In __alloc_and_insert_iova_range, there is an issue that retry_pfn
overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when
iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will
overflow. As a result, if the retry logic is executed, low_pfn is
updated to 0, and then new_pfn < low_pfn returns false to make the
allocation successful.
This issue occurs in the following two situations:
1. The first iova size exceeds the domain size. When initializing
iova domain, iovad->cached_node is assigned as iovad->anchor. For
example, the iova domain size is 10M, start_pfn is 0x1_F000_0000,
and the iova size allocated for the first time is 11M. The
following is the log information, new->pfn_lo is smaller than
iovad->cached_node.
Example log as follows:
[ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00
[ 223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
success start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff
2. The node with the largest iova->pfn_lo value in the iova domain
is deleted, iovad->cached_node will be updated to iovad->anchor,
and then the alloc iova size exceeds the maximum iova size that can
be allocated in the domain.
After judging that retry_pfn is less than limit_pfn, call retry_pfn+1
to fix the overflow issue.
Signed-off-by: jianjiao zeng <jianjiao.zeng@mediatek.com>
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Cc: <stable@vger.kernel.org> # 5.15.*
Fixes: 4e89dce72521 ("iommu/iova: Retry from last rb tree node if iova search fails")
Acked-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20230111063801.25107-1-yf.wang@mediatek.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Bug: 265596669
(cherry picked from commit dcdb3ba7e2a8caae7bfefd603bc22fd0ce9a389c)
Change-Id: I810ad7023267c7c276961eefbceb652439799c30
[Yunfei: Resolved minor conflict for variable low_pfn_new]
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
commit fd3d91ab1c6ab0628fe642dd570b56302c30a792 upstream.
The dvb-core tries to sync the releases of opened files at
dvb_dmxdev_release() with two refcounts: dvbdev->users and
dvr_dvbdev->users. A problem is present in those two syncs: when yet
another dvb_demux_open() is called during those sync waits,
dvb_demux_open() continues to process even if the device is being
closed. This includes the increment of the former refcount, resulting
in the leftover refcount after the sync of the latter refcount at
dvb_dmxdev_release(). It ends up with use-after-free, since the
function believes that all usages were gone and releases the
resources.
This patch addresses the problem by adding the check of dmxdev->exit
flag at dvb_demux_open(), just like dvb_dvr_open() already does. With
the exit flag check, the second call of dvb_demux_open() fails, hence
the further corruption can be avoided.
Also for avoiding the races of the dmxdev->exit flag reference, this
patch serializes the dmxdev->exit set up and the sync waits with the
dmxdev->mutex lock at dvb_dmxdev_release(). Without the mutex lock,
dvb_demux_open() (or dvb_dvr_open()) may run concurrently with
dvb_dmxdev_release(), which allows to skip the exit flag check and
continue the open process that is being closed.
CVE-2022-41218 is assigned to those bugs above.
Bug: 248356119
Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/20220908132754.30532-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I5a0dd4444ca25d07a050dcb07609c7c7ccf658af
For endxfer commands that do not require an endpoint complete interrupt,
avoid having to wait for the command active bit to clear. This allows for
EP0 events to continue to be handled, which allows for the controller to
complete it. Otherwise, it is known that the endxfer command will fail if
there is a pending SETUP token that needs to be read.
Suggested-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220901193625.8727-5-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit b353eb6dc285a0775a447f53e5b2a50bf3f9684f)
Bug: 263189538
Change-Id: If34b7ddc2e3ea10ec94afe43e6dba0878da6776f
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Since EP0 transactions need to be completed before the controller halt
sequence is finished, this may take some time depending on the host and the
enabled functions. Increase the controller halt timeout, so that we give
the controller sufficient time to handle EP0 transfers.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220901193625.8727-4-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 461ee467507cb98a348fa91ff8460908bb0ea423)
Bug: 263189538
Change-Id: Idb8998c4ae1d346a63043f40a3915a8a02601982
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Remove the need for making dwc3_gadget_suspend() and dwc3_gadget_resume()
to be called in a spinlock, as dwc3_gadget_run_stop() could potentially
take some time to complete.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220901193625.8727-3-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 5265397f94424eaea596026fd34dc7acf474dcec)
Bug: 263189538
Change-Id: Ia28cf2f5dd1929a83812d685eec9a9008f8bc81d
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
If DWC3_EP_DELAYED_STOP is set during stop active transfers, then do not
continue attempting to unmap request buffers during dwc3_remove_requests().
This can lead to SMMU faults, as the controller has not stopped the
processing of the TRB. Defer this sequence to the EP0 out start, which
ensures that there are no pending SETUP transactions before issuing the
endxfer.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220901193625.8727-2-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2b2da6574e77ebf83c0df6d8b838bc37764c4bfa)
Bug: 263189538
Change-Id: I01ba6d79b56211316bfa492ae4d5d41680067c9e
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
During soft disconnect, EP0 events are expected to be handled in order to
allow the controller to successfully move into the halted state. Since
__dwc3_gadget_stop() is executed before polling, EP0 has been disabled, and
events are being blocked. Allow xfercomplete events to be handled, so that
cached SETUP packets can be read out from the internal controller memory.
Without doing so, it will lead to endxfer timeouts, which results to
controller halt failures.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220817182359.13550-5-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit dff981842a0b1c05786c4c0cdea3ac80079ddd57)
Bug: 263189538
Change-Id: Id9cbfacd05a351fda689b6845d2469c5e7e7e51b
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Ensure that there are no pending events being handled in between soft
connect/disconnect transitions. As we are keeping interrupts enabled,
and EP0 events are still being serviced, this avoids any stale events from
being serviced.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220817182359.13550-4-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9711c67de7482c81e1daca3548fbc5c9603600e3)
Bug: 263189538
Change-Id: I8ec1e0ec2fe2d48f5db26e833fb9456936380e28
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
If any function drivers request for a delayed status phase, this leads to a
SETUP transfer timeout error, since the function may take longer to process
the DATA stage. This eventually results in end transfer timeouts, as there
is a pending SETUP transaction.
In addition, allow the DWC3_EP_DELAY_STOP to be set for if there is a
delayed status requested. Ocasionally, a host may abort the current SETUP
transaction, by issuing a subsequent SETUP token. In those situations, it
would result in an endxfer timeout as well.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220817182359.13550-3-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e1ee843488d58099a89979627ef85d5bd6c5cacd)
Bug: 263189538
Change-Id: Ifcc747ecfecec7d4329950af1edc035cd55dc96d
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
There are some operations that need to be ignored if there is a soft
disconnect in progress. This is to avoid having a pending EP0 transfer in
progress while attempting to stop active transfers and halting the
controller.
There were several instances seen where a soft disconnect was able to occur
during early link negotiation, i.e. bus reset/conndone, which leads to the
conndone handler re-configuring EPs while attempting to halt the
controller, as DEP flags are cleared as part of the soft disconnect path.
ep0out: cmd 'Start New Configuration'
ep0out: cmd 'Set Endpoint Transfer Resource'
ep0in: cmd 'Set Endpoint Transfer Resource'
ep1out: cmd 'Set Endpoint Transfer Resource'
...
event (00030601): Suspend [U3]
event (00000101): Reset [U0]
ep0out: req ffffff87e5c9e100 length 0/0 zsI ==> 0
event (00000201): Connection Done [U0]
ep0out: cmd 'Start New Configuration'
ep0out: cmd 'Set Endpoint Transfer Resource'
In addition, if a soft disconnect occurs, EP0 events are still allowed to
process, however, it will stall/restart during the SETUP phase. The
host is still able to query for the DATA phase, leading to a
xfernotready(DATA) event. Since none of the SETUP transfer parameters are
populated, the xfernotready is treated as a "wrong direction" error,
leading to a duplicate stall/restart routine.
Add the proper softconnect/connected checks in sequences that are
potentially involved during soft disconnect processing.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220817182359.13550-2-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 359d5a85a758906087801d7b3d3536a984211dec)
Bug: 263189538
Change-Id: Ia933ce7a70febbab8bb122d650691bd937d9ec37
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
commit 18bba1843fc7f264f58c9345d00827d082f9c558 upstream.
Add the missing #include of asm/assembler.h, which is where the ldr_l
macro is defined.
Bug: 260821414
Fixes: ff7a167961d1b97e ("arm64: efi: Execute runtime services from a dedicated stack")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I50d1e21277ef64dcb1d58d7f1c062dc913cfee74
commit ff7a167961d1b97e0e205f245f806e564d3505e7 upstream.
With the introduction of PRMT in the ACPI subsystem, the EFI rts
workqueue is no longer the only caller of efi_call_virt_pointer() in the
kernel. This means the EFI runtime services lock is no longer sufficient
to manage concurrent calls into firmware, but also that firmware calls
may occur that are not marshalled via the workqueue mechanism, but
originate directly from the caller context.
For added robustness, and to ensure that the runtime services have 8 KiB
of stack space available as per the EFI spec, introduce a spinlock
protected EFI runtime stack of 8 KiB, where the spinlock also ensures
serialization between the EFI rts workqueue (which itself serializes EFI
runtime calls) and other callers of efi_call_virt_pointer().
While at it, use the stack pivot to avoid reloading the shadow call
stack pointer from the ordinary stack, as doing so could produce a
gadget to defeat it.
Bug: 260821414
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie961576ae93cafc315cb37fb84cca0a6402eda59
The patch 0039189a3b ("sched/deadline: Merge
dl_task_can_attach() and dl_cpu_busy()") which is picked from
upstream modifies declaration of function dl_cpu_busy().
But it won't update function usage from android specific code
that introduced with patch 683010f555 ("ANDROID: cpu/hotplug:
add pause/resume_cpus interface").
Bug: 266874695
Fixes: 0039189a3b ("sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()"
Change-Id: I40c12f912b7fe854b1e2e13f75c727c3c9a2435c
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
[ Note: this is a fix that works around the bug equivalently as the
two upstream commits:
1fa4445f9adf ("ALSA: control - introduce snd_ctl_notify_one() helper")
56b88b50565c ("ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF")
but in a simpler way to fit with older stable trees -- tiwai ]
Add missing locking in ctl_elem_read_user/ctl_elem_write_user which can be
easily triggered and turned into an use-after-free.
Example code paths with SNDRV_CTL_IOCTL_ELEM_READ:
64-bits:
snd_ctl_ioctl
snd_ctl_elem_read_user
[takes controls_rwsem]
snd_ctl_elem_read [lock properly held, all good]
[drops controls_rwsem]
32-bits (compat):
snd_ctl_ioctl_compat
snd_ctl_elem_write_read_compat
ctl_elem_write_read
snd_ctl_elem_read [missing lock, not good]
CVE-2023-0266 was assigned for this issue.
Bug: 265303544
Signed-off-by: Clement Lecigne <clecigne@google.com>
Cc: stable@kernel.org # 5.12 and older
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit df02234e6b87d2a9a82acd3198e44bdeff8488c7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ibe891cdcb9eaf0dfc7bd771689c85c32b5c0d1f7
Building the bpmp-debugfs driver for Arm results in a warning for stack usage:
drivers/firmware/tegra/bpmp-debugfs.c:321:16: error: stack frame size of 1224 bytes in function 'bpmp_debug_store' [-Werror,-Wframe-larger-than=]
static ssize_t bpmp_debug_store(struct file *file, const char __user *buf,
It should be possible to rearrange the code to not require two separate
buffers for the file name, but the easiest workaround is to use dynamic
allocation.
Bug: 261962742
Fixes: 5e37b9c137 ("firmware: tegra: Add support for in-band debug")
Link: https://lore.kernel.org/all/20201204193714.3134651-1-arnd@kernel.org/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[treding@nvidia.com: consistently return NULL on failure]
Signed-off-by: Thierry Reding <treding@nvidia.com>
(cherry picked from commit 06c2d9a078abe784fd9fd0f1534e318e827712b4)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic147141781cc5fd4250a6d09e283c23ba45cbd9a
Fixes the following W=1 kernel build warning(s):
drivers/scsi/bfa/bfa_fcs_lport.c: In function ‘bfa_fcs_lport_fdmi_build_rhba_pyld’:
drivers/scsi/bfa/bfa_fcs_lport.c:2152:1: warning: the frame size of 1200 bytes is larger than 1024 bytes [-Wframe-larger-than=]
Bug: 261962742
Link: https://lore.kernel.org/r/20210312094738.2207817-15-lee.jones@linaro.org
Cc: Anil Gurumurthy <anil.gurumurthy@qlogic.com>
Cc: Sudarsana Kalluru <sudarsana.kalluru@qlogic.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit a7a11b6cfec2c3dc77b8206966f371dfafabea47)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I9d266d1fd3546d198e163b9186f9eae836f7572a
This reverts commit eb57c31115051c5404d1bb1f2daec20e051b0287.
This branch looks clean of WERROR warnings. Let's try to re-enable it.
Bug: 261962742
Fixes: eb57c31115051 ("ANDROID: allmodconfig: disable WERROR")
(cherry picked from commit d19f8758ae7732b14fd85e97c66dec2855d3be73)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0106dcd43d7e4b4e20ac768f3faac40285bc837b
The Tactive time determines the waiting time before burst at hibern8 exit
and is determined by hardware at linkup time. However, in the case of
Samsung devices, increase host's Tactive time +100us for stability. If the
HCI's Tactive time is equal or greater than the device, +100us should be
set.
Link: https://lore.kernel.org/r/20220106213924.186263-1-hy50.seo@samsung.com
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Acked-by: Avri Altman <Avri.Altman@wdc.com>
Signed-off-by: SEO HOYOUNG <hy50.seo@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 9008661e19606bdf6dddd33073b70872da400590 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Bug: 204438323
Change-Id: I6ffe1c279cab9b780558de763e94cf01cfd4be3e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Signed-off-by: Byunghoon Kim <bhoon95.kim@samsung.com>
rproc_alloc_firmware() (called by rproc_alloc()) can allocate
rproc->firmware using kstrdup_const() and therefore should be freed
using kfree_const(); however, rproc_set_firmware() frees it using the
simple kfree(). This causes a kernel oops if a constant string is passed
to rproc_alloc() and rproc_set_firmware() is subsequently called.
Fix the above issue by using kfree_const() to free rproc->firmware in
rproc_set_firmware().
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Link: https://lore.kernel.org/r/20210118165904.719999-1-daniele.alessandrelli@linux.intel.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
[juhyung: A kernel panic was observed with downstream Qualcomm's
qcom_spss and spss_utils modules on production phones.
drivers/remoteproc/qcom_spss.c's qcom_spss_set_fw_name() have upstream's
rproc_set_firmware() logic duplicated and hence needs its own fix (change
to call rproc_set_firmware() directly) to fully fix the kernel panic,
but remoteproc_core needs to be fixed too.]
