14
4555 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruno Martins
|
2f84185dd7 |
Merge branch 'android11-5.4-lts' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
* 'android11-5.4-lts' of https://android.googlesource.com/kernel/common: FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Linux 5.4.268 arm64: dts: armada-3720-turris-mox: set irq type for RTC perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set i2c: s3c24xx: fix transferring more than one message in polling mode i2c: s3c24xx: fix read transfers in polling mode mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure kdb: Fix a potential buffer overflow in kdb_local() kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ ipvs: avoid stat macros calls from preemptible context netfilter: nf_tables: skip dead set elements in netlink dump net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe net: ravb: Fix dma_addr_t truncation in error case net: phy: micrel: populate .soft_reset for KSZ9131 net: qualcomm: rmnet: fix global oob in rmnet_policy s390/pci: fix max size calculation in zpci_memcpy_toio() PCI: keystone: Fix race condition when initializing PHYs nvmet-tcp: Fix the H2C expected PDU len calculation serial: imx: Correct clock error message in function probe() apparmor: avoid crash when parsed profile name is empty perf env: Avoid recursively taking env->bpf_progs.lock perf bpf: Decouple creating the evlist from adding the SB event perf top: Move sb_evlist to 'struct perf_top' perf record: Move sb_evlist to 'struct record' perf env: Add perf_env__numa_node() nvmet-tcp: fix a crash in nvmet_req_complete() nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length perf genelf: Set ELF program header addresses properly software node: Let args be NULL in software_node_get_reference_args acpi: property: Let args be NULL in __acpi_node_get_property_reference serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() mips: Fix incorrect max_low_pfn adjustment HID: wacom: Correct behavior when processing some confidence == false touches x86/kvm: Do not try to disable kvmclock if it was not enabled wifi: mwifiex: configure BSSID consistently when starting AP wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code rootfs: Fix support for rootfstype= when root= is given fbdev: flush deferred work in fb_deferred_io_fsync() ALSA: oxygen: Fix right channel of capture volume mixer usb: mon: Fix atomicity violation in mon_bin_vma_fault usb: typec: class: fix typec_altmode_put_partner to put plugs Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Revert "usb: dwc3: Soft reset phy on probe for host" usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug binder: fix unused alloc->free_async_space binder: fix race between mmput() and do_exit() xen-netback: don't produce zero-size SKB frags Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" Input: atkbd - use ab83 as id when skipping the getid command binder: fix use-after-free in shinker's callback binder: fix async space check for 0-sized buffers of: unittest: Fix of_count_phandle_with_args() expected value message of: Fix double free in of_parse_phandle_with_args_map mmc: sdhci_omap: Fix TI SoC dependencies clk: si5341: fix an error code problem in si5341_output_clk_set_rate watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: set cdev owner before adding drivers: clk: zynqmp: calculate closest mux rate gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table drm/amd/pm: fix a double-free in si_dpm_init drm/amdgpu/debugfs: fix error code when smc register accessors are NULL media: dvbdev: drop refcount on error path in dvb_device_open() media: cx231xx: fix a memleak in cx231xx_init_isoc drm/bridge: tc358767: Fix return value on error case drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/drv: propagate errors from drm_modeset_register_all() drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks drm/msm/mdp4: flush vblank event on disable ASoC: cs35l34: Fix GPIO name and drop legacy include ASoC: cs35l33: Fix GPIO name and drop legacy include drm/radeon: check return value of radeon_ring_lock() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() f2fs: fix to avoid dirent corruption drm/bridge: Fix typo in post_disable() description media: pvrusb2: fix use after free on context disconnection RDMA/usnic: Silence uninitialized symbol smatch warnings ARM: davinci: always select CONFIG_CPU_ARM926T ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() Bluetooth: btmtkuart: fix recv_buf() return value Bluetooth: Fix bogus check for re-auth no supported with non-ssp netfilter: nf_tables: mark newset as dead on transaction abort wifi: rtlwifi: rtl8192se: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192de: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: add calculate_bit_shift() dma-mapping: clear dev->dma_mem to NULL after freeing it virtio/vsock: fix logic which reduces credit update messages selftests/net: fix grep checking for fib_nexthop_multiprefix scsi: hisi_sas: Replace with standard error code return value arm64: dts: qcom: sdm845-db845c: correct LED panic indicator scsi: fnic: Return error if vmalloc() failed wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() net/ncsi: Fix netlink major/minor version numbers ncsi: internal.h: Fix a spello ARM: dts: qcom: apq8064: correct XOADC register address wifi: libertas: stop selecting wext bpf, lpm: Fix check prefixlen before walking trie wifi: rtw88: fix RX filter in FIF_ALLMULTI flag NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT blocklayoutdriver: Fix reference leak of pnfs_device_node crypto: scomp - fix req->dst buffer overflow crypto: sahara - do not resize req->src when doing hash operations crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - fix ahash reqsize crypto: virtio - Wait for tasklet to complete on device remove gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() crypto: sahara - fix error handling in sahara_hw_descriptor_create() crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix ahash selftest failure crypto: sahara - remove FLAGS_NEW_KEY logic crypto: af_alg - Disallow multiple in-flight AIO requests crypto: ccp - fix memleak in ccp_init_dm_workarea virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC crypto: virtio - don't use 'default m' crypto: virtio - Handle dataq logic with tasklet selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket mtd: Fix gluebi NULL pointer dereference caused by ftl notifier spi: sh-msiof: Enforce fixed DTDL for R-Car H3 calipso: fix memory leak in netlbl_calipso_add_pass() netlabel: remove unused parameter in netlbl_netlink_auditinfo() net: netlabel: Fix kerneldoc warnings ACPI: LPIT: Avoid u32 multiplication overflow ACPI: video: check for error while searching for backlight device parent mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response powerpc/imc-pmu: Add a null pointer check in update_events_in_group() powerpc/powernv: Add a null pointer check in opal_powercap_init() powerpc/powernv: Add a null pointer check in opal_event_init() powerpc/powernv: Add a null pointer check to scom_debug_init_one() selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/pseries/memhp: Fix access beyond end of drmem array powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/44x: select I2C for CURRITUCK powerpc: add crtsavres.o to always-y instead of extra-y EDAC/thunderx: Fix possible out-of-bounds string access x86/lib: Fix overflow when counting digits coresight: etm4x: Fix width of CCITMIN field parport: parport_serial: Add Brainboxes device IDs and geometry parport: parport_serial: Add Brainboxes BAR details uio: Fix use-after-free in uio_open binder: fix comment on binder_alloc_new_buf() return value binder: fix trivial typo of binder_free_buf_locked() binder: use EPOLLERR from eventpoll.h ACPI: resource: Add another DMI match for the TongFang GMxXGxx drm/crtc: fix uninitialized variable use ARM: sun9i: smp: fix return code check of of_property_match_string ida: Fix crash in ida_free when the bitmap is empty Input: xpad - add Razer Wolverine V2 support ARC: fix spare error s390/scm: fix virtual vs physical address confusion Input: i8042 - add nomux quirk for Acer P459-G2-M Input: atkbd - skip ATKBD_CMD_GETID in translated mode reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI tracing: Add size check when printing trace_marker output tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing neighbour: Don't let neigh_forced_gc() disable preemption for long drm/crtc: Fix uninit-value bug in drm_mode_setcrtc jbd2: correct the printing of write_flags in jbd2_write_superblock() clk: rockchip: rk3128: Fix HCLK_OTG gate register drm/exynos: fix a wrong error checking drm/exynos: fix a potential error pointer dereference nvme: introduce helper function to get ctrl state ASoC: da7219: Support low DC impedance headset net/tg3: fix race condition in tg3_reset_task() nouveau/tu102: flush all pdbs on vmm flush ASoC: rt5650: add mutex to avoid the jack detection failure ASoC: cs43130: Fix incorrect frame delay configuration ASoC: cs43130: Fix the position of const qualifier ASoC: Intel: Skylake: mem leak in skl register function ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: Fix mem leak in few functions ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro pinctrl: lochnagar: Don't build on MIPS f2fs: explicitly null-terminate the xattr list Revert "ipv6: make ip6_rt_gc_expire an atomic_t" Revert "ipv6: remove max_size check inline with ipv4" Linux 5.4.267 ASoC: meson: codec-glue: fix pcm format cast warning ipv6: remove max_size check inline with ipv4 ipv6: make ip6_rt_gc_expire an atomic_t net/dst: use a smaller percpu_counter batch for dst entries accounting PCI: Disable ATS for specific Intel IPU E2000 devices PCI: Extract ATS disabling to a helper function netfilter: nf_tables: Reject tables of unsupported family net: tls, update curr on splice as well ath10k: Get rid of "per_ce_irq" hw param ath10k: Keep track of which interrupts fired, don't poll them ath10k: Add interrupt summary based CE processing ath10k: Wait until copy complete is actually done before completing mmc: sdhci-sprd: Fix eMMC init failure after hw reset mmc: core: Cancel delayed work before releasing host mmc: rpmb: fixes pause retune on all RPMB partitions. mm: fix unmap_mapping_range high bits shift bug i2c: core: Fix atomic xfer check for non-preempt config firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards mm/memory-failure: check the mapcount of the precise page net: Implement missing SO_TIMESTAMPING_NEW cmsg support bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() asix: Add check for usbnet_get_endpoints net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues net/qla3xxx: switch from 'pci_' to 'dma_' API i40e: Restore VF MSI-X state during PCI reset ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a: extract codec-to-codec utils i40e: fix use-after-free in i40e_aqc_add_filters() net: Save and restore msg_namelen in sock_sendmsg net: bcmgenet: Fix FCS generation for fragmented skbuffs ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps can: raw: add support for SO_MARK can: raw: add support for SO_TXTIME/SCM_TXTIME net: sched: em_text: fix possible memory leak in em_text_destroy() i40e: Fix filter input checks to prevent config with invalid values nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ANDROID: db845c: Enable device tree overlay support Linux 5.4.266 block: Don't invalidate pagecache for invalid falloc modes ring-buffer: Fix wake ups when buffer_percent is set to 100 smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw interconnect: Treat xlate() returning NULL node as an error btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 pinctrl: at91-pio4: use dedicated lock class for IRQ i2c: aspeed: Handle the coalesced stop conditions with the start conditions. afs: Fix overwriting of result of DNS query net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix dynamic root lookup DNS check afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments Revert "net/mlx5e: fix double free of encap_header" wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ANDROID: GKI: fix crc issue in include/net/addrconf.h Revert "cred: switch to using atomic_long_t" Linux 5.4.265 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS soundwire: stream: fix NULL pointer dereference for multi_link perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" usb: aqc111: check packet for fixup for true limit Revert "PCI: acpiphp: Reassign resources on bridge if necessary" ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants cred: switch to using atomic_long_t appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree net: stmmac: use dev_err_probe() for reporting mdio bus registration failure vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX afs: Fix refcount underflow from error handling race Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "mmc: core: add helpers mmc_regulator_enable/disable_vqmmc" Revert "mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" Linux 5.4.264 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work smb: client: fix potential NULL deref in parse_dfs_referrals() cifs: Fix non-availability of dedup breaking generic/304 Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held io_uring/af_unix: disable sending io_uring over sockets nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata ARM: PL011: Fix DMA support usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled mmc: core: add helpers mmc_regulator_enable/disable_vqmmc gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names arm64: dts: mediatek: mt7622: fix memory node warning check packet: Move reference count in packet_sock to atomic_long_t tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string bpf: sockmap, updating the sg structure should also update curr tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() of: dynamic: Fix of_reconfig_get_state_change() return value documentation of: Add missing 'Return' section in kerneldoc comments of: Fix kerneldoc output formatting of: base: Fix some formatting issues and provide missing descriptions of/irq: Make of_msi_map_rid() PCI bus agnostic of/irq: make of_msi_map_get_device_domain() bus agnostic of/iommu: Make of_map_rid() PCI agnostic ACPI/IORT: Make iort_msi_map_rid() PCI agnostic ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic of: base: Add of_get_cpu_state_node() to get idle states for a CPU node drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier Revert "HID: core: store the unique system identifier in hid_device" Revert "HID: fix HID device resource race between HID core and debugging support" Linux 5.4.263 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency scsi: qla2xxx: Fix system crash due to bad pointer access scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Introduce the scsi_cmd_to_rq() function scsi: qla2xxx: Simplify the code for aborting SCSI commands ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded net: ravb: Use pm_runtime_resume_and_get() ravb: Fix races between ravb_tx_timeout_work() and net related ops net: stmmac: xgmac: Disable FPE MMC interrupts ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: make error messages more clear when getting a chunk map btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address btrfs: add dmesg output for first mount and last unmount of a filesystem powerpc: Don't clobber f0/vs0 during fp|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Add supported ALC257 for ChromeOS ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration io_uring: fix off-by one bvec index USB: dwc3: qcom: fix wakeup after probe deferral USB: dwc3: qcom: fix resource leaks on probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields ext4: make sure allocate pending entry not fail ext4: fix slab-use-after-free in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_delayed_block() ext4: using nofail preallocation in ext4_es_remove_extent() ext4: use pre-allocated es in __es_remove_extent() ext4: use pre-allocated es in __es_insert_extent() ext4: factor out __es_alloc_extent() and __es_free_extent() ext4: add a new helper to check if es must be kept MIPS: KVM: Fix a build warning about variable set but not used nvmet: nul-terminate the NQNs passed in the connect command nvmet: remove unnecessary ctrl parameter afs: Fix file locking on R/O volumes to operate in local mode afs: Return ENOENT if no cell DNS record can be found net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings drm/panel: simple: Fix Innolux G101ICE-L01 bus flags afs: Make error on cell lookup failure consistent with OpenAFS PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override Revert "tracing: Have trace_event_file have ref counters" Linux 5.4.262 netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: fix table flag updates netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: double hook unregistration in netns path netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: don't skip expired elements during walk netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nf_tables: drop map element references from preparation phase netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: pass context to nft_set_destroy() tracing: Have trace_event_file have ref counters drm/amdgpu: fix error handling in amdgpu_bo_list_get() ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct the start block of counting reserved clusters ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" nfsd: fix file memleak on client_opens_release media: venus: hfi: add checks to handle capabilities from firmware media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi_parser: Add check to keep the number of codecs within range media: sharp: fix sharp encoding media: lirc: drop trailing space from scancode transmit i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables bluetooth: Add device 13d3:3571 to device tables bluetooth: Add device 0bda:887b to device tables Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 Bluetooth: btusb: add Realtek 8822CE to usb_device_id table Bluetooth: btusb: Add flag to define wideband speech capability tty: serial: meson: fix hard LOCKUP on crtscts mode serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: retrieve port FIFO size from DT serial: meson: remove redundant initialization of variable id ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines i3c: master: cdns: Fix reading status register mm/cma: use nth_page() in place of direct struct page manipulation dmaengine: stm32-mdma: correct desc prep when channel running mcb: fix error handling for different scenarios when parsing i2c: core: Run atomic i2c xfer when !preemptible kernel/reboot: emergency_restart: Set correct system_state quota: explicitly forbid quota files from being encrypted jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev btrfs: don't arbitrarily slow down delalloc if we're committing PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list mmc: vub300: fix an error code clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks parisc/pdc: Add width field to struct pdc_model PCI: keystone: Don't discard .probe() callback PCI: keystone: Don't discard .remove() callback genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR ACPI: resource: Do IRQ override on TongFang GMxXGxx PCI/sysfs: Protect driver's D3cold preference from user space hvc/xen: fix error path in xen_hvc_init() to always register frontend driver audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't take task_lock() in audit_exe_compare() code path KVM: x86: Ignore MSR_AMD64_TW_CFG access KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space x86/cpu/hygon: Fix the CPU topology evaluation for real scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END randstruct: Fix gcc-plugin performance mode to stay in group media: venus: hfi: add checks to perform sanity on queue pointers cifs: spnego: add ';' in HOST_KEY_LEN tools/power/turbostat: Fix a knl bug macvlan: Don't propagate promisc change to lower dev in passthru net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors net/mlx5_core: Clean driver version and name net/mlx5e: fix double free of encap_header net: stmmac: fix rx budget limit check net: stmmac: Rework stmmac_rx() netfilter: nf_conntrack_bridge: initialize err to 0 net: ethernet: cortina: Fix MTU max setting net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix max RX frame define bonding: stop the device in bond_setup_by_slave() ptp: annotate data-race around q->head and q->tail xen/events: fix delayed eoi list handling ppp: limit MRU to 64K tipc: Fix kernel-infoleak due to uninitialized TLV value net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() tty: Fix uninit-value access in ppp_sync_receive() ipvlan: add ipvlan_route_v6_outbound() helper NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO wifi: iwlwifi: Use FW rate for non-data frames pwm: Fix double shift bug ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings kgdb: Flush console before entering kgdb on panic drm/amd/display: Avoid NULL dereference of timing generator media: cobalt: Use FIELD_GET() to extract Link Width gfs2: ignore negated quota changes media: vivid: avoid integer overflow media: gspca: cpia1: shift-out-of-bounds in set_flicker i2c: sun6i-p2wi: Prevent potential division by zero usb: gadget: f_ncm: Always set current gadget in ncm_bind() tty: vcc: Add check for kstrdup() in vcc_probe() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() atm: iphase: Do PCI error checks on own line PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields ALSA: hda: Fix possible null-ptr-deref when assigning a stream ARM: 9320/1: fix stack depot IRQ stack filter jfs: fix array-index-out-of-bounds in diAlloc jfs: fix array-index-out-of-bounds in dbFindLeaf fs/jfs: Add validity check for db_maxag and db_agpref fs/jfs: Add check for negative db_l2nbperpage RDMA/hfi1: Use FIELD_GET() to extract Link Width crypto: pcrypt - Fix hungtask for PADATA_RESET selftests/efivarfs: create-read: fix a resource leak drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/komeda: drop all currently held locks if deadlock happens platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Bluetooth: Fix double free in hci_conn_cleanup wifi: ath10k: Don't touch the CE interrupt registers after power up net: annotate data-races around sk->sk_dst_pending_confirm net: annotate data-races around sk->sk_tx_queue_mapping wifi: ath10k: fix clang-specific fortify warning wifi: ath9k: fix clang-specific fortify warnings wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: mac80211_hwsim: fix clang-specific fortify warning x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware clocksource/drivers/timer-imx-gpt: Fix potential memory leak perf/core: Bail out early if the request AUX area is out of bound locking/ww_mutex/test: Fix potential workqueue corruption Revert "inet: shrink struct flowi_common" Revert "ipvlan: properly track tx_errors" ANDROID: fix up rpmsg_device ABI break ANDROID: fix up platform_device ABI break Linux 5.4.261 btrfs: use u64 for buffer sizes in the tree search ioctls Revert "mmc: core: Capture correct oemid-bits for eMMC cards" fbdev: fsl-diu-fb: mark wr_reg_wa() static fbdev: imsttfb: fix a resource leak in probe fbdev: imsttfb: Fix error path of imsttfb_probe() spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs netfilter: xt_recent: fix (increase) ipv6 literal buffer length r8169: respect userspace disabling IFF_MULTICAST tg3: power down device only on SYSTEM_POWER_OFF net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs Fix termination state for idr_for_each_entry_ul() net: r8169: Disable multicast filter for RTL8168H and RTL8107E dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. dccp: Call security_inet_conn_request() after setting IPv4 addresses. inet: shrink struct flowi_common tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING llc: verify mac len before reading mac header Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: sti: Avoid conditional gotos regmap: prevent noinc writes from clobbering cache media: dvb-usb-v2: af9035: fix missing unlock media: s3c-camif: Avoid inappropriate kfree() media: bttv: fix use after free error due to btv->timeout timer pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: cs: fix possible hung task and memory leak pccardd() rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs powerpc/pseries: fix potential memory leak in init_cpu_associativity() powerpc/imc-pmu: Use the correct spinlock initializer. powerpc/xive: Fix endian conversion size modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() USB: usbip: fix stub_dev hub disconnect tools: iio: iio_generic_buffer ensure alignment tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: privatize globals and functions in iio_generic_buffer.c file misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() dmaengine: ti: edma: handle irq_of_parse_and_map() errors usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency tty: tty_jobctrl: fix pid memleak in disassociate_ctty() leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' ledtrig-cpu: Limit to 8 CPUs leds: pwm: Don't disable the PWM when the LED should be off leds: pwm: convert to atomic PWM API leds: pwm: simplify if condition mfd: dln2: Fix double put in dln2_probe ASoC: ams-delta.c: use component after check ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails sh: bios: Revive earlyprintk support RDMA/hfi1: Workaround truncation compilation error scsi: ufs: core: Leave space for '\0' in utf8 desc string ext4: move 'ix' sanity check to corrent position ARM: 9321/1: memset: cast the constant byte to unsigned char hid: cp2112: Fix duplicate workqueue initialization HID: cp2112: Use irqchip template crypto: caam/jr - fix Chacha20 + Poly1305 self test failure crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure nd_btt: Make BTT lanes preemptible sched/rt: Provide migrate_disable/enable() inlines libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value hwrng: geode - fix accessing registers clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped firmware: ti_sci: Mark driver as non removable firmware: ti_sci: Replace HTTP links with HTTPS ones soc: qcom: llcc: Handle a second device without data corruption soc: qcom: Rename llcc-slice to llcc-qcom soc: qcom: llcc cleanup to get rid of sdm845 specific driver file ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator arm64: dts: qcom: sdm845-mtp: fix WiFi configuration drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() drm/radeon: possible buffer overflow drm/rockchip: vop: Fix call to crtc reset helper drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs hwmon: (coretemp) Fix potentially truncated sysfs attribute name platform/x86: wmi: Fix opening of char device platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix probe failure when failing to register WMI devices clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data clk: npcm7xx: Fix incorrect kfree clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: imx: Select MXC_CLK for CLK_IMX8QXP clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies regmap: debugfs: Fix a erroneous check after snprintf() ipvlan: properly track tx_errors net: add DEV_STATS_READ() helper ipv6: avoid atomic fragment on GSO packets ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() tcp: fix cookie_init_timestamp() overflows tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp chtls: fix tp->rcv_tstamp initialization r8169: fix rare issue with broken rx after link-down on RTL8125 r8169: use tp_to_dev instead of open code thermal: core: prevent potential string overflow can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() can: dev: can_restart(): don't crash kernel if carrier is OK wifi: rtlwifi: fix EDCA limit set by BT coexistence tcp_metrics: do not create an entry from tcp_init_metrics() tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: add missing barriers on delete wifi: mt76: mt7603: rework/fix rx pse hang check wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed i40e: fix potential memory leaks in i40e_remove() genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() vfs: fix readahead(2) on block devices Linux 5.4.260 tty: 8250: Add support for Intashield IS-100 tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Remove UC-257 and UC-431 usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver" nvmet-tcp: Fix a possible UAF in queue intialization setup nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites remove the sx8 block driver ata: ahci: fix enum constants for gcc-13 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw platform/mellanox: mlxbf-tmfifo: Fix a warning message platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e scsi: mpt3sas: Fix in error path fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() ASoC: rt5650: fix the wrong result of key button netfilter: nfnetlink_log: silence bogus compiler warning spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe irqchip/stm32-exti: add missing DT IRQ flag translation Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table x86: Fix .brk attribute in linker script rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg: glink: Release driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Constify local variable in field store macro driver: platform: Add helper for safer setting of driver_override ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow ext4: avoid overlapping preallocations due to overflow ext4: add two helper functions extent_logical_end() and pa_logical_end() x86/mm: Fix RESERVE_BRK() for older binutils x86/mm: Simplify RESERVE_BRK() nfsd: lock_rename() needs both directories to live on the same fs f2fs: fix to do sanity check on inode type during garbage collection smbdirect: missing rc checks while waiting for rdma events kobject: Fix slab-out-of-bounds in fill_kobj_path() arm64: fix a concurrency issue in emulation_proc_handler() drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name perf/core: Fix potential NULL deref nvmem: imx: correct nregs for i.MX6UL nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6ULL i2c: aspeed: Fix i2c bus hang in slave read i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() iio: exynos-adc: request second interupt only when touchscreen mode is used gtp: fix fragmentation needed check with gso gtp: uapi: fix GTPA_MAX tcp: fix wrong RTO timeout when received SACK reneging r8152: Cancel hw_phy_work if we have an error in probe r8152: Run the unload routine if we have errors during probe r8152: Increase USB control msg timeout to 5000ms as per spec net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() igc: Fix ambiguity in the ethtool advertising neighbour: fix various data-races igb: Fix potential memory leak in igb_add_ethtool_nfc_entry treewide: Spelling fix in comment r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 virtio-mmio: fix memory leak of vm_dev virtio_balloon: Fix endless deflation and inflation on arm64 mcb-lpc: Reallocate memory region to avoid memory overlapping mcb: Return actual parsed size when reading chameleon table selftests/ftrace: Add new test case which checks non unique symbol mtd: rawnand: marvell: Ensure program page operations are successful Conflicts: drivers/clk/qcom/gcc-sm8150.c drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/soc/qcom/Kconfig drivers/soc/qcom/Makefile drivers/soc/qcom/llcc-qcom.