no marks of any type
NFSD: Clean up splice actor
SUNRPC: Add svc_rqst_replace_page() API
NFSD: Batch release pages during splice read
NFSD: remove vanity comments
sysctl: introduce new proc handler proc_dobool
lockd: change the proc_handler for nsm_use_hostnames
nlm: minor nlm_lookup_file argument change
nlm: minor refactoring
lockd: update nlm_lookup_file reexport comment
Keep read and write fds with each nlm_file
nfs: don't atempt blocking locks on nfs reexports
lockd: don't attempt blocking locks on nfs reexports
nfs: don't allow reexport reclaims
SUNRPC: Add svc_rqst::rq_auth_stat
SUNRPC: Set rq_auth_stat in the pg_authenticate() callout
SUNRPC: Eliminate the RQ_AUTHERR flag
NFS: Add a private local dispatcher for NFSv4 callback operations
NFS: Remove unused callback void decoder
fsnotify: fix sb_connectors leak
NLM: Fix svcxdr_encode_owner()
nfsd: Fix a warning for nfsd_file_close_inode
fsnotify: pass data_type to fsnotify_name()
fsnotify: pass dentry instead of inode data
fsnotify: clarify contract for create event hooks
fsnotify: Don't insert unmergeable events in hashtable
fanotify: Fold event size calculation to its own function
fanotify: Split fsid check from other fid mode checks
inotify: Don't force FS_IN_IGNORED
fsnotify: Add helper to detect overflow_event
fsnotify: Add wrapper around fsnotify_add_event
fsnotify: Retrieve super block from the data field
fsnotify: Protect fsnotify_handle_inode_event from no-inode events
fsnotify: Pass group argument to free_event
fanotify: Support null inode event in fanotify_dfid_inode
fanotify: Allow file handle encoding for unhashed events
fanotify: Encode empty file handle when no inode is provided
fanotify: Require fid_mode for any non-fd event
fsnotify: Support FS_ERROR event type
fanotify: Reserve UAPI bits for FAN_FS_ERROR
fanotify: Pre-allocate pool of error events
fanotify: Support enqueueing of error events
fanotify: Support merging of error events
fanotify: Wrap object_fh inline space in a creator macro
fanotify: Add helpers to decide whether to report FID/DFID
fanotify: WARN_ON against too large file handles
fanotify: Report fid info for file related file system errors
fanotify: Emit generic error info for error event
fanotify: Allow users to request FAN_FS_ERROR events
SUNRPC: Trace calls to .rpc_call_done
NFSD: Optimize DRC bucket pruning
NFSD: move filehandle format declarations out of "uapi".
NFSD: drop support for ancient filehandles
NFSD: simplify struct nfsfh
NFSD: Initialize pointer ni with NULL and not plain integer 0
NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment()
SUNRPC: Replace the "__be32 *p" parameter to .pc_decode
SUNRPC: Change return value type of .pc_decode
NFSD: Save location of NFSv4 COMPOUND status
SUNRPC: Replace the "__be32 *p" parameter to .pc_encode
SUNRPC: Change return value type of .pc_encode
nfsd: update create verifier comment
NFSD:fix boolreturn.cocci warning
nfsd4: remove obselete comment
NFSD: Fix exposure in nfsd4_decode_bitmap()
NFSD: Fix READDIR buffer overflow
fsnotify: clarify object type argument
fsnotify: separate mark iterator type from object type enum
fanotify: introduce group flag FAN_REPORT_TARGET_FID
fsnotify: generate FS_RENAME event with rich information
fanotify: use macros to get the offset to fanotify_info buffer
fanotify: use helpers to parcel fanotify_info buffer
fanotify: support secondary dir fh and name in fanotify_info
fanotify: record old and new parent and name in FAN_RENAME event
fanotify: record either old name new name or both for FAN_RENAME
fanotify: report old and/or new parent+name in FAN_RENAME event
fanotify: wire up FAN_RENAME event
exit: Implement kthread_exit
exit: Rename module_put_and_exit to module_put_and_kthread_exit
NFSD: Fix sparse warning
NFSD: handle errors better in write_ports_addfd()
SUNRPC: change svc_get() to return the svc.