Change-Id: I7d993e38d4babc30562dd47c366cba9fda388130
(cherry picked from commit 43d3f2c715cefcfb89b10675728e9bf0d8bb98e3)
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
__ffs_ep0_queue_wait executes holding the spinlock of &ffs->ev.waitq.lock
and unlocks it after the assignments to usb_request are done.
However in the code if the request is already NULL we bail out returning
-EINVAL but never unlocked the spinlock.
Fix this by adding spin_unlock_irq &ffs->ev.waitq.lock before returning.
Fixes: 6a19da111057 ("usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait")
Reviewed-by: John Keeping <john@metanate.com>
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Link: https://lore.kernel.org/r/20230124091149.18647-1-quic_ugoswami@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
BUG: 266631160
(cherry picked from commit 921deb9da15851425ccbb6ee409dc2fd8fbdfe6b usb-linus)
Change-Id: I7cd4445a6e1eee431fd1a1848b114181f4eea45c
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
[ Upstream commit 89ff3dfac604614287ad5aad9370c3f984ea3f4b ]
The embedded struct cdev does not have its lifetime correctly tied to
the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
is held open while the gadget is deleted.
This can readily be replicated with libusbgx's example programs (for
conciseness - operating directly via configfs is equivalent):
gadget-hid
exec 3<> /dev/hidg0
gadget-vid-pid-remove
exec 3<&-
Pull the existing device up in to struct f_hidg and make use of the
cdev_device_{add,del}() helpers. This changes the lifetime of the
device object to match struct f_hidg, but note that it is still added
and deleted at the same time.
Bug: 176850153
Fixes: 71adf11894 ("USB: gadget: add HID gadget driver")
Tested-by: Lee Jones <lee@kernel.org>
Reviewed-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Lee Jones <lee@kernel.org>
Signed-off-by: John Keeping <john@metanate.com>
Link: https://lore.kernel.org/r/20221122123523.3068034-2-john@metanate.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I5d37ca47c5f087d5b1b303b4e8a1614ea3f50159
Signed-off-by: Lee Jones <joneslee@google.com>
[ Upstream commit d7428bc26fc767942c38d74b80299bcd4f01e7cb ]
f_hid provides the OUT Endpoint as only way for receiving reports
from the host. SETUP/SET_REPORT method is not supported, and this causes
a number of compatibility problems with various host drivers, especially
in the case of keyboard emulation using f_hid.
- Some hosts do not support the OUT Endpoint and ignore it,
so it becomes impossible for the gadget to receive a report
from the host. In the case of a keyboard, the gadget loses
the ability to receive the status of the LEDs.
- Some BIOSes/UEFIs can't work with HID devices with the OUT Endpoint
at all. This may be due to their bugs or incomplete implementation
of the HID standard.
For example, absolutely all Apple UEFIs can't handle the OUT Endpoint
if it goes after IN Endpoint in the descriptor and require the reverse
order (OUT, IN) which is a violation of the standard.
Other hosts either do not initialize gadgets with a descriptor
containing the OUT Endpoint completely (like some HP and DELL BIOSes
and embedded firmwares like on KVM switches), or initialize them,
but will not poll the IN Endpoint.
This patch adds configfs option no_out_endpoint=1 to disable
the OUT Endpoint and allows f_hid to receive reports from the host
via SETUP/SET_REPORT.
Previously, there was such a feature in f_hid, but it was replaced
by the OUT Endpoint [1] in the commit 99c5150058 ("usb: gadget: hidg:
register OUT INT endpoint for SET_REPORT"). So this patch actually
returns the removed functionality while making it optional.
For backward compatibility reasons, the OUT Endpoint mode remains
the default behaviour.
- The OUT Endpoint mode provides the report queue and reduces
USB overhead (eliminating SETUP routine) on transmitting a report
from the host.
- If the SETUP/SET_REPORT mode is used, there is no report queue,
so the userspace will only read last report. For classic HID devices
like keyboards this is not a problem, since it's intended to transmit
the status of the LEDs and only the last report is important.
This mode provides better compatibility with strange and buggy
host drivers.
Both modes passed USBCV tests. Checking with the USB protocol analyzer
also confirmed that everything is working as it should and the new mode
ensures operability in all of the described cases.
Bug: 176850153
Link: https://www.spinics.net/lists/linux-usb/msg65494.html [1]
Reviewed-by: Maciej Żenczykowski <zenczykowski@gmail.com>
Acked-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Maxim Devaev <mdevaev@gmail.com>
Link: https://lore.kernel.org/r/20210821134004.363217-1-mdevaev@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 89ff3dfac604 ("usb: gadget: f_hid: fix f_hidg lifetime vs cdev")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0f5759015f17661fe4fe23a1216f1047978c79b1
Signed-off-by: Lee Jones <joneslee@google.com>
Run CtsNetTestCases in presubmit for changes in net/ and
include/net/.
Bug: 186664401
Change-Id: I3cf942bd0418ad55a6559d6933927b0da86da595
Signed-off-by: Steve Muckle <smuckle@google.com>
(cherry picked from commit 55415d7022a8835d8979e09a74da3df29c9091ec)
(Backport: resolve conflicts due to missing f4693c2716b35 and also
drop in_bpf_jit from fixup_exception the same way 5.15 backport
9c82ce593626 does it.)
Commit 91fc957c9b ("arm64/bpf: don't allocate BPF JIT programs in module
memory") restricts BPF JIT program allocation to a 128MB region to ensure
BPF programs are still in branching range of each other. However this
restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL
are implemented as a 64-bit move into a register and then a BLR instruction -
which has the effect of being able to call anything without proximity
limitation.
The practical reason to relax this restriction on JIT memory is that 128MB of
JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one
page is needed per program. In cases where seccomp filters are applied to
multiple VMs on VM launch - such filters are classic BPF but converted to
BPF - this can severely limit the number of VMs that can be launched. In a
world where we support BPF JIT always on, turning off the JIT isn't always an
option either.
Fixes: 91fc957c9b ("arm64/bpf: don't allocate BPF JIT programs in module memory")
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Russell King <russell.king@oracle.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Alan Maguire <alan.maguire@oracle.com>
Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com
(cherry picked from commit b89ddf4cca43f1269093942cf5c4e457fd45c335)
Bug: 252919296
Change-Id: Iec7d0b2bba001df94c2e21fcd5883ff002111cd5
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
This is the merge of the upstream LTS release of 5.10.160 into the
android12-5.10 branch.
It contains the following commits:
003c389455 Merge 5.10.160 into android12-5.10-lts
a2428a8dcb Linux 5.10.160
54c15f67cb ASoC: ops: Correct bounds check for second channel on SX controls
74b139c63f nvme-pci: clear the prp2 field when not used
77ebf88e00 ASoC: cs42l51: Correct PGA Volume minimum value
4db1d19b74 can: mcba_usb: Fix termination command argument
683837f2f6 can: sja1000: fix size of OCR_MODE_MASK define
434b523671 pinctrl: meditatek: Startup with the IRQs disabled
5cb4abb0ca libbpf: Use page size as max_entries when probing ring buffer map
50b5f6d4d9 ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
344739dc56 ASoC: fsl_micfil: explicitly clear CHnF flags
a49c1a7307 ASoC: fsl_micfil: explicitly clear software reset bit
75454b4bbf io_uring: add missing item types for splice request
17f386e6b7 fuse: always revalidate if exclusive create
eb6313c129 nfp: fix use-after-free in area_cache_get()
965d93fb39 vfs: fix copy_file_range() averts filesystem freeze protection
ed96733949 vfs: fix copy_file_range() regression in cross-fs copies
970862a96c x86/smpboot: Move rcu_cpu_starting() earlier
32e45c58a0 Merge "Merge 5.10.159 into android12-5.10-lts" into android12-5.10-lts
d31626cbea ANDROID: usb: gadget: uvc: remove duplicate code in unbind
01ef2d0b53 Merge 5.10.159 into android12-5.10-lts
931578be69 Linux 5.10.159
4fd6f84e0a can: esd_usb: Allow REC and TEC to return to zero
cf0e423106 macsec: add missing attribute validation for offload
6b03e41767 net: mvneta: Fix an out of bounds check
8208d7e56b ipv6: avoid use-after-free in ip6_fragment()
3d59adad12 net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
a00444e25b xen/netback: fix build warning
87277bdf2c ethernet: aeroflex: fix potential skb leak in greth_init_rings()
cc668fddde tipc: call tipc_lxc_xmit without holding node_read_lock
4be43e46c3 net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
8e3f9ac009 ipv4: Fix incorrect route flushing when table ID 0 is used
5211e5ff9d ipv4: Fix incorrect route flushing when source address is deleted
36e248269a tipc: Fix potential OOB in tipc_link_proto_rcv()
93aaa4bb72 net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
296a50aa8b net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
8d1aed7a11 net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
a5cfbc1995 ip_gre: do not report erspan version on GRE interface
696e34d54c net: stmmac: fix "snps,axi-config" node property parsing
ca26f45083 nvme initialize core quirks before calling nvme_init_subsystem
27eb2d7a1b NFC: nci: Bounds check struct nfc_target arrays
a2506b19d7 i40e: Disallow ip4 and ip6 l4_4_bytes
8329b65e34 i40e: Fix for VF MAC address 0
215f3ac53b i40e: Fix not setting default xps_cpus after reset
146ebee8fc net: mvneta: Prevent out of bounds read in mvneta_config_rss()
e6860c889f xen-netfront: Fix NULL sring after live migration
3d3b30718a net: encx24j600: Fix invalid logic in reading of MISTAT register
51ba1820e7 net: encx24j600: Add parentheses to fix precedence
42c319635c mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
4c693330ce selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
bccda3ad07 net: dsa: ksz: Check return value
e7b9504581 Bluetooth: Fix not cleanup led when bt_init fails
1717354d77 Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
80c69b31aa vmxnet3: correctly report encapsulated LRO packet
575a6266f6 af_unix: Get user_ns from in_skb in unix_diag_get_exact().
6c788c0a25 drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
de918d9738 igb: Allocate MSI-X vector when testing
6595c9208d e1000e: Fix TX dispatch condition
5ee6413d3d gpio: amd8111: Fix PCI device reference count leak
b9aca69a6c drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
b46e8c50c3 netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark
0a8e66e375 ca8210: Fix crash by zero initializing data
27c71825ff ieee802154: cc2520: Fix error return code in cc2520_hw_init()
a0418d0a6b netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one
cb283cca1d rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
5c432383b6 rtc: mc146818-lib: fix locking in mc146818_set_time
5e26531d81 rtc: cmos: Disable irq around direct invocation of cmos_interrupt()
fccee93eb2 mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
c42221efb1 can: af_can: fix NULL pointer dereference in can_rcv_filter
bc03f809da HID: core: fix shift-out-of-bounds in hid_report_raw_event
959a23a4d1 HID: hid-lg4ff: Add check for empty lbuf
4dde75945a HID: usbhid: Add ALWAYS_POLL quirk for some mice
11e95d85c3 drm/shmem-helper: Avoid vm_open error paths
6a4da05acd drm/shmem-helper: Remove errant put in error path
007f561f59 drm/vmwgfx: Don't use screen objects when SEV is active
3cb78c3925 KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
549b46f813 Bluetooth: Fix crash when replugging CSR fake controllers
380d183e99 Bluetooth: btusb: Add debug message for CSR controllers
f1cf856123 mm/gup: fix gup_pud_range() for dax
f1f7f36cf6 memcg: fix possible use-after-free in memcg_write_event_control()
32f01f0306 media: v4l2-dv-timings.c: fix too strict blanking sanity checks
043b2bc96c Revert "ARM: dts: imx7: Fix NAND controller size-cells"
abfb8ae69b media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
83632fc414 xen/netback: don't call kfree_skb() with interrupts disabled
3eecd2bc10 xen/netback: do some code cleanup
49e07c0768 xen/netback: Ensure protocol headers don't fall in the non-linear area
db44a9443e rtc: mc146818: Reduce spinlock section in mc146818_set_time()
17293d630f rtc: cmos: Replace spin_lock_irqsave with spin_lock in hard IRQ
acfd8ef683 rtc: cmos: avoid UIP when reading alarm time
949bae0282 rtc: cmos: avoid UIP when writing alarm time
33ac73a41a rtc: mc146818-lib: extract mc146818_avoid_UIP
8bb5fe5830 rtc: mc146818-lib: fix RTC presence check
775d4661f1 rtc: Check return value from mc146818_get_time()
b9a5c470e0 rtc: mc146818-lib: change return values of mc146818_get_time()
94eaf9966e rtc: cmos: remove stale REVISIT comments
f5b51f8550 rtc: mc146818: Dont test for bit 0-5 in Register D
3736972360 rtc: mc146818: Detect and handle broken RTCs
7c7075c88d rtc: mc146818: Prevent reading garbage
7f445ca2e0 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
4a1cdb49d0 mm/khugepaged: fix GUP-fast interaction by sending IPI
cdfd3739b2 mm/khugepaged: take the right locks for page table retraction
1c0eec6a1d net: usb: qmi_wwan: add u-blox 0x1342 composition
a8c5ffb4df 9p/xen: check logical size for buffer size
ec36ebae36 usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
d9b53caf01 fbcon: Use kzalloc() in fbcon_prepare_logo()
8b130c770d regulator: twl6030: fix get status of twl6032 regulators
f6f45e5383 ASoC: soc-pcm: Add NULL check in BE reparenting
688a45aff2 btrfs: send: avoid unaligned encoded writes when attempting to clone range
15c42ab8d4 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
d38e021416 regulator: slg51000: Wait after asserting CS pin
1331bcfcac 9p/fd: Use P9_HDRSZ for header size
96b43f36a5 ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ddf58f5939 ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
dbd78abd69 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
bb1866cf1e ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
b1f40a0cdf ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
5f9474d07b arm64: dts: rockchip: fix ir-receiver node names
060d58924a ARM: dts: rockchip: fix ir-receiver node names
3e0c466771 arm: dts: rockchip: fix node name for hym8563 rtc
3ada63a876 arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series
202ee06349 Revert "mmc: sdhci: Fix voltage switch delay"
0b0939466f ANDROID: gki_defconfig: add CONFIG_FUNCTION_ERROR_INJECTION
5ab4c6b843 Merge 5.10.158 into android12-5.10-lts
592346d5dc Linux 5.10.158
cc1b4718cc ipc/sem: Fix dangling sem_array access in semtimedop race
d072a10c81 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
9ba389863a proc: proc_skip_spaces() shouldn't think it is working on C strings
4aa32aaef6 proc: avoid integer type confusion in get_proc_long
5f2f775605 block: unhash blkdev part inode when the part is deleted
a82869ac52 Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
4e0d6c687c char: tpm: Protect tpm_pm_suspend with locks
5a6f935ef3 Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
f075cf139f ACPI: HMAT: Fix initiator registration for single-initiator systems
f3b76b4d38 ACPI: HMAT: remove unnecessary variable initialization
63e72417a1 i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
df76136598 i2c: npcm7xx: Fix error handling in npcm_i2c_init()
7462cd2443 x86/pm: Add enumeration check before spec MSRs save/restore setup
5e3d4a68e2 x86/tsx: Add a feature bit for TSX control MSR support
b7f7a0402e Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
481f9ed8eb ipv4: Fix route deletion when nexthop info is not specified
0b5394229e ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