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c include/linux/soc/qcom/llcc-qcom.h include/net/netfilter/nf_tables.h mm/memory-failure.c net/netfilter/nf_tables_api.c net/netfilter/nft_set_hash.c net/netfilter/nft_set_rbtree.c Notes: * Dropped the following upstream commits: |
||
Greg Kroah-Hartman
|
74299cb130 |
This is the 5.4.268 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWy4hYACgkQONu9yGCS aT7SVBAAyx1DlSyJWcqzpESH0+VfqyWHxXlKS6Ip5wT0/+t0gglIKkwU/O0FsRXw pLO24wL0+MuIzgfZZj7wieAOPlGLOonKAvvUHGEMlpfAzyKjmZuW93WLKQlA/Oec uaT2ooQevRQcgXzbuV1yN/CeCnhbtmiQdcwy6OU5QACfzguQYtDbNGpbVHJEyEIW khlr+tj1KgRMzh/Sx76RPg4C/hkZBHun3tPcE0lTg+5QZDSkUj5gEdhVOSG2qmSh Lj9zt/isY3v6Whixel9YoTLr9SukI7ZlKzMrH1kSbGtTW3uZqgqB+7wCi1tWoNE1 Zwu9/kUe1dU1kfwYW8AA5OwupjBjADVnZZx1cKN3nQZG2J8bSKHwHmuZPx3DGhJ1 sxlaQ0nGvcEbCKljlIqsHzx2U22YKk939mVz5Y+MZYT5uwWRHI+iH4yRW97putSP t8tb3uX69Gsl6B+gLu38Mr7kkwyY06xmMnc5dfNCPwh8SxLj3dG7Gft90CNq1JKT q2cwlMEcDZRlC08kwzD7pRehZ6hYLRlTOv8yhQsQefcfzrtsT18Cec5TI2k72NOe fbIY8us3Qsr8JVSYuObGqT8LmkX9pkmRozEXgENvwltijEsWULoO2Hs+Z/yD07z8 RYqtxWxVxFVeHTkrXbbMUTZWhFx5LE+rtxCySpfeFkv0WgRRwa8= =vkKq -----END PGP SIGNATURE----- Merge 5.4.268 into android11-5.4-lts Changes in 5.4.268 f2fs: explicitly null-terminate the xattr list pinctrl: lochnagar: Don't build on MIPS ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro ASoC: Intel: Skylake: Fix mem leak in few functions ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: mem leak in skl register function ASoC: cs43130: Fix the position of const qualifier ASoC: cs43130: Fix incorrect frame delay configuration ASoC: rt5650: add mutex to avoid the jack detection failure nouveau/tu102: flush all pdbs on vmm flush net/tg3: fix race condition in tg3_reset_task() ASoC: da7219: Support low DC impedance headset nvme: introduce helper function to get ctrl state drm/exynos: fix a potential error pointer dereference drm/exynos: fix a wrong error checking clk: rockchip: rk3128: Fix HCLK_OTG gate register jbd2: correct the printing of write_flags in jbd2_write_superblock() drm/crtc: Fix uninit-value bug in drm_mode_setcrtc neighbour: Don't let neigh_forced_gc() disable preemption for long tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing tracing: Add size check when printing trace_marker output ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning Input: atkbd - skip ATKBD_CMD_GETID in translated mode Input: i8042 - add nomux quirk for Acer P459-G2-M s390/scm: fix virtual vs physical address confusion ARC: fix spare error Input: xpad - add Razer Wolverine V2 support ida: Fix crash in ida_free when the bitmap is empty ARM: sun9i: smp: fix return code check of of_property_match_string drm/crtc: fix uninitialized variable use ACPI: resource: Add another DMI match for the TongFang GMxXGxx binder: use EPOLLERR from eventpoll.h binder: fix trivial typo of binder_free_buf_locked() binder: fix comment on binder_alloc_new_buf() return value uio: Fix use-after-free in uio_open parport: parport_serial: Add Brainboxes BAR details parport: parport_serial: Add Brainboxes device IDs and geometry coresight: etm4x: Fix width of CCITMIN field x86/lib: Fix overflow when counting digits EDAC/thunderx: Fix possible out-of-bounds string access powerpc: add crtsavres.o to always-y instead of extra-y powerpc/44x: select I2C for CURRITUCK powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/pseries/memhp: Fix access beyond end of drmem array selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/powernv: Add a null pointer check to scom_debug_init_one() powerpc/powernv: Add a null pointer check in opal_event_init() powerpc/powernv: Add a null pointer check in opal_powercap_init() powerpc/imc-pmu: Add a null pointer check in update_events_in_group() mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response ACPI: video: check for error while searching for backlight device parent ACPI: LPIT: Avoid u32 multiplication overflow net: netlabel: Fix kerneldoc warnings netlabel: remove unused parameter in netlbl_netlink_auditinfo() calipso: fix memory leak in netlbl_calipso_add_pass() spi: sh-msiof: Enforce fixed DTDL for R-Car H3 mtd: Fix gluebi NULL pointer dereference caused by ftl notifier selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket crypto: virtio - Handle dataq logic with tasklet crypto: virtio - don't use 'default m' virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC crypto: ccp - fix memleak in ccp_init_dm_workarea crypto: af_alg - Disallow multiple in-flight AIO requests crypto: sahara - remove FLAGS_NEW_KEY logic crypto: sahara - fix ahash selftest failure crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix error handling in sahara_hw_descriptor_create() pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump crypto: virtio - Wait for tasklet to complete on device remove crypto: sahara - fix ahash reqsize crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - do not resize req->src when doing hash operations crypto: scomp - fix req->dst buffer overflow blocklayoutdriver: Fix reference leak of pnfs_device_node NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT wifi: rtw88: fix RX filter in FIF_ALLMULTI flag bpf, lpm: Fix check prefixlen before walking trie wifi: libertas: stop selecting wext ARM: dts: qcom: apq8064: correct XOADC register address ncsi: internal.h: Fix a spello net/ncsi: Fix netlink major/minor version numbers firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior scsi: fnic: Return error if vmalloc() failed arm64: dts: qcom: sdm845-db845c: correct LED panic indicator scsi: hisi_sas: Replace with standard error code return value selftests/net: fix grep checking for fib_nexthop_multiprefix virtio/vsock: fix logic which reduces credit update messages dma-mapping: clear dev->dma_mem to NULL after freeing it wifi: rtlwifi: add calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192de: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192se: using calculate_bit_shift() netfilter: nf_tables: mark newset as dead on transaction abort Bluetooth: Fix bogus check for re-auth no supported with non-ssp Bluetooth: btmtkuart: fix recv_buf() return value ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() ARM: davinci: always select CONFIG_CPU_ARM926T RDMA/usnic: Silence uninitialized symbol smatch warnings media: pvrusb2: fix use after free on context disconnection drm/bridge: Fix typo in post_disable() description f2fs: fix to avoid dirent corruption drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon: check return value of radeon_ring_lock() ASoC: cs35l33: Fix GPIO name and drop legacy include ASoC: cs35l34: Fix GPIO name and drop legacy include drm/msm/mdp4: flush vblank event on disable drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks drm/drv: propagate errors from drm_modeset_register_all() drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/bridge: tc358767: Fix return value on error case media: cx231xx: fix a memleak in cx231xx_init_isoc media: dvbdev: drop refcount on error path in dvb_device_open() drm/amdgpu/debugfs: fix error code when smc register accessors are NULL drm/amd/pm: fix a double-free in si_dpm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers: clk: zynqmp: calculate closest mux rate watchdog: set cdev owner before adding watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling clk: si5341: fix an error code problem in si5341_output_clk_set_rate mmc: sdhci_omap: Fix TI SoC dependencies of: Fix double free in of_parse_phandle_with_args_map of: unittest: Fix of_count_phandle_with_args() expected value message binder: fix async space check for 0-sized buffers binder: fix use-after-free in shinker's callback Input: atkbd - use ab83 as id when skipping the getid command Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" xen-netback: don't produce zero-size SKB frags binder: fix race between mmput() and do_exit() binder: fix unused alloc->free_async_space tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart Revert "usb: dwc3: Soft reset phy on probe for host" Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: typec: class: fix typec_altmode_put_partner to put plugs usb: mon: Fix atomicity violation in mon_bin_vma_fault ALSA: oxygen: Fix right channel of capture volume mixer fbdev: flush deferred work in fb_deferred_io_fsync() rootfs: Fix support for rootfstype= when root= is given wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: mwifiex: configure BSSID consistently when starting AP x86/kvm: Do not try to disable kvmclock if it was not enabled HID: wacom: Correct behavior when processing some confidence == false touches mips: Fix incorrect max_low_pfn adjustment MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed acpi: property: Let args be NULL in __acpi_node_get_property_reference software node: Let args be NULL in software_node_get_reference_args perf genelf: Set ELF program header addresses properly nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length nvmet-tcp: fix a crash in nvmet_req_complete() perf env: Add perf_env__numa_node() perf record: Move sb_evlist to 'struct record' perf top: Move sb_evlist to 'struct perf_top' perf bpf: Decouple creating the evlist from adding the SB event perf env: Avoid recursively taking env->bpf_progs.lock apparmor: avoid crash when parsed profile name is empty serial: imx: Correct clock error message in function probe() nvmet-tcp: Fix the H2C expected PDU len calculation PCI: keystone: Fix race condition when initializing PHYs s390/pci: fix max size calculation in zpci_memcpy_toio() net: qualcomm: rmnet: fix global oob in rmnet_policy net: phy: micrel: populate .soft_reset for KSZ9131 net: ravb: Fix dma_addr_t truncation in error case net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe netfilter: nf_tables: skip dead set elements in netlink dump ipvs: avoid stat macros calls from preemptible context kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ kdb: Fix a potential buffer overflow in kdb_local() mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure i2c: s3c24xx: fix read transfers in polling mode i2c: s3c24xx: fix transferring more than one message in polling mode perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set arm64: dts: armada-3720-turris-mox: set irq type for RTC Linux 5.4.268 Change-Id: I347fc44c3a9947e2b7cb476d622adca58677f78a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Steven Rostedt (Google)
|
4f7512e779 |
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
[ Upstream commit 712292308af2265cd9b126aedfa987f10f452a33 ] As the ring buffer recording requires cmpxchg() to work, if the architecture does not support cmpxchg in NMI, then do not do any recording within an NMI. Link: https://lore.kernel.org/linux-trace-kernel/20231213175403.6fc18540@gandalf.local.home Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
e405c22ee5 |
tracing: Add size check when printing trace_marker output
[ Upstream commit 60be76eeabb3d83858cc6577fc65c7d0f36ffd42 ] If for some reason the trace_marker write does not have a nul byte for the string, it will overflow the print: trace_seq_printf(s, ": %s", field->buf); The field->buf could be missing the nul byte. To prevent overflow, add the max size that the buf can be by using the event size and the field location. int max = iter->ent_size - offsetof(struct print_entry, buf); trace_seq_printf(s, ": %*.s", max, field->buf); Link: https://lore.kernel.org/linux-trace-kernel/20231212084444.4619b8ce@gandalf.local.home Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
f787481af4 |
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
[ Upstream commit b55b0a0d7c4aa2dac3579aa7e6802d1f57445096 ]
If a large event was added to the ring buffer that is larger than what the
trace_seq can handle, it just drops the output:
~# cat /sys/kernel/tracing/trace
# tracer: nop
#
# entries-in-buffer/entries-written: 2/2 #P:8
#
# _-----=> irqs-off/BH-disabled
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / _-=> migrate-disable
# |||| / delay
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
<...>-859 [001] ..... 141.118951: tracing_mark_write <...>-859 [001] ..... 141.148201: tracing_mark_write: 78901234
Instead, catch this case and add some context:
~# cat /sys/kernel/tracing/trace
# tracer: nop
#
# entries-in-buffer/entries-written: 2/2 #P:8
#
# _-----=> irqs-off/BH-disabled
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / _-=> migrate-disable
# |||| / delay
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
<...>-852 [001] ..... 121.550551: tracing_mark_write[LINE TOO BIG]
<...>-852 [001] ..... 121.550581: tracing_mark_write: 78901234
This now emulates the same output as trace_pipe.
Link: https://lore.kernel.org/linux-trace-kernel/20231209171058.78c1a026@gandalf.local.home
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Steven Rostedt (Google)
|
a0678f5047 |
ring-buffer: Fix wake ups when buffer_percent is set to 100
commit 623b1f896fa8a669a277ee5a258307a16c7377a3 upstream.
The tracefs file "buffer_percent" is to allow user space to set a
water-mark on how much of the tracing ring buffer needs to be filled in
order to wake up a blocked reader.
0 - is to wait until any data is in the buffer
1 - is to wait for 1% of the sub buffers to be filled
50 - would be half of the sub buffers are filled with data
100 - is not to wake the waiter until the ring buffer is completely full
Unfortunately the test for being full was:
dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
return (dirty * 100) > (full * nr_pages);
Where "full" is the value for "buffer_percent".
There is two issues with the above when full == 100.
1. dirty * 100 > 100 * nr_pages will never be true
That is, the above is basically saying that if the user sets
buffer_percent to 100, more pages need to be dirty than exist in the
ring buffer!
2. The page that the writer is on is never considered dirty, as dirty
pages are only those that are full. When the writer goes to a new
sub-buffer, it clears the contents of that sub-buffer.
That is, even if the check was ">=" it would still not be equal as the
most pages that can be considered "dirty" is nr_pages - 1.
To fix this, add one to dirty and use ">=" in the compare.
Link: https://lore.kernel.org/linux-trace-kernel/20231226125902.4a057f1d@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes:
|
||
|
Greg Kroah-Hartman
|
5158e9afed |
This is the 5.4.265 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWC/R4ACgkQONu9yGCS aT6XRw/+OE/DwEAaRGgM/gGLayr/n6zJoL7DUhLxkS+wG3beQXFsdigCHRRhTh58 OCQP6pL6UlbJ8Yge3FtpYqqkR+UyY7c/wsjJI05v7dKUJ742rpFNML9w0Dg9Au8w k4TsVU01nnr9HC7rY8k8zYZ/DZdULvIX8RNhSOi0CMO2gkdMUFrh/IC0q5JIWKmL xFmMieGtsr4kl4sP2oUbYihf1Li4oblouBV+70kPViC6XA0YhOSCT0+PfDxp5CuD sux1srZGY/782zI0O6+ObsYascwgL+wk0oEJRj1vO02tJKKbtEGMJvGO9Mcpto6B 2YBq40PAhyeKFdt4YzOWCSO7WjvWP7h15U68EY+E6ruy9La+P/dTyhAqsBBTVDEs PGFIjxc5pnHn72JQ/U3yJoHFM7yW26VEmEGItsd81VermNgqe2scSPSPHIfM0qFU z2l0PcQkm+SLK2cFDSCBUBaXfx4R2UuWe/QY07K2eN5YCC4mqROajVh4Vqyj1Q8j PLw/yrt8lOJcDEDMtFq7hcXKMzcb/dYfCZcSfxl6YJeaR4X4ViOkDGVhLEkVeOn5 K3kyIvPd268rmoy/9jTuDYu6axMhg2eE2dTQqBg8pFwIOgetUwtYcBhyxDtmGZm1 lNUYmY84BSHZwXuKjNXGgZ5DI0U7nAWis+odR0scHpVKwaC8ta8= =d0Ht -----END PGP SIGNATURE----- Merge 5.4.265 into android11-5.4-lts Changes in 5.4.265 afs: Fix refcount underflow from error handling race net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX qca_debug: Prevent crash on TX ring changes qca_debug: Fix ethtool -G iface tx behavior qca_spi: Fix reset behavior atm: solos-pci: Fix potential deadlock on &cli_queue_lock atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: Fix Use-After-Free in do_vcc_ioctl net/rose: Fix Use-After-Free in rose_ioctl qed: Fix a potential use-after-free in qed_cxt_tables_alloc net: Remove acked SYN flag from packet in the transmit queue correctly sign-file: Fix incorrect return values check vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() net: stmmac: use dev_err_probe() for reporting mdio bus registration failure net: stmmac: Handle disabled MDIO busses from devicetree appletalk: Fix Use-After-Free in atalk_ioctl cred: switch to using atomic_long_t ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Revert "PCI: acpiphp: Reassign resources on bridge if necessary" usb: aqc111: check packet for fixup for true limit blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" bcache: avoid oversize memory allocation by small stripe_size bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid NULL checking to c->root in run_cache_set() platform/x86: intel_telemetry: Fix kernel doc descriptions HID: add ALWAYS_POLL quirk for Apple kb HID: hid-asus: reset the backlight brightness level on resume HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation net: usb: qmi_wwan: claim interface 4 for ZTE MF290 HID: hid-asus: add const to read-only outgoing usb buffer perf: Fix perf_event_validate_size() lockdep splat soundwire: stream: fix NULL pointer dereference for multi_link ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify team: Fix use-after-free when an option instance allocation fails ring-buffer: Fix memory leak of free page mmc: block: Be sure to wait while busy in CQE error recovery powerpc/ftrace: Create a dummy stackframe to fix stack unwind powerpc/ftrace: Fix stack teardown in ftrace_no_trace Linux 5.4.265 Change-Id: I762a9cd127dfce014141a135e818a170c99e3fd1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Steven Rostedt (Google)
|
3b8b2c5d76 |
ring-buffer: Fix memory leak of free page
commit 17d801758157bec93f26faaf5ff1a8b9a552d67a upstream.
Reading the ring buffer does a swap of a sub-buffer within the ring buffer
with a empty sub-buffer. This allows the reader to have full access to the
content of the sub-buffer that was swapped out without having to worry
about contention with the writer.
The readers call ring_buffer_alloc_read_page() to allocate a page that
will be used to swap with the ring buffer. When the code is finished with
the reader page, it calls ring_buffer_free_read_page(). Instead of freeing
the page, it stores it as a spare. Then next call to
ring_buffer_alloc_read_page() will return this spare instead of calling
into the memory management system to allocate a new page.
Unfortunately, on freeing of the ring buffer, this spare page is not
freed, and causes a memory leak.
Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@rorschach.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
af6deae771 |
This is the 5.4.264 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmV5528ACgkQONu9yGCS aT7+DxAAl/t4oGT1Di8mIhCfqsezTj/SQ6HAMaAFpKjGXdgTBX9QavwTHp35qLpv xZtibdl611oEDT2B3//cvJu9Qs8sJGlDWxpJF8fkF/NED2EHLRwUAOmhc4fyBCBq 01GfPRefU9G5E0Nw2g3o07dD0otKQzENh74iAzUr/cyju5TBgS4NC7CljiD6GXP8 DtCcbz2UMmHF5icyasjw7WoCqKaWUn7KLqU3RyQfmDgnh3z0vSXKs17CFoNk1+R6 EAkZJkrUsIDO3N6aRkJGvwtbEFDws4S7onpcthckXt6IF/OQ+h8LcHvyTpblVeWH qVBXmj1QZD+SwfP5qVtM+RwHHTE3GVJI3+MVTInu0vzgEz6lhNPILzWwso+AIhHM +SBZkx4/pO2LbrSgqn+NYWRcBTn4fXNURPd+zLXNJ1ZSnhamWm7kuFK8B36lz0s8 CB5ngLld1wg6m2NVPneqAeEcD54msGd18iNZvnxfx3c28sb27RgLqLJQKdSrtFMH tZj0+3KGkYHzWQmt07iLmg1DPAmZSNzMW7MDJRHlqDCKS2gBKO/LKxWiri2WPh+o IvgrfGzEJsyYXi5+JcGC9+RkoPcGaous4VA2kWFJSjXiXPrJC4jknQm3mtdMiTf3 V9DEOMvot9ELGI9RODaNsk59C2RhOuVimm2XWV9n88UcX38reAQ= =gOna -----END PGP SIGNATURE----- Merge 5.4.264 into android11-5.4-lts Changes in 5.4.264 hrtimers: Push pending hrtimers away from outgoing CPU earlier netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test tg3: Move the [rt]x_dropped counters to tg3_napi tg3: Increment tx_dropped in tg3_tso_bug() kconfig: fix memory leak from range properties drm/amdgpu: correct chunk_ptr to a pointer to chunk. of: base: Add of_get_cpu_state_node() to get idle states for a CPU node ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic ACPI/IORT: Make iort_msi_map_rid() PCI agnostic of/iommu: Make of_map_rid() PCI agnostic of/irq: make of_msi_map_get_device_domain() bus agnostic of/irq: Make of_msi_map_rid() PCI bus agnostic of: base: Fix some formatting issues and provide missing descriptions of: Fix kerneldoc output formatting of: Add missing 'Return' section in kerneldoc comments of: dynamic: Fix of_reconfig_get_state_change() return value documentation ipv6: fix potential NULL deref in fib6_add() hv_netvsc: rndis_filter needs to select NLS net: arcnet: Fix RESET flag handling net: arcnet: com20020 fix error handling arcnet: restoring support for multiple Sohard Arcnet cards ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() net: hns: fix fake link up on xge port netfilter: xt_owner: Fix for unsafe access of sk->sk_socket tcp: do not accept ACK of bytes we never sent bpf: sockmap, updating the sg structure should also update curr RDMA/bnxt_re: Correct module description string hwmon: (acpi_power_meter) Fix 4.29 MW bug ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate tracing: Fix a warning when allocating buffered events fails scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init ARM: dts: imx: make gpt node name generic ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ALSA: pcm: fix out-of-bounds in snd_pcm_state_names nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() tracing: Always update snapshot buffer size tracing: Fix incomplete locking when disabling buffered events tracing: Fix a possible race when disabling buffered events packet: Move reference count in packet_sock to atomic_long_t arm64: dts: mediatek: mt7622: fix memory node warning check arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names perf/core: Add a new read format to get a number of lost samples perf: Fix perf_event_validate_size() gpiolib: sysfs: Fix error handling on failed export mmc: core: add helpers mmc_regulator_enable/disable_vqmmc mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled usb: gadget: f_hid: fix report descriptor allocation parport: Add support for Brainboxes IX/UC/PX parallel cards usb: typec: class: fix typec_altmode_put_partner to put plugs ARM: PL011: Fix DMA support serial: sc16is7xx: address RX timeout interrupt errata serial: 8250_omap: Add earlycon support for the AM654 UART controller x86/CPU/AMD: Check vendor in the AMD microcode callback KVM: s390/mm: Properly reset no-dat nilfs2: fix missing error check for sb_set_blocksize call io_uring/af_unix: disable sending io_uring over sockets netlink: don't call ->netlink_bind with table lock held genetlink: add CAP_NET_ADMIN test for multicast bind psample: Require 'CAP_NET_ADMIN' when joining "packets" group drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group tools headers UAPI: Sync linux/perf_event.h with the kernel sources Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" cifs: Fix non-availability of dedup breaking generic/304 smb: client: fix potential NULL deref in parse_dfs_referrals() devcoredump : Serialize devcd_del work devcoredump: Send uevent once devcd is ready Linux 5.4.264 Change-Id: I32d19db2a0ff0cf6d061fa9c8ca527d0b61dd158 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Petr Pavlu
|
965cbc6b62 |
tracing: Fix a possible race when disabling buffered events
commit c0591b1cccf708a47bc465c62436d669a4213323 upstream.
Function trace_buffered_event_disable() is responsible for freeing pages
backing buffered events and this process can run concurrently with
trace_event_buffer_lock_reserve().
The following race is currently possible:
* Function trace_buffered_event_disable() is called on CPU 0. It
increments trace_buffered_event_cnt on each CPU and waits via
synchronize_rcu() for each user of trace_buffered_event to complete.
* After synchronize_rcu() is finished, function
trace_buffered_event_disable() has the exclusive access to
trace_buffered_event. All counters trace_buffered_event_cnt are at 1
and all pointers trace_buffered_event are still valid.
