f8ce1d2c5e
66392 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Srinivasarao Pathipati
|
c38dc90458 |
Merge keystone/android12-5.10-keystone-qcom-release.185+ (7a5953e) into msm-5.10
* refs/heads/tmp-7a5953e:
ANDROID: GKI: Add symbol list for Nothing
ANDROID: ABI: Update oplus symbol list ashmem: is_ashmem_file Export is_ashmem_file function which will be used by the minidump module to get ashmem info.
Merge /mm/madvise.c from mirror-android12-5.10-2023-07
ANDROID: GKI: Update abi_gki_aarch64_qcom for page_owner symbols
ANDROID: mm: Export page_owner_inited and __set_page_owner
FROMGIT: pstore/ram: Check start of empty przs during init
ANDROID: GKI: Update symbols for zebra
ANDROID: wakeupbypass: Add vendor hook for batteryswap
UPSTREAM: exfat: check if filename entries exceeds max filename length
BACKPORT: FROMGIT: netfilter: nfnetlink_log: always add a timestamp
FROMGIT: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
BACKPORT: FROMGIT: irqchip/gic-v3: Workaround for GIC-700 erratum 2941627
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
ANDROID: ABI: Update oplus symbol list
ANDROID: Export symbols to do reverse mapping within memcg in kernel modules.
ANDROID: GKI: export symbols to modify lru stats
UPSTREAM: net: tap_open(): set sk_uid from current_fsuid()
UPSTREAM: net: tun_chr_open(): set sk_uid from current_fsuid()
UPSTREAM: netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
BACKPORT: UPSTREAM: usb: dwc3: gadget: Execute gadget stop after halting the controller
UPSTREAM: usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
UPSTREAM: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
ANDROID: GKI: update xiaomi symbol list
UPSTREAM: netfilter: nf_tables: skip bound chain on rule flush
UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
UPSTREAM: tty: n_gsm: fix UAF in gsm_cleanup_mux
UPSTREAM: netfilter: nft_set_pipapo: fix improper element removal
BACKPORT: FROMGIT: irqchip/gic-v3: Workaround for GIC-700 erratum 2941627
ANDROID: vendor_hook: fix the error record position of mutex
FROMGIT: fs: drop_caches: draining pages before dropping caches
ANDROID: GKI: Update symbols to symbol list
ANDROID: GKI: Update symbols to symbol list
ANDROID: GKI: add symbol list file for moto
UPSTREAM: gfs2: Don't deref jdesc in evict
UPSTREAM: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
ANDROID: wakeupbypass: Add vendor hook for batteryswap
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hook: Add hook to abort reclaim and compaction
UPSTREAM: Revert "Fix XFRM-I support for nested ESP tunnels"
UPSTREAM: Revert "Fix XFRM-I support for nested ESP tunnels"
ANDROID: Incremental fs: Allocate data buffer based on input request size
ANDROID: ABI: update symbol list for Xclipse GPU
ANDROID: vendor_hooks: Supplement the missing hook call point.
ANDROID: GKI: Add symbol list for Nothing
UPSTREAM: usb: dwc3: gadget: Propagate core init errors to UDC during pullup
Revert "net: Remove DECnet leftovers from flow.h."
Revert "neighbour: fix unaligned access to pneigh_entry"
Revert "tcp: deny tcp_disconnect() when threads are waiting"
Revert "regulator: Add regmap helper for ramp-delay setting"
Revert "regulator: pca9450: Convert to use regulator_set_ramp_delay_regmap"
Revert "regulator: pca9450: Fix BUCK2 enable_mask"
Revert "tipc: add tipc_bearer_min_mtu to calculate min mtu"
Revert "tipc: do not update mtu if msg_max is too small in mtu negotiation"
Revert "tipc: check the bearer min mtu properly when setting it by netlink"
Revert "ipv4/tcp: do not use per netns ctl sockets"
ANDROID: GKI: preserve CRC generation for some bluetooth symbols
Revert "net: Find dst with sk's xfrm policy not ctl_sk"
Revert "tcp: fix possible sk_priority leak in tcp_v4_send_reset()"
Revert "firmware: arm_sdei: Fix sleep from invalid context BUG"
Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"
Revert "workqueue: Rename "delayed" (delayed by active management) to "inactive""
Revert "workqueue: Fix hung time report of worker pools"
Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
Linux 5.10.185
um: Fix build w/o CONFIG_PM_SLEEP
drm/i915/gen11+: Only load DRAM information from pcode
drm/i915/dg1: Wait for pcode/uncore handshake at startup
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
media: dvbdev: fix error logic at dvb_register_device()
media: dvbdev: Fix memleak in dvb_register_device
nilfs2: reject devices with insufficient block count
mm/memory_hotplug: extend offline_and_remove_memory() to handle more than one memory block
mmc: block: ensure error propagation for non-blk
batman-adv: Switch to kstrtox.h for kstrtou64
neighbour: delete neigh_lookup_nodev as not used
net: Remove DECnet leftovers from flow.h.
net: Remove unused inline function dst_hold_and_use()
neighbour: Remove unused inline function neigh_key_eq16()
rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period
cgroup: always put cset in cgroup_css_set_put_fork
afs: Fix vlserver probe RTT handling
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
net: tipc: resize nlattr array to correct size
net: lapbether: only support ethernet devices
net/sched: cls_api: Fix lockup on flushing explicitly created chain
ext4: drop the call to ext4_error() from ext4_get_group_info()
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/dp: check for NULL nv_connector->native_mode
drm/nouveau: don't detect DSM for non-NVIDIA device
igb: fix nvm.ops.read() error handling
sctp: fix an error code in sctp_sf_eat_auth()
ipvlan: fix bound dev checking for IPv6 l3s mode
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/cma: Always set static rate to 0 for RoCE
RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
octeontx2-af: fixed resource availability check
iavf: remove mask from iavf_irq_enable_queues()
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
net/sched: cls_u32: Fix reference counter leak leading to overflow
ping6: Fix send to link-local addresses with VRF.
net: enetc: correct the indexes of highest and 2nd highest TCs
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
spi: fsl-dspi: avoid SCK glitches with continuous transfers
RDMA/rtrs: Fix the last iu->buf leak in err path
usb: dwc3: gadget: Reset num TRBs before giving back the request
serial: lantiq: add missing interrupt ack
USB: serial: option: add Quectel EM061KGL series
Remove DECnet support from kernel
ALSA: hda/realtek: Add a quirk for Compaq N14JP6
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
x86/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
epoll: ep_autoremove_wake_function should use list_del_init_careful
io_uring: hold uring mutex around poll removal
irqchip/gic: Correctly validate OF quirk descriptors
drm:amd:amdgpu: Fix missing buffer object unlock in failure path
xen/blkfront: Only check REQ_FUA for writes
ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
ASoC: soc-pcm: test if a BE can be prepared
btrfs: handle memory allocation failure in btrfs_csum_one_bio
btrfs: scrub: try harder to mark RAID56 block groups read-only
power: supply: Fix logic checking if system is running from battery
irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
regulator: Fix error checking for debugfs_create_dir
platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
power: supply: Ratelimit no data debug output
tools: gpio: fix debounce_period_us output of lsgpio
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: sc27xx: Fix external_power_changed race
power: supply: ab8500: Fix external_power_changed race
test_firmware: fix a memory leak with reqs buffer
test_firmware: prevent race conditions by a correct implementation of locking
test_firmware: Use kstrtobool() instead of strtobool()
kernel.h: split out kstrtox() and simple_strtox() to a separate header
lib: cleanup kstrto*() usage
Revert "sched/fair: Detect capacity inversion"
Revert "sched/fair: Consider capacity inversion in util_fits_cpu()"
Revert "sched/uclamp: Fix a uninitialized variable warnings"
Revert "sched/fair: Fixes for capacity inversion detection"
Linux 5.10.184
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
MIPS: locking/atomic: Fix atomic{_64,}_sub_if_positive
xfs: verify buffer contents when we skip log replay
tcp: fix tcp_min_tso_segs sysctl
ext4: only check dquot_initialize_needed() when debugging
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
vhost: support PACKED when setting-getting vring_base
riscv: fix kprobe __user string arg print fault issue
eeprom: at24: also select REGMAP
i2c: sprd: Delete i2c adapter in .remove's error path
ASoC: codecs: wsa881x: do not set can_multi_write flag
staging: vc04_services: fix gcc-13 build warning
usb: usbfs: Use consistent mmap functions
usb: usbfs: Enforce page requirements for mmap
pinctrl: meson-axg: add missing GPIOA_18 gpio group
rbd: get snapshot context after exclusive lock is ensured to be held
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
Bluetooth: hci_qca: fix debugfs registration
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
s390/dasd: Use correct lock while counting channel queue length
ceph: fix use-after-free bug for inodes when flushing capsnaps
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
drm/amdgpu: fix xclk freq on CHIP_STONEY
ALSA: hda/realtek: Add Lenovo P3 Tower platform
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
Input: psmouse - fix OOB access in Elantech protocol
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
batman-adv: Broken sync while rescheduling delayed work
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Don't issue AP reset during ethtool's reset operation
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
bpf: Add extra path pointer check to d_path helper
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net: sched: move rtm_tca_policy declaration to include file
rfs: annotate lockless accesses to RFS sock flow table
rfs: annotate lockless accesses to sk->sk_rxhash
ipv6: rpl: Fix Route of Death.
netfilter: ipset: Add schedule point in call_ad().
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
qed/qede: Fix scheduling while atomic
Bluetooth: L2CAP: Add missing checks for invalid DCID
Bluetooth: Fix l2cap_disconnect_req deadlock
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
neighbour: fix unaligned access to pneigh_entry
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
afs: Fix setting of mtime when creating a file/dir/symlink
spi: qup: Request DMA before enabling clocks
staging: vchiq_core: drop vchiq_status from vchiq_initialise
i40e: fix build warning in ice_fltr_add_mac_to_list()
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
block/blk-iocost (gcc13): keep large values in a new enum
blk-iocost: avoid 64-bit division in ioc_timer_fn
f2fs: fix iostat lock protection
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
remove the sx8 block driver
sfc (gcc13): synchronize ef100_enqueue_skb()'s return type
gcc-plugins: Reorganize gimple includes for GCC 13
ata: ahci: fix enum constants for gcc-13
Linux 5.10.183
ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS
ext4: enable the lazy init thread when remounting read/write
selftests: mptcp: join: skip if MPTCP is not supported
selftests: mptcp: simult flows: skip if MPTCP is not supported
selftests: mptcp: diag: skip if MPTCP is not supported
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs
crypto: ccp: Reject SEV commands with mismatching command buffer
scsi: dpt_i2o: Do not process completions with invalid addresses
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
drm/rcar: stop using 'imply' for dependencies
media: ti-vpe: cal: avoid FIELD_GET assertion
tpm, tpm_tis: Request threaded interrupt handler
regmap: Account for register length when chunking
KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
KVM: x86: Account fastpath-only VM-Exits in vCPU stats
test_firmware: fix the memory leak of the allocated firmware buffer
serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
fbcon: Fix null-ptr-deref in soft_cursor
ext4: add lockdep annotations for i_data_sem for ea_inode's
ext4: disallow ea_inodes with extended attributes
ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
ext4: add EA_INODE checking to ext4_iget()
selftests: mptcp: pm nl: skip if MPTCP is not supported
selftests: mptcp: connect: skip if MPTCP is not supported
tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
selinux: don't use make's grouped targets feature yet
btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=array-bounds
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
eth: sun: cassini: remove dead code
gcc-12: disable '-Wdangling-pointer' warning for now
ath6kl: Use struct_group() to avoid size-mismatched casting
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
misc: fastrpc: reject new invocations during device removal
misc: fastrpc: return -EPIPE to invocations on device removal
usb: gadget: f_fs: Add unbind event before functionfs_unbind
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
iio: dac: build ad5758 driver when AD5758 is selected
iio: adc: ad7192: Change "shorted" channels to differential
iio: dac: mcp4725: Fix i2c_master_send() return value handling
iio: light: vcnl4035: fixed chip ID check
iio: imu: inv_icm42600: fix timestamp reset
HID: wacom: avoid integer overflow in wacom_intuos_inout()
HID: google: add jewel USB id
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
drm/msm: Be more shouty if per-process pgtables aren't working
ALSA: oss: avoid missing-prototype warnings
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
wifi: b43: fix incorrect __packed annotation
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
s390/pkey: zeroize key blobs
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
media: dvb-core: Fix use-after-free due on race condition at dvb_net
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb_demux: fix a bug for the continuity counter
ASoC: ssm2602: Add workaround for playback distortions
ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
xfrm: Check if_id in inbound policy/secpath match
ASoC: dwc: limit the number of overrun messages
block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
gfs2: Don't deref jdesc in evict
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
btrfs: abort transaction when sibling keys check fails for leaves
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
watchdog: menz069_wdt: fix watchdog initialisation
mtd: rawnand: marvell: don't set the NAND frequency select
mtd: rawnand: marvell: ensure timing values are written
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
net/mlx5: Read embedded cpu after init bit cleared
udp6: Fix race condition in udp6_sendmsg & connect
net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
net: sched: fix NULL pointer dereference in mq_attach
net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: sch_ingress: Only create under TC_H_INGRESS
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
tcp: deny tcp_disconnect() when threads are waiting
af_packet: do not use READ_ONCE() in packet_bind()
mtd: rawnand: ingenic: fix empty stub helper definitions
amd-xgbe: fix the false linkup in xgbe_phy_status
af_packet: Fix data-races of pkt_sk(sk)->num.
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
iommu/amd: Don't block updates to GATag if guest mode is on
iommu/rockchip: Fix unwind goto issue
RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
RDMA/bnxt_re: Fix a possible memory leak
dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
dmaengine: at_xdmac: Move the free desc to the tail of the desc list
dmaengine: at_xdmac: Fix race for the tx desc callback
dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie
RDMA/efa: Fix unsupported page sizes in device
RDMA/bnxt_re: Fix the page_size used during the MR creation
RDMA/bnxt_re: Code refactor while populating user MRs
Linux 5.10.182
netfilter: ctnetlink: Support offloaded conntrack entry deletion
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
binder: fix UAF caused by faulty buffer cleanup
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
net: phy: mscc: enable VSC8501/2 RGMII RX clock
net/mlx5: Devcom, serialize devcom registration
net/mlx5: devcom only supports 2 ports
regulator: pca9450: Fix BUCK2 enable_mask
regulator: pca9450: Convert to use regulator_set_ramp_delay_regmap
regulator: Add regmap helper for ramp-delay setting
power: supply: bq24190: Call power_supply_changed() after updating input current
power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes
power: supply: bq27xxx: Move bq27xxx_battery_update() down
power: supply: bq27xxx: expose battery data when CI=1
power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status()
power: supply: bq27xxx: make status more robust
power: supply: bq27xxx: fix sign of current_now for newer ICs
power: supply: bq27xxx: fix polarity of current_now
x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
x86/cpu: Add Raptor Lake to Intel family
Linux 5.10.181
net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
3c589_cs: Fix an error handling path in tc589_probe()
arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
net/mlx5: Fix error message when failing to allocate device memory
net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
net/mlx5e: do as little as possible in napi poll when budget is 0
forcedeth: Fix an error handling path in nv_probe()
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
fs: fix undefined behavior in bit shift for SB_NOUSER
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
power: supply: bq27xxx: Fix poll_interval handling and races on remove
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
power: supply: leds: Fix blink to LED on transition
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
octeontx2-pf: Fix TSOv6 offload
selftests: fib_tests: mute cleanup error message
net: fix skb leak in __skb_tstamp_tx()
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
USB: core: Add routines for endpoint checks in old drivers
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
net: fix stack overflow when LRO is disabled for virtual interfaces
fbdev: udlfb: Fix endpoint check
debugobjects: Don't wake up kswapd from fill_pool()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
btrfs: use nofs when cleaning up aborted transactions
gpio: mockup: Fix mode of debugfs files
parisc: Allow to reboot machine after system halt
parisc: Handle kgdb breakpoints only in kernel context
m68k: Move signal frame following exception on 68020/030
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
ALSA: hda/realtek: Enable headset onLenovo M70/M90
ALSA: hda: Fix unhandled register update during auto-suspend period
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
ocfs2: Switch to security_inode_init_security()
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
act_mirred: use the backlog for nested calls to mirred ingress
net/sched: act_mirred: better wording on protection against excessive stack growth
net/sched: act_mirred: refactor the handle of xmit
writeback, cgroup: remove extra percpu_ref_exit()
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
watchdog: sp5100_tco: Immediately trigger upon starting.
