[ Upstream commit 289d3b21fb0bfc94c4e98f10635bba1824e5f83c ]
While reading sysctl_ip_nonlocal_bind, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 60c158dc7b1f0558f6cadd5b50d0386da0000d50 ]
While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.
Fixes: f87c10a8aa ("ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0968d2a441bf6afb551fd99e60fa65ed67068963 ]
While reading sysctl_ip_no_pmtu_disc, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its readers.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7c1ddcee5311f3315096217881d2dbe47cc683f9 ]
The initially merged version of the igc driver code (via commit
146740f9ab, "igc: Add support for PF") contained the following
IGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:
u32 igc_rd32(struct igc_hw *hw, u32 reg)
{
u8 __iomem *hw_addr = READ_ONCE(hw->hw_addr);
u32 value = 0;
if (IGC_REMOVED(hw_addr))
return ~value;
value = readl(&hw_addr[reg]);
/* reads should not return all F's */
if (!(~value) && (!reg || !(~readl(hw_addr))))
hw->hw_addr = NULL;
return value;
}
And:
#define wr32(reg, val) \
do { \
u8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \
if (!IGC_REMOVED(hw_addr)) \
writel((val), &hw_addr[(reg)]); \
} while (0)
E.g. igb has similar checks in its MMIO accessors, and has a similar
macro E1000_REMOVED, which is implemented as follows:
#define E1000_REMOVED(h) unlikely(!(h))
These checks serve to detect and take note of an 0xffffffff MMIO read
return from the device, which can be caused by a PCIe link flap or some
other kind of PCI bus error, and to avoid performing MMIO reads and
writes from that point onwards.
However, the IGC_REMOVED macro was not originally implemented:
#ifndef IGC_REMOVED
#define IGC_REMOVED(a) (0)
#endif /* IGC_REMOVED */
This led to the IGC_REMOVED logic to be removed entirely in a
subsequent commit (commit 3c215fb18e70, "igc: remove IGC_REMOVED
function"), with the rationale that such checks matter only for
virtualization and that igc does not support virtualization -- but a
PCIe device can become detached even without virtualization being in
use, and without proper checks, a PCIe bus error affecting an igc
adapter will lead to various NULL pointer dereferences, as the first
access after the error will set hw->hw_addr to NULL, and subsequent
accesses will blindly dereference this now-NULL pointer.
This patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and
implements IGC_REMOVED the way it is done for igb, by checking for the
unlikely() case of hw_addr being NULL. This change prevents the oopses
seen when a PCIe link flap occurs on an igc adapter.
Fixes: 146740f9ab ("igc: Add support for PF")
Signed-off-by: Lennert Buytenhek <buytenh@arista.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Acked-by: Sasha Neftin <sasha.neftin@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 68e3c69803dada336893640110cb87221bb01dcf ]
Yang Jihing reported a race between perf_event_set_output() and
perf_mmap_close():
CPU1 CPU2
perf_mmap_close(e2)
if (atomic_dec_and_test(&e2->rb->mmap_count)) // 1 - > 0
detach_rest = true
ioctl(e1, IOC_SET_OUTPUT, e2)
perf_event_set_output(e1, e2)
...
list_for_each_entry_rcu(e, &e2->rb->event_list, rb_entry)
ring_buffer_attach(e, NULL);
// e1 isn't yet added and
// therefore not detached
ring_buffer_attach(e1, e2->rb)
list_add_rcu(&e1->rb_entry,
&e2->rb->event_list)
After this; e1 is attached to an unmapped rb and a subsequent
perf_mmap() will loop forever more:
again:
mutex_lock(&e->mmap_mutex);
if (event->rb) {
...
if (!atomic_inc_not_zero(&e->rb->mmap_count)) {
...
mutex_unlock(&e->mmap_mutex);
goto again;
}
}
The loop in perf_mmap_close() holds e2->mmap_mutex, while the attach
in perf_event_set_output() holds e1->mmap_mutex. As such there is no
serialization to avoid this race.
Change perf_event_set_output() to take both e1->mmap_mutex and
e2->mmap_mutex to alleviate that problem. Additionally, have the loop
in perf_mmap() detach the rb directly, this avoids having to wait for
the concurrent perf_mmap_close() to get around to doing it to make
progress.
Fixes: 9bb5d40cd9 ("perf: Fix mmap() accounting hole")
Reported-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Yang Jihong <yangjihong1@huawei.com>
Link: https://lkml.kernel.org/r/YsQ3jm2GR38SW7uD@worktop.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c3b821e8e406d5650e587b7ac624ac24e9b780a8 ]
Because of the possible failure of the allocation, data->domains might
be NULL pointer and will cause the dereference of the NULL pointer
later.
Therefore, it might be better to check it and directly return -ENOMEM
without releasing data manually if fails, because the comment of the
devm_kmalloc() says "Memory allocated with this function is
automatically freed on driver detach.".
Fixes: a86854d0c5 ("treewide: devm_kzalloc() -> devm_kcalloc()")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: William Dean <williamsukatube@gmail.com>
Link: https://lore.kernel.org/r/20220710154922.2610876-1-williamsukatube@163.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 80192eff64eee9b3bc0594a47381937b94b9d65a ]
of_find_matching_node_and_match() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 0e545f57b7 ("power: reset: driver for the Versatile syscon reboot")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f85daf0e725358be78dfd208dea5fd665d8cb901 ]
xfrm_policy_lookup() will call xfrm_pol_hold_rcu() to get a refcount of
pols[0]. This refcount can be dropped in xfrm_expand_policies() when
xfrm_expand_policies() return error. pols[0]'s refcount is balanced in
here. But xfrm_bundle_lookup() will also call xfrm_pols_put() with
num_pols == 1 to drop this refcount when xfrm_expand_policies() return
error.
This patch also fix an illegal address access. pols[0] will save a error
point when xfrm_policy_lookup fails. This lead to xfrm_pols_put to resolve
an illegal address in xfrm_bundle_lookup's error path.
Fix these by setting num_pols = 0 in xfrm_expand_policies()'s error path.
Fixes: 80c802f307 ("xfrm: cache bundles instead of policies for outgoing flows")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4f532c1e25319e42996ec18a1f473fd50c8e575d upstream.