* At this point, on a different CPU 1, the execution reaches
trace_event_buffer_lock_reserve(). The function calls
preempt_disable_notrace() and only now enters an RCU read-side
critical section. The function proceeds and reads a still valid
pointer from trace_buffered_event[CPU1] into the local variable
"entry". However, it doesn't yet read trace_buffered_event_cnt[CPU1]
which happens later.
* Function trace_buffered_event_disable() continues. It frees
trace_buffered_event[CPU1] and decrements
trace_buffered_event_cnt[CPU1] back to 0.
* Function trace_event_buffer_lock_reserve() continues. It reads and
increments trace_buffered_event_cnt[CPU1] from 0 to 1. This makes it
believe that it can use the "entry" that it already obtained but the
pointer is now invalid and any access results in a use-after-free.
Fix the problem by making a second synchronize_rcu() call after all
trace_buffered_event values are set to NULL. This waits on all potential
users in trace_event_buffer_lock_reserve() that still read a previous
pointer from trace_buffered_event.
Link: https://lore.kernel.org/all/20231127151248.7232-2-petr.pavlu@suse.com/
Link: https://lkml.kernel.org/r/20231205161736.19663-4-petr.pavlu@suse.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Petr Pavlu
|
6f2e50961f |
tracing: Fix incomplete locking when disabling buffered events
commit 7fed14f7ac9cf5e38c693836fe4a874720141845 upstream. The following warning appears when using buffered events: [ 203.556451] WARNING: CPU: 53 PID: 10220 at kernel/trace/ring_buffer.c:3912 ring_buffer_discard_commit+0x2eb/0x420 [...] [ 203.670690] CPU: 53 PID: 10220 Comm: stress-ng-sysin Tainted: G E 6.7.0-rc2-default #4 56e6d0fcf5581e6e51eaaecbdaec2a2338c80f3a [ 203.670704] Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 [ 203.670709] RIP: 0010:ring_buffer_discard_commit+0x2eb/0x420 [ 203.735721] Code: 4c 8b 4a 50 48 8b 42 48 49 39 c1 0f 84 b3 00 00 00 49 83 e8 01 75 b1 48 8b 42 10 f0 ff 40 08 0f 0b e9 fc fe ff ff f0 ff 47 08 <0f> 0b e9 77 fd ff ff 48 8b 42 10 f0 ff 40 08 0f 0b e9 f5 fe ff ff [ 203.735734] RSP: 0018:ffffb4ae4f7b7d80 EFLAGS: 00010202 [ 203.735745] RAX: 0000000000000000 RBX: ffffb4ae4f7b7de0 RCX: ffff8ac10662c000 [ 203.735754] RDX: ffff8ac0c750be00 RSI: ffff8ac10662c000 RDI: ffff8ac0c004d400 [ 203.781832] RBP: ffff8ac0c039cea0 R08: 0000000000000000 R09: 0000000000000000 [ 203.781839] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 203.781842] R13: ffff8ac10662c000 R14: ffff8ac0c004d400 R15: ffff8ac10662c008 [ 203.781846] FS: 00007f4cd8a67740(0000) GS:ffff8ad798880000(0000) knlGS:0000000000000000 [ 203.781851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 203.781855] CR2: 0000559766a74028 CR3: 00000001804c4000 CR4: 00000000001506f0 [ 203.781862] Call Trace: [ 203.781870] <TASK> [ 203.851949] trace_event_buffer_commit+0x1ea/0x250 [ 203.851967] trace_event_raw_event_sys_enter+0x83/0xe0 [ 203.851983] syscall_trace_enter.isra.0+0x182/0x1a0 [ 203.851990] do_syscall_64+0x3a/0xe0 [ 203.852075] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 203.852090] RIP: 0033:0x7f4cd870fa77 [ 203.982920] Code: 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 b8 89 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 43 0e 00 f7 d8 64 89 01 48 [ 203.982932] RSP: 002b:00007fff99717dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000089 [ 203.982942] RAX: ffffffffffffffda RBX: 0000558ea1d7b6f0 RCX: 00007f4cd870fa77 [ 203.982948] RDX: 0000000000000000 RSI: 00007fff99717de0 RDI: 0000558ea1d7b6f0 [ 203.982957] RBP: 00007fff99717de0 R08: 00007fff997180e0 R09: 00007fff997180e0 [ 203.982962] R10: 00007fff997180e0 R11: 0000000000000246 R12: 00007fff99717f40 [ 204.049239] R13: 00007fff99718590 R14: 0000558e9f2127a8 R15: 00007fff997180b0 [ 204.049256] </TASK> For instance, it can be triggered by running these two commands in parallel: $ while true; do echo hist:key=id.syscall:val=hitcount > \ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger; done $ stress-ng --sysinfo $(nproc) The warning indicates that the current ring_buffer_per_cpu is not in the committing state. It happens because the active ring_buffer_event doesn't actually come from the ring_buffer_per_cpu but is allocated from trace_buffered_event. The bug is in function trace_buffered_event_disable() where the following normally happens: * The code invokes disable_trace_buffered_event() via smp_call_function_many() and follows it by synchronize_rcu(). This increments the per-CPU variable trace_buffered_event_cnt on each target CPU and grants trace_buffered_event_disable() the exclusive access to the per-CPU variable trace_buffered_event. * Maintenance is performed on trace_buffered_event, all per-CPU event buffers get freed. * The code invokes enable_trace_buffered_event() via smp_call_function_many(). This decrements trace_buffered_event_cnt and releases the access to trace_buffered_event. A problem is that smp_call_function_many() runs a given function on all target CPUs except on the current one. The following can then occur: * Task X executing trace_buffered_event_disable() runs on CPU 0. * The control reaches synchronize_rcu() and the task gets rescheduled on another CPU 1. * The RCU synchronization finishes. At this point, trace_buffered_event_disable() has the exclusive access to all trace_buffered_event variables except trace_buffered_event[CPU0] because trace_buffered_event_cnt[CPU0] is never incremented and if the buffer is currently unused, remains set to 0. * A different task Y is scheduled on CPU 0 and hits a trace event. The code in trace_event_buffer_lock_reserve() sees that trace_buffered_event_cnt[CPU0] is set to 0 and decides the use the buffer provided by trace_buffered_event[CPU0]. * Task X continues its execution in trace_buffered_event_disable(). The code incorrectly frees the event buffer pointed by trace_buffered_event[CPU0] and resets the variable to NULL. * Task Y writes event data to the now freed buffer and later detects the created inconsistency. The issue is observable since commit dea499781a11 ("tracing: Fix warning in trace_buffered_event_disable()") which moved the call of trace_buffered_event_disable() in __ftrace_event_enable_disable() earlier, prior to invoking call->class->reg(.. TRACE_REG_UNREGISTER ..). The underlying problem in trace_buffered_event_disable() is however present since the original implementation in commit |
||
|
Steven Rostedt (Google)
|
84302391d1 |
tracing: Always update snapshot buffer size
commit 7be76461f302ec05cbd62b90b2a05c64299ca01f upstream.
It use to be that only the top level instance had a snapshot buffer (for
latency tracers like wakeup and irqsoff). The update of the ring buffer
size would check if the instance was the top level and if so, it would
also update the snapshot buffer as it needs to be the same as the main
buffer.
Now that lower level instances also has a snapshot buffer, they too need
to update their snapshot buffer sizes when the main buffer is changed,
otherwise the following can be triggered:
# cd /sys/kernel/tracing
# echo 1500 > buffer_size_kb
# mkdir instances/foo
# echo irqsoff > instances/foo/current_tracer
# echo 1000 > instances/foo/buffer_size_kb
Produces:
WARNING: CPU: 2 PID: 856 at kernel/trace/trace.c:1938 update_max_tr_single.part.0+0x27d/0x320
Which is:
ret = ring_buffer_swap_cpu(tr->max_buffer.buffer, tr->array_buffer.buffer, cpu);
if (ret == -EBUSY) {
[..]
}
WARN_ON_ONCE(ret && ret != -EAGAIN && ret != -EBUSY); <== here
That's because ring_buffer_swap_cpu() has:
int ret = -EINVAL;
[..]
/* At least make sure the two buffers are somewhat the same */
if (cpu_buffer_a->nr_pages != cpu_buffer_b->nr_pages)
goto out;
[..]
out:
return ret;
}
Instead, update all instances' snapshot buffer sizes when their main
buffer size is updated.
Link: https://lkml.kernel.org/r/20231205220010.454662151@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Petr Pavlu
|
8244ea916b |
tracing: Fix a warning when allocating buffered events fails
[ Upstream commit 34209fe83ef8404353f91ab4ea4035dbc9922d04 ]
Function trace_buffered_event_disable() produces an unexpected warning
when the previous call to trace_buffered_event_enable() fails to
allocate pages for buffered events.
The situation can occur as follows:
* The counter trace_buffered_event_ref is at 0.
* The soft mode gets enabled for some event and
trace_buffered_event_enable() is called. The function increments
trace_buffered_event_ref to 1 and starts allocating event pages.
* The allocation fails for some page and trace_buffered_event_disable()
is called for cleanup.
* Function trace_buffered_event_disable() decrements
trace_buffered_event_ref back to 0, recognizes that it was the last
use of buffered events and frees all allocated pages.
* The control goes back to trace_buffered_event_enable() which returns.
The caller of trace_buffered_event_enable() has no information that
the function actually failed.
* Some time later, the soft mode is disabled for the same event.
Function trace_buffered_event_disable() is called. It warns on
"WARN_ON_ONCE(!trace_buffered_event_ref)" and returns.
Buffered events are just an optimization and can handle failures. Make
trace_buffered_event_enable() exit on the first failure and left any
cleanup later to when trace_buffered_event_disable() is called.
Link: https://lore.kernel.org/all/20231127151248.7232-2-petr.pavlu@suse.com/
Link: https://lkml.kernel.org/r/20231205161736.19663-3-petr.pavlu@suse.com
Fixes:
|
||
Michael Bestas
|
ffe9ce5b43
|
Merge tag 'ASB-2023-12-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-12-01 * tag 'ASB-2023-12-05_11-5.4' of https://android.googlesource.com/kernel/common: ANDROID: ABI: Update allowed list for QCOM BACKPORT: ALSA: compress: Allow pause and resume during draining UPSTREAM: netfilter: nf_tables: pass context to nft_set_destroy() UPSTREAM: netfilter: nf_tables: don't skip expired elements during walk ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override ANDROID: Use GKI Dr. No OWNERS file ANDROID: Remove android/OWNERs file FROMGIT: Input: uinput - allow injecting event times ANDROID: fix up rpmsg_device ABI break ANDROID: fix up platform_device ABI break UPSTREAM: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() UPSTREAM: rpmsg: glink: Release driver_override BACKPORT: rpmsg: Fix calling device_lock() on non-initialized device BACKPORT: rpmsg: Fix kfree() of static memory on setting driver_override UPSTREAM: rpmsg: Constify local variable in field store macro UPSTREAM: driver: platform: Add helper for safer setting of driver_override BACKPORT: firmware_loader: Abort all upcoming firmware load request once reboot triggered UPSTREAM: firmware_loader: Refactor kill_pending_fw_fallback_reqs() Revert "perf: Disallow mis-matched inherited group reads" Revert "xfrm: fix a data-race in xfrm_gen_index()" Revert "Bluetooth: hci_core: Fix build warnings" Revert "xfrm: interface: use DEV_STATS_INC()" Revert "netfilter: conntrack: allow sctp hearbeat after connection re-use" Revert "netfilter: conntrack: don't refresh sctp entries in closed state" Revert "netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp" Reapply "netfilter: conntrack: don't refresh sctp entries in closed state" Reapply "netfilter: conntrack: allow sctp hearbeat after connection re-use" Linux 5.4.259 xfrm6: fix inet6_dev refcount underflow problem Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Bluetooth: hci_sock: fix slab oob read in create_monitor_event phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins phy: mapphone-mdm6600: Fix runtime PM for remove phy: mapphone-mdm6600: Fix runtime disable on probe ASoC: pxa: fix a memory leak in probe() gpio: vf610: set value before the direction to avoid a glitch s390/pci: fix iommu bitmap allocation perf: Disallow mis-matched inherited group reads USB: serial: option: add Fibocom to DELL custom modem FM101R-GL USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Telit LE910C4-WWX 0x1035 composition ACPI: irq: Fix incorrect return value in acpi_register_gsi() Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" mmc: core: Capture correct oemid-bits for eMMC cards mmc: core: sdio: hold retuning if sdio in 1-bit mode mtd: physmap-core: Restore map_rom fallback mtd: spinand: micron: correct bitmask for ecc status mtd: rawnand: qcom: Unmap the right resource upon probe failure Bluetooth: hci_event: Fix using memcmp when comparing keys HID: multitouch: Add required quirk for Synaptics 0xcd7e device btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c drm: panel-orientation-quirks: Add quirk for One Mix 2S sky2: Make sure there is at least one frag_addr available regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" wifi: cfg80211: avoid leaking stack data into trace wifi: mac80211: allow transmitting EAPOL frames with tainted key Bluetooth: hci_core: Fix build warnings Bluetooth: Avoid redundant authentication HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event tracing: relax trace_event_eval_update() execution with cond_resched() ata: libata-eh: Fix compilation warning in ata_eh_link_report() gpio: timberdale: Fix potential deadlock on &tgpio->lock overlayfs: set ctime when setting mtime and atime i2c: mux: Avoid potential false error message in i2c_mux_add_adapter btrfs: initialize start_slot in btrfs_log_prealloc_extents btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA ACPI: resource: Add ASUS model S5402ZA to quirks ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA ACPI: resources: Add DMI-based legacy IRQ override quirk ACPI: Drop acpi_dev_irqresource_disabled() resource: Add irqresource_disabled() net: pktgen: Fix interface flags printing netfilter: nft_set_rbtree: .deactivate fails if element has expired neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve i40e: prevent crash on probe if hw registers have invalid values net: usb: smsc95xx: Fix an error code in smsc95xx_reset() ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr tun: prevent negative ifindex tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb tcp: fix excessive TLP and RACK timeouts from HZ rounding net: rfkill: gpio: prevent value glitch during probe net: ipv6: fix return value check in esp_remove_trailer net: ipv4: fix return value check in esp_remove_trailer xfrm: interface: use DEV_STATS_INC() xfrm: fix a data-race in xfrm_gen_index() qed: fix LL2 RX buffer allocation netfilter: nft_payload: fix wrong mac header matching KVM: x86: Mask LVTPC when handling a PMI regmap: fix NULL deref on lookup nfc: nci: fix possible NULL pointer dereference in send_acknowledge() ice: fix over-shifted variable Bluetooth: avoid memcmp() out of bounds warning Bluetooth: hci_event: Fix coding style Bluetooth: vhci: Fix race when opening vhci device Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: hci_event: Ignore NULL link key usb: hub: Guard against accesses to uninitialized BOS descriptors Documentation: sysctl: align cells in second content column dev_forward_skb: do not scrub skb mark within the same name space ravb: Fix use-after-free issue in ravb_tx_timeout_work() powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE dmaengine: mediatek: Fix deadlock caused by synchronize_irq() x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call usb: gadget: udc-xilinx: replace memcpy with memcpy_toio pinctrl: avoid unsafe code pattern in find_pinctrl() cgroup: Remove duplicates in cgroup v1 tasks file Input: xpad - add PXN V900 support Input: psmouse - fix fast_reconnect function for PS/2 mode Input: powermate - fix use-after-free in powermate_config_complete ceph: fix incorrect revoked caps assert in ceph_fill_file_size() libceph: use kernel_connect() mcb: remove is_added flag from mcb_device struct iio: pressure: ms5611: ms5611_prom_is_valid false negative bug iio: pressure: dps310: Adjust Timeout Settings iio: pressure: bmp280: Fix NULL pointer exception usb: musb: Modify the "HWVers" register address usb: musb: Get the musb_qh poniter after musb_giveback usb: dwc3: Soft reset phy on probe for host net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer dmaengine: stm32-mdma: abort resume if no ongoing transfer workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() nfc: nci: assert requested protocol is valid net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() ixgbe: fix crash with empty VF macvlan list drm/vmwgfx: fix typo of sizeof argument xen-netback: use default TX queue size for vifs mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type ieee802154: ca8210: Fix a potential UAF in ca8210_probe ravb: Fix up dma_free_coherent() call in ravb_remove() drm/msm/dsi: skip the wait for video mode done if not applicable drm: etvnaviv: fix bad backport leading to warning net: prevent address rewrite in kernel_bind() quota: Fix slow quotaoff HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect pwm: hibvt: Explicitly set .polarity in .get_state() lib/test_meminit: fix off-by-one error in test_pages() RDMA/cxgb4: Check skb value for failure to allocate Reapply "ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark"" Revert "ring-buffer: Update "shortest_full" in polling" Revert "ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark"" Revert "net: bridge: use DEV_STATS_INC()" FROMLIST: lib/test_meminit: fix off-by-one error in test_pages() Linux 5.4.258 xen/events: replace evtchn_rwlock with RCU ima: rework CONFIG_IMA dependency block NFS: Fix a race in __nfs_list_for_each_server() parisc: Restore __ldcw_align for PA-RISC 2.0 processors RDMA/mlx5: Fix NULL string error RDMA/siw: Fix connection failure handling RDMA/uverbs: Fix typo of sizeof argument RDMA/cma: Fix truncation compilation warning in make_cma_ports gpio: pxa: disable pinctrl calls for MMP_GPIO gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() IB/mlx4: Fix the size of a buffer in add_port_entries() RDMA/core: Require admin capabilities to set system parameters cpupower: add Makefile dependencies for install targets sctp: update hb timer immediately after users change hb_interval sctp: update transport state when processing a dupcook packet tcp: fix delayed ACKs for MSS boundary condition tcp: fix quick-ack counting to count actual ACKs of new data net: stmmac: dwmac-stm32: fix resume on STM32 MCU netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp net: nfc: llcp: Add lock when modifying device list net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() net: fix possible store tearing in neigh_periodic_work() modpost: add missing else to the "of" check NFSv4: Fix a nfs4_state_manager() race NFS: Add a helper nfs_client_for_each_server() NFS4: Trace state recovery operation wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling wifi: mwifiex: Fix tlv_buf_left calculation scsi: target: core: Fix deadlock due to recursive locking drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet regmap: rbtree: Fix wrong register marked as in-cache when creating new node wifi: iwlwifi: dbg_ini: fix structure packing ubi: Refuse attaching if mtd's erasesize is 0 net: prevent rewrite of msg_name in sock_sendmsg() net: replace calls to sock->ops->connect() with kernel_connect() fs: binfmt_elf_efpic: fix personality for ELF-FDPIC scsi: zfcp: Fix a double put in zfcp_port_enqueue() ata: libata-sata: increase PMP SRST timeout to 10s Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" ata: libata-core: Do not register PM operations for SAS ports rbd: take header_rwsem in rbd_dev_refresh() only when updating ata: libata-core: Fix port and device removal rbd: decouple parent info read-in from updating rbd_dev ata: libata-core: Fix ata_port_request_pm() locking rbd: decouple header read-in from updating rbd_dev->header rbd: move rbd_dev_refresh() definition ring-buffer: Update "shortest_full" in polling i2c: i801: unregister tco_pdev in i801_probe() error path net: thunderbolt: Fix TCPv6 GSO checksum calculation ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES btrfs: properly report 0 avail for very full file systems ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() serial: 8250_port: Check IRQ data before use Smack:- Use overlay inode label in smack_inode_copy_up() smack: Retrieve transmuting information in smack_inode_getsecurity() smack: Record transmuting in smk_transmuted i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc i40e: always propagate error value in i40e_set_vsi_promisc() ring-buffer: Avoid softlockup in ring_buffer_resize() selftests/ftrace: Correctly enable event in instance-event.tc i40e: improve locking of mac_filter_hash watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running watchdog: iTCO_wdt: No need to stop the timer in probe nvme-pci: do not set the NUMA node of device if it has none fbdev/sh7760fb: Depend on FB=y ncsi: Propagate carrier gain/loss events to the NCSI controller powerpc/watchpoints: Annotate atomic context in more places bpf: Clarify error expectations from bpf_clone_redirect spi: nxp-fspi: reset the FLSHxCR1 registers ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() parisc: irq: Make irq_stack_union static to avoid sparse warning parisc: drivers: Fix sparse warning parisc: iosapic.c: Fix sparse warnings parisc: sba: Fix compile warning wrt list of SBA devices gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip xtensa: boot/lib: fix function prototypes xtensa: boot: don't add include-dirs xtensa: iss/network: make functions static xtensa: add default definition for XCHAL_HAVE_DIV32 bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot clk: tegra: fix error return case for recalc_rate scsi: qla2xxx: Fix deletion race condition MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled scsi: qla2xxx: Fix update_fcport for current_topology ata: libata: disallow dev-initiated LPM transitions to unsupported states Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN drm/amd/display: prevent potential division by zero errors i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() drm/amd/display: Fix LFC multiplier changing erratically gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() drm/amd/display: Reinstate LFC optimization netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP net: rds: Fix possible NULL-pointer dereference team: fix null-ptr-deref when team device type is changed net: bridge: use DEV_STATS_INC() net: hns3: add 5ms delay before clear firmware reset irq source dccp: fix dccp_v4_err()/dccp_v6_err() again powerpc/perf/hv-24x7: Update domain value check ipv4: fix null-deref in ipv4_link_failure i40e: Fix VF VLAN offloading when port VLAN is configured i40e: Fix warning message and call stack during rmmod i40e driver i40e: Remove scheduling while atomic possibility i40e: Fix for persistent lldp support ASoC: imx-audmix: Fix return error with devm_clk_get() selftests: tls: swap the TX and RX sockets in some tests ASoC: meson: spdifin: start hw on dai probe selftests/tls: Add {} to avoid static checker warning ext4: do not let fstrim block system suspend bpf: Avoid deadlock when using queue and stack maps from NMI ext4: move setting of trimmed bit into ext4_try_to_trim_range() netfilter: nf_tables: disallow element removal on anonymous sets ext4: replace the traditional ternary conditional operator with with max()/min() ext4: mark group as trimmed only if it was fully scanned ext4: change s_last_trim_minblks type to unsigned long ext4: scope ret locally in ext4_try_to_trim_range() ext4: add new helper interface ext4_try_to_trim_range() ext4: remove the 'group' parameter of ext4_trim_extent ata: libahci: clear pending interrupt status tracing: Increase trace array ref count on enable and filter files SUNRPC: Mark the cred for revalidation if the server rejects it NFS/pNFS: Report EINVAL errors from connect() to the server Revert "drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01" Revert "usb: typec: bus: verify partner exists in typec_altmode_attention" Revert "fs/nls: make load_nls() take a const parameter" Revert "ip_tunnels: use DEV_STATS_INC()" Linux 5.4.257 net/sched: Retire rsvp classifier drm/amdgpu: fix amdgpu_cs_p1_user_fence mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller ext4: fix rec_len verify error scsi: megaraid_sas: Fix deadlock on firmware crashdump i2c: aspeed: Reset the i2c controller when timeout occurs tracefs: Add missing lockdown check to tracefs_create_dir() nfsd: fix change_info in NFSv4 RENAME replies tracing: Have option files inc the trace array ref count tracing: Have current_trace inc the trace array ref count btrfs: fix lockdep splat and potential deadlock after failure running delayed items attr: block mode changes of symlinks md/raid1: fix error: ISO C90 forbids mixed declarations selftests: tracing: Fix to unmount tracefs for recovering environment btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super btrfs: add a helper to read the superblock metadata_uuid btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h perf tools: Add an option to build without libbfd perf jevents: Make build dependency on test JSONs tools features: Add feature test to check if libbfd has buildid support kobject: Add sanity check for kset->kobj.ktype in kset_register() media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning serial: cpm_uart: Avoid suspicious locking scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc media: pci: cx23885: replace BUG with error return media: tuners: qt1010: replace BUG_ON with a regular error media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() media: anysee: fix null-ptr-deref in anysee_master_xfer media: af9005: Fix null-ptr-deref in af9005_i2c_xfer media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer powerpc/pseries: fix possible memory leak in ibmebus_bus_init() jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() ext2: fix datatype of block number in ext2_xattr_set2() md: raid1: fix potential OOB in raid1_remove_disk() bus: ti-sysc: Configure uart quirks for k3 SoC drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() wifi: mac80211_hwsim: drop short frames alx: fix OOB-read compiler warning mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 tpm_tis: Resend command to recover from data transfer errors crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() wifi: mwifiex: fix fortify warning wifi: ath9k: fix printk specifier devlink: remove reload failed checks in params get/set callbacks hw_breakpoint: fix single-stepping when using bpf_overflow_handler perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 kernel/fork: beware of __put_task_struct() calling context ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock btrfs: output extra debug info if we failed to find an inline backref autofs: fix memory leak of waitqueues in autofs_catatonic_mode parisc: Drop loops_per_jiffy from per_cpu struct drm/amd/display: Fix a bug when searching for insert_above_mpcc kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). ixgbe: fix timestamp configuration code net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() platform/mellanox: mlxbf-tmfifo: Drop jumbo frames mlxbf-tmfifo: sparse tags for config access platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors kcm: Fix memory leak in error path of kcm_sendmsg() r8152: check budget for r8152_poll() net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() net: ipv4: fix one memleak in __inet_del_ifa() clk: imx8mm: Move 1443X/1416X PLL clock structure to common place ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 usb: typec: bus: verify partner exists in typec_altmode_attention usb: typec: tcpm: Refactor tcpm_handle_vdm_request usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling perf tools: Handle old data in PERF_RECORD_ATTR perf hists browser: Fix