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
serial: 8250_exar: Add support for USR298x PCI Modems
serial: exar: Add support for Sealevel 7xxxC serial cards
serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards
KVM: arm64: Link position-independent string routines into .hyp.text
HID: wacom: add three styli to wacom_intuos_get_tool_type
HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
HID: wacom: Force pen out of prox if no events have been received in a while
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
powerpc/64s/radix: Fix soft dirty tracking
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
serial: Add support for Advantech PCI-1611U card
statfs: enforce statfs[64] structure initialization
can: kvaser_pciefd: Disable interrupts in probe error path
can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
can: kvaser_pciefd: Empty SRB buffer in probe
can: kvaser_pciefd: Call request_irq() before enabling interrupts
can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek: Add quirk for Clevo L140AU
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
usb: gadget: u_ether: Fix host MAC address case
usb: dwc3: debugfs: Resume dwc3 before accessing registers
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb-storage: fix deadlock when a scsi command timeouts more than once
USB: usbtmc: Fix direction for 0-length ioctl control messages
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
bridge: always declare tunnel functions
netfilter: nft_set_rbtree: fix null deref on element insertion
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
wifi: iwlwifi: mvm: don't trust firmware n_channels
wifi: mac80211: fix min center freq offset tracing
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
tipc: check the bearer min mtu properly when setting it by netlink
tipc: do not update mtu if msg_max is too small in mtu negotiation
tipc: add tipc_bearer_min_mtu to calculate min mtu
net/tipc: fix tipc header files for kernel-doc
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
SUNRPC: Fix trace_svc_register() call site
media: netup_unidvb: fix use-after-free at del_timer()
net: hns3: fix reset delay time to avoid configuration timeout
net: hns3: fix sending pfc frames after reset issue
erspan: get the proto with the md version for collect_md
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
net: Find dst with sk's xfrm policy not ctl_sk
ipv4/tcp: do not use per netns ctl sockets
vsock: avoid to close connected socket after the timeout
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
ALSA: firewire-digi00x: prevent potential use after free
net: phy: dp83867: add w/a for packet errors seen with short cables
net: fec: Better handle pm_runtime_get() failing in .remove()
af_key: Reject optional tunnel/BEET mode templates in outbound policies
cpupower: Make TSC read per CPU for Mperf monitor
drm/msm/dpu: Remove duplicate register defines from INTF
drm/msm/dp: unregister audio driver during unbind
Revert "Fix XFRM-I support for nested ESP tunnels"
xfrm: don't check the default policy if the policy allows the packet
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
btrfs: move btrfs_find_highest_objectid/btrfs_find_free_objectid to disk-io.c
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
Input: xpad - add constants for GIP interface numbers
iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
clk: tegra20: fix gcc-7 constant overflow warning
iommu/arm-smmu-qcom: Limit the SMR groups to 128
RDMA/core: Fix multiple -Warray-bounds warnings
recordmcount: Fix memory leaks in the uwrite function
sched: Fix KCSAN noinstr violation
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
HID: wacom: generic: Set battery quirk only when we see battery data
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
ipvs: Update width of source for ip_vs_sync_conn_options
wifi: ath11k: Fix SKB corruption in REO destination ring
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
null_blk: Always check queue mode setting from configfs
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
wifi: iwlwifi: pcie: fix possible NULL pointer dereference
samples/bpf: Fix fout leak in hbm's run_bpf_prog
f2fs: fix to drop all dirty pages during umount() if cp_error is set
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
ext4: set goal start correctly in ext4_mb_normalize_request
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
scsi: target: iscsit: Free cmds before session free
net: Catch invalid index in XPS mapping
net: pasemi: Fix return type of pasemi_mac_start_tx()
scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
bpf: Annotate data races in bpf_local_storage
wifi: ath: Silence memcpy run-time false positive warning
drm/amd: Fix an out of bounds error in BIOS parser
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
remoteproc: stm32_rproc: Add mutex protection for workqueue
ACPI: EC: Fix oops when removing custom query handlers
firmware: arm_sdei: Fix sleep from invalid context BUG
memstick: r592: Fix UAF bug in r592_remove due to race condition
arm64: dts: qcom: msm8996: Add missing DWC3 quirks
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
refscale: Move shutdown from wait_event() to wait_event_idle()
ext4: allow ext4_get_group_info() to fail
ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
ext4: add mballoc stats proc file
ext4: drop s_mb_bal_lock and convert protected fields to atomic
ext4: remove redundant mb_regenerate_buddy()
ext4: fix lockdep warning when enabling MMP
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: reflect error codes from ext4_multi_mount_protect() to its callers
ext4: remove an unused variable warning with CONFIG_QUOTA=n
fbdev: arcfb: Fix error handling in arcfb_probe()
drm/i915/dp: prevent potential div-by-zero
af_unix: Fix data races around sk->sk_shutdown.
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net: datagram: fix data-races in datagram_poll()
ipvlan:Fix out-of-bounds caused by unclear skb->cb
tcp: add annotations around sk->sk_shutdown accesses
tcp: factor out __tcp_close() helper
net: add vlan_get_protocol_and_depth() helper
net: tap: check vlan with eth_type_vlan() method
net: deal with most data-races in sk_wait_event()
net: annotate sk->sk_err write from do_recvmmsg()
netlink: annotate accesses to nlk->cb_running
netfilter: conntrack: fix possible bug_on with enable_hooks=1
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
linux/dim: Do nothing if no time delta between samples
net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
drm/mipi-dsi: Set the fwnode for mipi_dsi_device
driver core: add a helper to setup both the of_node and fwnode of a device
Linux 5.10.180
drm/amd/display: Fix hang when skipping modeset
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
KVM: x86: move guest_pv_has out of user_access section
KVM: x86: do not report preemption if the steal time cache is stale
KVM: x86: revalidate steal time cache if MSR value changes
KVM: x86: do not set st->preempted when going back to user space
KVM: x86: Remove obsolete disabling of page faults in kvm_arch_vcpu_put()
KVM: Fix steal time asm constraints
KVM: x86: Fix recording of guest steal time / preempted status
KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: fix deadlock when converting an inline directory in nojournal mode
ext4: improve error recovery code paths in __ext4_remount()
ext4: check iomap type only if ext4_iomap_begin() does not fail
ext4: fix data races when using cached status extents
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: fix WARNING in mb_find_extent
KVM: x86: do not report a vCPU as preempted outside instruction boundaries
KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() with vcpu_mask==NULL
HID: wacom: insert timestamp to packed Bluetooth (BT) events
HID: wacom: Set a default resolution for older tablets
drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras
drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
drm/panel: otm8009a: Set backlight parent to panel device
f2fs: fix potential corruption when moving a directory
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
remoteproc: st: Call of_node_put() on iteration error
remoteproc: stm32: Call of_node_put() on iteration error
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: mcount.S: fix build error when PRINTK is not enabled
sh: math-emu: fix macro redefined warning
inotify: Avoid reporting event with invalid wd
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: don't free qgroup space unless specified
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf pmu: zfree() expects a pointer to a pointer to zero it after freeing its contents
perf vendor events power9: Remove UTF-8 characters from JSON files
net: enetc: check the index of the SFI rather than the handle
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
ionic: remove noise from ethtool rxnfc error msg
octeontx2-vf: Detach LF resources on probe cleanup
octeontx2-pf: Disable packet I/O for graceful exit
rxrpc: Fix hard call timeout units
sfc: Fix module EEPROM reporting for QSFP modules
net/sched: act_mirred: Add carrier check
watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe()
writeback: fix call of incorrect macro
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net/sched: cls_api: remove block_cb from driver_list before freeing
net/ncsi: clear Tx enable mode when handling a Config required AEN
scsi: qedi: Fix use after free bug in qedi_remove()
dm verity: fix error handling for check_at_most_once on FEC
dm verity: skip redundant verity_handle_err() on I/O errors
mailbox: zynqmp: Fix counts of child nodes
mailbox: zynq: Switch to flexible array to simplify code
crypto: ccp - Clear PSP interrupt status register before calling handler
ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
tty: clean include/linux/tty.h up
tty: move some tty-only functions to drivers/tty/tty.h
tty: move some internal tty lock enums and functions out of tty.h
tty: audit: move some local functions out of tty.h
tty: create internal tty.h file
netfilter: nf_tables: deactivate anonymous set from preparation phase
scsi: target: core: Avoid smp_processor_id() in preemptible code
arm64: dts: qcom: sdm845: correct dynamic power coefficients
sound/oss/dmasound: fix 'dmasound_setup' defined but not used
arm64: Always load shadow stack pointer directly from the task struct
perf intel-pt: Fix CYC timestamps after standalone CBR
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
dm flakey: fix a crash with invalid table line
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
arm64: Stash shadow stack pointer in the task struct on interrupt
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
dm clone: call kmem_cache_destroy() in dm_clone_init() error path
ia64: fix an addr to taddr in huge_pte_offset()
s390/dasd: fix hanging blockdevice after request requeue
btrfs: scrub: reject unsupported scrub flags
scripts/gdb: fix lx-timerlist for Python3
afs: Fix updating of i_size with dv jump from server
mfd: tqmx86: Correct board names for TQMxE39x
mfd: tqmx86: Specify IO port register range more precisely
mfd: tqmx86: Add support for TQMx110EB and TQMxE40x
mfd: tqmx86: Remove incorrect TQMx90UC board ID
mfd: tqmx86: Do not access I2C_DETECT register through io_base
thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
dmaengine: at_xdmac: do not enable all cyclic channels
dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
dmaengine: dw-edma: Fix to change for continuous transfer
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
leds: tca6507: Fix error handling of using fwnode_property_read_string
dmaengine: mv_xor_v2: Fix an error code.
leds: TI_LMU_COMMON: select REGMAP instead of depending on it
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
openrisc: Properly store r31 to pt_regs on unhandled exceptions
clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails
RDMA/mlx5: Use correct device num_ports when modify DC
SUNRPC: remove the maximum number of retries in call_bind_status
RDMA/mlx5: Fix flow counter query via DEVX
Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
input: raspberrypi-ts: Release firmware handle when not needed
firmware: raspberrypi: Introduce devm_rpi_firmware_get()
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
IB/hfi1: Add additional usdma traces
IB/hfi1: Add AIP tx traces
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
RDMA/srpt: Add a check for valid 'mad_agent' pointer
RDMA/cm: Trace icm_send_rej event before the cm state is reset
RDMA/siw: Remove namespace check from siw_netdev_event()
clk: add missing of_node_put() in "assigned-clocks" property parsing
power: supply: generic-adc-battery: fix unit scaling
rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
rtc: omap: include header for omap_rtc_power_off_program prototype
workqueue: Fix hung time report of worker pools
RDMA/rdmavt: Delete unnecessary NULL check
workqueue: Rename "delayed" (delayed by active management) to "inactive"
RDMA/siw: Fix potential page_array out of range access
clk: at91: clk-sam9x60-pll: fix return value check
perf/core: Fix hardlockup failure caused by perf throttle
powerpc/rtas: use memmove for potentially overlapping buffer copy
macintosh: via-pmu-led: requires ATA to be set
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
spmi: Add a check for remove callback when removing a SPMI driver
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
uapi/linux/const.h: prefer ISO-friendly __typeof__
i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
tty: serial: fsl_lpuart: adjust buffer length to the intended size
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
usb: mtu3: fix kernel panic at qmu transfer done irq handler
usb: chipidea: fix missing goto in `ci_hdrc_probe`
usb: gadget: tegra-xudc: Fix crash in vbus_draw
sh: sq: Fix incorrect element size for allocating bitmap buffer
spi: cadence-quadspi: fix suspend-resume implementations
ASoC: fsl_mqs: move of_node_put() to the correct location
coresight: etm_pmu: Set the module field
scripts/gdb: bail early if there are no generic PD
scripts/gdb: bail early if there are no clocks
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
PCI/EDR: Clear Device Status after EDR error recovery
of: Fix modalias string generation
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
linux/vt_buffer.h: allow either builtin or modular for macros
ASoC: es8316: Handle optional IRQ assignment
ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
PCI: imx6: Install the fault handler only on compatible match
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
spi: imx: Don't skip cleanup in remove's error path
spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
iio: light: max44009: add missing OF device matching
fpga: bridge: fix kernel-doc parameter description
usb: dwc3: gadget: Change condition for processing suspend event
usb: host: xhci-rcar: remove leftover quirk handling
pstore: Revert pmsg_lock back to a normal mutex
ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net: amd: Fix link leak when verifying config failed
netlink: Use copy_to_user() for optval in netlink_getsockopt().
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
net/sched: sch_fq: fix integer overflow of "credit"
netfilter: nf_tables: don't write table validation state without mutex
bpf: Don't EFAULT for getsockopt with optval=NULL
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: fw: fix memory leak in debugfs
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
jdb2: Don't refuse invalidation of already invalidated buffers
wifi: iwlwifi: fw: move memset before early return
wifi: iwlwifi: yoyo: Fix possible division by zero
md/raid10: fix memleak of md thread
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
nvme: fix async event trace event
nvme: handle the persistent internal error AER
bpf, sockmap: fix deadlocks in the sockhash and sockmap
net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
f2fs: fix to avoid use-after-free for cached IPU bio
xsk: Fix unaligned descriptor validation
crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
bpftool: Fix bug for long instructions in program CFG dumps
selftests/bpf: Wait for receive in cg_storage_multi test
net: qrtr: correct types of trace event parameters
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
crypto: sa2ul - Select CRYPTO_DES
crypto: caam - Clear some memory in instantiate_rng
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
f2fs: apply zone capacity to all zone type
f2fs: enforce single zone capacity
f2fs: handle dqget error in f2fs_transfer_project_quota()
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
scsi: target: Fix multiple LUN_RESET handling
scsi: target: Make state_list per CPU
scsi: target: Rename cmd.bad_sector to cmd.sense_info
scsi: target: Rename struct sense_info to sense_detail
net/packet: convert po->auxdata to an atomic flag
net/packet: convert po->origdev to an atomic flag
net/packet: annotate accesses to po->xmit
vlan: partially enable SIOCSHWTSTAMP in container
bpf: Remove misleading spec_v1 check on var-offset stack read
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
bpf: fix precision propagation verbose logging
bpf: take into account liveness when propagating precision
wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
tick/common: Align tick period with the HZ tick.
tick: Get rid of tick_period
tick/sched: Optimize tick_do_update_jiffies64() further
tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64()
tick/sched: Use tick_next_period for lockless quick check
drm/i915: Make intel_get_crtc_new_encoder() less oopsy
debugobject: Prevent init race with static objects
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
regulator: stm32-pwr: fix of_iomap leak
media: venus: dec: Fix handling of the start cmd
media: venus: vdec: Handle DRC after drain
media: venus: preserve DRC state across seeks
media: venus: vdec: Make decoder return LAST flag for sufficient event
media: venus: vdec: Fix non reliable setting of LAST flag
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource()
media: rcar_fdp1: fix pm_runtime_get_sync() usage count
media: rcar_fdp1: simplify error check logic at fdp_open()
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
media: rkvdec: fix use after free bug in rkvdec_remove
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
regulator: core: Avoid lockdep reports when resolving supplies
drm: msm: adreno: Disable preemption on Adreno 510
regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()
drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
ARM: dts: gta04: fix excess dma channel usage
mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
media: max9286: Free control handler
drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
firmware: qcom_scm: Clear download bit during reboot
media: bdisp: Add missing check for create_workqueue
x86/MCE/AMD: Use an u64 for bank_map
ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
arm64: dts: qcom: msm8996: Fix the PCI I/O port range
arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
arm64: dts: qcom: msm8998: Fix the PCI I/O port range
arm64: dts: qcom: sdm845: Fix the PCI I/O port range
arm64: dts: qcom: sdm845: correct dynamic power coefficients
arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources
arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
soc: ti: pm33xx: Enable basic PM runtime support for genpd
drm/probe-helper: Cancel previous job before starting new one
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
erofs: fix potential overflow calculating xattr_isize
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
tpm, tpm: Implement usage counter for locality
tpm, tpm_tis: Claim locality before writing interrupt registers
tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
tpm, tpm_tis: Do not skip reset of original interrupt vector
selinux: ensure av_permissions.h is built when needed
selinux: fix Makefile dependencies of flask.h
selftests/resctrl: Check for return value after write_schemata()
selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
wifi: rtl8xxxu: RTL8192EU always needs full init
rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
mailbox: zynqmp: Fix typo in IPI documentation
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
mailbox: zynqmp: Fix IPI isr handling
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
sound/oss/dmasound: fix build when drivers are mixed =y/=m
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
i2c: omap: Fix standard mode false ACK readings
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
relayfs: fix out-of-bounds access in relay_file_read
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
crypto: safexcel - Cleanup ring IRQ workqueues on load failure
MIPS: fw: Allow firmware to pass a empty env
crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
ring-buffer: Sync IRQ works before buffer destruction
pwm: meson: Fix g12a ao clk81 name
pwm: meson: Fix axg ao mux parents
kheaders: Use array declaration instead of char
ipmi: fix SSIF not responding under certain cond.
ipmi:ssif: Add send_retries increment
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
xhci: fix debugfs register accesses while suspended
staging: iio: resolver: ads1210: fix config mode
ext4: use ext4_journal_start/stop for fast commit transactions
blk-crypto: make blk_crypto_evict_key() more robust
blk-crypto: make blk_crypto_evict_key() return void
blk-mq: release crypto keyslot before reporting I/O complete
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
posix-cpu-timers: Implement the missing timer_wait_running callback
hwmon: (adt7475) Use device_property APIs when configuring polarity
hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
USB: dwc3: fix runtime pm imbalance on unbind
USB: dwc3: fix runtime pm imbalance on probe errors
PCI: qcom: Fix the incorrect register usage in v2.7.0 config
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
wireguard: timers: cast enum limits members to int in prints
asm-generic/io.h: suppress endianness warnings for readq() and writeq()
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
driver core: Don't require dynamic_debug for initcall_debug probe timing
USB: serial: option: add UNISOC vendor and TOZED LT70C product
x86/fpu: Prevent FPU state corruption
bluetooth: Perform careful capability checks in hci_sock_ioctl()
drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
seccomp: Move copy_seccomp() to no failure path.
Revert "ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()"
ANDROID: preserve CRC for xhci symbols
Revert "ipv4: shrink netns_ipv4 with sysctl conversions"
Revert "tcp: convert elligible sysctls to u8"
Revert "tcp: restrict net.ipv4.tcp_app_win"
Linux 5.10.179
ASN.1: Fix check for strdup() success
ASoC: fsl_asrc_dma: fix potential null-ptr-deref
iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: meson: Explicitly set .polarity in .get_state()
sctp: Call inet6_destroy_sock() via sk->sk_destruct().
dccp: Call inet6_destroy_sock() via sk->sk_destruct().