Functions tty_termios_encode_baud_rate() and uart_update_timeout() should
be called with the baudrate value which was set to hardware. Linux then
report exact values via ioctl(TCGETS2) to userspace.
Change mvebu_uart_baud_rate_set() function to return baudrate value which
was set to hardware and propagate this value to above mentioned functions.
With this change userspace would see precise value in termios c_ospeed
field.
Fixes: 68a0db1d7d ("serial: mvebu-uart: add function to change baudrate")
Cc: stable <stable@kernel.org>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20220628100922.10717-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a2bad844a67b1c7740bda63e87453baf63c3a7f7 upstream.
According to Dexuan, the hypervisor folks beleive that multi-msi
allocations are not correct. compose_msi_msg() will allocate multi-msi
one by one. However, multi-msi is a block of related MSIs, with alignment
requirements. In order for the hypervisor to allocate properly aligned
and consecutive entries in the IOMMU Interrupt Remapping Table, there
should be a single mapping request that requests all of the multi-msi
vectors in one shot.
Dexuan suggests detecting the multi-msi case and composing a single
request related to the first MSI. Then for the other MSIs in the same
block, use the cached information. This appears to be viable, so do it.
5.4 backport - add hv_msi_get_int_vector helper function. Fixed merge
conflict due to delivery_mode name change (APIC_DELIVERY_MODE_FIXED
is the value given to dest_Fixed). Removed unused variable in
hv_compose_msi_msg. Fixed reference to msi_desc->pci to point to
the same is_msix variable. Removed changes to compose_msi_req_v3 since
it doesn't exist yet.
Suggested-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Tested-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1652282599-21643-1-git-send-email-quic_jhugo@quicinc.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b4b77778ecc5bfbd4e77de1b2fd5c1dd3c655f1f upstream.
Currently if compose_msi_msg() is called multiple times, it will free any
previous IRTE allocation, and generate a new allocation. While nothing
prevents this from occurring, it is extraneous when Linux could just reuse
the existing allocation and avoid a bunch of overhead.
However, when future IRTE allocations operate on blocks of MSIs instead of
a single line, freeing the allocation will impact all of the lines. This
could cause an issue where an allocation of N MSIs occurs, then some of
the lines are retargeted, and finally the allocation is freed/reallocated.
The freeing of the allocation removes all of the configuration for the
entire block, which requires all the lines to be retargeted, which might
not happen since some lines might already be unmasked/active.
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Tested-by: Dexuan Cui <decui@microsoft.com>
Tested-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1652282582-21595-1-git-send-email-quic_jhugo@quicinc.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 455880dfe292a2bdd3b4ad6a107299fce610e64b upstream.
In the multi-MSI case, hv_arch_irq_unmask() will only operate on the first
MSI of the N allocated. This is because only the first msi_desc is cached
and it is shared by all the MSIs of the multi-MSI block. This means that
hv_arch_irq_unmask() gets the correct address, but the wrong data (always
0).
This can break MSIs.
Lets assume MSI0 is vector 34 on CPU0, and MSI1 is vector 33 on CPU0.
hv_arch_irq_unmask() is called on MSI0. It uses a hypercall to configure
the MSI address and data (0) to vector 34 of CPU0. This is correct. Then
hv_arch_irq_unmask is called on MSI1. It uses another hypercall to
configure the MSI address and data (0) to vector 33 of CPU0. This is
wrong, and results in both MSI0 and MSI1 being routed to vector 33. Linux
will observe extra instances of MSI1 and no instances of MSI0 despite the
endpoint device behaving correctly.
For the multi-MSI case, we need unique address and data info for each MSI,
but the cached msi_desc does not provide that. However, that information
can be gotten from the int_desc cached in the chip_data by
compose_msi_msg(). Fix the multi-MSI case to use that cached information
instead. Since hv_set_msi_entry_from_desc() is no longer applicable,
remove it.
5.4 backport - hv_set_msi_entry_from_desc doesn't exist to be removed.
msi_desc replaces msi_entry for location int_desc is written to.
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1651068453-29588-1-git-send-email-quic_jhugo@quicinc.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 08e61e861a0e47e5e1a3fb78406afd6b0cea6b6d upstream.
If the allocation of multiple MSI vectors for multi-MSI fails in the core
PCI framework, the framework will retry the allocation as a single MSI
vector, assuming that meets the min_vecs specified by the requesting
driver.
Hyper-V advertises that multi-MSI is supported, but reuses the VECTOR
domain to implement that for x86. The VECTOR domain does not support
multi-MSI, so the alloc will always fail and fallback to a single MSI
allocation.
In short, Hyper-V advertises a capability it does not implement.
Hyper-V can support multi-MSI because it coordinates with the hypervisor
to map the MSIs in the IOMMU's interrupt remapper, which is something the
VECTOR domain does not have. Therefore the fix is simple - copy what the
x86 IOMMU drivers (AMD/Intel-IR) do by removing
X86_IRQ_ALLOC_CONTIGUOUS_VECTORS after calling the VECTOR domain's
pci_msi_prepare().
5.4 backport - adds the hv_msi_prepare wrapper function.
X86_IRQ_ALLOC_TYPE_PCI_MSI changed to X86_IRQ_ALLOC_TYPE_MSI
(same value).
Fixes: 4daace0d8c ("PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Link: https://lore.kernel.org/r/1649856981-14649-1-git-send-email-quic_jhugo@quicinc.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 166d3863231667c4f64dee72b77d1102cdfad11f upstream.
The error paths of gntdev_mmap() can call unmap_grant_pages() even
though not all of the pages have been successfully mapped. This will
trigger the WARN_ON()s in __unmap_grant_pages_done(). The number of
warnings can be very large; I have observed thousands of lines of
warnings in the systemd journal.
Avoid this problem by only warning on unmapping failure if the handle
being unmapped is not INVALID_GRANT_HANDLE. The handle field of any
page that was not successfully mapped will be INVALID_GRANT_HANDLE, so
this catches all cases where unmapping can legitimately fail.
Fixes: dbe97cff7dd9 ("xen/gntdev: Avoid blocking in unmap_grant_pages()")
Cc: stable@vger.kernel.org
Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220710230522.1563-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 543ce63b664e2c2f9533d089a4664b559c3e6b5b upstream.