SUNRPC/NFSD: clean up get/put functions.
SUNRPC: stop using ->sv_nrthreads as a refcount
nfsd: make nfsd_stats.th_cnt atomic_t
SUNRPC: use sv_lock to protect updates to sv_nrthreads.
NFSD: narrow nfsd_mutex protection in nfsd thread
NFSD: Make it possible to use svc_set_num_threads_sync
SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()
NFSD: simplify locking for network notifier.
lockd: introduce nlmsvc_serv
lockd: simplify management of network status notifiers
lockd: move lockd_start_svc() call into lockd_create_svc()
lockd: move svc_exit_thread() into the thread
lockd: introduce lockd_put()
lockd: rename lockd_create_svc() to lockd_get()
SUNRPC: move the pool_map definitions (back) into svc.c
SUNRPC: always treat sv_nrpools==1 as "not pooled"
lockd: use svc_set_num_threads() for thread start and stop
NFS: switch the callback service back to non-pooled.
NFSD: Remove be32_to_cpu() from DRC hash function
NFSD: Fix inconsistent indenting
NFSD: simplify per-net file cache management
NFSD: Combine XDR error tracepoints
nfsd: improve stateid access bitmask documentation
NFSD: De-duplicate nfsd4_decode_bitmap4()
nfs: block notification on fs with its own ->lock
nfsd4: add refcount for nfsd4_blocked_lock
NFSD: Fix zero-length NFSv3 WRITEs
nfsd: map EBADF
nfsd: Add errno mapping for EREMOTEIO
nfsd: Retry once in nfsd_open on an -EOPENSTALE return
NFSD: Clean up nfsd_vfs_write()
NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)
NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()
NFSD: Write verifier might go backwards
NFSD: Clean up the nfsd_net::nfssvc_boot field
NFSD: Rename boot verifier functions
NFSD: Trace boot verifier resets
Revert "nfsd: skip some unnecessary stats in the v4 case"
NFSD: Move fill_pre_wcc() and fill_post_wcc()
nfsd: fix crash on COPY_NOTIFY with special stateid
fanotify: remove variable set but not used
lockd: fix server crash on reboot of client holding lock
lockd: fix failure to cleanup client locks
NFSD: Fix the behavior of READ near OFFSET_MAX
NFSD: Fix ia_size underflow
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
NFSD: COMMIT operations must not return NFS?ERR_INVAL
NFSD: Deprecate NFS_OFFSET_MAX
nfsd: Add support for the birth time attribute
NFSD: De-duplicate hash bucket indexing
NFSD: Skip extra computation for RC_NOCACHE case
NFSD: Streamline the rare "found" case
SUNRPC: Remove the .svo_enqueue_xprt method
SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()
SUNRPC: Remove svo_shutdown method
SUNRPC: Rename svc_create_xprt()
SUNRPC: Rename svc_close_xprt()
SUNRPC: Remove svc_shutdown_net()
NFSD: Remove svc_serv_ops::svo_module
NFSD: Move svc_serv_ops::svo_function into struct svc_serv
NFSD: Remove CONFIG_NFSD_V3
NFSD: Clean up _lm_ operation names
nfsd: fix using the correct variable for sizeof()
fsnotify: fix merge with parent's ignored mask
fsnotify: optimize FS_MODIFY events with no ignored masks
fsnotify: remove redundant parameter judgment
SUNRPC: Return true/false (not 1/0) from bool functions
nfsd: Fix a write performance regression
nfsd: Clean up nfsd_file_put()
fanotify: do not allow setting dirent events in mask of non-dir
fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.