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
fuse: fix deadlock between atomic O_TRUNC and page invalidation
fuse: always revalidate rename target dentry
fuse: fix attr version comparison in fuse_read_update_size()
fuse: check s_root when destroying sb
virtiofs: split requests that exceed virtqueue size
virtiofs: clean up error handling in virtio_fs_get_tree()
purgatory: fix disabling debug info
docs: futex: Fix kernel-doc references after code split-up preparation
MIPS: Define RUNTIME_DISCARD_EXIT in LD script
sched/fair: Fixes for capacity inversion detection
sched/uclamp: Fix a uninitialized variable warnings
sched/fair: Consider capacity inversion in util_fits_cpu()
sched/fair: Detect capacity inversion
sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition
sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
sched/uclamp: Make asym_fits_capacity() use util_fits_cpu()
sched/uclamp: Make select_idle_capacity() use util_fits_cpu()
sched/uclamp: Fix fits_capacity() check in feec()
sched/uclamp: Make task_fits_capacity() use util_fits_cpu()
mm/khugepaged: check again on anon uffd-wp during isolation
mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
memstick: fix memory leak if card device is never registered
nilfs2: initialize unused bytes in segment summary blocks
iio: light: tsl2772: fix reading proximity-diodes from device tree
xfs: drop submit side trans alloc for append ioends
powerpc/doc: Fix htmldocs errors
xen/netback: use same error messages for same errors
nvme-tcp: fix a possible UAF when failing to allocate an io queue
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
net: dsa: b53: mmap: add phy ops
scsi: core: Improve scsi_vpd_inquiry() checks
scsi: megaraid_sas: Fix fw_crash_buffer_show()
selftests: sigaltstack: fix -Wuninitialized
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
e1000e: Disable TSO on i219-LM card to increase speed
bpf: Fix incorrect verifier pruning due to missing register precision taints
mlxsw: pci: Fix possible crash during initialization
net: rpl: fix rpl header size calculation
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
netfilter: nf_tables: fix ifdef to also consider nf_tables=m
sfc: Fix use-after-free due to selftest_work
sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP.
virtio_net: bugfix overflow inside xdp_linearize_page()
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
regulator: fan53555: Explicitly include bits header
netfilter: br_netfilter: fix recent physdev match breakage
arm64: dts: imx8mm-evk: correct pmic clock source
arm64: dts: meson-g12-common: specify full DMC range
arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Linux 5.10.178
sysctl: Fix data-races in proc_dou8vec_minmax().
panic, kexec: make __crash_kexec() NMI safe
kexec: turn all kexec_mutex acquisitions into trylocks
kexec: move locking into do_kexec_load
riscv: Handle zicsr/zifencei issues between clang and binutils
kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
kbuild: Switch to 'f' variants of integrated assembler flag
kbuild: check the minimum assembler version in Kconfig
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
i2c: ocores: generate stop condition after timeout in polling mode
x86/rtc: Remove __init for runtime functions
sched/fair: Fix imbalance overflow
sched/fair: Move calculate of avg_load to a better location
powerpc/papr_scm: Update the NUMA distance table for the target node
powerpc/pseries: Add support for FORM2 associativity
powerpc/pseries: Add a helper for form1 cpu distance
powerpc/pseries: Consolidate different NUMA distance update code paths
powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY
powerpc/pseries: rename min_common_depth to primary_domain_index
ubi: Fix deadlock caused by recursively holding work_sem
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
scsi: ses: Handle enclosure with just a primary component gracefully
net: sfp: initialize sfp->i2c_block_size at sfp allocation
riscv: add icache flush for nommu sigreturn trampoline
asymmetric_keys: log on fatal failures in PE/pkcs7
verify_pefile: relax wrapper length check
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: imx-lpi2c: clean rx/tx buffers upon new message
wifi: mwifiex: mark OF related data as maybe unused
power: supply: cros_usbpd: reclassify "default case!" as debug
libbpf: Fix single-line struct definition output in btf_dump
net: macb: fix a memory corruption in extended buffer descriptor mode
udp6: fix potential access to stale information
RDMA/core: Fix GID entry ref leak when create_ah fails
sctp: fix a potential overflow in sctp_ifwdtsn_skip
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
qlcnic: check pci_reset_function result
drm/armada: Fix a potential double free in an error handling path
tcp: restrict net.ipv4.tcp_app_win
tcp: convert elligible sysctls to u8
ipv4: shrink netns_ipv4 with sysctl conversions
sysctl: add proc_dou8vec_minmax()
niu: Fix missing unwind goto in niu_alloc_channels()
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
RDMA/cma: Allow UD qp_type to join multicast only
IB/mlx5: Add support for 400G_8X lane speed
IB/mlx5: Add support for NDR link speed
clk: sprd: set max_register according to mapping range
mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
mtd: rawnand: meson: fix bitmask for length in command word
mtdblock: tolerate corrected bit-flips
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
btrfs: fix fast csum implementation detection
btrfs: print checksum type and implementation at mount time
Bluetooth: Fix race condition in hidp_session_thread
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: emu10k1: fix capture interrupt handler unlinking
Revert "pinctrl: amd: Disable and mask interrupts on resume"
bpftool: Print newline before '}' for struct with padding only fields
ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
Revert "media: ti: cal: fix possible memory leak in cal_ctx_create()"
drm/bridge: lt9611: Fix PLL being unable to lock
selftests: intel_pstate: ftime() is deprecated
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing: Free error logs of tracing instances
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
iio: adc: ad7791: fix IRQ flags
ALSA: hda/realtek: Add quirk for Clevo X370SNW
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: light: cm32181: Unregister second I2C client if present
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
usb: xhci: tegra: fix sleep in atomic call
NFSD: callback request does not use correct credential for AUTH_SYS
sunrpc: only free unix grouplist after RCU settles
net: stmmac: fix up RX flow hash indirection table when setting channels
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
gpio: davinci: Add irq chip flag to skip set wake
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
sctp: check send stream number after wait_for_sndbuf
net: don't let netpoll invoke NAPI if in xmit context
icmp: guard against too small mtu
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
net: qrtr: combine nameservice into main module
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
KVM: s390: pv: fix external interruption loop not always detected
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
Drivers: vmbus: Check for channel allocation before looking up relids
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/serial/renesas,scif.yaml
Documentation/devicetree/bindings/sound/tas2562.yaml
Documentation/devicetree/bindings/sound/tas2764.yaml
Documentation/devicetree/bindings/sound/tas2770.yaml
Documentation/devicetree/bindings/usb/cdns,usb3.yaml
drivers/firmware/qcom_scm.c
net/qrtr/af_qrtr.c
net/qrtr/ns.c
Change-Id: Iae4be21654d43667cdf433135c297352d09190bd
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
Sarannya S
|
ac2954b5e4 |
net: qrtr: Destroy xarray on endpoint unregister
Xarray and entries allocated for services filter should be freed when node is unregistered. Change-Id: I1ada63b30223923f7851af76ca8ab60c55c4d664 Signed-off-by: Deepak Kumar Singh <quic_deesin@quicinc.com> Signed-off-by: Sarannya S <quic_sarannya@quicinc.com> |
||
Maciej Żenczykowski
|
dcb17f36f3 |
BACKPORT: FROMGIT: netfilter: nfnetlink_log: always add a timestamp
Compared to all the other work we're already doing to deliver an skb to userspace this is very cheap - at worse an extra call to ktime_get_real() - and very useful. (and indeed it may even be cheaper if we're running from other hooks) (background: Android occasionally logs packets which caused wake from sleep/suspend and we'd like to have timestamps reliably associated with these events) Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Martin KaFai Lau <kafai@fb.com> Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Maciej Żenczykowski <maze@google.com> (cherry picked from commit 1d85594fd3e7e39e63b53b1bdc2d89db43b6ecd5 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main) Bug: 276360178 Change-Id: I254a8d39cb7a232d47865a04cd6e0279606fa40e |
||
Sungwoo Kim
|
8e682bb18a |
UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
commit 1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 upstream. l2cap_sock_release(sk) frees sk. However, sk's children are still alive and point to the already free'd sk's address. To fix this, l2cap_sock_release(sk) also cleans sk's children. ================================================================== BUG: KASAN: use-after-free in l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650 Read of size 8 at addr ffff888104617aa8 by task kworker/u3:0/276 CPU: 0 PID: 276 Comm: kworker/u3:0 Not tainted 6.2.0-00001-gef397bd4d5fb-dirty #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci2 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x72/0x95 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:306 [inline] print_report+0x175/0x478 mm/kasan/report.c:417 kasan_report+0xb1/0x130 mm/kasan/report.c:517 l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650 l2cap_chan_ready+0x10e/0x1e0 net/bluetooth/l2cap_core.c:1386 l2cap_config_req+0x753/0x9f0 net/bluetooth/l2cap_core.c:4480 l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5739 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:6509 [inline] l2cap_recv_frame+0xe2e/0x43c0 net/bluetooth/l2cap_core.c:7788 l2cap_recv_acldata+0x6ed/0x7e0 net/bluetooth/l2cap_core.c:8506 hci_acldata_packet net/bluetooth/hci_core.c:3813 [inline] hci_rx_work+0x66e/0xbc0 net/bluetooth/hci_core.c:4048 process_one_work+0x4ea/0x8e0 kernel/workqueue.c:2289 worker_thread+0x364/0x8e0 kernel/workqueue.c:2436 kthread+0x1b9/0x200 kernel/kthread.c:376 ret_from_fork+0x2c/0x50 arch/x86/entry/entry_64.S:308 </TASK> Allocated by task 288: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:383 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slab_common.c:968 [inline] __kmalloc+0x5a/0x140 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] sk_prot_alloc+0x113/0x1f0 net/core/sock.c:2040 sk_alloc+0x36/0x3c0 net/core/sock.c:2093 l2cap_sock_alloc.constprop.0+0x39/0x1c0 net/bluetooth/l2cap_sock.c:1852 l2cap_sock_create+0x10d/0x220 net/bluetooth/l2cap_sock.c:1898 bt_sock_create+0x183/0x290 net/bluetooth/af_bluetooth.c:132 __sock_create+0x226/0x380 net/socket.c:1518 sock_create net/socket.c:1569 [inline] __sys_socket_create net/socket.c:1606 [inline] __sys_socket_create net/socket.c:1591 [inline] __sys_socket+0x112/0x200 net/socket.c:1639 __do_sys_socket net/socket.c:1652 [inline] __se_sys_socket net/socket.c:1650 [inline] __x64_sys_socket+0x40/0x50 net/socket.c:1650 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc Freed by task 288: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:523 ____kasan_slab_free mm/kasan/common.c:236 [inline] ____kasan_slab_free mm/kasan/common.c:200 [inline] __kasan_slab_free+0x10a/0x190 mm/kasan/common.c:244 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1781 [inline] slab_free_freelist_hook mm/slub.c:1807 [inline] slab_free mm/slub.c:3787 [inline] __kmem_cache_free+0x88/0x1f0 mm/slub.c:3800 sk_prot_free net/core/sock.c:2076 [inline] __sk_destruct+0x347/0x430 net/core/sock.c:2168 sk_destruct+0x9c/0xb0 net/core/sock.c:2183 __sk_free+0x82/0x220 net/core/sock.c:2194 sk_free+0x7c/0xa0 net/core/sock.c:2205 sock_put include/net/sock.h:1991 [inline] l2cap_sock_kill+0x256/0x2b0 net/bluetooth/l2cap_sock.c:1257 l2cap_sock_release+0x1a7/0x220 net/bluetooth/l2cap_sock.c:1428 __sock_release+0x80/0x150 net/socket.c:650 sock_close+0x19/0x30 net/socket.c:1368 __fput+0x17a/0x5c0 fs/file_table.c:320 task_work_run+0x132/0x1c0 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x113/0x120 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x21/0x50 kernel/entry/common.c:296 do_syscall_64+0x4c/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x72/0xdc The buggy address belongs to the object at ffff888104617800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 680 bytes inside of 1024-byte region [ffff888104617800, ffff888104617c00) The buggy address belongs to the physical page: page:00000000dbca6a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888104614000 pfn:0x104614 head:00000000dbca6a80 order:2 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 flags: 0x200000000010200(slab|head|node=0|zone=2) raw: 0200000000010200 ffff888100041dc0 ffffea0004212c10 ffffea0004234b10 raw: ffff888104614000 0000000000080002 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888104617980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888104617a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888104617a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888104617b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888104617b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Bug: 297025149 Ack: This bug is found by FuzzBT with a modified Syzkaller. Other contributors are Ruoyu Wu and Hui Peng. Signed-off-by: Sungwoo Kim <iam@sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 29fac18499332211b2615ade356e2bd8b3269f98) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I1f4cf5a928b4825c63488bde0d5589517cc84ef8 |
||
Pablo Neira Ayuso
|
819a8605da |
UPSTREAM: netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
[ Upstream commit 0ebc1064e4874d5987722a2ddbc18f94aa53b211 ]
Bail out with EOPNOTSUPP when adding rule to bound chain via
NFTA_RULE_CHAIN_ID. The following warning splat is shown when
adding a rule to a deleted bound chain:
WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
Bug: 296128351
Fixes:
|
||
valis
|
6f01e099d8 |
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
[ Upstream commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 ]
When route4_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class,
as tcf_unbind_filter() is always called on the old instance in the
success path, decreasing filter_cnt of the still referenced class
and allowing it to be deleted, leading to a use-after-free.
Fix this by no longer copying the tcf_result struct from the old filter.
Bug: 296347075
Fixes:
|
||
|
valis
|
0ebe76176b |
UPSTREAM: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
[ Upstream commit 76e42ae831991c828cffa8c37736ebfb831ad5ec ]
When fw_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class,
as tcf_unbind_filter() is always called on the old instance in the
success path, decreasing filter_cnt of the still referenced class
and allowing it to be deleted, leading to a use-after-free.
Fix this by no longer copying the tcf_result struct from the old filter.
Bug: 296347075
Fixes:
|
||
|
valis
|
45edbf4058 |
UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
[ Upstream commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 ]
When u32_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class,
as tcf_unbind_filter() is always called on the old instance in the
success path, decreasing filter_cnt of the still referenced class
and allowing it to be deleted, leading to a use-after-free.
Fix this by no longer copying the tcf_result struct from the old filter.
Bug: 296347075
Fixes:
|
||
|
Pablo Neira Ayuso
|
28b82089b2 |
UPSTREAM: netfilter: nf_tables: skip bound chain on rule flush
[ Upstream commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 ]
Skip bound chain when flushing table rules, the rule that owns this
chain releases these objects.
Otherwise, the following warning is triggered:
WARNING: CPU: 2 PID: 1217 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
CPU: 2 PID: 1217 Comm: chain-flush Not tainted 6.1.39 #1
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
Bug: 294357305
Fixes:
|
||
M A Ramdhan
|
bad8adda41 |
UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
[ Upstream commit 0323bce598eea038714f941ce2b22541c46d488f ]
In the event of a failure in tcf_change_indev(), fw_set_parms() will
immediately return an error after incrementing or decrementing
reference counter in tcf_bind_filter(). If attacker can control
reference counter to zero and make reference freed, leading to
use after free.
In order to prevent this, move the point of possible failure above the
point where the TC_FW_CLASSID is handled.
Bug: 292252062
Bug: 290783303
Fixes:
|
||
Florian Westphal
|
0fa8d8cd99 |
UPSTREAM: netfilter: nft_set_pipapo: fix improper element removal
[ Upstream commit 87b5a5c209405cb6b57424cdfa226a6dbd349232 ]
end key should be equal to start unless NFT_SET_EXT_KEY_END is present.
Its possible to add elements that only have a start key
("{ 1.0.0.0 . 2.0.0.0 }") without an internval end.
Insertion treats this via:
if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY_END))
end = (const u8 *)nft_set_ext_key_end(ext)->data;
else
end = start;
but removal side always uses nft_set_ext_key_end().
This is wrong and leads to garbage remaining in the set after removal
next lookup/insert attempt will give:
BUG: KASAN: slab-use-after-free in pipapo_get+0x8eb/0xb90
Read of size 1 at addr ffff888100d50586 by task nft-pipapo_uaf_/1399
Call Trace:
kasan_report+0x105/0x140
pipapo_get+0x8eb/0xb90
nft_pipapo_insert+0x1dc/0x1710
nf_tables_newsetelem+0x31f5/0x4e00
..