hierarchy mode header mtd: rawnand: brcmnand: Fix potential false time out warning mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write mtd: rawnand: brcmnand: Fix crash during the panic_write btrfs: use the correct superblock to compare fsid in btrfs_validate_super btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART fuse: nlookup missing decrement in fuse_direntplus_link ata: pata_ftide010: Add missing MODULE_DESCRIPTION ata: sata_gemini: Add missing MODULE_DESCRIPTION sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() net: hns3: fix the port information display when sfp is absent netfilter: nfnetlink_osf: avoid OOB read ip_tunnels: use DEV_STATS_INC() idr: fix param name in idr_alloc_cyclic() doc s390/zcrypt: don't leak memory if dev_set_name() fails igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 kcm: Destroy mutex in kcm_exit_net() net: sched: sch_qfq: Fix UAF in qfq_dequeue() af_unix: Fix data race around sk->sk_err. af_unix: Fix data-races around sk->sk_shutdown. af_unix: Fix data-race around unix_tot_inflight. af_unix: Fix data-races around user->unix_inflight. net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr veth: Fixing transmit return status for dropped packets igb: disable virtualization features on 82580 net: read sk->sk_family once in sk_mc_loop() ipv4: annotate data-races around fi->fib_dead sctp: annotate data-races around sk->sk_wmem_queued pwm: lpc32xx: Remove handling of PWM channels watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load perf top: Don't pass an ERR_PTR() directly to perf_session__delete() x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() perf annotate bpf: Don't enclose non-debug code with an assert() kconfig: fix possible buffer overflow NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info soc: qcom: qmi_encdec: Restrict string length in decode clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock parisc: led: Reduce CPU overhead for disk & lan LED computation parisc: led: Fix LAN receive and transmit LEDs lib/test_meminit: allocate pages up to order MAX_ORDER drm/ast: Fix DRAM init on AST2200 fbdev/ep93xx-fb: Do not assign to struct fb_info.dev scsi: qla2xxx: Remove unsupported ql2xenabledif option scsi: qla2xxx: Turn off noisy message log scsi: qla2xxx: Fix erroneous link up failure scsi: qla2xxx: fix inconsistent TMF timeout net/ipv6: SKB symmetric hash should incorporate transport ports drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create udf: initialize newblock to 0 usb: typec: tcpci: clear the fault status bit serial: sc16is7xx: fix broken port 0 uart init sc16is7xx: Set iobase to device index cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug crypto: stm32 - fix loop iterating through scatterlist for DMA s390/ipl: add missing secure/has_secure file to ipl type 'unknown' pstore/ram: Check start of empty przs during init fsverity: skip PKCS#7 parser when keyring is empty net: handle ARPHRD_PPP in dev_is_mac_header_xmit() X.509: if signature is unsupported skip validation dccp: Fix out of bounds access in DCCP error handler dlm: fix plock lookup when using multiple lockspaces parisc: Fix /proc/cpuinfo output for lscpu procfs: block chmod on /proc/thread-self/comm Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" ntb: Fix calculation ntb_transport_tx_free_entry() ntb: Clean up tx tail index on link down ntb: Drop packets when qp link is down media: dvb: symbol fixup for dvb_attach() xtensa: PMU: fix base address for the newer hardware backlight/lv5207lp: Compare against struct fb_info.device backlight/bd6107: Compare against struct fb_info.device backlight/gpio_backlight: Compare against struct fb_info.device ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() ipmi_si: fix a memleak in try_smi_init() ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl PM / devfreq: Fix leak in devfreq_dev_release() igb: set max size RX buffer when store bad packet is enabled skbuff: skb_segment, Call zero copy functions before using skbuff frags netfilter: xt_sctp: validate the flag_info count netfilter: xt_u32: validate user space input netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU virtio_ring: fix avail_wrap_counter in virtqueue_add_packed cpufreq: Fix the race condition while updating the transition_task of policy dmaengine: ste_dma40: Add missing IRQ check in d40_probe um: Fix hostaudio build errors mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() rpmsg: glink: Add check for kstrdup phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 tracing: Fix race issue between cpu buffer write and swap x86/speculation: Mark all Skylake CPUs as vulnerable to GDS HID: multitouch: Correct devm device reference for hidinput input_dev name HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() RDMA/siw: Correct wrong debug message RDMA/siw: Balance the reference of cep->kref in the error path Revert "IB/isert: Fix incorrect release of isert connection" amba: bus: fix refcount leak serial: tegra: handle clk prepare error in tegra_uart_hw_init() scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock scsi: core: Use 32-bit hostnum in scsi_host_lookup() media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors media: ov2680: Fix vflip / hflip set functions media: ov2680: Fix ov2680_bayer_order() media: ov2680: Remove auto-gain and auto-exposure controls media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() media: i2c: ov5640: Configure HVP lines in s_power callback USB: gadget: f_mass_storage: Fix unused variable warning media: go7007: Remove redundant if statement iommu/vt-d: Fix to flush cache of PASID directory table IB/uverbs: Fix an potential error pointer dereference driver core: test_async: fix an error code dma-buf/sync_file: Fix docs syntax coresight: tmc: Explicit type conversions to prevent integer overflow scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly x86/APM: drop the duplicate APM_MINOR_DEV macro serial: sprd: Fix DMA buffer leak issue serial: sprd: Assign sprd_port after initialized to avoid wrong access serial: sprd: remove redundant sprd_port cleanup serial: sprd: getting port index via serial aliases only scsi: qla4xxx: Add length check when parsing nlattrs scsi: be2iscsi: Add length check when parsing nlattrs scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() media: mediatek: vcodec: Return NULL if no vdec_fb is found media: cx24120: Add retval check for cx24120_message_send() media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() media: dib7000p: Fix potential division by zero drivers: usb: smsusb: fix error handling code in smsusb_init_device media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() media: v4l2-fwnode: simplify v4l2_fwnode_parse_link media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN NFSD: da_addr_body field missing in some GETDEVICEINFO replies fs: lockd: avoid possible wrong NULL parameter jfs: validate max amount of blocks before allocation. powerpc/iommu: Fix notifiers being shared by PCI and VIO buses nfs/blocklayout: Use the passed in gfp flags wifi: ath10k: Use RMW accessors for changing LNKCTL drm/radeon: Use RMW accessors for changing LNKCTL drm/radeon: Prefer pcie_capability_read_word() drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/radeon: Correct Transmit Margin masks drm/amdgpu: Use RMW accessors for changing LNKCTL drm/amdgpu: Prefer pcie_capability_read_word() drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/amdgpu: Correct Transmit Margin masks PCI: Add #defines for Enter Compliance, Transmit Margin powerpc/fadump: reset dump area size if fadump memory reserve fails clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op PCI/ASPM: Use RMW accessors for changing LNKCTL PCI: pciehp: Use RMW accessors for changing LNKCTL PCI: Mark NVIDIA T4 GPUs to avoid bus reset clk: sunxi-ng: Modify mismatched function name drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() ipmi:ssif: Fix a memory leak when scanning for an adapter ipmi:ssif: Add check for kstrdup ALSA: ac97: Fix possible error value of *rac97 of: unittest: Fix overlay type in apply/revert check drm/mediatek: Fix potential memory leak if vmap() fail audit: fix possible soft lockup in __audit_inode_child() smackfs: Prevent underflow in smk_set_cipso() drm/msm/mdp5: Don't leak some plane state ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 drm/armada: Fix off-by-one error in armada_overlay_get_property() of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() drm/tegra: dpaux: Fix incorrect return value of platform_get_irq drm/tegra: Remove superfluous error messages around platform_get_irq() md/md-bitmap: hold 'reconfig_mutex' in backlog_store() md/bitmap: don't set max_write_behind if there is no write mostly device drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC ARM: dts: BCM53573: Fix Ethernet info for Luxul devices drm: adv7511: Fix low refresh rate register for ADV7533/5 ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 ARM: dts: s5pv210: correct ethernet unit address in SMDKV210 ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210 ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) ARM: dts: s3c64xx: align pinctrl with dtschema ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410 ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 drm/etnaviv: fix dumping of active MMU context ARM: dts: BCM53573: Use updated "spi-gpio" binding properties ARM: dts: BCM53573: Add cells sizes to PCIe node ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() quota: fix dqput() to follow the guarantees dquot_srcu should provide quota: add new helper dquot_active() quota: rename dquot_active() to inode_quota_active() quota: factor out dquot_write_dquot() quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list drm/bridge: tc358764: Fix debug print parameter order netrom: Deny concurrent connect(). net/sched: sch_hfsc: Ensure inner classes have fsc curve mlxsw: i2c: Limit single transaction buffer size mlxsw: i2c: Fix chunk size setting in output mailbox buffer net: arcnet: Do not call kfree_skb() under local_irq_disable() wifi: ath9k: use IS_ERR() with debugfs_create_dir() wifi: mwifiex: avoid possible NULL skb pointer dereference wifi: ath9k: protect WMI command response buffer replacement with a lock wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx wifi: mwifiex: Fix missed return in oob checks failed path wifi: mwifiex: fix memory leak in mwifiex_histogram_read() fs: ocfs2: namei: check return value of ocfs2_add_entry() lwt: Check LWTUNNEL_XMIT_CONTINUE strictly lwt: Fix return values of BPF xmit ops hwrng: iproc-rng200 - Implement suspend and resume calls hwrng: iproc-rng200 - use semicolons rather than commas to separate statements crypto: caam - fix unchecked return value error Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() crypto: stm32 - Properly handle pm_runtime_get failing wifi: mwifiex: fix error recovery in PCIE buffer descriptor management mwifiex: switch from 'pci_' to 'dma_' API wifi: mwifiex: Fix OOB and integer underflow when rx packets can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() regmap: rbtree: Use alloc_flags for memory allocations tcp: tcp_enter_quickack_mode() should be static bpf: Clear the probe_addr for uprobe cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() perf/imx_ddr: don't enable counter0 if none of 4 counters are used x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved x86/boot: Annotate local functions x86/asm: Make more symbols local OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() tmpfs: verify {g,u}id mount options correctly fs: Fix error checking for d_hash_and_lookup() new helper: lookup_positive_unlocked() eventfd: prevent underflow for eventfd semaphores eventfd: Export eventfd_ctx_do_read() reiserfs: Check the return value from __getblk() Revert "net: macsec: preserve ingress frame ordering" udf: Handle error when adding extent to a file udf: Check consistency of Space Bitmap Descriptor powerpc/32s: Fix assembler warning about r0 net: Avoid address overwrite in kernel_connect platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications ALSA: seq: oss: Fix racy open/close of MIDI devices scsi: storvsc: Always set no_report_opcodes cifs: add a warning when the in-flight count goes negative sctp: handle invalid error codes without calling BUG() bnx2x: fix page fault following EEH recovery netlabel: fix shift wrapping bug in netlbl_catmap_setlong() scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM net: usb: qmi_wwan: add Quectel EM05GV2 clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM security: keys: perform capable check only on privileged operations platform/x86: huawei-wmi: Silence ambient light sensor platform/x86: intel: hid: Always call BTNL ACPI method ASoC: atmel: Fix the 8K sample parameter in I2SC master ASoc: codecs: ES8316: Fix DMIC config fs/nls: make load_nls() take a const parameter s390/dasd: fix hanging device after request requeue s390/dasd: use correct number of retries for ERP requests m68k: Fix invalid .section syntax vxlan: generalize vxlan_parse_gpe_hdr and remove unused args ethernet: atheros: fix return value check in atl1c_tso_csum() ASoC: da7219: Check for failure reading AAD IRQ events ASoC: da7219: Flush pending AAD IRQ when suspending 9p: virtio: make sure 'offs' is initialized in zc_request pinctrl: amd: Don't show `Invalid config param` errors nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() fsi: master-ast-cf: Add MODULE_FIRMWARE macro firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe serial: sc16is7xx: fix bug when first setting GPIO direction Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition staging: rtl8712: fix race condition HID: wacom: remove the battery when the EKR is off USB: serial: option: add FOXCONN T99W368/T99W373 product USB: serial: option: add Quectel EM05G variant (0x030e) modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index mmc: au1xmmc: force non-modular build and remove symbol_get usage ARM: pxa: remove use of symbol_get() erofs: ensure that the post-EOF tails are all zeroed Linux 5.4.256 Revert "MIPS: Alchemy: fix dbdma2" powerpc/pmac/smp: Drop unnecessary volatile qualifier powerpc/pmac/smp: Avoid unused-variable warnings Revert "drm/display/dp: Fix the DP DSC Receiver cap size" Revert "macsec: Fix traffic counters/statistics" Revert "macsec: use DEV_STATS_INC()" ANDROID: GKI: add back pm_runtime_get_if_in_use() Revert "interconnect: Add helpers for enabling/disabling a path" Revert "interconnect: Do not skip aggregation for disabled paths" Revert "ALSA: pcm: Set per-card upper limit of PCM buffer allocations" Revert "ALSA: pcm: Use SG-buffer only when direct DMA is available" Revert "ALSA: pcm: Fix potential data race at PCM memory allocation helpers" Revert "ALSA: pcm: Fix build error on m68k and others" Revert "Revert "ALSA: pcm: Use SG-buffer only when direct DMA is available"" Revert "ALSA: pcm: Check for null pointer of pointer substream before dereferencing it" Linux 5.4.255 dma-buf/sw_sync: Avoid recursive lock during fence signal pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable Documentation/sysctl: document page_lock_unfairness ALSA: pcm: Check for null pointer of pointer substream before dereferencing it interconnect: Do not skip aggregation for disabled paths Revert "ALSA: pcm: Use SG-buffer only when direct DMA is available" ALSA: pcm: Fix build error on m68k and others rtnetlink: Reject negative ifindexes in RTM_NEWLINK mm: allow a controlled amount of unfairness in the page lock x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 drm/display/dp: Fix the DP DSC Receiver cap size PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus media: vcodec: Fix potential array out-of-bounds in encoder queue_setup radix tree: remove unused variable lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Hold rtnl lock during MTU update via netlink batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Don't increase MTU when set by user batman-adv: Trigger events for auto adjusted MTU nfsd: Fix race to FREE_STATEID and cl_revoked clk: Fix slab-out-of-bounds error in devm_clk_release() NFSv4: Fix dropped lock for racing OPEN and delegation return ibmveth: Use dcbf rather than dcbfl bonding: fix macvlan over alb bond support net: remove bond_slave_has_mac_rcu() net/sched: fix a qdisc modification with ambiguous command request igb: Avoid starting unnecessary workqueues net: validate veth and vxcan peer ifindexes net: bcmgenet: Fix return value check for fixed_phy_register() net: bgmac: Fix return value check for fixed_phy_register() ipvlan: Fix a reference count leak warning in ipvlan_ns_exit() dccp: annotate data-races in dccp_poll() sock: annotate data-races around prot->memory_pressure octeontx2-af: SDP: fix receive link config tracing: Fix memleak due to race between current_tracer and trace drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: do not wait for mpc idle if tg is disabled ASoC: fsl_sai: Disable bit clock with transmitter ASoC: fsl_sai: Add new added registers and new bit definition ASoC: fsl_sai: Refine enable/disable TE/RE sequence in trigger() regmap: Account for register length in SMBus I/O limits ALSA: pcm: Fix potential data race at PCM memory allocation helpers ALSA: pcm: Use SG-buffer only when direct DMA is available ALSA: pcm: Set per-card upper limit of PCM buffer allocations dm integrity: reduce vmalloc space footprint on 32-bit architectures dm integrity: increase RECALC_SECTORS to improve recalculate speed fbdev: fix potential OOB read in fast_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: Improve performance of sys_imageblit() MIPS: cpu-features: Use boot_cpu_type for CPU type based features MIPS: cpu-features: Enable octeon_cache by cpu_type fs: dlm: fix mismatch of plock results from userspace fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: change plock interrupted message to debug again fs: dlm: add pid to debug log dlm: replace usage of found with dedicated list iterator variable dlm: improve plock logging if interrupted PCI: acpiphp: Reassign resources on bridge if necessary net: phy: broadcom: stub c45 read/write for 54810 mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled virtio-net: set queues after driver_ok af_unix: Fix null-ptr-deref in unix_stream_sendpage(). netfilter: set default timeout to 3 secs for sctp shutdown send and recv state mmc: block: Fix in_flight[issue_type] value error mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. serial: 8250: Fix oops for port->pm on uart_change_pm() ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: rt5665: add missed regulator_bulk_disable ARM: dts: imx: Set default tuning step for imx6sx usdhc ARM: dts: imx: Set default tuning step for imx7d usdhc ARM: dts: imx: Adjust dma-apbh node name ARM: dts: imx7s: Drop dma-apb interrupt-names bus: ti-sysc: Flush posted write on enable before reset bus: ti-sysc: Improve reset to work with modules with no sysconfig net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps ipvs: fix racy memcpy in proc_do_sync_threshold selftests: mirror_gre_changes: Tighten up the TTL test match xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 xfrm: fix slab-use-after-free in decode_session6 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read btrfs: fix BUG_ON condition in btrfs_cancel_balance tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms powerpc/rtas_flash: allow user copy to flash block cache objects fbdev: mmp: fix value check in mmphw_probe() i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue virtio-mmio: don't break lifecycle of vm_dev virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: convert to devm_platform_ioremap_resource nfsd: Remove incorrect check in nfsd4_validate_stateid nfsd4: kill warnings on testing stateids with mismatched clientids net/ncsi: Fix gma flag setting after response tracing/probes: Fix to update dynamic data counter if fetcharg uses it tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename mmc: sunxi: fix deferred probing mmc: bcm2835: fix deferred probing USB: dwc3: qcom: fix NULL-deref on suspend usb: dwc3: qcom: Add helper functions to enable,disable wake irqs interconnect: Add helpers for enabling/disabling a path interconnect: Move internal structs into a separate file irqchip/mips-gic: Use raw spinlock for gic_lock irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() ALSA: hda: Fix unhandled register update during auto-suspend period PM: runtime: Add pm_runtime_get_if_active() PM-runtime: add tracepoints for usage_count changes iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE iio: addac: stx104: Fix race condition when converting analog-to-digital iio: addac: stx104: Fix race condition for stx104_write_raw() iio: stx104: Move to addac subdirectory iio: adc: stx104: Implement and utilize register structures iio: adc: stx104: Utilize iomap interface iio: add addac subdirectory IMA: allow/fix UML builds powerpc/kasan: Disable KCOV in KASAN code ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() usb: chipidea: imx: don't request QoS for imx8ulp media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames ovl: check type and offset of struct vfsmount in ovl_entry HID: add quirk for 03f0:464a HP Elite Presenter Mouse quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init macsec: use DEV_STATS_INC() macsec: Fix traffic counters/statistics selftests: forwarding: tc_flower: Relax success criterion mmc: sdhci-f-sdh30: Replace with sdhci_pltfm mmc: sdhci_f_sdh30: convert to devm_platform_ioremap_resource Conflicts: drivers/devfreq/devfreq.c drivers/mmc/core/block.c drivers/rpmsg/qcom_glink_native.c include/net/tcp.h Change-Id: Ic33d13451796752e101ed9f9bdb8c80a580af8b5 |
||
|
Greg Kroah-Hartman
|
69365d1ade |
Revert "tracing: Have trace_event_file have ref counters"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
a3aeec7ab8 |
This is the 5.4.262 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGmUACgkQONu9yGCS aT4V7A//YzFdP4ANGVpZ7tBob7OxpgGgvEu32zCDx51LQ8n2uJRJ8WBWW6kVOBUZ YyUEXzjPPaS7JRS1O7TpCGYFWrH0ue9c/xzyvUQyyHEBZvZVj0P3O1iHlAk2FWSG pOTEfW1cFp8vtHwGn82rmIDETu56LMWd+aeVhg6psb2L6ho2LPipCkxN79kbBGSB DLfD71O2Pb3mw8ZYHVC5KKIlfODLqjq9N6T+3VsG4uQCEMHTVAHjjoIvYFeSi1cR MqPXS4/3GUyYUDTe2tjYznkSfPbdARfD1aKKPEXLuq1+q6WqvHCAG7nwgtPT/gd9 JPCxm+9DPN9+YhmEsCJpMSq3pD2eTrD5ZXhYFNc5sOsNw0L4oFRLtrB782snerw+ ogQ8DED4qATn1+x7jfRD7hwMzHih4nAL7zqy32s8knKHfp1+rOOkXfIohfc9qrUI svUjb1B+guuGHwFq6YDzxpUxmhdGqOo262cnU4jfH8lxH+w03vyNxxyQn0ZUUe2I gkvJ5wNpq4QhD/++B/DaCptw0l5AzfjOO+0xlp20xMzn5qW/BS8W26zUXhGeLOAd MHu+fv9DU0mzs3V1MxRvbBQ5gI9TngRWXJSIBCJx5YhZ8gGIhfrzoIzY+IeF6l3F idjruirbfujAQv0vQHuz7JmhHrTG+T90slQ/R8pPud73WGz5BMI= =A+DX -----END PGP SIGNATURE----- Merge 5.4.262 into android11-5.4-lts Changes in 5.4.262 locking/ww_mutex/test: Fix potential workqueue corruption perf/core: Bail out early if the request AUX area is out of bound clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211_hwsim: fix clang-specific fortify warning wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm wifi: ath10k: Don't touch the CE interrupt registers after power up Bluetooth: Fix double free in hci_conn_cleanup platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/komeda: drop all currently held locks if deadlock happens drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL selftests/efivarfs: create-read: fix a resource leak crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W tty: vcc: Add check for kstrdup() in vcc_probe() usb: gadget: f_ncm: Always set current gadget in ncm_bind() i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes media: cobalt: Use FIELD_GET() to extract Link Width drm/amd/display: Avoid NULL dereference of timing generator kgdb: Flush console before entering kgdb on panic ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings pwm: Fix double shift bug wifi: iwlwifi: Use FW rate for non-data frames NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() tipc: Fix kernel-infoleak due to uninitialized TLV value ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail bonding: stop the device in bond_setup_by_slave() net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting netfilter: nf_conntrack_bridge: initialize err to 0 net: stmmac: Rework stmmac_rx() net: stmmac: fix rx budget limit check net/mlx5e: fix double free of encap_header net/mlx5_core: Clean driver version and name net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors macvlan: Don't propagate promisc change to lower dev in passthru tools/power/turbostat: Fix a knl bug cifs: spnego: add ';' in HOST_KEY_LEN media: venus: hfi: add checks to perform sanity on queue pointers randstruct: Fix gcc-plugin performance mode to stay in group bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers x86/cpu/hygon: Fix the CPU topology evaluation for real KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space ACPI: resource: Do IRQ override on TongFang GMxXGxx mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback parisc/pdc: Add width field to struct pdc_model clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks mmc: vub300: fix an error code PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() btrfs: don't arbitrarily slow down delalloc if we're committing jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted kernel/reboot: emergency_restart: Set correct system_state i2c: core: Run atomic i2c xfer when !preemptible mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running mm/cma: use nth_page() in place of direct struct page manipulation i3c: master: cdns: Fix reading status register parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC serial: meson: remove redundant initialization of variable id tty: serial: meson: retrieve port FIFO size from DT serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: fix hard LOCKUP on crtscts mode Bluetooth: btusb: Add flag to define wideband speech capability Bluetooth: btusb: add Realtek 8822CE to usb_device_id table Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 bluetooth: Add device 0bda:887b to device tables bluetooth: Add device 13d3:3571 to device tables Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Revert ncsi: Propagate carrier gain/loss events to the NCSI controller net: dsa: lan9303: consequently nested-lock physical MDIO i2c: i801: fix potential race in i801_block_transaction_byte_by_byte media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware nfsd: fix file memleak on client_opens_release Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: correct the start block of counting reserved clusters ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks drm/amdgpu: fix error handling in amdgpu_bo_list_get() tracing: Have trace_event_file have ref counters netfilter: nf_tables: pass context to nft_set_destroy() netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: drop map element references from preparation phase netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nf_tables: don't skip expired elements during walk netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: double hook unregistration in netns path netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: fix table flag updates netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) Linux 5.4.262 Change-Id: I93e0070751c904fd8a44800ce1756e6e93c1a95b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Steven Rostedt (Google)
|
961c4511c7 |
tracing: Have trace_event_file have ref counters
