deec4e9c07
15099 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
deec4e9c07
|
Merge tag 'ASB-2024-09-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-09-01 CVE-2024-36972 * tag 'ASB-2024-09-05_12-5.10' of https://android.googlesource.com/kernel/common: (1565 commits) ANDROID: delete tool added by mistake ANDROID: GKI: Add initialization for rwsem's oem_data and vendor_data. ANDROID: GKI: Add initialization for mutex oem_data. ANDROID: fix ENOMEM check of binder_proc_ext ANDROID: binder: fix KMI issues due to frozen notification BACKPORT: FROMGIT: binder: frozen notification binder_features flag BACKPORT: FROMGIT: binder: frozen notification UPSTREAM: selftests/binderfs: add test for feature files UPSTREAM: docs: binderfs: add section about feature files UPSTREAM: binderfs: add support for feature files ANDROID: GKI: Add symbol to symbol list for vivo. ANDROID: vendor_hooks: add hooks to modify pageflags ANDROID: GKI: Add pageflags for OEM ANDROID: GKI: Update symbol list for vivo ANDROID: vendor_hooks: add vendor hooks for fuse request UPSTREAM: net: sched: sch_multiq: fix possible OOB write in multiq_tune() ANDROID: Update the GKI symbol list and ABI XML ANDROID: irqchip/irq-gic-v3: Add vendor hook for gic suspend FROMLIST: binder: fix UAF caused by offsets overwrite ANDROID: gki - set CONFIG_USB_NET_AX88179_178A=y (usb gbit ethernet dongle) ... Conflicts: Documentation/devicetree/bindings/i2c/google,cros-ec-i2c-tunnel.yaml Documentation/devicetree/bindings/sound/rt5645.txt Documentation/devicetree/bindings~HEAD drivers/scsi/ufs/ufs-qcom.c net/qrtr/af_qrtr.c net/qrtr/ns.c net/qrtr/qrtr.h Change-Id: I50a93cfc0ff67778b19609e93cb577f63a517baa |
||
|
Michael Bestas
|
d613c46b79
|
Merge tag 'ASB-2024-08-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_12-5.10' of https://android.googlesource.com/kernel/common: ANDROID: GKI: remove export of tracing control functions ANDROID: Incremental fs: Retry page faults on non-fatal errors ANDROID: update ABI XML due to struct clk_core change UPSTREAM: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() UPSTREAM: f2fs: avoid false alarm of circular locking UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock ANDROID: userfaultfd: Fix use-after-free in userfaultfd_using_sigbus() ANDROID: 16K: Don't set padding vm_flags on 32-bit archs ANDROID: update .xml file due to struct clk_core abi change ANDROID: mark DRM_VMWGFX as BROKEN Revert "ANDROID: Setting up GS before calling __restore_processor_state." Revert "block: introduce zone_write_granularity limit" Revert "block: Clear zone limits for a non-zoned stacked queue" Revert "scsi: sd: Fix wrong zone_write_granularity value during revalidate" Revert "PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()" Revert "PCI: Cache PCIe Device Capabilities register" Revert "PCI: Work around Intel I210 ROM BAR overlap defect" Revert "PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited" Revert "PCI/DPC: Quirk PIO log size for certain Intel Root Ports" Revert "PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports" Revert "PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports" Revert "timers: Rename del_timer_sync() to timer_delete_sync()" Linux 5.10.218 docs: kernel_include.py: Cope with docutils 0.21 serial: kgdboc: Fix NMI-safety problems from keyboard reset code usb: typec: ucsi: displayport: Fix potential deadlock drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() mptcp: ensure snd_nxt is properly initialized on connect firmware: arm_scmi: Harden accesses to the reset domains KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection netlink: annotate lockless accesses to nlk->max_recvmsg_len ima: fix deadlock when traversing "ima_default_rules". net: bcmgenet: synchronize UMAC_CMD access net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" x86/xen: Drop USERGS_SYSRET64 paravirt call pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Linux 5.10.217 md: fix kmemleak of rdev->serial keys: Fix overwrite of key expiration on instantiation regulator: core: fix debugfs creation regression hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us net: fix out-of-bounds access in ops_init drm/vmwgfx: Fix invalid reads in fence signaled events mei: me: add lunar lake point M DID dyndbg: fix old BUG_ON in >control parser ASoC: tegra: Fix DSPK 16-bit playback net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() tipc: fix UAF in error path iio: accel: mxc4005: Interrupt handling fixes iio:imu: adis16475: Fix sync mode setting ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU usb: dwc3: core: Prevent phy suspend during init usb: xhci-plat: Don't include xhci.h usb: gadget: f_fs: Fix a race condition when processing setup packets. usb: gadget: composite: fix OS descriptors w_value logic usb: ohci: Prevent missed ohci interrupts usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device usb: typec: ucsi: Fix connector check on init usb: typec: ucsi: Check for notifications after init arm64: dts: qcom: Fix 'interrupt-map' parent address cells firewire: nosy: ensure user_length is taken into account when fetching packet contents btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() net: hns3: use appropriate barrier function after setting a bit value ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net: bridge: fix corrupted ethernet header on multicast-to-unicast kcov: Remove kcov include from sched.h and move it to its users. phonet: fix rtm_phonet_notify() skb allocation hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Use a separate buffer for sending commands rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets xfrm: Preserve vlan tags for transport mode software GRO net:usb:qmi_wwan: support Rolling modules drm/nouveau/dp: Don't probe eDP ports twice harder fs/9p: drop inodes immediately on non-.L too clk: Don't hold prepare_lock when calling kref_put() gpio: crystalcove: Use -ENOTSUPP consistently gpio: wcove: Use -ENOTSUPP consistently 9p: explicitly deny setlease attempts fs/9p: translate O_TRUNC into OTRUNC fs/9p: only translate RWX permissions for plain 9P2000 selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior MIPS: scall: Save thread_info.syscall unconditionally on entry gpu: host1x: Do not setup DMA for virtual devices blk-iocost: avoid out of bounds shift scsi: target: Fix SELinux error when systemd-modules loads the target module btrfs: always clear PERTRANS metadata during commit btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve tools/power turbostat: Fix Bzy_MHz documentation typo tools/power turbostat: Fix added raw MSR output firewire: ohci: mask bus reset interrupts between ISR and bottom half ata: sata_gemini: Check clk_enable() result net: bcmgenet: Reset RBUF on first open ALSA: line6: Zero-initialize message buffers btrfs: return accurate error code on open failure in open_fs_devices() scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload net: mark racy access on sk->sk_rcvbuf wifi: cfg80211: fix rdev_dump_mpp() arguments order wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc gfs2: Fix invalid metadata access in punch_hole scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change net: gro: add flush check in udp_gro_receive_segment tipc: fix a possible memleak in tipc_buf_append net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix multicast-to-unicast with fraglist GSO net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 cxgb4: Properly lock TX queue for the selftest. ASoC: meson: cards: select SND_DYNAMIC_MINORS ASoC: Fix 7/8 spaces indentation in Kconfig net: qede: use return from qede_parse_actions() net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_flow_attr() for flower net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() s390/vdso: Add CFI for RA register to asm macro vdso_func net l2tp: drop flow hash on forward nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). octeontx2-af: avoid off-by-one read from userspace bna: ensure the copied buf is NUL terminated s390/mm: Fix clearing storage keys for huge pages s390/mm: Fix storage key clearing for guest huge pages regulator: mt6360: De-capitalize devicetree regulator subnodes pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() power: rt9455: hide unused rt9455_boost_voltage_values nfs: Handle error of rpc_proc_register() in nfs_net_init(). nfs: make the rpc_stat per net namespace nfs: expose /proc/net/sunrpc/nfs in net namespaces sunrpc: add a struct rpc_stats arg to rpc_create_args pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: core: delete incorrect free in pinctrl_enable() pinctrl/meson: fix typo in PDM's pin name pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T eeprom: at24: fix memory corruption race condition eeprom: at24: Probe for DDR3 thermal sensor in the SPD case eeprom: at24: Use dev_err_probe for nvmem register failure wifi: nl80211: don't free NULL coalescing rule dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" dmaengine: pl330: issue_pending waits until WFP state Linux 5.10.216 riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled serial: core: fix kernel-doc for uart_port_unlock_irqrestore() udp: preserve the connected status if only UDP cmsg bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up i2c: smbus: fix NULL function pointer dereference riscv: Fix TASK_SIZE on 64-bit NOMMU riscv: fix VMALLOC_START definition dma: xilinx_dpdma: Fix locking idma64: Don't try to serve interrupts when device is powered off dmaengine: owl: fix register access functions tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() tcp: Clean up kernel listener's reqsk in inet_twsk_purge() mtd: diskonchip: work around ubsan link failure stackdepot: respect __GFP_NOLOCKDEP allocation flag net: b44: set pause params only when interface is up ethernet: Add helper for assigning packet type when dest address does not match device address irqchip/gic-v3-its: Prevent double free on error drm/amdgpu: Fix leak when GPU memory allocation fails drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma cpu: Re-enable CPU mitigations by default for !X86 architectures btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() PM / devfreq: Fix buffer overflow in trans_stat_show tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together tracing: Show size of requested perf buffer net/mlx5e: Fix a race in command alloc flow Revert "crypto: api - Disallow identical driver names" serial: mxs-auart: add spinlock around changing cts state serial: core: Provide port lock wrappers af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets iavf: Fix TC config comparison with existing adapter TC config i40e: Report MFS in decimal base instead of hex i40e: Do not use WQ_MEM_RECLAIM flag for workqueue netfilter: nf_tables: honor table dormant flag from netdev release event path mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work net: openvswitch: Fix Use-After-Free in ovs_ct_exit ipvs: Fix checksumming on GSO of SCTP packets net: gtp: Fix Use-After-Free in gtp_dellink net: usb: ax88179_178a: stop lying about skb->truesize ipv4: check for NULL idev in ip_route_use_hint() NFC: trf7970a: disable all regulators on removal mlxsw: core: Unregister EMAD trap using FORWARD action vxlan: drop packets from invalid src-address wifi: iwlwifi: mvm: remove old PASN station when adding a new one ARC: [plat-hsdk]: Remove misplaced interrupt-cells property arm64: dts: mediatek: mt2712: fix validation errors arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch arm64: dts: mediatek: mt7622: add support for coherent DMA arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma arm64: dts: rockchip: fix alphabetical ordering RK3399 puma nilfs2: fix OOB in nilfs_set_de_type nouveau: fix instmem race condition around ptr stores drm/amdgpu: validate the parameters of bo mapping operations more clearly init/main.c: Fix potential static_command_line memory overflow fs: sysfs: Fix reference leak in sysfs_break_active_protection() speakup: Avoid crash on very long word mei: me: disable RPL-S on SPS and IGN firmwares usb: Disable USB3 LPM at shutdown usb: dwc2: host: Fix dereference issue in DDMA completion flow. Revert "usb: cdc-wdm: close race between read and workqueue" USB: serial: option: add Telit FN920C04 rmnet compositions USB: serial: option: add Rolling RW101-GL and RW135-GL support USB: serial: option: support Quectel EM060K sub-models USB: serial: option: add Lonsung U8300/U9300 product USB: serial: option: add support for Fibocom FM650/FG650 USB: serial: option: add Fibocom FM135-GL variants serial/pmac_zilog: Remove flawed mitigation for rx irq flood comedi: vmk80xx: fix incomplete endpoint checking thunderbolt: Fix wake configurations after device unplug thunderbolt: Avoid notify PM core about runtime PM resume binder: check offset alignment in binder_get_object() x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ clk: Get runtime PM before walking tree during disable_unused clk: Initialize struct clk_core kref earlier clk: Print an info line before disabling unused clocks clk: remove extra empty line clk: Mark 'all_lists' as const clk: Remove prepare_lock hold assertion in __clk_release() drm/panel: visionox-rm69299: don't unregister DSI device drm: nv04: Fix out of bounds access RDMA/mlx5: Fix port number for counter query in multi-port configuration RDMA/cm: Print the old state when cm_destroy_id gets timeout RDMA/rxe: Fix the problem "mutex_destroy missing" tun: limit printing rate when illegal packet received by tun dev netfilter: nft_set_pipapo: do not free live element netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" kprobes: Fix possible use-after-free issue on kprobe registration selftests/ftrace: Limit length in subsystem-enable tests riscv: process: Fix kernel gp leakage riscv: Enable per-task stack canaries btrfs: record delayed inode root in transaction irqflags: Explicitly ignore lockdep_hrtimer_exit() argument x86/apic: Force native_apic_mem_read() to use the MOV instruction selftests: timers: Fix abs() warning in posix_timers test x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n vhost: Add smp_rmb() in vhost_vq_avail_empty() drm/client: Fully protect modes[] with dev->mode_config.mutex btrfs: qgroup: correctly model root qgroup rsv in convert mailbox: imx: fix suspend failue iommu/vt-d: Allocate local memory for page request queue net: ena: Fix incorrect descriptor free behavior net: ena: Wrong missing IO completions check order net: ena: Fix potential sign extension issue af_unix: Fix garbage collector racing against connect() af_unix: Do not use atomic ops for unix_sk(sk)->inflight. net/mlx5: Properly link new fs rules into the tree netfilter: complete validation of user input Bluetooth: SCO: Fix not validating setsockopt user input ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr ipv4/route: avoid unused-but-set-variable warning ipv6: fib: hide unused 'pn' variable octeontx2-af: Fix NIX SQ mode and BP config geneve: fix header validation in geneve[6]_xmit_skb xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file net: openvswitch: fix unwanted error log on timeout policy probing nouveau: fix function cast warning media: cec: core: remove length check of Timer Status Bluetooth: Fix memory leak in hci_req_sync_complete() batman-adv: Avoid infinite loop trying to resize local TT Linux 5.10.215 x86/head/64: Re-enable stack protection x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk scsi: sd: Fix wrong zone_write_granularity value during revalidate kbuild: dummy-tools: adjust to stricter stackprotector check VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Bluetooth: btintel: Fixe build regression drm/i915/gt: Reset queue_priority_hint on parking x86/mm/pat: fix VM_PAT handling in COW mappings virtio: reenable config if freezing device failed tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc netfilter: nf_tables: discard table flag update with pending basechain deletion netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: release batch on table validation from abort path fbmon: prevent division by zero in fb_videomode_from_videomode() drivers/nvme: Add quirks for device 126f:2262 fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined usb: typec: tcpci: add generic tcpci fallback compatible tools: iio: replace seekdir() in iio_generic_buffer ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment ktest: force $buildonly = 1 for 'make_warnings_file' test type platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Input: allocate keycode for Display refresh rate toggle RDMA/cm: add timeout to cm_destroy_id wait block: prevent division by zero in blk_rq_stat_sum() libperf evlist: Avoid out-of-bounds access Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int drm/amd/display: Fix nanosec stat overflow ext4: forbid commit inconsistent quota data when errors=remount-ro ext4: add a hint for block bitmap corrupt state in mb_groups media: sta2x11: fix irq handler cast isofs: handle CDs with bad root inode but good Joliet root directory scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() sysv: don't call sb_bread() with pointers_lock held pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Bluetooth: btintel: Fix null ptr deref in btintel_read_version net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() btrfs: send: handle path ref underflow in header iterate_inode_ref() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() pstore/zone: Add a null pointer check to the psz_kmsg_read ionic: set adminq irq affinity arm64: dts: rockchip: fix rk3399 hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node panic: Flush kernel log buffer at the end VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: ath9k: fix LNA selection in ath_ant_try_scan() objtool: Add asm version of STACK_FRAME_NON_STANDARD x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word mptcp: don't account accept() of non-MPC client as fallback to TCP x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/bugs: Fix the SRSO mitigation on Zen3/4 riscv: Fix spurious errors from __get/put_kernel_nofault s390/entry: align system call table on 8 bytes x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals driver core: Introduce device_link_wait_removal() ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone ata: sata_mv: Fix PCI device ID table declaration compilation warning scsi: mylex: Fix sysfs buffer lengths ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor net: ravb: Always process TX descriptor ring udp: do not accept non-tunnel GSO skbs landing in a tunnel Revert "usb: phy: generic: Get the vbus supply" scsi: qla2xxx: Update manufacturer detail scsi: qla2xxx: Update manufacturer details i40e: fix vf may be used uninitialized in this function warning i40e: fix i40e_count_filters() to count only active/new filters octeontx2-pf: check negative error code in otx2_open() udp: do not transition UDP GRO fraglist partial checksums to unnecessary ipv6: Fix infinite recursion in fib6_dump_done(). selftests: reuseaddr_conflict: add missing new line at the end of the output erspan: make sure erspan_base_hdr is present in skb->head net: stmmac: fix rx queue priority assignment net/sched: act_skbmod: prevent kernel-infoleak bpf, sockmap: Prevent lock inversion deadlock in map delete elem vboxsf: Avoid an spurious warning if load_nls_xxx() fails netfilter: validate user input for expected length netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: reject new basechain after table flag update block: add check that partition length needs to be aligned with block size x86/srso: Add SRSO mitigation for Hygon processors mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." io_uring: ensure '0' is returned on file registration success vfio/fsl-mc: Block calling interrupt handler without trigger vfio/platform: Create persistent IRQ handlers vfio/pci: Create persistent INTx handler vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Lock external INTx masking ops vfio/pci: Disable auto-enable of exclusive INTx IRQ net/rds: fix possible cp null dereference netfilter: nf_tables: disallow timeout for anonymous sets Bluetooth: Fix TOCTOU in HCI debugfs implementation Bluetooth: hci_event: set the conn encrypted before conn establishes x86/cpufeatures: Add new word for scattered features r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d dm integrity: fix out-of-range warning Octeontx2-af: fix pause frame configuration in GMP mode bpf: Protect against int overflow for stack access size ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() tcp: properly terminate timers for kernel sockets ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet USB: core: Fix deadlock in usb_deauthorize_interface() scsi: lpfc: Correct size for wqe for memset() PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: qla2xxx: Delay I/O Abort on PCI error scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Split FCE|EFT trace control usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset usb: typec: ucsi: Ack unsupported commands usb: udc: remove warning when queue disabled ep usb: dwc2: gadget: LPM flow fix usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix remote wakeup from hibernation USB: core: Add hub_get() and hub_put() routines staging: vc04_services: fix information leak in create_component() staging: vc04_services: changen strncpy() to strscpy_pad() scsi: core: Fix unremoved procfs host directory regression ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs usb: cdc-wdm: close race between read and workqueue net: ll_temac: platform_get_resource replaced by wrong function mmc: core: Avoid negative index with array access mmc: core: Initialize mmc_blk_ioc_data hexagon: vmlinux.lds.S: handle attributes section exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes init: open /initrd.image with O_LARGEFILE mm/migrate: set swap entry values of THP tail pages properly. mm/memory-failure: fix an incorrect use of tail pages serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO powerpc: xor_vmx: Add '-mhard-float' to CFLAGS efivarfs: Request at most 512 bytes for variable names perf/core: Fix reentry problem in perf_output_read_group() KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests x86/rfds: Mitigate Register File Data Sampling (RFDS) Documentation/hw-vuln: Add documentation for RFDS x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set KVM/VMX: Move VERW closer to VMentry for MDS mitigation KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key x86/entry_32: Add VERW just before userspace transition x86/entry_64: Add VERW just before userspace transition x86/bugs: Add asm helpers for executing VERW x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix btrfs: allocate btrfs_ioctl_defrag_range_args on stack printk: Update @console_may_schedule in console_trylock_spinning() xen/events: close evtchn after mapping cleanup tee: optee: Fix kernel panic caused by incorrect error handling fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion vt: fix unicode buffer corruption when deleting characters mei: me: add arrow lake point H DID mei: me: add arrow lake point S DID tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled usb: port: Don't try to peer unused USB ports based on location usb: gadget: ncm: Fix handling of zero block length packets USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" comedi: comedi_test: Prevent timers rescheduling during deletion scripts: kernel-doc: Fix syntax error due to undeclared args variable x86/pm: Work around false positive kmemleak report in msr_build_context() x86/stackprotector/32: Make the canary into a regular percpu variable vxge: remove unnecessary cast in kfree() dm snapshot: fix lockup in dm_exception_table_exit drm/amd/display: Fix noise issue on HDMI AV mute drm/amd/display: Return the correct HDCP error code ahci: asm1064: asm1166: don't limit reported ports ahci: asm1064: correct count of reported ports wireguard: netlink: access device through ctx instead of peer wireguard: netlink: check for dangling peer via is_dead instead of empty list net: hns3: tracing: fix hclgevf trace event strings x86/CPU/AMD: Update the Zenbleed microcode revisions cpufreq: dt: always allocate zeroed cpumask nilfs2: prevent kernel bug at submit_bh_wbc() nilfs2: fix failure to detect DAT corruption in btree and direct mappings memtest: use {READ,WRITE}_ONCE in memory scanning drm/vc4: hdmi: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/exynos: do not return negative values from .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() s390/zcrypt: fix reference counting on zcrypt card objects soc: fsl: qbman: Use raw spinlock for cgr_lock soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Always disable interrupts when taking cgr_lock ring-buffer: Fix full_waiters_pending in poll ring-buffer: Fix resetting of shortest_full ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix waking up ring buffer readers vfio/platform: Disable virqfds on cleanup PCI: dwc: endpoint: Fix advertised resizable BAR size kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 nfs: fix UAF in direct writes PCI/AER: Block runtime suspend when handling errors PCI/ERR: Clear AER status only when we control AER speakup: Fix 8bit characters from direct synth usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic usb: gadget: tegra-xudc: Use dev_err_probe() phy: tegra: xusb: Add API to retrieve the port number of phy slimbus: core: Remove usage of the deprecated ida_simple_xx() API nvmem: meson-efuse: fix function pointer type mismatch ext4: fix corruption during on-line resize hwmon: (amc6821) add of_match table drm/etnaviv: Restore some id values mmc: core: Fix switch on gp3 partition mm: swap: fix race between free_swap_and_cache() and swapoff() mac802154: fix llsec key resources release in mac802154_llsec_key_del dm-raid: fix lockdep waring in "pers->hot_add_disk" Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI: Work around Intel I210 ROM BAR overlap defect PCI: Cache PCIe Device Capabilities register PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI/PM: Drain runtime-idle callbacks before driver removal PCI: Drop pci_device_remove() test of pci_dev->driver btrfs: fix off-by-one chunk length calculation at contains_pending_extent() serial: Lock console when calling into driver before registration printk/console: Split out code that enables default console usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros fuse: don't unhash root fuse: fix root lookup with nonzero generation mmc: tmio: avoid concurrent runs of mmc_request_done() PM: sleep: wakeirq: fix wake irq warning in system suspend USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: add device ID for VeriFone adapter USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB powerpc/fsl: Fix mfpmr build errors with newer binutils clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays PM: suspend: Set mem_sleep_current during kernel command line setup parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix ip_fast_csum parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros mtd: rawnand: meson: fix scrambling mode value in command macro ubi: correct the calculation of fastmap size ubi: Check for too small LEB size in VTBL code ubifs: Set page uptodate in the correct place fat: fix uninitialized field in nostale filehandles bounds: support non-power-of-two CONFIG_NR_CPUS block: Clear zone limits for a non-zoned stacked queue block: introduce zone_write_granularity limit ext4: correct best extent lstart adjustment logic selftests/mqueue: Set timeout to 180 seconds crypto: qat - resolve race condition during AER recovery crypto: qat - fix double free during reset sparc: vDSO: fix return value of __setup handler sparc64: NMI watchdog: fix return value of __setup handler KVM: Always flush async #PF workqueue when vCPU is being destroyed media: xc4000: Fix atomicity violation in xc4000_get_frequency serial: max310x: fix NULL pointer dereference in I2C instantiation drm/vmwgfx: Fix possible null pointer derefence with invalid contexts drm/vmwgfx: Fix some static checker warnings drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' drm/vmwgfx: switch over to the new pin interface v2 drm/vmwgfx: stop using ttm_bo_create v2 arm: dts: marvell: Fix maxium->maxim typo in brownstone dts smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd media: staging: ipu3-imgu: Set fields before media_entity_pads_init() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach timers: Rename del_timer_sync() to timer_delete_sync() timers: Use del_timer_sync() even on UP timers: Update kernel-doc for various functions x86/bugs: Use sysfs_emit() x86/cpu: Support AMD Automatic IBRS Documentation/hw-vuln: Update spectre doc amdkfd: use calloc instead of kzalloc to avoid integer overflow Change-Id: I7279a2f07527db00e298b47f8f8f44c457fa2ef6 |
||
Jens Reidel
|
3d6f8a6ec1
|