Bug: 293587745
Fixes:
|
||
Subrat Dash
|
a104bbc75b |
cfg80211: Add regdb support for the wil6210 driver
Add regdb support for the wil6210 driver. Change-Id: I9a887043e4c3c7ade0cf7183213b87cea69a789e Signed-off-by: Subrat Dash <quic_sdash@quicinc.com> |
||
|
Srinivasarao Pathipati
|
c1db035d70 |
Merge keystone/android12-5.10-keystone-qcom-release.177+ (7f7ea82) into msm-5.10
* refs/heads/tmp-7f7ea82:
UPSTREAM: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
UPSTREAM: media: rkvdec: fix use after free bug in rkvdec_remove
UPSTREAM: x86/mm: Avoid using set_pgd() outside of real PGD pages
UPSTREAM: relayfs: fix out-of-bounds access in relay_file_read
UPSTREAM: io_uring: hold uring mutex around poll removal
UPSTREAM: net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
UPSTREAM: ipvlan:Fix out-of-bounds caused by unclear skb->cb
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hook: Add hook to tune readaround size
ANDROID: vendor_hooks: Add hooks to avoid key threads stalled in memory allocations
UPSTREAM: f2fs: fix to avoid use-after-free for cached IPU bio
UPSTREAM: net/sched: cls_u32: Fix reference counter leak leading to overflow
UPSTREAM: xfs: verify buffer contents when we skip log replay
UPSTREAM: memstick: r592: Fix UAF bug in r592_remove due to race condition
BACKPORT: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
ANDROID: ABI: Update oplus symbol list
ANDROID: Export memcg functions to allow module to add new files
ANDROID: HID: Only utilise UHID provided exports if UHID is enabled
UPSTREAM: bluetooth: Perform careful capability checks in hci_sock_ioctl()
ANDROID: HID; Over-ride default maximum buffer size when using UHID
UPSTREAM: usb: gadget: f_fs: Add unbind event before functionfs_unbind
UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
ANDROID: GKI: update symbol list for exynos
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
UPSTREAM: 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
FROMGIT: pstore: Revert pmsg_lock back to a normal mutex
ANDROID: vendor_hook: Avoid clearing protect-flag before waking waiters
ANDROID: fix a race between speculative page walk and unmap operations
BACKPORT: usb: gadget: udc: Handle gadget_connect failure during bind operation
BACKPORT: usb: dwc3: gadget: Bail out in pullup if soft reset timeout happens
BACKPORT: f2fs: skip GC if possible when checkpoint disabling
UPSTREAM: KVM: x86: do not report a vCPU as preempted outside instruction boundaries
ANDROID: remove CONFIG_NET_CLS_TCINDEX from gki_defconfig
BACKPORT: net/sched: Retire tcindex classifier
FROMLIST: usb: xhci: Remove unused udev from xhci_log_ctx trace event
UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hook: add hooks in dm_bufio.c
ANDROID: GKI: Update symbol list for mtk
UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ANDROID: uid_sys_stats: defer process_notifier work if uid_lock is contended
Revert "net: mdio: fix owner field for mdio buses registered using device-tree"
Linux 5.10.177
hsr: ratelimit only when errors are printed
gfs2: Always check inode size of inline inodes
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
libbpf: Fix btf_dump's packed struct determination
selftests/bpf: Add few corner cases to test padding handling of btf_dump
libbpf: Fix BTF-to-C converter's padding logic
selftests/bpf: Test btf dump for struct with padding only fields
zonefs: Fix error message in zonefs_file_dio_append()
btrfs: scan device in non-exclusive mode
s390/uaccess: add missing earlyclobber annotations to __clear_user()
drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
drm/etnaviv: fix reference leak when mmaping imported buffer
rcu: Fix rcu_torture_read ftrace event
xtensa: fix KASAN report for show_stack
ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
ALSA: usb-audio: Fix regression on detection of Roland VS-100
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
NFSv4: Fix hangs when recovering open state after a server reboot
powerpc: Don't try to copy PPR for task with NULL pt_regs
pinctrl: at91-pio4: fix domain name assignment
pinctrl: amd: Disable and mask interrupts on resume
net: phy: dp83869: fix default value for tx-/rx-internal-delay
xen/netback: don't do grant copy across page boundary
btrfs: fix race between quota disable and quota assign ioctls
Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
cifs: prevent infinite recursion in CIFSGetDFSRefer()
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
pinctrl: ocelot: Fix alt mode for ocelot
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
bnxt_en: Add missing 200G link speed reporting
bnxt_en: Fix typo in PCI id to device description string mapping
i40e: fix registers dump after run ethtool adapter self test
net: ipa: compute DMA pool size properly
ALSA: ymfpci: Fix BUG_ON in probe function
ALSA: ymfpci: Fix assignment in if condition
s390/vfio-ap: fix memory leak in vfio_ap device driver
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
net: stmmac: don't reject VLANs when IFF_PROMISC is set
net/net_failover: fix txq exceeding warning
regulator: Handle deferred clk
r8169: fix RTL8168H and RTL8107E rx crc error
ptp_qoriq: fix memory leak in probe()
scsi: megaraid_sas: Fix crash after a double completion
sfc: ef10: don't overwrite offload features at NIC reset
mtd: rawnand: meson: invalidate cache on polling ECC bit
mips: bmips: BCM6358: disable RAC flush for TP1
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
tracing: Fix wrong return in kprobe_event_gen_test.c
tools/power turbostat: Fix /dev/cpu_dma_latency warnings
fbdev: au1200fb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: nvidia: Fix potential divide by zero
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
fbdev: tgafb: Fix potential divide by zero
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
ALSA: asihpi: check pao in control_message()
net: hsr: Don't log netdev_err message on unknown prp dst node
md: avoid signed overflow in slot_store()
fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
dm crypt: avoid accessing uninitialized tasklet
bus: imx-weim: fix branch condition evaluates to a garbage value
drm/meson: fix missing component unbind on bind errors
drm/meson: Fix error handling when afbcd.ops->init fails
kcsan: avoid passing -g for test
kernel: kcsan: kcsan_test: build without structleak plugin
usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
usb: dwc3: gadget: move cmd_endtransfer to extra function
NFSD: fix use-after-free in __nfs42_ssc_open()
KVM: fix memoryleak in kvm_init()
xfs: don't reuse busy extents on extent trim
xfs: shut down the filesystem if we screw up quota reservation
ocfs2: fix data corruption after failed write
sched/fair: Sanitize vruntime of entity being migrated
sched/fair: sanitize vruntime of entity being placed
dm crypt: add cond_resched() to dmcrypt_write()
dm stats: check for and propagate alloc_percpu failure
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
firmware: arm_scmi: Fix device node validation for mailbox transport
tee: amdtee: fix race condition in amdtee_open_session
drm/i915: Preserve crtc_state->inherited during state clearing
drm/i915/active: Fix missing debug object activation
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
wifi: mac80211: fix qos on mesh interfaces
usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
usb: chipidea: core: fix possible concurrent when switch role
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
usb: cdns3: Fix issue with using incorrect PCI device function
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
fsverity: Remove WQ_UNBOUND from fsverity read workqueue
usb: gadget: u_audio: don't let userspace block driver unbind
usb: dwc2: fix a devres leak in hw_enable upon suspend resume
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
cifs: empty interface list when server doesn't support query interfaces
sh: sanitize the flags on sigreturn
net: usb: qmi_wwan: add Telit 0x1080 composition
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
scsi: lpfc: Avoid usage of list iterator variable after loop
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: hisi_sas: Check devm_add_action() return value
scsi: target: iscsi: Fix an error message in iscsi_check_key()
selftests/bpf: check that modifier resolves after pointer
m68k: Only force 030 bus error if PC not in exception table
ca8210: fix mac_len negative array access
HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
riscv: Bump COMMAND_LINE_SIZE value to 1024
thunderbolt: Use const qualifier for `ring_interrupt_index`
thunderbolt: Use scale field when allocating USB3 bandwidth
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
scsi: qla2xxx: Perform lockless command completion in abort path
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
hwmon: fix potential sensor registration fail if of_node is missing
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: L2CAP: Fix responding with wrong PDU type
Bluetooth: L2CAP: Fix not checking for maximum number of DCID
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
net: mdio: thunder: Add missing fwnode_handle_put()
gve: Cache link_speed value from device
nvme-tcp: fix nvme_tcp_term_pdu to match spec
net/sonic: use dma_mapping_error() for error check
erspan: do not use skb_mac_header() in ndo_start_xmit()
atm: idt77252: fix kmemleak when rmmod idt77252
net/mlx5: E-Switch, Fix an Oops in error handling code
net/mlx5: Read the TC mapping of all priorities on ETS query
net/mlx5: Fix steering rules cleanup
bpf: Adjust insufficient default bpf_jit_limit
keys: Do not cache key in task struct if key is requested from kernel thread
bootconfig: Fix testcase to increase max node
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
net: mdio: fix owner field for mdio buses registered using device-tree
net: phy: Ensure state transitions are processed from phy_stop()
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
net: usb: smsc95xx: Limit packet length to skb->len
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
i2c: imx-lpi2c: check only for enabled interrupt flags
igc: fix the validation logic for taprio's gate list
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: fix non-tunneled IPv6 UDP packet type and hashing
iavf: fix inverted Rx hash condition leading to disabled hash
xsk: Add missing overflow check in xdp_umem_reg
ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
drm/sun4i: fix missing component unbind on bind errors
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
tty: serial: fsl_lpuart: fix race on RX DMA shutdown
serial: fsl_lpuart: Fix comment typo
KVM: Register /dev/kvm as the _very_ last thing during initialization
KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except()
KVM: Optimize kvm_make_vcpus_request_mask() a bit
KVM: KVM: Use cpumask_available() to check for NULL cpumask when kicking vCPUs
KVM: Clean up benign vcpu->cpu data races when kicking vCPUs
ipmi:ssif: Add a timer between request retries
ipmi:ssif: resend_msg() cannot fail
ipmi:ssif: Increase the message retry time
ipmi:ssif: make ssif_i2c_send() void
perf: fix perf_event_context->time
perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
interconnect: qcom: osm-l3: fix icc_onecell_data allocation
Revert "HID: core: Provide new max_buffer_size attribute to over-ride the default"
Revert "HID: uhid: Over-ride the default maximum data buffer value with our own"
ANDROID: preserve CRC for __irq_domain_add()
Revert "PCI: loongson: Prevent LS7A MRRS increases"
Revert "PCI: loongson: Add more devices that need MRRS quirk"
ANDROID: remove CONFIG_NET_CLS_TCINDEX from gki_defconfig
Linux 5.10.176
HID: uhid: Over-ride the default maximum data buffer value with our own
HID: core: Provide new max_buffer_size attribute to over-ride the default
xfs: remove xfs_setattr_time() declaration
fs: use consistent setgid checks in is_sxid()
attr: use consistent sgid stripping checks
attr: add setattr_should_drop_sgid()
fs: move should_remove_suid()
attr: add in_group_or_capable()
fs: move S_ISGID stripping into the vfs_*() helpers
fs: add mode_strip_sgid() helper
xfs: use setattr_copy to set vfs inode attributes
xfs: set prealloc flag in xfs_alloc_file_space()
xfs: fallocate() should call file_modified()
xfs: remove XFS_PREALLOC_SYNC
xfs: don't leak btree cursor when insrec fails after a split
xfs: purge dquots after inode walk fails during quotacheck
xfs: don't assert fail on perag references on teardown
PCI/DPC: Await readiness of secondary bus after reset
PCI: Unify delay handling for reset and resume
s390/ipl: add missing intersection check to ipl_report handling
io_uring: avoid null-ptr-deref in io_arm_poll_handler
drm/i915/active: Fix misuse of non-idle barriers as fence trackers
drm/i915: Don't use stolen memory for ring buffers with LLC
x86/mm: Fix use of uninitialized buffer in sme_enable()
x86/mce: Make sure logged MCEs are processed after sysfs update
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
mmc: sdhci_am654: lower power-on failed message severity
mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
ftrace: Fix invalid address access in lookup_rec() when index is 0
mptcp: avoid setting TCP_CLOSE state twice
drm/shmem-helper: Remove another errant put in error path
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
ALSA: hda: intel-dsp-config: add MTL PCI id
KVM: nVMX: add missing consistency checks for CR0 and CR4
cifs: Fix smb2_set_path_size()
tracing: Make tracepoint lockdep check actually test something
tracing: Check field value in hist_field_name()
tracing: Make splice_read available again
interconnect: fix mem leak when freeing nodes
firmware: xilinx: don't make a sleepable memory allocation from an atomic context
serial: 8250_em: Fix UART port type
tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
ext4: fix possible double unlock when moving a directory
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
sh: intc: Avoid spurious sizeof-pointer-div warning
drm/amdkfd: Fix an illegal memory access
ext4: fix task hung in ext4_xattr_delete_inode
ext4: fail ext4_iget if special inode unallocated
jffs2: correct logic when creating a hole in jffs2_write_begin
mmc: atmel-mci: fix race between stop command and start of next command
media: m5mols: fix off-by-one loop termination error
hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
hwmon: tmp512: drop of_match_ptr for ID table
hwmon: (ucd90320) Add minimum delay between bus accesses
hwmon: (ina3221) return prober error code
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (adt7475) Display smoothing attributes in correct order
ethernet: sun: add check for the mdesc_grab()
qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
selftests: net: devlink_port_split.py: skip test if no suitable device available
net/iucv: Fix size of interrupt data
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
ipv4: Fix incorrect table ID in IOCTL path
net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
ice: xsk: disable txq irq before flushing hw
block: sunvdc: add check for mdesc_grab() returning NULL
nvmet: avoid potential UAF in nvmet_req_complete()
nvme: fix handling single range discard request
block: null_blk: Fix handling of fake timeout request
null_blk: Move driver into its own directory
drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
net: usb: smsc75xx: Limit packet length to skb->len
net/smc: fix deadlock triggered by cancel_delayed_work_syn()
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
net: tunnels: annotate lockless accesses to dev->needed_headroom
qed/qed_dev: guard against a possible division by zero
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
i40e: Fix kernel crash during reboot when adapter is in recovery mode
ipvlan: Make skb->skb_iif track skb->dev for l3s mode
nfc: pn533: initialize struct pn533_out_arg properly
tcp: tcp_make_synack() can be called from process context
scsi: core: Fix a procfs host directory removal regression
scsi: core: Fix a comment in function scsi_host_dev_release()
netfilter: nft_redir: correct value of inet type `.maxattrs`
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_nat: correct length for loading protocol registers
ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
clk: HI655X: select REGMAP instead of depending on it
drm/meson: fix 1px pink line on GXM when scaling video overlay
cifs: Move the in_send statistic to __smb_send_rqst()
drm/panfrost: Don't sync rpm suspension after mmu flushing
xfrm: Allow transport-mode states with AF_UNSPEC selector
Linux 5.10.175
s390/dasd: add missing discipline function
KVM: VMX: Fix crash due to uninitialized current_vmcs
KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
KVM: nVMX: Don't use Enlightened MSR Bitmap for L3
UML: define RUNTIME_DISCARD_EXIT
sh: define RUNTIME_DISCARD_EXIT
s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
arch: fix broken BuildID for arm64 and riscv
ext4: block range must be validated before use in ext4_mb_clear_bb()
ext4: add strict range checks while freeing blocks
ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
drm/i915: Don't use BAR mappings for ring buffers with LLC
skbuff: Fix nfct leak on napi stolen
ipmi:watchdog: Set panic count to proper value on a panic
ipmi/watchdog: replace atomic_add() and atomic_sub()
media: rc: gpio-ir-recv: add remove function
media: ov5640: Fix analogue gain control
scripts: handle BrokenPipeError for python scripts
PCI: Add SolidRun vendor ID
macintosh: windfarm: Use unsigned type for 1-bit bitfields
alpha: fix R_ALPHA_LITERAL reloc for large modules
powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
MIPS: Fix a compilation issue
block, bfq: fix uaf for bfqq in bic_set_bfqq()
block, bfq: replace 0/1 with false/true in bic apis
block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
block, bfq: fix possible uaf for 'bfqq->bic'
tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
ext4: Fix deadlock during directory rename
RISC-V: Don't check text_mutex during stop_machine
riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
SUNRPC: Fix a server shutdown leak
net/smc: fix fallback failed while sendmsg with fastopen
platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
scsi: megaraid_sas: Update max supported LD IDs to 240
net: ethernet: mtk_eth_soc: fix RX data corruption issue
btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
netfilter: tproxy: fix deadlock due to missing BH disable
netfilter: ctnetlink: revert to dumping mark regardless of event type
bnxt_en: Avoid order-5 memory allocation for TPA data
net: phylib: get rid of unnecessary locking
net: stmmac: add to set device wake up flag when stmmac init phy
net: caif: Fix use-after-free in cfusbl_device_notify()
net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver
net: usb: lan78xx: Remove lots of set but unused 'ret' variables
selftests: nft_nat: ensuring the listening side is up before starting the client
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
powerpc: dts: t1040rdb: fix compatible string for Rev A boards
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
bgmac: fix *initial* chip reset to support BCM5358
drm/msm/a5xx: fix context faults during ring switch
drm/msm/a5xx: fix the emptyness check in the preempt code
drm/msm: Document and rename preempt_lock
drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
drm/msm: Fix potential invalid ptr free
drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
drm/nouveau/kms/nv50-: remove unused functions
ext4: Fix possible corruption when moving a directory
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
riscv: Add header include guards to insn.h
riscv: Avoid enabling interrupts in die()
RISC-V: Avoid dereferening NULL regs in die()
arm64: efi: Make efi_rt_lock a raw_spinlock
iommu/vt-d: Fix PASID directory pointer coherency
iommu/vt-d: Fix lockdep splat in intel_pasid_get_entry()
irqdomain: Fix domain registration race
irqdomain: Change the type of 'size' in __irq_domain_add() to be consistent
irqdomain: Fix mapping-creation race
irqdomain: Refactor __irq_domain_alloc_irqs()
irqdomain: Look for existing mapping only once
irq: Fix typos in comments
udf: Fix off-by-one error when discarding preallocation
nfc: change order inside nfc_se_io error path
ext4: zero i_disksize when initializing the bootloader inode
ext4: fix WARNING in ext4_update_inline_data
ext4: move where set the MAY_INLINE_DATA flag is set
ext4: fix another off-by-one fsmap error on 1k block filesystems
ext4: fix RENAME_WHITEOUT handling for inline directories
ext4: fix cgroup writeback accounting with fs-layer encryption
drm/connector: print max_requested_bpc in state debugfs
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
fork: allow CLONE_NEWTIME in clone3 flags
fs: prevent out-of-bounds array speculation when closing a file descriptor
Linux 5.10.174
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
Linux 5.10.173
usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
malidp: Fix NULL vs IS_ERR() checking
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
scsi: mpt3sas: Don't change DMA mask while reallocating pools
Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
media: uvcvideo: Fix race condition with usb_kill_urb
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
tcp: Fix listen() regression in 5.10.163
Bluetooth: hci_sock: purge socket queues in the destruct() callback
drm/display/dp_mst: Fix down message handling after a packet reception error
drm/display/dp_mst: Fix down/up message handling after sink disconnect
x86/resctl: fix scheduler confusion with 'current'
x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
net: tls: avoid hanging tasks on the tx_lock
soundwire: cadence: Drain the RX FIFO after an IO timeout
soundwire: cadence: Remove wasted space in response_buf
phy: rockchip-typec: Fix unsigned comparison with less than zero
PCI: Add ACS quirk for Wangxun NICs
PCI: loongson: Add more devices that need MRRS quirk
kernel/fail_function: fix memory leak with using debugfs_lookup()
PCI: Take other bus devices into account when distributing resources
PCI: Align extra resources for hotplug bridges properly
usb: gadget: uvc: Make bSourceID read/write
usb: uvc: Enumerate valid values for color matching
USB: ene_usb6250: Allocate enough memory for full object
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
PCI: loongson: Prevent LS7A MRRS increases
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
tools/iio/iio_utils:fix memory leak
mei: bus-fixup:upon error print return values of send and receive
serial: sc16is7xx: setup GPIO controller later in probe
tty: serial: fsl_lpuart: disable the CTS when send break signal
tty: fix out-of-bounds access in tty_driver_lookup_tty()
staging: emxx_udc: Add checks for dma_alloc_coherent()
media: uvcvideo: Silence memcpy() run-time false positive warnings
media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Handle cameras with invalid descriptors
IB/hfi1: Update RMT size calculation
mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
thermal: intel: quark_dts: fix error pointer dereference
ASoC: zl38060 add gpiolib dependency
ASoC: zl38060: Remove spurious gpiolib select
ASoC: adau7118: don't disable regulators on device unbind
loop: loop_set_status_from_info() check before assignment
scsi: ipr: Work around fortify-string warning
rtc: sun6i: Always export the internal oscillator
vc_screen: modify vcs_size() handling in vcs_read()
tcp: tcp_check_req() can be called from process context
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
net/sched: act_sample: fix action bind logic
nfc: fix memory leak of se_io context in nfc_genl_se_io
net/mlx5: Geneve, Fix handling of Geneve object id as error code
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
9p/xen: fix connection sequence
9p/xen: fix version parsing
net: fix __dev_kfree_skb_any() vs drop monitor
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
netfilter: ebtables: fix table blob use-after-free
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubifs: Fix memory leak in alloc_wbufs()
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubi: Fix use-after-free when volume resizing failed
ubifs: Reserve one leb for each journal head while doing budget
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubifs: Fix build errors as symbol undefined
ubi: ensure that VID header offset + VID header size <= alloc, size
um: vector: Fix memory leak in vector_config
fs: f2fs: initialize fsdata in pagecache_write()
f2fs: use memcpy_{to,from}_page() where possible
pwm: stm32-lp: fix the check on arr and cmp registers update
pwm: sifive: Always let the first pwm_apply_state succeed
pwm: sifive: Reduce time the controller lock is held
objtool: Fix memory leak in create_static_call_sections()
fs/jfs: fix shift exponent db_agl2size negative
net/sched: Retire tcindex classifier
kbuild: Port silent mode detection to future gnu make.