commit bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 upstream. The following can crash the kernel: # cd /sys/kernel/tracing # echo 'p:sched schedule' > kprobe_events # exec 5>>events/kprobes/sched/enable # > kprobe_events # exec 5>&- The above commands: 1. Change directory to the tracefs directory 2. Create a kprobe event (doesn't matter what one) 3. Open bash file descriptor 5 on the enable file of the kprobe event 4. Delete the kprobe event (removes the files too) 5. Close the bash file descriptor 5 The above causes a crash! BUG: kernel NULL pointer dereference, address: 0000000000000028 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:tracing_release_file_tr+0xc/0x50 What happens here is that the kprobe event creates a trace_event_file "file" descriptor that represents the file in tracefs to the event. It maintains state of the event (is it enabled for the given instance?). Opening the "enable" file gets a reference to the event "file" descriptor via the open file descriptor. When the kprobe event is deleted, the file is also deleted from the tracefs system which also frees the event "file" descriptor. But as the tracefs file is still opened by user space, it will not be totally removed until the final dput() is called on it. But this is not true with the event "file" descriptor that is already freed. If the user does a write to or simply closes the file descriptor it will reference the event "file" descriptor that was just freed, causing a use-after-free bug. To solve this, add a ref count to the event "file" descriptor as well as a new flag called "FREED". The "file" will not be freed until the last reference is released. But the FREE flag will be set when the event is removed to prevent any more modifications to that event from happening, even if there's still a reference to the event "file" descriptor. Link: https://lore.kernel.org/linux-trace-kernel/20231031000031.1e705592@gandalf.local.home/ Link: https://lore.kernel.org/linux-trace-kernel/20231031122453.7a48b923@gandalf.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Fixes: f5ca233e2e66d ("tracing: Increase trace array ref count on enable and filter files") Reported-by: Beau Belgrave <beaub@linux.microsoft.com> Tested-by: Beau Belgrave <beaub@linux.microsoft.com> Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
6b5f21afc2 |
Merge 5.4.259 into android11-5.4-lts
Changes in 5.4.259 RDMA/cxgb4: Check skb value for failure to allocate lib/test_meminit: fix off-by-one error in test_pages() pwm: hibvt: Explicitly set .polarity in .get_state() HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect quota: Fix slow quotaoff net: prevent address rewrite in kernel_bind() drm: etvnaviv: fix bad backport leading to warning drm/msm/dsi: skip the wait for video mode done if not applicable ravb: Fix up dma_free_coherent() call in ravb_remove() ieee802154: ca8210: Fix a potential UAF in ca8210_probe mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type xen-netback: use default TX queue size for vifs drm/vmwgfx: fix typo of sizeof argument ixgbe: fix crash with empty VF macvlan list net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() nfc: nci: assert requested protocol is valid workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() dmaengine: stm32-mdma: abort resume if no ongoing transfer usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: dwc3: Soft reset phy on probe for host usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address iio: pressure: bmp280: Fix NULL pointer exception iio: pressure: dps310: Adjust Timeout Settings iio: pressure: ms5611: ms5611_prom_is_valid false negative bug mcb: remove is_added flag from mcb_device struct libceph: use kernel_connect() ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Input: powermate - fix use-after-free in powermate_config_complete Input: psmouse - fix fast_reconnect function for PS/2 mode Input: xpad - add PXN V900 support cgroup: Remove duplicates in cgroup v1 tasks file pinctrl: avoid unsafe code pattern in find_pinctrl() usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs dmaengine: mediatek: Fix deadlock caused by synchronize_irq() powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() ravb: Fix use-after-free issue in ravb_tx_timeout_work() dev_forward_skb: do not scrub skb mark within the same name space Documentation: sysctl: align cells in second content column usb: hub: Guard against accesses to uninitialized BOS descriptors Bluetooth: hci_event: Ignore NULL link key Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: vhci: Fix race when opening vhci device Bluetooth: hci_event: Fix coding style Bluetooth: avoid memcmp() out of bounds warning ice: fix over-shifted variable nfc: nci: fix possible NULL pointer dereference in send_acknowledge() regmap: fix NULL deref on lookup KVM: x86: Mask LVTPC when handling a PMI netfilter: nft_payload: fix wrong mac header matching qed: fix LL2 RX buffer allocation xfrm: fix a data-race in xfrm_gen_index() xfrm: interface: use DEV_STATS_INC() net: ipv4: fix return value check in esp_remove_trailer net: ipv6: fix return value check in esp_remove_trailer net: rfkill: gpio: prevent value glitch during probe tcp: fix excessive TLP and RACK timeouts from HZ rounding tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb tun: prevent negative ifindex ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr net: usb: smsc95xx: Fix an error code in smsc95xx_reset() i40e: prevent crash on probe if hw registers have invalid values net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section netfilter: nft_set_rbtree: .deactivate fails if element has expired net: pktgen: Fix interface flags printing resource: Add irqresource_disabled() ACPI: Drop acpi_dev_irqresource_disabled() ACPI: resources: Add DMI-based legacy IRQ override quirk ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA ACPI: resource: Add ASUS model S5402ZA to quirks ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 btrfs: initialize start_slot in btrfs_log_prealloc_extents i2c: mux: Avoid potential false error message in i2c_mux_add_adapter overlayfs: set ctime when setting mtime and atime gpio: timberdale: Fix potential deadlock on &tgpio->lock ata: libata-eh: Fix compilation warning in ata_eh_link_report() tracing: relax trace_event_eval_update() execution with cond_resched() HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Bluetooth: Avoid redundant authentication Bluetooth: hci_core: Fix build warnings wifi: mac80211: allow transmitting EAPOL frames with tainted key wifi: cfg80211: avoid leaking stack data into trace regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" sky2: Make sure there is at least one frag_addr available drm: panel-orientation-quirks: Add quirk for One Mix 2S btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c HID: multitouch: Add required quirk for Synaptics 0xcd7e device Bluetooth: hci_event: Fix using memcmp when comparing keys mtd: rawnand: qcom: Unmap the right resource upon probe failure mtd: spinand: micron: correct bitmask for ecc status mtd: physmap-core: Restore map_rom fallback mmc: core: sdio: hold retuning if sdio in 1-bit mode mmc: core: Capture correct oemid-bits for eMMC cards Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" ACPI: irq: Fix incorrect return value in acpi_register_gsi() USB: serial: option: add Telit LE910C4-WWX 0x1035 composition USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Fibocom to DELL custom modem FM101R-GL perf: Disallow mis-matched inherited group reads s390/pci: fix iommu bitmap allocation gpio: vf610: set value before the direction to avoid a glitch ASoC: pxa: fix a memory leak in probe() phy: mapphone-mdm6600: Fix runtime disable on probe phy: mapphone-mdm6600: Fix runtime PM for remove phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins Bluetooth: hci_sock: fix slab oob read in create_monitor_event Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name xfrm6: fix inet6_dev refcount underflow problem Linux 5.4.259 Change-Id: I413388a8527327650b234e3f14fce5ca6137c6c8 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Clément Léger
|
981dfec995 |
tracing: relax trace_event_eval_update() execution with cond_resched()
[ Upstream commit 23cce5f25491968b23fb9c399bbfb25f13870cd9 ] When kernel is compiled without preemption, the eval_map_work_func() (which calls trace_event_eval_update()) will not be preempted up to its complete execution. This can actually cause a problem since if another CPU call stop_machine(), the call will have to wait for the eval_map_work_func() function to finish executing in the workqueue before being able to be scheduled. This problem was observe on a SMP system at boot time, when the CPU calling the initcalls executed clocksource_done_booting() which in the end calls stop_machine(). We observed a 1 second delay because one CPU was executing eval_map_work_func() and was not preempted by the stop_machine() task. Adding a call to cond_resched() in trace_event_eval_update() allows other tasks to be executed and thus continue working asynchronously like before without blocking any pending task at boot time. Link: https://lore.kernel.org/linux-trace-kernel/20230929191637.416931-1-cleger@rivosinc.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Clément Léger <cleger@rivosinc.com> Tested-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Atish Patra <atishp@rivosinc.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8a59cb3011 |
Reapply "ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark""
This reverts commit 541686ad47d2b3eb58a3d809322fe558b3b2c948, which reapplys the original revert as the original is still causing crashes. Bug: 263508491 Cc: Lee Jones <joneslee@google.com> Change-Id: I35cd4d9cef24e64f2dc3afad85d90d588c09e5f0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
574430d8ef |
Revert "ring-buffer: Update "shortest_full" in polling"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
5ca567aeaa |
Merge cf221a7880 ("ring-buffer: Update "shortest_full" in polling") into android11-5.4-lts
Steps on the way to 5.4.258 Change-Id: I023aadde4d7ab16ac9c5393996cc24ed20874e2d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
fc8b7e30fd |
Revert "ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
09125ac12e |
Merge 05264d6551 ("ring-buffer: Avoid softlockup in ring_buffer_resize()") into android11-5.4-lts
Steps on the way to 5.4.258 Change-Id: I7a2c545794738eee776c7e629e6baf2d0c38f119 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d8ca210978 |
Merge d2a6844be5 ("ASoC: meson: spdifin: start hw on dai probe") into android11-5.4-lts
Steps on the way to 5.4.258 Change-Id: I85f1c8953f850461246d7be38934a6c11e7137fa Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Michael Bestas
|
6ef34c09c6
|
Merge tag 'ASB-2023-10-06_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-10-01
* tag 'ASB-2023-10-06_11-5.4' of https://android.googlesource.com/kernel/common:
UPSTREAM: arm64: efi: Make efi_rt_lock a raw_spinlock
UPSTREAM: net: sched: sch_qfq: Fix UAF in qfq_dequeue()
UPSTREAM: net/sched: sch_hfsc: Ensure inner classes have fsc curve
UPSTREAM: net/sched: sch_qfq: account for stab overhead in qfq_enqueue
UPSTREAM: netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
UPSTREAM: af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Linux 5.4.254
sch_netem: fix issues in netem_change() vs get_dist_table()
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: core: Fix legacy /proc parsing buffer overflow
netfilter: nf_tables: report use refcount overflow
nvme-rdma: fix potential unbalanced freeze & unfreeze
nvme-tcp: fix potential unbalanced freeze & unfreeze
btrfs: set cache_block_group_error if we find an error
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
net/mlx5: Allow 0 for total host VFs
dmaengine: mcf-edma: Fix a potential un-allocated memory access
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
IB/hfi1: Fix possible panic during hotplug remove
drivers: net: prevent tun_build_skb() to exceed the packet size limit
dccp: fix data-race around dp->dccps_mss_cache
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net/packet: annotate data-races around tp->status
mISDN: Update parameter type of dsp_cmx_send()
selftests/rseq: Fix build with undefined __weak
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
usb: dwc3: Properly handle processing of pending events
usb-storage: alauda: Fix uninit-value in alauda_check_media()
binder: fix memory leak in binder_init()
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
x86/pkeys: Revert
|
||
|
Steven Rostedt (Google)
|
cf221a7880 |
ring-buffer: Update "shortest_full" in polling
commit 1e0cb399c7653462d9dadf8ab9425337c355d358 upstream. It was discovered that the ring buffer polling was incorrectly stating that read would not block, but that's because polling did not take into account that reads will block if the "buffer-percent" was set. Instead, the ring buffer polling would say reads would not block if there was any data in the ring buffer. This was incorrect behavior from a user space point of view. This was fixed by commit 42fb0a1e84ff by having the polling code check if the ring buffer had more data than what the user specified "buffer percent" had. The problem now is that the polling code did not register itself to the writer that it wanted to wait for a specific "full" value of the ring buffer. The result was that the writer would wake the polling waiter whenever there was a new event. The polling waiter would then wake up, see that there's not enough data in the ring buffer to notify user space and then go back to sleep. The next event would wake it up again. Before the polling fix was added, the code would wake up around 100 times for a hackbench 30 benchmark. After the "fix", due to the constant waking of the writer, it would wake up over 11,0000 times! It would never leave the kernel, so the user space behavior was still "correct", but this definitely is not the desired effect. To fix this, have the polling code add what it's waiting for to the "shortest_full" variable, to tell the writer not to wake it up if the buffer is not as full as it expects to be. Note, after this fix, it appears that the waiter is now woken up around 2x the times it was before (~200). This is a tremendous improvement from the 11,000 times, but I will need to spend some time to see why polling is more aggressive in its wakeups than the read blocking code. Link: https://lore.kernel.org/linux-trace-kernel/20230929180113.01c2cae3@rorschach.local.home Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Fixes: 42fb0a1e84ff ("tracing/ring-buffer: Have polling block on watermark") Reported-by: Julia Lawall <julia.lawall@inria.fr> Tested-by: Julia Lawall <julia.lawall@inria.fr> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Zheng Yejian
|
05264d6551 |
ring-buffer: Avoid softlockup in ring_buffer_resize()
[ Upstream commit f6bd2c92488c30ef53b5bd80c52f0a7eee9d545a ] When user resize all trace ring buffer through file 'buffer_size_kb', then in ring_buffer_resize(), kernel allocates buffer pages for each cpu in a loop. If the kernel preemption model is PREEMPT_NONE and there are many cpus and there are many buffer pages to be allocated, it may not give up cpu for a long time and finally cause a softlockup. To avoid it, call cond_resched() after each cpu buffer allocation. Link: https://lore.kernel.org/linux-trace-kernel/20230906081930.3939106-1-zhengyejian1@huawei.com Cc: <mhiramat@kernel.org> Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
e6807c873d |
tracing: Increase trace array ref count on enable and filter files
[ Upstream commit f5ca233e2e66dc1c249bf07eefa37e34a6c9346a ]
When the trace event enable and filter files are opened, increment the
trace array ref counter, otherwise they can be accessed when the trace
array is being deleted. The ref counter keeps the trace array from being
deleted while those files are opened.
Link: https://lkml.kernel.org/r/20230907024803.456187066@goodmis.org
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Greg Kroah-Hartman
|
2b44f56202 |
This is the 5.4.257 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUOqSMACgkQONu9yGCS
aT6xIg//SVVT7zeyVcdNSchMLT6N1sJKtnplNnhyM6oFPlnyRJbgm608p394osx9
bMkz8QNPugdJz075nFt1blC2qqh2GqNkgaAM1bSKrVmUhBR3ouaO2vKfTamd1qkQ
uHjE2+4NSlJu0zeqF+D+xmYYo3W32XXfDjn64p3dYiEVFtM4J0r633OpkNTZL3KR
b8Ooj0sE6WtG5Lt4I64z74/p8QjK8ESW7N7hYUjADadoycn7ms5wwED6KbXwO+Ed
3piSteS8bddtx+s6pblRwHvRcOMU3NX0rVG8x3lBtdnjAk32/HEsUm7mAycqJdsJ
TQ67UJ4gyqzrCtDfrbhZ9hKpaEHGuy6nnjKfXtnlSKZ+8h4uuxK0rIwFlZuS+sjH
Xm99yiA6KK+CbdR9/ltgQyr5kaTcIqauA6VTjbqqJ3Fuj4OWEz3N2ALUpWeLPNpe
Enl7b5/eQ4B0sDOYDVG4HsjRTt7ZgNVGFxRRp8ZulDKgX9G4M0K2khq/b3PM9aEQ
gkgWDxLt3H0EO+6mRgCA0J3a/TSC6gPgV8t8iNcg5rzlXngJzAajdgi7HBMnhPdl
8y8JCfojtA+RuHWHOEmPXJG1AmwQ4df7szVxbv8WDuidIqv2tb09POo38s/UWHeN
NGM5nh1WSCs4hQBfkx4wk58xSZ/jAh4/Uq6g3GasmqlknhA8TjQ=
=dWOv
-----END PGP SIGNATURE-----
Merge 5.4.257 into android11-5.4-lts
Changes in 5.4.257
erofs: ensure that the post-EOF tails are all zeroed
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
HID: wacom: remove the battery when the EKR is off
staging: rtl8712: fix race condition
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
serial: sc16is7xx: fix bug when first setting GPIO direction
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ethernet: atheros: fix return value check in atl1c_tso_csum()
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
ASoC: atmel: Fix the 8K sample parameter in I2SC master
platform/x86: intel: hid: Always call BTNL ACPI method
platform/x86: huawei-wmi: Silence ambient light sensor
security: keys: perform capable check only on privileged operations
clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
cifs: add a warning when the in-flight count goes negative
scsi: storvsc: Always set no_report_opcodes
ALSA: seq: oss: Fix racy open/close of MIDI devices
platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
net: Avoid address overwrite in kernel_connect
powerpc/32s: Fix assembler warning about r0
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
eventfd: Export eventfd_ctx_do_read()
eventfd: prevent underflow for eventfd semaphores
new helper: lookup_positive_unlocked()
fs: Fix error checking for d_hash_and_lookup()
tmpfs: verify {g,u}id mount options correctly
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
x86/asm: Make more symbols local
x86/boot: Annotate local functions
x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved
perf/imx_ddr: don't enable counter0 if none of 4 counters are used
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
bpf: Clear the probe_addr for uprobe
tcp: tcp_enter_quickack_mode() should be static
regmap: rbtree: Use alloc_flags for memory allocations
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
mwifiex: switch from 'pci_' to 'dma_' API
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
crypto: stm32 - Properly handle pm_runtime_get failing
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
crypto: caam - fix unchecked return value error
hwrng: iproc-rng200 - use semicolons rather than commas to separate statements
hwrng: iproc-rng200 - Implement suspend and resume calls
lwt: Fix return values of BPF xmit ops
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
mlxsw: i2c: Fix chunk size setting in output mailbox buffer
mlxsw: i2c: Limit single transaction buffer size
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
drm/bridge: tc358764: Fix debug print parameter order
quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
drm/etnaviv: fix dumping of active MMU context
ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
ARM: dts: s3c64xx: align pinctrl with dtschema
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
md/bitmap: don't set max_write_behind if there is no write mostly device
md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
drm/tegra: Remove superfluous error messages around platform_get_irq()
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
drm/armada: Fix off-by-one error in armada_overlay_get_property()
drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
drm/msm/mdp5: Don't leak some plane state
smackfs: Prevent underflow in smk_set_cipso()
audit: fix possible soft lockup in __audit_inode_child()
drm/mediatek: Fix potential memory leak if vmap() fail
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
ipmi:ssif: Add check for kstrdup
ipmi:ssif: Fix a memory leak when scanning for an adapter
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
powerpc/fadump: reset dump area size if fadump memory reserve fails
PCI: Add #defines for Enter Compliance, Transmit Margin
drm/amdgpu: Correct Transmit Margin masks
drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/amdgpu: Prefer pcie_capability_read_word()
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Correct Transmit Margin masks
drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/radeon: Prefer pcie_capability_read_word()
drm/radeon: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
serial: sprd: getting port index via serial aliases only
serial: sprd: remove redundant sprd_port cleanup
serial: sprd: Assign sprd_port after initialized to avoid wrong access
serial: sprd: Fix DMA buffer leak issue
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
coresight: tmc: Explicit type conversions to prevent integer overflow
dma-buf/sync_file: Fix docs syntax
driver core: test_async: fix an error code
IB/uverbs: Fix an potential error pointer dereference
iommu/vt-d: Fix to flush cache of PASID directory table
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
media: i2c: ov5640: Configure HVP lines in s_power callback
media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
RDMA/siw: Balance the reference of cep->kref in the error path
RDMA/siw: Correct wrong debug message
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
HID: multitouch: Correct devm device reference for hidinput input_dev name
x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
tracing: Fix race issue between cpu buffer write and swap
phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
rpmsg: glink: Add check for kstrdup
mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
cpufreq: Fix the race condition while updating the transition_task of policy
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
xtensa: PMU: fix base address for the newer hardware
media: dvb: symbol fixup for dvb_attach()
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
fsverity: skip PKCS#7 parser when keyring is empty
pstore/ram: Check start of empty przs during init
s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
sc16is7xx: Set iobase to device index
serial: sc16is7xx: fix broken port 0 uart init
usb: typec: tcpci: clear the fault status bit
udf: initialize newblock to 0
drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create
net/ipv6: SKB symmetric hash should incorporate transport ports
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Fix erroneous link up failure
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: Remove unsupported ql2xenabledif option
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
lib/test_meminit: allocate pages up to order MAX_ORDER
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
kconfig: fix possible buffer overflow
perf annotate bpf: Don't enclose non-debug code with an assert()
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
sctp: annotate data-races around sk->sk_wmem_queued
ipv4: annotate data-races around fi->fib_dead
net: read sk->sk_family once in sk_mc_loop()
igb: disable virtualization features on 82580
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
s390/zcrypt: don't leak memory if dev_set_name() fails
idr: fix param name in idr_alloc_cyclic() doc
ip_tunnels: use DEV_STATS_INC()
netfilter: nfnetlink_osf: avoid OOB read
net: hns3: fix the port information display when sfp is absent
sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
fuse: nlookup missing decrement in fuse_direntplus_link
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
btrfs: use the correct superblock to compare fsid in btrfs_validate_super
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix potential false time out warning
perf hists browser: Fix hierarchy mode header
perf tools: Handle old data in PERF_RECORD_ATTR
usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling
usb: typec: tcpm: Refactor tcpm_handle_vdm_request
usb: typec: bus: verify partner exists in typec_altmode_attention
ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
clk: imx8mm: Move 1443X/1416X PLL clock structure to common place
net: ipv4: fix one memleak in __inet_del_ifa()
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
r8152: check budget for r8152_poll()
kcm: Fix memory leak in error path of kcm_sendmsg()
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
mlxbf-tmfifo: sparse tags for config access
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
drm/amd/display: Fix a bug when searching for insert_above_mpcc
parisc: Drop loops_per_jiffy from per_cpu struct
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
kernel/fork: beware of __put_task_struct() calling context
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
devlink: remove reload failed checks in params get/set callbacks
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
tpm_tis: Resend command to recover from data transfer errors
mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
alx: fix OOB-read compiler warning
wifi: mac80211_hwsim: drop short frames
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
bus: ti-sysc: Configure uart quirks for k3 SoC
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
kobject: Add sanity check for kset->kobj.ktype in kset_register()
tools features: Add feature test to check if libbfd has buildid support
perf jevents: Make build dependency on test JSONs
perf tools: Add an option to build without libbfd
btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h
btrfs: add a helper to read the superblock metadata_uuid
btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
selftests: tracing: Fix to unmount tracefs for recovering environment
md/raid1: fix error: ISO C90 forbids mixed declarations
attr: block mode changes of symlinks
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
tracing: Have current_trace inc the trace array ref count
tracing: Have option files inc the trace array ref count
nfsd: fix change_info in NFSv4 RENAME replies
tracefs: Add missing lockdown check to tracefs_create_dir()
i2c: aspeed: Reset the i2c controller when timeout occurs
scsi: megaraid_sas: Fix deadlock on firmware crashdump
ext4: fix rec_len verify error
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
drm/amdgpu: fix amdgpu_cs_p1_user_fence
net/sched: Retire rsvp classifier
Linux 5.4.257
Change-Id: I99f6978fc0d802b5803005fe903a90aed315d88d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Steven Rostedt (Google)
|
952e477f90 |
tracing: Have option files inc the trace array ref count
commit 7e2cfbd2d3c86afcd5c26b5c4b1dd251f63c5838 upstream.
The option files update the options for a given trace array. For an
instance, if the file is opened and the instance is deleted, reading or
writing to the file will cause a use after free.
Up the ref count of the trace_array when an option file is opened.
Link: https://lkml.kernel.org/r/20230907024804.086679464@goodmis.org
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zheng Yejian <zhengyejian1@huawei.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
ff8cf370d3 |
tracing: Have current_trace inc the trace array ref count
commit 9b37febc578b2e1ad76a105aab11d00af5ec3d27 upstream.
The current_trace updates the trace array tracer. For an instance, if the
file is opened and the instance is deleted, reading or writing to the file
will cause a use after free.