The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
This LSM may also be used on machines without UEFI. It can also be
enabled when UEFI Secure Boot is disabled. One of lockdown's features
is to prevent kexec from loading untrusted kernels. Lockdown can be
enabled through a bootparam or after the kernel has booted through
securityfs.
If IMA appraisal is used with the "ima_appraise=log" boot param,
lockdown can be defeated with kexec on any machine when Secure Boot is
disabled or unavailable. IMA prevents setting "ima_appraise=log" from
the boot param when Secure Boot is enabled, but this does not cover
cases where lockdown is used without Secure Boot.
To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
the kernel command line; then:
$ echo "integrity" > /sys/kernel/security/lockdown
$ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
/sys/kernel/security/ima/policy
$ kexec -ls unsigned-kernel
Add a call to verify ima appraisal is set to "enforce" whenever lockdown
is enabled. This fixes CVE-2022-21505.
Cc: stable@vger.kernel.org
Fixes: 29d3c1c8df ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e5ec6a2513383fe2ecc2ee3b5f51d97acbbcd4d8 upstream.
mlxsw needs to distinguish nexthops with a gateway from connected
nexthops in order to write the former to the adjacency table of the
device. The check used to rely on the fact that nexthops with a gateway
have a 'link' scope whereas connected nexthops have a 'host' scope. This
is no longer correct after commit 747c14307214 ("ip: fix dflt addr
selection for connected nexthop").
Fix that by instead checking the address family of the gateway IP. This
is a more direct way and also consistent with the IPv6 counterpart in
mlxsw_sp_rt6_is_gateway().
Cc: stable@vger.kernel.org
Fixes: 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
Fixes: 597cfe4fc3 ("nexthop: Add support for IPv4 nexthops")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c1f6eff304e4dfa4558b6a8c6b2d26a91db6c998 upstream.
When trying to load modules built for RISC-V which include assembly files
the kernel loader errors with "unexpected relocation type 'R_RISCV_ALIGN'"
due to R_RISCV_ALIGN relocations being generated by the assembler.
The R_RISCV_ALIGN relocations can be removed at the expense of code space
by adding -mno-relax to gcc and as. In commit 7a8e7da422
("RISC-V: Fixes to module loading") -mno-relax is added to the build
variable KBUILD_CFLAGS_MODULE. See [1] for more info.
The issue is that when kbuild builds a .S file, it invokes gcc with
the -mno-relax flag, but this is not being passed through to the
assembler. Adding -Wa,-mno-relax to KBUILD_AFLAGS_MODULE ensures that
the assembler is invoked correctly. This may have now been fixed in
gcc[2] and this addition should not stop newer gcc and as from working.
[1] https://github.com/riscv/riscv-elf-psabi-doc/issues/183
[2] 3b0a7d624e
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Link: https://lore.kernel.org/r/20220529152200.609809-1-ben.dooks@codethink.co.uk
Fixes: ab1ef68e54 ("RISC-V: Add sections of PLT and GOT for kernel module")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a1d4ef1adf8bbd302067534ead671a94759687ed upstream.
To act as an interrupt controller, a gpio bank relies on the
"interrupt-parent" of the pin controller.
When this optional "interrupt-parent" misses, do not create any IRQ domain.
This fixes a "NULL pointer in stm32_gpio_domain_alloc()" kernel crash when
the interrupt-parent = <exti> property is not declared in the Device Tree.
Fixes: 0eb9f68333 ("pinctrl: Add IRQ support to STM32 gpios")
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Link: https://lore.kernel.org/r/20220627142350.742973-1-fabien.dessenne@foss.st.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When size of user client buffer is smaller than the size of data read,
client calls the mhi_uci_client_read API for the second time with the
remaining bytes of data to be copied. In this, data is already read
from host but copying to client buffer is pending. With the current
logic device waits for read_wq and then eventually exits as there is
no data to read from host. This is causing a delay in the transfer
completion in the case where user client buffer is less than data read
from host.
To avoid this delay, entering the loop to read data from host only if
it is a new transfer. For old transfers, as read from host is already
done, waiting for read_wq is avoided with this change.
Change-Id: I75b6f6e3673cf5c05693579acaddf189b5478926
Signed-off-by: Sai Chaitanya Kaveti <quic_skaveti@quicinc.com>
This change adds a NULL pointer check for i2c rx callback function.
In some corner case and rare scenario, it may happen that delayed
callback from GSI for any unexpected sequence can result into accessing
stale message pointer which can be NULL.
Actual root cause should be found but this adds a protection check.
Change-Id: Iab2196812289026674ee3b26d27c4f20a01bbda2
Signed-off-by: Mukesh Kumar Savaliya <quic_msavaliy@quicinc.com>
Currently inside the function sch_gen_timing_advert_frame, the variable
type used to hold the return value of populate_dot11f_timing_advert_frame,
is incorrect. So, fix it with correct variable type.
Change-Id: I592c1b3c291b4c9dce2cbe731021cf512cb598f2
CRs-Fixed: 3243257
Added the support for disabling the PCIe halt write and read feature.
By default PCIe halt write/read feature is enabled and through
device tree flag, PCIe halt Wr/Rd feature can be disabled.
In some targets reported throughput degradation due to PCIe latencies with
PCIe halt write/read feature. So, provided the support to enable and
disable PCIe halt feature.
Change-Id: I83813571bedd0a0399f4ab473e6ddfbb975c8fe4
Signed-off-by: Jyothi Kumar Seerapu <quic_jseerapu@quicinc.com>
Currently the state control param thread is unblocked 1st and then
the psoc transition is completed, there could be a chance that SSR
thread got scheduled out and wifi thread tried to comeup and issue
interface up which could fail because psoc transition is till in
progress.
So, unblock the wifi thread waiting on state control param after
stopping the psoc transition at the end of SSR.
Change-Id: I4631fb9aae6a5416ba70b24fe3c053528bd3b7d9
CRs-Fixed: 3066968
Add regulatory notify event when wifi ON by GUI.
In new framework test, When turning on Wi-Fi, it is
expecting driver to indicate NL80211_CMD_[WIPHY]_ REG_CHANGE
event with country code to wificond.
Change-Id: Icb0bdec097db14905de6234573d05fffbe0e4500
CRs-Fixed: 3186188
[ Upstream commit 9c90c9b3e50e16d03c7f87d63e9db373974781e0 ]
This reverts commit 4dc2a5a8f6754492180741facf2a8787f2c415d7.