pinctrl: rockchip: fix reading pull type on rk3568
pinctrl: rockchip: fix mux route data for rk3568
wifi: ath9k: use proper statements in conditionals
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
drm/edid: fix AVI infoframe aspect ratio handling
drm/radeon: Fix eDP for single-display iMac11,2
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
vfio/type1: prevent underflow of locked_vm via exec()
PCI: Avoid FLR for AMD FCH AHCI adapters
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI/PM: Observe reset delay irrespective of bridge_d3
riscv: jump_label: Fixup unaligned arch_static_branch function
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Don't attach if enclosure has no components
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Fix link failure in NPIV environment
ring-buffer: Handle race between rb_move_tail and rb_check_pages
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Give back console on Ctrt^C on monitor
mm/thp: check and bail out if page in deferred queue already
mm: memcontrol: deprecate charge moving
docs: gdbmacros: print newest record
remoteproc/mtk_scp: Move clk ops outside send_lock
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
mips: fix syscall_get_nr
dax/kmem: Fix leak of memory-hotplug resources
alpha: fix FEN fault handling
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ARM: dts: exynos: correct TMU phandle in Odroid HC1
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Exynos4210
dm flakey: don't corrupt the zero page
dm flakey: fix logic when corrupting a bio
thermal: intel: powerclamp: Fix cur_state for multi package system
wifi: cfg80211: Fix use after free for wext
wifi: rtl8xxxu: Use a longer retry limit of 48
dm: add cond_resched() to dm_wq_work()
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
ext4: refuse to create ea block when umounted
ext4: optimize ea_inode block expansion
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
io_uring/poll: allow some retries for poll triggering spuriously
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring/rsrc: disallow multi-source reg buffers
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring: mark task TASK_RUNNING before handling resume/task work
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
irqdomain: Drop bogus fwspec-mapping error handling
irqdomain: Fix disassociation race
irqdomain: Fix association race
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
brd: return 0/-error from brd_insert_page()
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
x86/speculation: Allow enabling STIBP with legacy IBRS
x86/microcode/AMD: Fix mixed steppings support
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
KVM: s390: disable migration mode when dirty tracking is disabled
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: Destroy target device if coalesced MMIO unregistration fails
udf: Fix file corruption when appending just after end of preallocated extent
udf: Detect system inodes linked into directory hierarchy
udf: Preserve link count of system files
udf: Do not update file length for failed writes to inline files
udf: Do not bother merging very long extents
udf: Truncate added extents on failed expansion
ocfs2: fix non-auto defrag path not working issue
ocfs2: fix defrag path triggering jbd2 ASSERT
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: fix information leak in f2fs_move_inline_dirents()
exfat: fix inode->i_blocks for non-512 byte sector size device
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix unexpected EOF while reading dir
exfat: fix reporting fs error when reading dir beyond EOF
fs: hfsplus: fix UAF issue in hfsplus_put_super
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390: discard .interp section
s390/extmem: return correct segment type in __segment_load()
ipmi_ssif: Rename idle state and check
rtc: pm8xxx: fix set-alarm race
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
nfsd: zero out pointers after putting nfsd_files on COPY setup error
dm cache: add cond_resched() to various workqueue loops
dm thin: add cond_resched() to various workqueue loops
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
HID: logitech-hidpp: Don't restart communication if not necessary
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
hwmon: (coretemp) Simplify platform device handling
gfs2: Improve gfs2_make_fs_rw error handling
regulator: s5m8767: Bounds check id indexing into arrays
regulator: max77802: Bounds check regulator id against opmode
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm: amd: display: Fix memory leakage
drm/radeon: free iio for atombios when driver shutdown
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
HID: Add Mapping for System Microphone Mute
drm/omap: dsi: Fix excessive stack usage
drm/amd/display: Fix potential null-deref in dm_resume
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
PM: EM: fix memory leak with using debugfs_lookup()
uaccess: Add minimum bounds check on kernel buffer size
coda: Avoid partial allocation of sig_inputArgs
net/mlx5: fw_tracer: Fix debug print
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
m68k: Check syscall_trace_enter() return code
net: bcmgenet: Add a check for oversized packets
crypto: hisilicon: Wipe entire pool on error
clocksource: Suspend the watchdog temporarily when high read latency detected
ACPI: Don't build ACPICA with '-Os'
ice: add missing checks for PF vsi type
inet: fix fast path in __inet_hash_connect()
wifi: mt7601u: fix an integer underflow
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
x86/bugs: Reset speculation control settings on init
timers: Prevent union confusion from unexpected restart_syscall()
thermal: intel: Fix unsigned comparison with less than zero
wifi: ath11k: debugfs: fix to work with multiple PCI devices
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
blk-iocost: fix divide by 0 error in calc_lcoefs()
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
udf: Define EFSCORRUPTED error code
rpmsg: glink: Avoid infinite loop on intent for missing channel
media: saa7134: Use video_unregister_device for radio_dev
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: imx219: Fix binning for RAW8 capture
media: i2c: imx219: Split common registers from mode tables
media: i2c: imx219: remove redundant writes
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: ov5675: Fix memleak in ov5675_init_controls()
media: ov2740: Fix memleak in ov2740_init_controls()
media: max9286: Fix memleak in max9286_v4l2_register()
builddeb: clean generated package content
powerpc: Remove linker flag from KBUILD_AFLAGS
media: platform: ti: Add missing check for devm_regulator_get
media: ti: cal: fix possible memory leak in cal_ctx_create()
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
Input: iqs269a - do not poll during ATI
Input: iqs269a - do not poll during suspend or resume
alpha/boot/tools/objstrip: fix the check for ELF header
vdpa/mlx5: Don't clear mr struct on destroy MR
MIPS: vpe-mt: drop physical_memsize
MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
powerpc/eeh: Set channel state after notifying the drivers
powerpc/eeh: Small refactor of eeh_handle_normal_event()
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/rtas: make all exports GPL
powerpc/pseries/lparcfg: add missing RTAS retry status handling
powerpc/pseries/lpar: add missing RTAS retry status handling
powerpc/perf/hv-24x7: add missing RTAS retry status handling
clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
Input: ads7846 - don't check penirq immediately for 7845
Input: ads7846 - always set last command to PWRDOWN
Input: ads7846 - convert to one message
Input: ads7846 - convert to full duplex
Input: ads7846 - don't report pressure for ads7845
clk: imx: avoid memory leak
clk: renesas: cpg-mssr: Remove superfluous check in resume code
clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
Input: iqs269a - configure device with a single block write
Input: iqs269a - increase interrupt handler return delay
Input: iqs269a - drop unused device node references
mtd: rawnand: sunxi: Fix the size of the last OOB region
RISC-V: fix funct4 definition for c.jalr in parse_asm.h
clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
objtool: add UACCESS exceptions for __tsan_volatile_read/write
printf: fix errname.c list
selftests/ftrace: Fix bash specific "==" operator
sparc: allow PM configs for sparc32 COMPILE_TEST
perf tools: Fix auto-complete on aarch64
leds: led-core: Fix refcount leak in of_led_get()
perf llvm: Fix inadvertent file creation
gfs2: jdata writepage fix
cifs: Fix warning and UAF when destroy the MR list
cifs: Fix lost destroy smbd connection when MR allocate failed
nfsd: fix race to check ls_layouts
hid: bigben_probe(): validate report count
HID: bigben: use spinlock to safely schedule workers
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to protect concurrent accesses
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
NFS: fix disabling of swap
nfs4trace: fix state manager flag printing
NFSv4: keep state manager thread active if swap is enabled
NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
dm: remove flush_scheduled_work() during local_exit()
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
hwmon: (mlxreg-fan) Return zero speed for broken fan
spi: bcm63xx-hsspi: Fix multi-bit mode setting
spi: bcm63xx-hsspi: fix pm_runtime
scsi: aic94xx: Add missing check for dma_map_single()
scsi: mpt3sas: Fix a memory leak
drm/amdgpu: fix enum odm_combine_mode mismatch
hwmon: (ltc2945) Handle error case in ltc2945_value_store
ASoC: dt-bindings: meson: fix gx-card codec node regex
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: atmel: fix spelling mistakes
ASoC: mchp-spdifrx: fix controls which rely on rsr register
spi: dw_bt1: fix MUX_MMIO dependencies
gpio: vf610: connect GPIO label to dev name
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
drm/mediatek: Clean dangling pointer on bind error path
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
gpu: host1x: Don't skip assigning syncpoints to channels
pinctrl: mediatek: Initialize variable *buf to zero
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
drm/msm/mdp5: Add check for kzalloc
drm/msm/dpu: Add check for pstates
drm/msm/dpu: Add check for cstate
drm/msm: use strscpy instead of strncpy
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drm/bridge: lt9611: pass a pointer to the of node
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix sleep mode setup
drm/msm/dpu: Disallow unallocated resources to be returned
ALSA: hda/ca0132: minor fix for allocation size
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
ASoC: fsl_sai: initialize is_dsp_mode flag
drm/vc4: hdmi: Correct interlaced timings again
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hvs: Set AXI panic modes
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
pinctrl: rockchip: do coding style for mux route struct
pinctrl: rockchip: add support for rk3568
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm: tidss: Fix pixel format definition
drm/vc4: dpi: Fix format mapping for RGB565
drm/vc4: dpi: Add option for inverting pixel clock and output enable
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
sefltests: netdevsim: wait for devlink instance after netns removal
selftest: fib_tests: Always cleanup before exit
net: bcmgenet: fix MoCA LED control
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
selftests/net: Interpret UDP_GRO cmsg data as an int value
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
bpf: Fix global subprog context argument resolution logic
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
thermal/drivers/hisi: Drop second sensor hi3660
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
crypto: crypto4xx - Call dma_unmap_page when done
selftests/bpf: Fix out-of-srctree build
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: iwl3945: Add missing check for create_singlethread_workqueue
RISC-V: time: initialize hrtimer based broadcast clock event device
m68k: /proc/hardware should depend on PROC_FS
crypto: rsa-pkcs1pad - Use akcipher_request_complete
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
Bluetooth: L2CAP: Fix potential user-after-free
OPP: fix error checking in opp_migrate_dentry()
tap: tap_open(): correctly initialize socket uid
tun: tun_chr_open(): correctly initialize socket uid
net: add sock_init_data_uid()
s390/vmem: fix empty page tables cleanup under KASAN
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip: Fix refcount leak in platform_irqchip_probe
net/mlx5: Enhance debug print in page allocation failure
bpftool: profile online CPUs instead of possible
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
crypto: ccp - Refactor out sev_fw_alloc()
leds: led-class: Add missing put_device() to led_put()
crypto: xts - Handle EBUSY correctly
net: ethernet: ti: add missing of_node_put before return
net: ethernet: ti: am65-cpsw: handle deferred probe with dev_err_probe()
net: ethernet: ti: am65-cpsw: fix tx csum offload for multi mac mode
x86/microcode: Adjust late loading result reporting message
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
x86/microcode: Print previous version of microcode after reload
x86/microcode: Default-disable late loading
x86/microcode: Rip out the OLD_INTERFACE
x86: Mark stop_this_cpu() __noreturn
x86/microcode: Replace deprecated CPU-hotplug functions.
x86/cpu: Init AP exception handling from cpu_init_secondary()
powercap: fix possible name leak in powercap_register_zone()
crypto: seqiv - Handle EBUSY correctly
crypto: essiv - Handle EBUSY correctly
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
ACPI: battery: Fix missing NUL-termination with large strings
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
ath9k: htc: clean up statistics macros
ath9k: hif_usb: simplify if-if to if-else
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: orinoco: check return value of hermes_write_wordrec()
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
thermal/drivers/tsens: Add compat string for the qcom,msm8960
thermal/drivers/qcom/tsens_v1: Enable sensor 3 on MSM8976
thermal/drivers/tsens: Drop msm8976-specific defines
ACPICA: nsrepair: handle cases without a return value correctly
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
crypto: ccp: Use the stack and common buffer for status commands
crypto: ccp: Use the stack for small SEV command buffers
lib/mpi: Fix buffer overrun when SG is too long
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
genirq: Fix the return type of kstat_cpu_irqs_sum()
ACPICA: Drop port I/O validation for some regions
crypto: x86/ghash - fix unaligned access in ghash_setkey()
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
rtlwifi: fix -Wpointer-sign warning
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rsi: Fix memory leak in rsi_coex_attach()
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
x86/perf/zhaoxin: Add stepping check for ZXC
sched/rt: pick_next_rt_entity(): check list_entry
sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
s390/dasd: Fix potential memleak in dasd_eckd_init()
s390/dasd: Prepare for additional path event handling
blk-mq: correct stale comment of .get_budget
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
ARM: imx: Call ida_simple_remove() for ida_simple_get
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: s3c: fix s3c64xx_set_timer_source prototype
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: qcom: sc7180: correct SPMI bus address cells
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
powerpc/mm: Rearrange if-else block to avoid clang warning
HID: asus: use spinlock to safely schedule workers
HID: asus: use spinlock to protect concurrent accesses
HID: asus: Remove check for same LED brightness on set
Linux 5.10.172
io_uring: ensure that io_init_req() passes in the right issue_flags
Revert "nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property"
Revert "nvmem: core: remove nvmem_config wp_gpio"
Revert "nvmem: core: fix cleanup after dev_set_name()"
Revert "nvmem: core: fix registration vs use race"
Revert "nvmem: core: fix return value"
Linux 5.10.171
io_uring: add missing lock in io_get_file_fixed
USB: core: Don't hold device lock while reading the "descriptors" sysfs file
usb: gadget: u_serial: Add null pointer check in gserial_resume
USB: serial: option: add support for VW/Skoda "Carstick LTE"
drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
scripts/tags.sh: fix incompatibility with PCRE2
scripts/tags.sh: Invoke 'realpath' via 'xargs'
md: Flush workqueue md_rdev_misc_wq in md_alloc()
vc_screen: don't clobber return value in vcs_read
net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
HID: core: Fix deadloop in hid_apply_multiplier.
neigh: make sure used and confirmed times are valid
IB/hfi1: Assign npages earlier
btrfs: send: limit number of clones and allocated memory size
ACPI: NFIT: fix a potential deadlock during NFIT teardown
ARM: dts: rockchip: add power-domains property to dp node on rk3288
arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
Fix XFRM-I support for nested ESP tunnels
Revert "Revert "nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property""
Linux 5.10.170
bpf: add missing header file include
Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs"
ext4: Fix function prototype mismatch for ext4_feat_ktype
audit: update the mailing list in MAINTAINERS
wifi: mwifiex: Add missing compatible string for SD8787
nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
nbd: fix max value for 'first_minor'
Revert "Revert "block: nbd: add sanity check for first_minor""
uaccess: Add speculation barrier to copy_from_user()
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
random: always mix cycle counter in add_latent_entropy()
clk: mxl: syscon_node_to_regmap() returns error pointers
powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
clk: mxl: Fix a clk entry by adding relevant flags
clk: mxl: Add option to override gate clks
clk: mxl: Remove redundant spinlocks
clk: mxl: Switch from direct readl/writel based IO to regmap based IO
wifi: rtl8xxxu: gen2: Turn on the rate control
drm/etnaviv: don't truncate physical page address
Linux 5.10.169
nvmem: core: fix return value
net: sched: sch: Fix off by one in htb_activate_prios()
ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
alarmtimer: Prevent starvation by small intervals and SIG_IGN
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
net/sched: tcindex: search key must be 16 bits
i40e: Add checking for null for nlmsg_find_attr()
net/sched: act_ctinfo: use percpu stats
flow_offload: fill flags to action structure
drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
nilfs2: fix underflow in second superblock position calculations
ipv6: Fix tcp socket connection with DSCP.
ipv6: Fix datagram socket connection with DSCP.
ixgbe: add double of VLAN header when computing the max MTU
net: mpls: fix stale pointer if allocation fails during device rename
net: stmmac: Restrict warning on disabling DMA store and fwd mode
bnxt_en: Fix mqprio and XDP ring checking logic
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
net/sched: tcindex: update imperfect hash filters respecting rcu
sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
net: bgmac: fix BCM5358 support by setting correct flags
i40e: add double of VLAN header when computing the max MTU
ixgbe: allow to increase MTU to 3K with XDP enabled
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
net: Fix unwanted sign extension in netdev_stats_to_stats64()
Revert "mm: Always release pages to the buddy allocator in memblock_free_late()."
hugetlb: check for undefined shift on 32 bit architectures
sched/psi: Fix use-after-free in ep_remove_wait_queue()
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda/conexant: add a new hda codec SN6180
mmc: mmc_spi: fix error handling in mmc_spi_probe()
mmc: sdio: fix possible resource leaks in some error paths
mmc: jz4740: Work around bug on JZ4760(B)
netfilter: nft_tproxy: restrict to prerouting hook
ovl: remove privs in ovl_fallocate()
ovl: remove privs in ovl_copyfile()
s390/signal: fix endless loop in do_signal
aio: fix mremap after fork null-deref
nvmem: core: fix registration vs use race
nvmem: core: fix cleanup after dev_set_name()
nvmem: core: remove nvmem_config wp_gpio
nvmem: core: add error handling for dev_set_name
platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
s390/decompressor: specify __decompress() buf len to avoid overflow
net: sched: sch: Bounds check priority
net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
net/rose: Fix to not accept on connected socket
tools/virtio: fix the vringh test for virtio ring changes
ASoC: cs42l56: fix DT probe
ALSA: hda: Do not unset preset when cleaning up codec
selftests/bpf: Verify copy_register_state() preserves parent/live fields
ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/sound/amlogic,gx-sound-card.yaml
Change-Id: I1f66c988a4f4f4661c8f74bcd1ad89220081567e
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
Hangyu Hua
|
6a975c2771 |
UPSTREAM: net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
[ Upstream commit 4d56304e5827c8cc8cc18c75343d283af7c4825c ]
If we send two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets and their total
size is 252 bytes(key->enc_opts.len = 252) then
key->enc_opts.len = opt->length = data_len / 4 = 0 when the third
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packet enters fl_set_geneve_opt. This
bypasses the next bounds check and results in an out-of-bounds.