inotify: move control flags from mask to mark flags
fsnotify: pass flags argument to fsnotify_alloc_group()
fsnotify: make allow_dups a property of the group
fsnotify: create helpers for group mark_mutex lock
inotify: use fsnotify group lock helpers
nfsd: use fsnotify group lock helpers
dnotify: use fsnotify group lock helpers
fsnotify: allow adding an inode mark without pinning inode
fanotify: create helper fanotify_mark_user_flags()
fanotify: factor out helper fanotify_mark_update_flags()
fanotify: implement "evictable" inode marks
fanotify: use fsnotify group lock helpers
fanotify: enable "evictable" inode marks
fsnotify: introduce mark type iterator
fsnotify: consistent behavior for parent not watching children
fanotify: fix incorrect fmode_t casts
NFSD: Clean up nfsd_splice_actor()
NFSD: add courteous server support for thread with only delegation
NFSD: add support for share reservation conflict to courteous server
NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd
fs/lock: add helper locks_owner_has_blockers to check for blockers
fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict
NFSD: add support for lock conflict to courteous server
NFSD: Show state of courtesy client in client info
NFSD: Clean up nfsd3_proc_create()
NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
NFSD: Refactor nfsd_create_setattr()
NFSD: Refactor NFSv3 CREATE
NFSD: Refactor NFSv4 OPEN(CREATE)
NFSD: Remove do_nfsd_create()
NFSD: Clean up nfsd_open_verified()
NFSD: Instantiate a struct file when creating a regular NFSv4 file
NFSD: Remove dprintk call sites from tail of nfsd4_open()
NFSD: Fix whitespace
NFSD: Move documenting comment for nfsd4_process_open2()
NFSD: Trace filecache opens
NFSD: Clean up the show_nf_flags() macro
SUNRPC: Use RMW bitops in single-threaded hot paths
nfsd: Unregister the cld notifier when laundry_wq create failed
nfsd: Fix null-ptr-deref in nfsd_fill_super()
nfsd: destroy percpu stats counters after reply cache shutdown
NFSD: Modernize nfsd4_release_lockowner()
NFSD: Add documenting comment for nfsd4_release_lockowner()
NFSD: nfsd_file_put() can sleep
NFSD: Fix potential use-after-free in nfsd_file_put()
SUNRPC: Optimize xdr_reserve_space()
fanotify: refine the validation checks on non-dir inode mask
NFS: restore module put when manager exits.
NFSD: Decode NFSv4 birth time attribute
lockd: set fl_owner when unlocking files
lockd: fix nlm_close_files
fs: inotify: Fix typo in inotify comment
fanotify: prepare for setting event flags in ignore mask
fanotify: cleanups for fanotify_mark() input validations
fanotify: introduce FAN_MARK_IGNORE
fsnotify: Fix comment typo
nfsd: eliminate the NFSD_FILE_BREAK_* flags
SUNRPC: Fix xdr_encode_bool()
NLM: Defend against file_lock changes after vfs_test_lock()
NFSD: Fix space and spelling mistake
nfsd: remove redundant assignment to variable len
NFSD: Demote a WARN to a pr_warn()
NFSD: Report filecache LRU size
NFSD: Report count of calls to nfsd_file_acquire()
NFSD: Report count of freed filecache items
NFSD: Report average age of filecache items
NFSD: Add nfsd_file_lru_dispose_list() helper
NFSD: Refactor nfsd_file_gc()
NFSD: Refactor nfsd_file_lru_scan()
NFSD: Report the number of items evicted by the LRU walk
NFSD: Record number of flush calls
NFSD: Zero counters when the filecache is re-initialized
NFSD: Hook up the filecache stat file
NFSD: WARN when freeing an item still linked via nf_lru
NFSD: Trace filecache LRU activity
NFSD: Leave open files out of the filecache LRU
NFSD: Fix the filecache LRU shrinker
NFSD: Never call nfsd_file_gc() in foreground paths
NFSD: No longer record nf_hashval in the trace log
NFSD: Remove lockdep assertion from unhash_and_release_locked()
NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
NFSD: Refactor __nfsd_file_close_inode()
NFSD: nfsd_file_hash_remove can compute hashval
NFSD: Remove nfsd_file::nf_hashval
NFSD: Replace the "init once" mechanism
NFSD: Set up an rhashtable for the filecache
NFSD: Convert the filecache to use rhashtable
NFSD: Clean up unused code after rhashtable conversion
NFSD: Separate tracepoints for acquire and create
NFSD: Move nfsd_file_trace_alloc() tracepoint
NFSD: NFSv4 CLOSE should release an nfsd_file immediately
NFSD: Ensure nf_inode is never dereferenced
NFSD: refactoring v4 specific code to a helper in nfs4state.c