4919503426 selftests: net: fix nexthop warning cleanup double ip typo
7ca14c5f24 selftests: net: add delete nexthop route warning test
f09ac62f0e Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
19d91d3798 parisc: Increase FRAME_WARN to 2048 bytes on parisc
fcf20da099 xtensa: increase size of gcc stack frame check
a1877001ed parisc: Increase size of gcc stack frame check
a5c65cd56a iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
10ed7655a1 iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
302edce1dd pinctrl: single: Fix potential division by zero
b50c964189 ASoC: ops: Fix bounds check for _sx controls
a2efc46524 io_uring: don't hold uring_lock when calling io_run_task_work*
be111ebd88 tracing: Free buffers when a used dynamic event is removed
648b92e576 drm/i915: Never return 0 if not all requests retired
8649c023c4 drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
940b774069 mmc: sdhci: Fix voltage switch delay
ed19662453 mmc: sdhci-sprd: Fix no reset data and command after voltage switch
ef767907e7 mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
46ee041cd6 mmc: core: Fix ambiguous TRIM and DISCARD arg
b79be962b5 mmc: mmc_test: Fix removal of debugfs file
d4fc344c0d net: stmmac: Set MAC's flow control register to reflect current settings
549e24409a pinctrl: intel: Save and restore pins in "direct IRQ" mode
471fb7b735 x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
e858917ab7 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
6ddf788400 tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
c099d12c55 error-injection: Add prompt for function error injection
26b6f927bb riscv: vdso: fix section overlapping under some conditions
2b1d8f27e2 net/mlx5: DR, Fix uninitialized var warning
c40db1e5f3 hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
f06e0cd01e hwmon: (coretemp) Check for null before removing sysfs attrs
d93522d04f net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
176ee6c673 sctp: fix memory leak in sctp_stream_outq_migrate()
1c38c88acc packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
5f442e1d40 net: tun: Fix use-after-free in tun_detach()
5fa0fc5876 afs: Fix fileserver probe RTT handling
7ca81a161e net: hsr: Fix potential use-after-free
a1ba595e35 tipc: re-fetch skb cb after tipc_msg_validate
4621bdfff5 dsa: lan9303: Correct stat name
45752af024 net: ethernet: nixge: fix NULL dereference
e01c154237 net/9p: Fix a potential socket leak in p9_socket_open
b080d4668f net: net_netdev: Fix error handling in ntb_netdev_init_module()
fe6bc99c27 net: phy: fix null-ptr-deref while probe() failed
0184ede0ec wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
e2ed90fd3a wifi: cfg80211: don't allow multi-BSSID in S1G
9e6b79a3cd wifi: cfg80211: fix buffer overflow in elem comparison
6922948c2e aquantia: Do not purge addresses when setting the number of rings
fa59d49a49 qlcnic: fix sleep-in-atomic-context bugs caused by msleep
d753f554f2 can: cc770: cc770_isa_probe(): add missing free_cc770dev()
e74746bf04 can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
0d2f9d95d9 net/mlx5e: Fix use-after-free when reverting termination table
2cb84ff349 net/mlx5: Fix uninitialized variable bug in outlen_write()
b775f37d94 e100: Fix possible use after free in e100_xmit_prepare
086f656e44 e100: switch from 'pci_' to 'dma_' API
971c55f076 iavf: Fix error handling in iavf_init_module()
d389a4c698 iavf: remove redundant ret variable
fd4960ea53 fm10k: Fix error handling in fm10k_init_module()
dd425cec79 i40e: Fix error handling in i40e_init_module()
f166c62cad ixgbevf: Fix resource leak in ixgbevf_init_module()
8f7047f418 of: property: decrement node refcount in of_fwnode_get_reference_args()
be006212bd bpf: Do not copy spin lock field from user in bpf_selem_alloc
90907cd4d1 hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
7649bba263 hwmon: (i5500_temp) fix missing pci_disable_device()
dddfc03f04 hwmon: (ina3221) Fix shunt sum critical calculation
984fcd3ec1 hwmon: (ltc2947) fix temperature scaling
8a549ab672 libbpf: Handle size overflow for ringbuf mmap
cc140c729c ARM: at91: rm9200: fix usb device clock id
592724b14d scripts/faddr2line: Fix regression in name resolution on ppc64le
353c3aaaf3 bpf, perf: Use subprog name when reporting subprog ksymbol
d48f6a5784 iio: light: rpr0521: add missing Kconfig dependencies
5eb114f55b iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
b1756af172 iio: health: afe4403: Fix oob read in afe4403_read_raw
01d7c41eac btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
d3f5be8246 drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
00570fafc2 drm/amdgpu: update drm_display_info correctly when the edid is read
44b204730b drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
1faf21bdd1 btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker
6050872f9f spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
7b020665d4 btrfs: free btrfs_path before copying inodes to userspace
d5b7a34379 btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino
f3226d86f8 Revert "xfrm: fix "disable_policy" on ipv4 early demux"
982d7f3eb8 Merge 5.10.157 into android12-5.10-lts
37d3df60cb ANDROID: CRC ABI fixups in ip.h and ipv6.h
f4245f0538 Linux 5.10.157
4801672fb0 fuse: lock inode unconditionally in fuse_fallocate()
86f0082fb9 drm/i915: fix TLB invalidation for Gen12 video and compute engines
feb97cf45e drm/amdgpu: always register an MMU notifier for userptr
596b7d55d7 drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
c86c1a7037 btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
1581830c0e btrfs: free btrfs_path before copying subvol info to userspace
0bdb8f7ef8 btrfs: free btrfs_path before copying fspath to userspace
24a37ba2cb btrfs: free btrfs_path before copying root refs to userspace
b56d6e5585 genirq: Take the proposed affinity at face value if force==true
9d90a2b98e irqchip/gic-v3: Always trust the managed affinity provided by the core code
e0d2c59ee9 genirq: Always limit the affinity to online CPUs
f8f80d532f genirq/msi: Shutdown managed interrupts with unsatifiable affinities
3eb6b89a4e wifi: wilc1000: validate number of channels
5a068535c0 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
905f886eae wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
7c6535fb4d wifi: wilc1000: validate pairwise and authentication suite offsets
64b7f9a7dd dm integrity: clear the journal on suspend
d306f73079 dm integrity: flush the journal on suspend
79d9a11679 gpu: host1x: Avoid trying to use GART on Tegra20
a7f30b5b8d net: usb: qmi_wwan: add Telit 0x103a composition
7e8eaa939e tcp: configurable source port perturb table size
0acc008cf9 platform/x86: hp-wmi: Ignore Smart Experience App event
0964b77bab zonefs: fix zone report size in __zonefs_io_error()
a5937dae66 platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
52fb7bcea0 platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
4fa717ba2d xen/platform-pci: add missing free_irq() in error path
f45a5a6c9f xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
9bbb587472 Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
4ea4316dff Input: soc_button_array - add use_low_level_irq module parameter
c1620e996d Input: goodix - try resetting the controller when no config is set
f4db050958 serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
7c3e39ccf5 ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
36e0b97619 Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
ae9e0cc973 binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
017de84253 binder: Address corner cases in deferred copy and fixup
2e3c27f241 binder: fix pointer cast warning
c9d3f25a7f binder: defer copies of pre-patched txn data
5204296fc7 binder: read pre-translated fds from sender buffer
23e9d815fa binder: avoid potential data leakage when copying txn
22870431cd x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
3fdeacf087 KVM: x86: remove exit_int_info warning in svm_handle_exit
7e5cb13091 KVM: x86: nSVM: leave nested mode on vCPU free
d925dd3e44 mm: vmscan: fix extreme overreclaim and swap floods
a4a62a23fa gcov: clang: fix the buffer overflow issue
e7f21d10e9 nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
f06b7e6a77 usb: dwc3: gadget: Clear ep descriptor last
cff7523ab8 usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
a32635528d usb: dwc3: gadget: conditionally remove requests
ca3a08e9d9 ceph: fix NULL pointer dereference for req->r_session
00c004c070 ceph: Use kcalloc for allocating multiple elements
69263bf781 ceph: fix possible NULL pointer dereference for req->r_session
8e137ace53 ceph: put the requests/sessions when it fails to alloc memory
38993788f4 ceph: fix off by one bugs in unsafe_request_wait()
8a31ae7f77 ceph: flush the mdlog before waiting on unsafe reqs
78b2f546f7 ceph: flush mdlog before umounting
d94ba7b3b7 ceph: make iterate_sessions a global symbol
9ac038d3c2 ceph: make ceph_create_session_msg a global symbol
8382cdf0ab usb: cdns3: Add support for DRD CDNSP
57112da86b mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
b5d770977b mmc: sdhci-brcmstb: Enable Clock Gating to save power
049194538c mmc: sdhci-brcmstb: Re-organize flags
fbe955be26 nios2: add FORCE for vmlinuz.gz
c0a9c9973d init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
456e895fd0 iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
fa9efcbfbf iio: light: apds9960: fix wrong register for gesture gain
bd1b8041c2 arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
86ba9c8595 ext4: fix use-after-free in ext4_ext_shift_extents
350e98a08a usb: dwc3: exynos: Fix remove() function
d21d26e65b lib/vdso: use "grep -E" instead of "egrep"
c0cf8bc259 net: enetc: preserve TX ring priority across reconfiguration
de4dd4f9b3 net: enetc: cache accesses to &priv->si->hw
1f080b8caa net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
1d840c5d67 s390/crashdump: fix TOD programmable field size
11052f1188 net: thunderx: Fix the ACPI memory leak
b034fe2a08 nfc: st-nci: fix memory leaks in EVT_TRANSACTION
e14583073f nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
9cc863d523 arcnet: fix potential memory leak in com20020_probe()
4d2be0cf27 net: arcnet: Fix RESET flag handling
e61b00374a s390/dasd: fix no record found for raw_track_access
aeebb07499 ipv4: Fix error return code in fib_table_insert()
c0af4d005a dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
b8e494240e netfilter: flowtable_offload: add missing locking
af9de5cdcb dma-buf: fix racing conflict of dma_heap_add()
c40b76dfa7 bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
f81e9c0510 regulator: twl6030: re-add TWL6032_SUBCLASS
32b944b9c4 NFC: nci: fix memory leak in nci_rx_data_packet()
68a7aec3f4 net: sched: allow act_ct to be built without NF_NAT
8e2664e12b sfc: fix potential memleak in __ef100_hard_start_xmit()
6b638a16ea xfrm: Fix ignored return value in xfrm6_init()
c7788361a6 tipc: check skb_linearize() return value in tipc_disc_rcv()
4058e3b74a tipc: add an extra conn_get in tipc_conn_alloc
e87a077d09 tipc: set con sock in tipc_conn_alloc
891daa95b0 net/mlx5: Fix handling of entry refcount when command is not issued to FW
e06ff9f8fe net/mlx5: Fix FW tracer timestamp calculation
5689eba90a netfilter: ipset: regression in ip_set_hash_ip.c
e62e62ea91 netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
8dca384970 Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
909186cf34 Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
f42802e14a macsec: Fix invalid error code set
72be055615 nfp: add port from netdev validation for EEPROM access
ce41e03cac nfp: fill splittable of devlink_port_attrs correctly
0b553ded34 net: pch_gbe: fix pci device refcount leak while module exiting
2c59ef9ab6 net/qla3xxx: fix potential memleak in ql3xxx_send()
a24d5f6c8b net/mlx4: Check retval of mlx4_bitmap_init
da86a63479 net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
756534f7cf ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
290a71ff72 ARM: mxs: fix memory leak in mxs_machine_init()
5c97af75f5 netfilter: conntrack: Fix data-races around ct mark
459332f8db 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
26bb8f6aaa net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
398a860a44 nfc/nci: fix race with opening and closing
3535c632e6 rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
23c03ee0ee rxrpc: Use refcount_t rather than atomic_t
bddde342c6 rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
a2d5dba2fc net: liquidio: simplify if expression
8124a02e17 ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
b547bf71fa tee: optee: fix possible memory leak in optee_register_device()
b76c5a99f4 bus: sunxi-rsb: Support atomic transfers
0c059b7d2a regulator: core: fix UAF in destroy_regulator()
fcb2d28636 spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
0b6441abfa regulator: core: fix kobject release warning and memory leak in regulator_register()
26d3d3ffa8 scsi: storvsc: Fix handling of srb_status and capacity change events
c34db0d6b8 ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
4f6c7344ab ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
164a5b50d1 ASoC: hdac_hda: fix hda pcm buffer overflow issue
7cfb4b8579 ARM: dts: am335x-pcm-953: Define fixed regulators in root node
b7000254c1 af_key: Fix send_acquire race with pfkey_register
51969d679b xfrm: replay: Fix ESN wrap around for GSO
497653f6d2 xfrm: fix "disable_policy" on ipv4 early demux
836bbdfcf8 MIPS: pic32: treat port as signed integer
c0bb600f07 RISC-V: vdso: Do not add missing symbols to version section in linker script
81cc6d8400 arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
fa5f2c72d3 block, bfq: fix null pointer dereference in bfq_bio_bfqg()
d29bde8689 drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
f7ce6fb04e scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
2574903ee2 scsi: ibmvfc: Avoid path failures during live migration
7fc62181c1 platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
f54a11b6bf Revert "net: macsec: report real_dev features when HW offloading is enabled"
f4b8c0710a selftests/bpf: Add verifier test for release_reference()
361a165098 spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
2c1ca23555 wifi: mac80211: Fix ack frame idr leak when mesh has no route
8d39913158 wifi: airo: do not assign -1 to unsigned char
8552e6048e audit: fix undefined behavior in bit shift for AUDIT_BIT
1c9eb641d1 riscv: dts: sifive unleashed: Add PWM controlled LEDs
92ae6facd1 wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
2fcc593b50 wifi: mac80211: fix memory free error when registering wiphy fail
044bc6d3c2 ceph: avoid putting the realm twice when decoding snaps fails
d43219bb33 ceph: do not update snapshot context when there is no new snapshot
49c71b6814 iio: pressure: ms5611: fixed value compensation bug
879139bc7a iio: ms5611: Simplify IO callback parameters
80c825e1e3 nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
f4066fb910 nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
4f0cea018e drm/display: Don't assume dual mode adaptors support i2c sub-addressing
347f1793b5 bridge: switchdev: Fix memory leaks when changing VLAN protocol
89a7f155e6 bridge: switchdev: Notify about VLAN protocol changes
f5cbd86ebf ata: libata-core: do not issue non-internal commands once EH is pending
4034d06a4d ata: libata-scsi: simplify __ata_scsi_queuecmd()
03aabcb88a scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
d9b90a99f3 Merge 5.10.156 into android12-5.10-lts
25af5a11f1 Merge 5.10.155 into android12-5.10-lts
e5d2cd6ad8 ANDROID: abi preservation for fscrypt change in 5.10.154
5bc3ece380 Revert "serial: 8250: Let drivers request full 16550A feature probing"
f466ca1247 Merge 5.10.154 into android12-5.10-lts
6d46ef50b1 Linux 5.10.156
7be134eb69 Revert "net: broadcom: Fix BCMGENET Kconfig"