Bug: 288660424
Fixes:
|
||
Greg Kroah-Hartman
|
c6ac900e26 |
Merge 5.10.185 into android12-5.10-lts
Changes in 5.10.185 lib: cleanup kstrto*() usage kernel.h: split out kstrtox() and simple_strtox() to a separate header test_firmware: Use kstrtobool() instead of strtobool() test_firmware: prevent race conditions by a correct implementation of locking test_firmware: fix a memory leak with reqs buffer power: supply: ab8500: Fix external_power_changed race power: supply: sc27xx: Fix external_power_changed race power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() ARM: dts: vexpress: add missing cache properties tools: gpio: fix debounce_period_us output of lsgpio power: supply: Ratelimit no data debug output platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 regulator: Fix error checking for debugfs_create_dir irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues power: supply: Fix logic checking if system is running from battery btrfs: scrub: try harder to mark RAID56 block groups read-only btrfs: handle memory allocation failure in btrfs_csum_one_bio ASoC: soc-pcm: test if a BE can be prepared parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() MIPS: Alchemy: fix dbdma2 mips: Move initrd_start check after initrd address sanitisation. ASoC: dwc: move DMA init to snd_soc_dai_driver probe() xen/blkfront: Only check REQ_FUA for writes drm:amd:amdgpu: Fix missing buffer object unlock in failure path irqchip/gic: Correctly validate OF quirk descriptors io_uring: hold uring mutex around poll removal epoll: ep_autoremove_wake_function should use list_del_init_careful ocfs2: fix use-after-free when unmounting read-only filesystem ocfs2: check new file size on fallocate call nios2: dts: Fix tse_mac "max-frame-size" property nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nilfs2: fix possible out-of-bounds segment allocation in resize ioctl kexec: support purgatories with .text.hot sections x86/purgatory: remove PGO flags powerpc/purgatory: remove PGO flags nouveau: fix client work fence deletion race RDMA/uverbs: Restrict usage of privileged QKEYs net: usb: qmi_wwan: add support for Compal RXM-G1 ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Remove DECnet support from kernel USB: serial: option: add Quectel EM061KGL series serial: lantiq: add missing interrupt ack usb: dwc3: gadget: Reset num TRBs before giving back the request RDMA/rtrs: Fix the last iu->buf leak in err path spi: fsl-dspi: avoid SCK glitches with continuous transfers netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM net: enetc: correct the indexes of highest and 2nd highest TCs ping6: Fix send to link-local addresses with VRF. net/sched: cls_u32: Fix reference counter leak leading to overflow RDMA/rxe: Remove the unused variable obj RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Fix the use-before-initialization error of resp_pkts iavf: remove mask from iavf_irq_enable_queues() octeontx2-af: fixed resource availability check RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions RDMA/cma: Always set static rate to 0 for RoCE IB/uverbs: Fix to consider event queue closing also upon non-blocking mode IB/isert: Fix dead lock in ib_isert IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix incorrect release of isert connection ipvlan: fix bound dev checking for IPv6 l3s mode sctp: fix an error code in sctp_sf_eat_auth() igb: fix nvm.ops.read() error handling drm/nouveau: don't detect DSM for non-NVIDIA device drm/nouveau/dp: check for NULL nv_connector->native_mode drm/nouveau: add nv_encoder pointer check for NULL ext4: drop the call to ext4_error() from ext4_get_group_info() net/sched: cls_api: Fix lockup on flushing explicitly created chain net: lapbether: only support ethernet devices net: tipc: resize nlattr array to correct size selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET afs: Fix vlserver probe RTT handling cgroup: always put cset in cgroup_css_set_put_fork rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period neighbour: Remove unused inline function neigh_key_eq16() net: Remove unused inline function dst_hold_and_use() net: Remove DECnet leftovers from flow.h. neighbour: delete neigh_lookup_nodev as not used batman-adv: Switch to kstrtox.h for kstrtou64 mmc: block: ensure error propagation for non-blk mm/memory_hotplug: extend offline_and_remove_memory() to handle more than one memory block nilfs2: reject devices with insufficient block count media: dvbdev: Fix memleak in dvb_register_device media: dvbdev: fix error logic at dvb_register_device() media: dvb-core: Fix use-after-free due to race at dvb_register_device() drm/i915/dg1: Wait for pcode/uncore handshake at startup drm/i915/gen11+: Only load DRAM information from pcode um: Fix build w/o CONFIG_PM_SLEEP Linux 5.10.185 Change-Id: I05ba9c2e38c013c553c9f89e2a6b71ec9bdb0bd3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b7321283a9 |
Merge 5.10.184 into android12-5.10-lts
Changes in 5.10.184
ata: ahci: fix enum constants for gcc-13
gcc-plugins: Reorganize gimple includes for GCC 13
sfc (gcc13): synchronize ef100_enqueue_skb()'s return type
remove the sx8 block driver
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
f2fs: fix iostat lock protection
blk-iocost: avoid 64-bit division in ioc_timer_fn
block/blk-iocost (gcc13): keep large values in a new enum
i40iw: fix build warning in i40iw_manage_apbvt()
i40e: fix build warnings in i40e_alloc.h
i40e: fix build warning in ice_fltr_add_mac_to_list()
staging: vchiq_core: drop vchiq_status from vchiq_initialise
spi: qup: Request DMA before enabling clocks
afs: Fix setting of mtime when creating a file/dir/symlink
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
neighbour: fix unaligned access to pneigh_entry
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
Bluetooth: Fix l2cap_disconnect_req deadlock
Bluetooth: L2CAP: Add missing checks for invalid DCID
qed/qede: Fix scheduling while atomic
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
netfilter: ipset: Add schedule point in call_ad().
ipv6: rpl: Fix Route of Death.
rfs: annotate lockless accesses to sk->sk_rxhash
rfs: annotate lockless accesses to RFS sock flow table
net: sched: move rtm_tca_policy declaration to include file
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
bpf: Add extra path pointer check to d_path helper
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
bnxt_en: Don't issue AP reset during ethtool's reset operation
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
batman-adv: Broken sync while rescheduling delayed work
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
Input: psmouse - fix OOB access in Elantech protocol
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
ALSA: hda/realtek: Add Lenovo P3 Tower platform
drm/amdgpu: fix xclk freq on CHIP_STONEY
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
ceph: fix use-after-free bug for inodes when flushing capsnaps
s390/dasd: Use correct lock while counting channel queue length
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
Bluetooth: hci_qca: fix debugfs registration
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
rbd: get snapshot context after exclusive lock is ensured to be held
pinctrl: meson-axg: add missing GPIOA_18 gpio group
usb: usbfs: Enforce page requirements for mmap
usb: usbfs: Use consistent mmap functions
staging: vc04_services: fix gcc-13 build warning
ASoC: codecs: wsa881x: do not set can_multi_write flag
i2c: sprd: Delete i2c adapter in .remove's error path
eeprom: at24: also select REGMAP
riscv: fix kprobe __user string arg print fault issue
vhost: support PACKED when setting-getting vring_base
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
ext4: only check dquot_initialize_needed() when debugging
tcp: fix tcp_min_tso_segs sysctl
xfs: verify buffer contents when we skip log replay
MIPS: locking/atomic: Fix atomic{_64,}_sub_if_positive
drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
btrfs: check return value of btrfs_commit_transaction in relocation
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
Linux 5.10.184
Change-Id: If2d013f1bba8d713f8935810a5887f80eabae81c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
0c0856714e |
Revert "tcp: deny tcp_disconnect() when threads are waiting"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
848ca335c1 |
Merge 5.10.183 into android12-5.10-lts
Changes in 5.10.183 RDMA/bnxt_re: Code refactor while populating user MRs RDMA/bnxt_re: Fix the page_size used during the MR creation RDMA/efa: Fix unsupported page sizes in device dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie dmaengine: at_xdmac: Fix race for the tx desc callback dmaengine: at_xdmac: Move the free desc to the tail of the desc list dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() RDMA/bnxt_re: Fix a possible memory leak RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx iommu/rockchip: Fix unwind goto issue iommu/amd: Don't block updates to GATag if guest mode is on dmaengine: pl330: rename _start to prevent build error net/mlx5: fw_tracer, Fix event handling netrom: fix info-leak in nr_write_internal() af_packet: Fix data-races of pkt_sk(sk)->num. amd-xgbe: fix the false linkup in xgbe_phy_status mtd: rawnand: ingenic: fix empty stub helper definitions af_packet: do not use READ_ONCE() in packet_bind() tcp: deny tcp_disconnect() when threads are waiting tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set net/sched: sch_ingress: Only create under TC_H_INGRESS net/sched: sch_clsact: Only create under TC_H_CLSACT net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs net/sched: Prohibit regrafting ingress or clsact Qdiscs net: sched: fix NULL pointer dereference in mq_attach net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report udp6: Fix race condition in udp6_sendmsg & connect net/mlx5: Read embedded cpu after init bit cleared net/sched: flower: fix possible OOB write in fl_set_geneve_opt() net: dsa: mv88e6xxx: Increase wait after reset deactivation mtd: rawnand: marvell: ensure timing values are written mtd: rawnand: marvell: don't set the NAND frequency select watchdog: menz069_wdt: fix watchdog initialisation ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs. mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() btrfs: abort transaction when sibling keys check fails for leaves ARM: 9295/1: unwind:fix unwind abort for uleb128 case media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE gfs2: Don't deref jdesc in evict fbdev: modedb: Add 1920x1080 at 60 Hz video mode fbdev: stifb: Fix info entry in sti_struct on error path nbd: Fix debugfs_create_dir error checking block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE ASoC: dwc: limit the number of overrun messages xfrm: Check if_id in inbound policy/secpath match ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs ASoC: ssm2602: Add workaround for playback distortions media: dvb_demux: fix a bug for the continuity counter media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address media: netup_unidvb: fix irq init by register it at the end of probe media: dvb_ca_en50221: fix a size write bug media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table media: dvb-core: Fix use-after-free due on race condition at dvb_net media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 s390/pkey: zeroize key blobs wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value ARM: dts: stm32: add pin map for CAN controller on stm32f7 arm64/mm: mark private VM_FAULT_X defines as vm_fault_t scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed wifi: b43: fix incorrect __packed annotation netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT ALSA: oss: avoid missing-prototype warnings drm/msm: Be more shouty if per-process pgtables aren't working atm: hide unused procfs functions mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() iio: adc: mxs-lradc: fix the order of two cleanup operations HID: google: add jewel USB id HID: wacom: avoid integer overflow in wacom_intuos_inout() iio: imu: inv_icm42600: fix timestamp reset iio: light: vcnl4035: fixed chip ID check iio: dac: mcp4725: Fix i2c_master_send() return value handling iio: adc: ad7192: Change "shorted" channels to differential iio: dac: build ad5758 driver when AD5758 is selected net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 usb: gadget: f_fs: Add unbind event before functionfs_unbind misc: fastrpc: return -EPIPE to invocations on device removal misc: fastrpc: reject new invocations during device removal scsi: stex: Fix gcc 13 warnings ata: libata-scsi: Use correct device no in ata_find_dev() x86/boot: Wrap literal addresses in absolute_pointer() ACPI: thermal: drop an always true check ath6kl: Use struct_group() to avoid size-mismatched casting gcc-12: disable '-Wdangling-pointer' warning for now eth: sun: cassini: remove dead code mmc: vub300: fix invalid response handling tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=array-bounds selinux: don't use make's grouped targets feature yet tracing/probe: trace_probe_primary_from_call(): checked list_first_entry selftests: mptcp: connect: skip if MPTCP is not supported selftests: mptcp: pm nl: skip if MPTCP is not supported ext4: add EA_INODE checking to ext4_iget() ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() ext4: disallow ea_inodes with extended attributes ext4: add lockdep annotations for i_data_sem for ea_inode's fbcon: Fix null-ptr-deref in soft_cursor serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() test_firmware: fix the memory leak of the allocated firmware buffer KVM: x86: Account fastpath-only VM-Exits in vCPU stats KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() regmap: Account for register length when chunking tpm, tpm_tis: Request threaded interrupt handler media: ti-vpe: cal: avoid FIELD_GET assertion drm/rcar: stop using 'imply' for dependencies scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) scsi: dpt_i2o: Do not process completions with invalid addresses crypto: ccp: Reject SEV commands with mismatching command buffer crypto: ccp: Play nice with vmalloc'd memory for SEV command structs selftests: mptcp: diag: skip if MPTCP is not supported selftests: mptcp: simult flows: skip if MPTCP is not supported selftests: mptcp: join: skip if MPTCP is not supported ext4: enable the lazy init thread when remounting read/write ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS Linux 5.10.183 Change-Id: Iaaaaa9d53fea0e6f58a5ba1ad86f9150c2cdf8af Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
06f0c366cb |
Merge 5.10.182 into android12-5.10-lts
Changes in 5.10.182
x86/cpu: Add Raptor Lake to Intel family
x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
power: supply: bq27xxx: fix polarity of current_now
power: supply: bq27xxx: fix sign of current_now for newer ICs
power: supply: bq27xxx: make status more robust
power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status()
power: supply: bq27xxx: expose battery data when CI=1
power: supply: bq27xxx: Move bq27xxx_battery_update() down
power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
power: supply: bq24190: Call power_supply_changed() after updating input current
regulator: Add regmap helper for ramp-delay setting
regulator: pca9450: Convert to use regulator_set_ramp_delay_regmap
regulator: pca9450: Fix BUCK2 enable_mask
net/mlx5: devcom only supports 2 ports
net/mlx5: Devcom, serialize devcom registration
net: phy: mscc: enable VSC8501/2 RGMII RX clock
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
binder: fix UAF caused by faulty buffer cleanup
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
netfilter: ctnetlink: Support offloaded conntrack entry deletion
Linux 5.10.182
Change-Id: I4c11a7f5fce0d9088f193a488a28b779944291a5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
f8e9848656 |
Revert "tipc: add tipc_bearer_min_mtu to calculate min mtu"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
7ae5626406 |
Revert "tipc: do not update mtu if msg_max is too small in mtu negotiation"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
4a7c41b710 |
Revert "tipc: check the bearer min mtu properly when setting it by netlink"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
f015c92c49 |
Revert "ipv4/tcp: do not use per netns ctl sockets"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
a4be51e26a |
Revert "net: Find dst with sk's xfrm policy not ctl_sk"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
c86beaeed1 |
Revert "tcp: fix possible sk_priority leak in tcp_v4_send_reset()"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
6d62ca19a7 |
Merge 5.10.181 into android12-5.10-lts
Changes in 5.10.181
driver core: add a helper to setup both the of_node and fwnode of a device
drm/mipi-dsi: Set the fwnode for mipi_dsi_device
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
linux/dim: Do nothing if no time delta between samples
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
netfilter: conntrack: fix possible bug_on with enable_hooks=1
netlink: annotate accesses to nlk->cb_running
net: annotate sk->sk_err write from do_recvmmsg()
net: deal with most data-races in sk_wait_event()
net: tap: check vlan with eth_type_vlan() method
net: add vlan_get_protocol_and_depth() helper
tcp: factor out __tcp_close() helper
tcp: add annotations around sk->sk_shutdown accesses
ipvlan:Fix out-of-bounds caused by unclear skb->cb
net: datagram: fix data-races in datagram_poll()
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
af_unix: Fix data races around sk->sk_shutdown.
drm/i915/dp: prevent potential div-by-zero
fbdev: arcfb: Fix error handling in arcfb_probe()
ext4: remove an unused variable warning with CONFIG_QUOTA=n
ext4: reflect error codes from ext4_multi_mount_protect() to its callers
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: fix lockdep warning when enabling MMP
ext4: remove redundant mb_regenerate_buddy()
ext4: drop s_mb_bal_lock and convert protected fields to atomic
ext4: add mballoc stats proc file
ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
ext4: allow ext4_get_group_info() to fail
refscale: Move shutdown from wait_event() to wait_event_idle()
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
arm64: dts: qcom: msm8996: Add missing DWC3 quirks
memstick: r592: Fix UAF bug in r592_remove due to race condition
firmware: arm_sdei: Fix sleep from invalid context BUG
ACPI: EC: Fix oops when removing custom query handlers
remoteproc: stm32_rproc: Add mutex protection for workqueue
drm/tegra: Avoid potential 32-bit integer overflow
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
drm/amd: Fix an out of bounds error in BIOS parser
wifi: ath: Silence memcpy run-time false positive warning
bpf: Annotate data races in bpf_local_storage
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ext2: Check block size validity during mount
scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
net: pasemi: Fix return type of pasemi_mac_start_tx()
net: Catch invalid index in XPS mapping
scsi: target: iscsit: Free cmds before session free
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
gfs2: Fix inode height consistency check
ext4: set goal start correctly in ext4_mb_normalize_request
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
f2fs: fix to drop all dirty pages during umount() if cp_error is set
samples/bpf: Fix fout leak in hbm's run_bpf_prog
wifi: iwlwifi: pcie: fix possible NULL pointer dereference
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
null_blk: Always check queue mode setting from configfs
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
wifi: ath11k: Fix SKB corruption in REO destination ring
ipvs: Update width of source for ip_vs_sync_conn_options
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
HID: logitech-hidpp: Don't use the USB serial for USB devices
HID: logitech-hidpp: Reconcile USB and Unifying serials
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: wacom: generic: Set battery quirk only when we see battery data
usb: typec: tcpm: fix multiple times discover svids error
serial: 8250: Reinit port->pm on port specific driver unbind
mcb-pci: Reallocate memory region to avoid memory overlapping
sched: Fix KCSAN noinstr violation
recordmcount: Fix memory leaks in the uwrite function
RDMA/core: Fix multiple -Warray-bounds warnings
iommu/arm-smmu-qcom: Limit the SMR groups to 128
clk: tegra20: fix gcc-7 constant overflow warning
iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
Input: xpad - add constants for GIP interface numbers
phy: st: miphy28lp: use _poll_timeout functions for waits
mfd: dln2: Fix memory leak in dln2_probe()
btrfs: move btrfs_find_highest_objectid/btrfs_find_free_objectid to disk-io.c
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
btrfs: fix space cache inconsistency after error loading it from disk
xfrm: don't check the default policy if the policy allows the packet
Revert "Fix XFRM-I support for nested ESP tunnels"
drm/msm/dp: unregister audio driver during unbind
drm/msm/dpu: Remove duplicate register defines from INTF
cpupower: Make TSC read per CPU for Mperf monitor
af_key: Reject optional tunnel/BEET mode templates in outbound policies
net: fec: Better handle pm_runtime_get() failing in .remove()
net: phy: dp83867: add w/a for packet errors seen with short cables
ALSA: firewire-digi00x: prevent potential use after free
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
vsock: avoid to close connected socket after the timeout
ipv4/tcp: do not use per netns ctl sockets
net: Find dst with sk's xfrm policy not ctl_sk
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
erspan: get the proto with the md version for collect_md
net: hns3: fix sending pfc frames after reset issue
net: hns3: fix reset delay time to avoid configuration timeout
media: netup_unidvb: fix use-after-free at del_timer()
SUNRPC: Fix trace_svc_register() call site
drm/exynos: fix g2d_open/close helper function definitions
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
net/tipc: fix tipc header files for kernel-doc
tipc: add tipc_bearer_min_mtu to calculate min mtu
tipc: do not update mtu if msg_max is too small in mtu negotiation
tipc: check the bearer min mtu properly when setting it by netlink
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
wifi: mac80211: fix min center freq offset tracing
wifi: iwlwifi: mvm: don't trust firmware n_channels
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
cassini: Fix a memory leak in the error handling path of cas_init_one()
igb: fix bit_shift to be in [1..8] range
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
netfilter: nft_set_rbtree: fix null deref on element insertion
bridge: always declare tunnel functions
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
USB: usbtmc: Fix direction for 0-length ioctl control messages
usb-storage: fix deadlock when a scsi command timeouts more than once
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb: dwc3: debugfs: Resume dwc3 before accessing registers
usb: gadget: u_ether: Fix host MAC address case
usb: typec: altmodes/displayport: fix pin_assignment_show
ALSA: hda: Fix Oops by 9.1 surround channel names
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda/realtek: Add quirk for Clevo L140AU
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
can: kvaser_pciefd: Call request_irq() before enabling interrupts
can: kvaser_pciefd: Empty SRB buffer in probe
can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
can: kvaser_pciefd: Disable interrupts in probe error path
statfs: enforce statfs[64] structure initialization
serial: Add support for Advantech PCI-1611U card
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
ceph: force updating the msg pointer in non-split case
tpm/tpm_tis: Disable interrupts for more Lenovo devices
powerpc/64s/radix: Fix soft dirty tracking
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
HID: wacom: Force pen out of prox if no events have been received in a while
HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
HID: wacom: add three styli to wacom_intuos_get_tool_type
KVM: arm64: Link position-independent string routines into .hyp.text
serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards
serial: exar: Add support for Sealevel 7xxxC serial cards
serial: 8250_exar: Add support for USR298x PCI Modems
s390/qdio: get rid of register asm
s390/qdio: fix do_sqbs() inline assembly constraint
watchdog: sp5100_tco: Immediately trigger upon starting.