NFSD: keep track of the number of v4 clients in the system
NFSD: limit the number of v4 clients to 1024 per 1GB of system memory
nfsd: silence extraneous printk on nfsd.ko insertion
NFSD: Optimize nfsd4_encode_operation()
NFSD: Optimize nfsd4_encode_fattr()
NFSD: Clean up SPLICE_OK in nfsd4_encode_read()
NFSD: Add an nfsd4_read::rd_eof field
NFSD: Optimize nfsd4_encode_readv()
NFSD: Simplify starting_len
NFSD: Use xdr_pad_size()
NFSD: Clean up nfsd4_encode_readlink()
NFSD: Fix strncpy() fortify warning
NFSD: nfserrno(-ENOMEM) is nfserr_jukebox
NFSD: Shrink size of struct nfsd4_copy_notify
NFSD: Shrink size of struct nfsd4_copy
NFSD: Reorder the fields in struct nfsd4_op
NFSD: Make nfs4_put_copy() static
NFSD: Replace boolean fields in struct nfsd4_copy
NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)
NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)
NFSD: Refactor nfsd4_do_copy()
NFSD: Remove kmalloc from nfsd4_do_async_copy()
NFSD: Add nfsd4_send_cb_offload()
NFSD: Move copy offload callback arguments into a separate structure
NFSD: drop fh argument from alloc_init_deleg
NFSD: verify the opened dentry after setting a delegation
NFSD: introduce struct nfsd_attrs
NFSD: set attributes when creating symlinks
NFSD: add security label to struct nfsd_attrs
NFSD: add posix ACLs to struct nfsd_attrs
NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning.
NFSD: always drop directory lock in nfsd_unlink()
NFSD: only call fh_unlock() once in nfsd_link()
NFSD: reduce locking in nfsd_lookup()
NFSD: use explicit lock/unlock for directory ops
NFSD: use (un)lock_inode instead of fh_(un)lock for file operations
NFSD: discard fh_locked flag and fh_lock/fh_unlock
lockd: detect and reject lock arguments that overflow
NFSD: fix regression with setting ACLs.
nfsd_splice_actor(): handle compound pages
NFSD: move from strlcpy with unused retval to strscpy
lockd: move from strlcpy with unused retval to strscpy
NFSD enforce filehandle check for source file in COPY
NFSD: remove redundant variable status
nfsd: Avoid some useless tests
nfsd: Propagate some error code returned by memdup_user()
NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND
NFSD: Protect against send buffer overflow in NFSv2 READDIR
NFSD: Protect against send buffer overflow in NFSv3 READDIR
NFSD: Protect against send buffer overflow in NFSv2 READ
NFSD: Protect against send buffer overflow in NFSv3 READ
NFSD: drop fname and flen args from nfsd_create_locked()
NFSD: Fix handling of oversized NFSv4 COMPOUND requests
nfsd: clean up mounted_on_fileid handling
nfsd: remove nfsd4_prepare_cb_recall() declaration
NFSD: Add tracepoints to report NFSv4 callback completions
NFSD: Add a mechanism to wait for a DELEGRETURN
NFSD: Refactor nfsd_setattr()
NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY
NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY
NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY
NFSD: keep track of the number of courtesy clients in the system
NFSD: add shrinker to reap courtesy clients on low memory condition
SUNRPC: Parametrize how much of argsize should be zeroed
NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing
NFSD: Refactor common code out of dirlist helpers
NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks
NFSD: Clean up WRITE arg decoders
NFSD: Clean up nfs4svc_encode_compoundres()
NFSD: Remove "inline" directives on op_rsize_bop helpers
NFSD: Remove unused nfsd4_compoundargs::cachetype field
NFSD: Pack struct nfsd4_compoundres
nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops
nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops
nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops
nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops
nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops
NFSD: Rename the fields in copy_stateid_t
NFSD: Cap rsize_bop result based on send buffer size
nfsd: only fill out return pointer on success in nfsd4_lookup_stateid
nfsd: fix comments about spinlock handling with delegations
nfsd: make nfsd4_run_cb a bool return function
nfsd: extra checks when freeing delegation stateids
fs/notify: constify path
fsnotify: remove unused declaration
fanotify: Remove obsoleted fanotify_event_has_path()
nfsd: fix nfsd_file_unhash_and_dispose