957732a09c ntfs: check overflow when iterating ATTR_RECORDs
6322dda483 ntfs: fix out-of-bounds read in ntfs_attr_find()
b825bfbbaa ntfs: fix use-after-free in ntfs_attr_find()
294ef12dcc mm: fs: initialize fsdata passed to write_begin/write_end interface
a8e2fc8f7b 9p/trans_fd: always use O_NONBLOCK read/write
a5da76df46 gfs2: Switch from strlcpy to strscpy
5fa30be7ba gfs2: Check sb_bsize_shift after reading superblock
f14858bc77 9p: trans_fd/p9_conn_cancel: drop client lock earlier
4154b6afa2 kcm: close race conditions on sk_receive_queue
7deb7a9d33 kcm: avoid potential race in kcm_tx_work
35309be06b tcp: cdg: allow tcp_cdg_release() to be called multiple times
e929ec98c0 macvlan: enforce a consistent minimal mtu
95ebea5a15 uapi/linux/stddef.h: Add include guards
3f25add5ec Input: i8042 - fix leaking of platform device on module removal
7d606ae1ab kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
89ece5ff7d scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
75205f1b47 scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
6e9334436d net: use struct_group to copy ip/ipv6 header addresses
9fd7bdaffe stddef: Introduce struct_group() helper macro
47c3bdd955 usbnet: smsc95xx: Fix deadlock on runtime resume
8208c266fe ring-buffer: Include dropped pages in counting dirty patches
36b5095b07 net: fix a concurrency bug in l2tp_tunnel_register()
023435a095 nvme: ensure subsystem reset is single threaded
b9a5ecf241 nvme: restrict management ioctls to admin
5e2f14d772 perf/x86/intel/pt: Fix sampling using single range output
62634b43d3 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
c1eb46a65b docs: update mediator contact information in CoC doc
4423866d31 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
440653a180 mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
8e70b14131 mmc: core: properly select voltage range without power cycle
05b0f6624d firmware: coreboot: Register bus in module init
deda86a0d8 iommu/vt-d: Set SRE bit only when hardware has SRS cap
d2c7d8f58e scsi: zfcp: Fix double free of FSF request when qdio send fails
db744288af maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
24cc679abb Input: iforce - invert valid length check when fetching device IDs
5f4611fe01 serial: 8250_lpss: Configure DMA also w/o DMA filter
8679087e93 serial: 8250: Flush DMA Rx on RLSI
a5eaad87bf serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
f59f5a269c dm ioctl: fix misbehavior if list_versions races with module loading
67a75a9480 iio: pressure: ms5611: changed hardcoded SPI speed to value limited
d95b85c508 iio: adc: mp2629: fix potential array out of bound access
46b8bc62c5 iio: adc: mp2629: fix wrong comparison of channel
8dddf2699d iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
85d2a8b287 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
85cc1a2fd8 usb: typec: mux: Enter safe mode only when pins need to be reconfigured
efaab05520 usb: chipidea: fix deadlock in ci_otg_del_timer
143ba5c2d2 usb: add NO_LPM quirk for Realforce 87U Keyboard
249cef723f USB: serial: option: add Fibocom FM160 0x0111 composition
5c44c60358 USB: serial: option: add u-blox LARA-L6 modem
0e88a3cfa6 USB: serial: option: add u-blox LARA-R6 00B modem
de707957d9 USB: serial: option: remove old LARA-R6 PID
878227a3dd USB: serial: option: add Sierra Wireless EM9191
25c652811d USB: bcma: Make GPIO explicitly optional
eb3af3ea5b speakup: fix a segfault caused by switching consoles
8cbaf4ed53 slimbus: stream: correct presence rate frequencies
15155f7c0e Revert "usb: dwc3: disable USB core PHY management"
100d1e53bb ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
c7dcc89482 ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
a80369c8ca ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
28a54854a9 tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
bb70fcae41 tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
315b149f08 tracing: Fix wild-memory-access in register_synth_event()
65ba7e7c24 tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
5d4cc7bc1a tracing/ring-buffer: Have polling block on watermark
5fdebbeca5 ring_buffer: Do not deactivate non-existant pages
6a14828cad ftrace: Fix null pointer dereference in ftrace_add_mod()
6ed60c60ec ftrace: Optimize the allocation for mcount entries
9569eed79b ftrace: Fix the possible incorrect kernel message
5fc19c8313 cifs: add check for returning value of SMB2_set_info_init
0aeb0de528 net: thunderbolt: Fix error handling in tbnet_init()
e13ef43813 cifs: Fix wrong return value checking when GETFLAGS
9f00da9c86 net/x25: Fix skb leak in x25_lapb_receive_frame()
94822d2331 net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open()
3aeb13bc3d cifs: add check for returning value of SMB2_close_init
c24013273e platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
9ed51414ae drbd: use after free in drbd_create_device()
6b23a4b252 net: ena: Fix error handling in ena_init()
2d5a495501 net: ionic: Fix error handling in ionic_init_module()
bb9924a6ed xen/pcpu: fix possible memory leak in register_pcpu()
d6a561bd4c bnxt_en: Remove debugfs when pci_register_driver failed
389738f5db net: caif: fix double disconnect client in chnl_net_open()
fb5ee1560b net: macvlan: Use built-in RCU list checking
709aa1f73d mISDN: fix misuse of put_device() in mISDN_register_device()
417f2d2edf net: liquidio: release resources when liquidio driver open failed
4cba73f2d6 net: hinic: Fix error handling in hinic_module_init()
083a2c9ef8 mISDN: fix possible memory leak in mISDN_dsp_element_register()
6b23993d5b net: bgmac: Drop free_netdev() from bgmac_enet_remove()
1f6a73b25d bpf: Initialize same number of free nodes for each pcpu_freelist
ef2ac07ab8 ata: libata-transport: fix error handling in ata_tdev_add()
7377a14598 ata: libata-transport: fix error handling in ata_tlink_add()
b5362dc163 ata: libata-transport: fix error handling in ata_tport_add()
ac471468f7 ata: libata-transport: fix double ata_host_put() in ata_tport_add()
ac4f404c25 arm64: dts: imx8mn: Fix NAND controller size-cells
30ece7dbee arm64: dts: imx8mm: Fix NAND controller size-cells
f68a9efd78 ARM: dts: imx7: Fix NAND controller size-cells
1d160dfb3f drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
c47a823ea1 drm/drv: Fix potential memory leak in drm_dev_init()
c776a49d09 drm/panel: simple: set bpc field for logic technologies displays
777430aa4d pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
bce3e6fe8b parport_pc: Avoid FIFO port location truncation
a4b5423f88 siox: fix possible memory leak in siox_device_add()
0679f571d3 arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
58636b5ff3 block: sed-opal: kmalloc the cmd/resp buffers
e27458b18b sctp: clear out_curr if all frag chunks of current msg are pruned
0b4c259b63 sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
7360e7c29d ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
e60f37a1d3 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
b8fe1a5aa7 tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
0a3160f4ff serial: imx: Add missing .thaw_noirq hook
7e1f908e65 serial: 8250: omap: Flush PM QOS work on remove
d833cba201 serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
b0b6ea651e serial: 8250_omap: remove wait loop from Errata i202 workaround
f14c312c21 serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
85cdbf04b4 serial: 8250: Remove serial_rs485 sanitization from em485
f5dedad405 ASoC: tas2764: Fix set_tdm_slot in case of single slot
9e82d78fbe ASoC: tas2770: Fix set_tdm_slot in case of single slot
8d21554ec7 ASoC: core: Fix use-after-free in snd_soc_exit()
38ca9bd336 spi: stm32: Print summary 'callbacks suppressed' message
a180da5564 drm/amdgpu: disable BACO on special BEIGE_GOBY card
f3adf0adf3 drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
b0faeff69a drm/amd/pm: Read BIF STRAP also for BACO check
6958556285 drm/amd/pm: support power source switch on Sienna Cichlid
7daab001a6 mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
65ac4d1807 spi: intel: Use correct mask for flash and protected regions
23793518a7 mtd: spi-nor: intel-spi: Disable write protection only if asked
a326fffdc7 ALSA: hda/realtek: fix speakers and micmute on HP 855 G8
24839d027c ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
bd48793240 Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
ce75e90859 btrfs: remove pointless and double ulist frees in error paths of qgroup tests
16743c4bf3 drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
df2747f295 i2c: i801: add lis3lv02d's I2C address for Vostro 5568
959cb0fd69 i2c: tegra: Allocate DMA memory for DMA engine
6cb657722e NFSv4: Retry LOCK on OLD_STATEID during delegation return
f0187227e2 drm/amd/display: Remove wrong pipe control lock
bb3edbd092 ASoC: rt1308-sdw: add the default value of some registers
b1619f0307 selftests/intel_pstate: fix build for ARCH=x86_64
fdf6807606 selftests/futex: fix build for clang
c1f0defecb ASoC: codecs: jz4725b: fix capture selector naming
aeb7e8bc0d ASoC: codecs: jz4725b: use right control for Capture Volume
c87945c173 ASoC: codecs: jz4725b: fix reported volume for Master ctl
9aae00961a ASoC: codecs: jz4725b: add missed Line In power control bit
0b4d650f90 spi: intel: Fix the offset to get the 64K erase opcode
6910e7279f ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
c7432616f6 ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe
a47606064c ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
f8f254c8b5 ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
c73aa2cc41 ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
673a7341bd Merge 5.10.153 into android12-5.10-lts
27b36ba7c2 Merge 5.10.152 into android12-5.10-lts
bf759deb0f Merge 5.10.151 into android12-5.10-lts
6b31c548a1 ANDROID: fix up struct sk_buf ABI breakage
bd66e91ad2 ANDROID: fix up CRC issue with struct tcp_sock
3905cfd1d6 Revert "serial: 8250: Toggle IER bits on only after irq has been set up"
41217963b1 Linux 5.10.155
0f544353fe io_uring: kill goto error handling in io_sqpoll_wait_sq()
154d744fbe x86/cpu: Restore AMD's DE_CFG MSR after resume
e7294b01de mmc: sdhci-esdhc-imx: Convert the driver to DT-only
534762e261 net: tun: call napi_schedule_prep() to ensure we own a napi
367bc0fa98 dmaengine: at_hdmac: Check return code of dma_async_device_register
85f97c97ef dmaengine: at_hdmac: Fix impossible condition
f53a233eaa dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
f451285522 dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
6be4ab08c8 dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
a35dd5dd98 dmaengine: at_hdmac: Fix concurrency over the active list
0f603bf553 dmaengine: at_hdmac: Free the memset buf without holding the chan lock
7f07cecc74 dmaengine: at_hdmac: Fix concurrency over descriptor
1582cc3b48 dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
9b69060a72 dmaengine: at_hdmac: Protect atchan->status with the channel lock
ee35682261 dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
7078e935b4 dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
ad4cbe8e9c dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
24f9e93e50 dmaengine: at_hdmac: Don't start transactions at tx_submit level
4b51cce72a dmaengine: at_hdmac: Fix at_lli struct definition
d37dfb9357 cert host tools: Stop complaining about deprecated OpenSSL functions
f8e0edeaa0 can: j1939: j1939_send_one(): fix missing CAN header initialization
0b692d41ee mm/memremap.c: map FS_DAX device memory as decrypted
03f9582a6a udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
4ea3aa3b98 mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
9c0accfa5a btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
8fa0c22ef8 platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
b5ee579fcb drm/i915/dmabuf: fix sg_table handling in map_dma_buf
4feedde548 nilfs2: fix use-after-free bug of ns_writer on remount
1d4ff73062 nilfs2: fix deadlock in nilfs_count_free_blocks()
344ddbd688 ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
516f9f2300 vmlinux.lds.h: Fix placement of '.data..decrypted' section
f6896fb69d ALSA: usb-audio: Add DSD support for Accuphase DAC-60
2032c2d32b ALSA: usb-audio: Add quirk entry for M-Audio Micro
a414a6d6ef ALSA: hda/realtek: Add Positivo C6300 model quirk
3a79f9568d ALSA: hda: fix potential memleak in 'add_widget_node'
380d64168d ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
181cfff57b ALSA: hda/hdmi - enable runtime pm for more AMD display audio
ea6787e482 mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
0a8d4531a0 mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
3f558930ad mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
b55e64d0a3 mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
4631cb0406 MIPS: jump_label: Fix compat branch range check
475fd3991a arm64: efi: Fix handling of misaligned runtime regions and drop warning
94ab8f88fe riscv: fix reserved memory setup
0cf9cb0614 riscv: Separate memory init from paging init
d7716240bc riscv: Enable CMA support
ecf78af514 riscv: vdso: fix build with llvm
e56d18a976 riscv: process: fix kernel info leakage
956e0216a1 net: macvlan: fix memory leaks of macvlan_common_newlink
59ec132386 ethernet: tundra: free irq when alloc ring failed in tsi108_open()
dd7beaec8b net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
56d3b5531b ethernet: s2io: disable napi when start nic failed in s2io_card_up()
05b2228434 net: atlantic: macsec: clear encryption keys from the stack
1a4e495edf net: phy: mscc: macsec: clear encryption keys when freeing a flow
4ad684ba02 cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
38aa7ed8c2 net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
fd52dd2d6e net: cpsw: disable napi in cpsw_ndo_open()
3b27e20601 net/mlx5e: E-Switch, Fix comparing termination table instance
eb6fa0ac2a net/mlx5: Allow async trigger completion execution on single CPU systems
bdd282bba7 net: nixge: disable napi when enable interrupts failed in nixge_open()
5333cf1b7f net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
cf4853880e perf stat: Fix printing os->prefix in CSV metrics output
3a4a3c3b1f drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
0b7ee3d50f dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
6e2ffae69d dmaengine: pxa_dma: use platform_get_irq_optional
f31dd15858 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
fbb4e8e6dc net: broadcom: Fix BCMGENET Kconfig
cb6d639bb1 net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
d68fa77ee3 can: af_can: fix NULL pointer dereference in can_rx_register()
a033b86c7f ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
02f8dfee75 tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
f3aa8a7d95 drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
bcb3bb1069 hamradio: fix issue of dev reference count leakage in bpq_device_event()
bc4591a86b net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
2bf8b1c111 KVM: s390: pv: don't allow userspace to set the clock under PV
a60cc64db7 KVM: s390x: fix SCK locking
fcbd2b3368 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
8aae24b0ed net: fman: Unregister ethernet device on removal
e2c5ee3b62 bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
38147073c9 bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
3401f96402 net: tun: Fix memory leaks of napi_get_frags
adaa0f180d macsec: clear encryption keys from the stack after setting up offload
9dc7503bae macsec: fix detection of RXSCs when toggling offloading
7f4456f011 macsec: fix secy->n_rx_sc accounting
3b05d9073a macsec: delete new rxsc when offload fails
50868de7dc net: gso: fix panic on frag_list with mixed head alloc types
cedd4f01f6 bpf: Fix wrong reg type conversion in release_reference()
9069db2579 bpf: Add helper macro bpf_for_each_reg_in_vstate
95b6ec7337 bpf: Support for pointers beyond pkt_end.