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
writeback, cgroup: remove extra percpu_ref_exit()
net/sched: act_mirred: refactor the handle of xmit
net/sched: act_mirred: better wording on protection against excessive stack growth
act_mirred: use the backlog for nested calls to mirred ingress
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
ocfs2: Switch to security_inode_init_security()
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
ALSA: hda: Fix unhandled register update during auto-suspend period
ALSA: hda/realtek: Enable headset onLenovo M70/M90
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
m68k: Move signal frame following exception on 68020/030
parisc: Handle kgdb breakpoints only in kernel context
parisc: Allow to reboot machine after system halt
gpio: mockup: Fix mode of debugfs files
btrfs: use nofs when cleaning up aborted transactions
dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
x86/mm: Avoid incomplete Global INVLPG flushes
selftests/memfd: Fix unknown type name build failure
parisc: Fix flush_dcache_page() for usage from irq context
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
debugobjects: Don't wake up kswapd from fill_pool()
fbdev: udlfb: Fix endpoint check
net: fix stack overflow when LRO is disabled for virtual interfaces
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
USB: core: Add routines for endpoint checks in old drivers
USB: sisusbvga: Add endpoint checks
media: radio-shark: Add endpoint checks
net: fix skb leak in __skb_tstamp_tx()
selftests: fib_tests: mute cleanup error message
octeontx2-pf: Fix TSOv6 offload
bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
power: supply: leds: Fix blink to LED on transition
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix poll_interval handling and races on remove
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
fs: fix undefined behavior in bit shift for SB_NOUSER
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
forcedeth: Fix an error handling path in nv_probe()
net/mlx5e: do as little as possible in napi poll when budget is 0
net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
net/mlx5: Fix error message when failing to allocate device memory
net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
3c589_cs: Fix an error handling path in tc589_probe()
net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
Linux 5.10.181
Change-Id: Iaad0b0bb7c1ad061b28ad4ee16e03db935241177
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
d70c95bd81 |
Merge 5.10.180 into android12-5.10-lts
Changes in 5.10.180
seccomp: Move copy_seccomp() to no failure path.
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
bluetooth: Perform careful capability checks in hci_sock_ioctl()
x86/fpu: Prevent FPU state corruption
USB: serial: option: add UNISOC vendor and TOZED LT70C product
driver core: Don't require dynamic_debug for initcall_debug probe timing
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
asm-generic/io.h: suppress endianness warnings for readq() and writeq()
wireguard: timers: cast enum limits members to int in prints
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: qcom: Fix the incorrect register usage in v2.7.0 config
USB: dwc3: fix runtime pm imbalance on probe errors
USB: dwc3: fix runtime pm imbalance on unbind
hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
hwmon: (adt7475) Use device_property APIs when configuring polarity
posix-cpu-timers: Implement the missing timer_wait_running callback
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
blk-mq: release crypto keyslot before reporting I/O complete
blk-crypto: make blk_crypto_evict_key() return void
blk-crypto: make blk_crypto_evict_key() more robust
ext4: use ext4_journal_start/stop for fast commit transactions
staging: iio: resolver: ads1210: fix config mode
xhci: fix debugfs register accesses while suspended
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
MIPS: fw: Allow firmware to pass a empty env
ipmi:ssif: Add send_retries increment
ipmi: fix SSIF not responding under certain cond.
kheaders: Use array declaration instead of char
pwm: meson: Fix axg ao mux parents
pwm: meson: Fix g12a ao clk81 name
ring-buffer: Sync IRQ works before buffer destruction
crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
crypto: safexcel - Cleanup ring IRQ workqueues on load failure
rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
relayfs: fix out-of-bounds access in relay_file_read
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
i2c: omap: Fix standard mode false ACK readings
iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
ubifs: Fix memleak when insert_old_idx() failed
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Free memory for tmpfile name
sound/oss/dmasound: fix build when drivers are mixed =y/=m
parisc: Fix argument pointer in real64_call_asm()
nilfs2: do not write dirty data after degenerating to read-only
nilfs2: fix infinite loop in nilfs_mdt_get_block()
md/raid10: fix null-ptr-deref in raid10_sync_request
mailbox: zynqmp: Fix IPI isr handling
mailbox: zynqmp: Fix typo in IPI documentation
wifi: rtl8xxxu: RTL8192EU always needs full init
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
selftests/resctrl: Check for return value after write_schemata()
selinux: fix Makefile dependencies of flask.h
selinux: ensure av_permissions.h is built when needed
tpm, tpm_tis: Do not skip reset of original interrupt vector
tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
tpm, tpm_tis: Claim locality before writing interrupt registers
tpm, tpm: Implement usage counter for locality
tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
erofs: fix potential overflow calculating xattr_isize
drm/rockchip: Drop unbalanced obj unref
drm/vgem: add missing mutex_destroy
drm/probe-helper: Cancel previous job before starting new one
soc: ti: pm33xx: Enable basic PM runtime support for genpd
soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
arm64: dts: qcom: sdm845: correct dynamic power coefficients
arm64: dts: qcom: sdm845: Fix the PCI I/O port range
arm64: dts: qcom: msm8998: Fix the PCI I/O port range
arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
arm64: dts: qcom: msm8996: Fix the PCI I/O port range
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
x86/MCE/AMD: Use an u64 for bank_map
media: bdisp: Add missing check for create_workqueue
firmware: qcom_scm: Clear download bit during reboot
drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
media: max9286: Free control handler
drm/msm/adreno: Defer enabling runpm until hw_init()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm: msm: adreno: Disable preemption on Adreno 510
ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
ARM: dts: gta04: fix excess dma channel usage
drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()
regulator: core: Avoid lockdep reports when resolving supplies
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
media: rkvdec: fix use after free bug in rkvdec_remove
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: rcar_fdp1: simplify error check logic at fdp_open()
media: rcar_fdp1: fix pm_runtime_get_sync() usage count
media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource()
media: rcar_fdp1: Fix the correct variable assignments
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rc: gpio-ir-recv: Fix support for wake-up
media: venus: vdec: Fix non reliable setting of LAST flag
media: venus: vdec: Make decoder return LAST flag for sufficient event
media: venus: preserve DRC state across seeks
media: venus: vdec: Handle DRC after drain
media: venus: dec: Fix handling of the start cmd
regulator: stm32-pwr: fix of_iomap leak
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
debugobject: Prevent init race with static objects
drm/i915: Make intel_get_crtc_new_encoder() less oopsy
tick/sched: Use tick_next_period for lockless quick check
tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64()
tick/sched: Optimize tick_do_update_jiffies64() further
tick: Get rid of tick_period
tick/common: Align tick period with the HZ tick.
wifi: ath6kl: minor fix for allocation size
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath6kl: reduce WARN to dev_dbg() in callback
tools: bpftool: Remove invalid \' json escape
wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
bpf: take into account liveness when propagating precision
bpf: fix precision propagation verbose logging
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
bpf: Remove misleading spec_v1 check on var-offset stack read
vlan: partially enable SIOCSHWTSTAMP in container
net/packet: annotate accesses to po->xmit
net/packet: convert po->origdev to an atomic flag
net/packet: convert po->auxdata to an atomic flag
scsi: target: Rename struct sense_info to sense_detail
scsi: target: Rename cmd.bad_sector to cmd.sense_info
scsi: target: Make state_list per CPU
scsi: target: Fix multiple LUN_RESET handling
scsi: target: iscsit: Fix TAS handling during conn cleanup
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
f2fs: handle dqget error in f2fs_transfer_project_quota()
f2fs: enforce single zone capacity
f2fs: apply zone capacity to all zone type
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
crypto: caam - Clear some memory in instantiate_rng
crypto: sa2ul - Select CRYPTO_DES
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
net: qrtr: correct types of trace event parameters
selftests/bpf: Wait for receive in cg_storage_multi test
bpftool: Fix bug for long instructions in program CFG dumps
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto: drbg - Only fail when jent is unavailable in FIPS mode
xsk: Fix unaligned descriptor validation
f2fs: fix to avoid use-after-free for cached IPU bio
scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
bpf, sockmap: fix deadlocks in the sockhash and sockmap
nvme: handle the persistent internal error AER
nvme: fix async event trace event
nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
md/raid10: fix leak of 'r10bio->remaining' for recovery
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix memleak of md thread
wifi: iwlwifi: yoyo: Fix possible division by zero
wifi: iwlwifi: fw: move memset before early return
jdb2: Don't refuse invalidation of already invalidated buffers
wifi: iwlwifi: make the loop for card preparation effective
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: fw: fix memory leak in debugfs
ixgbe: Allow flow hash to be set via ethtool
ixgbe: Enable setting RSS table to default values
bpf: Don't EFAULT for getsockopt with optval=NULL
netfilter: nf_tables: don't write table validation state without mutex
net/sched: sch_fq: fix integer overflow of "credit"
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
netlink: Use copy_to_user() for optval in netlink_getsockopt().
net: amd: Fix link leak when verifying config failed
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
pstore: Revert pmsg_lock back to a normal mutex
usb: host: xhci-rcar: remove leftover quirk handling
usb: dwc3: gadget: Change condition for processing suspend event
fpga: bridge: fix kernel-doc parameter description
iio: light: max44009: add missing OF device matching
spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
spi: imx: Don't skip cleanup in remove's error path
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
PCI: imx6: Install the fault handler only on compatible match
ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
ASoC: es8316: Handle optional IRQ assignment
linux/vt_buffer.h: allow either builtin or modular for macros
spi: qup: Don't skip cleanup in remove's error path
spi: fsl-spi: Fix CPM/QE mode Litte Endian
vmci_host: fix a race condition in vmci_host_poll() causing GPF
of: Fix modalias string generation
PCI/EDR: Clear Device Status after EDR error recovery
ia64: mm/contig: fix section mismatch warning/error
ia64: salinfo: placate defined-but-not-used warning
scripts/gdb: bail early if there are no clocks
scripts/gdb: bail early if there are no generic PD
coresight: etm_pmu: Set the module field
ASoC: fsl_mqs: move of_node_put() to the correct location
spi: cadence-quadspi: fix suspend-resume implementations
i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
uapi/linux/const.h: prefer ISO-friendly __typeof__
sh: sq: Fix incorrect element size for allocating bitmap buffer
usb: gadget: tegra-xudc: Fix crash in vbus_draw
usb: chipidea: fix missing goto in `ci_hdrc_probe`
usb: mtu3: fix kernel panic at qmu transfer done irq handler
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
tty: serial: fsl_lpuart: adjust buffer length to the intended size
serial: 8250: Add missing wakeup event reporting
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
spmi: Add a check for remove callback when removing a SPMI driver
macintosh/windfarm_smu_sat: Add missing of_node_put()
powerpc/mpc512x: fix resource printk format warning
powerpc/wii: fix resource printk format warnings
powerpc/sysdev/tsi108: fix resource printk format warnings
macintosh: via-pmu-led: requires ATA to be set
powerpc/rtas: use memmove for potentially overlapping buffer copy
perf/core: Fix hardlockup failure caused by perf throttle
clk: at91: clk-sam9x60-pll: fix return value check
RDMA/siw: Fix potential page_array out of range access
RDMA/rdmavt: Delete unnecessary NULL check
workqueue: Rename "delayed" (delayed by active management) to "inactive"
workqueue: Fix hung time report of worker pools
rtc: omap: include header for omap_rtc_power_off_program prototype
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
power: supply: generic-adc-battery: fix unit scaling
clk: add missing of_node_put() in "assigned-clocks" property parsing
RDMA/siw: Remove namespace check from siw_netdev_event()
RDMA/cm: Trace icm_send_rej event before the cm state is reset
RDMA/srpt: Add a check for valid 'mad_agent' pointer
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
IB/hfi1: Add AIP tx traces
IB/hfi1: Add additional usdma traces
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
firmware: raspberrypi: Introduce devm_rpi_firmware_get()
input: raspberrypi-ts: Release firmware handle when not needed
Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
RDMA/mlx5: Fix flow counter query via DEVX
SUNRPC: remove the maximum number of retries in call_bind_status
RDMA/mlx5: Use correct device num_ports when modify DC
clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails
openrisc: Properly store r31 to pt_regs on unhandled exceptions
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
leds: TI_LMU_COMMON: select REGMAP instead of depending on it
dmaengine: mv_xor_v2: Fix an error code.
leds: tca6507: Fix error handling of using fwnode_property_read_string
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Disable shadow registers before setting backlight values
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
dmaengine: dw-edma: Fix to change for continuous transfer
dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
dmaengine: at_xdmac: do not enable all cyclic channels
thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
mfd: tqmx86: Do not access I2C_DETECT register through io_base
mfd: tqmx86: Remove incorrect TQMx90UC board ID
mfd: tqmx86: Add support for TQMx110EB and TQMxE40x
mfd: tqmx86: Specify IO port register range more precisely
mfd: tqmx86: Correct board names for TQMxE39x
afs: Fix updating of i_size with dv jump from server
scripts/gdb: fix lx-timerlist for Python3
btrfs: scrub: reject unsupported scrub flags
s390/dasd: fix hanging blockdevice after request requeue
ia64: fix an addr to taddr in huge_pte_offset()
dm clone: call kmem_cache_destroy() in dm_clone_init() error path
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
dm flakey: fix a crash with invalid table line
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
perf auxtrace: Fix address filter entire kernel size
perf intel-pt: Fix CYC timestamps after standalone CBR
arm64: Always load shadow stack pointer directly from the task struct
arm64: Stash shadow stack pointer in the task struct on interrupt
debugobject: Ensure pool refill (again)
sound/oss/dmasound: fix 'dmasound_setup' defined but not used
arm64: dts: qcom: sdm845: correct dynamic power coefficients
scsi: target: core: Avoid smp_processor_id() in preemptible code
netfilter: nf_tables: deactivate anonymous set from preparation phase
tty: create internal tty.h file
tty: audit: move some local functions out of tty.h
tty: move some internal tty lock enums and functions out of tty.h
tty: move some tty-only functions to drivers/tty/tty.h
tty: clean include/linux/tty.h up
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus
crypto: ccp - Clear PSP interrupt status register before calling handler
mailbox: zynq: Switch to flexible array to simplify code
mailbox: zynqmp: Fix counts of child nodes
dm verity: skip redundant verity_handle_err() on I/O errors
dm verity: fix error handling for check_at_most_once on FEC
scsi: qedi: Fix use after free bug in qedi_remove()
net/ncsi: clear Tx enable mode when handling a Config required AEN
net/sched: cls_api: remove block_cb from driver_list before freeing
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
writeback: fix call of incorrect macro
watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe()
net/sched: act_mirred: Add carrier check
sfc: Fix module EEPROM reporting for QSFP modules
rxrpc: Fix hard call timeout units
octeontx2-pf: Disable packet I/O for graceful exit
octeontx2-vf: Detach LF resources on probe cleanup
ionic: remove noise from ethtool rxnfc error msg
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
drm/amdgpu: add a missing lock for AMDGPU_SCHED
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
virtio_net: split free_unused_bufs()
virtio_net: suppress cpu stall when free_unused_bufs
net: enetc: check the index of the SFI rather than the handle
perf vendor events power9: Remove UTF-8 characters from JSON files
perf pmu: zfree() expects a pointer to a pointer to zero it after freeing its contents
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
btrfs: fix btrfs_prev_leaf() to not return the same key twice
btrfs: don't free qgroup space unless specified
btrfs: print-tree: parent bytenr must be aligned to sector size
cifs: fix pcchunk length type in smb2_copychunk_range
platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
inotify: Avoid reporting event with invalid wd
sh: math-emu: fix macro redefined warning
sh: mcount.S: fix build error when PRINTK is not enabled
sh: init: use OF_EARLY_FLATTREE for early init
sh: nmi_debug: fix return value of __setup handler
remoteproc: stm32: Call of_node_put() on iteration error
remoteproc: st: Call of_node_put() on iteration error
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
ARM: dts: s5pv210: correct MIPI CSIS clock name
f2fs: fix potential corruption when moving a directory
drm/panel: otm8009a: Set backlight parent to panel device
drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras
drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
HID: wacom: Set a default resolution for older tablets
HID: wacom: insert timestamp to packed Bluetooth (BT) events
KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() with vcpu_mask==NULL
KVM: x86: do not report a vCPU as preempted outside instruction boundaries
ext4: fix WARNING in mb_find_extent
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: fix data races when using cached status extents
ext4: check iomap type only if ext4_iomap_begin() does not fail
ext4: improve error recovery code paths in __ext4_remount()
ext4: fix deadlock when converting an inline directory in nojournal mode
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
drbd: correctly submit flush bio on barrier
KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior
KVM: x86: Fix recording of guest steal time / preempted status
KVM: Fix steal time asm constraints
KVM: x86: Remove obsolete disabling of page faults in kvm_arch_vcpu_put()
KVM: x86: do not set st->preempted when going back to user space
KVM: x86: revalidate steal time cache if MSR value changes
KVM: x86: do not report preemption if the steal time cache is stale
KVM: x86: move guest_pv_has out of user_access section
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
drm/amd/display: Fix hang when skipping modeset
Linux 5.10.180
Change-Id: Ie0c8ae79d56d844ec23ec277d91d4c70c3e1e9a8
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Lee Jones
|
39c3d16903 |
UPSTREAM: net/sched: cls_u32: Fix reference counter leak leading to overflow
[ Upstream commit 04c55383fa5689357bcdd2c8036725a55ed632bc ]
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Bug: 273251569
Fixes:
|
||
|
Greg Kroah-Hartman
|
c7f1b9f365 |
Merge eded3ad80a ("ia64: fix an addr to taddr in huge_pte_offset()") into android12-5.10-lts
Steps on the way to 5.10.180 Change-Id: Ied555d8ab53844823d31e3221bd0fb155f0baeae Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
2dcf843019 |
Merge fd7bf900c3 ("i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path") into android12-5.10-lts
Steps on the way to 5.10.180 Change-Id: I3438288cccc8a544306afc5aa178fde55e7e34fb Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
be7602cdd6 |
Merge adc2d82eee ("crypto: sa2ul - Select CRYPTO_DES") into android12-5.10-lts
Steps on the way to 5.10.180 Change-Id: I2356127ad84f0179909589c63453c3367e99f4ee Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d7203e0307 |
Merge 47e61cadc7 ("MIPS: fw: Allow firmware to pass a empty env") into android12-5.10-lts
Steps on the way to 5.10.180 to help resolve some testing errors. Change-Id: I291b51c58e5eeff603ad8bfa999b88c628b0fe8a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Sven Eckelmann
|
7ce0e8b287 |
batman-adv: Switch to kstrtox.h for kstrtou64
commit 55207227189a07513ba4107d72e256313a66a2f3 upstream.