Merge tag 'ASB-2024-07-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-07-01 CVE-2024-26923 * tag 'ASB-2024-07-05_12-5.10' of https://android.googlesource.com/kernel/common: FROMLIST: binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues ANDROID: fix kernelci build breaks due to hid/uhid cyclic dependency UPSTREAM: af_unix: Fix garbage collector racing against connect() ANDROID: uid_sys_stats: Use llist for deferred work ANDROID: uid_sys_stats: Use a single work for deferred updates ANDROID: GKI: Add new ABI symbol list ANDROID: 16K: Only check basename of linker context UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight. ANDROID: cpufreq: brcmstb-avs-cpufreq: fix build error Revert "remoteproc: Add new get_loaded_rsc_table() to rproc_ops" Revert "remoteproc: stm32: Move resource table setup to rproc_ops" Revert "remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef" Revert "remoteproc: stm32: fix phys_addr_t format string" Revert "remoteproc: stm32: use correct format strings on 64-bit" Revert "remoteproc: stm32: Fix incorrect type in assignment for va" Revert "block: add a new set_read_only method" Revert "md: implement ->set_read_only to hook into BLKROSET processing" Revert "md: Don't clear MD_CLOSING when the raid is about to stop" Revert "bpf: Defer the free of inner map when necessary" Revert "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()" Revert "regmap: allow to define reg_update_bits for no bus configuration" Revert "regmap: Add bulk read/write callbacks into regmap_config" Revert "serial: max310x: make accessing revision id interface-agnostic" Revert "serial: max310x: implement I2C support" Revert "serial: max310x: fix IO data corruption in batched operations" Revert "geneve: make sure to pull inner header in geneve_rx()" Revert "mptcp: fix lockless access in subflow ULP diag" Revert "net: dev: Convert sa_data to flexible array in struct sockaddr" Revert "arp: Prevent overflow in arp_req_get()." Revert "usb: roles: fix NULL pointer issue when put module's reference" Revert "usb: roles: don't get/set_role() when usb_role_switch is unregistered" Linux 5.10.214 remoteproc: stm32: fix phys_addr_t format string regmap: Add missing map->bus check spi: spi-mt65xx: Fix NULL pointer access in interrupt handler bpf: report RCU QS in cpumap kthread rcu: add a helper to report consolidated flavor QS netfilter: nf_tables: do not compare internal table flags on updates ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 scsi: fc: Update formal FPIN descriptor definitions netfilter: nft_set_pipapo: release elements in clone only from destroy path octeontx2-af: Use separate handlers for interrupts net/bnx2x: Prevent access to a freed page in page_pool hsr: Handle failures in module init rds: introduce acquire/release ordering in acquire/release_in_xmit() wireguard: receive: annotate data-race around receiving_counter.counter net: dsa: mt7530: prevent possible incorrect XTAL frequency selection packet: annotate data-races around ignore_outgoing hsr: Fix uninit-value access in hsr_get_node() soc: fsl: dpio: fix kcalloc() argument order s390/vtime: fix average steal time calculation octeontx2-af: Use matching wake_up API variant in CGX command interface io_uring: don't save/restore iowait state usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin staging: greybus: fix get_channel_from_mode() failure path serial: 8250_exar: Don't remove GPIO device on suspend rtc: mt6397: select IRQ_DOMAIN instead of depending on it kconfig: fix infinite loop when expanding a macro at the end of file tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT serial: max310x: fix syntax error in IRQ error message tty: vt: fix 20 vs 0x20 typo in EScsiignore remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: use correct format strings on 64-bit remoteproc: stm32: Move resource table setup to rproc_ops remoteproc: Add new get_loaded_rsc_table() to rproc_ops remoteproc: stm32: Constify st_rproc_ops afs: Revert "afs: Hide silly-rename files from userspace" NFS: Fix an off by one in root_nfs_cat() watchdog: stm32_iwdg: initialize default timeout NFSv4.2: fix listxattr maximum XDR buffer size NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn RDMA/device: Fix a race between mad_client and cm_client init scsi: csiostor: Avoid function pointer casts f2fs: compress: fix to check unreleased compressed cluster RDMA/srpt: Do not register event handler until srpt device is fully setup ALSA: usb-audio: Stop parsing channels bits when all channels are found. ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops clk: Fix clk_core_get NULL dereference sparc32: Fix section mismatch in leon_pci_grpci backlight: lp8788: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: lm3630a: Initialize backlight_properties on init leds: sgm3140: Add missing timer cleanup and flash gpio control leds: aw2013: Unlock mutex before destroying it powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. drm/msm/dpu: add division of drm_display_mode's hskew parameter powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip media: mediatek: vcodec: avoid -Wcast-function-type-strict warning media: ttpci: fix two memleaks in budget_av_attach media: go7007: fix a memleak in go7007_load_encoder media: dvb-frontends: avoid stack overflow warnings with clang media: pvrusb2: fix uaf in pvr2_context_set_notify drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() ASoC: meson: axg-tdm-interface: add frame rate constraint ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs mtd: rawnand: lpc32xx_mlc: fix irq handler prototype mtd: maps: physmap-core: fix flash size larger than 32-bit drm/tidss: Fix initial plane zpos values crypto: arm/sha - fix function cast warnings mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref drm/tegra: put drm_gem_object ref on error in tegra_fb_create clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() PCI: Mark 3ware-9650SE Root Port Extended Tags as broken drm/mediatek: dsi: Fix DSI RGB666 formats and definitions clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times media: pvrusb2: fix pvr2_stream_callback casts media: pvrusb2: remove redundant NULL check media: go7007: add check of return value of go7007_read_addr() media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak media: sun8i-di: Fix chroma difference threshold media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix coefficient writes ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: Use dev_err_probe() helper perf stat: Avoid metric-only segv ALSA: seq: fix function cast warnings drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() crypto: xilinx - call finalize with bh disabled PCI: switchtec: Fix an error handling path in switchtec_pci_probe() quota: Fix rcu annotations of inode dquot pointers quota: Fix potential NULL pointer dereference quota: simplify drop_dquot_ref() clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: reset: Commonize the de/assert functions pinctrl: mediatek: Drop bogus slew rate register range for MT8192 media: edia: dvbdev: fix a use-after-free media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: v4l2-tpg: fix some memleaks in tpg_alloc media: em28xx: annotate unchecked call to media_device_register() perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd perf record: Fix possible incorrect free in record__switch_output() PCI/DPC: Print all TLP Prefixes, not just the first media: tc358743: register v4l2 async device only after successful setup dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA drm/lima: fix a memleak in lima_heap_alloc drm/rockchip: lvds: do not print scary message when probing defer drm/rockchip: lvds: do not overwrite error code drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: inno_hdmi: Fix video timing drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Make use of the helper function dev_err_probe() drm/tegra: dsi: Add missing check for of_find_device_by_node dm: call the resume method on internal suspend dm raid: fix false positive for requeue needed during reshape nfp: flower: handle acti_netdevs allocation failure net/x25: fix incorrect parameter validation in the x25_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument net/ipv4/ipv6: Replace one-element arraya with flexible-array members net/ipv4: Revert use of struct_size() helper net/ipv4: Replace one-element array with flexible-array member tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function OPP: debugfs: Fix warning around icc_get_name() net: phy: dp83822: Fix RGMII TX delay configuration net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii net: hns3: fix port duplex configure error in IMP reset net: phy: fix phy_get_internal_delay accessing an empty array net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() ipv6: fib6_rules: flush route cache when rule is changed bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Eliminate rlimit-based memory accounting for devmap maps sr9800: Add check for usbnet_get_endpoints Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: Remove superfluous call to hci_conn_check_pending() igb: Fix missing time sync events igb: move PEROUT and EXTTS isr logic to separate functions iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected PCI: Make pci_dev_is_disconnected() helper public for other drivers wifi: rtw88: 8821c: Fix false alarm count mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function SUNRPC: fix some memleaks in gssx_dec_option_array x86, relocs: Ignore relocations in .notes section ACPI: scan: Fix device check notification handling arm64: dts: marvell: reorder crypto interrupts on Armada SoCs ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move phy reset into switch node ARM: dts: arm: realview: Fix development chip ROM compatible value net: ena: Remove ena_select_queue wifi: brcmsmac: avoid function pointer casts iommu/amd: Mark interrupt as managed bus: tegra-aconnect: Update dependency to ARCH_TEGRA ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wireless: Remove redundant 'flush_workqueue()' calls bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly bpf: Factor out bpf_spin_lock into helpers. arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() net: blackhole_dev: fix build warning for ethh set but not used wifi: iwlwifi: fix EWRD table validity check wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). bpftool: Silence build warning about calloc() inet_diag: annotate data-races around inet_diag_table[] sock_diag: annotate data-races around sock_diag_handlers[family] cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() wifi: wilc1000: fix multi-vif management when deleting a vif wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: fix declarations ordering wifi: b43: Disable QoS for bcm4331 wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() timekeeping: Fix cross-timestamp interpolation for non-x86 timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation on counter wrap aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts md: Don't clear MD_CLOSING when the raid is about to stop md: implement ->set_read_only to hook into BLKROSET processing block: add a new set_read_only method fs/select: rework stack allocation hack for clang nbd: null check for nla_nest_start do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak x86/paravirt: Fix build due to __text_gen_insn() backport ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet firewire: core: use long bus reset on gap count error Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security scsi: mpt3sas: Prevent sending diag_reset when the controller is ready dm-verity, dm-crypt: align "struct bvec_iter" correctly block: sed-opal: handle empty atoms when parsing response parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check net/iucv: fix the allocation size of iucv_path_table array x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h RDMA/mlx5: Relax DEVX access upon modify commands RDMA/mlx5: Fix fortify source warning while accessing Eth segment gen_compile_commands: fix invalid escape sequence warning HID: multitouch: Add required quirk for Synaptics 0xcddc device MIPS: Clear Cause.BD in instruction_pointer_set x86/xen: Add some null pointer checking to smp.c ASoC: rt5645: Make LattePanda board DMI match more precise selftests: tls: use exact comparison in recv_partial bpf: Defer the free of inner map when necessary rcu-tasks: Provide rcu_trace_implies_rcu_gp() io_uring: drop any code related to SCM_RIGHTS io_uring/unix: drop usage of io_uring socket Linux 5.10.213 serial: max310x: fix IO data corruption in batched operations serial: max310x: implement I2C support serial: max310x: make accessing revision id interface-agnostic regmap: Add bulk read/write callbacks into regmap_config regmap: allow to define reg_update_bits for no bus configuration Drivers: hv: vmbus: Drop error message when 'No request id available' serial: max310x: Unprepare and disable clock in error path getrusage: use sig->stats_lock rather than lock_task_sighand() getrusage: use __for_each_thread() getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: add the "signal_struct *sig" local variable mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE mm/hugetlb: change hugetlb_reserve_pages() to type bool hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Make netvsc/VF binding check both MAC and serial number hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove hv_netvsc: Wait for completion on request SWITCH_DATA_PATH hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening ext4: convert to exclusive lock while inserting delalloc extents ext4: refactor ext4_da_map_blocks() ext4: make ext4_es_insert_extent() return void lsm: fix default return value of the socket_getpeersec_*() hooks lsm: make security_socket_getpeersec_stream() sockptr_t safe bpf: net: Change sk_getsockopt() to take the sockptr_t argument net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr serial: max310x: prevent infinite while() loop in port startup serial: max310x: use a separate regmap for each port serial: max310x: use regmap methods for SPI batch operations serial: max310x: Make use of device properties serial: max310x: fail probe if clock crystal is unstable serial: max310x: Try to get crystal clock rate from property serial: max310x: Use devm_clk_get_optional() to get the input clock xhci: handle isoc Babble and Buffer Overrun events properly xhci: process isoc TD properly when there was a transaction error mid TD. xhci: prevent double-fetch of transfer and transfer event TRBs xhci: remove extra loop in interrupt context um: allow not setting extra rpaths in the linux binary selftests: mm: fix map_hugetlb failure on 64K page size systems selftests/mm: switch to bash from sh netrom: Fix data-races around sysctl_net_busy_read netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix a data-race around sysctl_netrom_default_path_quality netfilter: nf_conntrack_h323: Add protection for bmp length out of range netfilter: nft_ct: fix l3num expectations with inet pseudo family net/rds: fix WARNING in rds_conn_connect_if_down cpumap: Zero-initialise xdp_rxq_info struct before running XDP program net/ipv6: avoid possible UAF in ip6_route_mpath_notify() net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() geneve: make sure to pull inner header in geneve_rx() tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string i40e: disable NAPI right after disabling irqs when handling xsk_pool ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able net: lan78xx: fix runtime PM count underflow on link stop lan78xx: Fix race conditions in suspend/resume handling lan78xx: Fix partial packet errors on suspend/resume lan78xx: Add missing return code checks lan78xx: Fix white space and style issues mmc: mmci: stm32: fix DMA API overlapping mappings warning mmc: mmci: stm32: use a buffer for unaligned DMA requests Linux 5.10.212 mptcp: fix double-free on socket dismantle mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG gpio: fix resource unwinding order in error path gpiolib: Fix the error path order in gpiochip_add_data_with_key() gpio: 74x164: Enable output pins after registers are reset fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super cachefiles: fix memory leak in cachefiles_add_cache() ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() mptcp: fix possible deadlock in subflow diag x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation mmc: sdhci-xenon: fix PHY init clock stability mmc: sdhci-xenon: add timeout for PHY init complete mmc: core: Fix eMMC initialization with 1-bit bus connection dmaengine: fsl-qdma: init irq after reg initialization dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read btrfs: dev-replace: properly validate device names wifi: nl80211: reject iftype change with mesh ID change gtp: fix use-after-free and null-ptr-deref in gtp_newlink() tomoyo: fix UAF write bug in tomoyo_write_control() riscv: Sparse-Memory/vmemmap out-of-bounds fix afs: Fix endless loop in directory parsing ALSA: Drop leftover snd-rtctimer stuff from Makefile power: supply: bq27xxx-i2c: Do not free non existing IRQ efi/capsule-loader: fix incorrect allocation size rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Bluetooth: Enforce validation on max value of connection interval Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: Avoid potential use-after-free in hci_error_reset net: usb: dm9601: fix wrong return value in dm9601_mdio_read lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() tun: Fix xdp_rxq_info's queue_index when detaching net: ip_tunnel: prevent perpetual headroom growth netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter mtd: spinand: gigadevice: Fix the get ecc status issue mtd: spinand: gigadevice: Support GD5F1GQ5UExxG crypto: virtio/akcipher - Fix stack overflow on memcpy platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Linux 5.10.211 ext4: regenerate buddy after block freeing failed if under fc replay arp: Prevent overflow in arp_req_get(). fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio block: ataflop: more blk-mq refactoring fixes drm/amd/display: Fix memory leak in dm_sw_fini() drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 netfilter: nf_tables: set dormant flag on hook register failure tls: stop recv() if initial process_rx_list gave us non-DATA tls: rx: drop pointless else after goto tls: rx: jump to a more appropriate label s390: use the correct count for __iowrite64_copy() net: dev: Convert sa_data to flexible array in struct sockaddr packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref afs: Increase buffer size in afs_update_volume_status() ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin bpf, scripts: Correct GPL license name RDMA/srpt: fix function pointer cast warnings arm64: dts: rockchip: set num-cs property for spi on px30 RDMA/qedr: Fix qedr_create_user_qp error flow RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/bnxt_re: Return error for SRQ resize IB/hfi1: Fix a memleak in init_credit_return mptcp: fix lockless access in subflow ULP diag usb: roles: don't get/set_role() when usb_role_switch is unregistered usb: roles: fix NULL pointer issue when put module's reference usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs usb: cdns3: fix memory double free when handle zero packet usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() x86/alternative: Make custom return thunk unconditional Revert "x86/alternative: Make custom return thunk unconditional" x86/returnthunk: Allow different return thunks x86/ftrace: Use alternative RET encoding x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Revert "x86/ftrace: Use alternative RET encoding" ARM: ep93xx: Add terminator to gpiod_lookup_table l2tp: pass correct message length to ip6_append_data PCI/MSI: Prevent MSI hardware interrupt number truncation gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler dm-crypt: don't modify the data when using authenticated encryption s390/cio: fix invalid -EBUSY on ccw_device_start IB/hfi1: Fix sdma.h tx->num_descs off-by-one error erofs: fix lz4 inplace decompression x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint jbd2: recheck chechpointing non-dirty buffer jbd2: remove redundant buffer io error checks iwlwifi: mvm: write queue_sync_state only for sync iwlwifi: mvm: do more useful queue sync accounting platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC lan743x: fix for potential NULL pointer dereference with bare card btrfs: do not pin logs too early during renames btrfs: unify lookup return value when dir entry is missing btrfs: introduce btrfs_lookup_match_dir btrfs: tree-checker: check for overlapping extent items task_stack, x86/cea: Force-inline stack helpers ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use ASoC: Intel: boards: get codec device with ACPI instead of bus search ASoC: Intel: boards: harden codec property handling mtd: spinand: macronix: Add support for MX35LFxGE4AD cifs: add a warning when the in-flight count goes negative powerpc/watchpoints: Annotate atomic context in more places powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions block: ataflop: fix breakage introduced at blk-mq refactoring seccomp: Invalidate seccomp mode to catch death failures x86/uaccess: Implement macros for CMPXCHG on user addresses hsr: Avoid double remove of a node. hvc/xen: prevent concurrent accesses to the shared ring media: av7110: prevent underflow in write_ts_to_decoder() ASoC: fsl_micfil: register platform component before registering cpu dai ARM: dts: imx: Set default tuning step for imx6sx usdhc irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger pmdomain: renesas: r8a77980-sysc: CR7 must be always on virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error scsi: lpfc: Use unsigned type for num_sge hwmon: (coretemp) Enlarge per package core count limit efi: Don't add memblocks for soft-reserved memory efi: runtime: Fix potential overflow of soft-reserved region size Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table ext4: correct the hole length returned by ext4_map_blocks() nvmet-fc: abort command when there is no binding nvmet-fc: release reference on target port nvmet-fcloop: swap the list_add_tail arguments nvme-fc: do not wait in vain when unloading module netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new spi: sh-msiof: avoid integer overflow in constants ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 nvmet-tcp: fix nvme tcp ida memory leak regulator: pwm-regulator: Add validity checks in continuous .get_voltage dmaengine: ti: edma: Add some null pointer checks to the edma_probe ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: asm1166: correct count of reported ports spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected fbdev: sis: Error out if pixclock equals zero fbdev: savage: Error out if pixclock equals zero wifi: mac80211: fix race condition on enabling fast-xmit wifi: cfg80211: fix missing interfaces when dumping dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: shdma: increase size of 'dev_id' scsi: target: core: Add TMF to tmr_list handling sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: Fix sysctl_sched_rr_timeslice intial value zonefs: Improve error handling userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset smb: client: fix parsing of SMB3.1.1 POSIX create context smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix OOB in receive_encrypted_standard() net/sched: Retire dsmark qdisc net/sched: Retire ATM qdisc net/sched: Retire CBQ qdisc Change-Id: I27b365859804c2c84cb821e94fb84a971429c6d0 |
||
Greg Kroah-Hartman
|
c761121f9a |
Merge tag 'android12-5.10.218_r00' into android12-5.10
This merges the 5.10.218 LTS kernel into the android12-5.10 branch. Included in here are the following commits: * |
||
|
Greg Kroah-Hartman
|
2ebd481b31 |
Merge 5.10.221 into android12-5.10-lts
Changes in 5.10.221 tracing/selftests: Fix kprobe event name test for .isra. functions null_blk: Print correct max open zones limit in null_init_zoned_dev() wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: pmsr: use correct nla_get_uX functions wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef wifi: iwlwifi: mvm: check n_ssids before accessing the ssids wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: mac80211: correctly parse Spatial Reuse Parameter Set element net/ncsi: add NCSI Intel OEM command to keep PHY up net/ncsi: Simplify Kconfig/dts control flow net/ncsi: Fix the multi thread manner of NCSI driver ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net: sched: sch_multiq: fix possible OOB write in multiq_tune() vxlan: Fix regression when dropping packets due to invalid src addresses tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ptp: Fix error message on failed pin verification af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: fix possible race in __fib6_drop_pcpu_from() usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete drm/amd/display: Handle Y carry-over in VCP X.Y calculation serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler mmc: davinci: Don't strip remove function when driver is builtin selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: conform test to TAP format output selftests/mm: compaction_test: fix bogus test success on Aarch64 btrfs: fix leak of qgroup extent records after transaction abort nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages mei: me: release irq in mei_me_pci_resume error path jfs: xattr: fix buffer overflow for invalid xattr xhci: Set correct transferred length for cancelled bulk transfers xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory powerpc/uaccess: Fix build errors seen with GCC 13/14 Input: try trimming too long modalias strings SUNRPC: return proper error from gss_wrap_req_priv gpio: tqmx86: fix typo in Kconfig label HID: core: remove unnecessary WARN_ON() in implement() gpio: tqmx86: store IRQ trigger type and unmask status separately iommu/amd: Introduce pci segment structure iommu/amd: Fix sysfs leak in iommu init iommu: Return right value in iommu_sva_bind_device() HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() drm/vmwgfx: 3D disabled should not effect STDU memory limits net: sfp: Always call `sfp_sm_mod_remove()` on remove net: hns3: add cond_resched() to hns3 ring buffer init process liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet drm/komeda: check for error-valued pointer drm/bridge/panel: Fix runtime warning on panel bridge release tcp: fix race in tcp_v6_syn_recv_sock() net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net/ipv6: Fix the RT cache flush via sysctl using a previous delay ionic: fix use after netif_napi_del() iio: adc: ad9467: fix scan type sign iio: dac: ad5592r: fix temperature channel scaling value iio: imu: inv_icm42600: delete unneeded update watermark call drivers: core: synchronize really_probe() and dev_uevent() drm/exynos/vidi: fix memory leak in .get_modes() drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found vmci: prevent speculation leaks by sanitizing event in event_deliver() fs/proc: fix softlockup in __read_vmcore ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id dmaengine: axi-dmac: fix possible race in remove() remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support nilfs2: fix potential kernel bug due to lack of writeback flag waiting tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level hugetlb_encode.h: fix undefined behaviour (34 << 26) mptcp: ensure snd_una is properly initialized on connect mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect remoteproc: k3-r5: Jump to error handling labels in start/stop errors greybus: Fix use-after-free bug in gb_interface_release due to race condition. usb-storage: alauda: Check whether the media is initialized i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING padata: Disable BH when taking works lock on MT path rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment rcutorture: Fix invalid context warning when enable srcu barrier testing block/ioctl: prefer different overflow check selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh selftests/bpf: Fix flaky test btf_map_in_map/lookup_update batman-adv: bypass empty buckets in batadv_purge_orig_ref() wifi: ath9k: work around memset overflow warning af_packet: avoid a false positive warning in packet_setsockopt() drop_monitor: replace spin_lock by raw_spin_lock scsi: qedi: Fix crash while reading debugfs attribute kselftest: arm64: Add a null pointer check netpoll: Fix race condition in netpoll_owner_active HID: Add quirk for Logitech Casa touchpad ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl drm/amd/display: Exit idle optimizations before HDCP execution ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset powerpc/pseries: Enforce hcall result buffer validity and size powerpc/io: Avoid clang null pointer arithmetic warnings power: supply: cros_usbpd: provide ID table for avoiding fallback match iommu/arm-smmu-v3: Free MSIs in case of ENOMEM f2fs: remove clear SB_INLINECRYPT flag in default_options usb: misc: uss720: check for incompatible versions of the Belkin F5U002 udf: udftime: prevent overflow in udf_disk_stamp_to_time() PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports MIPS: Octeon: Add PCIe link status check serial: exar: adding missing CTI and Exar PCI ids MIPS: Routerboard 532: Fix vendor retry check code mips: bmips: BCM6358: make sure CBR is correctly set tracing: Build event generation tests only as modules cipso: fix total option length computation netrom: Fix a memory leak in nr_heartbeat_expiry() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() netns: Make get_net_ns() handle zero refcount net qca_spi: Make interrupt remembering atomic net/sched: act_api: rely on rcu in tcf_idr_check_alloc net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() tipc: force a dst refcount before doing decryption net/sched: act_ct: set 'net' pointer when creating new nf_flow_table sched: act_ct: add netns into the key of tcf_ct_flow_table net: stmmac: No need to calculate speed divider when offload is disabled virtio_net: checksum offloading handling fix netfilter: ipset: Fix suspicious rcu_dereference_protected() net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings regulator: core: Fix modpost error "regulator_get_regmap" undefined dmaengine: ioat: switch from 'pci_' to 'dma_' API dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioat: use PCI core macros for PCIe Capability dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." RDMA/mlx5: Add check for srq max_sge attribute ALSA: hda/realtek: Limit mic boost on N14AP7 drm/radeon: fix UBSAN warning in kv_dpm.c gcov: add support for GCC 14 kcov: don't lose track of remote references during softirqs i2c: ocores: set IACK bit after core is enabled dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema drm/amd/display: revert Exit idle optimizations before HDCP execution ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat rtlwifi: rtl8192de: Style clean-ups wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power pmdomain: ti-sci: Fix duplicate PD referrals knfsd: LOOKUP can return an illegal error value spmi: hisi-spmi-controller: Do not override device identifier bcache: fix variable length array abuse in btree_iter tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL r8169: remove unneeded memory barrier in rtl_tx r8169: improve rtl_tx r8169: improve rtl8169_start_xmit r8169: remove nr_frags argument from rtl_tx_slots_avail r8169: remove not needed check in rtl8169_start_xmit r8169: Fix possible ring buffer corruption on fragmented Tx packets. Revert "kheaders: substituting --sort in archive creation" kheaders: explicitly define file modes for archived headers perf/core: Fix missing wakeup when waiting for context reference PCI: Add PCI_ERROR_RESPONSE and related definitions x86/amd_nb: Check for invalid SMN reads cifs: missed ref-counting smb session in find smb: client: fix deadlock in smb2_find_smb_tcon() ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable ACPI: x86: Add another system to quirk list for forcing StorageD3Enable ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Input: ili210x - fix ili251x_read_touch_data() return value pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl/rockchip: separate struct rockchip_pin_bank to a head file pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set drm/amdgpu: fix UBSAN warning in kv_dpm.c netfilter: nf_tables: validate family when identifying table via handle SUNRPC: Fix null pointer dereference in svc_rqst_free() SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation nfsd: hold a lighter-weight client reference over CB_RECALL_ANY ASoC: fsl-asoc-card: set priv->pdev before using it net: dsa: microchip: fix initial port flush problem net: phy: micrel: add Microchip KSZ 9477 to the device table xdp: Move the rxq_info.mem clearing to unreg_mem_model() xdp: Allow registering memory model without rxq reference xdp: Remove WARN() from __xdp_reg_mem_model() sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep mtd: partitions: redboot: Added conversion of operands to a larger type bpf: Add a check for struct bpf_fib_lookup size net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack ALSA: emux: improve patch ioctl data validation media: dvbdev: Initialize sbuf soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message drm/radeon/radeon_display: Decrease the size of allocated memory nvme: fixup comment for nvme RDMA Provider Type drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA gpio: davinci: Validate the obtained number of IRQs gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) x86: stop playing stack games in profile_pc() ocfs2: fix DIO failure due to insufficient transaction credits mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() counter: ti-eqep: enable clock at probe iio: adc: ad7266: Fix variable checking bug iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation net: usb: ax88179_178a: improve link status logs usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable usb: musb: da8xx: fix a resource leak in probe() usb: atm: cxacru: fix endpoint checking in cxacru_bind() serial: 8250_omap: Implementation of Errata i2310 tty: mcf: MCF54418 has 10 UARTS net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new kbuild: Install dtb files as 0644 in Makefile.dtbinst csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/i915/gt: Fix potential UAF by revoke of fence registers drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes batman-adv: Don't accept TT entries for out-of-spec VIDs ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage mtd: spinand: macronix: Add support for serial NAND flash pwm: stm32: Refuse too small period requests nfs: Leave pages in the pagecache if readpage failed ipv6: annotate some data-races around sk->sk_prot ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. drivers: fix typo in firmware/efi/memmap.c efi: Correct comment on efi_memmap_alloc efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node arm64: dts: rockchip: Add sound-dai-cells for RK3368 xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). serial: 8250_omap: Fix Errata i2310 with RX FIFO level check tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Linux 5.10.221 Change-Id: Icac1c62fcbda5102be7ea031121f28d6fee36875 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
054258ff89 |
ANDROID: ABI fixup for abi break in struct dst_ops
In commit 92f1655aa2b2 ("net: fix __dst_negative_advice() race") the
struct dst_ops callback negative_advice is callback changes function
parameters. But as this pointer is part of a structure that is tracked
in the ABI checker, the tool triggers when this is changed.
However, the callback pointer is internal to the networking stack, so
changing the function type is safe, so needing to preserve this is not
required. To do so, switch the function pointer type back to the old
one so that the checking tools pass, AND then do a hard cast of the
function pointer to the new type when assigning and calling the
function.