A non-zero return value from pfkey_broadcast() does not necessarily mean
an error occurred as this function returns -ESRCH when no registered
listener received the message. In particular, a call with
BROADCAST_PROMISC_ONLY flag and null one_sk argument can never return
zero so that this commit in fact prevents processing any PF_KEY message.
One visible effect is that racoon daemon fails to find encryption
algorithms like aes and refuses to start.
Excluding -ESRCH return value would fix this but it's not obvious that
we really want to bail out here and most other callers of
pfkey_broadcast() also ignore the return value. Also, as pointed out by
Steffen Klassert, PF_KEY is kind of deprecated and newer userspace code
should use netlink instead so that we should only disturb the code for
really important fixes.
v2: add a comment explaining why is the return value ignored
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 7df12bee54)
Bug: 235429059
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica140cb11cd174eded4121d66de6a7239ee4a21d
This is the merge of the upstream LTS release of 5.4.197 into the
android11-5.4 branch.
It contains the following commits:
9eae8fc396 Merge 5.4.197 into android11-5.4-lts
35c6471fd2 Linux 5.4.197
e00c2f22fb bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
a2235bc65a NFSD: Fix possible sleep during nfsd4_release_lockowner()
f5b6bc69a7 NFS: Memory allocation failures are not server fatal errors
0490cd2aee docs: submitting-patches: Fix crossref to 'The canonical patch format'
72ef5d01fe tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
7ecd237e50 tpm: Fix buffer access in tpm2_get_tpm_pt()
396d1f5176 HID: multitouch: Add support for Google Whiskers Touchpad
25f0e9459f raid5: introduce MD_BROKEN
fd2f7e9984 dm verity: set DM_TARGET_IMMUTABLE feature flag
f005973502 dm stats: add cond_resched when looping over entries
65e6282f0d dm crypt: make printing of the key constant-time
a4415f39e3 dm integrity: fix error code in dm_integrity_ctr()
fc658c0839 zsmalloc: fix races between asynchronous zspage free and page migration
7632451ad9 crypto: ecrdsa - Fix incorrect use of vli_cmp
b16bb37398 netfilter: conntrack: re-fetch conntrack after insertion
1fe82bfd9e exec: Force single empty string when argv is empty
241b566e04 drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
3dbab9e37c cfg80211: set custom regdomain after wiphy registration
039fa25d95 assoc_array: Fix BUG_ON during garbage collect
8c668da61b drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
fdcbdb3d08 i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
827980029d net: ftgmac100: Disable hardware checksum on AST2600
e619506ed0 net: af_key: check encryption module availability consistency
fa77d2a3a7 pinctrl: sunxi: fix f1c100s uart2 function
2208c31d86 ACPI: sysfs: Fix BERT error region memory mapping
92d4b5e148 ACPI: sysfs: Make sparse happy about address space in use
5a73bd4f47 media: vim2m: initialize the media device earlier
b7248281af media: vim2m: Register video device after setting up internals
ab5b00cfe0 secure_seq: use the 64 bits of the siphash for port offset calculation
80cca53a48 tcp: change source port randomizarion at connect() time
9ce35dad5a Input: goodix - fix spurious key release events
bdbc7ef3eb staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
4f07508394 x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
8bb828229d lockdown: also lock down previous kgdb use
0cf7a2be06 Merge 5.4.196 into android11-5.4-lts
04b092e4a0 Linux 5.4.196
dba1941f5b afs: Fix afs_getattr() to refetch file status if callback break occurred
ef5374d532 i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
10a221e2d3 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
a12884ff43 x86/xen: fix booting 32-bit pv guest
b2f140a9f9 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
060f38b1df ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
b38cf3cb17 firmware_loader: use kernel credentials when reading firmware
e14e3856e9 net: stmmac: disable Split Header (SPH) for Intel platforms
9ea8e6a832 block: return ELEVATOR_DISCARD_MERGE if possible
36ac6caf74 Input: ili210x - fix reset timing
1c450bdf2e net: atlantic: verify hw_head_ lies within TX buffer ring
e5307704c4 net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
91d8d7edf1 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
dd5de66f5c selftests: add ping test with ping_group_range tuned
9919585e5f mac80211: fix rx reordering with non explicit / psmp ack policy
19e2cd737c scsi: qla2xxx: Fix missed DMA unmap for aborted commands
74168c2207 perf bench numa: Address compiler error on s390
d1915d9c9f gpio: mvebu/pwm: Refuse requests with inverted polarity
3fdd67e83c gpio: gpio-vf610: do not touch other bits when set the target bit
1fe6dc5f5d net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
622be11fa3 igb: skip phy status check where unavailable
eb92a8ecce ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
463a7b957d ARM: 9196/1: spectre-bhb: enable for Cortex-A15
1b93631c77 net: af_key: add check for pfkey_broadcast in function pfkey_process
c0be5fec78 net/mlx5e: Properly block LRO when XDP is enabled
3277789f33 NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
b368e07fb4 net/qla3xxx: Fix a test in ql_reset_work()
d672eee9e4 clk: at91: generated: consider range when calculating best rate
8cb1a05fe3 ice: fix possible under reporting of ethtool Tx and Rx statistics
dc64e8874e net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
32f779e6fb net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
1eb2d78581 net/sched: act_pedit: sanitize shift argument before usage
50f70ee302 net: macb: Increment rx bd head after allocating skb and buffer
a42ffe8833 ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
6493ff94c0 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
fe2a9469ec dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
8cf6c24ed4 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
8be06f62b4 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
f4a093215b KVM: x86/mmu: Update number of zapped pages even if page list is stable
de87451827 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
3a12b2c413 Fix double fget() in vhost_net_set_backend()
dd0ea88b0a perf: Fix sys_perf_event_open() race against self
c8a5e14cb4 ALSA: wavefront: Proper check of get_user() error
2f8f6c393b SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
975a0f14d5 SUNRPC: Don't call connect() more than once on a TCP socket
aa4d71edd6 SUNRPC: Prevent immediate close+reconnect
2d6f096476 SUNRPC: Clean up scheduling of autoclose
f3fe8d13ac mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
def047ae12 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