8597b59e3d HID: hyperv: fix possible memory leak in mousevsc_probe()
8c80b2fca4 bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
cc21dc48a7 bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
e1e1218032 wifi: cfg80211: fix memory leak in query_regdb_file()
914cb94e73 wifi: cfg80211: silence a sparse RCU warning
72ea2fc299 phy: stm32: fix an error code in probe
925bf1ba76 hwspinlock: qcom: correct MMIO max register for newer SoCs
76eba54f0d fuse: fix readdir cache race
7bcea6c5c9 ANDROID: gki_defconfig: remove CONFIG_INIT_STACK_ALL_ZERO=y
d2bc3376cd Revert "serial: 8250: Fix restoring termios speed after suspend"
0b500f5b16 Merge 5.10.150 into android12-5.10-lts
f5b40c0eb9 Linux 5.10.154
bf506e366d ipc: remove memcg accounting for sops objects in do_semtimedop()
c6678c8f4f wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
a6c57adec5 drm/i915/sdvo: Setup DDC fully before output init
b86830cc95 drm/i915/sdvo: Filter out invalid outputs more sensibly
9f3b867808 drm/rockchip: dsi: Force synchronous probe
23f1fc7ce5 ext4,f2fs: fix readahead of verity data
e5cef906cb KVM: x86: emulator: update the emulation mode after CR0 write
ce9261accc KVM: x86: emulator: introduce emulator_recalc_and_set_mode
c8a2fd7a71 KVM: x86: emulator: em_sysexit should update ctxt->mode
e0c7410378 KVM: x86: Mask off reserved bits in CPUID.80000001H
9302ebc1c2 KVM: x86: Mask off reserved bits in CPUID.80000008H
cc40c5f3e9 KVM: x86: Mask off reserved bits in CPUID.8000001AH
bd64a88f36 KVM: x86: Mask off reserved bits in CPUID.80000006H
156451a67b ext4: fix BUG_ON() when directory entry has invalid rec_len
5370b965b7 ext4: fix warning in 'ext4_da_release_space'
c9598cf629 parisc: Avoid printing the hardware path twice
98f836e80d parisc: Export iosapic_serial_irq() symbol for serial port driver
814af9a32b parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
29d106d086 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
98f6e7c337 perf/x86/intel: Fix pebs event constraints for ICL
3be2d66822 efi: random: Use 'ACPI reclaim' memory for random seed
83294f7c77 efi: random: reduce seed size to 32 bytes
f8e8cda869 fuse: add file_modified() to fallocate
cdf01c807e capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
ff32d8a099 tracing/histogram: Update document for KEYS_MAX size
533bfacbac tools/nolibc/string: Fix memcmp() implementation
f100a02748 kprobe: reverse kp->flags when arm_kprobe failed
bef08acbe5 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
2bf33b5ea4 tcp/udp: Make early_demux back namespacified.
ea5f2fd464 ftrace: Fix use-after-free for dynamic ftrace_ops
06de93a47c btrfs: fix type of parameter generation in btrfs_get_dentry
e33ce54cef coresight: cti: Fix hang in cti_disable_hw()
015ac18be7 binder: fix UAF of alloc->vma in race with munmap()
836686e1a0 memcg: enable accounting of ipc resources
e4e4b24b42 mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
818c36b988 tcp/udp: Fix memory leak in ipv6_renew_options().
29997a6fa6 fscrypt: fix keyring memory leak on mount failure
391cceee6d fscrypt: stop using keyrings subsystem for fscrypt_master_key
092401142b fscrypt: simplify master key locking
54c13d3520 ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
a0e2577cf3 block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
26ca2ac091 Bluetooth: L2CAP: Fix attempting to access uninitialized memory
6b6f94fb9a Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
bfd5e62f9a i2c: piix4: Fix adapter not be removed in piix4_remove()
fc3e2fa0a5 arm64: dts: juno: Add thermal critical trip points
b743ecf29c firmware: arm_scmi: Make Rx chan_setup fail on memory errors
29e8e9bfc2 firmware: arm_scmi: Suppress the driver's bind attributes
d7b1e2cbe0 ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
160d8904b2 efi/tpm: Pass correct address to memblock_reserve
c40b4d604b i2c: xiic: Add platform module alias
5bf8c7798b drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
496eb203d0 HID: saitek: add madcatz variant of MMO7 mouse device ID
ff06067b70 scsi: core: Restrict legal sdev_state transitions via sysfs
9edf20e5a1 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
be6e22f546 media: meson: vdec: fix possible refcount leak in vdec_probe()
c5fd54a65c media: dvb-frontends/drxk: initialize err to 0
7fdc58d8c2 media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
1609231f86 media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
c46759e370 media: rkisp1: Zero v4l2_subdev_format fields in when validating links
3144ce5574 media: rkisp1: Initialize color space on resizer sink and source pads
6b24d9c2ac s390/boot: add secure boot trailer
efc6420d65 xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
37bb57908d mtd: parsers: bcm47xxpart: Fix halfblock reads
85e458369c mtd: parsers: bcm47xxpart: print correct offset on read error
ec54104feb fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
f8c86d7829 video/fbdev/stifb: Implement the stifb_fillrect() function
e975d7aeca mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
afeae13b8a mmc: sdhci-pci: Avoid comma separated statements
a06721767c mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
59400c9b0d drm/msm/hdmi: fix IRQ lifetime
8225bdaec5 drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
5dbb47ee89 ipv6: fix WARNING in ip6_route_net_exit_late()
1c89642e7f net, neigh: Fix null-ptr-deref in neigh_table_clear()
634f066d02 net: mdio: fix undefined behavior in bit shift for __mdiobus_register
d9ec6e2fbd Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
cb1c012099 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
0a0dead4ad btrfs: fix ulist leaks in error paths of qgroup self tests
61e0612811 btrfs: fix inode list leak during backref walking at find_parent_nodes()
a52e24c7fc btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
81204283ea isdn: mISDN: netjet: fix wrong check of device registration
e77d213843 mISDN: fix possible memory leak in mISDN_register_device()
f06186e527 rose: Fix NULL pointer dereference in rose_send_frame()
2c8d81bdb2 ipvs: fix WARNING in ip_vs_app_net_cleanup()
931f56d59c ipvs: fix WARNING in __ip_vs_cleanup_batch()
d69328cdb9 ipvs: use explicitly signed chars
b2d7a92aff netfilter: nf_tables: release flow rule object from commit path
3583826b44 net: tun: fix bugs for oversize packet when napi frags enabled
5960b9081b net: sched: Fix use after free in red_enqueue()
24f9c41435 ata: pata_legacy: fix pdc20230_set_piomode()
c85ee1c3cb net: fec: fix improper use of NETDEV_TX_BUSY
52438e734c nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
0acfcd2aed nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
9ae2c9a91f nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
eecea068bf NFC: nxp-nci: remove unnecessary labels
e8c11ee2d0 nfc: fdp: Fix potential memory leak in fdp_nci_send()
31b83d6990 nfc: fdp: drop ftrace-like debugging messages
4e1e4485b2 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
d360e875c0 RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
37a098fc9b net: dsa: Fix possible memory leaks in dsa_loop_init()
45aea4fbf6 nfs4: Fix kmemleak when allocate slot failed
f0f1c74fa6 NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
10c554d722 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
4813dd737d NFSv4: Fix a potential state reclaim deadlock
7c4260f8f1 IB/hfi1: Correctly move list in sc_disable()
87ac93c8dd RDMA/cma: Use output interface for net_dev check
4dbb739eb2 KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
bb584caee8 KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
9faacf442d KVM: x86: Protect the unused bits in MSR exiting flags
5bdbccc79c x86/topology: Fix duplicated core ID within a package
6c31fc028a x86/topology: Fix multiple packages shown on a single-package system
f5ad52da14 x86/topology: Set cpu_die_id only if DIE_TYPE found
570fa3bcd2 KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
e5d7c6786b KVM: x86: Trace re-injected exceptions
8364786152 KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
523e1dd9f8 KVM: nVMX: Pull KVM L0's desired controls directly from vmcs01
028fcabd8a serial: ar933x: Deassert Transmit Enable on ->rs485_config()
e6da7808c9 serial: 8250: Let drivers request full 16550A feature probing
95aa34f721 Linux 5.10.153
26a2b9c468 serial: Deassert Transmit Enable on probe in driver-specific way
4a230f65d6 serial: core: move RS485 configuration tasks from drivers into core
eb69c07eca can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
d5924531dd arm64/kexec: Test page size support with new TGRAN range values
c911f03f8d arm64/mm: Fix __enable_mmu() for new TGRAN range values
d523384766 scsi: sd: Revert "scsi: sd: Remove a local variable"
52a43b8200 arm64: Add AMPERE1 to the Spectre-BHB affected list
9889ca7efa net: enetc: survive memory pressure without crashing
fdba224ab0 net/mlx5: Fix crash during sync firmware reset
bbcc06933f net/mlx5: Fix possible use-after-free in async command interface
16376ba5cf net/mlx5e: Do not increment ESN when updating IPsec ESN state
0d88359092 nh: fix scope used to find saddr when adding non gw nh
3519b5ddac net: ehea: fix possible memory leak in ehea_register_port()
79631daa5a openvswitch: switch from WARN to pr_warn
00d6f33f67 ALSA: aoa: Fix I2S device accounting
ce6fd1c382 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
97262705c0 net: fec: limit register access on i.MX6UL
df67a8e625 PM: domains: Fix handling of unavailable/disabled idle states
1f262d8088 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
6170b4579f i40e: Fix flow-type by setting GL_HASH_INSET registers
9abae363af i40e: Fix VF hang when reset is triggered on another VF
23d5599058 i40e: Fix ethtool rx-flow-hash setting for X722
44affe7ede ipv6: ensure sane device mtu in tunnels
905f05c0ab media: vivid: set num_in/outputs to 0 if not supported
b6c7446d0a media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
683015ae16 media: v4l2-dv-timings: add sanity checks for blanking values
147b8f1892 media: vivid: dev->bitmap_cap wasn't freed in all cases
1cf51d5158 media: vivid: s_fbuf: add more sanity checks
3221c2701d PM: hibernate: Allow hybrid sleep to work with s2idle
0eb19ecbd0 can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path
6b2d07fc0b can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
1634d5d39c tcp: fix indefinite deferral of RTO with SACK reneging
4f23cb2be5 tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
49713d7c38 tcp: minor optimization in tcp_add_backlog()
aab883bd60 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
c3edc6e808 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
e2a28807b1 kcm: annotate data-races around kcm->rx_wait
c325f92d8d kcm: annotate data-races around kcm->rx_psock
af7879529e atlantic: fix deadlock at aq_nic_stop
d7ccd49c4d amd-xgbe: add the bit rate quirk for Molex cables
17350734fd amd-xgbe: fix the SFP compliance codes check for DAC cables
b55d6ea965 x86/unwind/orc: Fix unreliable stack dump with gcov
0ce1ef3353 net: hinic: fix the issue of double release MBOX callback of VF
6603843c80 net: hinic: fix the issue of CMDQ memory leaks
bb01910763 net: hinic: fix memory leak when reading function table
ce605b68db net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
62f0a08e82 net: netsec: fix error handling in netsec_register_mdio()
32a3d4660b tipc: fix a null-ptr-deref in tipc_topsrv_accept
fb94152aae perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
bfce730886 ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
2663b16c76 ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
a527557299 arc: iounmap() arg is volatile
648ac633e7 ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
6571f6ca8a drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
4953a989b7 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
9d00384270 net: ieee802154: fix error return code in dgram_bind()
568e3812b1 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
935a8b6202 mm/memory: add non-anonymous page check in the copy_present_page()
49db6cb814 xen/gntdev: Prevent leaking grants
a3f2cc11d6 Xen/gntdev: don't ignore kernel unmapping error
467230b9ef s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
fe187c801a s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
449070996c perf auxtrace: Fix address filter symbol name match for modules
6f72a3977b kernfs: fix use-after-free in __kernfs_remove
0bcd1ab3e8 counter: microchip-tcb-capture: Handle Signal1 read and Synapse
8bf037279b mmc: core: Fix kernel panic when remove non-standard SDIO card
5684808b26 mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
b686ffc0ac drm/msm/dp: fix IRQ lifetime
08c7375fa2 drm/msm/hdmi: fix memory corruption with too many bridges
21c4679af0 drm/msm/dsi: fix memory corruption with too many bridges
44a86d96fa scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
c368f751da mac802154: Fix LQI recording
9ba2990f4e exec: Copy oldsighand->action under spin-lock
7062153004 fs/binfmt_elf: Fix memory leak in load_elf_binary()
d9ddfeb01f fbdev: smscufx: Fix several use-after-free bugs
f19f1a75d3 iio: temperature: ltc2983: allocate iio channels once
af236da855 iio: light: tsl2583: Fix module unloading
90ff5bef2b tools: iio: iio_utils: fix digit calculation
678d2cc204 xhci: Remove device endpoints from bandwidth list when freeing the device
3b250824b6 xhci: Add quirk to reset host back to default state at shutdown
63c7df3c81 mtd: rawnand: marvell: Use correct logic for nand-keep-config
228101fc83 usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
2bc4f99ee2 usb: bdc: change state when port disconnected
e440957f9c usb: dwc3: gadget: Don't set IMI for no_interrupt
fb074d622c usb: dwc3: gadget: Stop processing more requests on IMI
c29fcef579 USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
4cc7a360ec ALSA: rme9652: use explicitly signed char
8959092300 ALSA: au88x0: use explicitly signed char
2bf5b16315 ALSA: Use del_timer_sync() before freeing timer
ca1034bff8 can: kvaser_usb: Fix possible completions during init_completion
370be31cde can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
7d51b4c67c Linux 5.10.152
43d5109296 udp: Update reuse->has_conns under reuseport_lock.