Bug: 343727534
Fixes: 92f1655aa2b2 ("net: fix __dst_negative_advice() race")
Change-Id: I48d4ab4bbd29f8edc8fbd7923828b7f78a23e12e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
fedef46c69 |
This is the 5.10.219 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmZuzl4ACgkQONu9yGCS
aT7+ohAAyRkTis6xeME1FWIJthCJl8FzUq9nfN+OccK3TwCbXyZKXlZK8lVz0T5U
DvG1Tg+rR76+hIJghMIy2FEPRBA19WMq9a+Ms2ZyyggPrlgksFivO8N8YgnIxabb
EJPN7pAzO+GA+vd8YeGeK1ldq8QUISlN35s+hkur1jeBctWRcpHeOTjIej/Qytmj
ny1o7hCp179+SPygSEYEYtguACaQflhfBjOgAQ9DwWjP6vO2W9Vb16X4tiT0udHm
ExPjOwxbEMN/7m9gKrnl6WcIROSOy55FnfcYZP+NRY4jBlANUgXF1ca9hAhcIKSv
oOyeRN5S3FZAdxIHG9SFU9b6MPwJSeO5ETQyfiRGNFRkXOa2tKknNSsuACu8kSwx
SKJIpcuW1DkortwsYFbilXdl6TrK6oCcEczV5qtludcRoDznfUGejb5e81v3yYkO
no6ORvBJSBnEObY+gpexvxQp2Ae1+YkSLJaDzYWMC+JHBIgWTz2F2qJJkP6bRAUV
QduFTdTenDnL7zW3DseZGJKotU95cUoKNAwa7wfboZeygHc2+KaUOchKcqI0P9dZ
pS27RzcAJJ2uufujofyxOOhzFKw98WFurfNsMZTDBwHuqReoiRAS7pi0PeTMuqUv
GC8V1eIKgeWdI+pdTZLXylziiM41IylLjU/hxCrsykb+EwFa5NY=
=B1lK
-----END PGP SIGNATURE-----
Merge 5.10.219 into android12-5.10-lts
Changes in 5.10.219
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
speakup: Fix sizeof() vs ARRAY_SIZE() bug
ring-buffer: Fix a race between readers and resize checks
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
ALSA: core: Fix NULL module pointer assignment at card init
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: da7219-aad: fix usage of device_get_named_child_node()
drm/amdkfd: Flush the process wq before creating a kfd_process
nvme: find numa distance only if controller has valid numa id
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
wifi: ath10k: poll service ready message before failing
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
qed: avoid truncating work queue length
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs-qcom: Fix ufs RST_n spec violation
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Fix "ignore unlock failures after withdraw"
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: Reorganize checks in cpufreq_offline()
cpufreq: Split cpufreq_offline()
cpufreq: Rearrange locking in cpufreq_remove_dev()
cpufreq: exit() callback is optional
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
wifi: ath10k: populate board data for WCN3990
tcp: avoid premature drops in tcp_add_backlog()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
wifi: mwl8k: initialize cmd->addr[] properly
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Discard command completions in internal error
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: soc-acpi: add helper to identify parent driver.
ASoC: Intel: Disable route checks for Skylake boards
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
media: ngene: Add dvb_ca_en50221_init return value check
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
RDMA/hns: Refactor the hns_roce_buf allocation flow
RDMA/hns: Create QP with selected QPN for bank load balance
RDMA/hns: Fix incorrect symbol types
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ext4: avoid excessive credit estimate in ext4_tmpfile()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: Make the test output consistent and clear
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: qrtr: fix null-ptr-deref in qrtr_ns_remove
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
greybus: lights: check return of get_channel_from_mode
f2fs: fix to wait on page writeback in __clone_blkaddrs()
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
f2fs: compress: support chksum
f2fs: add compress_mode mount option
f2fs: compress: clean up parameter of __f2fs_cluster_blocks()
f2fs: compress: remove unneeded preallocation
f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: add cp_error check in f2fs_write_compressed_pages
f2fs: fix to force keeping write barrier for strict fsync mode
f2fs: do not allow partial truncation on pinned file
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: pressure: dps310: support negative temperature values
fpga: region: change FPGA indirect article to an
fpga: region: Rename dev to parent for parent device
docs: driver-api: fpga: avoid using UTF-8 chars
fpga: region: Use standard dev_release for class driver
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dpu: Always flush the slave INTF on the CTL
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
media: flexcop-usb: clean up endpoint sanity checks
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: core headers: fix kernel-doc warnings
media: cec: fix a deadlock situation
media: cec: call enable_adap on s_log_addrs
media: cec: abort if the current transmit was canceled
media: cec: correctly pass on reply results
media: cec: use call_op and check for !unregistered
media: cec-adap.c: drop activate_cnt, use state info instead
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
regulator: bd71828: Don't overwrite runtime voltages
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
ipv6: sr: fix memleak in seg6_hmac_init_algo
params: lift param_set_uint_minmax to common code
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
nvmet: fix ns enable/disable possible hang
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
enic: Validate length of nl attributes in enic_set_vf_port
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
netfilter: tproxy: bail out if IP has been disabled on the device
kconfig: fix comparison to constant symbols, 'm', 'n'
spi: stm32: Don't warn about spurious interrupts
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
hwmon: (shtc1) Fix property misspelling
ALSA: timer: Set lower bound of start tick time
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
media: cec: core: add adap_nb_transmit_canceled() callback
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
binder: fix max_thread type inconsistency
mmc: core: Do not force a retune before RPMB switch
io_uring: fail NOP if non-zero op flags is passed in
afs: Don't cross .backup mountpoint from backup volume
nilfs2: fix use-after-free of timer for log writer thread
vxlan: Fix regression when dropping packets due to invalid src addresses
x86/mm: Remove broken vsyscall emulation code from the page fault code
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
media: lgdt3306a: Add a check against null-pointer-def
drm/amdgpu: add error handle to avoid out-of-bounds
ata: pata_legacy: make legacy_exit() work again
ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
arm64: tegra: Correct Tegra132 I2C alias
arm64: dts: qcom: qcs404: fix bluetooth device address
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
arm64: dts: hi3798cv200: fix the size of GICR
media: mc: mark the media devnode as registered from the, start
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
mmc: core: Add mmc_gpiod_set_cd_config() function
mmc: sdhci-acpi: Sort DMI quirks alphabetically
mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
fbdev: savage: Handle err return when savagefb_check_var failed
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
crypto: ecrdsa - Fix module auto-load on add_key
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
net/ipv6: Fix route deleting failure when metric equals 0
net/9p: fix uninit-value in p9_client_rpc()
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
s390/ap: Fix crash in AP internal function modify_bitmap()
nfs: fix undefined behavior in nfs_block_bits()
NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
f2fs: compress: fix compression chksum
RDMA/hns: Use mutex instead of spinlock for ida allocation
RDMA/hns: Fix CQ and QP cache affinity
Linux 5.10.219
Change-Id: I0e21ff44d28df2a2802a9fb35f0959bb5ab528fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Pablo Neira Ayuso
|
5d43d789b5 |
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
[ Upstream commit 7931d32955e09d0a11b1fe0b6aac1bfa061c005c ]
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
Fixes:
|
||
Toke Høiland-Jørgensen
|
5a3035306a |
xdp: Allow registering memory model without rxq reference
[ Upstream commit 4a48ef70b93b8c7ed5190adfca18849e76387b80 ] The functions that register an XDP memory model take a struct xdp_rxq as parameter, but the RXQ is not actually used for anything other than pulling out the struct xdp_mem_info that it embeds. So refactor the register functions and export variants that just take a pointer to the xdp_mem_info. This is in preparation for enabling XDP_REDIRECT in bpf_prog_run(), using a page_pool instance that is not connected to any network device. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20220103150812.87914-2-toke@redhat.com Stable-dep-of: 7e9f79428372 ("xdp: Remove WARN() from __xdp_reg_mem_model()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Luiz Augusto von Dentz
|
ea1a98c9a3 |
Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
[ Upstream commit 806a5198c05987b748b50f3d0c0cfb3d417381a4 ] This removes the bogus check for max > hcon->le_conn_max_interval since the later is just the initial maximum conn interval not the maximum the stack could support which is really 3200=4000ms. In order to pass GAP/CONN/CPUP/BV-05-C one shall probably enter values of the following fields in IXIT that would cause hci_check_conn_params to fail: TSPX_conn_update_int_min TSPX_conn_update_int_max TSPX_conn_update_peripheral_latency TSPX_conn_update_supervision_timeout Link: https://github.com/bluez/bluez/issues/847 Fixes: e4b019515f95 ("Bluetooth: Enforce validation on max value of connection interval") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Kuniyuki Iwashima
|
ba0f0ddc61
|
UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
[ Upstream commit 97af84a6bba2ab2b9c704c08e67de3b5ea551bb2 ] When touching unix_sk(sk)->inflight, we are always under spin_lock(&unix_gc_lock). Let's convert unix_sk(sk)->inflight to the normal unsigned long. Bug: 336226035 Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20240123170856.41348-3-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Stable-dep-of: 47d8ac011fe1 ("af_unix: Fix garbage collector racing against connect()") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 301fdbaa0bba4653570f07789909939f977a7620) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I0d965d5f2a863d798c06de9f21d0467f256b538e |
||
|
Greg Kroah-Hartman
|
b07354bd32 |
Merge tag 'android12-5.10.214_r00' into android12-5.10
This catches the android12-5.10 branch up to the 5.10.214 LTS release. Included in here are the following commits: * |
||
|
Michael Bestas
|
768f49ccbc
|
Merge tag 'ASB-2024-06-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-06-01 CVE-2024-26926 * tag 'ASB-2024-06-05_12-5.10' of https://android.googlesource.com/kernel/common: ANDROID: GKI: Update symbols to symbol list ANDROID: ABI fixup for abi break in struct dst_ops BACKPORT: net: fix __dst_negative_advice() race ANDROID: Add __nocfi return for swsusp_arch_resume BACKPORT: arm64: mm: Make hibernation aware of KFENCE UPSTREAM: selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior ANDROID: kbuild: Search external devicetree path when running clean target ANDROID: kbuild: add support for compiling external device trees ANDROID: usb: gadget: ncm: Introduce vendor opts to deal with ABI breakage UPSTREAM: usb: gadget: ncm: Fix endianness of wMaxSegmentSize variable in ecm_desc UPSTREAM: usb: gadget: ncm: Add support to update wMaxSegmentSize via configfs ANDROID: usb: Optimize the problem of slow transfer rate in USB accessory mode ANDROID: ABI: Update honor symbol list ANDROID: add vendor hook in do_read_fault to tune fault_around_bytes FROMGIT: usb: dwc3: Wait unconditionally after issuing EndXfer command ANDROID: irq: put irq_resolve_mapping under protection of __irq_enter_raw ANDROID: abi_gki_aarch64_qcom: Add clk_restore_context and clk_save_context UPSTREAM: usb: gadget: ncm: Fix handling of zero block length packets UPSTREAM: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Revert "hrtimer: Report offline hrtimer enqueue" Revert "scsi: core: Introduce enum scsi_disposition" Revert "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler" Revert "scsi: core: Move scsi_host_busy() out of host lock if it is for per-command" Revert "bpf: Add map and need_defer parameters to .map_fd_put_ptr()" Revert "drm/mipi-dsi: Fix detach call without attach" Revert "serial: Add rs485_supported to uart_port" Revert "serial: 8250_exar: Fill in rs485_supported" Revert "serial: 8250_exar: Set missing rs485_supported flag" Revert "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()" Linux 5.10.210 PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() net: bcmgenet: Fix EEE implementation netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() drm/msm/dsi: Enable runtime PM PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() PM: runtime: add devm_pm_runtime_enable helper dm: limit the number of targets and parameter size area nilfs2: replace WARN_ONs for invalid DAT metadata block requests nilfs2: fix potential bug in end_buffer_async_write sched/membarrier: reduce the ability to hammer on sys_membarrier net: prevent mss overflow in skb_segment() Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() netfilter: ipset: Missing gc cancellations fixed netfilter: ipset: fix performance regression in swap operation scripts/decode_stacktrace.sh: optionally use LLVM utilities scripts: decode_stacktrace: demangle Rust symbols scripts/decode_stacktrace.sh: support old bash version scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm serial: 8250_exar: Set missing rs485_supported flag serial: 8250_exar: Fill in rs485_supported serial: Add rs485_supported to uart_port crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init mips: Fix max_mapnr being uninitialized on early stages PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support bus: moxtet: Add spi device table Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" tracing: Inform kmemleak of saved_cmdlines allocation pmdomain: core: Move the unused cleanup to a _sync initcall can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) of: property: fix typo in io-channels ceph: prevent use-after-free in encode_cap_msg() s390/qeth: Fix potential loss of L3-IP@ in case of network issues irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update irqchip/irq-brcmstb-l2: Add write memory barrier before exit wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() nfp: flower: prevent re-adding mac index for bonded port nfp: use correct macro for LengthSelect in BAR config crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nilfs2: fix data corruption in dsync block recovery for small block sizes ALSA: hda/conexant: Add quirk for SWS JS201D mmc: slot-gpio: Allow non-sleeping GPIO ro x86/mm/ident_map: Use gbpages only where full GB page should be mapped. x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 serial: max310x: improve crystal stable clock detection serial: max310x: set default value when reading clock ready bit ring-buffer: Clean ring_buffer_poll_wait() error return hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove media: rc: bpf attach/detach requires write permission iio: accel: bma400: Fix a compilation problem iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC staging: iio: ad5933: fix type mismatch regression tracing: Fix wasted memory in saved_cmdlines logic ext4: fix double-free of blocks due to wrong extents moved_len misc: fastrpc: Mark all sessions as invalid in cb_remove binder: signal epoll threads of self-work ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL xen-netback: properly sync TX responses net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() nfc: nci: free rx_data_reassembly skb on NCI device cleanup kbuild: Fix changing ELF file type for output of gen_btf for big endian firewire: core: correct documentation of fw_csr_string() kernel API lsm: fix the logic in security_inode_getsecctx() scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" modpost: trim leading spaces when processing source files list i2c: i801: Fix block process call transactions i2c: i801: Remove i801_set_block_buffer_mode powerpc/kasan: Fix addr error caused by page alignment media: ir_toy: fix a memleak in irtoy_tx usb: f_mass_storage: forbid async queue when shutdown happen USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT usb: ucsi_acpi: Fix command completion handling HID: wacom: Do not register input devices until after hid_hw_start HID: wacom: generic: Avoid reporting a serial of '0' to userspace ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again tracing/trigger: Fix to return error if failed to alloc snapshot i40e: Fix waiting for queues of all VSIs to be disabled MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler net: sysfs: Fix /sys/class/net/<iface> path for statistics ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() spi: ppc4xx: Drop write-only variable net: openvswitch: limit the number of recursions from action sets of: unittest: Fix compile in the non-dynamic case btrfs: send: return EOPNOTSUPP on unknown flags btrfs: forbid deleting live subvol qgroup btrfs: do not ASSERT() if the newly created subvolume already got read btrfs: forbid creating subvol qgroups netfilter: nft_set_rbtree: skip end interval element from gc net: stmmac: xgmac: fix a typo of register name in DPP safety handling net: stmmac: xgmac: use #define for string constants clocksource: Skip watchdog check for large watchdog intervals vhost: use kzalloc() instead of kmalloc() followed by memset() Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU hrtimer: Report offline hrtimer enqueue usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK USB: serial: cp210x: add ID for IMST iM871A-USB USB: serial: option: add Fibocom FM101-GL variant USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e net/af_iucv: clean up a try_then_request_module() blk-iocost: Fix an UBSAN shift-out-of-bounds warning scsi: core: Move scsi_host_busy() out of host lock if it is for per-command netfilter: nft_set_pipapo: remove scratch_aligned pointer netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_ct: reject direction for ct id netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_compat: reject unused compat flag ppp_async: limit MRU to 64K tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() rxrpc: Fix response to PING RESPONSE ACKs to a dead call inet: read sk->sk_family once in inet_recv_error() hwmon: (coretemp) Fix bogus core_id to attr name mapping hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (aspeed-pwm-tacho) mutex for tach reading atm: idt77252: fix a memleak in open_card_ubr0 tunnels: fix out of bounds access when building IPv6 PMTU error selftests: net: avoid just another constant wait net: stmmac: xgmac: fix handling of DPP safety error for DMA channels drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV phy: renesas: rcar-gen3-usb2: Fix returning wrong error code dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: ti: k3-udma: Report short packet errors dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools PM: sleep: Fix error handling in dpm_prepare() uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ bonding: remove print in bond_verify_device_path HID: apple: Add 2021 magic keyboard FN key mapping HID: apple: Add support for the 2021 Magic Keyboard net: sysfs: Fix /sys/class/net/<iface> path af_unix: fix lockdep positive in sk_diag_dump_icons() net: ipv4: fix a memleak in ip_setup_cork netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger llc: call sock_orphan() at release time ipv6: Ensure natural alignment of const ipv6 loopback and router addresses ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ixgbe: Refactor overtemp event handling ixgbe: Refactor returning internal error codes ixgbe: Remove non-inclusive language tcp: add sanity checks to rx zerocopy net-zerocopy: Refactor frag-is-remappable test. ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() ip6_tunnel: use dev_sw_netstats_rx_add() scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler scsi: core: Introduce enum scsi_disposition scsi: isci: Fix an error code problem in isci_io_request_build() drm: using mul_u32_u32() requires linux/math64.h wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update perf: Fix the nr_addr_filters fix drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' ceph: fix deadlock or deadcode of misusing dget() blk-mq: fix IO hang from sbitmap wakeup race virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings libsubcmd: Fix memory leak in uniq() PCI/AER: Decode Requester ID when no error info found fs/kernfs/dir: obey S_ISGID tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE usb: hub: Replace hardcoded quirk value with BIT() macro PCI: switchtec: Fix stdev_release() crash after surprise hot remove PCI: Only override AMD USB controller if required mfd: ti_am335x_tscadc: Fix TI SoC dependencies xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import i3c: master: cdns: Update maximum prescaler value for i2c clock um: net: Fix return type of uml_net_start_xmit() um: Don't use vfprintf() for os_info() um: Fix naming clash between UML and scheduler leds: trigger: panic: Don't register panic notifier if creating the trigger failed drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdgpu: Let KFD sync with VM fences watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() drm/msm/dpu: Ratelimit framedone timeout msgs media: ddbridge: fix an error code problem in ddb_probe IB/ipoib: Fix mcast list locking drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL ALSA: hda: Intel: add HDA_ARL PCI ID support PCI: add INTEL_HDA_ARL to pci_ids.h media: rockchip: rga: fix swizzling for RGB formats media: stk1160: Fixed high volume of stk1160_dbg messages drm/mipi-dsi: Fix detach call without attach drm/framebuffer: Fix use of uninitialized variable drm/drm_file: fix use of uninitialized variable f2fs: fix write pointers on zoned device after roll forward drm/amd/display: Fix tiled display misalignment RDMA/IPoIB: Fix error code return in ipoib_mcast_join fast_dput(): handle underflows gracefully ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument ALSA: hda: Refer to correct stream index at loops f2fs: fix to check return value of f2fs_reserve_new_block() i40e: Fix VF disable behavior to block all traffic Bluetooth: L2CAP: Fix possible multiple reject send Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 wifi: cfg80211: free beacon_ies when overridden from hidden BSS wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property md: Whenassemble the array, consult the superblock of the freshest device block: prevent an integer overflow in bvec_try_merge_hw_page net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path ARM: dts: imx23/28: Fix the DMA controller node name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx25/27: Pass timing0 ARM: dts: imx25: Fix the iim compatible string block/rnbd-srv: Check for unlikely string overflow ionic: pass opcode to devcmd_wait ARM: dts: imx1: Fix sram node ARM: dts: imx27: Fix sram node ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: rockchip: fix rk3036 hdmi ports node bpf: Set uattr->batch.count as zero before batched update or deletion scsi: libfc: Fix up timeout error in fc_fcp_rec_error() scsi: libfc: Don't schedule abort twice bpf: Add map and need_defer parameters to .map_fd_put_ptr() wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() ARM: dts: imx7s: Fix nand-controller #size-cells ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7d: Fix coresight funnel ports scsi: arcmsr: Support new PCI device IDs 1883 and 1886 bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk PCI: Add no PM reset quirk for NVIDIA Spectrum devices scsi: lpfc: Fix possible file string name overflow when updating firmware selftests/bpf: Fix pyperf180 compilation failure with clang18 selftests/bpf: satisfy compiler by having explicit return in btf test wifi: rt2x00: restart beacon queue when hardware reset ext4: avoid online resizing failures due to oversized flex bg ext4: remove unnecessary check from alloc_flex_gd() ext4: unify the type of flexbg_size to unsigned int ext4: fix inconsistent between segment fstrim and full fstrim ecryptfs: Reject casefold directory inodes SUNRPC: Fix a suspicious RCU usage warning KVM: s390: fix setting of fpc register s390/ptrace: handle setting of fpc register correctly jfs: fix array-index-out-of-bounds in diNewExt rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() crypto: stm32/crc32 - fix parsing list of devices pstore/ram: Fix crash when setting number of cpus to an odd number jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix slab-out-of-bounds Read in dtSearch UBSAN: array-index-out-of-bounds in dtSplitRoot FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events PM / devfreq: Synchronize devfreq_monitor_[start/stop] ACPI: extlog: fix NULL pointer dereference check PNP: ACPI: fix fortify warning ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop audit: Send netlink ACK before setting connection in auditd_set regulator: core: Only increment use_count when enable_count changes debugobjects: Stop accessing objects after releasing hash bucket lock perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel powerpc/lib: Validate size for vector operations powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE x86/boot: Ignore NMIs during very early boot powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc: Fix build error due to is_valid_bugaddr() drivers/perf: pmuv3: don't expose SW_INCR event in sysfs powerpc/mm: Fix null-pointer dereference in pgtable_cache_add x86/entry/ia32: Ensure s32 is sign extended to s64 tick/sched: Preserve number of idle sleeps across CPU hotplug events mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan spi: bcm-qspi: fix SFDP BFPT read by usig mspi read gpio: eic-sprd: Clear interrupt after set the interrupt type drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume drm/exynos: fix accidental on-stack copy of exynos_drm_plane drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted btrfs: remove err variable from btrfs_delete_subvolume mm/sparsemem: fix race in accessing memory_section->usage mm: use __pfn_to_section() instead of open coding it media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run arm64: dts: qcom: sc7180: fix USB wakeup interrupt types arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 pipe: wakeup wr_wait after setting max_usage fs/pipe: move check to pipe_has_watch_queue() PM: sleep: Fix possible deadlocks in core system-wide PM code PM: core: Remove unnecessary (void *) conversions PM: sleep: Avoid calling put_device() under dpm_list_mtx PM: sleep: Use dev_printk() when possible drm/bridge: nxp-ptn3460: simplify some error checking drm/tidss: Fix atomic_flush check drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm: Don't unref the same fb many times by mistake due to deadlock handling gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 netfilter: nf_tables: reject QUEUE/DROP verdict parameters netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain wifi: iwlwifi: fix a memory corruption exec: Fix error handling in begin_new_exec() rbd: don't move requests to the running list on errors btrfs: don't abort filesystem when attempting to snapshot deleted subvolume btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't warn if discard range is not aligned to sector btrfs: tree-checker: fix inline ref size in error messages btrfs: ref-verify: free ref cache before clearing mount opt net: fec: fix the unhandled context fault from smmu fjes: fix memleaks in fjes_hw_setup selftests: netdevsim: fix the udp_tunnel_nic test net: mvpp2: clear BM pool before initialization netfilter: nf_tables: validate NFPROTO_* family netfilter: nf_tables: restrict anonymous set and map names to 16 bytes net/mlx5e: fix a double-free in arfs_create_groups net/mlx5: DR, Use the right GVMI number for drop action ipv6: init the accept_queue's spinlocks in inet6_create netlink: fix potential sleeping issue in mqueue_flush_file tcp: Add memory barrier to tcp_push() afs: Hide silly-rename files from userspace tracing: Ensure visibility when inserting an element into tracing_map net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv llc: Drop support for ETH_P_TR_802_2. llc: make llc_ui_sendmsg() more robust against bonding changes vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING bnxt_en: Wait for FLR to complete during probe tcp: make sure init the accept_queue's spinlocks once net/smc: fix illegal rmb_desc access in SMC-D connection dump KVM: use __vcalloc for very large allocations mm: vmalloc: introduce array allocation functions smb3: Replace smb2pdu 1-element arrays with flex-arrays stddef: Introduce DECLARE_FLEX_ARRAY() helper block: Remove special-casing of compound pages rename(): fix the locking of subdirectories ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path nouveau/vmm: don't set addr on the fail path to avoid warning rtc: Adjust failure return code for cmos_set_alarm() mmc: mmc_spi: remove custom DMA mapped buffers mmc: core: Use mrq.sbc in close-ended ffu scripts/get_abi: fix source path leak lsm: new security_file_ioctl_compat() hook arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts arm64: dts: qcom: sdm845: fix USB wakeup interrupt types async: Introduce async_schedule_dev_nocall() async: Split async_schedule_node_domain() parisc/firmware: Fix F-extend for PDC addresses bus: mhi: host: Drop chan lock before queuing buffers rpmsg: virtio: Free driver_override when rpmsg_remove() crypto: s390/aes - Fix buffer overread in CTR mode hwrng: core - Fix page fault dead lock on mmap-ed hwrng PM: hibernate: Enforce ordering during image compression/decompression crypto: api - Disallow identical driver names ext4: allow for the last group to be marked as trimmed iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. dmaengine: fix NULL pointer in channel unregistration function iio: adc: ad7091r: Enable internal vref if external vref is not supplied iio: adc: ad7091r: Allow users to configure device events iio: adc: ad7091r: Set alert bit in config register serial: sc16is7xx: add check for unsupported SPI modes during probe spi: introduce SPI_MODE_X_MASK macro serial: sc16is7xx: set safe default SPI clock frequency units: add the HZ macros units: change from 'L' to 'UL' PCI: mediatek: Clear interrupt status before dispatching handler usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled usb: cdns3: fix iso transfer error when mult is not zero usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config usb: cdns3: fix uvc failure work since sg support enabled usb: cdns3: Fixes for sparse warnings Conflicts: Makefile scripts/Makefile.lib scripts/decode_stacktrace.sh Change-Id: I843d5be296c4237694a7ff1c21600b0ee1d57b5f |
||
Eric Dumazet
|
2295a7ef5c |
net: fix __dst_negative_advice() race
commit 92f1655aa2b2294d0b49925f3b875a634bd3b59e upstream.
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
Fixes:
|
||
|
Pablo Neira Ayuso
|
9c1c2ea099 |
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
commit 776d451648443f9884be4a1b4e38e8faf1c621f9 upstream.
Bail out on using the tunnel dst template from other than netdev family.
Add the infrastructure to check for the family in objects.