f10260f359 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
1e93f93992 nilfs2: fix lockdep warnings during disk space reclamation
307d021b1a nilfs2: fix lockdep warnings in page operations for btree nodes
77b71a4c87 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
54f7358be1 platform/chrome: cros_ec_debugfs: detach log reader wq from devm
232128f6e6 drbd: remove usage of list iterator variable after loop
83abb076f4 MIPS: lantiq: check the return value of kzalloc()
e7947c031f rtc: mc146818-lib: Fix the AltCentury for AMD platforms
7be785032c nvme-multipath: fix hang when disk goes live over reconnect
ee0323cc8b ALSA: hda/realtek: Enable headset mic on Lenovo P360
c0d86f2a3c crypto: x86/chacha20 - Avoid spurious jumps to other functions
f021389433 crypto: stm32 - fix reference leak in stm32_crc_remove
8c015cd524 Input: stmfts - fix reference leak in stmfts_input_open
bb83a744bc Input: add bounds checking to input_set_capability()
4fd3966956 um: Cleanup syscall_handler_t definition/cast, fix warning
0c319b9988 rtc: fix use-after-free on device removal
05df3bdbc2 x86/xen: Make the secondary CPU idle tasks reliable
0d3817cb4e x86/xen: Make the boot CPU idle task reliable
67e2b62461 floppy: use a statically allocated error counter
abcfb6abb7 Merge 5.4.195 into android11-5.4-lts
e44bd11b47 Merge 5.4.194 into android11-5.4-lts
c336f131c4 ANDROID: fix up abi issue with struct snd_pcm_runtime
0187300e6a Linux 5.4.195
8fcefb43ec tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
6d80857c4f ping: fix address binding wrt vrf
7845532adb arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
c0b735fef2 net: phy: Fix race condition on link status change
a60def7568 MIPS: fix build with gcc-12
a3112d5da1 drm/vmwgfx: Initialize drm_mode_fb_cmd2
463c743149 cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
f25145c37c i40e: i40e_main: fix a missing check on list iterator
17c744716a drm/nouveau/tegra: Stop using iommu_present()
c8f567c465 serial: 8250_mtk: Fix register address for XON/XOFF character
aa3ea7451b serial: 8250_mtk: Fix UART_EFR register address
031fda28d0 slimbus: qcom: Fix IRQ check in qcom_slim_probe
7de6f30596 USB: serial: option: add Fibocom MA510 modem
65732f62f7 USB: serial: option: add Fibocom L610 modem
6c78537f3e USB: serial: qcserial: add support for Sierra Wireless EM7590
e40d004947 USB: serial: pl2303: add device id for HP LM930 Display
056a56f8fb usb: typec: tcpci: Don't skip cleanup in .remove() on error
457d9401b8 usb: cdc-wdm: fix reading stuck on device close
4d93303fd8 tty: n_gsm: fix mux activation issues in gsm_config()
6e34ee5b5b tcp: resalt the secret every 10 seconds
39c26fe93c net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
638bfbc84c s390: disable -Warray-bounds
f66d3fa508 ASoC: ops: Validate input values in snd_soc_put_volsw_range()
13b850a6cc ASoC: max98090: Generate notifications on changes for custom control
5c766c000a ASoC: max98090: Reject invalid values in custom control put()
22f6c68b49 hwmon: (f71882fg) Fix negative temperature
208200e573 gfs2: Fix filesystem block deallocation for short writes
42daae7d84 net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
e038c457bd net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
2ec2dd7d51 net/sched: act_pedit: really ensure the skb is writable
48c6a40e2f s390/lcs: fix variable dereferenced before check
467ddbbe7e s390/ctcm: fix potential memory leak
2cbce01100 s390/ctcm: fix variable dereferenced before check
1c40e85d0a hwmon: (ltq-cputemp) restrict it to SOC_XWAY
0a778db931 dim: initialize all struct fields
522986cc39 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
0729594cb7 netlink: do not reset transport header in netlink_recvmsg()
33ce32587c drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
5809a1c530 ipv4: drop dst in multicast routing path
c9d75e87f4 net: Fix features skip in for_each_netdev_feature()
5c90576705 mac80211: Reset MBSSID parameters upon connection
cfe74fd41f hwmon: (tmp401) Add OF device ID table
3915341a93 batman-adv: Don't skb_split skbuffs with frag_list
00c4652b41 Merge 5.4.193 into android11-5.4-lts
9065948757 Linux 5.4.194
2f4e0bf651 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
e4db0c3ce0 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
ea9cad1c5d mm: fix missing cache flush for all tail pages of compound page
45c05171d6 Bluetooth: Fix the creation of hdev->name
f52c4c067a KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
c1bdf1e6e7 x86: kprobes: Prohibit probing on instruction which has emulate prefix
6af6427a96 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
c67a4a91f5 x86: xen: kvm: Gather the definition of emulate prefixes
4c39e1ace3 x86/asm: Allow to pass macros to __ASM_FORM()
29afcd5af0 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
ea65a7d76c arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
5755f946a8 can: grcan: only use the NAPI poll budget for RX
caba5c13a8 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
76b64c690f nfp: bpf: silence bitwise vs. logical OR warning
86ccefb83e drm/i915: Cast remain to unsigned long in eb_relocate_vma
de542bd765 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
e6ff94d31c block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
f668da98ad MIPS: Use address-of operator on section symbols
44a1f2e6dc ANDROID: GKI: update the abi .xml file
52509afded Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
01565c91b7 Linux 5.4.193
8a7f92053d mmc: rtsx: add 74 Clocks in power on flow
d789b98917 PCI: aardvark: Fix reading MSI interrupt number
253bc43ca5 PCI: aardvark: Clear all MSIs at setup
786dc86c84 dm: interlock pending dm_io and dm_wait_for_bios_completion
ad1393b92e dm: fix mempool NULL pointer race when completing IO
40bcd39a00 tcp: make sure treq->af_specific is initialized
9661bf674d ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
37b12c16be ALSA: pcm: Fix races among concurrent prealloc proc writes
2a559eec81 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
08d1807f09 ALSA: pcm: Fix races among concurrent read/write and buffer changes
fbeb492694 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
f098f8b982 mm: fix unexpected zeroed page mapping with zram swap
c7337efd1d block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
9588ac2edd net: ipv6: ensure we call ipv6_mc_down() at most once
367b49086b KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
c2fadf2d0a x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
8b78939f4b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
f455c8e657 NFSv4: Don't invalidate inode attributes on delegation return
89e7a625ec drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
1d14c1c7a3 net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
2b99ff4c3e btrfs: always log symlinks in full mode