The commit 4c52729377ea ("kernel.h: split out kstrtox() and simple_strtox()
to a separate header") moved the kstrtou64 function to a new header called
linux/kstrtox.h.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Leon Romanovsky
|
e6104284c4 |
neighbour: delete neigh_lookup_nodev as not used
commit 76b9bf965c98c9b53ef7420b3b11438dbd764f92 upstream.
neigh_lookup_nodev isn't used in the kernel after removal
of DECnet. So let's remove it.
Fixes: 1202cdd66531 ("Remove DECnet support from kernel")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/eb5656200d7964b2d177a36b77efa3c597d6d72d.1678267343.git.leonro@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Lin Ma
|
08899e8d5a |
net: tipc: resize nlattr array to correct size
[ Upstream commit 44194cb1b6045dea33ae9a0d54fb7e7cd93a2e09 ] According to nla_parse_nested_deprecated(), the tb[] is supposed to the destination array with maxtype+1 elements. In current tipc_nl_media_get() and __tipc_nl_media_set(), a larger array is used which is unnecessary. This patch resize them to a proper size. Fixes: |
||
Vlad Buslov
|
6ee3728ae8 |
net/sched: cls_api: Fix lockup on flushing explicitly created chain
[ Upstream commit c9a82bec02c339cdda99b37c5e62b3b71fc4209c ]
Mingshuai Ren reports:
When a new chain is added by using tc, one soft lockup alarm will be
generated after delete the prio 0 filter of the chain. To reproduce
the problem, perform the following steps:
(1) tc qdisc add dev eth0 root handle 1: htb default 1
(2) tc chain add dev eth0
(3) tc filter del dev eth0 chain 0 parent 1: prio 0
(4) tc filter add dev eth0 chain 0 parent 1:
Fix the issue by accounting for additional reference to chains that are
explicitly created by RTM_NEWCHAIN message as opposed to implicitly by
RTM_NEWTFILTER message.
Fixes:
|
||
Dan Carpenter
|
221281d60c |
sctp: fix an error code in sctp_sf_eat_auth()
[ Upstream commit 75e6def3b26736e7ff80639810098c9074229737 ]
The sctp_sf_eat_auth() function is supposed to enum sctp_disposition
values and returning a kernel error code will cause issues in the
caller. Change -ENOMEM to SCTP_DISPOSITION_NOMEM.
Fixes:
|
||
|
Lee Jones
|
af6eaa5798 |
net/sched: cls_u32: Fix reference counter leak leading to overflow
[ Upstream commit 04c55383fa5689357bcdd2c8036725a55ed632bc ]
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Fixes:
|
||
Guillaume Nault
|
5852d17aaa |
ping6: Fix send to link-local addresses with VRF.
[ Upstream commit 91ffd1bae1dafbb9e34b46813f5b058581d9144d ]
Ping sockets can't send packets when they're bound to a VRF master
device and the output interface is set to a slave device.
For example, when net.ipv4.ping_group_range is properly set, so that
ping6 can use ping sockets, the following kind of commands fails:
$ ip vrf exec red ping6 fe80::854:e7ff:fe88:4bf1%eth1
What happens is that sk->sk_bound_dev_if is set to the VRF master
device, but 'oif' is set to the real output device. Since both are set
but different, ping_v6_sendmsg() sees their value as inconsistent and
fails.
Fix this by allowing 'oif' to be a slave device of ->sk_bound_dev_if.
This fixes the following kselftest failure:
$ ./fcnal-test.sh -t ipv6_ping
[...]
TEST: ping out, vrf device+address bind - ns-B IPv6 LLA [FAIL]
Reported-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Closes: https://lore.kernel.org/netdev/b6191f90-ffca-dbca-7d06-88a9788def9c@alu.unizg.hr/
Tested-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Fixes:
|
||
|
Pablo Neira Ayuso
|
1200af82cf |
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
[ Upstream commit a1a64a151dae8ac3581c1cbde44b672045cb658b ]
If caller reports ENOMEM, then stop iterating over the batch and send a
single netlink message to userspace to report OOM.
Fixes:
|
||
Stephen Hemminger
|
1c004b379b |
Remove DECnet support from kernel
commit 1202cdd665315c525b5237e96e0bedc76d7e754f upstream. DECnet is an obsolete network protocol that receives more attention from kernel janitors than users. It belongs in computer protocol history museum not in Linux kernel. It has been "Orphaned" in kernel since 2010. The iproute2 support for DECnet was dropped in 5.0 release. The documentation link on Sourceforge says it is abandoned there as well. Leave the UAPI alone to keep userspace programs compiling. This means that there is still an empty neighbour table for AF_DECNET. The table of /proc/sys/net entries was updated to match current directories and reformatted to be alphabetical. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Acked-by: David Ahern <dsahern@kernel.org> Acked-by: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ruihan Li
|
5bffeca4fb |
UPSTREAM: bluetooth: Perform careful capability checks in hci_sock_ioctl()
commit 25c150ac103a4ebeed0319994c742a90634ddf18 upstream.
Previously, capability was checked using capable(), which verified that the
caller of the ioctl system call had the required capability. In addition,
the result of the check would be stored in the HCI_SOCK_TRUSTED flag,
making it persistent for the socket.
However, malicious programs can abuse this approach by deliberately sharing
an HCI socket with a privileged task. The HCI socket will be marked as
trusted when the privileged task occasionally makes an ioctl call.
This problem can be solved by using sk_capable() to check capability, which
ensures that not only the current task but also the socket opener has the
specified capability, thus reducing the risk of privilege escalation
through the previously identified vulnerability.
Bug: 286456284
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
4c20c2c837 |
This is the 5.10.179 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRI7pUACgkQONu9yGCS aT4cCRAA0YwtiFA5PDxWdBVW2f/6ad7NL4cCUATt7yd68j22SKifIxmsI4J3WnmT K8p7yvc7WstuvCyoRT+9LpR969jDa/ao5jQQDky+9nFn39RK2pUQ1S4tQhRr0QWP /QrVbecT4X3rn126JhEMauR97Ma5yp0XMj9lOVIac40irf0UyRrvNHciGLfL37Zy 2Q7AOOJGrA9IREpj+uaG4r8QWZtvVYMCZkIgqZDdnEgfjZew+2w8j+4boL6anxpM 0f+6ZFT5OHUabwuBsw+4ee6eRE0K3iaAzde8pIZ2y1/ihYgQ+VlMwcLRncuE/34X dUG1aQyfbcMdukzWO2fay0on/7NF/U2ljS8WTFjWeCGWXzKRxxbmgXD/WRpBba6V NZQB/LroXv+8HVAzlfnZoHD9ojRg8b3exxjy70hUvgAING2CXMqX7KILalFKQvBz Ish5e5cxUBP2khMo1caPCU04dy3t/CF68UBrx4s8+RJFvGBmTykhfUx+DhS8usmu y0GrvyBfCXb1CW56ZZaip2jLv5IiOUL9KzKpPli1PV9K+He6aa2mTtvKzVBUalZf qVzMTifW6JskpxW58I0xKqiaHY5pZVfv0EX65Gs0gVYskSpSLu5MINMvBl5F1sDf DdrJ+ZivMUNU5eGUf99IQgXuYFPWigEzsXQRfwHr78kFP4wIPxg= =Ubp5 -----END PGP SIGNATURE----- Merge 5.10.179 into android12-5.10-lts Changes in 5.10.179 ARM: dts: rockchip: fix a typo error for rk3288 spdif node arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node arm64: dts: meson-g12-common: specify full DMC range arm64: dts: imx8mm-evk: correct pmic clock source netfilter: br_netfilter: fix recent physdev match breakage regulator: fan53555: Explicitly include bits header net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg virtio_net: bugfix overflow inside xdp_linearize_page() sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP. sfc: Fix use-after-free due to selftest_work netfilter: nf_tables: fix ifdef to also consider nf_tables=m i40e: fix accessing vsi->active_filters without holding lock i40e: fix i40e_setup_misc_vector() error handling mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() net: rpl: fix rpl header size calculation mlxsw: pci: Fix possible crash during initialization bpf: Fix incorrect verifier pruning due to missing register precision taints e1000e: Disable TSO on i219-LM card to increase speed f2fs: Fix f2fs_truncate_partial_nodes ftrace event Input: i8042 - add quirk for Fujitsu Lifebook A574/H selftests: sigaltstack: fix -Wuninitialized scsi: megaraid_sas: Fix fw_crash_buffer_show() scsi: core: Improve scsi_vpd_inquiry() checks net: dsa: b53: mmap: add phy ops s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling nvme-tcp: fix a possible UAF when failing to allocate an io queue xen/netback: use same error messages for same errors powerpc/doc: Fix htmldocs errors xfs: drop submit side trans alloc for append ioends iio: light: tsl2772: fix reading proximity-diodes from device tree nilfs2: initialize unused bytes in segment summary blocks memstick: fix memory leak if card device is never registered kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 mm/khugepaged: check again on anon uffd-wp during isolation sched/uclamp: Make task_fits_capacity() use util_fits_cpu() sched/uclamp: Fix fits_capacity() check in feec() sched/uclamp: Make select_idle_capacity() use util_fits_cpu() sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() sched/uclamp: Make cpu_overutilized() use util_fits_cpu() sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition sched/fair: Detect capacity inversion sched/fair: Consider capacity inversion in util_fits_cpu() sched/uclamp: Fix a uninitialized variable warnings sched/fair: Fixes for capacity inversion detection MIPS: Define RUNTIME_DISCARD_EXIT in LD script docs: futex: Fix kernel-doc references after code split-up preparation purgatory: fix disabling debug info virtiofs: clean up error handling in virtio_fs_get_tree() virtiofs: split requests that exceed virtqueue size fuse: check s_root when destroying sb fuse: fix attr version comparison in fuse_read_update_size() fuse: always revalidate rename target dentry fuse: fix deadlock between atomic O_TRUNC and page invalidation Revert "ext4: fix use-after-free in ext4_xattr_set_entry" ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() ext4: fix use-after-free in ext4_xattr_set_entry udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). dccp: Call inet6_destroy_sock() via sk->sk_destruct(). sctp: Call inet6_destroy_sock() via sk->sk_destruct(). pwm: meson: Explicitly set .polarity in .get_state() pwm: iqs620a: Explicitly set .polarity in .get_state() pwm: hibvt: Explicitly set .polarity in .get_state() iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() ASoC: fsl_asrc_dma: fix potential null-ptr-deref ASN.1: Fix check for strdup() success Linux 5.10.179 Change-Id: I54e476aa9b199a4711a091c77583739ed82af5ad Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Dumazet
|
58e8cf94de |
tcp: fix tcp_min_tso_segs sysctl
commit d24f511b04b8b159b705ec32a3b8782667d1b06a upstream.
tcp_min_tso_segs is now stored in u8, so max value is 255.
255 limit is enforced by proc_dou8vec_minmax().
We can therefore remove the gso_max_segs variable.
Fixes: 47996b489bdc ("tcp: convert elligible sysctls to u8")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Luiz Augusto von Dentz
|
2270e32bd1 |
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
commit c5d2b6fa26b5b8386a9cc902cdece3a46bef2bd2 upstream.
Similar to commit 0f7d9b31ce7a ("netfilter: nf_tables: fix use-after-free
in nft_set_catchall_destroy()"). We can not access k after kfree_rcu()
call.
Cc: stable@vger.kernel.org
Signed-off-by: Min Li <lm0963hack@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Fedor Pchelkin
|
6714873158 |
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
commit 9f16eb106aa5fce15904625661312623ec783ed3 upstream.
Syzkaller reports the following failure:
BUG: KASAN: use-after-free in kref_put include/linux/kref.h:64 [inline]
BUG: KASAN: use-after-free in j1939_priv_put+0x25/0xa0 net/can/j1939/main.c:172
Write of size 4 at addr ffff888141c15058 by task swapper/3/0
CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.10.144-syzkaller #0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x167 lib/dump_stack.c:118
print_address_description.constprop.0+0x1c/0x220 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x145/0x190 mm/kasan/generic.c:192
instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline]
__refcount_sub_and_test include/linux/refcount.h:272 [inline]
__refcount_dec_and_test include/linux/refcount.h:315 [inline]
refcount_dec_and_test include/linux/refcount.h:333 [inline]
kref_put include/linux/kref.h:64 [inline]
j1939_priv_put+0x25/0xa0 net/can/j1939/main.c:172
j1939_sk_sock_destruct+0x44/0x90 net/can/j1939/socket.c:374
__sk_destruct+0x4e/0x820 net/core/sock.c:1784
rcu_do_batch kernel/rcu/tree.c:2485 [inline]
rcu_core+0xb35/0x1a30 kernel/rcu/tree.c:2726
__do_softirq+0x289/0x9a3 kernel/softirq.c:298
asm_call_irq_on_stack+0x12/0x20
</IRQ>
__run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
do_softirq_own_stack+0xaa/0xe0 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:393 [inline]
__irq_exit_rcu kernel/softirq.c:423 [inline]
irq_exit_rcu+0x136/0x200 kernel/softirq.c:435
sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1095
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
Allocated by task 1141:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xc9/0xd0 mm/kasan/common.c:461
kmalloc include/linux/slab.h:552 [inline]
kzalloc include/linux/slab.h:664 [inline]
j1939_priv_create net/can/j1939/main.c:131 [inline]
j1939_netdev_start+0x111/0x860 net/can/j1939/main.c:268
j1939_sk_bind+0x8ea/0xd30 net/can/j1939/socket.c:485
__sys_bind+0x1f2/0x260 net/socket.c:1645
__do_sys_bind net/socket.c:1656 [inline]
__se_sys_bind net/socket.c:1654 [inline]
__x64_sys_bind+0x6f/0xb0 net/socket.c:1654
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x61/0xc6
Freed by task 1141:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track+0x1c/0x30 mm/kasan/common.c:56
kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0x112/0x170 mm/kasan/common.c:422
slab_free_hook mm/slub.c:1542 [inline]
slab_free_freelist_hook+0xad/0x190 mm/slub.c:1576
slab_free mm/slub.c:3149 [inline]
kfree+0xd9/0x3b0 mm/slub.c:4125
j1939_netdev_start+0x5ee/0x860 net/can/j1939/main.c:300
j1939_sk_bind+0x8ea/0xd30 net/can/j1939/socket.c:485
__sys_bind+0x1f2/0x260 net/socket.c:1645
__do_sys_bind net/socket.c:1656 [inline]
__se_sys_bind net/socket.c:1654 [inline]
__x64_sys_bind+0x6f/0xb0 net/socket.c:1654
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x61/0xc6
It can be caused by this scenario:
CPU0 CPU1
j1939_sk_bind(socket0, ndev0, ...)
j1939_netdev_start()
j1939_sk_bind(socket1, ndev0, ...)
j1939_netdev_start()
mutex_lock(&j1939_netdev_lock)
j1939_priv_set(ndev0, priv)
mutex_unlock(&j1939_netdev_lock)
if (priv_new)
kref_get(&priv_new->rx_kref)
return priv_new;
/* inside j1939_sk_bind() */
jsk->priv = priv
j1939_can_rx_register(priv) // fails
j1939_priv_set(ndev, NULL)
kfree(priv)
j1939_sk_sock_destruct()
j1939_priv_put() // <- uaf
To avoid this, call j1939_can_rx_register() under j1939_netdev_lock so
that a concurrent thread cannot process j1939_priv before
j1939_can_rx_register() returns.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes:
|
||
|
Fedor Pchelkin
|
cc834f4d97 |
can: j1939: change j1939_netdev_lock type to mutex
commit cd9c790de2088b0d797dc4d244b4f174f9962554 upstream.
It turns out access to j1939_can_rx_register() needs to be serialized,
otherwise j1939_priv can be corrupted when parallel threads call
j1939_netdev_start() and j1939_can_rx_register() fails. This issue is
thoroughly covered in other commit which serializes access to
j1939_can_rx_register().
Change j1939_netdev_lock type to mutex so that we do not need to remove
GFP_KERNEL from can_rx_register().
j1939_netdev_lock seems to be used in normal contexts where mutex usage
is not prohibited.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes:
|
||
Oleksij Rempel
|
0268005076 |
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
commit 2a84aea80e925ecba6349090559754f8e8eb68ef upstream.
This patch addresses an issue within the j1939_sk_send_loop_abort()
function in the j1939/socket.c file, specifically in the context of
Transport Protocol (TP) sessions.
Without this patch, when a TP session is initiated and a Clear To Send
(CTS) frame is received from the remote side requesting one data packet,
the kernel dispatches the first Data Transport (DT) frame and then waits
for the next CTS. If the remote side doesn't respond with another CTS,
the kernel aborts due to a timeout. This leads to the user-space
receiving an EPOLLERR on the socket, and the socket becomes active.
However, when trying to read the error queue from the socket with
sock.recvmsg(, , socket.MSG_ERRQUEUE), it returns -EAGAIN,
given that the socket is non-blocking. This situation results in an
infinite loop: the user-space repeatedly calls epoll(), epoll() returns
the socket file descriptor with EPOLLERR, but the socket then blocks on
the recv() of ERRQUEUE.
This patch introduces an additional check for the J1939_SOCK_ERRQUEUE
flag within the j1939_sk_send_loop_abort() function. If the flag is set,
it indicates that the application has subscribed to receive error queue
messages. In such cases, the kernel can communicate the current transfer
state via the error queue. This allows for the function to return early,
preventing the unnecessary setting of the socket into an error state,
and breaking the infinite loop. It is crucial to note that a socket
error is only needed if the application isn't using the error queue, as,
without it, the application wouldn't be aware of transfer issues.
Fixes:
|
||
Vladislav Efanov
|
9ece26ff08 |
batman-adv: Broken sync while rescheduling delayed work
commit abac3ac97fe8734b620e7322a116450d7f90aa43 upstream.
Syzkaller got a lot of crashes like:
KASAN: use-after-free Write in *_timers*
All of these crashes point to the same memory area:
The buggy address belongs to the object at ffff88801f870000
which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 5320 bytes inside of
8192-byte region [ffff88801f870000, ffff88801f872000)
This area belongs to :
batadv_priv->batadv_priv_dat->delayed_work->timer_list
The reason for these issues is the lack of synchronization. Delayed
work (batadv_dat_purge) schedules new timer/work while the device
is being deleted. As the result new timer/delayed work is set after
cancel_delayed_work_sync() was called. So after the device is freed
the timer list contains pointer to already freed memory.
Found by Linux Verification Center (linuxtesting.org) with syzkaller.
Cc: stable@kernel.org
Fixes:
|
||
|
Hangyu Hua
|
36d07046c2 |
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
[ Upstream commit 44f8baaf230c655c249467ca415b570deca8df77 ]
try_module_get will be called in tcf_proto_lookup_ops. So module_put needs
to be called to drop the refcount if ops don't implement the required
function.
Fixes:
|