Fixes:
|
||
Lorenz Bauer
|
452f8dc251 |
net: remove duplicate reuseport_lookup functions
[ Upstream commit 0f495f7617229772403e683033abc473f0f0553c ] There are currently four copies of reuseport_lookup: one each for (TCP, UDP)x(IPv4, IPv6). This forces us to duplicate all callers of those functions as well. This is already the case for sk_lookup helpers (inet,inet6,udp4,udp6)_lookup_run_bpf. There are two differences between the reuseport_lookup helpers: 1. They call different hash functions depending on protocol 2. UDP reuseport_lookup checks that sk_state != TCP_ESTABLISHED Move the check for sk_state into the caller and use the INDIRECT_CALL infrastructure to cut down the helpers to one per IP version. Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: Lorenz Bauer <lmb@isovalent.com> Link: https://lore.kernel.org/r/20230720-so-reuseport-v6-4-7021b683cdae@isovalent.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Stable-dep-of: 50aee97d1511 ("udp: Avoid call to compute_score on multiple sites") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Lorenz Bauer
|
0ce990e6ef |
net: export inet_lookup_reuseport and inet6_lookup_reuseport
[ Upstream commit ce796e60b3b196b61fcc565df195443cbb846ef0 ] Rename the existing reuseport helpers for IPv4 and IPv6 so that they can be invoked in the follow up commit. Export them so that building DCCP and IPv6 as a module works. No change in functionality. Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: Lorenz Bauer <lmb@isovalent.com> Link: https://lore.kernel.org/r/20230720-so-reuseport-v6-3-7021b683cdae@isovalent.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Stable-dep-of: 50aee97d1511 ("udp: Avoid call to compute_score on multiple sites") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
dde5ece421 |
Merge 5.10.217 into android12-5.10-lts
Changes in 5.10.217
dmaengine: pl330: issue_pending waits until WFP state
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
wifi: nl80211: don't free NULL coalescing rule
eeprom: at24: Use dev_err_probe for nvmem register failure
eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
eeprom: at24: fix memory corruption race condition
pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
pinctrl/meson: fix typo in PDM's pin name
pinctrl: core: delete incorrect free in pinctrl_enable()
pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
sunrpc: add a struct rpc_stats arg to rpc_create_args
nfs: expose /proc/net/sunrpc/nfs in net namespaces
nfs: make the rpc_stat per net namespace
nfs: Handle error of rpc_proc_register() in nfs_net_init().
power: rt9455: hide unused rt9455_boost_voltage_values
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
regulator: mt6360: De-capitalize devicetree regulator subnodes
s390/mm: Fix storage key clearing for guest huge pages
s390/mm: Fix clearing storage keys for huge pages
bna: ensure the copied buf is NUL terminated
octeontx2-af: avoid off-by-one read from userspace
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
net l2tp: drop flow hash on forward
s390/vdso: Add CFI for RA register to asm macro vdso_func
net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
net: qede: use return from qede_parse_flow_attr() for flower
net: qede: use return from qede_parse_flow_attr() for flow_spec
net: qede: use return from qede_parse_actions()
ASoC: Fix 7/8 spaces indentation in Kconfig
ASoC: meson: cards: select SND_DYNAMIC_MINORS
cxgb4: Properly lock TX queue for the selftest.
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
net: bridge: fix multicast-to-unicast with fraglist GSO
net: core: reject skb_copy(_expand) for fraglist GSO skbs
tipc: fix a possible memleak in tipc_buf_append
net: gro: add flush check in udp_gro_receive_segment
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
gfs2: Fix invalid metadata access in punch_hole
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
wifi: cfg80211: fix rdev_dump_mpp() arguments order
net: mark racy access on sk->sk_rcvbuf
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
btrfs: return accurate error code on open failure in open_fs_devices()
ALSA: line6: Zero-initialize message buffers
net: bcmgenet: Reset RBUF on first open
ata: sata_gemini: Check clk_enable() result
firewire: ohci: mask bus reset interrupts between ISR and bottom half
tools/power turbostat: Fix added raw MSR output
tools/power turbostat: Fix Bzy_MHz documentation typo
btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
btrfs: always clear PERTRANS metadata during commit
scsi: target: Fix SELinux error when systemd-modules loads the target module
blk-iocost: avoid out of bounds shift
gpu: host1x: Do not setup DMA for virtual devices
MIPS: scall: Save thread_info.syscall unconditionally on entry
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
fs/9p: only translate RWX permissions for plain 9P2000
fs/9p: translate O_TRUNC into OTRUNC
9p: explicitly deny setlease attempts
gpio: wcove: Use -ENOTSUPP consistently
gpio: crystalcove: Use -ENOTSUPP consistently
clk: Don't hold prepare_lock when calling kref_put()
fs/9p: drop inodes immediately on non-.L too
drm/nouveau/dp: Don't probe eDP ports twice harder
net:usb:qmi_wwan: support Rolling modules
xfrm: Preserve vlan tags for transport mode software GRO
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
hwmon: (corsair-cpro) Use a separate buffer for sending commands
hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event()
hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
phonet: fix rtm_phonet_notify() skb allocation
kcov: Remove kcov include from sched.h and move it to its users.
net: bridge: fix corrupted ethernet header on multicast-to-unicast
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
net: hns3: use appropriate barrier function after setting a bit value
btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
firewire: nosy: ensure user_length is taken into account when fetching packet contents
arm64: dts: qcom: Fix 'interrupt-map' parent address cells
usb: typec: ucsi: Check for notifications after init
usb: typec: ucsi: Fix connector check on init
usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device
usb: ohci: Prevent missed ohci interrupts
usb: gadget: composite: fix OS descriptors w_value logic
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: xhci-plat: Don't include xhci.h
usb: dwc3: core: Prevent phy suspend during init
ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
iio:imu: adis16475: Fix sync mode setting
iio: accel: mxc4005: Interrupt handling fixes
tipc: fix UAF in error path
net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
ASoC: tegra: Fix DSPK 16-bit playback
dyndbg: fix old BUG_ON in >control parser
mei: me: add lunar lake point M DID
drm/vmwgfx: Fix invalid reads in fence signaled events
net: fix out-of-bounds access in ops_init
hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
regulator: core: fix debugfs creation regression
keys: Fix overwrite of key expiration on instantiation
md: fix kmemleak of rdev->serial
Linux 5.10.217
Change-Id: I63eef00187948953d29febc26cc4c2c30166f7aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
c15c1199d6 |
Merge 5.10.216 into android12-5.10-lts
Changes in 5.10.216
batman-adv: Avoid infinite loop trying to resize local TT
Bluetooth: Fix memory leak in hci_req_sync_complete()
media: cec: core: remove length check of Timer Status
nouveau: fix function cast warning
net: openvswitch: fix unwanted error log on timeout policy probing
u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
geneve: fix header validation in geneve[6]_xmit_skb
octeontx2-af: Fix NIX SQ mode and BP config
ipv6: fib: hide unused 'pn' variable
ipv4/route: avoid unused-but-set-variable warning
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
Bluetooth: SCO: Fix not validating setsockopt user input
netfilter: complete validation of user input
net/mlx5: Properly link new fs rules into the tree
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
af_unix: Fix garbage collector racing against connect()
net: ena: Fix potential sign extension issue
net: ena: Wrong missing IO completions check order
net: ena: Fix incorrect descriptor free behavior
iommu/vt-d: Allocate local memory for page request queue
mailbox: imx: fix suspend failue
btrfs: qgroup: correctly model root qgroup rsv in convert
drm/client: Fully protect modes[] with dev->mode_config.mutex
vhost: Add smp_rmb() in vhost_vq_avail_empty()
x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n
selftests: timers: Fix abs() warning in posix_timers test
x86/apic: Force native_apic_mem_read() to use the MOV instruction
irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
btrfs: record delayed inode root in transaction
riscv: Enable per-task stack canaries
riscv: process: Fix kernel gp leakage
selftests/ftrace: Limit length in subsystem-enable tests
kprobes: Fix possible use-after-free issue on kprobe registration
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
netfilter: nft_set_pipapo: do not free live element
tun: limit printing rate when illegal packet received by tun dev
RDMA/rxe: Fix the problem "mutex_destroy missing"
RDMA/cm: Print the old state when cm_destroy_id gets timeout
RDMA/mlx5: Fix port number for counter query in multi-port configuration
drm: nv04: Fix out of bounds access
drm/panel: visionox-rm69299: don't unregister DSI device
clk: Remove prepare_lock hold assertion in __clk_release()
clk: Mark 'all_lists' as const
clk: remove extra empty line
clk: Print an info line before disabling unused clocks
clk: Initialize struct clk_core kref earlier
clk: Get runtime PM before walking tree during disable_unused
x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
binder: check offset alignment in binder_get_object()
thunderbolt: Avoid notify PM core about runtime PM resume
thunderbolt: Fix wake configurations after device unplug
comedi: vmk80xx: fix incomplete endpoint checking
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
USB: serial: option: add Fibocom FM135-GL variants
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: add Telit FN920C04 rmnet compositions
Revert "usb: cdc-wdm: close race between read and workqueue"
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
usb: Disable USB3 LPM at shutdown
mei: me: disable RPL-S on SPS and IGN firmwares
speakup: Avoid crash on very long word
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
init/main.c: Fix potential static_command_line memory overflow
drm/amdgpu: validate the parameters of bo mapping operations more clearly
nouveau: fix instmem race condition around ptr stores
nilfs2: fix OOB in nilfs_set_de_type
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts
arm64: dts: mediatek: mt7622: add support for coherent DMA
arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch
arm64: dts: mediatek: mt7622: fix clock controllers
arm64: dts: mediatek: mt7622: fix IR nodename
arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
arm64: dts: mediatek: mt2712: fix validation errors
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
wifi: iwlwifi: mvm: remove old PASN station when adding a new one
vxlan: drop packets from invalid src-address
mlxsw: core: Unregister EMAD trap using FORWARD action
NFC: trf7970a: disable all regulators on removal
ipv4: check for NULL idev in ip_route_use_hint()
net: usb: ax88179_178a: stop lying about skb->truesize
net: gtp: Fix Use-After-Free in gtp_dellink
ipvs: Fix checksumming on GSO of SCTP packets
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
mlxsw: spectrum_acl_tcam: Rate limit error message
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
mlxsw: spectrum_acl_tcam: Fix warning during rehash
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
netfilter: nf_tables: honor table dormant flag from netdev release event path
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
i40e: Report MFS in decimal base instead of hex
iavf: Fix TC config comparison with existing adapter TC config
net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
serial: core: Provide port lock wrappers
serial: mxs-auart: add spinlock around changing cts state
Revert "crypto: api - Disallow identical driver names"
net/mlx5e: Fix a race in command alloc flow
tracing: Show size of requested perf buffer
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
PM / devfreq: Fix buffer overflow in trans_stat_show
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
cpu: Re-enable CPU mitigations by default for !X86 architectures
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
drm/amdgpu: Fix leak when GPU memory allocation fails
irqchip/gic-v3-its: Prevent double free on error
ethernet: Add helper for assigning packet type when dest address does not match device address
net: b44: set pause params only when interface is up
stackdepot: respect __GFP_NOLOCKDEP allocation flag
mtd: diskonchip: work around ubsan link failure
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
dmaengine: owl: fix register access functions
idma64: Don't try to serve interrupts when device is powered off
dma: xilinx_dpdma: Fix locking
riscv: fix VMALLOC_START definition
riscv: Fix TASK_SIZE on 64-bit NOMMU
i2c: smbus: fix NULL function pointer dereference
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
udp: preserve the connected status if only UDP cmsg
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled
Linux 5.10.216
Change-Id: Ia2bf3ba6ed3f36a56f71543442427eb770a2400b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kuniyuki Iwashima
|
f91f368b2e |
UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
[ Upstream commit 97af84a6bba2ab2b9c704c08e67de3b5ea551bb2 ] When touching unix_sk(sk)->inflight, we are always under spin_lock(&unix_gc_lock). Let's convert unix_sk(sk)->inflight to the normal unsigned long. Bug: 336226035 Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20240123170856.41348-3-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Stable-dep-of: 47d8ac011fe1 ("af_unix: Fix garbage collector racing against connect()") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 301fdbaa0bba4653570f07789909939f977a7620) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I0d965d5f2a863d798c06de9f21d0467f256b538e |
||
|
Greg Kroah-Hartman
|
9d06d47cd2 |
ANDROID: ABI fixup for abi break in struct dst_ops
In commit 92f1655aa2b2 ("net: fix __dst_negative_advice() race") the
struct dst_ops callback negative_advice is callback changes function
parameters. But as this pointer is part of a structure that is tracked
in the ABI checker, the tool triggers when this is changed.
However, the callback pointer is internal to the networking stack, so
changing the function type is safe, so needing to preserve this is not
required. To do so, switch the function pointer type back to the old
one so that the checking tools pass, AND then do a hard cast of the
function pointer to the new type when assigning and calling the
function.
Bug: 343727534
Fixes: 92f1655aa2b2 ("net: fix __dst_negative_advice() race")
Change-Id: I48d4ab4bbd29f8edc8fbd7923828b7f78a23e12e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Dumazet
|
bff4c6bace |
BACKPORT: net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
Bug: 343727534
Fixes:
|
||
|
Greg Kroah-Hartman
|
9100d24dfd |
This is the 5.10.215 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmYaZdgACgkQONu9yGCS
aT4oMxAA0pATFAq8RN5f9CmYlMg5HqHgzZ8lJv8P0/reOINhUa+F5sJb1n+x+Ch4
WQbmiFeZRzfsKZ2qKhIdNR0Lg+9JOr/DtYXdSBZ6InfSWrTAIrQ9fjl5Warkmcgg
O4WbgF5BVgU3vGFATgxLvnUZwhR1D7WK93oMDunzrT7+OqyncU3f1Uj53ZAu9030
z18UNqnTxDLYH/CMGwAeRkaZqBev9gZ1HdgQWA27SVLqWQwZq0al81Cmlo+ECVmk
5dF6V2pid4qfKGJjDDfx1NS0PVnoP68iK4By1SXyoFV9VBiSwp77nUUyDr7YsHsT
u8GpZHr9jZvSO5/xtKv20NPLejTPCRKc06CbkwpikDRtGOocBL8em0GuVqlf8hMs
KwDb6ZEzYhXZGPJHbJM+aRD1tq/KHw9X7TrldOszMQPr6lubBtscPbg1FCg3OlcC
HUrtub0i275x7TH0dJeRTD8TRE9jRmF+tl7KQytEJM3JRrquFjLyhDj+/VJnZkiB
lzj3FRf4zshzgz4+CAeqXO/8Lu8b3fGYmcW1acCmk7emjDcXUKojPj/Aig6T4l7P
oCWDY3+w1E6eiyE8BazxY1KUa/41ld0VJnlW5JWGRaDFTJwrk0h6/rvf9qImSckw
IGx24UezRyp6NS1op3Qm2iwHLr41pFRfKxNm9ppgH9iBPzOhe38=
=pkLL
-----END PGP SIGNATURE-----
Merge 5.10.215 into android12-5.10-lts
Changes in 5.10.215
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
printk/console: Split out code that enables default console
serial: Lock console when calling into driver before registration
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI: Cache PCIe Device Capabilities register
PCI: Work around Intel I210 ROM BAR overlap defect
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Use dev_err_probe()
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/ERR: Clear AER status only when we control AER
PCI/AER: Block runtime suspend when handling errors
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: dwc: endpoint: Fix advertised resizable BAR size
vfio/platform: Disable virqfds on cleanup
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
net: hns3: tracing: fix hclgevf trace event strings
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
vxge: remove unnecessary cast in kfree()
x86/stackprotector/32: Make the canary into a regular percpu variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
scripts: kernel-doc: Fix syntax error due to undeclared args variable
comedi: comedi_test: Prevent timers rescheduling during deletion
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
tee: optee: Fix kernel panic caused by incorrect error handling
xen/events: close evtchn after mapping cleanup
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
net: ll_temac: platform_get_resource replaced by wrong function
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
tcp: properly terminate timers for kernel sockets
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
bpf: Protect against int overflow for stack access size
Octeontx2-af: fix pause frame configuration in GMP mode
dm integrity: fix out-of-range warning
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
x86/cpufeatures: Add new word for scattered features
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
io_uring: ensure '0' is returned on file registration success
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
x86/srso: Add SRSO mitigation for Hygon processors
block: add check that partition length needs to be aligned with block size
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: validate user input for expected length
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
erspan: make sure erspan_base_hdr is present in skb->head
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
octeontx2-pf: check negative error code in otx2_open()
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Revert "usb: phy: generic: Get the vbus supply"
udp: do not accept non-tunnel GSO skbs landing in a tunnel
net: ravb: Always process TX descriptor ring
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
s390/entry: align system call table on 8 bytes
riscv: Fix spurious errors from __get/put_kernel_nofault
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
objtool: Add asm version of STACK_FRAME_NON_STANDARD
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
panic: Flush kernel log buffer at the end
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
ionic: set adminq irq affinity
pstore/zone: Add a null pointer check to the psz_kmsg_read
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
ext4: add a hint for block bitmap corrupt state in mb_groups
ext4: forbid commit inconsistent quota data when errors=remount-ro
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
libperf evlist: Avoid out-of-bounds access
block: prevent division by zero in blk_rq_stat_sum()
RDMA/cm: add timeout to cm_destroy_id wait
Input: allocate keycode for Display refresh rate toggle
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
ktest: force $buildonly = 1 for 'make_warnings_file' test type
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
tools: iio: replace seekdir() in iio_generic_buffer
usb: typec: tcpci: add generic tcpci fallback compatible
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
drivers/nvme: Add quirks for device 126f:2262
fbmon: prevent division by zero in fb_videomode_from_videomode()
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
kbuild: dummy-tools: adjust to stricter stackprotector check
scsi: sd: Fix wrong zone_write_granularity value during revalidate
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
x86/head/64: Re-enable stack protection
Linux 5.10.215
Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Michael Bestas
|
42fc85e576
|
Merge tag 'ASB-2024-04-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-04-01 * tag 'ASB-2024-04-05_12-5.10' of https://android.googlesource.com/kernel/common: (442 commits) FROMLIST: binder: check offset alignment in binder_get_object() ANDROID: enable CONFIG_USB_XHCI_PCI_RENESAS in gki_defconfig UPSTREAM: usb: dwc3: core: set force_gen1 bit in USB31 devices if max speed is SS ANDROID: userfaultfd: abort uffdio ops if mmap_lock is contended ANDROID: userfaultfd: add MMAP_TRYLOCK mode for COPY/ZEROPAGE UPSTREAM: coresight: etm4x: Remove bogous __exit annotation for some functions UPSTREAM: ASoC: hdmi-codec: register hpd callback on component probe UPSTREAM: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() UPSTREAM: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() UPSTREAM: task_work: add kerneldoc annotation for 'data' argument UPSTREAM: x86/purgatory: Remove LTO flags UPSTREAM: tcpm: Avoid soft reset when partner does not support get_status UPSTREAM: block/mq-deadline: use correct way to throttling write requests UPSTREAM: usb: typec: tcpm: Fix response to vsafe0V event UPSTREAM: clk: Fix memory leak in devm_clk_notifier_register() UPSTREAM: selftests: damon: add config file ANDROID: abi_gki_aarch64_qcom: Export trace_android_vh_try_fixup_sea ANDROID: arm64: Call fixup_exception() within do_sea() ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon ANDROID: GKI: db845c: Update symbols list and ABI ... Conflicts: Documentation/devicetree/bindings/nvmem/mxs-ocotp.yaml Documentation/devicetree/bindings~HEAD arch/powerpc/lib/Makefile Change-Id: I6524da89cb855824fa28a95396d3683af4a10046 |
||
Paul Davey
|
a4b7606732 |
xfrm: Preserve vlan tags for transport mode software GRO
[ Upstream commit 58fbfecab965014b6e3cc956a76b4a96265a1add ]
The software GRO path for esp transport mode uses skb_mac_header_rebuild
prior to re-injecting the packet via the xfrm_napi_dev. This only
copies skb->mac_len bytes of header which may not be sufficient if the
packet contains 802.1Q tags or other VLAN tags. Worse copying only the
initial header will leave a packet marked as being VLAN tagged but
without the corresponding tag leading to mangling when it is later
untagged.
The VLAN tags are important when receiving the decrypted esp transport
mode packet after GRO processing to ensure it is received on the correct
interface.
Therefore record the full mac header length in xfrm*_transport_input for
later use in corresponding xfrm*_transport_finish to copy the entire mac
header when rebuilding the mac header for GRO. The skb->data pointer is
left pointing skb->mac_header bytes after the start of the mac header as
is expected by the network stack and network and transport header
offsets reset to this location.
Fixes:
|
||
|
Greg Kroah-Hartman
|
dd27b89022 |
Merge 5.10.214 into android12-5.10-lts
Changes in 5.10.214
io_uring/unix: drop usage of io_uring socket
io_uring: drop any code related to SCM_RIGHTS
rcu-tasks: Provide rcu_trace_implies_rcu_gp()
bpf: Defer the free of inner map when necessary
selftests: tls: use exact comparison in recv_partial
ASoC: rt5645: Make LattePanda board DMI match more precise
x86/xen: Add some null pointer checking to smp.c
MIPS: Clear Cause.BD in instruction_pointer_set
HID: multitouch: Add required quirk for Synaptics 0xcddc device
gen_compile_commands: fix invalid escape sequence warning
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
RDMA/mlx5: Relax DEVX access upon modify commands
x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
net/iucv: fix the allocation size of iucv_path_table array
parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
block: sed-opal: handle empty atoms when parsing response
dm-verity, dm-crypt: align "struct bvec_iter" correctly
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
firewire: core: use long bus reset on gap count error
ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
Input: gpio_keys_polled - suppress deferred probe error for gpio
ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
x86/paravirt: Fix build due to __text_gen_insn() backport
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
nbd: null check for nla_nest_start
fs/select: rework stack allocation hack for clang
block: add a new set_read_only method
md: implement ->set_read_only to hook into BLKROSET processing
md: Don't clear MD_CLOSING when the raid is about to stop
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
timekeeping: Fix cross-timestamp interpolation on counter wrap
timekeeping: Fix cross-timestamp interpolation corner case decision
timekeeping: Fix cross-timestamp interpolation for non-x86
wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
wifi: b43: Stop correct queue in DMA worker when QoS is disabled
wifi: b43: Disable QoS for bcm4331
wifi: wilc1000: fix declarations ordering
wifi: wilc1000: fix RCU usage in connect path
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
wifi: wilc1000: fix multi-vif management when deleting a vif
wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
sock_diag: annotate data-races around sock_diag_handlers[family]
inet_diag: annotate data-races around inet_diag_table[]
bpftool: Silence build warning about calloc()
af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
wifi: iwlwifi: dbg-tlv: ensure NUL termination
wifi: iwlwifi: fix EWRD table validity check
net: blackhole_dev: fix build warning for ethh set but not used
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
bpf: Factor out bpf_spin_lock into helpers.
bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
wireless: Remove redundant 'flush_workqueue()' calls
wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
bus: tegra-aconnect: Update dependency to ARCH_TEGRA
iommu/amd: Mark interrupt as managed
wifi: brcmsmac: avoid function pointer casts
net: ena: Remove ena_select_queue
ARM: dts: arm: realview: Fix development chip ROM compatible value
ARM: dts: imx6dl-yapp4: Move phy reset into switch node
ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
ACPI: scan: Fix device check notification handling
x86, relocs: Ignore relocations in .notes section
SUNRPC: fix some memleaks in gssx_dec_option_array
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
wifi: rtw88: 8821c: Fix false alarm count
PCI: Make pci_dev_is_disconnected() helper public for other drivers
iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
igb: move PEROUT and EXTTS isr logic to separate functions
igb: Fix missing time sync events
Bluetooth: Remove superfluous call to hci_conn_check_pending()
Bluetooth: hci_core: Fix possible buffer overflow
sr9800: Add check for usbnet_get_endpoints
bpf: Eliminate rlimit-based memory accounting for devmap maps
bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
bpf: Fix stackmap overflow check on 32-bit arches
ipv6: fib6_rules: flush route cache when rule is changed
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
net: phy: fix phy_get_internal_delay accessing an empty array
net: hns3: fix port duplex configure error in IMP reset
net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
net: phy: dp83822: Fix RGMII TX delay configuration
OPP: debugfs: Fix warning around icc_get_name()
tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
net/ipv4: Replace one-element array with flexible-array member
net/ipv4: Revert use of struct_size() helper
net/ipv4/ipv6: Replace one-element arraya with flexible-array members
bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
nfp: flower: handle acti_netdevs allocation failure
dm raid: fix false positive for requeue needed during reshape
dm: call the resume method on internal suspend
drm/tegra: dsi: Add missing check for of_find_device_by_node
drm/tegra: dsi: Make use of the helper function dev_err_probe()
drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe()
drm/rockchip: inno_hdmi: Fix video timing
drm: Don't treat 0 as -1 in drm_fixp2int_ceil
drm/rockchip: lvds: do not overwrite error code
drm/rockchip: lvds: do not print scary message when probing defer
drm/lima: fix a memleak in lima_heap_alloc
dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
media: tc358743: register v4l2 async device only after successful setup
PCI/DPC: Print all TLP Prefixes, not just the first
perf record: Fix possible incorrect free in record__switch_output()
HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
media: em28xx: annotate unchecked call to media_device_register()
media: v4l2-tpg: fix some memleaks in tpg_alloc
media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
media: edia: dvbdev: fix a use-after-free
pinctrl: mediatek: Drop bogus slew rate register range for MT8192
clk: qcom: reset: Commonize the de/assert functions
clk: qcom: reset: Ensure write completion on reset de/assertion
quota: simplify drop_dquot_ref()
quota: Fix potential NULL pointer dereference
quota: Fix rcu annotations of inode dquot pointers
PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
crypto: xilinx - call finalize with bh disabled
perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
ALSA: seq: fix function cast warnings
perf stat: Avoid metric-only segv
ASoC: meson: Use dev_err_probe() helper
ASoC: meson: aiu: fix function pointer type mismatch
ASoC: meson: t9015: fix function pointer type mismatch
media: sun8i-di: Fix coefficient writes
media: sun8i-di: Fix power on/off sequences
media: sun8i-di: Fix chroma difference threshold
media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
media: go7007: add check of return value of go7007_read_addr()
media: pvrusb2: remove redundant NULL check
media: pvrusb2: fix pvr2_stream_callback casts
clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
drm/tegra: put drm_gem_object ref on error in tegra_fb_create
mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref
crypto: arm/sha - fix function cast warnings
drm/tidss: Fix initial plane zpos values
mtd: maps: physmap-core: fix flash size larger than 32-bit
mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
ASoC: meson: axg-tdm-interface: add frame rate constraint
drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
media: pvrusb2: fix uaf in pvr2_context_set_notify
media: dvb-frontends: avoid stack overflow warnings with clang
media: go7007: fix a memleak in go7007_load_encoder
media: ttpci: fix two memleaks in budget_av_attach
media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
drm/msm/dpu: add division of drm_display_mode's hskew parameter
powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
leds: aw2013: Unlock mutex before destroying it
leds: sgm3140: Add missing timer cleanup and flash gpio control
backlight: lm3630a: Initialize backlight_properties on init
backlight: lm3630a: Don't set bl->props.brightness in get_brightness
backlight: da9052: Fully initialize backlight_properties during probe
backlight: lm3639: Fully initialize backlight_properties during probe
backlight: lp8788: Fully initialize backlight_properties during probe
sparc32: Fix section mismatch in leon_pci_grpci
clk: Fix clk_core_get NULL dereference
ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
RDMA/srpt: Do not register event handler until srpt device is fully setup
f2fs: compress: fix to check unreleased compressed cluster
scsi: csiostor: Avoid function pointer casts
RDMA/device: Fix a race between mad_client and cm_client init
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
NFSv4.2: fix listxattr maximum XDR buffer size
watchdog: stm32_iwdg: initialize default timeout
NFS: Fix an off by one in root_nfs_cat()
afs: Revert "afs: Hide silly-rename files from userspace"
remoteproc: stm32: Constify st_rproc_ops
remoteproc: Add new get_loaded_rsc_table() to rproc_ops
remoteproc: stm32: Move resource table setup to rproc_ops
remoteproc: stm32: use correct format strings on 64-bit
remoteproc: stm32: Fix incorrect type in assignment for va
remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef
tty: vt: fix 20 vs 0x20 typo in EScsiignore
serial: max310x: fix syntax error in IRQ error message
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
kconfig: fix infinite loop when expanding a macro at the end of file
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
serial: 8250_exar: Don't remove GPIO device on suspend
staging: greybus: fix get_channel_from_mode() failure path
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
io_uring: don't save/restore iowait state
octeontx2-af: Use matching wake_up API variant in CGX command interface
s390/vtime: fix average steal time calculation
soc: fsl: dpio: fix kcalloc() argument order
hsr: Fix uninit-value access in hsr_get_node()
packet: annotate data-races around ignore_outgoing
net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
wireguard: receive: annotate data-race around receiving_counter.counter
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Handle failures in module init
net/bnx2x: Prevent access to a freed page in page_pool
octeontx2-af: Use separate handlers for interrupts
netfilter: nft_set_pipapo: release elements in clone only from destroy path
scsi: fc: Update formal FPIN descriptor definitions
ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2
netfilter: nf_tables: do not compare internal table flags on updates
rcu: add a helper to report consolidated flavor QS
bpf: report RCU QS in cpumap kthread
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
regmap: Add missing map->bus check
remoteproc: stm32: fix phys_addr_t format string
Linux 5.10.214
Change-Id: Iad0cc6acbf53bac96c0409ce61dc6836d83ed7bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kuniyuki Iwashima
|
ae7c8f52aa |
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
[ Upstream commit 1971d13ffa84a551d29a81fdf5b5ec5be166ac83 ] syzbot reported a lockdep splat regarding unix_gc_lock and unix_state_lock(). One is called from recvmsg() for a connected socket, and another is called from GC for TCP_LISTEN socket. So, the splat is false-positive. Let's add a dedicated lock class for the latter to suppress the splat. Note that this change is not necessary for net-next.git as the issue is only applied to the old GC impl. [0]: WARNING: possible circular locking dependency detected 6.9.0-rc5-syzkaller-00007-g4d2008430ce8 #0 Not tainted ----------------------------------------------------- kworker/u8:1/11 is trying to acquire lock: ffff88807cea4e70 (&u->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88807cea4e70 (&u->lock){+.+.}-{2:2}, at: __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 but task is already holding lock: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0x117/0xf70 net/unix/garbage.c:261 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (unix_gc_lock){+.+.}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] unix_notinflight+0x13d/0x390 net/unix/garbage.c:140 unix_detach_fds net/unix/af_unix.c:1819 [inline] unix_destruct_scm+0x221/0x350 net/unix/af_unix.c:1876 skb_release_head_state+0x100/0x250 net/core/skbuff.c:1188 skb_release_all net/core/skbuff.c:1200 [inline] __kfree_skb net/core/skbuff.c:1216 [inline] kfree_skb_reason+0x16d/0x3b0 net/core/skbuff.c:1252 kfree_skb include/linux/skbuff.h:1262 [inline] manage_oob net/unix/af_unix.c:2672 [inline] unix_stream_read_generic+0x1125/0x2700 net/unix/af_unix.c:2749 unix_stream_splice_read+0x239/0x320 net/unix/af_unix.c:2981 do_splice_read fs/splice.c:985 [inline] splice_file_to_pipe+0x299/0x500 fs/splice.c:1295 do_splice+0xf2d/0x1880 fs/splice.c:1379 __do_splice fs/splice.c:1436 [inline] __do_sys_splice fs/splice.c:1652 [inline] __se_sys_splice+0x331/0x4a0 fs/splice.c:1634 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&u->lock){+.+.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(unix_gc_lock); lock(&u->lock); lock(unix_gc_lock); lock(&u->lock); *** DEADLOCK *** 3 locks held by kworker/u8:1/11: #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x17c0 kernel/workqueue.c:3335 #1: ffffc90000107d00 (unix_gc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90000107d00 (unix_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x17c0 kernel/workqueue.c:3335 #2: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #2: ffffffff8f6ab638 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0x117/0xf70 net/unix/garbage.c:261 stack backtrace: CPU: 0 PID: 11 Comm: kworker/u8:1 Not tainted 6.9.0-rc5-syzkaller-00007-g4d2008430ce8 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events_unbound __unix_gc Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __unix_gc+0x40e/0xf70 net/unix/garbage.c:302 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Fixes: 47d8ac011fe1 ("af_unix: Fix garbage collector racing against connect()") Reported-and-tested-by: syzbot+fa379358c28cc87cc307@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fa379358c28cc87cc307 Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://lore.kernel.org/r/20240424170443.9832-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Kuniyuki Iwashima
|
14bea27d1c |
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
[ Upstream commit 97af84a6bba2ab2b9c704c08e67de3b5ea551bb2 ] When touching unix_sk(sk)->inflight, we are always under spin_lock(&unix_gc_lock). Let's convert unix_sk(sk)->inflight to the normal unsigned long. Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20240123170856.41348-3-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Stable-dep-of: 47d8ac011fe1 ("af_unix: Fix garbage collector racing against connect()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Luiz Augusto von Dentz
|
b0e30c3769 |
Bluetooth: SCO: Fix not validating setsockopt user input
[ Upstream commit 51eda36d33e43201e7a4fd35232e069b2c850b01 ] syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578 Fixes: |
||
Jiri Benc
|
3fb02ec57e |
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
[ Upstream commit 7633c4da919ad51164acbf1aa322cc1a3ead6129 ]
Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it
still means hlist_for_each_entry_rcu can return an item that got removed
from the list. The memory itself of such item is not freed thanks to RCU
but nothing guarantees the actual content of the memory is sane.