dc47844894 smsc911x: allow using IRQ0
cff6cb162f bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
64ece01adb selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
52401926c8 net: emaclite: Add error handling for of_address_to_resource()
354cac1e39 net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
0510b6ccfb net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
102986592f RDMA/siw: Fix a condition race issue in MPA request processing
e6ae21eb94 ASoC: dmaengine: Restore NULL prepare_slave_config() callback
df3ea6cc1a hwmon: (adt7470) Fix warning on module removal
01d4363dd7 NFC: netlink: fix sleep in atomic bug when firmware download timeout
33d3e76fc7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
85aecdef77 nfc: replace improper check device_is_registered() in netlink related functions
da9eb43b9a can: grcan: use ofdev->dev when allocating DMA memory
8b451b7d7e can: grcan: grcan_close(): fix deadlock
8f4246450a s390/dasd: Fix read inconsistency for ESE DASD devices
91193a2c2f s390/dasd: Fix read for ESE with blksize < 4k
1aa75808ed s390/dasd: prevent double format of tracks for ESE devices
061a424dd1 s390/dasd: fix data corruption for ESE devices
860db6cdc5 ASoC: meson: Fix event generation for G12A tohdmi mux
d4864e8c4b ASoC: wm8958: Fix change notifications for DSP controls
6723ab2ed8 ASoC: da7219: Fix change notifications for tone generator frequency
ac5894fb86 genirq: Synchronize interrupt thread startup
8624e2c5af ACPICA: Always create namespace nodes using acpi_ns_create_node()
27183539cf firewire: core: extend card->lock in fw_core_handle_bus_reset
2fefc62598 firewire: remove check of list iterator against head past the loop body
34b9b91829 firewire: fix potential uaf in outbound_phy_packet_callback()
f6b6e93369 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
d403ff32e5 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
94842485b4 ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
73ce49fa59 parisc: Merge model and model name into one line in /proc/cpuinfo
0d5bb59858 MIPS: Fix CP0 counter erratum detection for R4k CPUs
aa172204d5 Merge 5.4.192 into android11-5.4-lts
1d72b776f6 Linux 5.4.192
aa2a047b58 mm, hugetlb: allow for "high" userspace addresses
6a79b2433e hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
b69e60f6fc tty: n_gsm: fix incorrect UA handling
0f4be29feb tty: n_gsm: fix wrong command frame length field encoding
21cc640385 tty: n_gsm: fix wrong command retry handling
49c40febd4 tty: n_gsm: fix missing explicit ldisc flush
85522dcf00 tty: n_gsm: fix insufficient txframe size
563bb0f794 netfilter: nft_socket: only do sk lookups when indev is available
fae2095210 tty: n_gsm: fix malformed counter for out of frame data
cec2d0782a tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
a6d9847a4f x86/cpu: Load microcode during restore_processor_state()
9e9d12b81d net: ethernet: stmmac: fix write to sgmii_adapter_base
10ba1ac9a2 drivers: net: hippi: Fix deadlock in rr_close()
a827521975 cifs: destage any unwritten data to the server before calling copychunk_write
5335370366 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
0ecc5304e8 ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
7815710349 ASoC: wm8731: Disable the regulator when probing fails
a71df406a6 tcp: fix F-RTO may not work correctly when receiving DSACK
a4ed61e30e ixgbe: ensure IPsec VF<->PF compatibility
406aaef0fe bnx2x: fix napi API usage sequence
c3e7ea5860 tls: Skip tls_append_frag on zero copy size
cd5cec3a0c drm/amd/display: Fix memory leak in dcn21_clock_source_create
ffce11a391 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
3a179538bf net: bcmgenet: hide status block before TX timestamping
8ef6d60aa2 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
194f474ad9 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
e80054ea0c tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
685ff7d244 ip_gre: Make o_seqno start from 0 in native mode
69555bb27b net/smc: sync err code when tcp connection was refused
daca23846e net: hns3: add validity check for message data length
7763a79566 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
f5bb5940d7 pinctrl: pistachio: fix use of irq_of_parse_and_map()
d22fc60369 arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
68f5200a1f ARM: dts: imx6ull-colibri: fix vqmmc regulator
c45180375a sctp: check asoc strreset_chunk in sctp_generate_reconf_event
2cba635570 tcp: ensure to use the most recently sent skb when filling the rate sample
3ea6190be9 tcp: md5: incorrect tcp_header_len for incoming connections
2b9a13d98d bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
2e7f70d324 mtd: rawnand: Fix return value check of wait_for_completion_timeout
2a36ba067b ipvs: correctly print the memory size of ip_vs_conn_tab
abe86a10dc ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
54212850e3 ARM: dts: am3517-evm: Fix misc pinmuxing
bba67fe6b0 ARM: dts: Fix mmc order for omap3-gta04
416e0f8907 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
6ff7c1b827 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
59bdaed5dd ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
dbce8fc16a phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
b7fc45354b ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
dd99939b70 phy: samsung: exynos5250-sata: fix missing device put in probe error paths
6331b77fdc phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
fccbc3168e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
b8f0c19d48 USB: Fix xhci event ring dequeue pointer ERDP update issue
1f47c26257 mtd: rawnand: fix ecc parameters for mt7622
0405bd7f18 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
5f80b5c5f4 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
f6db63819d video: fbdev: udlfb: properly check endpoint type
c00f3892f4 hex2bin: fix access beyond string end
15b78a8e38 hex2bin: make the function hex_to_bin constant-time
73f4668ee8 arch_topology: Do not set llc_sibling if llc_id is invalid
a3cdd33ca1 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
89a5728b05 serial: 8250: Also set sticky MCR bits in console restoration
42f749f223 serial: imx: fix overrun interrupts in DMA mode
d29c197df7 usb: dwc3: gadget: Return proper request status
0f3d081315 usb: dwc3: core: Fix tx/rx threshold settings
e2ec7b1f6a usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
debb276670 usb: gadget: uvc: Fix crash when encoding data for usb request
324e67c3b2 usb: typec: ucsi: Fix role swapping
0366beb402 usb: misc: fix improper handling of refcount in uss720_probe()
2c97a2b5ef iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
e82c726c94 iio: dac: ad5446: Fix read_raw not returning set value
1aea30f87c iio: dac: ad5592r: Fix the missing return value.