nfsd: rework hashtable handling in nfsd_do_file_acquire
NFSD: unregister shrinker when nfsd_init_net() fails
nfsd: fix net-namespace logic in __nfsd_file_cache_purge
nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
nfsd: put the export reference in nfsd4_verify_deleg_dentry
NFSD: Fix reads with a non-zero offset that don't end on a page boundary
filelock: add a new locks_inode_context accessor function
lockd: use locks_inode_context helper
nfsd: use locks_inode_context helper
NFSD: Simplify READ_PLUS
NFSD: Remove redundant assignment to variable host_err
NFSD: Finish converting the NFSv2 GETACL result encoder
NFSD: Finish converting the NFSv3 GETACL result encoder
nfsd: ignore requests to disable unsupported versions
nfsd: move nfserrno() to vfs.c
nfsd: allow disabling NFSv2 at compile time
exportfs: use pr_debug for unreachable debug statements
NFSD: Pass the target nfsd_file to nfsd_commit()
NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately"
NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection
NFSD: Flesh out a documenting comment for filecache.c
NFSD: Clean up nfs4_preprocess_stateid_op() call sites
NFSD: Trace stateids returned via DELEGRETURN
NFSD: Trace delegation revocations
NFSD: Use const pointers as parameters to fh_ helpers
NFSD: Update file_hashtbl() helpers
NFSD: Clean up nfsd4_init_file()
NFSD: Add a nfsd4_file_hash_remove() helper
NFSD: Clean up find_or_add_file()
NFSD: Refactor find_file()
NFSD: Use rhashtable for managing nfs4_file objects
NFSD: Fix licensing header in filecache.c
nfsd: remove the pages_flushed statistic from filecache
nfsd: reorganize filecache.c
nfsd: fix up the filecache laundrette scheduling
NFSD: Add an nfsd_file_fsync tracepoint
lockd: set other missing fields when unlocking files
nfsd: return error if nfs4_setacl fails
NFSD: Use struct_size() helper in alloc_session()
lockd: set missing fl_flags field when retrieving args
lockd: ensure we use the correct file descriptor when unlocking
lockd: fix file selection in nlmsvc_cancel_blocked
NFSD: pass range end to vfs_fsync_range() instead of count
NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
NFSD: add support for sending CB_RECALL_ANY
NFSD: add delegation reaper to react to low memory condition
NFSD: Use only RQ_DROPME to signal the need to drop a reply
NFSD: Avoid clashing function prototypes
nfsd: rework refcounting in filecache
nfsd: fix handling of cached open files in nfsd4_open codepath
Revert "SUNRPC: Use RMW bitops in single-threaded hot paths"
NFSD: Use set_bit(RQ_DROPME)
NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time
NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
nfsd: don't free files unconditionally in __nfsd_file_cache_purge
nfsd: don't destroy global nfs4_file table in per-net shutdown
NFSD: enhance inter-server copy cleanup
nfsd: allow nfsd_file_get to sanely handle a NULL pointer
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
nfsd: don't hand out delegation on setuid files being opened for write
NFSD: fix problems with cleanup on errors in nfsd4_copy
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
nfsd: don't fsync nfsd_files on last close
NFSD: copy the whole verifier in nfsd_copy_write_verifier
NFSD: Protect against filesystem freezing
lockd: set file_lock start and end when decoding nlm4 testargs
nfsd: don't replace page in rq_pages if it's a continuation of last page
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
nfsd: call op_release, even when op_func returns an error
nfsd: don't open-code clear_and_wake_up_bit
nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
nfsd: don't kill nfsd_files because of lease break error
nfsd: add some comments to nfsd_file_do_acquire
nfsd: don't take/put an extra reference when putting a file
nfsd: update comment over __nfsd_file_cache_purge
nfsd: allow reaping files still under writeback
NFSD: Convert filecache to rhltable
nfsd: simplify the delayed disposal list code
NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
nfsd: make a copy of struct iattr before calling notify_change
nfsd: fix double fget() bug in __write_ports_addfd()
lockd: drop inappropriate svc_get() from locked_get()
NFSD: Add an nfsd4_encode_nfstime4() helper
nfsd: Fix creation time serialization order
nfsd: don't allow nfsd threads to be signalled.