Up the ref count of the trace array when current_trace is opened.
Link: https://lkml.kernel.org/r/20230907024803.877687227@goodmis.org
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zheng Yejian <zhengyejian1@huawei.com>
Fixes:
|
||
|
Zheng Yejian
|
90e037cabc |
tracing: Fix race issue between cpu buffer write and swap
[ Upstream commit 3163f635b20e9e1fb4659e74f47918c9dddfe64e ]
Warning happened in rb_end_commit() at code:
if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing)))
WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142
rb_commit+0x402/0x4a0
Call Trace:
ring_buffer_unlock_commit+0x42/0x250
trace_buffer_unlock_commit_regs+0x3b/0x250
trace_event_buffer_commit+0xe5/0x440
trace_event_buffer_reserve+0x11c/0x150
trace_event_raw_event_sched_switch+0x23c/0x2c0
__traceiter_sched_switch+0x59/0x80
__schedule+0x72b/0x1580
schedule+0x92/0x120
worker_thread+0xa0/0x6f0
It is because the race between writing event into cpu buffer and swapping
cpu buffer through file per_cpu/cpu0/snapshot:
Write on CPU 0 Swap buffer by per_cpu/cpu0/snapshot on CPU 1
-------- --------
tracing_snapshot_write()
[...]
ring_buffer_lock_reserve()
cpu_buffer = buffer->buffers[cpu]; // 1. Suppose find 'cpu_buffer_a';
[...]
rb_reserve_next_event()
[...]
ring_buffer_swap_cpu()
if (local_read(&cpu_buffer_a->committing))
goto out_dec;
if (local_read(&cpu_buffer_b->committing))
goto out_dec;
buffer_a->buffers[cpu] = cpu_buffer_b;
buffer_b->buffers[cpu] = cpu_buffer_a;
// 2. cpu_buffer has swapped here.
rb_start_commit(cpu_buffer);
if (unlikely(READ_ONCE(cpu_buffer->buffer)
!= buffer)) { // 3. This check passed due to 'cpu_buffer->buffer'
[...] // has not changed here.
return NULL;
}
cpu_buffer_b->buffer = buffer_a;
cpu_buffer_a->buffer = buffer_b;
[...]
// 4. Reserve event from 'cpu_buffer_a'.
ring_buffer_unlock_commit()
[...]
cpu_buffer = buffer->buffers[cpu]; // 5. Now find 'cpu_buffer_b' !!!
rb_commit(cpu_buffer)
rb_end_commit() // 6. WARN for the wrong 'committing' state !!!
Based on above analysis, we can easily reproduce by following testcase:
``` bash
#!/bin/bash
dmesg -n 7
sysctl -w kernel.panic_on_warn=1
TR=/sys/kernel/tracing
echo 7 > ${TR}/buffer_size_kb
echo "sched:sched_switch" > ${TR}/set_event
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
while [ true ]; do
echo 1 > ${TR}/per_cpu/cpu0/snapshot
done &
```
To fix it, IIUC, we can use smp_call_function_single() to do the swap on
the target cpu where the buffer is located, so that above race would be
avoided.
Link: https://lore.kernel.org/linux-trace-kernel/20230831132739.4070878-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Fixes:
|
||
Yafang Shao
|
75b8b5b529 |
bpf: Clear the probe_addr for uprobe
[ Upstream commit 5125e757e62f6c1d5478db4c2b61a744060ddf3f ]
To avoid returning uninitialized or random values when querying the file
descriptor (fd) and accessing probe_addr, it is necessary to clear the
variable prior to its use.
Fixes:
|
||
|
Michael Bestas
|
29949ccfbb
|
Merge tag 'ASB-2023-08-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-08-01 CVE-2023-21264 CVE-2020-29374 * tag 'ASB-2023-08-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() ANDROID: ABI: Update allowed list for QCOM UPSTREAM: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition UPSTREAM: x86/mm: Avoid using set_pgd() outside of real PGD pages UPSTREAM: net/sched: flower: fix possible OOB write in fl_set_geneve_opt() Linux 5.4.249 xfs: verify buffer contents when we skip log replay mm: make wait_on_page_writeback() wait for multiple pending writebacks mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback) i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/exynos: vidi: fix a wrong error return ARM: dts: Fix erroneous ADS touchscreen polarities ASoC: nau8824: Add quirk to active-high jack-detect s390/cio: unregister device when the only path is gone usb: gadget: udc: fix NULL dereference in remove() nfcsim.c: Fix error checking for debugfs_create_dir media: cec: core: don't set last_initiator if tx in progress arm64: Add missing Set/Way CMO encodings HID: wacom: Add error check to wacom_parse_and_register() scsi: target: iscsi: Prevent login threads from racing between each other sch_netem: acquire qdisc lock in netem_change() Revert "net: phy: dp83867: perform soft reset and retain established link" netfilter: nfnetlink_osf: fix module autoload netfilter: nf_tables: disallow element updates of bound anonymous sets be2net: Extend xmit workaround to BE3 chip net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch ipvs: align inner_mac_header for encapsulation mmc: usdhi60rol0: fix deferred probing mmc: sh_mmcif: fix deferred probing mmc: sdhci-acpi: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: omap: fix deferred probing mmc: mvsdio: fix deferred probing mmc: mvsdio: convert to devm_platform_ioremap_resource mmc: mtk-sd: fix deferred probing net: qca_spi: Avoid high load if QCA7000 is not available xfrm: Linearize the skb after offloading if needed. ieee802154: hwsim: Fix possible memory leaks rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() x86/mm: Avoid using set_pgd() outside of real PGD pages cifs: Fix potential deadlock when updating vol in cifs_reconnect() cifs: Merge is_path_valid() into get_normalized_path() cifs: Introduce helpers for finding TCP connection cifs: Get rid of kstrdup_const()'d paths cifs: Clean up DFS referral cache nilfs2: prevent general protection fault in nilfs_clear_dirty_page() writeback: fix dereferencing NULL mapping->host on writeback_page_template ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN mmc: meson-gx: remove redundant mmc_request_done() call from irq context cgroup: Do not corrupt task iteration when rebinding subsystem PCI: hv: Fix a race condition bug in hv_pci_query_relations() Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs nilfs2: fix buffer corruption due to concurrent device reads media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvbdev: fix error logic at dvb_register_device() media: dvbdev: Fix memleak in dvb_register_device tick/common: Align tick period during sched_timer setup x86/purgatory: remove PGO flags tracing: Add tracing_reset_all_online_cpus_unlocked() function epoll: ep_autoremove_wake_function should use list_del_init_careful list: add "list_del_init_careful()" to go with "list_empty_careful()" mm: rewrite wait_on_page_bit_common() logic nilfs2: reject devices with insufficient block count Revert "neighbour: Replace zero-length array with flexible-array member" Revert "neighbour: fix unaligned access to pneigh_entry" Revert "tcp: deny tcp_disconnect() when threads are waiting" Linux 5.4.248 mmc: block: ensure error propagation for non-blk drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth neighbour: delete neigh_lookup_nodev as not used net: Remove unused inline function dst_hold_and_use() neighbour: Remove unused inline function neigh_key_eq16() afs: Fix vlserver probe RTT handling selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET net: tipc: resize nlattr array to correct size net: lapbether: only support ethernet devices net/sched: cls_api: Fix lockup on flushing explicitly created chain drm/nouveau: add nv_encoder pointer check for NULL drm/nouveau/kms: Don't change EDID when it hasn't actually changed drm/nouveau/dp: check for NULL nv_connector->native_mode igb: fix nvm.ops.read() error handling sctp: fix an error code in sctp_sf_eat_auth() ipvlan: fix bound dev checking for IPv6 l3s mode IB/isert: Fix incorrect release of isert connection IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix dead lock in ib_isert IB/uverbs: Fix to consider event queue closing also upon non-blocking mode iavf: remove mask from iavf_irq_enable_queues() RDMA/rxe: Fix the use-before-initialization error of resp_pkts RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Remove the unused variable obj net/sched: cls_u32: Fix reference counter leak leading to overflow ping6: Fix send to link-local addresses with VRF. netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM spi: fsl-dspi: avoid SCK glitches with continuous transfers spi: spi-fsl-dspi: Remove unused chip->void_write_data usb: dwc3: gadget: Reset num TRBs before giving back the request serial: lantiq: add missing interrupt ack USB: serial: option: add Quectel EM061KGL series Remove DECnet support from kernel ALSA: hda/realtek: Add a quirk for Compaq N14JP6 net: usb: qmi_wwan: add support for Compal RXM-G1 RDMA/uverbs: Restrict usage of privileged QKEYs nouveau: fix client work fence deletion race powerpc/purgatory: remove PGO flags kexec: support purgatories with .text.hot sections nilfs2: fix possible out-of-bounds segment allocation in resize ioctl nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nios2: dts: Fix tse_mac "max-frame-size" property ocfs2: check new file size on fallocate call ocfs2: fix use-after-free when unmounting read-only filesystem drm:amd:amdgpu: Fix missing buffer object unlock in failure path xen/blkfront: Only check REQ_FUA for writes mips: Move initrd_start check after initrd address sanitisation. MIPS: Alchemy: fix dbdma2 parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() btrfs: handle memory allocation failure in btrfs_csum_one_bio power: supply: Fix logic checking if system is running from battery irqchip/meson-gpio: Mark OF related data as maybe unused regulator: Fix error checking for debugfs_create_dir platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 power: supply: Ratelimit no data debug output ARM: dts: vexpress: add missing cache properties power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() power: supply: sc27xx: Fix external_power_changed race power: supply: ab8500: Fix external_power_changed race s390/dasd: Use correct lock while counting channel queue length dasd: refactor dasd_ioctl_information KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() test_firmware: fix a memory leak with reqs buffer Revert "firmware: arm_sdei: Fix sleep from invalid context BUG" Revert "PM: domains: Fix up terminology with parent/child" Revert "PM: domains: Restore comment indentation for generic_pm_domain.child_links" Revert "scripts/gdb: bail early if there are no generic PD" Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__" Revert "netfilter: nf_tables: don't write table validation state without mutex" Linux 5.4.247 Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" mtd: spinand: macronix: Add support for MX35LFxGE4AD btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() btrfs: check return value of btrfs_commit_transaction in relocation rbd: get snapshot context after exclusive lock is ensured to be held drm/atomic: Don't pollute crtc_state->mode_blob with error pointers cifs: handle empty list of targets in cifs_reconnect() cifs: get rid of unused parameter in reconn_setup_dfs_targets() ext4: only check dquot_initialize_needed() when debugging eeprom: at24: also select REGMAP i2c: sprd: Delete i2c adapter in .remove's error path bonding (gcc13): synchronize bond_{a,t}lb_xmit() types usb: usbfs: Use consistent mmap functions usb: usbfs: Enforce page requirements for mmap pinctrl: meson-axg: add missing GPIOA_18 gpio group rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk ceph: fix use-after-free bug for inodes when flushing capsnaps can: j1939: avoid possible use-after-free when j1939_can_rx_register fails can: j1939: change j1939_netdev_lock type to mutex can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket drm/amdgpu: fix xclk freq on CHIP_STONEY ALSA: hda/realtek: Add Lenovo P3 Tower platform ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 Input: psmouse - fix OOB access in Elantech protocol Input: xpad - delete a Razer DeathAdder mouse VID/PID entry batman-adv: Broken sync while rescheduling delayed work bnxt_en: Query default VLAN before VNIC setup on a VF lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() net: sched: fix possible refcount leak in tc_chain_tmplt_add() net: sched: move rtm_tca_policy declaration to include file rfs: annotate lockless accesses to RFS sock flow table rfs: annotate lockless accesses to sk->sk_rxhash netfilter: ipset: Add schedule point in call_ad(). netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper Bluetooth: L2CAP: Add missing checks for invalid DCID Bluetooth: Fix l2cap_disconnect_req deadlock net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods neighbour: fix unaligned access to pneigh_entry neighbour: Replace zero-length array with flexible-array member spi: qup: Request DMA before enabling clocks i40e: fix build warnings in i40e_alloc.h i40iw: fix build warning in i40iw_manage_apbvt() block/blk-iocost (gcc13): keep large values in a new enum blk-iocost: avoid 64-bit division in ioc_timer_fn Linux 5.4.246 drm/edid: fix objtool warning in drm_cvt_modes() wifi: rtlwifi: 8192de: correct checking of IQK reload drm/edid: Fix uninitialized variable in drm_cvt_modes() RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds RDMA/bnxt_re: Remove set but not used variable 'dev_attr' scsi: dpt_i2o: Do not process completions with invalid addresses scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) regmap: Account for register length when chunking test_firmware: fix the memory leak of the allocated firmware buffer fbcon: Fix null-ptr-deref in soft_cursor ext4: add lockdep annotations for i_data_sem for ea_inode's ext4: disallow ea_inodes with extended attributes ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() ext4: add EA_INODE checking to ext4_iget() tracing/probe: trace_probe_primary_from_call(): checked list_first_entry selinux: don't use make's grouped targets feature yet tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK mmc: vub300: fix invalid response handling wifi: rtlwifi: remove always-true condition pointed out by GCC 12 lib/dynamic_debug.c: use address-of operator on section symbols treewide: Remove uninitialized_var() usage kernel/extable.c: use address-of operator on section symbols eth: sun: cassini: remove dead code gcc-12: disable '-Wdangling-pointer' warning for now ACPI: thermal: drop an always true check x86/boot: Wrap literal addresses in absolute_pointer() flow_dissector: work around stack frame size warning ata: libata-scsi: Use correct device no in ata_find_dev() scsi: stex: Fix gcc 13 warnings misc: fastrpc: reject new invocations during device removal misc: fastrpc: return -EPIPE to invocations on device removal usb: gadget: f_fs: Add unbind event before functionfs_unbind net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 iio: dac: build ad5758 driver when AD5758 is selected iio: dac: mcp4725: Fix i2c_master_send() return value handling iio: light: vcnl4035: fixed chip ID check HID: wacom: avoid integer overflow in wacom_intuos_inout() HID: google: add jewel USB id iio: adc: mxs-lradc: fix the order of two cleanup operations mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() atm: hide unused procfs functions ALSA: oss: avoid missing-prototype warnings netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT wifi: b43: fix incorrect __packed annotation scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed arm64/mm: mark private VM_FAULT_X defines as vm_fault_t ARM: dts: stm32: add pin map for CAN controller on stm32f7 wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() media: dvb-core: Fix use-after-free due on race condition at dvb_net media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() media: dvb_ca_en50221: fix a size write bug media: netup_unidvb: fix irq init by register it at the end of probe media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() media: dvb_demux: fix a bug for the continuity counter ASoC: ssm2602: Add workaround for playback distortions xfrm: Check if_id in inbound policy/secpath match ASoC: dwc: limit the number of overrun messages nbd: Fix debugfs_create_dir error checking fbdev: stifb: Fix info entry in sti_struct on error path fbdev: modedb: Add 1920x1080 at 60 Hz video mode media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE ARM: 9295/1: unwind:fix unwind abort for uleb128 case mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() watchdog: menz069_wdt: fix watchdog initialisation mtd: rawnand: marvell: don't set the NAND frequency select mtd: rawnand: marvell: ensure timing values are written net: dsa: mv88e6xxx: Increase wait after reset deactivation net/sched: flower: fix possible OOB write in fl_set_geneve_opt() udp6: Fix race condition in udp6_sendmsg & connect net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use net: sched: fix NULL pointer dereference in mq_attach net/sched: Prohibit regrafting ingress or clsact Qdiscs net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs net/sched: sch_clsact: Only create under TC_H_CLSACT net/sched: sch_ingress: Only create under TC_H_INGRESS tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set tcp: deny tcp_disconnect() when threads are waiting af_packet: do not use READ_ONCE() in packet_bind() mtd: rawnand: ingenic: fix empty stub helper definitions amd-xgbe: fix the false linkup in xgbe_phy_status af_packet: Fix data-races of pkt_sk(sk)->num. netrom: fix info-leak in nr_write_internal() net/mlx5: fw_tracer, Fix event handling dmaengine: pl330: rename _start to prevent build error iommu/amd: Don't block updates to GATag if guest mode is on iommu/rockchip: Fix unwind goto issue RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx RDMA/bnxt_re: Refactor queue pair creation code RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series RDMA/efa: Fix unsupported page sizes in device Linux 5.4.245 netfilter: ctnetlink: Support offloaded conntrack entry deletion ipv{4,6}/raw: fix output xfrm lookup wrt protocol binder: fix UAF caused by faulty buffer cleanup bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() io_uring: have io_kill_timeout() honor the request references io_uring: don't drop completion lock before timer is fully initialized io_uring: always grab lock in io_cancel_async_work() cdc_ncm: Fix the build warning net/mlx5: Devcom, serialize devcom registration net/mlx5: devcom only supports 2 ports fs: fix undefined behavior in bit shift for SB_NOUSER power: supply: bq24190: Call power_supply_changed() after updating input current power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier() power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize cdc_ncm: Implement the 32-bit version of NCM Transfer Block Linux 5.4.244 3c589_cs: Fix an error handling path in tc589_probe() net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device net/mlx5: Fix error message when failing to allocate device memory forcedeth: Fix an error handling path in nv_probe() ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg x86/show_trace_log_lvl: Ensure stack pointer is aligned, again xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() power: supply: sbs-charger: Fix INHIBITED bit for Status reg power: supply: bq27xxx: Fix poll_interval handling and races on remove power: supply: bq27xxx: Fix I2C IRQ race on remove power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition power: supply: leds: Fix blink to LED on transition ipv6: Fix out-of-bounds access in ipv6_find_tlv() bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields selftests: fib_tests: mute cleanup error message net: fix skb leak in __skb_tstamp_tx() media: radio-shark: Add endpoint checks USB: sisusbvga: Add endpoint checks USB: core: Add routines for endpoint checks in old drivers udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). net: fix stack overflow when LRO is disabled for virtual interfaces fbdev: udlfb: Fix endpoint check debugobjects: Don't wake up kswapd from fill_pool() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms parisc: Fix flush_dcache_page() for usage from irq context selftests/memfd: Fix unknown type name build failure x86/mm: Avoid incomplete Global INVLPG flushes btrfs: use nofs when cleaning up aborted transactions gpio: mockup: Fix mode of debugfs files parisc: Allow to reboot machine after system halt parisc: Handle kgdb breakpoints only in kernel context m68k: Move signal frame following exception on 68020/030 ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/ca0132: add quirk for EVGA X299 DARK mt76: mt7615: Fix build with older compilers spi: fsl-cpm: Use 16 bit mode for large transfers with even size spi: fsl-spi: Re-organise transfer bits_per_word adaptation watchdog: sp5100_tco: Immediately trigger upon starting. s390/qdio: fix do_sqbs() inline assembly constraint s390/qdio: get rid of register asm vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF vc_screen: rewrite vcs_size to accept vc, not inode usb: gadget: u_ether: Fix host MAC address case usb: gadget: u_ether: Convert prints to device prints lib/string_helpers: Introduce string_upper() and string_lower() helpers HID: wacom: add three styli to wacom_intuos_get_tool_type HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs HID: wacom: Force pen out of prox if no events have been received in a while netfilter: nf_tables: hold mutex on netns pre_exit path netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag netfilter: nf_tables: stricter validation of element data netfilter: nf_tables: allow up to 64 bytes in the set element data area netfilter: nf_tables: add nft_setelem_parse_key() netfilter: nf_tables: validate registers coming from userspace. netfilter: nftables: statify nft_parse_register() netfilter: nftables: add nft_parse_register_store() and use it netfilter: nftables: add nft_parse_register_load() and use it nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() powerpc/64s/radix: Fix soft dirty tracking tpm/tpm_tis: Disable interrupts for more Lenovo devices ceph: force updating the msg pointer in non-split case serial: Add support for Advantech PCI-1611U card statfs: enforce statfs[64] structure initialization KVM: x86: do not report a vCPU as preempted outside instruction boundaries can: kvaser_pciefd: Disable interrupts in probe error path can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt can: kvaser_pciefd: Clear listen-only bit if not explicitly requested can: kvaser_pciefd: Empty SRB buffer in probe can: kvaser_pciefd: Call request_irq() before enabling interrupts can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table ALSA: hda: Fix Oops by 9.1 surround channel names usb: typec: altmodes/displayport: fix pin_assignment_show usb: dwc3: debugfs: Resume dwc3 before accessing registers USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value usb-storage: fix deadlock when a scsi command timeouts more than once USB: usbtmc: Fix direction for 0-length ioctl control messages vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() igb: fix bit_shift to be in [1..8] range cassini: Fix a memory leak in the error handling path of cas_init_one() wifi: iwlwifi: mvm: don't trust firmware n_channels net: bcmgenet: Restore phy_stop() depending upon suspend/close net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() drm/exynos: fix g2d_open/close helper function definitions media: netup_unidvb: fix use-after-free at del_timer() net: hns3: fix reset delay time to avoid configuration timeout net: hns3: fix sending pfc frames after reset issue erspan: get the proto with the md version for collect_md ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode ip6_gre: Make o_seqno start from 0 in native mode ip6_gre: Fix skb_under_panic in __gre6_xmit() serial: arc_uart: fix of_iomap leak in `arc_serial_probe` vsock: avoid to close connected socket after the timeout ALSA: firewire-digi00x: prevent potential use after free net: fec: Better handle pm_runtime_get() failing in .remove() af_key: Reject optional tunnel/BEET mode templates in outbound policies cpupower: Make TSC read per CPU for Mperf monitor ASoC: fsl_micfil: register platform component before registering cpu dai btrfs: fix space cache inconsistency after error loading it from disk btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid mfd: dln2: Fix memory leak in dln2_probe() phy: st: miphy28lp: use _poll_timeout functions for waits Input: xpad - add constants for GIP interface numbers iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any clk: tegra20: fix gcc-7 constant overflow warning RDMA/core: Fix multiple -Warray-bounds warnings recordmcount: Fix memory leaks in the uwrite function sched: Fix KCSAN noinstr violation mcb-pci: Reallocate memory region to avoid memory overlapping serial: 8250: Reinit port->pm on port specific driver unbind usb: typec: tcpm: fix multiple times discover svids error HID: wacom: generic: Set battery quirk only when we see battery data spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 HID: logitech-hidpp: Reconcile USB and Unifying serials HID: logitech-hidpp: Don't use the USB serial for USB devices staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf wifi: iwlwifi: pcie: fix possible NULL pointer dereference samples/bpf: Fix fout leak in hbm's run_bpf_prog f2fs: fix to drop all dirty pages during umount() if cp_error is set ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() ext4: set goal start correctly in ext4_mb_normalize_request gfs2: Fix inode height consistency check scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition lib: cpu_rmap: Avoid use after free on rmap->obj array entries scsi: target: iscsit: Free cmds before session free net: Catch invalid index in XPS mapping net: pasemi: Fix return type of pasemi_mac_start_tx() scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow ext2: Check block size validity during mount wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects ACPICA: Avoid undefined behavior: applying zero offset to null pointer drm/tegra: Avoid potential 32-bit integer overflow ACPI: EC: Fix oops when removing custom query handlers firmware: arm_sdei: Fix sleep from invalid context BUG memstick: r592: Fix UAF bug in r592_remove due to race condition regmap: cache: Return error in cache sync operations for REGCACHE_NONE drm/amd/display: Use DC_LOG_DC in the trasform pixel function fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() af_unix: Fix data races around sk->sk_shutdown. af_unix: Fix a data race of sk->sk_receive_queue->qlen. net: datagram: fix data-races in datagram_poll() ipvlan:Fix out-of-bounds caused by unclear skb->cb net: add vlan_get_protocol_and_depth() helper net: tap: check vlan with eth_type_vlan() method net: annotate sk->sk_err write from do_recvmmsg() netlink: annotate accesses to nlk->cb_running netfilter: conntrack: fix possible bug_on with enable_hooks=1 net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). linux/dim: Do nothing if no time delta between samples ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings drm/mipi-dsi: Set the fwnode for mipi_dsi_device driver core: add a helper to setup both the of_node and fwnode of a device Linux 5.4.243 drm/amd/display: Fix hang when skipping modeset mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() drm/msm: Fix double pm_runtime_disable() call PM: domains: Restore comment indentation for generic_pm_domain.child_links printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors drbd: correctly submit flush bio on barrier serial: 8250: Fix serial8250_tx_empty() race with DMA Tx tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH ext4: fix invalid free tracking in ext4_xattr_move_to_block() ext4: remove a BUG_ON in ext4_mb_release_group_pa() ext4: bail out of ext4_xattr_ibody_get() fails for any reason ext4: add bounds checking in get_max_inline_xattr_value_size() ext4: fix deadlock when converting an inline directory in nojournal mode ext4: improve error recovery code paths in __ext4_remount() ext4: fix data races when using cached status extents ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum ext4: fix WARNING in mb_find_extent HID: wacom: insert timestamp to packed Bluetooth (BT) events HID: wacom: Set a default resolution for older tablets drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() drm/panel: otm8009a: Set backlight parent to panel device f2fs: fix potential corruption when moving a directory ARM: dts: s5pv210: correct MIPI CSIS clock name ARM: dts: exynos: fix WM8960 clock name in Itop Elite remoteproc: st: Call of_node_put() on iteration error remoteproc: stm32: Call of_node_put() on iteration error sh: nmi_debug: fix return value of __setup handler sh: init: use OF_EARLY_FLATTREE for early init sh: math-emu: fix macro redefined warning inotify: Avoid reporting event with invalid wd platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i cifs: fix pcchunk length type in smb2_copychunk_range btrfs: print-tree: parent bytenr must be aligned to sector size btrfs: don't free qgroup space unless specified btrfs: fix btrfs_prev_leaf() to not return the same key twice perf symbols: Fix return incorrect build_id size in elf_read_build_id() perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() perf vendor events power9: Remove UTF-8 characters from JSON files virtio_net: suppress cpu stall when free_unused_bufs virtio_net: split free_unused_bufs() net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621 ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` drm/amdgpu: add a missing lock for AMDGPU_SCHED af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). ionic: remove noise from ethtool rxnfc error msg rxrpc: Fix hard call timeout units net/sched: act_mirred: Add carrier check writeback: fix call of incorrect macro net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() net/sched: cls_api: remove block_cb from driver_list before freeing net/ncsi: clear Tx enable mode when handling a Config required AEN relayfs: fix out-of-bounds access in relay_file_read kernel/relay.c: fix read_pos error when multiple readers crypto: safexcel - Cleanup ring IRQ workqueues on load failure crypto: inside-secure - irq balance dm verity: fix error handling for check_at_most_once on FEC dm verity: skip redundant verity_handle_err() on I/O errors mailbox: zynqmp: Fix counts of child nodes mailbox: zynq: Switch to flexible array to simplify code tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem nohz: Add TICK_DEP_BIT_RCU netfilter: nf_tables: deactivate anonymous set from preparation phase debugobject: Ensure pool refill (again) perf intel-pt: Fix CYC timestamps after standalone CBR perf auxtrace: Fix address filter entire kernel size dm ioctl: fix nested locking in table_clear() to remove deadlock concern dm flakey: fix a crash with invalid table line dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path dm clone: call kmem_cache_destroy() in dm_clone_init() error path s390/dasd: fix hanging blockdevice after request requeue btrfs: scrub: reject unsupported scrub flags scripts/gdb: fix lx-timerlist for Python3 clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent wifi: rtl8xxxu: RTL8192EU always needs full init mailbox: zynqmp: Fix typo in IPI documentation mailbox: zynqmp: Fix IPI isr handling md/raid10: fix null-ptr-deref in raid10_sync_request nilfs2: fix infinite loop in nilfs_mdt_get_block() nilfs2: do not write dirty data after degenerating to read-only parisc: Fix argument pointer in real64_call_asm() afs: Fix updating of i_size with dv jump from server dmaengine: at_xdmac: do not enable all cyclic channels dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing dmaengine: dw-edma: Fix to change for continuous transfer phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port pwm: mtk-disp: Disable shadow registers before setting backlight values pwm: mtk-disp: Adjust the clocks to avoid them mismatch pwm: mtk-disp: Don't check the return code of pwmchip_remove() dmaengine: mv_xor_v2: Fix an error code. leds: TI_LMU_COMMON: select REGMAP instead of depending on it ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline openrisc: Properly store r31 to pt_regs on unhandled exceptions clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails clocksource: davinci: axe a pointless __GFP_NOFAIL clocksource/drivers/davinci: Avoid trailing '\n' hidden in pr_fmt() RDMA/mlx5: Use correct device num_ports when modify DC SUNRPC: remove the maximum number of retries in call_bind_status Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe input: raspberrypi-ts: Release firmware handle when not needed firmware: raspberrypi: Introduce devm_rpi_firmware_get() firmware: raspberrypi: Keep count of all consumers NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order RDMA/siw: Remove namespace check from siw_netdev_event() clk: add missing of_node_put() in "assigned-clocks" property parsing power: supply: generic-adc-battery: fix unit scaling rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() rtc: omap: include header for omap_rtc_power_off_program prototype RDMA/rdmavt: Delete unnecessary NULL check RDMA/siw: Fix potential page_array out of range access perf/core: Fix hardlockup failure caused by perf throttle powerpc/rtas: use memmove for potentially overlapping buffer copy macintosh: via-pmu-led: requires ATA to be set powerpc/sysdev/tsi108: fix resource printk format warnings powerpc/wii: fix resource printk format warnings powerpc/mpc512x: fix resource printk format warning macintosh/windfarm_smu_sat: Add missing of_node_put() spmi: Add a check for remove callback when removing a SPMI driver staging: rtl8192e: Fix W_DISABLE# does not work after stop/start serial: 8250: Add missing wakeup event reporting tty: serial: fsl_lpuart: adjust buffer length to the intended size firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe usb: mtu3: fix kernel panic at qmu transfer done irq handler usb: chipidea: fix missing goto in `ci_hdrc_probe` sh: sq: Fix incorrect element size for allocating bitmap buffer uapi/linux/const.h: prefer ISO-friendly __typeof__ spi: cadence-quadspi: fix suspend-resume implementations mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure mtd: spi-nor: cadence-quadspi: Provide a way to disable DAC mode mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry scripts/gdb: bail early if there are no generic PD PM: domains: Fix up terminology with parent/child scripts/gdb: bail early if there are no clocks ia64: salinfo: placate defined-but-not-used warning ia64: mm/contig: fix section mismatch warning/error of: Fix modalias string generation vmci_host: fix a race condition in vmci_host_poll() causing GPF spi: fsl-spi: Fix CPM/QE mode Litte Endian spi: qup: Don't skip cleanup in remove's error path linux/vt_buffer.h: allow either builtin or modular for macros ASoC: es8316: Handle optional IRQ assignment ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() PCI: imx6: Install the fault handler only on compatible match usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition iio: light: max44009: add missing OF device matching fpga: bridge: fix kernel-doc parameter description usb: host: xhci-rcar: remove leftover quirk handling pstore: Revert pmsg_lock back to a normal mutex tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. net: amd: Fix link leak when verifying config failed netlink: Use copy_to_user() for optval in netlink_getsockopt(). Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" ipv4: Fix potential uninit variable access bug in __ip_make_skb() netfilter: nf_tables: don't write table validation state without mutex bpf: Don't EFAULT for getsockopt with optval=NULL ixgbe: Enable setting RSS table to default values ixgbe: Allow flow hash to be set via ethtool wifi: iwlwifi: mvm: check firmware response size wifi: iwlwifi: make the loop for card preparation effective md/raid10: fix memleak of md thread md: update the optimal I/O size on reshape md/raid10: fix memleak for 'conf->bio_split' md/raid10: fix leak of 'r10bio->remaining' for recovery bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" nvme: fix async event trace event nvme: handle the persistent internal error AER bpf, sockmap: fix deadlocks in the sockhash and sockmap scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() crypto: drbg - Only fail when jent is unavailable in FIPS mode crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors bpftool: Fix bug for long instructions in program CFG dumps wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() rtlwifi: Replace RT_TRACE with rtl_dbg rtlwifi: Start changing RT_TRACE into rtl_dbg f2fs: handle dqget error in f2fs_transfer_project_quota() scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS scsi: target: iscsit: Fix TAS handling during conn cleanup net/packet: convert po->auxdata to an atomic flag net/packet: convert po->origdev to an atomic flag net/packet: annotate accesses to po->xmit vlan: partially enable SIOCSHWTSTAMP in container scm: fix MSG_CTRUNC setting condition for SO_PASSSEC wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() tools: bpftool: Remove invalid \' json escape wifi: ath6kl: reduce WARN to dev_dbg() in callback wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() wifi: ath9k: hif_usb: fix memory leak of remain_skbs wifi: ath6kl: minor fix for allocation size tick/common: Align tick period with the HZ tick. tick: Get rid of tick_period tick/sched: Optimize tick_do_update_jiffies64() further tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64() tick/sched: Use tick_next_period for lockless quick check timekeeping: Split jiffies seqlock debugobject: Prevent init race with static objects arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() regulator: stm32-pwr: fix of_iomap leak media: rc: gpio-ir-recv: Fix support for wake-up media: rcar_fdp1: Fix refcount leak in probe and remove function media: rcar_fdp1: Fix the correct variable assignments media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() media: rcar_fdp1: fix pm_runtime_get_sync() usage count media: rcar_fdp1: simplify error check logic at fdp_open() media: saa7134: fix use after free bug in saa7134_finidev due to race condition media: dm1105: Fix use after free bug in dm1105_remove due to race condition x86/apic: Fix atomic update of offset in reserve_eilvt_offset() regulator: core: Avoid lockdep reports when resolving supplies regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data drm/msm/adreno: drop bogus pm_runtime_set_active() drm/msm/adreno: Defer enabling runpm until hw_init() drm/msm: fix unbalanced pm_runtime_enable in adreno_gpu_{init, cleanup} firmware: qcom_scm: Clear download bit during reboot media: av7110: prevent underflow in write_ts_to_decoder() media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format. media: bdisp: Add missing check for create_workqueue ARM: dts: qcom: ipq8064: Fix the PCI I/O port range ARM: dts: qcom: ipq8064: reduce pci IO size to 64K ARM: dts: qcom: ipq4019: Fix the PCI I/O port range EDAC/skx: Fix overflows on the DRAM row address mapping arrays arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table drm/probe-helper: Cancel previous job before starting new one drm/vgem: add missing mutex_destroy drm/rockchip: Drop unbalanced obj unref erofs: fix potential overflow calculating xattr_isize erofs: stop parsing non-compact HEAD index if clusterofs is invalid tpm, tpm_tis: Do not skip reset of original interrupt vector selinux: ensure av_permissions.h is built when needed selinux: fix Makefile dependencies of flask.h ubifs: Free memory for tmpfile name ubi: Fix return value overwrite issue in try_write_vid_and_data() ubifs: Fix memleak when insert_old_idx() failed Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" i2c: omap: Fix standard mode false ACK readings KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted reiserfs: Add security prefix to xattr name in reiserfs_security_write() ring-buffer: Sync IRQ works before buffer destruction pwm: meson: Fix g12a ao clk81 name pwm: meson: Fix axg ao mux parents kheaders: Use array declaration instead of char ipmi: fix SSIF not responding under certain cond. ipmi:ssif: Add send_retries increment MIPS: fw: Allow firmware to pass a empty env xhci: fix debugfs register accesses while suspended debugfs: regset32: Add Runtime PM support staging: iio: resolver: ads1210: fix config mode perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE) USB: dwc3: fix runtime pm imbalance on unbind USB: dwc3: fix runtime pm imbalance on probe errors asm-generic/io.h: suppress endianness warnings for readq() and writeq() ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 iio: adc: palmas_gpadc: fix NULL dereference on rmmod USB: serial: option: add UNISOC vendor and TOZED LT70C product bluetooth: Perform careful capability checks in hci_sock_ioctl() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() counter: 104-quad-8: Fix race condition between FLAG and CNTR reads Conflicts: drivers/firmware/qcom_scm.c drivers/md/dm-verity-target.c drivers/usb/dwc3/core.c drivers/usb/dwc3/debugfs.c drivers/usb/gadget/function/f_fs.c Change-Id: Iedad1fcca99a9b739e08ea6d60988800b3a7aefa |
||
|
Greg Kroah-Hartman
|
ef75d6901c |
This is the 5.4.255 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTvUhUACgkQONu9yGCS
aT4bKA//VvBb7CUEq4FFMv5qig67dKUIqJVfpwLrqaCqVR8B0QonL1M5dcKXywwT
zFqcQNGmgig9TtbYmrLtcpI/v3J3jilY7/an5dWBEPteyZgpkpAwO3M7MinbtIbj
qRkU5qN/zojUMqgWUYRenICeiN4EOVQ64/Q9fhbj2yFBeQWzCFb0eoeF059DocTD
UzN1Ls+cYHvZEDi0VEiapQzYX1JcxMbuWaGDttQLDvjV6FMaExT5mIobDqSF+9MA
MS9GGj3R/Q+NjOi/AXEMfnWGEYPLsX5hgM3ok2hjyneJiw1J6OqxG1JoPJAnDUEH
d3u/tlcWQ0j/QP0iNZBvC9aVC9YBndOoaAny5QINoLGQsbeCbZ34cKs80p76xTBa
Vvl/B2pFu3pGVBk7f37rf/D2v/MTxkDONxwBzG4J6uDViPgpIDK7UExjGDub6gf1
Ii5HmXvGCNwIk3NnCpdaHUQy3XRI7cz24kvDZsqkalMW6GYwlVNj9gikcW3dfOVY
Jsdufo9fM5N3jXbru3NW61ne024+NxGRd3SnUsYB/saKfUZAxm0S/O34fzQi3wZx
VLXFB85DIY5gkYl2VeycDZzmVkFEaDP4vzDR1gCmMTaiQsyQuD5wma6dUGggdF/2
fvigMgosamWhHHHByASp9RxYRBwTe7vEdFE4+8gbEa7NxMoBcg8=
=Dhtw
-----END PGP SIGNATURE-----
Merge 5.4.255 into android11-5.4-stable
Changes in 5.4.255
mmc: sdhci_f_sdh30: convert to devm_platform_ioremap_resource
mmc: sdhci-f-sdh30: Replace with sdhci_pltfm
selftests: forwarding: tc_flower: Relax success criterion
macsec: Fix traffic counters/statistics
macsec: use DEV_STATS_INC()
drm/radeon: Fix integer overflow in radeon_cs_parser_init
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
quota: Properly disable quotas when add_dquot_ref() fails
quota: fix warning in dqgrab()
HID: add quirk for 03f0:464a HP Elite Presenter Mouse
ovl: check type and offset of struct vfsmount in ovl_entry
udf: Fix uninitialized array access for some pathnames
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
MIPS: dec: prom: Address -Warray-bounds warning
FS: JFS: Fix null-ptr-deref Read in txBegin
FS: JFS: Check for read-only mounted filesystem in txBegin
media: v4l2-mem2mem: add lock to protect parameter num_rdy
media: platform: mediatek: vpu: fix NULL ptr dereference
usb: chipidea: imx: don't request QoS for imx8ulp
gfs2: Fix possible data races in gfs2_show_options()
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
Bluetooth: L2CAP: Fix use-after-free
drm/amdgpu: Fix potential fence use-after-free v2
ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
powerpc/kasan: Disable KCOV in KASAN code
IMA: allow/fix UML builds
iio: add addac subdirectory
iio: adc: stx104: Utilize iomap interface
iio: adc: stx104: Implement and utilize register structures
iio: stx104: Move to addac subdirectory
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: addac: stx104: Fix race condition when converting analog-to-digital
iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
PM-runtime: add tracepoints for usage_count changes
PM: runtime: Add pm_runtime_get_if_active()
ALSA: hda: Fix unhandled register update during auto-suspend period
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
irqchip/mips-gic: Use raw spinlock for gic_lock
interconnect: Move internal structs into a separate file
interconnect: Add helpers for enabling/disabling a path
usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
USB: dwc3: qcom: fix NULL-deref on suspend
mmc: bcm2835: fix deferred probing
mmc: sunxi: fix deferred probing
leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs
tracing/probes: Fix to update dynamic data counter if fetcharg uses it
net/ncsi: Fix gma flag setting after response
nfsd4: kill warnings on testing stateids with mismatched clientids
nfsd: Remove incorrect check in nfsd4_validate_stateid
virtio-mmio: convert to devm_platform_ioremap_resource
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: don't break lifecycle of vm_dev
i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
fbdev: mmp: fix value check in mmphw_probe()
powerpc/rtas_flash: allow user copy to flash block cache objects
tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms
btrfs: fix BUG_ON condition in btrfs_cancel_balance
net: xfrm: Fix xfrm_address_filter OOB read
net: af_key: fix sadb_x_filter validation
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
xfrm: fix slab-use-after-free in decode_session6
ip6_vti: fix slab-use-after-free in decode_session6
ip_vti: fix potential slab-use-after-free in decode_session6
xfrm: add NULL check in xfrm_update_ae_params
selftests: mirror_gre_changes: Tighten up the TTL test match
ipvs: fix racy memcpy in proc_do_sync_threshold
netfilter: nft_dynset: disallow object maps
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
i40e: fix misleading debug logs
net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
sock: Fix misuse of sk_under_memory_pressure()
net: do not allow gso_size to be set to GSO_BY_FRAGS
bus: ti-sysc: Improve reset to work with modules with no sysconfig
bus: ti-sysc: Flush posted write on enable before reset
ARM: dts: imx7s: Drop dma-apb interrupt-names
ARM: dts: imx: Adjust dma-apbh node name
ARM: dts: imx: Set default tuning step for imx7d usdhc
ARM: dts: imx: Set default tuning step for imx6sx usdhc
ASoC: rt5665: add missed regulator_bulk_disable
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
serial: 8250: Fix oops for port->pm on uart_change_pm()
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
cifs: Release folio lock on fscache read hit.
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
mmc: block: Fix in_flight[issue_type] value error
netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
virtio-net: set queues after driver_ok
net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove
net: phy: broadcom: stub c45 read/write for 54810
PCI: acpiphp: Reassign resources on bridge if necessary
dlm: improve plock logging if interrupted
dlm: replace usage of found with dedicated list iterator variable
fs: dlm: add pid to debug log
fs: dlm: change plock interrupted message to debug again
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: fix mismatch of plock results from userspace
MIPS: cpu-features: Enable octeon_cache by cpu_type
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
fbdev: Improve performance of sys_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: fix potential OOB read in fast_imageblit()
dm integrity: increase RECALC_SECTORS to improve recalculate speed
dm integrity: reduce vmalloc space footprint on 32-bit architectures
ALSA: pcm: Set per-card upper limit of PCM buffer allocations
ALSA: pcm: Use SG-buffer only when direct DMA is available
ALSA: pcm: Fix potential data race at PCM memory allocation helpers
regmap: Account for register length in SMBus I/O limits
ASoC: fsl_sai: Refine enable/disable TE/RE sequence in trigger()
ASoC: fsl_sai: Add new added registers and new bit definition
ASoC: fsl_sai: Disable bit clock with transmitter
drm/amd/display: do not wait for mpc idle if tg is disabled
drm/amd/display: check TG is non-null before checking if enabled
tracing: Fix memleak due to race between current_tracer and trace
octeontx2-af: SDP: fix receive link config
sock: annotate data-races around prot->memory_pressure
dccp: annotate data-races in dccp_poll()
ipvlan: Fix a reference count leak warning in ipvlan_ns_exit()
net: bgmac: Fix return value check for fixed_phy_register()
net: bcmgenet: Fix return value check for fixed_phy_register()
net: validate veth and vxcan peer ifindexes
igb: Avoid starting unnecessary workqueues
net/sched: fix a qdisc modification with ambiguous command request
net: remove bond_slave_has_mac_rcu()
bonding: fix macvlan over alb bond support
ibmveth: Use dcbf rather than dcbfl
NFSv4: Fix dropped lock for racing OPEN and delegation return
clk: Fix slab-out-of-bounds error in devm_clk_release()
nfsd: Fix race to FREE_STATEID and cl_revoked
batman-adv: Trigger events for auto adjusted MTU
batman-adv: Don't increase MTU when set by user
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Hold rtnl lock during MTU update via netlink
lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
radix tree: remove unused variable
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
drm/display/dp: Fix the DP DSC Receiver cap size
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
mm: allow a controlled amount of unfairness in the page lock
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
ALSA: pcm: Fix build error on m68k and others
Revert "ALSA: pcm: Use SG-buffer only when direct DMA is available"
interconnect: Do not skip aggregation for disabled paths
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
Documentation/sysctl: document page_lock_unfairness
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
scsi: snic: Fix double free in snic_tgt_create()
scsi: core: raid_class: Remove raid_component_add()
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function}
dma-buf/sw_sync: Avoid recursive lock during fence signal
Linux 5.4.255
Change-Id: I564de3c67511761f8a5d1d21b5373a5cbdf90dca
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Zheng Yejian
|
05319d7077 |
tracing: Fix memleak due to race between current_tracer and trace
[ Upstream commit eecb91b9f98d6427d4af5fdb8f108f52572a39e7 ]
Kmemleak report a leak in graph_trace_open():
unreferenced object 0xffff0040b95f4a00 (size 128):
comm "cat", pid 204981, jiffies 4301155872 (age 99771.964s)
hex dump (first 32 bytes):
e0 05 e7 b4 ab 7d 00 00 0b 00 01 00 00 00 00 00 .....}..........
f4 00 01 10 00 a0 ff ff 00 00 00 00 65 00 10 00 ............e...
backtrace:
[<000000005db27c8b>] kmem_cache_alloc_trace+0x348/0x5f0
[<000000007df90faa>] graph_trace_open+0xb0/0x344
[<00000000737524cd>] __tracing_open+0x450/0xb10
[<0000000098043327>] tracing_open+0x1a0/0x2a0
[<00000000291c3876>] do_dentry_open+0x3c0/0xdc0
[<000000004015bcd6>] vfs_open+0x98/0xd0
[<000000002b5f60c9>] do_open+0x520/0x8d0
[<00000000376c7820>] path_openat+0x1c0/0x3e0
[<00000000336a54b5>] do_filp_open+0x14c/0x324
[<000000002802df13>] do_sys_openat2+0x2c4/0x530
[<0000000094eea458>] __arm64_sys_openat+0x130/0x1c4
[<00000000a71d7881>] el0_svc_common.constprop.0+0xfc/0x394
[<00000000313647bf>] do_el0_svc+0xac/0xec
[<000000002ef1c651>] el0_svc+0x20/0x30
[<000000002fd4692a>] el0_sync_handler+0xb0/0xb4
[<000000000c309c35>] el0_sync+0x160/0x180
The root cause is descripted as follows:
__tracing_open() { // 1. File 'trace' is being opened;
...
*iter->trace = *tr->current_trace; // 2. Tracer 'function_graph' is
// currently set;
...
iter->trace->open(iter); // 3. Call graph_trace_open() here,
// and memory are allocated in it;
...
}
s_start() { // 4. The opened file is being read;
...
*iter->trace = *tr->current_trace; // 5. If tracer is switched to
// 'nop' or others, then memory
// in step 3 are leaked!!!
...
}
To fix it, in s_start(), close tracer before switching then reopen the
new tracer after switching. And some tracers like 'wakeup' may not update
'iter->private' in some cases when reopen, then it should be cleared
to avoid being mistakenly closed again.
Link: https://lore.kernel.org/linux-trace-kernel/20230817125539.1646321-1-zhengyejian1@huawei.com
Fixes:
|
||
Masami Hiramatsu (Google)
|
b66a1defb2 |
tracing/probes: Fix to update dynamic data counter if fetcharg uses it
[ Upstream commit e38e2c6a9efc435f9de344b7c91f7697e01b47d5 ]
Fix to update dynamic data counter ('dyndata') and max length ('maxlen')
only if the fetcharg uses the dynamic data. Also get out arg->dynamic
from unlikely(). This makes dynamic data address wrong if
process_fetch_insn() returns error on !arg->dynamic case.