1e8716a5c0 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
b8d3a4681f xhci: stop polling roothubs after shutdown
c8fbc2f875 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
68088dec9b USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
56cbdb9d95 USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
6b10dd966c USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
890fc65448 USB: quirks: add STRING quirk for VCOM device
c4b31d41f5 USB: quirks: add a Realtek card reader
5666334ce3 usb: mtu3: fix USB 3.0 dual-role-switch from device to host
b258964700 lightnvm: disable the subsystem
c9af90f0c6 hamradio: remove needs_free_netdev to avoid UAF
7361a35bf3 hamradio: defer 6pack kfree after unregister_netdev
7dea591300 floppy: disable FDRAWCMD by default
Update the .xml file with the following needed changes that came in from
the -lts branch to handle ABI issues with LTS security fixes:
Leaf changes summary: 2 artifacts changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 1 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
1 function with some sub-type change:
[C] 'function int hex_to_bin(char)' at hexdump.c:52:1 has some sub-type changes:
parameter 1 of type 'char' changed:
type name changed from 'char' to 'unsigned char'
type size hasn't changed
'struct snd_pcm_runtime at pcm.h:342:1' changed:
type size changed from 6336 to 6400 (in bits)
1 data member insertion:
'atomic_t buffer_accessing', at offset 6336 (in bits) at pcm.h:429:1
107 impacted interfaces
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2cc9bdcc4c587e34362082b93990bf9837241a37
When afe is inactive, it can cause afe_state to be negative and lead to timeout.
Ignore afe response in such scenario to avoid timeout.
Change-Id: I1191cbe40920bfdcb3ec7e8de76f9210923f40a2
Signed-off-by: ftong <quic_ftong@quicinc.com>
AP/peer may send DELBA continuously in some error scenarios.
Host driver generates a dump of the frame in INFO level
and a log in ERROR level for each DELBA received. This
results in excessive logs to the kernel logging.
Rate limit the logs to avoid spamming kernel logs.
Change-Id: I94b11b76b862924672e06520b5bf2e731ec462df
CRs-Fixed: 3248606
TWT params are optional attributes for TWT suspend operation.
Do not mandate the check for TWT params for TWT suspend command.
Parse the TWT params if attribute is present in the suspend
command else use the default value.
Change-Id: I62fa5e0e8a9c0346957184b9578bdd273017df21
CRs-Fixed: 3027776
Firmware aborts the ongoing scan upon receiving new scan
channel list (through WMI_SCAN_CHAN_LIST_CMDID). Channel list
might get updated from userspace through commands like
country code change, power level change(SET_FCC_CHANNEL),...
It affects the features that are dependent on that scan,
e.g. ongoing connection, p2p find, etc.. Few frames might
be stuck in firmware as the scan is canceled.
It's recommended to defer the scan channel list update till
the current scan is done. This is already supported and
guarded through the ini param enable_pending_list_req
but disabled by default.
Enable the ini param to make sure above scenarios are not
affected due to channel list update.
Change-Id: I4176bb6a03657cf32f0c099b72254d61207ea6ca
CRs-Fixed: 3250137
This reverts commit ad44e05f3e which is
commit 07fd5b6cdf3cc30bfde8fe0f644771688be04447 upstream.
It breaks the kernel ABI and is not something that is an issue for
Android devices, so revert it.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I89125948bbf90805d25a446afeab69f6581442bc
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLZohoACgkQONu9yGCS
aT4D3RAA1Je6ingEk1e/IMmfWhNu/0AOrULMbrNBdM/WDOlIQLNBchhMa81UXEh7
OJzt+NyBcuV4x5UdXj1fK3erJXA7tKM3s7BGY7OcXPDMpZjf9uOUV2Tg1Jw1jDbW
TV7lnWv1YA7ze3eOx6qoR9sNPh4kYiW5DG2ivY8JMblKEz5EPCdvyPSSW+s8kmpg
ZdyJ0pa3fnS0Di421DzJ+7R1U2t4C1eAz1FkngAyPM47GzwJoJxgcP4Q8syBmwGY
qylUnrLTBMRtpngayaP15tQtYckGTbsnTUNCTjoW7BhbABkWysc2aVnCYZDLqBck
C4XjEfBMLByICokuab0ewrzeVzvvHaY31hnhf33hYn6pgIoS5oy4T3mN7T8yEJz9
zsr+unBioZFiIOqiVgu5A2Rwn3+1x8qOmLZ/x35jqZQCmh0ndlmHUhkdjl3y/68S
XWvP4zpYBAR7QlW3WsGtFeI9Kbeh6y2tH0J79N5CjctAZFAvUaZd3cSfh3Vck02/
7Wo9vs5zV8ZvRkdRWEawkrfe/PUImnDmvkv56nTH79bI7qIlpOU6kS6gy0sDzdGl
YRKv4+jwE9/hJAcWW5S/U3wbfZMxMA6wdt8QcWsn0pXs1WFUQgWeNuyO2HNodff3
jlp25lEi3C3NSUycmm9IjuG2241hPDYnhqeX0Q4B5ciPHCD4w3o=
=KtMr
-----END PGP SIGNATURE-----
Merge 5.4.207 into android11-5.4-lts
Changes in 5.4.207
ALSA: hda - Add fixup for Dell Latitidue E5430
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
tracing/histograms: Fix memory leak problem
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
ip: fix dflt addr selection for connected nexthop
ARM: 9213/1: Print message about disabled Spectre workarounds only once
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
wifi: mac80211: fix queue selection for mesh/OCB interfaces
cgroup: Use separate src/dst nodes when preloading css_sets for migration
drm/panfrost: Fix shrinker list corruption by madvise IOCTL
nilfs2: fix incorrect masking of permission flags for symlinks
Revert "evm: Fix memleak in init_desc"
sched/rt: Disable RT_RUNTIME_SHARE by default
ext4: fix race condition between ext4_write and ext4_convert_inline_data
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
ARM: 9210/1: Mark the FDT_FIXED sections as shareable
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
ima: Fix a potential integer overflow in ima_appraise_measurement
ASoC: sgtl5000: Fix noise on shutdown/remove
net: stmmac: dwc-qos: Disable split header for Tegra194
inetpeer: Fix data-races around sysctl.
net: Fix data-races around sysctl_mem.
cipso: Fix data-races around sysctl.
icmp: Fix data-races around sysctl.
ipv4: Fix a data-race around sysctl_fib_sync_mem.