nfsd: Simplify code around svc_exit_thread() call in nfsd()
nfsd: separate nfsd_last_thread() from nfsd_put()
Documentation: Add missing documentation for EXPORT_OP flags
NFSD: fix possible oops when nfsd/pool_stats is closed.
nfsd: call nfsd_last_thread() before final nfsd_put()
nfsd: drop the nfsd_put helper
nfsd: fix RELEASE_LOCKOWNER
nfsd: don't take fi_lock in nfsd_break_deleg_cb()
nfsd: don't call locks_release_private() twice concurrently
nfsd: Fix a regression in nfsd_setattr()
Linux 5.10.220
Change-Id: I589ec5e63d1f985ab69f9755b9a87330627d44c5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
fedef46c69 |
This is the 5.10.219 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmZuzl4ACgkQONu9yGCS
aT7+ohAAyRkTis6xeME1FWIJthCJl8FzUq9nfN+OccK3TwCbXyZKXlZK8lVz0T5U
DvG1Tg+rR76+hIJghMIy2FEPRBA19WMq9a+Ms2ZyyggPrlgksFivO8N8YgnIxabb
EJPN7pAzO+GA+vd8YeGeK1ldq8QUISlN35s+hkur1jeBctWRcpHeOTjIej/Qytmj
ny1o7hCp179+SPygSEYEYtguACaQflhfBjOgAQ9DwWjP6vO2W9Vb16X4tiT0udHm
ExPjOwxbEMN/7m9gKrnl6WcIROSOy55FnfcYZP+NRY4jBlANUgXF1ca9hAhcIKSv
oOyeRN5S3FZAdxIHG9SFU9b6MPwJSeO5ETQyfiRGNFRkXOa2tKknNSsuACu8kSwx
SKJIpcuW1DkortwsYFbilXdl6TrK6oCcEczV5qtludcRoDznfUGejb5e81v3yYkO
no6ORvBJSBnEObY+gpexvxQp2Ae1+YkSLJaDzYWMC+JHBIgWTz2F2qJJkP6bRAUV
QduFTdTenDnL7zW3DseZGJKotU95cUoKNAwa7wfboZeygHc2+KaUOchKcqI0P9dZ
pS27RzcAJJ2uufujofyxOOhzFKw98WFurfNsMZTDBwHuqReoiRAS7pi0PeTMuqUv
GC8V1eIKgeWdI+pdTZLXylziiM41IylLjU/hxCrsykb+EwFa5NY=
=B1lK
-----END PGP SIGNATURE-----
Merge 5.10.219 into android12-5.10-lts
Changes in 5.10.219
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
speakup: Fix sizeof() vs ARRAY_SIZE() bug
ring-buffer: Fix a race between readers and resize checks
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
ALSA: core: Fix NULL module pointer assignment at card init
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: da7219-aad: fix usage of device_get_named_child_node()
drm/amdkfd: Flush the process wq before creating a kfd_process
nvme: find numa distance only if controller has valid numa id
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
wifi: ath10k: poll service ready message before failing
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
qed: avoid truncating work queue length
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs-qcom: Fix ufs RST_n spec violation
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Fix "ignore unlock failures after withdraw"
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: Reorganize checks in cpufreq_offline()
cpufreq: Split cpufreq_offline()
cpufreq: Rearrange locking in cpufreq_remove_dev()
cpufreq: exit() callback is optional
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
wifi: ath10k: populate board data for WCN3990
tcp: avoid premature drops in tcp_add_backlog()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
wifi: mwl8k: initialize cmd->addr[] properly
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Discard command completions in internal error
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: soc-acpi: add helper to identify parent driver.