In particular, the reference count can be zero. This can happen if
ipv6_del_addr is called in parallel. ipv6_del_addr removes the entry
from inet6_addr_lst (hlist_del_init_rcu(&ifp->addr_lst)) and drops all
references (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough
timing, this can happen:
1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.
2. Then, the whole ipv6_del_addr is executed for the given entry. The
reference count drops to zero and kfree_rcu is scheduled.
3. ipv6_get_ifaddr continues and tries to increments the reference count
(in6_ifa_hold).
4. The rcu is unlocked and the entry is freed.
5. The freed entry is returned.
Prevent increasing of the reference count in such case. The name
in6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.
[ 41.506330] refcount_t: addition on 0; use-after-free.
[ 41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130
[ 41.507413] Modules linked in: veth bridge stp llc
[ 41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14
[ 41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
[ 41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130
[ 41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 <0f> 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff
[ 41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282
[ 41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000
[ 41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900
[ 41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff
[ 41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000
[ 41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48
[ 41.514086] FS: 00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000
[ 41.514726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0
[ 41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 41.516799] Call Trace:
[ 41.517037] <TASK>
[ 41.517249] ? __warn+0x7b/0x120
[ 41.517535] ? refcount_warn_saturate+0xa5/0x130
[ 41.517923] ? report_bug+0x164/0x190
[ 41.518240] ? handle_bug+0x3d/0x70
[ 41.518541] ? exc_invalid_op+0x17/0x70
[ 41.520972] ? asm_exc_invalid_op+0x1a/0x20
[ 41.521325] ? refcount_warn_saturate+0xa5/0x130
[ 41.521708] ipv6_get_ifaddr+0xda/0xe0
[ 41.522035] inet6_rtm_getaddr+0x342/0x3f0
[ 41.522376] ? __pfx_inet6_rtm_getaddr+0x10/0x10
[ 41.522758] rtnetlink_rcv_msg+0x334/0x3d0
[ 41.523102] ? netlink_unicast+0x30f/0x390
[ 41.523445] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 41.523832] netlink_rcv_skb+0x53/0x100
[ 41.524157] netlink_unicast+0x23b/0x390
[ 41.524484] netlink_sendmsg+0x1f2/0x440
[ 41.524826] __sys_sendto+0x1d8/0x1f0
[ 41.525145] __x64_sys_sendto+0x1f/0x30
[ 41.525467] do_syscall_64+0xa5/0x1b0
[ 41.525794] entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 41.526213] RIP: 0033:0x7fbc4cfcea9a
[ 41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 41.527942] RSP: 002b:00007ffcf54012a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 41.528593] RAX: ffffffffffffffda RBX: 00007ffcf5401368 RCX: 00007fbc4cfcea9a
[ 41.529173] RDX: 000000000000002c RSI: 00007fbc4b9d9bd0 RDI: 0000000000000005
[ 41.529786] RBP: 00007fbc4bafb040 R08: 00007ffcf54013e0 R09: 000000000000000c
[ 41.530375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 41.530977] R13: ffffffffc4653600 R14: 0000000000000001 R15: 00007fbc4ca85d1b
[ 41.531573] </TASK>
Fixes:
|
||
|
Eric Dumazet
|
10204df9be |
geneve: fix header validation in geneve[6]_xmit_skb
[ Upstream commit d8a6213d70accb403b82924a1c229e733433a5ef ] syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true), pskb_inet_may_pull() is only using skb->protocol. If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol, pskb_inet_may_pull() does nothing at all. If a vlan tag was provided by the caller (af_packet in the syzbot case), the network header might not point to the correct location, and skb linear part could be smaller than expected. Add skb_vlan_inet_prepare() to perform a complete mac validation. Use this in geneve for the moment, I suspect we need to adopt this more broadly. v4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest - Only call __vlan_get_protocol() for vlan types. Link: https://lore.kernel.org/netdev/20240404100035.3270a7d5@kernel.org/ v2,v3 - Addressed Sabrina comments on v1 and v2 Link: https://lore.kernel.org/netdev/Zg1l9L2BNoZWZDZG@hog/ [1] BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline] BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 geneve_xmit_skb drivers/net/geneve.c:910 [inline] geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Fixes: d13f048dd40e ("net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb") Reported-by: syzbot+9ee20ec1de7b3168db09@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/000000000000d19c3a06152f9ee4@google.com/ Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Phillip Potter <phil@philpotter.co.uk> Cc: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Phillip Potter <phil@philpotter.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
67b086c845 |
Revert "mptcp: fix lockless access in subflow ULP diag"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
e92b643b4b |
Merge 5.10.211 into android12-5.10-lts
Changes in 5.10.211
net/sched: Retire CBQ qdisc
net/sched: Retire ATM qdisc
net/sched: Retire dsmark qdisc
smb: client: fix OOB in receive_encrypted_standard()
smb: client: fix potential OOBs in smb2_parse_contexts()
smb: client: fix parsing of SMB3.1.1 POSIX create context
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
zonefs: Improve error handling
sched/rt: Fix sysctl_sched_rr_timeslice intial value
sched/rt: Disallow writing invalid values to sched_rt_period_us
scsi: target: core: Add TMF to tmr_list handling
dmaengine: shdma: increase size of 'dev_id'
dmaengine: fsl-qdma: increase size of 'irq_name'
wifi: cfg80211: fix missing interfaces when dumping
wifi: mac80211: fix race condition on enabling fast-xmit
fbdev: savage: Error out if pixclock equals zero
fbdev: sis: Error out if pixclock equals zero
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
ahci: asm1166: correct count of reported ports
ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
dmaengine: ti: edma: Add some null pointer checks to the edma_probe
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
nvmet-tcp: fix nvme tcp ida memory leak
ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
spi: sh-msiof: avoid integer overflow in constants
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
nvme-fc: do not wait in vain when unloading module
nvmet-fcloop: swap the list_add_tail arguments
nvmet-fc: release reference on target port
nvmet-fc: abort command when there is no binding
ext4: correct the hole length returned by ext4_map_blocks()
Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
efi: runtime: Fix potential overflow of soft-reserved region size
efi: Don't add memblocks for soft-reserved memory
hwmon: (coretemp) Enlarge per package core count limit
scsi: lpfc: Use unsigned type for num_sge
firewire: core: send bus reset promptly on gap count error
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
ARM: dts: imx: Set default tuning step for imx6sx usdhc
ASoC: fsl_micfil: register platform component before registering cpu dai
media: av7110: prevent underflow in write_ts_to_decoder()
hvc/xen: prevent concurrent accesses to the shared ring
hsr: Avoid double remove of a node.
x86/uaccess: Implement macros for CMPXCHG on user addresses
seccomp: Invalidate seccomp mode to catch death failures
block: ataflop: fix breakage introduced at blk-mq refactoring
powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions
powerpc/watchpoints: Annotate atomic context in more places
cifs: add a warning when the in-flight count goes negative
mtd: spinand: macronix: Add support for MX35LFxGE4AD
ASoC: Intel: boards: harden codec property handling
ASoC: Intel: boards: get codec device with ACPI instead of bus search
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
task_stack, x86/cea: Force-inline stack helpers
btrfs: tree-checker: check for overlapping extent items
btrfs: introduce btrfs_lookup_match_dir
btrfs: unify lookup return value when dir entry is missing
btrfs: do not pin logs too early during renames
lan743x: fix for potential NULL pointer dereference with bare card
platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC
iwlwifi: mvm: do more useful queue sync accounting
iwlwifi: mvm: write queue_sync_state only for sync
jbd2: remove redundant buffer io error checks
jbd2: recheck chechpointing non-dirty buffer
jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
erofs: fix lz4 inplace decompression
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
s390/cio: fix invalid -EBUSY on ccw_device_start
dm-crypt: don't modify the data when using authenticated encryption
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
PCI/MSI: Prevent MSI hardware interrupt number truncation
l2tp: pass correct message length to ip6_append_data
ARM: ep93xx: Add terminator to gpiod_lookup_table
Revert "x86/ftrace: Use alternative RET encoding"
x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR
x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch()
x86/ftrace: Use alternative RET encoding
x86/returnthunk: Allow different return thunks
Revert "x86/alternative: Make custom return thunk unconditional"
x86/alternative: Make custom return thunk unconditional
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
usb: cdns3: fix memory double free when handle zero packet
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
usb: roles: fix NULL pointer issue when put module's reference
usb: roles: don't get/set_role() when usb_role_switch is unregistered
mptcp: fix lockless access in subflow ULP diag
IB/hfi1: Fix a memleak in init_credit_return
RDMA/bnxt_re: Return error for SRQ resize
RDMA/srpt: Support specifying the srpt_service_guid parameter
RDMA/qedr: Fix qedr_create_user_qp error flow
arm64: dts: rockchip: set num-cs property for spi on px30
RDMA/srpt: fix function pointer cast warnings
bpf, scripts: Correct GPL license name
scsi: jazz_esp: Only build if SCSI core is builtin
nouveau: fix function cast warnings
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
afs: Increase buffer size in afs_update_volume_status()
ipv6: sr: fix possible use-after-free and null-ptr-deref
packet: move from strlcpy with unused retval to strscpy
net: dev: Convert sa_data to flexible array in struct sockaddr
s390: use the correct count for __iowrite64_copy()
tls: rx: jump to a more appropriate label
tls: rx: drop pointless else after goto
tls: stop recv() if initial process_rx_list gave us non-DATA
netfilter: nf_tables: set dormant flag on hook register failure
drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
drm/amd/display: Fix memory leak in dm_sw_fini()
block: ataflop: more blk-mq refactoring fixes
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
arp: Prevent overflow in arp_req_get().
ext4: regenerate buddy after block freeing failed if under fc replay
Linux 5.10.211
Note, this merges away the following commit:
|
||
|
Eric Dumazet
|
e3e27d2b44 |
tcp: properly terminate timers for kernel sockets
[ Upstream commit 151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada ]
We had various syzbot reports about tcp timers firing after
the corresponding netns has been dismantled.
Fortunately Josef Bacik could trigger the issue more often,
and could test a patch I wrote two years ago.
When TCP sockets are closed, we call inet_csk_clear_xmit_timers()
to 'stop' the timers.
inet_csk_clear_xmit_timers() can be called from any context,
including when socket lock is held.
This is the reason it uses sk_stop_timer(), aka del_timer().
This means that ongoing timers might finish much later.
For user sockets, this is fine because each running timer
holds a reference on the socket, and the user socket holds
a reference on the netns.
For kernel sockets, we risk that the netns is freed before
timer can complete, because kernel sockets do not hold
reference on the netns.
This patch adds inet_csk_clear_xmit_timers_sync() function
that using sk_stop_timer_sync() to make sure all timers
are terminated before the kernel socket is released.
Modules using kernel sockets close them in their netns exit()
handler.
Also add sock_not_owned_by_me() helper to get LOCKDEP
support : inet_csk_clear_xmit_timers_sync() must not be called
while socket lock is held.
It is very possible we can revert in the future commit
3a58f13a881e ("net: rds: acquire refcount on TCP sockets")
which attempted to solve the issue in rds only.
(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)
We probably can remove the check_net() tests from
tcp_out_of_resources() and __tcp_close() in the future.
Reported-by: Josef Bacik <josef@toxicpanda.com>
Closes: https://lore.kernel.org/netdev/20240314210740.GA2823176@perftesting/
Fixes:
|
||
Fedor Pchelkin
|
068ab2759b |
mac802154: fix llsec key resources release in mac802154_llsec_key_del
[ Upstream commit e8a1e58345cf40b7b272e08ac7b32328b2543e40 ]
mac802154_llsec_key_del() can free resources of a key directly without
following the RCU rules for waiting before the end of a grace period. This
may lead to use-after-free in case llsec_lookup_key() is traversing the
list of keys in parallel with a key deletion:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0
Modules linked in:
CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x162/0x2a0
Call Trace:
<TASK>
llsec_lookup_key.isra.0+0x890/0x9e0
mac802154_llsec_encrypt+0x30c/0x9c0
ieee802154_subif_start_xmit+0x24/0x1e0
dev_hard_start_xmit+0x13e/0x690
sch_direct_xmit+0x2ae/0xbc0
__dev_queue_xmit+0x11dd/0x3c20
dgram_sendmsg+0x90b/0xd60
__sys_sendto+0x466/0x4c0
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x45/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Also, ieee802154_llsec_key_entry structures are not freed by
mac802154_llsec_key_del():
unreferenced object 0xffff8880613b6980 (size 64):
comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s)
hex dump (first 32 bytes):
78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......".......
00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................
backtrace:
[<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0
[<ffffffff81c43865>] kmalloc_trace+0x25/0xc0
[<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0
[<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80
[<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0
[<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0
[<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0
[<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440
[<ffffffff86ff1d88>] genl_rcv+0x28/0x40
[<ffffffff86fec15c>] netlink_unicast+0x53c/0x820
[<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60
[<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0
[<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0
[<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0
[<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0
[<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
Handle the proper resource release in the RCU callback function
mac802154_llsec_key_del_rcu().
Note that if llsec_lookup_key() finds a key, it gets a refcount via
llsec_key_get() and locally copies key id from key_entry (which is a
list element). So it's safe to call llsec_key_put() and free the list
entry after the RCU grace period elapses.
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
|
Greg Kroah-Hartman
|
66e91da883 |
This is the 5.10.210 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmXYTLkACgkQONu9yGCS
aT4+fhAAqqR/Cvx53ZKMQ8GZTCudAZnr/Dz6kWYwxhhhIbQjDpCaf9mgsrEDaQS2
ancSZjzYaOUIXq/IsthXxQIUhiZbuM3iuSEi7+odWgSYdkFyzuUt8MWLBGSaB5Er
ojn+APtq7vPXTSnp7uMwqMC3/BHCKkeYIjRVevhhHBKG5d3lzkV1xU8NcvMkLaly
CIRxpWXD3w2b7K0GEbb/zN1GQEHDCQcxjuaJoe/5FKGJkqd3T31eyiJTRumCCMcz
j8vkGkYmcMJpWf04iLgVA1p13I5/HGrXdEBI/GutN8IABIC3Cp42jW8phHYKW5ZM
a4R25LZG5buND1Ubpq+EDrYn3EaPek5XRki0w8ZAXfNa3rYc+N6mQjkzNSOzhJ/5
VNsn3EAE1Dwtar5Z3ASe9ugDbh+0bgx85PbfaADK88V+qWb3DVr1TBWmDNu2vfVP
rv4I0EKu9r3vOE8aNMEBuhAVkIK3mEQUxwab6RKNrMby/5Uwa+ugrrUtQd8V+T1S
j6r6v7u7aZ8mhYO7d6WSvAKL85lCWGbs3WRIKCJZmDRyqWrWW9tVWRN9wrZ2QnRr
iaCQKk8P474P7/j1zwnmih8l4wS1oszveNziWwd0fi1Nn/WQYM+JKYQvpuQijmQ+
J9jLyWo7a59zffIE6mzJdNwFy9hlw9X+VnJmExk/Q88Z7Bt5wPQ=
=laYd
-----END PGP SIGNATURE-----
Merge 5.10.210 into android12-5.10-lts
Changes in 5.10.210
usb: cdns3: Fixes for sparse warnings
usb: cdns3: fix uvc failure work since sg support enabled
usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config
usb: cdns3: fix iso transfer error when mult is not zero
usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled
PCI: mediatek: Clear interrupt status before dispatching handler
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
iio: adc: ad7091r: Set alert bit in config register
iio: adc: ad7091r: Allow users to configure device events
iio: adc: ad7091r: Enable internal vref if external vref is not supplied
dmaengine: fix NULL pointer in channel unregistration function
iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
crypto: s390/aes - Fix buffer overread in CTR mode
rpmsg: virtio: Free driver_override when rpmsg_remove()
bus: mhi: host: Drop chan lock before queuing buffers
parisc/firmware: Fix F-extend for PDC addresses
async: Split async_schedule_node_domain()
async: Introduce async_schedule_dev_nocall()
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
lsm: new security_file_ioctl_compat() hook
scripts/get_abi: fix source path leak
mmc: core: Use mrq.sbc in close-ended ffu
mmc: mmc_spi: remove custom DMA mapped buffers
rtc: Adjust failure return code for cmos_set_alarm()
nouveau/vmm: don't set addr on the fail path to avoid warning
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
rename(): fix the locking of subdirectories
block: Remove special-casing of compound pages
stddef: Introduce DECLARE_FLEX_ARRAY() helper
smb3: Replace smb2pdu 1-element arrays with flex-arrays
mm: vmalloc: introduce array allocation functions
KVM: use __vcalloc for very large allocations
net/smc: fix illegal rmb_desc access in SMC-D connection dump
tcp: make sure init the accept_queue's spinlocks once
bnxt_en: Wait for FLR to complete during probe
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
afs: Hide silly-rename files from userspace
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
ipv6: init the accept_queue's spinlocks in inet6_create
net/mlx5: DR, Use the right GVMI number for drop action
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
netfilter: nf_tables: validate NFPROTO_* family
net: mvpp2: clear BM pool before initialization
selftests: netdevsim: fix the udp_tunnel_nic test
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: ref-verify: free ref cache before clearing mount opt
btrfs: tree-checker: fix inline ref size in error messages
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
rbd: don't move requests to the running list on errors
exec: Fix error handling in begin_new_exec()
wifi: iwlwifi: fix a memory corruption
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/tidss: Fix atomic_flush check
drm/bridge: nxp-ptn3460: simplify some error checking
PM: sleep: Use dev_printk() when possible
PM: sleep: Avoid calling put_device() under dpm_list_mtx
PM: core: Remove unnecessary (void *) conversions
PM: sleep: Fix possible deadlocks in core system-wide PM code
fs/pipe: move check to pipe_has_watch_queue()
pipe: wakeup wr_wait after setting max_usage
ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12
arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts
arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
mm: use __pfn_to_section() instead of open coding it
mm/sparsemem: fix race in accessing memory_section->usage
btrfs: remove err variable from btrfs_delete_subvolume
btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted
drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
drm/exynos: fix accidental on-stack copy of exynos_drm_plane
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ionic: pass opcode to devcmd_wait
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: L2CAP: Fix possible multiple reject send
i40e: Fix VF disable behavior to block all traffic
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
usb: hub: Replace hardcoded quirk value with BIT() macro
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
PCI/AER: Decode Requester ID when no error info found
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
scsi: core: Introduce enum scsi_disposition
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
ip6_tunnel: use dev_sw_netstats_rx_add()
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
net-zerocopy: Refactor frag-is-remappable test.
tcp: add sanity checks to rx zerocopy
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
PM: sleep: Fix error handling in dpm_prepare()
dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
dmaengine: ti: k3-udma: Report short packet errors
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
selftests: net: avoid just another constant wait
tunnels: fix out of bounds access when building IPv6 PMTU error
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_ct: reject direction for ct id
netfilter: nft_set_pipapo: store index in scratch maps
netfilter: nft_set_pipapo: add helper to release pcpu scratch area
netfilter: nft_set_pipapo: remove scratch_aligned pointer
scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
blk-iocost: Fix an UBSAN shift-out-of-bounds warning
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
hrtimer: Report offline hrtimer enqueue
Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
clocksource: Skip watchdog check for large watchdog intervals
net: stmmac: xgmac: use #define for string constants
net: stmmac: xgmac: fix a typo of register name in DPP safety handling
netfilter: nft_set_rbtree: skip end interval element from gc
btrfs: forbid creating subvol qgroups
btrfs: do not ASSERT() if the newly created subvolume already got read
btrfs: forbid deleting live subvol qgroup
btrfs: send: return EOPNOTSUPP on unknown flags
of: unittest: Fix compile in the non-dynamic case
net: openvswitch: limit the number of recursions from action sets
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
usb: ucsi_acpi: Fix command completion handling
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
media: ir_toy: fix a memleak in irtoy_tx
powerpc/kasan: Fix addr error caused by page alignment
i2c: i801: Remove i801_set_block_buffer_mode
i2c: i801: Fix block process call transactions
modpost: trim leading spaces when processing source files list
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
lsm: fix the logic in security_inode_getsecctx()
firewire: core: correct documentation of fw_csr_string() kernel API
kbuild: Fix changing ELF file type for output of gen_btf for big endian
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
xen-netback: properly sync TX responses
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
binder: signal epoll threads of self-work
misc: fastrpc: Mark all sessions as invalid in cb_remove
ext4: fix double-free of blocks due to wrong extents moved_len
tracing: Fix wasted memory in saved_cmdlines logic
staging: iio: ad5933: fix type mismatch regression
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
iio: accel: bma400: Fix a compilation problem
media: rc: bpf attach/detach requires write permission
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
mmc: slot-gpio: Allow non-sleeping GPIO ro
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
nfp: use correct macro for LengthSelect in BAR config
nfp: flower: prevent re-adding mac index for bonded port
wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
ceph: prevent use-after-free in encode_cap_msg()
of: property: fix typo in io-channels
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
pmdomain: core: Move the unused cleanup to a _sync initcall
tracing: Inform kmemleak of saved_cmdlines allocation
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
bus: moxtet: Add spi device table
PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support
mips: Fix max_mapnr being uninitialized on early stages
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
serial: Add rs485_supported to uart_port
serial: 8250_exar: Fill in rs485_supported
serial: 8250_exar: Set missing rs485_supported flag
scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm
scripts/decode_stacktrace.sh: support old bash version
scripts: decode_stacktrace: demangle Rust symbols
scripts/decode_stacktrace.sh: optionally use LLVM utilities
netfilter: ipset: fix performance regression in swap operation
netfilter: ipset: Missing gc cancellations fixed
hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"
net: prevent mss overflow in skb_segment()
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
dm: limit the number of targets and parameter size area
PM: runtime: add devm_pm_runtime_enable helper
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend()
drm/msm/dsi: Enable runtime PM
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
net: bcmgenet: Fix EEE implementation
PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
Linux 5.10.210
Change-Id: I5e7327f58dd6abd26ac2b1e328a81c1010d1147c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
aseshu
|
136573f110 |
Merge keystone/android12-5.10-keystone-qcom-release.205+ (a31d98f) into msm-5.10
* refs/heads/tmp-a31d98f:
ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon
ANDROID: GKI: Update symbols to symbol list
ANDROID: add hooks into blk-mq-sched.c for customized I/O scheduler
ANDROID: add hooks into blk-ma-tag.c for customized I/O scheduler
ANDROID: add hooks into blk-flush.c for customized I/O scheduler
ANDROID: add hooks into blk-core.c for customized I/O scheduler
ANDROID: add hooks into blk-mq.c for customized I/O scheduler.