a50ed2d287 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
31b1570677 blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
e2f9b62ead mmc: core: Add SD card quirk for broken discard
3a260e9844 Makefile.debug: re-enable debug info for .S files
6ab2287b26 x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
67dafece56 ACPI: video: Force backlight native for more TongFang devices
dcaf631320 hv_netvsc: Fix race between VF offering and VF association message from host
da54c5f4b5 perf/x86/intel/pt: Relax address filter validation
79c3482fbe riscv: topology: fix default topology reporting
a6e770733d arm64: topology: move store_cpu_topology() to shared code
cb1024d8a4 arm64: dts: qcom: sc7180-trogdor: Fixup modem memory region
f687e2111b fcntl: fix potential deadlocks for &fown_struct.lock
b1efc19644 fcntl: make F_GETOWN(EX) return 0 on dead owner task
ca4c498382 perf: Skip and warn on unknown format 'configN' attrs
dea47fefa6 perf pmu: Validate raw event with sysfs exported format bits
86e995f964 riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
0e4c06ae7c riscv: Add machine name to kernel boot log and stack dump output
7fba4a389d mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
3c6a888e35 xen/gntdev: Accommodate VMA splitting
5232411f37 xen: assume XENFEAT_gnttab_map_avail_bits being set for pv guests
ea82edad0a tracing: Do not free snapshot if tracer is on cmdline
bd6af07e79 tracing: Simplify conditional compilation code in tracing_set_tracer()
4e3a15ca24 dmaengine: mxs: use platform_driver_register
1da5d24970 dmaengine: mxs-dma: Remove the unused .id_table
1414e9bf3c drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
d74196bb27 iommu/vt-d: Clean up si_domain in the init_dmars() error path
ef11e8ec00 iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
35c92435be net: phy: dp83822: disable MDI crossover status change interrupt
7aa3d623c1 net: sched: fix race condition in qdisc_graft()
2974f3b330 net: hns: fix possible memory leak in hnae_ae_register()
3032e316e0 sfc: include vport_id in filter spec hash and equal()
ded86c4191 net: sched: sfb: fix null pointer access issue when sfb_init() fails
305aa36b62 net: sched: delete duplicate cleanup of backlog and qlen
ae48bee283 net: sched: cake: fix null pointer access issue when cake_init() fails
2008ad08a2 nvme-hwmon: kmalloc the NVME SMART log buffer
770b7e3a2c nvme-hwmon: consistently ignore errors from nvme_hwmon_init
67106ac272 nvme-hwmon: Return error code when registration fails
bc17f727b0 nvme-hwmon: rework to avoid devm allocation
191d71c635 ionic: catch NULL pointer issue on reconfig
ff7ba76675 net: hsr: avoid possible NULL deref in skb_clone()
7286f87551 cifs: Fix xid leak in cifs_ses_add_channel()
2d08311aa3 cifs: Fix xid leak in cifs_flock()
bf49d4fe4a cifs: Fix xid leak in cifs_copy_file_range()
05cc22c008 net: phy: dp83867: Extend RX strap quirk for SGMII mode
118f412bed net/atm: fix proc_mpc_write incorrect return value
c8310a99e7 sfc: Change VF mac via PF as first preference if available.
39d10f0dfb HID: magicmouse: Do not set BTN_MOUSE on double report
ed5baf3d0a i40e: Fix DMA mappings leak
e558e14893 tipc: fix an information leak in tipc_topsrv_kern_subscr
1f4ed95ce6 tipc: Fix recognition of trial period
fc8c6b8bb2 ACPI: extlog: Handle multiple records
57e157749a btrfs: fix processing of delayed tree block refs during backref walking
590929ef69 btrfs: fix processing of delayed data refs during backref walking
cc841a8a70 r8152: add PID for the Lenovo OneLink+ Dock
51b96ecaed arm64: errata: Remove AES hwcap for COMPAT tasks
910ba49b33 blk-wbt: call rq_qos_add() after wb_normal is initialized
392536023d block: wbt: Remove unnecessary invoking of wbt_update_limits in wbt_init
ab6aaa8210 media: venus: dec: Handle the case where find_format fails
bce5808fc9 media: mceusb: set timeout to at least timeout provided
6d725672ce KVM: arm64: vgic: Fix exit condition in scan_its_table()
34db701dc6 kvm: Add support for arch compat vm ioctls
e55feb31df cpufreq: qcom: fix memory leak in error path
303d0f7614 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
6a2aadcb01 ata: ahci-imx: Fix MODULE_ALIAS
d9f0159da0 hwmon/coretemp: Handle large core ID value
0fb04676c4 x86/microcode/AMD: Apply the patch early on every logical thread
6dcf1f0802 i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
794ded0bc4 cpufreq: qcom: fix writes in read-only memory region
2723875e9d selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
0d65f040fd ocfs2: fix BUG when iput after ocfs2_mknod fails
b838dcfda1 ocfs2: clear dinode links count in case of error
c34d1b22fe Linux 5.10.151
ecad331211 kbuild: Add skip_encoding_btf_enum64 option to pahole
c5006abb80 kbuild: Unify options for BTF generation for vmlinux and modules
f5f413cb3e kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
06481cd9f7 kbuild: Quote OBJCOPY var to avoid a pahole call break the build
bbaea0f1cd bpf: Generate BTF_KIND_FLOAT when linking vmlinux
a10a57a224 Linux 5.10.150
243c8f42ba Revert "drm/amdgpu: make sure to init common IP before gmc"
8026d58b49 gcov: support GCC 12.1 and newer compilers
cbf2c43b36 f2fs: fix wrong condition to trigger background checkpoint correctly
7b19858803 thermal: intel_powerclamp: Use first online CPU as control_cpu
f039b43cba inet: fully convert sk->sk_rx_dst to RCU rules
67de22cb0b ext4: continue to expand file system when the target size doesn't reach
357db159e9 Revert "drm/amdgpu: use dirty framebuffer helper"
98ab15bfdc Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
791489a5c5 net/ieee802154: don't warn zero-sized raw_sendmsg()
a96336a5f2 Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
dc54ff9fc4 net: ieee802154: return -EINVAL for unknown addr type
45c3396675 mm: hugetlb: fix UAF in hugetlb_handle_userfault
c378c479c5 io_uring/af_unix: defer registered files gc to io_uring release
67cbc8865a io_uring: correct pinned_vm accounting
904f881b57 arm64: topology: fix possible overflow in amu_fie_setup()
b5dc2f2578 perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
9b4e849777 clk: bcm2835: Make peripheral PLLC critical
b8bbae3236 usb: idmouse: fix an uninit-value in idmouse_open
d5bb45f47b nvmet-tcp: add bounds check on Transfer Tag
b79da0080d nvme: copy firmware_rev on each init
e6cc39db24 staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
3a5a34ed9d Revert "usb: storage: Add quirk for Samsung Fit flash"
acf0006f2b usb: musb: Fix musb_gadget.c rxstate overflow bug
91271a3e77 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
782b3e71c9 md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
dbcca76435 HID: roccat: Fix use-after-free in roccat_read()
f00c049ede soundwire: intel: fix error handling on dai registration issues
f04a673d4a soundwire: cadence: Don't overwrite msg->buf during write commands
c263516c2c bcache: fix set_at_max_writeback_rate() for multiple attached devices
fcad2ac863 ata: libahci_platform: Sanity check the DT child nodes number
19c010ae44 blk-throttle: prevent overflow while calculating wait time
1b3cebeca9 staging: vt6655: fix potential memory leak
89f305a714 power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
b2700f98b3 nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
5942e5c63d scsi: 3w-9xxx: Avoid disabling device if failing to enable it
48727117bd usb: host: xhci-plat: suspend/resume clks for brcm
c13d0d2f5a usb: host: xhci-plat: suspend and resume clocks
12d31182de clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
c2257c8a50 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
d9e2585c3b clk: zynqmp: Fix stack-out-of-bounds in strncpy`
70f8b48d0b btrfs: scrub: try to fix super block errors
8f554dd23c arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
451ce2521c kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
017cabfb3f ARM: dts: imx6sx: add missing properties for sram
9d3ca48722 ARM: dts: imx6sll: add missing properties for sram
9735f2b62b ARM: dts: imx6sl: add missing properties for sram
2829b6ad30 ARM: dts: imx6qp: add missing properties for sram
0c3a0b3d5e ARM: dts: imx6dl: add missing properties for sram
2763a3b43a ARM: dts: imx6q: add missing properties for sram
82e0d91484 ARM: dts: imx7d-sdb: config the max pressure for tsc2046
166feb964f drm/amd/display: Remove interface for periodic interrupt 1
1bb6f4a8db drm/dp: Don't rewrite link config when setting phy test pattern
bb91c06b0b mmc: sdhci-msm: add compatible string check for sdm670
8a427a2283 drm/meson: explicitly remove aggregate driver at module unload time
1c7d957c5d drm/amdgpu: fix initial connector audio value
69130888b2 ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
54f2585e2d platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
a9d6a7c9b6 platform/chrome: cros_ec: Notify the PM of wake events during resume
e29d20deaf drm: panel-orientation-quirks: Add quirk for Anbernic Win600
bfdb391d57 drm/vc4: vec: Fix timings for VEC modes
b70f8abc1a drm: bridge: dw_hdmi: only trigger hotplug event on link change
bbe2f6f903 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
0a4fddc95c drm/amd/display: fix overflow on MIN_I64 definition
3959e8faf8 gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
c28a8082b2 drm: Prevent drm_copy_field() to attempt copying a NULL pointer
e7d7018003 drm: Use size_t type for len variable in drm_copy_field()
3339a51bcd drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
484400d433 r8152: Rate limit overflow messages
0c108cf3ad Bluetooth: L2CAP: Fix user-after-free
65029aaedd net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
4851303c85 wifi: rt2x00: correctly set BBP register 86 for MT7620
a016144479 wifi: rt2x00: set SoC wmac clock register
5aa0461d11 wifi: rt2x00: set VGC gain for both chains of MT7620
8d9c00979a wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
27ed98e8a9 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
3d67986e72 can: bcm: check the result of can_send() in bcm_can_tx()
7b674dce41 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
e25ca9af8a Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
b051d9bf98 regulator: core: Prevent integer underflow
e01d96494a wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
be81c44242 xfrm: Update ipcomp_scratches with NULL when freed
9661724f62 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
0958e487e8 tcp: annotate data-race around tcp_md5sig_pool_populated
129ca0db95 openvswitch: Fix overreporting of drops in dropwatch
4398e8a7fd openvswitch: Fix double reporting of drops in dropwatch
e3c9b94734 bpftool: Clear errno after libcap's checks
50e45034c5 wifi: brcmfmac: fix invalid address access when enabling SCAN log level
bbacfcde5f NFSD: fix use-after-free on source server when doing inter-server copy
3de402a524 NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
1f730d4ae6 x86/entry: Work around Clang __bdos() bug
513943bf87 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
708b9abe1b powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
b434edb0e9 MIPS: BCM47XX: Cast memcmp() of function to (void *)
6c61a37ea7 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
0dd025483f rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
36d4ffbedf rcu: Back off upon fill_page_cache_func() allocation failure
278d8ba2b2 selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
b60aa21e2f f2fs: fix to account FS_CP_DATA_IO correctly
0b8230d44c f2fs: fix to avoid REQ_TIME and CP_TIME collision
ecbd95958c f2fs: fix race condition on setting FI_NO_EXTENT flag
110146ce8f ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
dce07e87ee thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
3a720eb890 crypto: cavium - prevent integer overflow loading firmware
7bfa7d6773 crypto: marvell/octeontx - prevent integer overflows
cdd42eb468 kbuild: rpm-pkg: fix breakage when V=1 is used
6d1aef17e7 kbuild: remove the target in signal traps when interrupted
8d76dd5080 tracing: kprobe: Make gen test module work in arm and riscv
c6512a6f0c tracing: kprobe: Fix kprobe event gen test module on exit
9e6ba62d41 iommu/iova: Fix module config properly
426d5bc089 crypto: qat - fix DMA transfer direction
a43babc059 crypto: qat - use pre-allocated buffers in datapath
a91af50850 crypto: qat - fix use of 'dma_map_single'
8a4ed09ed8 crypto: inside-secure - Change swab to swab32
d33935e666 crypto: ccp - Release dma channels before dmaengine unrgister
a1354bdd19 crypto: akcipher - default implementation for setting a private key
2fee0dbfae iommu/omap: Fix buffer overflow in debugfs
cfde58a8e4 cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
ab2485eb5d hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
d88b88514e crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
25f1342473 crypto: sahara - don't sleep when in softirq
2d285164fb powerpc: Fix SPE Power ISA properties for e500v1 platforms
2bde4e1e4f powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
7ae8bed908 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
6315998170 powerpc/powernv: add missing of_node_put() in opal_export_attrs()
434db6d17b powerpc/pci_dn: Add missing of_node_put()
718e2d8023 powerpc/sysdev/fsl_msi: Add missing of_node_put()
592d283a65 powerpc/math_emu/efp: Include module.h
44c26ceffa mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
b1616599c9 clk: ast2600: BCLK comes from EPLL
6d01017247 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
9b65fd6513 clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
9a6087a438 clk: baikal-t1: Add SATA internal ref clock buffer
5f143f3bc2 clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
823fd52391 clk: baikal-t1: Fix invalid xGMAC PTP clock divider
2f19a1050e clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
92f52770a7 spmi: pmic-arb: correct duplicate APID to PPID mapping logic
a01c0c1600 dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
1dd5148445 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
6e58f2469e mfd: sm501: Add check for platform_driver_register()
3469dd8e22 mfd: fsl-imx25: Fix check for platform_get_irq() errors
b425e03c96 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
f7b4388636 mfd: lp8788: Fix an error handling path in lp8788_probe()
08d4051803 mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
28868b940b mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
382a5fc49e fsi: core: Check error number after calling ida_simple_get
ed8e6011b9 clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
884a788f06 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
a9e5176ead scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
8f740c11d8 serial: 8250: Fix restoring termios speed after suspend
ab5a3e7144 firmware: google: Test spinlock on panic path to avoid lockups
95ac62e854 staging: vt6655: fix some erroneous memory clean-up loops
878f987166 phy: qualcomm: call clk_disable_unprepare in the error handling
9a56ade124 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
572fb97fce serial: 8250: Toggle IER bits on only after irq has been set up
3fbfa5e3cc serial: 8250: Add an empty line and remove some useless {}
71ffe5111f drivers: serial: jsm: fix some leaks in probe
7efdd91d54 usb: gadget: function: fix dangling pnp_string in f_printer.c
cc952e3bf6 xhci: Don't show warning for reinit on known broken suspend
dac769dd7d IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
360386e11c RDMA/cm: Use SLID in the work completion as the DLID in responder side
a1263294b5 md/raid5: Ensure stripe_fill happens on non-read IO with journal
76694e9ce0 md: Replace snprintf with scnprintf
7bd5f3b4a8 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
f5325f3202 ata: fix ata_id_has_dipm()
f5a6fa1877 ata: fix ata_id_has_ncq_autosense()
3c34a91c8a ata: fix ata_id_has_devslp()
fc61a0c820 ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
e3917c85f4 RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
3a9d7d8dcf mtd: rawnand: fsl_elbc: Fix none ECC mode
f87f720811 mtd: devices: docg3: check the return value of devm_ioremap() in the probe
d06cc0e11d dyndbg: drop EXPORTed dynamic_debug_exec_queries
1d65985589 dyndbg: let query-modname override actual module name
c0e206da44 dyndbg: fix module.dyndbg handling
5047bd3bd7 dyndbg: fix static_branch manipulation
af12e209a9 dmaengine: hisilicon: Add multi-thread support for a DMA channel
d3fd838536 dmaengine: hisilicon: Fix CQ head update
d5065ca461 dmaengine: hisilicon: Disable channels when unregister hisi_dma
f59861946f fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
7ba19a60c7 misc: ocxl: fix possible refcount leak in afu_ioctl()
cf3bb86edd RDMA/rxe: Fix the error caused by qp->sk
cdce36a88d RDMA/rxe: Fix "kernel NULL pointer dereference" error
2630cc8832 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
40aa0999a3 media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
551b87976a tty: xilinx_uartps: Fix the ignore_status
28cdf6c6fb media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
1f683bff1a HSI: omap_ssi_port: Fix dma_map_sg error check
962f22e7f7 HSI: omap_ssi: Fix refcount leak in ssi_probe
70f0a0a27d clk: tegra20: Fix refcount leak in tegra20_clock_init
c01bfd23cc clk: tegra: Fix refcount leak in tegra114_clock_init
f487137a53 clk: tegra: Fix refcount leak in tegra210_clock_init
59e90c4d98 clk: sprd: Hold reference returned by of_get_parent()
57141b1dd6 clk: berlin: Add of_node_put() for of_get_parent()
dc190b46c6 clk: qoriq: Hold reference returned by of_get_parent()
baadc6f58f clk: oxnas: Hold reference returned by of_get_parent()
b95f4f9054 clk: meson: Hold reference returned by of_get_parent()
beec2f0255 usb: common: debug: Check non-standard control requests
9d965a22f6 usb: common: move function's kerneldoc next to its definition
20b63631a3 usb: common: add function to get interval expressed in us unit
c1ef8c66a3 usb: common: Parse for USB SSP genXxY
ffffb159e1 usb: ch9: Add USB 3.2 SSP attributes
aa7aada4b7 iio: ABI: Fix wrong format of differential capacitance channel ABI.