ARM: dts: at91: sama5d2: Fix typo in i2s1 node
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
drm/i915/gt: Serialize TLB invalidates with GT resets
icmp: Fix a data-race around sysctl_icmp_ratelimit.
icmp: Fix a data-race around sysctl_icmp_ratemask.
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
ipv4: Fix data-races around sysctl_ip_dynaddr.
net: ftgmac100: Hold reference returned by of_get_child_by_name()
sfc: fix use after free when disabling sriov
seg6: fix skb checksum evaluation in SRH encapsulation/insertion
seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
sfc: fix kernel panic when creating VF
mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
virtio_mmio: Add missing PM calls to freeze/restore
virtio_mmio: Restore guest page size on resume
netfilter: br_netfilter: do not skip all hooks with 0 priority
cpufreq: pmac32-cpufreq: Fix refcount leak bug
platform/x86: hp-wmi: Ignore Sanitization Mode event
net: tipc: fix possible refcount leak in tipc_sk_create()
NFC: nxp-nci: don't print header length mismatch on i2c error
nvme: fix regression when disconnect a recovering ctrl
net: sfp: fix memory leak in sfp_probe()
ASoC: ops: Fix off by one in range control validation
ASoC: wm5110: Fix DRE control
ASoC: cs47l15: Fix event generation for low power mux control
ASoC: madera: Fix event generation for OUT1 demux
ASoC: madera: Fix event generation for rate controls
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
x86: Clear .brk area at early boot
soc: ixp4xx/npe: Fix unused match warning
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
signal handling: don't use BUG_ON() for debugging
USB: serial: ftdi_sio: add Belimo device ids
usb: typec: add missing uevent when partner support PD
usb: dwc3: gadget: Fix event pending check
tty: serial: samsung_tty: set dma burst_size to 1
serial: 8250: fix return error code in serial8250_request_std_resource()
serial: stm32: Clear prev values before setting RTS delays
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
can: m_can: m_can_tx_handler(): fix use after free of skb
Linux 5.4.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica75b787bd813b75db73739df2a831dbb4958668
Currently, runtime suspend is not setting bus bandwiddth state
to NONE but to IDLE level.
Change is to set bandwidth state to None after setting it to
IDLE.
Change-Id: Iabd20b7e4a23019768de7604cb0efda0328e7d57
CRs-Fixed: 3229952
emulation_proc_handler() changes table->data for proc_dointvec_minmax
and can generate the following Oops if called concurrently with itself:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
| Internal error: Oops: 96000006 [#1] SMP
| Call trace:
| update_insn_emulation_mode+0xc0/0x148
| emulation_proc_handler+0x64/0xb8
| proc_sys_call_handler+0x9c/0xf8
| proc_sys_write+0x18/0x20
| __vfs_write+0x20/0x48
| vfs_write+0xe4/0x1d0
| ksys_write+0x70/0xf8
| __arm64_sys_write+0x20/0x28
| el0_svc_common.constprop.0+0x7c/0x1c0
| el0_svc_handler+0x2c/0xa0
| el0_svc+0x8/0x200
To fix this issue, keep the table->data as &insn->current_mode and
use container_of() to retrieve the insn pointer. Another mutex is
used to protect against the current_mode update but not for retrieving
insn_emulation as table->data is no longer changing.
Bug: 237540956
Co-developed-by: hewenliang <hewenliang4@huawei.com>
Signed-off-by: hewenliang <hewenliang4@huawei.com>
Signed-off-by: Haibin Zhang <haibinzhang@tencent.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20220128090324.2727688-1-hewenliang4@huawei.com
Link: https://lore.kernel.org/r/9A004C03-250B-46C5-BF39-782D7551B00E@tencent.com
Signed-off-by: Will Deacon <will@kernel.org>
[Lee: Added Fixes: tag]
(cherry picked from commit af483947d472eccb79e42059276c4deed76f99a6
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core)
Fixes: 587064b610 ("arm64: Add framework for legacy instruction emulation")
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If9b96bb79c79903f9d8292e719b06fdef57ef1c5
commit 2e8e79c416aae1de224c0f1860f2e3350fa171f8 upstream.
can_put_echo_skb() will clone skb then free the skb. Move the
can_put_echo_skb() for the m_can version 3.0.x directly before the
start of the xmit in hardware, similar to the 3.1.x branch.
Fixes: 80646733f1 ("can: m_can: update to support CAN FD features")
Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de
Cc: stable@vger.kernel.org
Reported-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
[sudip: adjust context]
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 211565b100993c90b53bf40851eacaefc830cfe0 upstream.
The driver must provide throttle and unthrottle in uart_ops when it
sets UPSTAT_AUTORTS. Add them using existing stop_rx &
enable_interrupts functions.
Fixes: 2a76fa2830 (serial: pl011: Adopt generic flag to store auto RTS status)
Cc: stable <stable@kernel.org>
Cc: Lukas Wunner <lukas@wunner.de>
Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220614075637.8558-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5c5f44e36217de5ead789ff25da71c31c2331c96 upstream.
The code lacks clearing of previous DEAT/DEDT values. Thus, changing
values on the fly results in garbage delays tending towards the maximum
value as more and more bits are ORed together. (Leaving RS485 mode
would have cleared the old values though).
Fixes: 1bcda09d29 ("serial: stm32: add support for RS485 hardware control mode")
Cc: stable <stable@kernel.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220627150753.34510-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6e690d54cfa802f939cefbd2fa2c91bd0b8bd1b6 upstream.
If port->mapbase = NULL in serial8250_request_std_resource() , it need
return a error code instead of 0. If uart_set_info() fail to request new
regions by serial8250_request_std_resource() but the return value of
serial8250_request_std_resource() is 0, The system incorrectly considers
that the resource application is successful and does not attempt to
restore the old setting. A null pointer reference is triggered when the
port resource is later invoked.
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20220628083515.64138-1-yiyang13@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