ANDROID: add hooks into bio.c for customized I/O scheduler
UPSTREAM: usb: dwc3: gadget: Handle EP0 request dequeuing properly
UPSTREAM: usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API
ANDROID: GKI: Update symbols to symbol list
ANDROID: add hooks into blk-mq-sched.c for customized I/O scheduler
ANDROID: add hooks into blk-ma-tag.c for customized I/O scheduler
ANDROID: add hooks into blk-flush.c for customized I/O scheduler
ANDROID: add hooks into blk-core.c for customized I/O scheduler
ANDROID: add hooks into blk-mq.c for customized I/O scheduler.
ANDROID: add hooks into bio.c for customized I/O scheduler
ANDROID: ABI: Update oplus symbol list
ANDROID: binder: Add vendor hook to fix priority restore
ANDROID: GKI: Update symbol list
ANDROID: Add vendor hook for task exiting routine
UPSTREAM: netfilter: nft_set_rbtree: skip end interval element from gc
ANDROID: GKI: Update oplus symbol list
UPSTREAM: usb: gadget: uvc: set v4l2_dev->dev in f_uvc
ANDROID: mm: Fix VMA ref count after fast-mremap
ANDROID: mm: Fix VMA ref count after fast-mremap
ANDROID: GKI: fix ABI breakage in struct ipv6_devconf
Reapply "net: release reference to inet6_dev pointer"
Reapply "net: change accept_ra_min_rtr_lft to affect all RA lifetimes"
Reapply "net: add sysctl accept_ra_min_rtr_lft"
ANDROID: GKI: explicit include of stringify.h
ANDROID: introduce a vendor hook to allow speculative swap pagefaults
ANDROID: mm: allow limited speculative page faulting in do_swap_page()
UPSTREAM: net: tls, update curr on splice as well
ANDROID: GKI: Update oplus symbol list
ANDROID: mm: Add vendor hooks for recording when kswapd finishing the reclaim job
ANDROID: GKI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks for adjusting alloc_flags
Reapply "perf: Fix perf_event_validate_size()"
UPSTREAM: ida: Fix crash in ida_free when the bitmap is empty
UPSTREAM: netfilter: nf_tables: Reject tables of unsupported family
UPSTREAM: net/rose: Fix Use-After-Free in rose_ioctl
ANDROID: GKI: Update symbol list for mtk
Reapply "perf: Disallow mis-matched inherited group reads"
ANDROID: scsi: ufs: UFS HPB feature not working
ANDROID: GKI: Update symbol list for mtk
FROMGIT: usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
FROMGIT: BACKPORT: mm: update mark_victim tracepoints fields
ANDROID: ABI: update allowed list for galaxy
ANDROID: ABI: update allowed list for galaxy
BACKPORT: exfat: reduce block requests when zeroing a cluster
UPSTREAM: netfilter: nf_tables: skip set commit for deleted/destroyed sets
ANDROID: GKI: fix crc issue in include/net/addrconf.h
Revert "cred: switch to using atomic_long_t"
Linux 5.10.205
powerpc/ftrace: Fix stack teardown in ftrace_no_trace
powerpc/ftrace: Create a dummy stackframe to fix stack unwind
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
tty: n_gsm, remove duplicates of parameters
tty: n_gsm: fix tty registration before control channel open
USB: gadget: core: adjust uevent timing on gadget unbind
ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
ring-buffer: Fix writing to the buffer with max_data_size
ring-buffer: Have saved event hold the entire event
tracing: Update snapshot buffer on resize if it is allocated
ring-buffer: Fix memory leak of free page
team: Fix use-after-free when an option instance allocation fails
arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
soundwire: stream: fix NULL pointer dereference for multi_link
perf: Fix perf_event_validate_size() lockdep splat
HID: hid-asus: add const to read-only outgoing usb buffer
net: usb: qmi_wwan: claim interface 4 for ZTE MF290
asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
HID: hid-asus: reset the backlight brightness level on resume
HID: add ALWAYS_POLL quirk for Apple kb
HID: glorious: fix Glorious Model I HID report
platform/x86: intel_telemetry: Fix kernel doc descriptions
bcache: avoid NULL checking to c->root in run_cache_set()
bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc()
bcache: remove redundant assignment to variable cur_idx
bcache: avoid oversize memory allocation by small stripe_size
blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!"
usb: aqc111: check packet for fixup for true limit
drm/mediatek: Add spinlock for setting vblank event in atomic_begin
PCI: loongson: Limit MRRS to 256
Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
ALSA: hda/realtek: Apply mute LED quirk for HP15-db
ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
cred: switch to using atomic_long_t
net: atlantic: fix double free in ring reinit logic
appletalk: Fix Use-After-Free in atalk_ioctl
net: stmmac: Handle disabled MDIO busses from devicetree
net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space()
sign-file: Fix incorrect return values check
net: ena: Fix XDP redirection error
net: ena: Destroy correct number of xdp queues upon failure
net: Remove acked SYN flag from packet in the transmit queue correctly
qed: Fix a potential use-after-free in qed_cxt_tables_alloc
net/rose: Fix Use-After-Free in rose_ioctl
atm: Fix Use-After-Free in do_vcc_ioctl
net: fec: correct queue selection
net: vlan: introduce skb_vlan_eth_hdr()
atm: solos-pci: Fix potential deadlock on &tx_queue_lock
atm: solos-pci: Fix potential deadlock on &cli_queue_lock
qca_spi: Fix reset behavior
qca_debug: Fix ethtool -G iface tx behavior
qca_debug: Prevent crash on TX ring changes
net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
HID: lenovo: Restrict detection of patched firmware only to USB cptkbd
afs: Fix refcount underflow from error handling race
netfilter: nf_tables: fix 'exist' matching on bigendian arches
Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group"
Revert "genetlink: add CAP_NET_ADMIN test for multicast bind"
Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group"
Revert "perf/core: Add a new read format to get a number of lost samples"
Revert "perf: Fix perf_event_validate_size()"
Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier"
Linux 5.10.204
r8169: fix rtl8125b PAUSE frames blasting when suspended
devcoredump: Send uevent once devcd is ready
devcoredump : Serialize devcd_del work
smb: client: fix potential NULL deref in parse_dfs_referrals()
cifs: Fix non-availability of dedup breaking generic/304
Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem"
mmc: block: Be sure to wait while busy in CQE error recovery
platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute
tools headers UAPI: Sync linux/perf_event.h with the kernel sources
platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting
netfilter: nft_set_pipapo: skip inactive elements during set walk
drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
psample: Require 'CAP_NET_ADMIN' when joining "packets" group
genetlink: add CAP_NET_ADMIN test for multicast bind
netlink: don't call ->netlink_bind with table lock held
io_uring/af_unix: disable sending io_uring over sockets
MIPS: Loongson64: Enable DMA noncoherent support
MIPS: Loongson64: Reserve vgabios memory on boot
KVM: s390/mm: Properly reset no-dat
x86/CPU/AMD: Check vendor in the AMD microcode callback
serial: 8250_omap: Add earlycon support for the AM654 UART controller
serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
serial: sc16is7xx: address RX timeout interrupt errata
ARM: PL011: Fix DMA support
usb: typec: class: fix typec_altmode_put_partner to put plugs
Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1"
parport: Add support for Brainboxes IX/UC/PX parallel cards
usb: gadget: f_hid: fix report descriptor allocation
drm/amdgpu: correct the amdgpu runtime dereference usage count
gpiolib: sysfs: Fix error handling on failed export
perf: Fix perf_event_validate_size()
perf/core: Add a new read format to get a number of lost samples
tracing: Stop current tracer when resizing buffer
tracing: Set actual size after ring buffer resize
ring-buffer: Force absolute timestamp on discard of event
misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write
misc: mei: client.c: return negative error code in mei_cl_write
arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory
arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
arm64: dts: mediatek: mt7622: fix memory node warning check
packet: Move reference count in packet_sock to atomic_long_t
tracing: Fix a possible race when disabling buffered events
tracing: Fix incomplete locking when disabling buffered events
tracing: Disable snapshot buffer when stopping instance tracers
tracing: Always update snapshot buffer size
checkstack: fix printed address
nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
nilfs2: fix missing error check for sb_set_blocksize call
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
riscv: fix misaligned access handling of C.SWSP and C.SDSP
ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
tracing: Fix a warning when allocating buffered events fails
ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
hwmon: (acpi_power_meter) Fix 4.29 MW bug
RDMA/bnxt_re: Correct module description string
RDMA/rtrs-clt: Remove the warnings for req in_use check
arm64: dts: rockchip: Expand reg size of vdec node for RK3399
tee: optee: Fix supplicant based device enumeration
bpf: sockmap, updating the sg structure should also update curr
tcp: do not accept ACK of bytes we never sent
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
net: hns: fix fake link up on xge port
ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
ionic: Fix dim work handling in split interrupt mode
ionic: fix snprintf format length warning
net: bnxt: fix a potential use-after-free in bnxt_init_tc
i40e: Fix unexpected MFS warning message
arcnet: restoring support for multiple Sohard Arcnet cards
net: arcnet: com20020 fix error handling
mlxbf-bootctl: correctly identify secure boot with development keys
hv_netvsc: rndis_filter needs to select NLS
octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
ipv6: fix potential NULL deref in fib6_add()
of: dynamic: Fix of_reconfig_get_state_change() return value documentation
of: Add missing 'Return' section in kerneldoc comments
of: Fix kerneldoc output formatting
of: base: Fix some formatting issues and provide missing descriptions
platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
platform/x86: asus-wmi: Simplify tablet-mode-switch handling
platform/x86: asus-wmi: Simplify tablet-mode-switch probing
platform/x86: asus-wmi: Add support for ROG X13 tablet mode
platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum
asus-wmi: Add dgpu disable method
platform/x86: asus-nb-wmi: Add tablet_mode_sw=lid-flip quirk for the TP200s
platform/x86: asus-nb-wmi: Allow configuring SW_TABLET_MODE method with a module option
platform/x86: asus-wmi: Add support for SW_TABLET_MODE on UX360
drm/amdgpu: correct chunk_ptr to a pointer to chunk.
kconfig: fix memory leak from range properties
tg3: Increment tx_dropped in tg3_tso_bug()
tg3: Move the [rt]x_dropped counters to tg3_napi
netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
i2c: designware: Fix corrupted memory seen in the ISR
hrtimers: Push pending hrtimers away from outgoing CPU earlier
Revert "mmc: core: add helpers mmc_regulator_enable/disable_vqmmc"
Revert "mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled"
Revert "driver core: Move the "removable" attribute from USB to core"
Revert "drm/amdgpu: don't use ATRM for external devices"
Revert "HID: core: store the unique system identifier in hid_device"
Revert "HID: fix HID device resource race between HID core and debugging support"
Revert "wireguard: use DEV_STATS_INC()"
ANDROID: Fix up ipvlan merge in 5.10.202
Revert "ASoC: soc-card: Add storage for PCI SSID"
Revert "tracing: Have trace_event_file have ref counters"
UPSTREAM: interconnect: qcom: Add support for mask-based BCMs
Revert "ipvlan: properly track tx_errors"
Revert "inet: shrink struct flowi_common"
Revert "arm64/arm: xen: enlighten: Fix KPTI checks"
Revert "mfd: core: Un-constify mfd_cell.of_reg"
Linux 5.10.203
driver core: Release all resources during unbind before updating device links
r8169: fix deadlock on RTL8125 in jumbo mtu mode
r8169: disable ASPM in case of tx timeout
mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
mmc: block: Retry commands in CQE error recovery
mmc: core: convert comma to semicolon
mmc: cqhci: Fix task clearing in CQE error recovery
mmc: cqhci: Warn of halt or task clear failure
mmc: cqhci: Increase recovery halt timeout
cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
cpufreq: imx6q: don't warn for disabling a non-existing frequency
scsi: qla2xxx: Fix system crash due to bad pointer access
scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
scsi: core: Introduce the scsi_cmd_to_rq() function
smb3: fix caching of ctime on setxattr
fs: add ctime accessors infrastructure
drm/amdgpu: don't use ATRM for external devices
driver core: Move the "removable" attribute from USB to core
ima: annotate iint mutex to avoid lockdep false positive warnings
fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
misc: pci_endpoint_test: Add deviceID for AM64 and J7200
s390/cmma: fix detection of DAT pages
s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
ASoC: SOF: sof-pci-dev: Fix community key quirk detection
ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks
ASoC: SOF: sof-pci-dev: add parameter to override topology filename
ASoC: SOF: sof-pci-dev: use community key on all Up boards
ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
smb3: fix touch -h of symlink
net: ravb: Start TX queues after HW initialization succeeded
net: ravb: Use pm_runtime_resume_and_get()
ravb: Fix races between ravb_tx_timeout_work() and net related ops
r8169: prevent potential deadlock in rtl8169_close
Revert "workqueue: remove unused cancel_work()"
octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
net: stmmac: xgmac: Disable FPE MMC interrupts
selftests/net: mptcp: fix uninitialized variable warnings
selftests/net: ipsec: fix constant out of range
dpaa2-eth: increase the needed headroom to account for alignment
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
USB: core: Change configuration warnings to notices
hv_netvsc: fix race of netvsc and VF register_netdevice
Input: xpad - add HyperX Clutch Gladiate Support
btrfs: make error messages more clear when getting a chunk map
btrfs: send: ensure send_fd is writable
btrfs: fix off-by-one when checking chunk map includes logical address
btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
btrfs: add dmesg output for first mount and last unmount of a filesystem
parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
powerpc: Don't clobber f0/vs0 during fp|altivec register save
iommu/vt-d: Add MTL to quirk list to skip TE disabling
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
dm verity: don't perform FEC for failed readahead IO
dm-verity: align struct dm_verity_fec_io properly
ALSA: hda/realtek: Add supported ALC257 for ChromeOS
ALSA: hda/realtek: Headset Mic VREF to 100%
ALSA: hda: Disable power-save on KONTRON SinglePC
mmc: block: Do not lose cache flush during CQE error recovery
firewire: core: fix possible memory leak in create_units()
pinctrl: avoid reload of p state in list iteration
io_uring: fix off-by one bvec index
USB: dwc3: qcom: fix wakeup after probe deferral
usb: dwc3: set the dma max_seg_size
usb: dwc3: Fix default mode initialization
USB: dwc2: write HCINT with INTMASK applied
USB: serial: option: don't claim interface 4 for ZTE MF290
USB: serial: option: fix FM101R-GL defines
USB: serial: option: add Fibocom L7xx modules
bcache: fixup lock c->root error
bcache: fixup init dirty data errors
bcache: prevent potential division by zero error
bcache: check return value from btree_node_alloc_replacement()
dm-delay: fix a race between delay_presuspend and delay_bio
hv_netvsc: Mark VF as slave before exposing it to user-mode
hv_netvsc: Fix race of register_netdevice_notifier and VF register
USB: serial: option: add Luat Air72*U series products
s390/dasd: protect device queue against concurrent access
bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce()
swiotlb-xen: provide the "max_mapping_size" method
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
ASoC: simple-card: fixup asoc_simple_probe() error handling
nfsd: lock_rename() needs both directories to live on the same fs
ext4: make sure allocate pending entry not fail
ext4: fix slab-use-after-free in ext4_es_insert_extent()
ext4: using nofail preallocation in ext4_es_insert_extent()
ext4: using nofail preallocation in ext4_es_insert_delayed_block()
ext4: using nofail preallocation in ext4_es_remove_extent()
ext4: use pre-allocated es in __es_remove_extent()
ext4: use pre-allocated es in __es_insert_extent()
ext4: factor out __es_alloc_extent() and __es_free_extent()
ext4: add a new helper to check if es must be kept
MIPS: KVM: Fix a build warning about variable set but not used
media: ccs: Correctly initialise try compose rectangle
lockdep: Fix block chain corruption
USB: dwc3: qcom: fix ACPI platform device leak
USB: dwc3: qcom: fix resource leaks on probe deferral
nvmet: nul-terminate the NQNs passed in the connect command
nvmet: remove unnecessary ctrl parameter
afs: Fix file locking on R/O volumes to operate in local mode
afs: Return ENOENT if no cell DNS record can be found
net: axienet: Fix check for partial TX checksum
amd-xgbe: propagate the correct speed and duplex status
amd-xgbe: handle the corner-case during tx completion
amd-xgbe: handle corner-case during sfp hotplug
arm/xen: fix xen_vcpu_info allocation alignment
net/smc: avoid data corruption caused by decline
net: usb: ax88179_178a: fix failed operations during ax88179_reset
ipv4: Correct/silence an endian warning in __ip_do_redirect
HID: fix HID device resource race between HID core and debugging support
HID: core: store the unique system identifier in hid_device
drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
ata: pata_isapnp: Add missing error check for devm_ioport_map()
wireguard: use DEV_STATS_INC()
drm/panel: simple: Fix Innolux G101ICE-L01 timings
drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
afs: Make error on cell lookup failure consistent with OpenAFS
afs: Fix afs_server_list to be cleaned up with RCU
PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
RDMA/irdma: Prevent zero-length STAG registration
ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override
Linux 5.10.202
interconnect: qcom: Add support for mask-based BCMs
netfilter: nf_tables: disable toggling dormant table state more than once
netfilter: nf_tables: fix table flag updates
netfilter: nftables: update table flags from the commit phase
tracing: Have trace_event_file have ref counters
io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
drm/amdgpu: fix error handling in amdgpu_bo_list_get()
drm/amd/pm: Handle non-terminated overdrive commands.
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: correct the start block of counting reserved clusters
ext4: correct return value of ext4_convert_meta_bg
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: apply umask if ACL support is disabled
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
media: qcom: camss: Fix vfe_get() error jump
mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
nfsd: fix file memleak on client_opens_release
media: venus: hfi: add checks to handle capabilities from firmware
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: sharp: fix sharp encoding
media: lirc: drop trailing space from scancode transmit
f2fs: avoid format-overflow warning
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
net: phylink: initialize carrier state at creation
net: dsa: lan9303: consequently nested-lock physical MDIO
i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
lsm: fix default return value for inode_getsecctx
lsm: fix default return value for vm_enough_memory
Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO
PCI: exynos: Don't discard .remove() callback
Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
bluetooth: Add device 13d3:3571 to device tables
bluetooth: Add device 0bda:887b to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
cpufreq: stats: Fix buffer overflow detection in trans_stats()
tty: serial: meson: fix hard LOCKUP on crtscts mode
serial: meson: Use platform_get_irq() to get the interrupt
tty: serial: meson: retrieve port FIFO size from DT
serial: meson: remove redundant initialization of variable id
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
ALSA: info: Fix potential deadlock at disconnection
xhci: Enable RPM on controllers that support low-power states
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc: Prevent booting 64-bit kernels on PA1.x machines
i3c: master: cdns: Fix reading status register
mtd: cfi_cmdset_0001: Byte swap OTP info
mm/memory_hotplug: use pfn math in place of direct struct page manipulation
mm/cma: use nth_page() in place of direct struct page manipulation
dmaengine: stm32-mdma: correct desc prep when channel running
mcb: fix error handling for different scenarios when parsing
i2c: core: Run atomic i2c xfer when !preemptible
kernel/reboot: emergency_restart: Set correct system_state
quota: explicitly forbid quota files from being encrypted
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
PCI: keystone: Don't discard .probe() callback
PCI: keystone: Don't discard .remove() callback
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
wifi: ath11k: fix htt pktlog locking
wifi: ath11k: fix dfs radar event locking
wifi: ath11k: fix temperature event locking
ima: detect changes to the backing overlay file
firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
btrfs: don't arbitrarily slow down delalloc if we're committing
rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
PM: hibernate: Use __get_safe_page() rather than touching the list
arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
mmc: sdhci_am654: fix start loop index for TAP value parsing
mmc: vub300: fix an error code
clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
parisc/pdc: Add width field to struct pdc_model
arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
ACPI: resource: Do IRQ override on TongFang GMxXGxx
watchdog: move softlockup_panic back to early_param
PCI/sysfs: Protect driver's D3cold preference from user space
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
hvc/xen: fix console unplug
tty/sysrq: replace smp_processor_id() with get_cpu()
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
audit: don't take task_lock() in audit_exe_compare() code path
KVM: x86: Ignore MSR_AMD64_TW_CFG access
KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
x86/cpu/hygon: Fix the CPU topology evaluation for real
scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers
scsi: mpt3sas: Fix loop logic
bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
bpf: Fix check_stack_write_fixed_off() to correctly spill imm
randstruct: Fix gcc-plugin performance mode to stay in group
powerpc/perf: Fix disabling BHRB and instruction sampling
media: venus: hfi: add checks to perform sanity on queue pointers
cifs: fix check of rc in function generate_smb3signingkey
cifs: spnego: add ';' in HOST_KEY_LEN
tools/power/turbostat: Fix a knl bug
macvlan: Don't propagate promisc change to lower dev in passthru
net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors
net/mlx5_core: Clean driver version and name
net/mlx5e: fix double free of encap_header
net: stmmac: fix rx budget limit check
netfilter: nf_conntrack_bridge: initialize err to 0
net: ethernet: cortina: Fix MTU max setting
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix max RX frame define
bonding: stop the device in bond_setup_by_slave()
ptp: annotate data-race around q->head and q->tail
xen/events: fix delayed eoi list handling
ppp: limit MRU to 64K
tipc: Fix kernel-infoleak due to uninitialized TLV value
net: hns3: fix VF reset fail issue
net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
tty: Fix uninit-value access in ppp_sync_receive()
ipvlan: add ipvlan_route_v6_outbound() helper
gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
SUNRPC: Add an IS_ERR() check back to where it was
SUNRPC: ECONNRESET might require a rebind
xhci: turn cancelled td cleanup to its own function
wifi: iwlwifi: Use FW rate for non-data frames
pwm: Fix double shift bug
drm/amdgpu: fix software pci_unplug on some chips
ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
kgdb: Flush console before entering kgdb on panic
drm/amd/display: Avoid NULL dereference of timing generator
media: imon: fix access to invalid resource for the second interface
media: cobalt: Use FIELD_GET() to extract Link Width
gfs2: fix an oops in gfs2_permission
gfs2: ignore negated quota changes
media: vivid: avoid integer overflow
media: gspca: cpia1: shift-out-of-bounds in set_flicker
i2c: sun6i-p2wi: Prevent potential division by zero
9p/trans_fd: Annotate data-racy writes to file::f_flags
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
tty: vcc: Add check for kstrdup() in vcc_probe()
exfat: support handle zero-size directory
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
atm: iphase: Do PCI error checks on own line
PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
ARM: 9320/1: fix stack depot IRQ stack filter
HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
jfs: fix array-index-out-of-bounds in diAlloc
jfs: fix array-index-out-of-bounds in dbFindLeaf
fs/jfs: Add validity check for db_maxag and db_agpref
fs/jfs: Add check for negative db_l2nbperpage
RDMA/hfi1: Use FIELD_GET() to extract Link Width
crypto: pcrypt - Fix hungtask for PADATA_RESET
ASoC: soc-card: Add storage for PCI SSID
selftests/efivarfs: create-read: fix a resource leak
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
drm/panel: st7703: Pick different reset sequence
drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
drm/panel: fix a possible null pointer dereference
drm/amdgpu: Fix potential null pointer derefernce
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
drm/msm/dp: skip validity check for DP CTS EDID checksum
drm/komeda: drop all currently held locks if deadlock happens
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
Bluetooth: Fix double free in hci_conn_cleanup
Bluetooth: btusb: Add date->evt_skb is NULL check
wifi: ath10k: Don't touch the CE interrupt registers after power up
net: annotate data-races around sk->sk_dst_pending_confirm
net: annotate data-races around sk->sk_tx_queue_mapping
wifi: ath10k: fix clang-specific fortify warning
wifi: ath9k: fix clang-specific fortify warnings
bpf: Detect IP == ksym.end as part of BPF program
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
wifi: mac80211_hwsim: fix clang-specific fortify warning
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
perf/core: Bail out early if the request AUX area is out of bound
locking/ww_mutex/test: Fix potential workqueue corruption
ANDROID: fix up rpmsg_device ABI break
ANDROID: fix up platform_device ABI break
Revert "kasan: print the original fault addr when access invalid shadow"
Linux 5.10.201
btrfs: use u64 for buffer sizes in the tree search ioctls
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
tracing/kprobes: Fix the order of argument descriptions
fbdev: fsl-diu-fb: mark wr_reg_wa() static
fbdev: imsttfb: fix a resource leak in probe
fbdev: imsttfb: Fix error path of imsttfb_probe()
spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
x86: Share definition of __is_canonical_address()
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
r8169: respect userspace disabling IFF_MULTICAST
tg3: power down device only on SYSTEM_POWER_OFF
net/smc: put sk reference if close work was canceled
net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
Fix termination state for idr_for_each_entry_ul()
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
inet: shrink struct flowi_common
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
hsr: Prevent use after free in prp_create_tagged_frame()
llc: verify mac len before reading mac header
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: sti: Avoid conditional gotos
regmap: prevent noinc writes from clobbering cache
media: dvb-usb-v2: af9035: fix missing unlock
media: cedrus: Fix clock/reset sequence
media: vidtv: mux: Add check and kfree for kstrdup
media: vidtv: psi: Add check for kstrdup
media: s3c-camif: Avoid inappropriate kfree()
media: bttv: fix use after free error due to btv->timeout timer
media: i2c: max9286: Fix some redundant of_node_put() calls
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: cs: fix possible hung task and memory leak pccardd()
rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
perf hist: Add missing puts to hist__account_cycles
perf machine: Avoid out of bounds LBR memory read
usb: host: xhci-plat: fix possible kernel oops while resuming
xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
powerpc/pseries: fix potential memory leak in init_cpu_associativity()
powerpc/imc-pmu: Use the correct spinlock initializer.