b9a0526cd0 iio: inkern: only release the device node when done with it
44ec4b04fc iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
513c72d76d iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
d259b90f0c iio: adc: at91-sama5d2_adc: check return status for pressure and touch
bc2b97e177 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
5b9bb0cbd9 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
657de36c72 arm64: ftrace: fix module PLTs with mcount
40e966a404 ARM: Drop CMDLINE_* dependency on ATAGS
477dbf9d1b ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
5bbd3dd7f9 soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
09c35f1520 ia64: export memory_add_physaddr_to_nid to fix cxl build error
e31c0e14cf ARM: dts: kirkwood: lsxl: remove first ethernet port
df4f05b356 ARM: dts: kirkwood: lsxl: fix serial line
43faaedf3a ARM: dts: turris-omnia: Fix mpp26 pin name and comment
d5c2051898 soc: qcom: smem_state: Add refcounting for the 'state->of_node'
39781c98ad soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
1d312c12c9 memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
daaec4b3fe memory: of: Fix refcount leak bug in of_get_ddr_timings()
fde46754d5 memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
2c442b0c06 ALSA: hda/hdmi: Don't skip notification handling during PM operation
f182de42d7 ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
37e3e01c9a ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
fb23569699 ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
c1b269dda1 ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
71704c2e1b mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
c940636d9c ALSA: dmaengine: increment buffer pointer atomically
4993c1511d ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
ef59819976 drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
598d8f7d86 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
a9a60d6405 ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
ad0b8ed172 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
1f340e1c1c drm/omap: dss: Fix refcount leak bugs
cbe37857dd ALSA: hda: beep: Simplify keep-power-at-enable behavior
f0fb0817eb ASoC: rsnd: Add check for rsnd_mod_power_on
877e92e9b1 drm/bridge: megachips: Fix a null pointer dereference bug
c577b4e972 drm: fix drm_mipi_dbi build errors
804d8e59f3 platform/x86: msi-laptop: Fix resource cleanup
c21c08fab7 platform/x86: msi-laptop: Fix old-ec check for backlight registering
b77755f58e ASoC: tas2764: Fix mute/unmute
2e6b64df54 ASoC: tas2764: Drop conflicting set_bias_level power setting
c2c6022e10 ASoC: tas2764: Allow mono streams
868fc93b61 platform/chrome: fix memory corruption in ioctl
84da5cdf43 platform/chrome: fix double-free in chromeos_laptop_prepare()
5e25bfcd12 drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
ad06d6bed5 drm/dp_mst: fix drm_dp_dpcd_read return value checks
3f5889fd65 drm/bridge: parade-ps8640: Fix regulator supply order
45120fa5e5 drm/mipi-dsi: Detach devices when removing the host
050b650507 drm/bridge: Avoid uninitialized variable warning
7839f2b349 drm: bridge: adv7511: fix CEC power down control register offset
29f50bcf0f net: mvpp2: fix mvpp2 debugfs leak
6cb54f2162 once: add DO_ONCE_SLOW() for sleepable contexts
67cb80a9d2 net/ieee802154: reject zero-sized raw_sendmsg()
6cc0e2afc6 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
da349221c4 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
d9e25dc053 spi: Ensure that sg_table won't be used after being freed
96a3ddb870 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
f65955340e sctp: handle the error returned from sctp_auth_asoc_init_active_key
2a1d036320 mISDN: fix use-after-free bugs in l1oip timer handlers
b4a5905fd2 vhost/vsock: Use kvmalloc/kvfree for larger packets.
d2b5dc3a53 wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
17196f2f98 spi: s3c64xx: Fix large transfers with DMA
b284e1fe15 netfilter: nft_fib: Fix for rpath check with VRF devices
b384e8fb16 Bluetooth: hci_core: Fix not handling link timeouts propertly
129f01116b i2c: mlxbf: support lock mechanism
534909fe3c spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
9da61e7b59 spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
1ef5798638 x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
6ed7b05a35 x86/microcode/AMD: Track patch allocation size explicitly
07299e52e5 wifi: ath11k: fix number of VHT beamformee spatial streams
d7cc0d51ff Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
ed403bcd97 bpf: Ensure correct locking around vulnerable function find_vpid()
2a1c29dc9b net: fs_enet: Fix wrong check in do_pd_setup
795954d751 wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
226e6f2412 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
0a60ac7a0d bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
8398a45d3d spi: meson-spicc: do not rely on busy flag in pow2 clk ops
351cf55595 wifi: rtl8xxxu: Fix skb misuse in TX queue selection
1e91179057 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
7b83d11d48 spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
5576008305 selftests/xsk: Avoid use-after-free on ctx
c823df0679 wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
ea1b6b5409 Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
07194ccbb1 Bluetooth: btusb: fix excessive stack usage
cdadf95435 Bluetooth: btusb: Fine-tune mt7663 mechanism.
294395caac x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
029a1de92c spi: mt7621: Fix an error message in mt7621_spi_probe()
2afb93e4e4 bpftool: Fix a wrong type cast in btf_dumper_int
61905bbb61 wifi: mac80211: allow bw change during channel switch in mesh
7565207066 leds: lm3601x: Don't use mutex after it was destroyed
08faf07717 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
e060c4b9f3 nfsd: Fix a memory leak in an error handling path
730191a098 objtool: Preserve special st_shndx indexes in elf_update_symbol
84837738d4 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
f1d6edeaa8 ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
da2aecef86 MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
0c667858c0 MIPS: SGI-IP27: Free some unused memory
3598445698 sh: machvec: Use char[] for section boundaries
6e4be747f1 userfaultfd: open userfaultfds with O_RDONLY
28d9b39733 selinux: use "grep -E" instead of "egrep"
d11e09953c smb3: must initialize two ACL struct fields to zero
abd13b2100 drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
fd37286f39 drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
5d6093c49c drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
57f1a89a8e drm/nouveau/kms/nv140-: Disable interlacing
d0febad83e staging: greybus: audio_helper: remove unused and wrong debugfs usage
ceeb8d4a43 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
83fe0b009b KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
085ca1d33b KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
bda8120e5b media: cedrus: Set the platform driver data earlier
dbdd3b1448 efi: libstub: drop pointless get_memory_map() call
68158654b5 thunderbolt: Explicitly enable lane adapter hotplug events at startup
fc08f84381 tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
0cf6c09daf ring-buffer: Fix race between reset page and reading page
588f02f8b9 ring-buffer: Add ring_buffer_wake_waiters()
586f02c500 ring-buffer: Check pending waiters when doing wake ups as well
6617e5132c ring-buffer: Have the shortest_full queue be the shortest not longest
4a3bbd40e4 ring-buffer: Allow splice to read previous partially read pages
f2ca4609d0 ftrace: Properly unset FTRACE_HASH_FL_MOD
846f041203 livepatch: fix race between fork and KLP transition
2189756eab ext4: update 'state->fc_regions_size' after successful memory allocation
2cfb769d60 ext4: fix potential memory leak in ext4_fc_record_regions()
c9ce7766dc ext4: fix potential memory leak in ext4_fc_record_modified_inode()
d575fb52c4 ext4: fix miss release buffer head in ext4_fc_write_inode
74d2a398d2 ext4: place buffer head allocation before handle start
fbb0e601bd ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
0e1764ad71 ext4: don't increase iversion counter for ea_inodes
483831ad04 ext4: fix check for block being out of directory size
ac66db1a43 ext4: make ext4_lazyinit_thread freezable
f34ab95162 ext4: fix null-ptr-deref in ext4_write_info
fb98cb61ef ext4: avoid crash when inline data creation follows DIO write
e65506ff18 jbd2: add miss release buffer head in fc_do_one_pass()
1d4d16daec jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
7a33dde572 jbd2: fix potential buffer head reference count leak
eea3e455a3 jbd2: wake up journal waiters in FIFO order, not LIFO
ba52e685d2 hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
bdcb1d7cf2 hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
d621a87064 hardening: Clarify Kconfig text for auto-var-init
4a8e8bf280 f2fs: fix to do sanity check on summary info
73fb4bd2c0 f2fs: fix to do sanity check on destination blkaddr during recovery
12014eaf1b f2fs: increase the limit for reserve_root
47b5ffe863 btrfs: fix race between quota enable and quota rescan ioctl
e504729496 fbdev: smscufx: Fix use-after-free in ufx_ops_open()
9931bd05bb scsi: qedf: Populate sysfs attributes for vport
102c4b6e8c powerpc/boot: Explicitly disable usage of SPE instructions
7db60fd46e powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
9119a92ad9 PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
a3c08c0217 mm/mmap: undo ->mmap() when arch_validate_flags() fails
7d551b7d61 block: fix inflight statistics of part0
0a12979089 drm/udl: Restore display mode on resume
f134f261d7 drm/virtio: Check whether transferred 2D BO is shmem
303436e301 nvme-pci: set min_align_mask before calculating max_hw_sectors
6a73e6edcb UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
1a053f597f riscv: Pass -mno-relax only on lld < 15.0.0
d15dca1d46 riscv: Make VM_WRITE imply VM_READ
d8c6f9b2e1 riscv: Allow PROT_WRITE-only mmap()
a6dcc6cfa2 parisc: fbdev/stifb: Align graphics memory size to 4MB
2ce9fab94b RISC-V: Make port I/O string accessors actually work
ffb571e123 regulator: qcom_rpm: Fix circular deferral regression
85909424a1 hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
8ef0e1c0ae ASoC: wcd934x: fix order of Slimbus unprepare/disable
9b2c82af65 ASoC: wcd9335: fix order of Slimbus unprepare/disable
1c20d672e3 platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
6b7ae4a904 quota: Check next/prev free block number after reading from quota file
5b1a56beb6 HID: multitouch: Add memory barriers
bfe60d7641 fs: dlm: handle -EBUSY first in lock arg validation
0b2d8e4db4 fs: dlm: fix race between test_bit() and queue_work()
057d5838c7 mmc: sdhci-sprd: Fix minimum clock limit
448fffc1ae can: kvaser_usb_leaf: Fix CAN state after restart
a3776e09b3 can: kvaser_usb_leaf: Fix TX queue out of sync after restart
0f8c88978d can: kvaser_usb_leaf: Fix overread with an invalid command
5d1cb7bfad can: kvaser_usb: Fix use of uninitialized completion
b239a0993a usb: add quirks for Lenovo OneLink+ Dock
afbbf305db iio: pressure: dps310: Reset chip after timeout
9daadd1d10 iio: pressure: dps310: Refactor startup procedure
ae49d80400 iio: adc: ad7923: fix channel readings for some variants
ea4dcd3d6a iio: ltc2497: Fix reading conversion results
30e1bd0d3e iio: dac: ad5593r: Fix i2c read protocol requirements
9312e04b6c cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
64f23e5430 cifs: destage dirty pages before re-reading them for cache=none
50d3d89537 mtd: rawnand: atmel: Unmap streaming DMA mappings
e8eb44eeee ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
4491fbd0a7 ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
4285d06d12 ALSA: hda/realtek: Correct pin configs for ASUS G533Z
768cd2cd1a ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
3e29645fba ALSA: usb-audio: Fix NULL dererence at error path
bc1d16d282 ALSA: usb-audio: Fix potential memory leaks
ef1658bc48 ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
026fcb6336 ALSA: oss: Fix potential deadlock at unregistration
Also update the .xml file to handle the few ABI changes in this merge
that required an update due to private pointers changing types and ABI
padding structures being used to preserve the ABI:
Leaf changes summary: 4 artifacts changed (1 filtered out)
Changed leaf types summary: 4 (1 filtered out) leaf types changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct fscrypt_info at fscrypt_private.h:195:1' changed:
type size hasn't changed
there are data member changes:
type 'key*' of 'fscrypt_info::ci_master_key' changed:
pointer type changed from: 'key*' to: 'fscrypt_master_key*'
5197 impacted interfaces
'struct sk_buff at skbuff.h:717:1' changed:
type size hasn't changed
there are data member changes:
data member u64 android_kabi_reserved1 at offset 1472 (in bits) became anonymous data member 'union {struct {__u8 scm_io_uring; __u8 android_kabi_reserved1_padding1; __u16 android_kabi_reserved1_padding2; __u32 android_kabi_reserved1_padding3;}; struct {u64 android_kabi_reserved1;}; union {};}'
5197 impacted interfaces
'struct super_block at fs.h:1450:1' changed:
type size hasn't changed
there are data member changes:
type 'key*' of 'super_block::s_master_keys' changed:
pointer type changed from: 'key*' to: 'fscrypt_keyring*'
5197 impacted interfaces
'struct tcp_sock at tcp.h:146:1' changed:
type size hasn't changed
one impacted interface
Change-Id: I6f2a7b91e1df96bede8aafa944a04b3e08ed33a1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
When communicating with accessory devices via USBFS, the initialisation
call-stack looks like:
ConfigFS > Gadget ConfigFS > UDC > Gadget ConfigFS > Composite
Eventually ending up in composite_dev_prepare() where memory for the
data buffer is allocated and initialised. The default size used for the
allocation is USB_COMP_EP0_BUFSIZ (4k). When handling bulk transfers,
acc_ctrlrequest() needs to be able to handle buffers up to
BULK_BUFFER_SIZE (16k). Instead of adding new generic attributes to
'struct usb_request' to track the size of the allocated buffer, we can
simply split off the affected thread of execution to travel via a
knowledgeable abstracted function acc_ctrlrequest_composite() where we
can complete the necessary specific checks.