ASoC: Intel: Disable route checks for Skylake boards
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
media: ngene: Add dvb_ca_en50221_init return value check
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
RDMA/hns: Refactor the hns_roce_buf allocation flow
RDMA/hns: Create QP with selected QPN for bank load balance
RDMA/hns: Fix incorrect symbol types
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ext4: avoid excessive credit estimate in ext4_tmpfile()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: Make the test output consistent and clear
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: qrtr: fix null-ptr-deref in qrtr_ns_remove
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
greybus: lights: check return of get_channel_from_mode
f2fs: fix to wait on page writeback in __clone_blkaddrs()
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
f2fs: compress: support chksum
f2fs: add compress_mode mount option
f2fs: compress: clean up parameter of __f2fs_cluster_blocks()
f2fs: compress: remove unneeded preallocation
f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: add cp_error check in f2fs_write_compressed_pages
f2fs: fix to force keeping write barrier for strict fsync mode
f2fs: do not allow partial truncation on pinned file
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: pressure: dps310: support negative temperature values
fpga: region: change FPGA indirect article to an
fpga: region: Rename dev to parent for parent device
docs: driver-api: fpga: avoid using UTF-8 chars
fpga: region: Use standard dev_release for class driver
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dpu: Always flush the slave INTF on the CTL
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
media: flexcop-usb: clean up endpoint sanity checks
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: core headers: fix kernel-doc warnings
media: cec: fix a deadlock situation
media: cec: call enable_adap on s_log_addrs
media: cec: abort if the current transmit was canceled
media: cec: correctly pass on reply results
media: cec: use call_op and check for !unregistered
media: cec-adap.c: drop activate_cnt, use state info instead
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
regulator: bd71828: Don't overwrite runtime voltages
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
ipv6: sr: fix memleak in seg6_hmac_init_algo
params: lift param_set_uint_minmax to common code
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
nvmet: fix ns enable/disable possible hang
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
enic: Validate length of nl attributes in enic_set_vf_port
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
netfilter: tproxy: bail out if IP has been disabled on the device
kconfig: fix comparison to constant symbols, 'm', 'n'
spi: stm32: Don't warn about spurious interrupts
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
hwmon: (shtc1) Fix property misspelling
ALSA: timer: Set lower bound of start tick time
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
media: cec: core: add adap_nb_transmit_canceled() callback
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
binder: fix max_thread type inconsistency
mmc: core: Do not force a retune before RPMB switch
io_uring: fail NOP if non-zero op flags is passed in
afs: Don't cross .backup mountpoint from backup volume
nilfs2: fix use-after-free of timer for log writer thread
vxlan: Fix regression when dropping packets due to invalid src addresses
x86/mm: Remove broken vsyscall emulation code from the page fault code
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
media: lgdt3306a: Add a check against null-pointer-def
drm/amdgpu: add error handle to avoid out-of-bounds
ata: pata_legacy: make legacy_exit() work again
ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
arm64: tegra: Correct Tegra132 I2C alias
arm64: dts: qcom: qcs404: fix bluetooth device address
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
arm64: dts: hi3798cv200: fix the size of GICR
media: mc: mark the media devnode as registered from the, start
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
mmc: core: Add mmc_gpiod_set_cd_config() function
mmc: sdhci-acpi: Sort DMI quirks alphabetically
mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
fbdev: savage: Handle err return when savagefb_check_var failed
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
crypto: ecrdsa - Fix module auto-load on add_key
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
net/ipv6: Fix route deleting failure when metric equals 0
net/9p: fix uninit-value in p9_client_rpc()
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
s390/ap: Fix crash in AP internal function modify_bitmap()
nfs: fix undefined behavior in nfs_block_bits()
NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
f2fs: compress: fix compression chksum
RDMA/hns: Use mutex instead of spinlock for ida allocation
RDMA/hns: Fix CQ and QP cache affinity
Linux 5.10.219
Change-Id: I0e21ff44d28df2a2802a9fb35f0959bb5ab528fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|