powerpc/xive: Fix endian conversion size
powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
interconnect: qcom: sc7180: Set ACV enable_mask
interconnect: qcom: sc7180: Retire DEFINE_QBCM
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
USB: usbip: fix stub_dev hub disconnect
tools: iio: iio_generic_buffer ensure alignment
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: privatize globals and functions in iio_generic_buffer.c file
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
livepatch: Fix missing newline character in klp_resolve_symbols()
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
leds: pwm: Don't disable the PWM when the LED should be off
mfd: dln2: Fix double put in dln2_probe
mfd: core: Ensure disabled devices are skipped without aborting
mfd: core: Un-constify mfd_cell.of_reg
ASoC: ams-delta.c: use component after check
padata: Fix refcnt handling in padata_free_shell()
padata: Convert from atomic_t to refcount_t on parallel_data->refcnt
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event()
HID: logitech-hidpp: Revert "Don't restart communication if not necessary"
HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only
HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures"
sh: bios: Revive earlyprintk support
hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip
RDMA/hfi1: Workaround truncation compilation error
scsi: ufs: core: Leave space for '\0' in utf8 desc string
ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
RDMA/hns: Fix signed-unsigned mixed comparisons
RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
IB/mlx5: Fix rdma counter binding for RAW QP
ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described
ext4: move 'ix' sanity check to corrent position
ARM: 9321/1: memset: cast the constant byte to unsigned char
hid: cp2112: Fix duplicate workqueue initialization
crypto: qat - increase size of buffers
crypto: qat - mask device capabilities with soft straps
crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
nd_btt: Make BTT lanes preemptible
libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
hwrng: geode - fix accessing registers
crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
selftests/resctrl: Ensure the benchmark commands fits to its array
selftests/pidfd: Fix ksft print formats
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
firmware: ti_sci: Mark driver as non removable
soc: qcom: llcc: Handle a second device without data corruption
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
arm64: dts: qcom: msm8916: Fix iommu local address range
xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
arm64/arm: xen: enlighten: Fix KPTI checks
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
drm/mediatek: Fix iommu fault during crtc enabling
drm/bridge: tc358768: Fix bit updates
drm/bridge: tc358768: Disable non-continuous clock mode
drm/bridge: tc358768: Fix use of uninitialized variable
drm/radeon: possible buffer overflow
drm/rockchip: vop: Fix call to crtc reset helper
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
hwmon: (axi-fan-control) Support temperature vs pwm points
platform/x86: wmi: Fix opening of char device
platform/x86: wmi: remove unnecessary initializations
platform/x86: wmi: Fix probe failure when failing to register WMI devices
clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
clk: npcm7xx: Fix incorrect kfree
clk: ti: fix double free in of_ti_divider_clk_setup()
clk: ti: change ti_clk_register[_omap_hw]() API
clk: ti: Update component clocks to use ti_dt_clk_name()
clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name()
clk: ti: Add ti_dt_clk_name() helper to use clock-output-names
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
spi: nxp-fspi: use the correct ioremap function
clk: linux/clk-provider.h: fix kernel-doc warnings and typos
clk: asm9260: use parent index to link the reference clock
clk: imx: imx8mq: correct error handling path
clk: imx: Select MXC_CLK for CLK_IMX8QXP
clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
clk: qcom: mmcc-msm8998: Fix the SMMU GDSC
clk: qcom: mmcc-msm8998: Set bimc_smmu_gdsc always on
clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks
clk: qcom: mmcc-msm8998: Add hardware clockgating registers to some clks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
regmap: debugfs: Fix a erroneous check after snprintf()
ipvlan: properly track tx_errors
net: add DEV_STATS_READ() helper
ipv6: avoid atomic fragment on GSO packets
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
tcp: fix cookie_init_timestamp() overflows
chtls: fix tp->rcv_tstamp initialization
r8169: fix rare issue with broken rx after link-down on RTL8125
r8169: use tp_to_dev instead of open code
thermal: core: prevent potential string overflow
PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_restart(): don't crash kernel if carrier is OK
wifi: rtlwifi: fix EDCA limit set by BT coexistence
tcp_metrics: do not create an entry from tcp_init_metrics()
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: add missing barriers on delete
wifi: mt76: mt7603: rework/fix rx pse hang check
wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
net: spider_net: Use size_add() in call to struct_size()
tipc: Use size_add() in calls to struct_size()
mlxsw: Use size_mul() in call to struct_size()
gve: Use size_add() in call to struct_size()
overflow: Implement size_t saturating arithmetic helpers
tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
udp: add missing WRITE_ONCE() around up->encap_rcv
i40e: fix potential memory leaks in i40e_remove()
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
pstore/platform: Add check for kstrdup
x86/boot: Fix incorrect startup_gdt_descr.size
futex: Don't include process MM in futex key on no-MMU
x86/srso: Fix SBPB enablement for (possible) future fixed HW
vfs: fix readahead(2) on block devices
sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0
iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user()
Linux 5.10.200
ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
tty: 8250: Add support for Intashield IS-100
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Remove UC-257 and UC-431
usb: raw-gadget: properly handle interrupted requests
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
can: isotp: isotp_bind(): do not validate unused address information
can: isotp: add local echo tx processing and tx without FC
can: isotp: handle wait_event_interruptible() return values
can: isotp: check CAN address family in isotp_bind()
can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
can: isotp: set max PDU size to 64 kByte
can: isotp: Add error message if txqueuelen is too small
can: isotp: add symbolic error message to isotp_module_init()
can: isotp: change error format from decimal to symbolic error names
powerpc/mm: Fix boot crash with FLATMEM
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
platform/mellanox: mlxbf-tmfifo: Fix a warning message
scsi: mpt3sas: Fix in error path
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
ASoC: rt5650: fix the wrong result of key button
netfilter: nfnetlink_log: silence bogus compiler warning
spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
irqchip/stm32-exti: add missing DT IRQ flag translation
net: sched: cls_u32: Fix allocation size in u32_init()
x86: Fix .brk attribute in linker script
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
rpmsg: glink: Release driver_override
rpmsg: Fix calling device_lock() on non-initialized device
rpmsg: Fix kfree() of static memory on setting driver_override
rpmsg: Constify local variable in field store macro
driver: platform: Add helper for safer setting of driver_override
objtool/x86: add missing embedded_insn check
ext4: avoid overlapping preallocations due to overflow
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
ext4: add two helper functions extent_logical_end() and pa_logical_end()
x86/mm: Fix RESERVE_BRK() for older binutils
x86/mm: Simplify RESERVE_BRK()
f2fs: fix to do sanity check on inode type during garbage collection
smbdirect: missing rc checks while waiting for rdma events
kobject: Fix slab-out-of-bounds in fill_kobj_path()
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
iio: adc: xilinx: use more devres helpers and remove remove()
iio: adc: xilinx: use devm_krealloc() instead of kfree() + kcalloc()
iio: adc: xilinx: use helper variable for &pdev->dev
clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name
sparc32: fix a braino in fault handling in csum_and_copy_..._user()
perf/core: Fix potential NULL deref
nvmem: imx: correct nregs for i.MX6UL
nvmem: imx: correct nregs for i.MX6SLL
nvmem: imx: correct nregs for i.MX6ULL
misc: fastrpc: Clean buffers on remote invocation failures
tracing/kprobes: Fix the description of variable length arguments
i2c: aspeed: Fix i2c bus hang in slave read
i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
iio: exynos-adc: request second interupt only when touchscreen mode is used
kasan: print the original fault addr when access invalid shadow
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
gtp: fix fragmentation needed check with gso
gtp: uapi: fix GTPA_MAX
tcp: fix wrong RTO timeout when received SACK reneging
r8152: Release firmware if we have an error in probe
r8152: Cancel hw_phy_work if we have an error in probe
r8152: Run the unload routine if we have errors during probe
r8152: Increase USB control msg timeout to 5000ms as per spec
net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show()
igc: Fix ambiguity in the ethtool advertising
neighbour: fix various data-races
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
treewide: Spelling fix in comment
r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
mmc: renesas_sdhi: use custom mask for TMIO_MASK_ALL
mm/page_alloc: correct start page when guard page debug is enabled
virtio-mmio: fix memory leak of vm_dev
virtio_balloon: Fix endless deflation and inflation on arm64
mcb-lpc: Reallocate memory region to avoid memory overlapping
mcb: Return actual parsed size when reading chameleon table
selftests/ftrace: Add new test case which checks non unique symbol
Revert "usb: core: Track SuperSpeed Plus GenXxY"
Revert "drm/connector: Add a fwnode pointer to drm_connector and register with ACPI (v2)"
Revert "drm/connector: Add drm_connector_find_by_fwnode() function (v3)"
Revert "drm/connector: Add support for out-of-band hotplug notification (v3)"
Revert "usb: typec: altmodes/displayport: Notify drm subsys of hotplug events"
Revert "usb: typec: altmodes/displayport: Signal hpd low when exiting mode"
Revert "ipv4/fib: send notify when delete source address routes"
Revert "net: add sysctl accept_ra_min_rtr_lft"
Revert "net: change accept_ra_min_rtr_lft to affect all RA lifetimes"
Revert "net: release reference to inet6_dev pointer"
Revert "xfrm: fix a data-race in xfrm_gen_index()"
Revert "perf: Disallow mis-matched inherited group reads"
Revert "Bluetooth: hci_core: Fix build warnings"
Revert "xfrm: interface: use DEV_STATS_INC()"
ANDROID: GKI: arm64: drop CONFIG_DEBUG_PREEMPT forced disable
Linux 5.10.199
xfrm6: fix inet6_dev refcount underflow problem
Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
phy: mapphone-mdm6600: Fix runtime PM for remove
phy: mapphone-mdm6600: Fix runtime disable on probe
ASoC: pxa: fix a memory leak in probe()
gpio: vf610: set value before the direction to avoid a glitch
platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
s390/pci: fix iommu bitmap allocation
perf: Disallow mis-matched inherited group reads
USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
USB: serial: option: add entry for Sierra EM9191 with new firmware
USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
nvme-rdma: do not try to stop unallocated queues
nvme-pci: add BOGUS_NID for Intel 0a54 device
ACPI: irq: Fix incorrect return value in acpi_register_gsi()
pNFS: Fix a hang in nfs4_evict_inode()
Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
mmc: core: Capture correct oemid-bits for eMMC cards
mmc: core: sdio: hold retuning if sdio in 1-bit mode
mtd: physmap-core: Restore map_rom fallback
mtd: spinand: micron: correct bitmask for ecc status
mtd: rawnand: arasan: Ensure program page operations are successful
mtd: rawnand: marvell: Ensure program page operations are successful
mtd: rawnand: qcom: Unmap the right resource upon probe failure
Bluetooth: hci_event: Fix using memcmp when comparing keys
net/mlx5: Handle fw tracer change ownership event based on MTRC
platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
HID: multitouch: Add required quirk for Synaptics 0xcd7e device
btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
drm: panel-orientation-quirks: Add quirk for One Mix 2S
ipv4/fib: send notify when delete source address routes
sky2: Make sure there is at least one frag_addr available
regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()"
wifi: cfg80211: avoid leaking stack data into trace
wifi: mac80211: allow transmitting EAPOL frames with tainted key
wifi: cfg80211: Fix 6GHz scan configuration
Bluetooth: hci_core: Fix build warnings
Bluetooth: Avoid redundant authentication
HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
tracing: relax trace_event_eval_update() execution with cond_resched()
ata: libata-eh: Fix compilation warning in ata_eh_link_report()
gpio: timberdale: Fix potential deadlock on &tgpio->lock
overlayfs: set ctime when setting mtime and atime
i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
btrfs: initialize start_slot in btrfs_log_prealloc_extents
btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
usb: typec: altmodes/displayport: Signal hpd low when exiting mode
usb: typec: altmodes/displayport: Notify drm subsys of hotplug events
drm/connector: Add support for out-of-band hotplug notification (v3)
drm/connector: Add drm_connector_find_by_fwnode() function (v3)
drm/connector: Add a fwnode pointer to drm_connector and register with ACPI (v2)
drm/connector: Give connector sysfs devices there own device_type
drm/amd/display: Don't set dpms_off for seamless boot
drm/amd/display: only check available pipe to disable vbios mode.
serial: 8250_omap: Fix errors with no_console_suspend
serial: 8250: omap: Fix imprecise external abort for omap_8250_pm()
xhci: track port suspend state correctly in unsuccessful resume cases
xhci: decouple usb2 port resume and get_port_status request handling
xhci: clear usb2 resume related variables in one place.
xhci: rename resume_done to resume_timestamp
xhci: move port specific items such as state completions to port structure
xhci: cleanup xhci_hub_control port references
usb: core: Track SuperSpeed Plus GenXxY
selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
ACPI: resource: Add ASUS model S5402ZA to quirks
ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
ACPI: resources: Add DMI-based legacy IRQ override quirk
ACPI: Drop acpi_dev_irqresource_disabled()
resource: Add irqresource_disabled()
thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge
net: pktgen: Fix interface flags printing
netfilter: nft_set_rbtree: .deactivate fails if element has expired
neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
i40e: prevent crash on probe if hw registers have invalid values
net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
tun: prevent negative ifindex
tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
tcp: fix excessive TLP and RACK timeouts from HZ rounding
net: rfkill: gpio: prevent value glitch during probe
net: ipv6: fix return value check in esp_remove_trailer
net: ipv4: fix return value check in esp_remove_trailer
xfrm: interface: use DEV_STATS_INC()
xfrm: fix a data-race in xfrm_gen_index()
qed: fix LL2 RX buffer allocation
drm/i915: Retry gtt fault when out of fence registers
nvmet-tcp: Fix a possible UAF in queue intialization setup
netfilter: nft_payload: fix wrong mac header matching
tcp: check mptcp-level constraints for backlog coalescing
x86/sev: Check for user-space IOIO pointing to kernel space
x86/sev: Check IOBM for IOIO exceptions from user-space
x86/sev: Disable MMIO emulation from user mode
KVM: x86: Mask LVTPC when handling a PMI
regmap: fix NULL deref on lookup
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
ice: reset first in crash dump kernels
ice: fix over-shifted variable
Bluetooth: avoid memcmp() out of bounds warning
Bluetooth: hci_event: Fix coding style
Bluetooth: vhci: Fix race when opening vhci device
Bluetooth: Fix a refcnt underflow problem for hci_conn
Bluetooth: Reject connection with the device which has same BD_ADDR
Bluetooth: hci_event: Ignore NULL link key
usb: hub: Guard against accesses to uninitialized BOS descriptors
Documentation: sysctl: align cells in second content column
mm/memory_hotplug: rate limit page migration warnings
lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default
dev_forward_skb: do not scrub skb mark within the same name space
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
RDMA/srp: Fix srp_abort()
RDMA/srp: Set scmnd->result only when scmnd is not NULL
arm64: armv8_deprecated: fix unused-function error
arm64: armv8_deprecated: rework deprected instruction handling
arm64: armv8_deprecated: move aarch32 helper earlier
arm64: armv8_deprecated move emulation functions
arm64: armv8_deprecated: fold ops into insn_emulation
arm64: rework EL0 MRS emulation
arm64: factor insn read out of call_undef_hook()
arm64: factor out EL1 SSBS emulation hook
arm64: split EL0/EL1 UNDEF handlers
arm64: allow kprobes on EL0 handlers
arm64: rework BTI exception handling
arm64: rework FPAC exception handling
arm64: consistently pass ESR_ELx to die()
arm64: die(): pass 'err' as long
arm64: report EL1 UNDEFs better
x86/alternatives: Disable KASAN in apply_alternatives()
powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
counter: microchip-tcb-capture: Fix the use of internal GCLK logic
pinctrl: avoid unsafe code pattern in find_pinctrl()
cgroup: Remove duplicates in cgroup v1 tasks file
tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case
Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
Input: xpad - add PXN V900 support
Input: psmouse - fix fast_reconnect function for PS/2 mode
Input: powermate - fix use-after-free in powermate_config_complete
ceph: fix type promotion bug on 32bit systems
ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
libceph: use kernel_connect()
thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
mcb: remove is_added flag from mcb_device struct
x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
iio: pressure: dps310: Adjust Timeout Settings
iio: pressure: bmp280: Fix NULL pointer exception
usb: musb: Modify the "HWVers" register address
usb: musb: Get the musb_qh poniter after musb_giveback
usb: dwc3: Soft reset phy on probe for host
net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
dmaengine: stm32-mdma: abort resume if no ongoing transfer
media: mtk-jpeg: Fix use after free bug due to uncanceled work
net: release reference to inet6_dev pointer
net: change accept_ra_min_rtr_lft to affect all RA lifetimes
net: add sysctl accept_ra_min_rtr_lft
Revert "spi: spi-zynqmp-gqspi: Fix runtime PM imbalance in zynqmp_qspi_probe"
Revert "spi: zynqmp-gqspi: fix clock imbalance on probe failure"
workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
nfc: nci: assert requested protocol is valid
pinctrl: renesas: rzn1: Enable missing PINMUX
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
ixgbe: fix crash with empty VF macvlan list
net: phy: mscc: macsec: reject PN update requests
net: macsec: indicate next pn update when offloading
drm/vmwgfx: fix typo of sizeof argument
riscv, bpf: Sign-extend return values
riscv, bpf: Factor out emit_call for kernel and bpf context
xen-netback: use default TX queue size for vifs
mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
ravb: Fix up dma_free_coherent() call in ravb_remove()
drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
drm/msm/dsi: skip the wait for video mode done if not applicable
drm/msm/dp: do not reinitialize phy unless retry during link training
net: prevent address rewrite in kernel_bind()
quota: Fix slow quotaoff
HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
lib/test_meminit: fix off-by-one error in test_pages()
perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
RDMA/cxgb4: Check skb value for failure to allocate
RDMA/srp: Do not call scsi_done() from srp_abort()
RDMA/srp: Make struct scsi_cmnd and struct srp_request adjacent
Conflicts:
drivers/interconnect/qcom/bcm-voter.c
drivers/interconnect/qcom/icc-rpmh.h
drivers/media/platform/qcom/venus/hfi_parser.c
Change-Id: I3dd63e23b279d1f3dc6f726d18b73a965098b403
Signed-off-by: aseshu <quic_aseshu@quicinc.com>
|
||
Gustavo A. R. Silva
|
415edd2d66 |
net/ipv4/ipv6: Replace one-element arraya with flexible-array members
[ Upstream commit db243b796439c0caba47865564d8acd18a301d18 ]
There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].
Use an anonymous union with a couple of anonymous structs in order to
keep userspace unchanged and refactor the related code accordingly:
$ pahole -C group_filter net/ipv4/ip_sockglue.o
struct group_filter {
union {
struct {
__u32 gf_interface_aux; /* 0 4 */
/* XXX 4 bytes hole, try to pack */
struct __kernel_sockaddr_storage gf_group_aux; /* 8 128 */
/* --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- */
__u32 gf_fmode_aux; /* 136 4 */
__u32 gf_numsrc_aux; /* 140 4 */
struct __kernel_sockaddr_storage gf_slist[1]; /* 144 128 */
}; /* 0 272 */
struct {
__u32 gf_interface; /* 0 4 */
/* XXX 4 bytes hole, try to pack */
struct __kernel_sockaddr_storage gf_group; /* 8 128 */
/* --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- */
__u32 gf_fmode; /* 136 4 */
__u32 gf_numsrc; /* 140 4 */
struct __kernel_sockaddr_storage gf_slist_flex[0]; /* 144 0 */
}; /* 0 144 */
}; /* 0 272 */
/* size: 272, cachelines: 5, members: 1 */
/* last cacheline: 16 bytes */
};
$ pahole -C compat_group_filter net/ipv4/ip_sockglue.o
struct compat_group_filter {
union {
struct {
__u32 gf_interface_aux; /* 0 4 */
struct __kernel_sockaddr_storage gf_group_aux __attribute__((__aligned__(4))); /* 4 128 */
/* --- cacheline 2 boundary (128 bytes) was 4 bytes ago --- */
__u32 gf_fmode_aux; /* 132 4 */
__u32 gf_numsrc_aux; /* 136 4 */
struct __kernel_sockaddr_storage gf_slist[1] __attribute__((__aligned__(4))); /* 140 128 */
} __attribute__((__packed__)) __attribute__((__aligned__(4))); /* 0 268 */
struct {
__u32 gf_interface; /* 0 4 */
struct __kernel_sockaddr_storage gf_group __attribute__((__aligned__(4))); /* 4 128 */
/* --- cacheline 2 boundary (128 bytes) was 4 bytes ago --- */
__u32 gf_fmode; /* 132 4 */
__u32 gf_numsrc; /* 136 4 */
struct __kernel_sockaddr_storage gf_slist_flex[0] __attribute__((__aligned__(4))); /* 140 0 */
} __attribute__((__packed__)) __attribute__((__aligned__(4))); /* 0 140 */
} __attribute__((__aligned__(1))); /* 0 268 */
/* size: 268, cachelines: 5, members: 1 */
/* forced alignments: 1 */
/* last cacheline: 12 bytes */
} __attribute__((__packed__));
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 5c3be3e0eb44 ("ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Paolo Abeni
|
8affdbb3e2 |
mptcp: fix lockless access in subflow ULP diag
commit b8adb69a7d29c2d33eb327bca66476fb6066516b upstream.
Since the introduction of the subflow ULP diag interface, the
dump callback accessed all the subflow data with lockless.
We need either to annotate all the read and write operation accordingly,
or acquire the subflow socket lock. Let's do latter, even if slower, to
avoid a diffstat havoc.
Fixes:
|
||
Dan Carpenter
|
9a865a11d6 |
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
commit c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 upstream.
The problem is in nft_byteorder_eval() where we are iterating through a
loop and writing to dst[0], dst[1], dst[2] and so on... On each
iteration we are writing 8 bytes. But dst[] is an array of u32 so each
element only has space for 4 bytes. That means that every iteration
overwrites part of the previous element.
I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter:
nf_tables: prevent OOB access in nft_byteorder_eval") which is a related
issue. I think that the reason we have not detected this bug in testing
is that most of time we only write one element.
Fixes:
|
||
|
Eric Dumazet
|
f199018dc7 |
af_unix: fix lockdep positive in sk_diag_dump_icons()
[ Upstream commit 4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9 ]
syzbot reported a lockdep splat [1].
Blamed commit hinted about the possible lockdep
violation, and code used unix_state_lock_nested()
in an attempt to silence lockdep.
It is not sufficient, because unix_state_lock_nested()
is already used from unix_state_double_lock().
We need to use a separate subclass.
This patch adds a distinct enumeration to make things
more explicit.
Also use swap() in unix_state_double_lock() as a clean up.
v2: add a missing inline keyword to unix_state_lock_nested()
[1]
WARNING: possible circular locking dependency detected
6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted
syz-executor.1/2542 is trying to acquire lock:
ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863
but task is already holding lock:
ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&u->lock/1){+.+.}-{2:2}:
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
sk_diag_dump_icons net/unix/diag.c:87 [inline]
sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157
sk_diag_dump net/unix/diag.c:196 [inline]
unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220
netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264
__netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370
netlink_dump_start include/linux/netlink.h:338 [inline]
unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319
sock_diag_rcv_msg+0xe3/0x400
netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543
sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
sock_write_iter+0x39a/0x520 net/socket.c:1160
call_write_iter include/linux/fs.h:2085 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xa74/0xca0 fs/read_write.c:590
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
-> #0 (rlock-AF_UNIX){+.+.}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863
unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x592/0x890 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&u->lock/1);
lock(rlock-AF_UNIX);
lock(&u->lock/1);
lock(rlock-AF_UNIX);
*** DEADLOCK ***
1 lock held by syz-executor.1/2542:
#0: ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089
stack backtrace:
CPU: 1 PID: 2542 Comm: syz-executor.1 Not tainted 6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
check_noncircular+0x366/0x490 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863
unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x592/0x890 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f26d887cda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f26d95a60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f26d89abf80 RCX: 00007f26d887cda9
RDX: 000000000000003e RSI: 00000000200bd000 RDI: 0000000000000004
RBP: 00007f26d88c947a R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000008c0 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f26d89abf80 R15: 00007ffcfe081a68
Fixes:
|
||
|
Kuniyuki Iwashima
|
9ccdef19cf |
llc: Drop support for ETH_P_TR_802_2.
[ Upstream commit e3f9bed9bee261e3347131764e42aeedf1ffea61 ]
syzbot reported an uninit-value bug below. [0]
llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2
(0x0011), and syzbot abused the latter to trigger the bug.
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16)
llc_conn_handler() initialises local variables {saddr,daddr}.mac
based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes
them to __llc_lookup().
However, the initialisation is done only when skb->protocol is
htons(ETH_P_802_2), otherwise, __llc_lookup_established() and
__llc_lookup_listener() will read garbage.
The missing initialisation existed prior to commit
|
||
Zhengchao Shao
|
bc99dcedd2 |
tcp: make sure init the accept_queue's spinlocks once
[ Upstream commit 198bc90e0e734e5f98c3d2833e8390cac3df61b2 ]
When I run syz's reproduction C program locally, it causes the following
issue:
pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!
WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)
Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7
30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900
RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff
R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000
R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000
FS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0
Call Trace:
<IRQ>
_raw_spin_unlock (kernel/locking/spinlock.c:186)
inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)
inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)
tcp_check_req (net/ipv4/tcp_minisocks.c:868)
tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)
ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)
ip_local_deliver_finish (net/ipv4/ip_input.c:234)
__netif_receive_skb_one_core (net/core/dev.c:5529)
process_backlog (./include/linux/rcupdate.h:779)
__napi_poll (net/core/dev.c:6533)
net_rx_action (net/core/dev.c:6604)
__do_softirq (./arch/x86/include/asm/jump_label.h:27)
do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)
</IRQ>
<TASK>
__local_bh_enable_ip (kernel/softirq.c:381)
__dev_queue_xmit (net/core/dev.c:4374)
ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)
__ip_queue_xmit (net/ipv4/ip_output.c:535)
__tcp_transmit_skb (net/ipv4/tcp_output.c:1462)
tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)
tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)
tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)
__release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)
release_sock (net/core/sock.c:3536)
inet_wait_for_connect (net/ipv4/af_inet.c:609)
__inet_stream_connect (net/ipv4/af_inet.c:702)
inet_stream_connect (net/ipv4/af_inet.c:748)
__sys_connect (./include/linux/file.h:45 net/socket.c:2064)
__x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)
do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
RIP: 0033:0x7fa10ff05a3d
Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89
c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48
RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d
RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640
R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20
</TASK>
The issue triggering process is analyzed as follows:
Thread A Thread B
tcp_v4_rcv //receive ack TCP packet inet_shutdown
tcp_check_req tcp_disconnect //disconnect sock
... tcp_set_state(sk, TCP_CLOSE)
inet_csk_complete_hashdance ...
inet_csk_reqsk_queue_add inet_listen //start listen
spin_lock(&queue->rskq_lock) inet_csk_listen_start
... reqsk_queue_alloc
... spin_lock_init
spin_unlock(&queue->rskq_lock) //warning
When the socket receives the ACK packet during the three-way handshake,
it will hold spinlock. And then the user actively shutdowns the socket
and listens to the socket immediately, the spinlock will be initialized.
When the socket is going to release the spinlock, a warning is generated.
Also the same issue to fastopenq.lock.
Move init spinlock to inet_create and inet_accept to make sure init the
accept_queue's spinlocks once.