Bug: 264029575
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ia1280f85499621d3fa57f7262b4a2c80f4be7773
When CONFIG_KASAN_HW_TAGS is enabled we currently increase the minimum
slab alignment to 16. This happens even if MTE is not supported in
hardware or disabled via kasan=off, which creates an unnecessary memory
overhead in those cases. Eliminate this overhead by making the minimum
slab alignment a runtime property and only aligning to 16 if KASAN is
enabled at runtime.
On a DragonBoard 845c (non-MTE hardware) with a kernel built with
CONFIG_KASAN_HW_TAGS, waiting for quiescence after a full Android boot I
see the following Slab measurements in /proc/meminfo (median of 3
reboots):
Before: 169020 kB
After: 167304 kB
[akpm@linux-foundation.org: make slab alignment type `unsigned int' to avoid casting]
Link: https://linux-review.googlesource.com/id/I752e725179b43b144153f4b6f584ceb646473ead
Link: https://lkml.kernel.org/r/20220427195820.1716975-2-pcc@google.com
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Acked-by: David Rientjes <rientjes@google.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 265364138
(cherry picked from commit d949a8155d139aa890795b802004a196b7f00598)
[Zhenhua: fold 587cfd8e66df3515 ("ANDROID: fix alignment of struct shash_desc
member") into this change, to keep ABI compatibility]
Change-Id: I3749f8de65ef3619724e68a9affb4eefd1ebe737
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com>
An inclusion of cache.h in printk.h was added in 2014 in commit
c28aa1f0a8 ("printk/cache: mark printk_once test variable
__read_mostly") in order to bring in the definition of __read_mostly. The
usage of __read_mostly was later removed in commit 3ec25826ae ("printk:
Tie printk_once / printk_deferred_once into .data.once for reset") which
made the inclusion of cache.h unnecessary, so remove it.
We have a small amount of code that depended on the inclusion of cache.h
from printk.h; fix that code to include the appropriate header.
This fixes a circular inclusion on arm64 (linux/printk.h -> linux/cache.h
-> asm/cache.h -> linux/kasan-enabled.h -> linux/static_key.h ->
linux/jump_label.h -> linux/bug.h -> asm/bug.h -> linux/printk.h) that
would otherwise be introduced by the next patch.
Build tested using {allyesconfig,defconfig} x {arm64,x86_64}.
Link: https://linux-review.googlesource.com/id/I8fd51f72c9ef1f2d6afd3b2cbc875aa4792c1fba
Link: https://lkml.kernel.org/r/20220427195820.1716975-1-pcc@google.com
Signed-off-by: Peter Collingbourne <pcc@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 265364138
(cherry picked from commit 534aa1dc975ac883ad89110534585a96630802a0)
[Zhenhua: Resolved minor compile issue in include/linux/debug_locks.h]
Change-Id: I46182e781b64561a1ebd5405628a317d4f6cb789
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com>
The kasan-enabled.h header relies on static keys, so make sure
to include the header to avoid compilation errors (with JUMP_LABEL=n).
It fixes the following:
./include/linux/kasan-enabled.h:9:1: warning: data definition has no type or storage class
9 | DECLARE_STATIC_KEY_FALSE(kasan_flag_enabled);
| ^~~~~~~~~~~~~~~~~~~~~~~~
error: type defaults to 'int' in declaration of 'DECLARE_STATIC_KEY_FALSE' [-Werror=implicit-int]
Fixes: f9b5e46f4097eb29 ("kasan: split kasan_*enabled() functions into a separate header")
Cc: Peter Collingbourne <pcc@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Acked-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Joey Gouly <joey.gouly@arm.com>
Link: https://lore.kernel.org/r/20220301154518.19456-1-joey.gouly@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 265364138
(cherry picked from commit d8fd5a1e78db375f2246d43df7833fec07a221cd)
Change-Id: Id33a67919113839503630b7364af1bdea3cfcedf
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com>
In an upcoming commit we are going to need to call
kasan_hw_tags_enabled() from arch/arm64/include/asm/mte.h. This
would create a circular dependency between headers if KASAN_GENERIC
or KASAN_SW_TAGS is enabled: linux/kasan.h -> linux/pgtable.h ->
asm/pgtable.h -> asm/mte.h -> linux/kasan.h. Break the cycle
by introducing a new header linux/kasan-enabled.h with the
kasan_*enabled() functions that can be included from asm/mte.h.
Link: https://linux-review.googlesource.com/id/I5b0d96c6ed0026fc790899e14d42b2fac6ab568e
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Link: https://lore.kernel.org/r/20220219012945.894950-1-pcc@google.com
Signed-off-by: Will Deacon <will@kernel.org>
Change-Id: I984365534f5ed76ed0ff79fce62b09afbbc92982
Bug: 265364138
(cherry picked from commit f9b5e46f4097eb298f68e5b02f70697a90a44739)
[Zhenhua: Resolved minor conflicts in include/linux/kasan.h]
Change-Id: I631ae7d32ed560dd22917a4691c498e234b4f51d
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com>
As per the documentation, function usb_ep_free_request guarantees
the request will not be queued or no longer be re-queued (or
otherwise used). However, with the current implementation it
doesn't make sure that the request in ep0 isn't reused.
Fix this by dequeuing the ep0req on functionfs_unbind before
freeing the request to align with the definition.
Fixes: ddf8abd259 ("USB: f_fs: the FunctionFS driver")
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Tested-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Link: https://lore.kernel.org/r/20221215052906.8993-3-quic_ugoswami@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 265837309
(cherry picked from commit ce405d561b020e5a46340eb5146805a625dcacee https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-linus)
Change-Id: Idbc5f13cedac59cbc893d229383b01662f4e4a03
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
While performing fast composition switch, there is a possibility that the
process of ffs_ep0_write/ffs_ep0_read get into a race condition
due to ep0req being freed up from functionfs_unbind.
Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait
by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't
bounded so it can go ahead and mark the ep0req to NULL, and since there
is no NULL check in ffs_ep0_queue_wait we will end up in use-after-free.
Fix this by making a serialized execution between the two functions using
a mutex_lock(ffs->mutex).
Fixes: ddf8abd259 ("USB: f_fs: the FunctionFS driver")
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Tested-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Link: https://lore.kernel.org/r/20221215052906.8993-2-quic_ugoswami@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 265837309
(cherry picked from commit 6a19da111057f69214b97c62fb0ac59023970850 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-linus)
Change-Id: I1d71b96709a557caee72d1c84e3ee43969a89c13
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
The functions stop_active_transfers and ep_disable are both calling
remove_requests. This functions in both cases will giveback the requests
with status ESHUTDOWN, which also represents an physical disconnection.
For ep_disable this is not true. This patch adds the status parameter to
remove_requests and sets the status to ECONNRESET on ep_disable.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220720213523.1055897-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit b44c0e7fef51ee7e8ca8c6efbf706f5613787100)
Bug: 263189538
Change-Id: I1bd7a42e6f2f99a0ce021ef3c94dc630ae9260df
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
During a 3 stage SETUP transfer, if the host sends another SETUP token
before completing the status phase, it signifies that the host has aborted
the current control transfer. Currently, if a setup_packet_pending is
received, there are no subsequent calls to dwc3_ep0_out_start() to fetch
the new SETUP packet. This leads to a stall on EP0, as host does not
expect another STATUS phase as it has aborted the current transfer.
Fix this issue by explicitly stalling and restarting EP0, as well as
resetting the trb_enqueue indexes. (without this, there is a chance the
SETUP TRB is set up on trb_endqueue == 1)
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220712014403.2977-1-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 5e76ee96be8f7bbf9416a5edddc8c064e7e7c6ac)
Bug: 263189538
Change-Id: Ia0cc555ca8cd94048308406d975b3b4f4aa6ca54
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
The current logic to assign the max packet limit for IN endpoints attempts
to take the default HW value and apply the optimal endpoint settings based
on it. However, if the default value reports a TxFIFO size large enough
for only one max packet, it will divide the value and assign a smaller ep
max packet limit.
For example, if the default TxFIFO size fits 1024B, current logic will
assign 1024/3 = 341B to ep max packet size. If function drivers attempt to
request for an endpoint with a wMaxPacketSize of 1024B (SS BULK max packet
size) then it will fail, as the gadget is unable to find an endpoint which
can fit the requested size.
Functionally, if the TxFIFO has enough space to fit one max packet, it will
be sufficient, at least when initializing the endpoints.
Fixes: d94ea53198 ("usb: dwc3: gadget: Properly set maxpacket limit")
Cc: stable <stable@kernel.org>
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220523213948.22142-1-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9c1e916960c1192e746bf615e4dae25423473a64)
Bug: 263189538
Change-Id: I56995b3d5bbfa8dc61a0e4084d6109d90951244d
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
If the controller hasn't DMA'ed the Setup data from its fifo, it won't
process the End Transfer command. Polling for the command completion may
block the driver from servicing the Setup phase and cause a timeout.
Previously we only check and delay issuing End Transfer in the case of
endpoint dequeue. Let's do that for all End Transfer scenarios.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/2fcf3b5d90068d549589a57a27a79f76c6769b04.1650593829.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f66eef8fb8989a7193cafc3870f7c7b2b97f16cb)
Bug: 263189538
Change-Id: I58dc40ff7defdd03f52da900ee0b179ffe55d2cc
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
The driver shouldn't be able to issue End Transfer to the control
endpoint at anytime. Typically we should only do so in error cases such
as invalid/unexpected direction of Data Phase as described in the
control transfer flow of the programming guide. It _may_ end started
data phase during controller deinitialization from soft disconnect or
driver removal. However, that should not happen because the driver
should be maintained in EP0_SETUP_PHASE during driver tear-down. On
soft-connect, the controller should be reset from a soft-reset and there
should be no issue starting the control endpoint.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3c6643678863a26702e4115e9e19d7d94a30d49c.1650593829.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ace17b6ee4f92ab0375d12a1b42494f8590a96b6)
Bug: 263189538
Change-Id: Ifd58ee4b1f213db72d6bcc7137c96ee2a399e21c
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Since we can't guarantee that the host won't send new Setup packet
before going through the device-initiated disconnect, don't prepare
beyond the Setup stage and keep the device in EP0_SETUP_PHASE. This
ensures that the device-initated disconnect sequence can go through
gracefully. Note that the controller won't service the End Transfer
command if it can't DMA out the Setup packet.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/6bacec56ecabb2c6e49a09cedfcac281fdc97de0.1650593829.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c96683798e272366866a5c0ce3073c0b5a256db7)
Bug: 263189538
Change-Id: Ice2d6837acebd312e732527504f4013f33a8fe6d
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
This patch adds the extra function __dwc3_stop_active_transfer to
consolidate the same codepath.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220306211251.2281335-3-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e192cc7b52399d1b073f88cd3ba128b74d3a57f1)
Bug: 263189538
Change-Id: Icbc4c63e380e2a88973e739b5513528cc5dbde66
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
To improve reading the code this patch moves the cases to start_isoc or
return the function under one common condition check.
Reviewed-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220306211251.2281335-2-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 26d27a1080a7d0e8f0c1a56dc50aae336f9525d1)
Bug: 263189538
Change-Id: I60ada6edcc6f1a505f2a3d86fc4a6d8b7d22f089
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
The driver knows what it needs to set for GEVNTSIZn, and the controller
doesn't modify this register unless there's a hard reset. To save a few
microseconds of register read in read-modify-write operation, simply do
register write with the expected values. This can improve performance
when there are many interrupts generated, which the driver needs to
check and handle.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/efddf4ee5821c4bc5ae7ad90d629ec7a0ebcbf9a.1638240306.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 76c4c95dac0da03f64d8b59a8834faf8020af8dc)
Bug: 263189538
Change-Id: I7dec7b568f12b1529ab1e52a600056be98910f02
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
The controller doesn't check for Update Transfer command parameters
DEPCMDPAR{0,1,2}. Writing to these registers is unnecessary. Ignoring
this improves performance slightly by removing the register write
delay.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/997d9ebf38c6bba920d4ee77bd8c77bf81978a55.1638240306.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit a02a26eb0aeaa2859a8b2f182bd5b5f7228ee1fe)
Bug: 263189538
Change-Id: Ie30380e71dfd7febb71eb0c3c725f336f4d6da9a
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
If we're not setting CMDACT (from "No Response" Update Transfer
command), then there's no point in checking for the command status. So
skip it. This can reduce a register read delay and improve performance.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3dc31cf11581ae3ee82d9202dda3fc17d897d786.1638240306.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit bc27117c7cdd4b57d0f079620b483f3b229074bd)
Bug: 263189538
Change-Id: Ia06408ffeeb561683662f00938bd9ab2f866eb89
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
If mem-type is specified in the device tree
it would end up overriding the record_size
field instead of populating mem_type.
As record_size is currently parsed after the
improper assignment with default size 0 it
continued to work as expected regardless of the
value found in the device tree.
Simply changing the target field of the struct
is enough to get mem-type working as expected.
Fixes: 9d843e8fafc7 ("pstore: Add mem_type property DT parsing support")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Stefani <luca@osomprivacy.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221222131049.286288-1-luca@osomprivacy.com
Fixes: 1c4893edfe ("FROMGIT: pstore: Add mem_type property DT parsing support")
Change-Id: Iea62cd7b26effc158500f097474d4df316285ac4
(cherry picked from commit beca3e311a49cd3c55a056096531737d7afa4361 )
Signed-off-by: Luca Stefani <luca@osomprivacy.com>
Yunfei Wang
Takashi Iwai
aaro
Wesley Cheng
Krishna Kurapati
Ard Biesheuvel
Srinivasarao Pathipati
Clement Lecigne
Arnd Bergmann
Lee Jones
Lee Jones
SEO HOYOUNG
Daniele Alessandrelli
Udipto Goswami
John Keeping
Maxim Devaev
Dezhi Huang
Steve Muckle
Russell King
Greg Kroah-Hartman
Peter Collingbourne
Joey Gouly
Michael Grzeschik
Thinh Nguyen
Luca Stefani
Ye Bin
Kever Yang
Jaegeuk Kim