Link: https://lore.kernel.org/all/168908494781.123124.8160245359962103684.stgit@devnote2/
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Link: https://lore.kernel.org/all/20230710233400.5aaf024e@gandalf.local.home/
Fixes:
|
||
|
Steven Rostedt (VMware)
|
bdc309d89b |
tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs
[ Upstream commit 8565a45d0858078b63c7d84074a21a42ba9ebf01 ] In preparation to allow event probes to use the process_fetch_insn() callback in trace_probe_tmpl.h, change the data passed to it from a pointer to pt_regs, as the event probe will not be using regs, and make it a void pointer instead. Update the process_fetch_insn() callers for kprobe and uprobe events to have the regs defined in the function and just typecast the void pointer parameter. Link: https://lkml.kernel.org/r/20210819041842.291622924@goodmis.org Acked-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Stable-dep-of: e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
279267442f |
This is the 5.4.253 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWBWgACgkQONu9yGCS
aT66Iw//TwAjMECCqJ84moMMA7/fC8QrRiBLWz24f6sVGqMb3vZCiQ91Z4zEZID6
qV06RRlk08aJqhhllWYE6mqZJZTfmGgjEWjM0OL/bHFgU3TtHC0mR5mCtoUzFTzD
bIZb6mj8egPDgAP55Sn0/Va0jR5Y4Mp2IFdbtu68J4jy/N4aDE1nTljQamMjhoiV
JuUVf5XZsZ+4k6kSF01TIaJCDLjij9aSBbNltC0BrfzVIEj19leBb7x4slu6VGIp
QGkPTySjRw1xRdBUTZ/uJzXqMIqBM0A0x9M9cd97vDNWrp6Qi9G6YeBh6D7X9x++
zy+Y1CusgH7M/nE/hOFPmgcqfJZfyf1Fa3fIa31+cMKIANg7G2dg+Gd4xxnL0FgA
BSR2oSC5rzUK8X2/nMaduwQNMPQr8Q0vX5+KRnJB964swBvbPLplC5+NpYf0RKHD
+bgkwN7Yxn2JqBWLkoGR9u6Mtyx0UclEVU0wKYAEwph3FLKlbiZjRPJdSa2p6gdd
UZiMgVyTSGOlpbM31fG52RyLoePFxc7vfR/jmyVaYMUPB5xjMi355Rzxcm8VgmIi
DArs/XUHeHeIyHRr6l6xlsx/2ihrENbO8ux9v07/jWMN/tzc5qEKZ1RmLRaaWwf7
3A+cTGMpRwznf3DxJoAFRiC6VhezJsa/BUHaTvSYki0OSxOJ/BM=
=Bk55
-----END PGP SIGNATURE-----
Merge 5.4.253 into android11-5.4-lts
Changes in 5.4.253
jbd2: fix incorrect code style
jbd2: fix kernel-doc markups
jbd2: remove redundant buffer io error checks
jbd2: recheck chechpointing non-dirty buffer
jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
btrfs: qgroup: catch reserved space leaks at unmount time
btrfs: fix race between quota disable and relocation
btrfs: fix extent buffer leak after tree mod log failure at split_node()
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
ext4: Fix reusing stale buffer heads from last failed mounting
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Avoid link retraining race
dlm: cleanup plock_op vs plock_xop
dlm: rearrange async condition return
fs: dlm: interrupt posix locks only when process is killed
ftrace: Add information on number of page groups allocated
ftrace: Check if pages were allocated before calling free_pages()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
pwm: meson: Remove redundant assignment to variable fin_freq
pwm: meson: Simplify duplicated per-channel tracking
pwm: meson: fix handling of period/duty if greater than UINT_MAX
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
scsi: qla2xxx: Array index may go out of bound
uapi: General notification queue definitions
keys: Fix linking a duplicate key to a keyring's assoc_array
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
vxlan: calculate correct header length for GPE
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
net/sched: mqprio: refactor nlattr parsing to a separate function
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
benet: fix return value check in be_lancer_xmit_workarounds()
RDMA/mlx4: Make check for invalid flags stricter
drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
drm/msm/adreno: Fix snapshot BINDLESS_DATA size
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
serial: 8250_dw: Preserve original value of DLF register
serial: sifive: Fix sifive_serial_console_setup() section
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: ohci-at91: Fix the unhandle interrupt when resume
USB: quirks: add quirk for Focusrite Scarlett
usb: xhci-mtk: set the dma max_seg_size
Revert "usb: xhci: tegra: Fix error check"
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
Documentation: security-bugs.rst: clarify CVE handling
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
btrfs: check for commit error at btrfs_attach_transaction_barrier()
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
virtio-net: fix race between set queues and probe
s390/dasd: fix hanging device after quiesce/resume
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ACPI: processor: perflib: Use the "no limit" frequency QoS
ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
cpufreq: intel_pstate: Drop ACPI _PSS states table patching
btrfs: qgroup: remove one-time use variables for quota_root checks
btrfs: qgroup: return ENOTCONN instead of EINVAL when quotas are not enabled
btrfs: fix race between quota disable and quota assign ioctls
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
arm64: Add AMPERE1 to the Spectre-BHB affected list
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
perf: Fix function pointer case
loop: Select I/O scheduler 'none' from inside add_disk()
word-at-a-time: use the same return type for has_zero regardless of endianness
KVM: s390: fix sthyi error handling
net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
perf test uprobe_from_different_cu: Skip if there is no gcc
net: sched: cls_u32: Fix match key mis-addressing
mISDN: hfcpci: Fix potential deadlock on &hc->lock
net: annotate data-races around sk->sk_max_pacing_rate
net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
net: add missing READ_ONCE(sk->sk_sndbuf) annotation
net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
driver core: add device probe log helper
net: ll_temac: Switch to use dev_err_probe() helper
net: ll_temac: fix error checking of irq_of_parse_and_map()
net: dcb: choose correct policy to parse DCB_ATTR_BCN
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
scsi: zfcp: Defer fc_rport blocking until after ADISC response
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
mtd: spinand: toshiba: Fix ecc_get_status
mtd: rawnand: meson: fix OOB available bytes for ECC
net: tun_chr_open(): set sk_uid from current_fsuid()
net: tap_open(): set sk_uid from current_fsuid()
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
fs: Protect reconfiguration of sb read-write from racing writes
ext2: Drop fragment support
test_firmware: prevent race conditions by a correct implementation of locking
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
mtd: rawnand: omap_elm: Fix incorrect type in assignment
powerpc/mm/altmap: Fix altmap boundary check
selftests/rseq: check if libc rseq support is registered
selftests/rseq: Play nice with binaries statically linked against glibc 2.35+
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
PM: sleep: wakeirq: fix wake irq arming
ceph: show tasks waiting on caps in debugfs caps file
ceph: use kill_anon_super helper
ceph: defer stopping mdsc delayed_work
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
ARM: dts: imx6sll: Make ssi node name same as other platforms
ARM: dts: imx: Align L2 cache-controller nodename with dtschema
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: fixup of operating points
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
driver core: Annotate dev_err_probe() with __must_check
driver code: print symbolic error code
drivers: core: fix kernel-doc markup for dev_err_probe()
Revert "driver core: Annotate dev_err_probe() with __must_check"
Linux 5.4.253
Change-Id: I9c8d2b7250a3bcd3cb368c9d9e362a82c2fa5159
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Zheng Yejian
|
cdcc35e645 |
tracing: Fix warning in trace_buffered_event_disable()
[ Upstream commit dea499781a1150d285c62b26659f62fb00824fce ]
Warning happened in trace_buffered_event_disable() at
WARN_ON_ONCE(!trace_buffered_event_ref)
Call Trace:
? __warn+0xa5/0x1b0
? trace_buffered_event_disable+0x189/0x1b0
__ftrace_event_enable_disable+0x19e/0x3e0
free_probe_data+0x3b/0xa0
unregister_ftrace_function_probe_func+0x6b8/0x800
event_enable_func+0x2f0/0x3d0
ftrace_process_regex.isra.0+0x12d/0x1b0
ftrace_filter_write+0xe6/0x140
vfs_write+0x1c9/0x6f0
[...]
The cause of the warning is in __ftrace_event_enable_disable(),
trace_buffered_event_enable() was called once while
trace_buffered_event_disable() was called twice.
Reproduction script show as below, for analysis, see the comments:
```
#!/bin/bash
cd /sys/kernel/tracing/
# 1. Register a 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was set;
# 2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
# 2. Enable the event registered, then:
# 1) SOFT_DISABLED_BIT was cleared;
# 2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable
# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
# set again!!!
cat /proc/cmdline
# 4. Unregister the 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was cleared again;
# 2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
```
To fix it, IIUC, we can change to call trace_buffered_event_enable() at
fist time soft-mode enabled, and call trace_buffered_event_disable() at
last time soft-mode disabled.
Link: https://lore.kernel.org/linux-trace-kernel/20230726095804.920457-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Fixes:
|
||
|
Zheng Yejian
|
d7b2027924 |
ring-buffer: Fix wrong stat of cpu_buffer->read
[ Upstream commit 2d093282b0d4357373497f65db6a05eb0c28b7c8 ]
When pages are removed in rb_remove_pages(), 'cpu_buffer->read' is set
to 0 in order to make sure any read iterators reset themselves. However,
this will mess 'entries' stating, see following steps:
# cd /sys/kernel/tracing/
# 1. Enlarge ring buffer prepare for later reducing:
# echo 20 > per_cpu/cpu0/buffer_size_kb
# 2. Write a log into ring buffer of cpu0:
# taskset -c 0 echo "hello1" > trace_marker
# 3. Read the log:
# cat per_cpu/cpu0/trace_pipe
<...>-332 [000] ..... 62.406844: tracing_mark_write: hello1
# 4. Stop reading and see the stats, now 0 entries, and 1 event readed:
# cat per_cpu/cpu0/stats
entries: 0
[...]
read events: 1
# 5. Reduce the ring buffer
# echo 7 > per_cpu/cpu0/buffer_size_kb
# 6. Now entries became unexpected 1 because actually no entries!!!
# cat per_cpu/cpu0/stats
entries: 1
[...]
read events: 0
To fix it, introduce 'page_removed' field to count total removed pages
since last reset, then use it to let read iterators reset themselves
instead of changing the 'read' pointer.
Link: https://lore.kernel.org/linux-trace-kernel/20230724054040.3489499-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <vnagarnaik@google.com>
Fixes:
|
||
|
Zheng Yejian
|
680e1455b8 |
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
[ Upstream commit 26efd79c4624294e553aeaa3439c646729bad084 ] As comments in ftrace_process_locs(), there may be NULL pointers in mcount_loc section: > Some architecture linkers will pad between > the different mcount_loc sections of different > object files to satisfy alignments. > Skip any NULL pointers. After commit |
||
Linus Torvalds
|
05ff1d355e |
ftrace: Store the order of pages allocated in ftrace_page
[ Upstream commit db42523b4f3e83ff86b53cdda219a9767c8b047f ] Instead of saving the size of the records field of the ftrace_page, store the order it uses to allocate the pages, as that is what is needed to know in order to free the pages. This simplifies the code. Link: https://lore.kernel.org/lkml/CAHk-=whyMxheOqXAORt9a7JK9gc9eHTgCJ55Pgs4p=X3RrQubQ@mail.gmail.com/ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [ change log written by Steven Rostedt ] Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (VMware)
|
e3098e52bf |
ftrace: Check if pages were allocated before calling free_pages()
[ Upstream commit 59300b36f85f254260c81d9dd09195fa49eb0f98 ] It is possible that on error pg->size can be zero when getting its order, which would return a -1 value. It is dangerous to pass in an order of -1 to free_pages(). Check if order is greater than or equal to zero before calling free_pages(). Link: https://lore.kernel.org/lkml/20210330093916.432697c7@gandalf.local.home/ Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (VMware)
|
aad84a9788 |
ftrace: Add information on number of page groups allocated
[ Upstream commit da537f0aef1372c5204356a7df06be8769467b7b ]
Looking for ways to shrink the size of the dyn_ftrace structure, knowing the
information about how many pages and the number of groups of those pages, is
useful in working out the best ways to save on memory.
This adds one info print on how many groups of pages were used to allocate
the ftrace dyn_ftrace structures, and also shows the number of pages and
groups in the dyn_ftrace_total_info (which is used for debugging).
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
34df0a4c54 |
This is the 5.4.251 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTCEMUACgkQONu9yGCS
aT52vhAAr5fuA8n3nANC/iWrnV+tR7PS9+ncqxloumGgIPnFijlCpB7DBoK7KAPw
cs83aMisxfvWkSPuQebqY2xO2dUX03DiySCNta0W81Iw2ndASLnA/OXYn+ZOXMbW
xKYA37d5EmQ+JWIhh3+Gnxjb3Tui6vVEJAgqkC+4FD/sB60VwuGNIKirkYT58402
NlYExg0Wcgye8Qc50JXH96Dy6opvX84qGnnmz3slfKk7Jykifqh3jm1bSIQrngWs
mUb8cXOkQgMrAWz8IJ4FgHisA0X3B3SklaiEO0ClPWw4nwC9PtpnAxZRxIVf2LDC
eXj0fsJcP6So2b2vDnmfn2V+1bM8jQFuyv6eqhxW6sz4uiQQuZ3GAqdw0UhhfUmL
ExzlCWTzdy2ZP4oN440JvxnYDItCsK263G+6l+LH3owWEbwHYmUh2uZoiC31rIEk
pzXpZYzpFpGweTGtKx0+mW90i8l0lyQojN4pJMUrHgjp7u+bQIY0BkFUTClMH59E
TsArErG8YOUh3cb+JkiTuJfgpv/D1kW//p3t2uJEsZPUHjN9BDsn0rsMftLYZI1C
IKXpi69yYjbSmYAz6gRzi7AmlxRxqM4BEdOOyqHMylyyK5K0EneXqpA1UMT+Fuel
5KXXVWjPu+C0I5x4MLnbBckJQHVsKY/sUE94ba4OFsTMbCJeNZ8=
=Vm2g
-----END PGP SIGNATURE-----
Merge 5.4.251 into android11-5.4-lts
Changes in 5.4.251
gfs2: Don't deref jdesc in evict
x86/smp: Use dedicated cache-line for mwait_play_dead()
video: imsttfb: check for ioremap() failures
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
HID: wacom: Use ktime_t rather than int when dealing with timestamps
drm/i915: Initialise outparam for error return from wait_for_register
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
bgmac: fix *initial* chip reset to support BCM5358
x86/resctrl: Use is_closid_match() in more places
x86/resctrl: Only show tasks' pid in current pid namespace
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
md/raid10: fix io loss while replacement replace rdev
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
ARM: 9303/1: kprobes: avoid missing-declaration warnings
evm: Complete description of evm_inode_setattr()
pstore/ram: Add check for kstrdup
ima: Fix build warnings
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
samples/bpf: Fix buffer overflow in tcp_basertt
spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
nfc: constify several pointers to u8, char and sk_buff
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
regulator: core: Fix more error checking for debugfs_create_dir()
regulator: core: Streamline debugfs operations
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wl3501_cs: Fix a bunch of formatting issues related to function docs
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix misspelling and provide missing documentation
net: create netdev->dev_addr assignment helpers
wl3501_cs: use eth_hw_addr_set()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
wifi: iwlwifi: pull from TXQs with softirqs disabled
wifi: cfg80211: rewrite merging of inherited elements
wifi: ath9k: convert msecs to jiffies where needed
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
selftests: rtnetlink: remove netdevsim device after ipsec offload test
gtp: Fix use-after-free in __gtp_encap_destroy().
nfc: llcp: simplify llcp_sock_connect() error paths
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
lib/ts_bm: reset initial match offset for every block of text
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
Input: drv260x - sleep between polling GO bit
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: adxl34x - do not hardcode interrupt trigger type
drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
RDMA/bnxt_re: Fix to remove an unnecessary log
ARM: dts: gta04: Move model property out of pinctrl node
arm64: dts: qcom: msm8916: correct camss unit address
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
memory: brcmstb_dpfe: fix testing array offset after use
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ASoC: es8316: Do not set rate constraints for unsupported MCLKs
soc/fsl/qe: fix usb.c build errors
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
drm/amdkfd: Fix potential deallocation of previously deallocated memory.
drm/radeon: fix possible division-by-zero errors
clk: tegra: tegra124-emc: Fix potential memory leak
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
clk: cdce925: check return value of kasprintf()
clk: keystone: sci-clk: check return value of kasprintf()
ASoC: imx-audmix: check return value of devm_kasprintf()
scsi: qedf: Fix NULL dereference in error handling
PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: pciehp: Cancel bringup sequence if card is not present
PCI: ftpci100: Release the clock resources
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
pinctrl: cherryview: Return correct value if pin in push-pull mode
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
hwrng: virtio - add an internal buffer
hwrng: virtio - don't wait on cleanup
hwrng: virtio - don't waste entropy
hwrng: virtio - always add a pending request
hwrng: virtio - Fix race on data_avail and actual data
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
crypto: marvell/cesa - Fix type mismatch warning
modpost: fix off by one in is_executable_section()
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
hwrng: st - Fix W=1 unused variable warning
hwrng: st - keep clock enabled while hwrng is registered
USB: serial: option: add LARA-R6 01B PIDs
usb: dwc3: gadget: Propagate core init errors to UDC during pullup
block: fix signed int overflow in Amiga partition support
block: change all __u32 annotations to __be32 in affs_hardblocks.h
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
usb: dwc3: qcom: Fix potential memory leak
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
usb: hide unused usbfs_notify_suspend/resume functions
mfd: rt5033: Drop rt5033-battery sub-device
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
mfd: intel-lpss: Add missing check for platform_get_resource
serial: 8250_omap: Use force_suspend and resume for system suspend
mfd: stmfx: Fix error path in stmfx_chip_init
KVM: s390: vsie: fix the length of APCB bitmap
mfd: stmpe: Only disable the regulators if they are enabled
pwm: imx-tpm: force 'real_period' to be zero in suspend
pwm: sysfs: Do not apply state to already disabled PWMs
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
xsk: Improve documentation for AF_XDP
xsk: Honor SO_BINDTODEVICE on bind
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
net: dsa: tag_sja1105: fix MAC DA patching from meta frames
sh: dma: Fix DMA channel offset calculation
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Don't try to handle more interrupt events after error
ALSA: jack: Fix mutex call in snd_jack_report()
NFSD: add encoding of op_recall flag for write delegation
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
bcache: Remove unnecessary NULL point check in node allocations
integrity: Fix possible multiple allocation in integrity_inode_get()
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
fs: avoid empty option when generating legacy mount string
ext4: Remove ext4 locking of moved directory
Revert "f2fs: fix potential corruption when moving a directory"
fs: Establish locking order for unrelated directories
fs: Lock moved directories
btrfs: fix race when deleting quota root from the dirty cow roots list
ARM: orion5x: fix d2net gpio initialization
fs: no need to check source
fanotify: disallow mount/sb marks on kernel internal pseudo fs
block: add overflow checks for Amiga partition support
netfilter: nf_tables: fix nat hook table deletion
netfilter: nftables: add helper function to set the base sequence number
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
block/partition: fix signedness issue for Amiga partitions
net: lan743x: Don't sleep in atomic context
workqueue: clean up WORK_* constant types, clarify masking
drm/panel: Initialise panel dev and funcs through drm_panel_init()
drm/panel: Add and fill drm_panel type field
drm/panel: simple: Add connector_type for innolux_at043tn24
igc: Remove delay during TX ring configuration
igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings
scsi: qla2xxx: Fix error code in qla2x00_start_sp()
net: mvneta: fix txq_map in case of txq_number==1
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
ionic: improve irq numa locality
ionic: clean irq affinity on queue deinit
ionic: move irq request to qcq alloc
ionic: ionic_intr_free parameter change
ionic: remove WARN_ON to prevent panic_on_warn
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
NTB: ntb_tool: Add check for devm_kcalloc
ipv6/addrconf: fix a potential refcount underflow for idev
platform/x86: wmi: Replace UUID redefinitions by their originals
platform/x86: wmi: Fix indentation in some cases
platform/x86: wmi: remove unnecessary argument
platform/x86: wmi: use guid_t and guid_equal()
platform/x86: wmi: move variables
platform/x86: wmi: Break possible infinite loop when parsing GUID
erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
wifi: airo: avoid uninitialized warning in airo_get_rate()
cls_flower: Add extack support for src and dst port range options
net/sched: flower: Ensure both minimum and maximum ports are specified
net/sched: make psched_mtu() RTNL-less safe
pinctrl: amd: Fix mistake in handling clearing pins at startup
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Only use special debounce behavior for GPIO 0
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
mtd: rawnand: meson: fix unaligned DMA buffers handling
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
powerpc: Fail build if using recordmcount with binutils v2.37
misc: fastrpc: Create fastrpc scalar with correct buffer count
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
erofs: fix compact 4B support for 16k block size
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Set address alignment for endpoint mode
misc: pci_endpoint_test: Free IRQs before removing the device
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
drm/atomic: Allow vblank-enabled + self-refresh "disable"
drm/rockchip: vop: Leave vblank enabled in self-refresh
serial: atmel: don't enable IRQs prematurely
firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
hwrng: imx-rngc - fix the timeout for init and self check
ceph: don't let check_caps skip sending responses for revoke msgs
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tracing/histograms: Add histograms to hist_vars if they have referenced variables
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
tracing: Fix null pointer dereference in tracing_err_log_open()
tracing/probes: Fix not to count error code to total length
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Correct the index of array
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
drm/atomic: Fix potential use-after-free in nonblocking commits
perf probe: Add test for regression introduced by switch to die_get_decl_file()
btrfs: fix warning when putting transaction with qgroups enabled after abort
fuse: revalidate: don't invalidate if interrupted
selftests: tc: set timeout to 15 minutes
can: bcm: Fix UAF in bcm_proc_show()
drm/client: Fix memory leak in drm_client_target_cloned
drm/client: Fix memory leak in drm_client_modeset_probe
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
arm64: mm: fix VA-range sanity check
sched/fair: Don't balance task to its current running CPU
bpf: Address KCSAN report on bpf_lru_list
devlink: report devlink_port_type_warn source device
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
wifi: iwlwifi: mvm: avoid baid size integer overflow
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
iavf: Fix use-after-free in free_netdev
net:ipv6: check return value of pskb_trim()
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
netfilter: nf_tables: can't schedule in nft_chain_validate
tcp: annotate data-races around tp->tcp_tx_delay
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
tcp: annotate data-races around tp->linger2
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around fastopenq.max_qlen
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
Linux 5.4.251
Change-Id: I0b8e1ac44b19c6c2c4f5f055395b3cbf6aecbbee
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Mohamed Khalfella
|
1e02fbe4f0 |
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
commit 4b8b3905165ef98386a3c06f196c85d21292d029 upstream.
Commit 6018b585e8c6 ("tracing/histograms: Add histograms to hist_vars if
they have referenced variables") added a check to fail histogram creation
if save_hist_vars() failed to add histogram to hist_vars list. But the
commit failed to set ret to failed return code before jumping to
unregister histogram, fix it.
Link: https://lore.kernel.org/linux-trace-kernel/20230714203341.51396-1-mkhalfella@purestorage.com
Cc: stable@vger.kernel.org
Fixes: 6018b585e8c6 ("tracing/histograms: Add histograms to hist_vars if they have referenced variables")
Signed-off-by: Mohamed Khalfella <mkhalfella@purestorage.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Masami Hiramatsu (Google)
|
056fd18207 |
tracing/probes: Fix not to count error code to total length
commit b41326b5e0f82e93592c4366359917b5d67b529f upstream.
Fix not to count the error code (which is minus value) to the total
used length of array, because it can mess up the return code of
process_fetch_insn_bottom(). Also clear the 'ret' value because it
will be used for calculating next data_loc entry.
Link: https://lore.kernel.org/all/168908493827.123124.2175257289106364229.stgit@devnote2/
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/8819b154-2ba1-43c3-98a2-cbde20892023@moroto.mountain/
Fixes:
|
||
Mateusz Stachyra
|
93114cbc7c |
tracing: Fix null pointer dereference in tracing_err_log_open()
commit 02b0095e2fbbc060560c1065f86a211d91e27b26 upstream.
Fix an issue in function 'tracing_err_log_open'.
The function doesn't call 'seq_open' if the file is opened only with
write permissions, which results in 'file->private_data' being left as null.
If we then use 'lseek' on that opened file, 'seq_lseek' dereferences
'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic.
Writing to this node requires root privileges, therefore this bug
has very little security impact.
Tracefs node: /sys/kernel/tracing/error_log
Example Kernel panic:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038
Call trace:
mutex_lock+0x30/0x110
seq_lseek+0x34/0xb8
__arm64_sys_lseek+0x6c/0xb8
invoke_syscall+0x58/0x13c
el0_svc_common+0xc4/0x10c
do_el0_svc+0x24/0x98
el0_svc+0x24/0x88
el0t_64_sync_handler+0x84/0xe4
el0t_64_sync+0x1b4/0x1b8
Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02)
---[ end trace 561d1b49c12cf8a5 ]---
Kernel panic - not syncing: Oops: Fatal exception
Link: https://lore.kernel.org/linux-trace-kernel/20230703155237eucms1p4dfb6a19caa14c79eb6c823d127b39024@eucms1p4
Link: https://lore.kernel.org/linux-trace-kernel/20230704102706eucms1p30d7ecdcc287f46ad67679fc8491b2e0f@eucms1p3
Cc: stable@vger.kernel.org
Fixes:
|