Fixes:
|
||
|
Greg Kroah-Hartman
|
7e6944b050 |
This is the 5.10.209 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWy4soACgkQONu9yGCS
aT5VxA/8DwcU5ST4AJ4EOaaWHUU/HHMV2/bSOLDhVTEl4gEnaj3LeOz2bIrfzNgb
9bHBYCtl3PFl+hZxY3wvC55o80SeIjskpU9rHvzQ36y8dd+uIfXjhLHPBHV7AO4m
Yu6+dEoaJqFpVgyBKn+YFg6x0w8m1sWX5tcrQRkcMt/REak91bqdf8l0JDz1Jd2d
uiCh3ssy9yNl7UTdPovzgK9IZ4zv0Kk13F9lXcsMEmjmB3awyaQlglBlCG0NEUKj
wRWzT4uKHHcW4sHg/UyEfVUnKQGZvf7/eOAXK2kEsBFSzcl+QLwZxWSmRDL81dzl
1jjivPCQKtEPZqIZnDQuNvtijw5NNT/yJ5yRlJ7qmuCuBA/2VYqecEAVERhd6dYj
le6oMu3340G5Dyq43XhOtPf+Fm1HkuMtQ49oyK8k/nEZSFGDWlrJ//cuOWYjUbpo
d/fgCaLCxAm60KPiCnGdC7GQcIDJBbgjC3XDvxYGLA0ee+31XqhHDTlOkeHv+7oP
3PwSssT/M4Ppwzb0Imna/qaCO7lKUbS4oQSLahbfGg+fyAKfM7N3No7raF+L4VIE
RACbvKrSfv2WuTncQBdd/kQ2kvhuGMD4L1WjXNFi2VQzI2JbEcYZcJWYXF5tvCNj
aotDJumjF0WtGWcEdKg8Cr2AArMm6dHmRS5VVIG+taWpiWIl5lc=
=iU8L
-----END PGP SIGNATURE-----
Merge 5.10.209 into android12-5.10-lts
Changes in 5.10.209
f2fs: explicitly null-terminate the xattr list
pinctrl: lochnagar: Don't build on MIPS
ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
mptcp: fix uninit-value in mptcp_incoming_options
debugfs: fix automount d_fsdata usage
drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
nvme-core: check for too small lba shift
ASoC: wm8974: Correct boost mixer inputs
ASoC: Intel: Skylake: Fix mem leak in few functions
ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16
ASoC: Intel: Skylake: mem leak in skl register function
ASoC: cs43130: Fix the position of const qualifier
ASoC: cs43130: Fix incorrect frame delay configuration
ASoC: rt5650: add mutex to avoid the jack detection failure
nouveau/tu102: flush all pdbs on vmm flush
net/tg3: fix race condition in tg3_reset_task()
ASoC: da7219: Support low DC impedance headset
nvme: introduce helper function to get ctrl state
drm/exynos: fix a potential error pointer dereference
drm/exynos: fix a wrong error checking
clk: rockchip: rk3128: Fix HCLK_OTG gate register
jbd2: correct the printing of write_flags in jbd2_write_superblock()
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
neighbour: Don't let neigh_forced_gc() disable preemption for long
jbd2: fix soft lockup in journal_finish_inode_data_buffers()
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
tracing: Add size check when printing trace_marker output
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
Input: atkbd - skip ATKBD_CMD_GETID in translated mode
Input: i8042 - add nomux quirk for Acer P459-G2-M
s390/scm: fix virtual vs physical address confusion
ARC: fix spare error
Input: xpad - add Razer Wolverine V2 support
i2c: rk3x: fix potential spinlock recursion on poll
ida: Fix crash in ida_free when the bitmap is empty
net: qrtr: ns: Return 0 if server port is not present
ARM: sun9i: smp: fix return code check of of_property_match_string
drm/crtc: fix uninitialized variable use
ACPI: resource: Add another DMI match for the TongFang GMxXGxx
binder: use EPOLLERR from eventpoll.h
binder: fix trivial typo of binder_free_buf_locked()
binder: fix comment on binder_alloc_new_buf() return value
uio: Fix use-after-free in uio_open
parport: parport_serial: Add Brainboxes BAR details
parport: parport_serial: Add Brainboxes device IDs and geometry
PCI: Add ACS quirk for more Zhaoxin Root Ports
coresight: etm4x: Fix width of CCITMIN field
x86/lib: Fix overflow when counting digits
EDAC/thunderx: Fix possible out-of-bounds string access
powerpc: add crtsavres.o to always-y instead of extra-y
powerpc: Remove in_kernel_text()
powerpc/44x: select I2C for CURRITUCK
powerpc/pseries/memhotplug: Quieten some DLPAR operations
powerpc/pseries/memhp: Fix access beyond end of drmem array
selftests/powerpc: Fix error handling in FPU/VMX preemption tests
powerpc/powernv: Add a null pointer check to scom_debug_init_one()
powerpc/powernv: Add a null pointer check in opal_event_init()
powerpc/powernv: Add a null pointer check in opal_powercap_init()
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
ACPI: video: check for error while searching for backlight device parent
ACPI: LPIT: Avoid u32 multiplication overflow
of: property: define of_property_read_u{8,16,32,64}_array() unconditionally
of: Add of_property_present() helper
cpufreq: Use of_property_present() for testing DT property presence
cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()
net: netlabel: Fix kerneldoc warnings
netlabel: remove unused parameter in netlbl_netlink_auditinfo()
calipso: fix memory leak in netlbl_calipso_add_pass()
efivarfs: force RO when remounting if SetVariable is not supported
spi: sh-msiof: Enforce fixed DTDL for R-Car H3
ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
virtio-crypto: implement RSA algorithm
virtio-crypto: change code style
virtio-crypto: use private buffer for control request
virtio-crypto: wait ctrl queue instead of busy polling
crypto: virtio - Handle dataq logic with tasklet
crypto: sa2ul - Return crypto_aead_setkey to transfer the error
crypto: ccp - fix memleak in ccp_init_dm_workarea
crypto: af_alg - Disallow multiple in-flight AIO requests
crypto: sahara - remove FLAGS_NEW_KEY logic
crypto: sahara - fix cbc selftest failure
crypto: sahara - fix ahash selftest failure
crypto: sahara - fix processing requests with cryptlen < sg->length
crypto: sahara - fix error handling in sahara_hw_descriptor_create()
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
fs: indicate request originates from old mount API
Revert "gfs2: Don't reject a supposedly full bitmap if we have blocks reserved"
gfs2: Also reflect single-block allocations in rgd->rd_extfail_pt
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
crypto: virtio - Wait for tasklet to complete on device remove
crypto: sahara - avoid skcipher fallback code duplication
crypto: sahara - handle zero-length aes requests
crypto: sahara - fix ahash reqsize
crypto: sahara - fix wait_for_completion_timeout() error handling
crypto: sahara - improve error handling in sahara_sha_process()
crypto: sahara - fix processing hash requests with req->nbytes < sg->length
crypto: sahara - do not resize req->src when doing hash operations
crypto: scomp - fix req->dst buffer overflow
blocklayoutdriver: Fix reference leak of pnfs_device_node
NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
bpf, lpm: Fix check prefixlen before walking trie
bpf: Add crosstask check to __bpf_get_stack
wifi: ath11k: Defer on rproc_get failure
wifi: libertas: stop selecting wext
ARM: dts: qcom: apq8064: correct XOADC register address
ncsi: internal.h: Fix a spello
net/ncsi: Fix netlink major/minor version numbers
firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
firmware: meson_sm: populate platform devices from sm device tree data
wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type
bpf: fix check for attempt to corrupt spilled pointer
scsi: fnic: Return error if vmalloc() failed
arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator
arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
bpf: Fix verification of indirect var-off stack access
scsi: hisi_sas: Replace with standard error code return value
selftests/net: fix grep checking for fib_nexthop_multiprefix
virtio/vsock: fix logic which reduces credit update messages
dma-mapping: Add dma_release_coherent_memory to DMA API
dma-mapping: clear dev->dma_mem to NULL after freeing it
wifi: rtlwifi: add calculate_bit_shift()
wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
rtlwifi: rtl8192de: make arrays static const, makes object smaller
wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
netfilter: nf_tables: mark newset as dead on transaction abort
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
Bluetooth: btmtkuart: fix recv_buf() return value
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
ARM: davinci: always select CONFIG_CPU_ARM926T
RDMA/usnic: Silence uninitialized symbol smatch warnings
drm/panel-elida-kd35t133: hold panel in reset for unprepare
rcu: Create an unrcu_pointer() to remove __rcu from a pointer
drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer
drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
media: pvrusb2: fix use after free on context disconnection
drm/bridge: Fix typo in post_disable() description
f2fs: fix to avoid dirent corruption
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
drm/radeon: check return value of radeon_ring_lock()
ASoC: cs35l33: Fix GPIO name and drop legacy include
ASoC: cs35l34: Fix GPIO name and drop legacy include
drm/msm/mdp4: flush vblank event on disable
drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
drm/drv: propagate errors from drm_modeset_register_all()
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
drm/bridge: tc358767: Fix return value on error case
media: cx231xx: fix a memleak in cx231xx_init_isoc
clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
media: rkisp1: Disable runtime PM in probe error path
f2fs: fix to check compress file in f2fs_move_file_range()
f2fs: fix to update iostat correctly in f2fs_filemap_fault()
media: dvbdev: drop refcount on error path in dvb_device_open()
media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe()
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
drm/amd/pm: fix a double-free in si_dpm_init
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
gpu/drm/radeon: fix two memleaks in radeon_vm_init
dt-bindings: clock: Update the videocc resets for sm8150
clk: qcom: videocc-sm8150: Update the videocc resets
clk: qcom: videocc-sm8150: Add missing PLL config property
drivers: clk: zynqmp: calculate closest mux rate
clk: zynqmp: make bestdiv unsigned
clk: zynqmp: Add a check for NULL pointer
drivers: clk: zynqmp: update divider round rate logic
watchdog: set cdev owner before adding
watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
clk: si5341: fix an error code problem in si5341_output_clk_set_rate
clk: fixed-rate: add devm_clk_hw_register_fixed_rate
clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw
pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable
pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
pwm: stm32: Fix enable count for clk in .probe()
mmc: sdhci_am654: Fix TI SoC dependencies
mmc: sdhci_omap: Fix TI SoC dependencies
IB/iser: Prevent invalidating wrong MR
of: Fix double free in of_parse_phandle_with_args_map
of: unittest: Fix of_count_phandle_with_args() expected value message
keys, dns: Fix size check of V1 server-list header
binder: fix async space check for 0-sized buffers
binder: fix unused alloc->free_async_space
binder: fix use-after-free in shinker's callback
Input: atkbd - use ab83 as id when skipping the getid command
dma-mapping: Fix build error unused-value
virtio-crypto: fix memory-leak
virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek"
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
net: ethernet: mtk_eth_soc: remove duplicate if statements
xen-netback: don't produce zero-size SKB frags
binder: fix race between mmput() and do_exit()
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
Revert "usb: dwc3: Soft reset phy on probe for host"
Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only"
usb: chipidea: wait controller resume finished for wakeup irq
Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
usb: typec: class: fix typec_altmode_put_partner to put plugs
usb: mon: Fix atomicity violation in mon_bin_vma_fault
serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock
ALSA: oxygen: Fix right channel of capture volume mixer
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
fbdev: flush deferred work in fb_deferred_io_fsync()
pwm: jz4740: Don't use dev_err_probe() in .request()
io_uring/rw: ensure io->bytes_done is always initialized
rootfs: Fix support for rootfstype= when root= is given
Bluetooth: Fix atomicity violation in {min,max}_key_size_set
iommu/arm-smmu-qcom: Add missing GMU entry to match table
wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
wifi: mwifiex: configure BSSID consistently when starting AP
x86/kvm: Do not try to disable kvmclock if it was not enabled
KVM: arm64: vgic-v4: Restore pending state on host userspace write
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
iio: adc: ad7091r: Pass iio_dev to event handler
HID: wacom: Correct behavior when processing some confidence == false touches
mfd: syscon: Fix null pointer dereference in of_syscon_register()
leds: aw2013: Select missing dependency REGMAP_I2C
mips: dmi: Fix early remap on MIPS32
mips: Fix incorrect max_low_pfn adjustment
MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
power: supply: cw2015: correct time_to_empty units in sysfs
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
libapi: Add missing linux/types.h header to get the __u64 type on io.h
acpi: property: Let args be NULL in __acpi_node_get_property_reference
software node: Let args be NULL in software_node_get_reference_args
serial: imx: fix tx statemachine deadlock
iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify
iio: adc: ad9467: fix reset gpio handling
iio: adc: ad9467: don't ignore error codes
iio: adc: ad9467: fix scale setting
perf genelf: Set ELF program header addresses properly
tty: change tty_write_lock()'s ndelay parameter to bool
tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK
tty: don't check for signal_pending() in send_break()
tty: use 'if' in send_break() instead of 'goto'
usb: cdc-acm: return correct error code on unsupported break
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
nvmet-tcp: fix a crash in nvmet_req_complete()
perf env: Avoid recursively taking env->bpf_progs.lock
apparmor: avoid crash when parsed profile name is empty
serial: imx: Correct clock error message in function probe()
nvmet-tcp: Fix the H2C expected PDU len calculation
PCI: keystone: Fix race condition when initializing PHYs
s390/pci: fix max size calculation in zpci_memcpy_toio()
net: qualcomm: rmnet: fix global oob in rmnet_policy
net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames
net: phy: micrel: populate .soft_reset for KSZ9131
net: ravb: Fix dma_addr_t truncation in error case
net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
netfilter: nf_tables: do not allow mismatch field size and set key length
netfilter: nf_tables: skip dead set elements in netlink dump
netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
ipvs: avoid stat macros calls from preemptible context
kdb: Fix a potential buffer overflow in kdb_local()
ethtool: netlink: Add missing ethnl_ops_begin/complete
mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()
mlxsw: spectrum_acl_tcam: Make fini symmetric to init
mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations
mlxsw: spectrum_acl_tcam: Fix stack corruption
selftests: mlxsw: qos_pfc: Convert to iproute2 dcb
selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
i2c: s3c24xx: fix read transfers in polling mode
i2c: s3c24xx: fix transferring more than one message in polling mode
arm64: dts: armada-3720-turris-mox: set irq type for RTC
Linux 5.10.209
Change-Id: I86438e299a811ccb08c5a27b2259c33cd482ff00
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Luiz Augusto von Dentz
|
fd54d16613 |
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
[ Upstream commit d03376c185926098cb4d668d6458801eb785c0a5 ] This reverts |
||
|
Greg Kroah-Hartman
|
62f62d810d |
Revert "ipv6: remove max_size check inline with ipv4"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
680475ab46 |
This is the 5.10.208 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWlb9wACgkQONu9yGCS aT7xVBAAxWKfeQYqCxJbBVpyriOLnbzrNeM4fi0TCyX4J/UsMrpnMP101eFZmyJN L2W4rzWcRHoogWSdK1SvjRZuBi2bUUj0NVbfsoLZPJvJ5yj8gg4Io/ejhXStvXcH o0aKVR9pBfLu4NWWNZ0gOJQ5xK+ndHp+naylV6kA6WYyUBr+q8BSTQJcEDM4gAkl eRdshQIbQK1JUPmgA6Grv/FsaoPsfU+BxriWfRMEiYrFjLDCHkr9YJ3RlIwYVJDU +7CG6AzLXk3qNczk/4/9Vx67agDpeXT0kCiAPB0Y8GPH+4bNtE6FIzRTNNfHbPOV Q8U18dToawIvOXUZaenX84Dg8XKS9vUVD/KxBqUTvLwlaUDVZr9XNtOkdCQcnwro qTMxFE7HttpMJSSHtZp7xLyOwn8i74vgcfYXngZlawZJzAHVqgCDk4105PylSetZ BTBxn990H9TxDO0weaiDLKMPbXVusxxbFY4hBVxVQdmfwWrJ7yYVb2IAF4kNy7dF dRVoPDOC5Qf840REJgwzKJysZ4l2Ejcdicxi6zG+7SJH2jKYrcCW4AloALODRVHz uf8BOgvD2W9lOTXkJy+LziNvDvVqe5B1l2E/WAIXI6jmo/abkmSKJpPWtTcF7xYs CU7+3dny8BMu7zAIXjgnJmVRiGGMudi/steXyE0KV5X9hOdLQJo= =F/LV -----END PGP SIGNATURE----- Merge 5.10.208 into android12-5.10-lts Changes in 5.10.208 keys, dns: Fix missing size check of V1 server-list header block: Don't invalidate pagecache for invalid falloc modes ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local octeontx2-af: Fix marking couple of structure as __packed drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern i40e: Fix filter input checks to prevent config with invalid values net: sched: em_text: fix possible memory leak in em_text_destroy() ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init sfc: fix a double-free bug in efx_probe_filters net: bcmgenet: Fix FCS generation for fragmented skbuffs netfilter: nftables: add loop check helper function netfilter: nft_immediate: drop chain reference counter on error net: Save and restore msg_namelen in sock_sendmsg i40e: fix use-after-free in i40e_aqc_add_filters() ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux i40e: Restore VF MSI-X state during PCI reset net/qla3xxx: switch from 'pci_' to 'dma_' API net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues asix: Add check for usbnet_get_endpoints bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() net: Implement missing SO_TIMESTAMPING_NEW cmsg support mm/memory-failure: check the mapcount of the precise page firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect i2c: core: Fix atomic xfer check for non-preempt config mm: fix unmap_mapping_range high bits shift bug mmc: meson-mx-sdhc: Fix initialization frozen issue mmc: rpmb: fixes pause retune on all RPMB partitions. mmc: core: Cancel delayed work before releasing host mmc: sdhci-sprd: Fix eMMC init failure after hw reset powerpc: update ppc_save_regs to save current r1 in pt_regs net: tls, update curr on splice as well ipv6: remove max_size check inline with ipv4 drm/qxl: fix UAF on handle creation netfilter: nf_tables: Reject tables of unsupported family PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()" Linux 5.10.208 Change-Id: I85f7791b6a3e06127bfd2e52a23ce90abb80ed8f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jon Maxwell
|
dd56c5790d |
ipv6: remove max_size check inline with ipv4
commit af6d10345ca76670c1b7c37799f0d5576ccef277 upstream. In ip6_dst_gc() replace: if (entries > gc_thresh) With: if (entries > ops->gc_thresh) Sending Ipv6 packets in a loop via a raw socket triggers an issue where a route is cloned by ip6_rt_cache_alloc() for each packet sent. This quickly consumes the Ipv6 max_size threshold which defaults to 4096 resulting in these warnings: [1] 99.187805] dst_alloc: 7728 callbacks suppressed [2] Route cache is full: consider increasing sysctl net.ipv6.route.max_size. . . [300] Route cache is full: consider increasing sysctl net.ipv6.route.max_size. When this happens the packet is dropped and sendto() gets a network is unreachable error: remaining pkt 200557 errno 101 remaining pkt 196462 errno 101 . . remaining pkt 126821 errno 101 Implement David Aherns suggestion to remove max_size check seeing that Ipv6 has a GC to manage memory usage. Ipv4 already does not check max_size. Here are some memory comparisons for Ipv4 vs Ipv6 with the patch: Test by running 5 instances of a program that sends UDP packets to a raw socket 5000000 times. Compare Ipv4 and Ipv6 performance with a similar program. Ipv4: Before test: MemFree: 29427108 kB Slab: 237612 kB ip6_dst_cache 1912 2528 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 2881 3990 192 42 2 : tunables 0 0 0 During test: MemFree: 29417608 kB Slab: 247712 kB ip6_dst_cache 1912 2528 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 44394 44394 192 42 2 : tunables 0 0 0 After test: MemFree: 29422308 kB Slab: 238104 kB ip6_dst_cache 1912 2528 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 3048 4116 192 42 2 : tunables 0 0 0 Ipv6 with patch: Errno 101 errors are not observed anymore with the patch. Before test: MemFree: 29422308 kB Slab: 238104 kB ip6_dst_cache 1912 2528 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 3048 4116 192 42 2 : tunables 0 0 0 During Test: MemFree: 29431516 kB Slab: 240940 kB ip6_dst_cache 11980 12064 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 3048 4116 192 42 2 : tunables 0 0 0 After Test: MemFree: 29441816 kB Slab: 238132 kB ip6_dst_cache 1902 2432 256 32 2 : tunables 0 0 0 xfrm_dst_cache 0 0 320 25 2 : tunables 0 0 0 ip_dst_cache 3048 4116 192 42 2 : tunables 0 0 0 Tested-by: Andrea Mayer <andrea.mayer@uniroma2.it> Signed-off-by: Jon Maxwell <jmaxwell37@gmail.com> Reviewed-by: David Ahern <dsahern@kernel.org> Link: https://lore.kernel.org/r/20230112012532.311021-1-jmaxwell37@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Cc: "Jitindar Singh, Suraj" <surajjs@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
8a9d593fd6 |
This is the 5.10.206 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWYDlYACgkQONu9yGCS aT5i8A//V/cQxM4ABg2SGkOLg9TFEmUC/TsrvbmSjwTTpOgi1XuncuxBxoLz6eb4 G8nCmFjuh2E8YL2WMXn5Gs891J6enlc+Pg8Iz54NVXKff4RJZy2zP2KEVmHwYS5R Bm2uUsfqQFXZ4V6tRUBiUTtk/aLyNKbiJEV/eg/1NL27xoNTfWFICnq8Jr7liCxt kedPiN6MAVzHCJ00IPRSFFuVHgofI1lPhCg6qbU0KEmfU/3sXZ3hP4ewBI/QbAIF MO3XLXTpWU8QnKqr50cnW30pxhm+Lc/n/TokgRC0Ng1YtDms6zFyLxCX5CDH1FHf Y3QhS5HVZmR2x7Ga5wd8gLwoXun/HU7y+GCVD1ToiWch/zF/vUgYK80Hkxsc/0Wf UUs8erxkGKpidpOrqNOgHxeTtpLbTVYGi/F8XMoohUW7qmlLvyiezU/wHapJ6EZA T93QS/WhY993b2Hz7apu3o7Jm9ZpiVIpoRiniWRkcoLltZM7RdZTqnIHr/0PAZbD qtOzQrCDCT5EMZz9rjI45K9K5pOA8cVhjehnQaG93DSiVp0wu+uP/Ib15oZiVA/q k+uW5YgT03HZQ8QTcW4d87mLqkl5PqzpWRRBQZw9aN22YQ9wyUEPpjliZgDpjjXE lKtr4S2Sudfpt5kiH72MYZbMqsgn8TT56lumL6ZplEvlPH/J76Y= =Xj2r -----END PGP SIGNATURE----- Merge 5.10.206 into android12-5.10-lts Changes in 5.10.206 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE smb: client: fix OOB in smb2_query_reparse_point() ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init reset: Fix crash when freeing non-existent optional resets s390/vx: fix save/restore of fpu kernel context wifi: mac80211: mesh_plink: fix matches_local logic Revert "net/mlx5e: fix double free of encap_header" net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() net/mlx5: Fix fw tracer first block check net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net: sched: ife: fix potential use-after-free ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net/rose: fix races in rose_kill_by_device() net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check net: warn if gso_type isn't set for a GSO SKB net: check dev->gso_max_size in gso_features_check() keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry afs: Fix overwriting of result of DNS query i2c: aspeed: Handle the coalesced stop conditions with the start conditions. pinctrl: at91-pio4: use dedicated lock class for IRQ ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB smb: client: fix NULL deref in asn1_ber_decoder() btrfs: do not allow non subvolume root targets for snapshot interconnect: Treat xlate() returning NULL node as an error iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Input: ipaq-micro-keys - add error handling for devm_kmemdup scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() wifi: cfg80211: Add my certificate wifi: cfg80211: fix certs build to not depend on file order USB: serial: ftdi_sio: update Actisense PIDs constant names USB: serial: option: add Quectel EG912Y module support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel RM500Q R13 firmware support Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Bluetooth: L2CAP: Send reject on command corrupted request Input: soc_button_array - add mapping for airplane mode button net: 9p: avoid freeing uninit memory in p9pdu_vreadf net: rfkill: gpio: set GPIO direction net: ks8851: Fix TX stall caused by TX buffer overrun dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp tracing / synthetic: Disable events after testing in synth_event_gen_test_init() bus: ti-sysc: Flush posted write only after srst_udelay lib/vsprintf: Fix %pfwf when current node refcount == 0 x86/alternatives: Sync core before enabling interrupts 9p/net: fix possible memory leak in p9_check_errors() ARM: dts: Fix occasional boot hang for am3 usb Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg Bluetooth: use inclusive language in SMP Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE usb: fotg210-hcd: delete an incorrect bounds test smb: client: fix OOB in SMB2_query_info_init() smb: client: fix OOB in smbCalcSize() Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg spi: atmel: Switch to transfer_one transfer method spi: atmel: Fix CS and initialization bug scsi: core: Add scsi_prot_ref_tag() helper scsi: core: Introduce scsi_get_sector() scsi: core: Make scsi_get_lba() return the LBA scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Use a structure member to track the SCSI command submitter scsi: core: Always send batch on reset or error handling command ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer netfilter: nf_tables: skip set commit for deleted/destroyed sets dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Revert "MIPS: Loongson64: Enable DMA noncoherent support" Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled spi: atmel: Fix PDC transfer setup bug Linux 5.10.206 Change-Id: Ifc248e166849f9102cb1d3e32c33080236de2332 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Xiao Yao
|
da448f145f |
Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE
[ Upstream commit 59b047bc98084f8af2c41483e4d68a5adf2fa7f7 ]
If two Bluetooth devices both support BR/EDR and BLE, and also
support Secure Connections, then they only need to pair once.
The LTK generated during the LE pairing process may be converted
into a BR/EDR link key for BR/EDR transport, and conversely, a
link key generated during the BR/EDR SSP pairing process can be
converted into an LTK for LE transport. Hence, the link type of
the link key and LTK is not fixed, they can be either an LE LINK
or an ACL LINK.
Currently, in the mgmt_new_irk/ltk/crsk/link_key functions, the
link type is fixed, which could lead to incorrect address types
being reported to the application layer. Therefore, it is necessary
to add link_type/addr_type to the smp_irk/ltk/crsk and link_key,
to ensure the generation of the correct address type.
SMP over BREDR:
Before Fix:
> ACL Data RX: Handle 11 flags 0x02 dlen 12
BR/EDR SMP: Identity Address Information (0x09) len 7
Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Identity Resolving Key (0x0018) plen 30
Random address: 00:00:00:00:00:00 (Non-Resolvable)
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Long Term Key (0x000a) plen 37
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated key from P-256 (0x03)
After Fix:
> ACL Data RX: Handle 11 flags 0x02 dlen 12
BR/EDR SMP: Identity Address Information (0x09) len 7
Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Identity Resolving Key (0x0018) plen 30
Random address: 00:00:00:00:00:00 (Non-Resolvable)
BR/EDR Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Long Term Key (0x000a) plen 37
BR/EDR Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated key from P-256 (0x03)
SMP over LE:
Before Fix:
@ MGMT Event: New Identity Resolving Key (0x0018) plen 30
Random address: 5F:5C:07:37:47:D5 (Resolvable)
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Long Term Key (0x000a) plen 37
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated key from P-256 (0x03)
@ MGMT Event: New Link Key (0x0009) plen 26
BR/EDR Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated Combination key from P-256 (0x08)
After Fix:
@ MGMT Event: New Identity Resolving Key (0x0018) plen 30
Random address: 5E:03:1C:00:38:21 (Resolvable)
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
@ MGMT Event: New Long Term Key (0x000a) plen 37
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated key from P-256 (0x03)
@ MGMT Event: New Link Key (0x0009) plen 26
Store hint: Yes (0x01)
LE Address: F8:7D:76:F2:12:F3 (OUI F8-7D-76)
Key type: Authenticated Combination key from P-256 (0x08)
Cc: stable@vger.kernel.org
Signed-off-by: Xiao Yao <xiaoyao@rock-chips.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|