When clatd starts with ebpf offloaing, and NETIF_F_GRO_FRAGLIST is enable,
several skbs are gathered in skb_shinfo(skb)->frag_list. The first skb's
ipv6 header will be changed to ipv4 after bpf_skb_proto_6_to_4,
network_header\transport_header\mac_header have been updated as ipv4 acts,
but other skbs in frag_list didnot update anything, just ipv6 packets.
udp_queue_rcv_skb will call skb_segment_list to traverse other skbs in
frag_list and make sure right udp payload is delivered to user space.
Unfortunately, other skbs in frag_list who are still ipv6 packets are
updated like the first skb and will have wrong transport header length.
e.g.before bpf_skb_proto_6_to_4,the first skb and other skbs in frag_list
has the same network_header(24)& transport_header(64), after
bpf_skb_proto_6_to_4, ipv6 protocol has been changed to ipv4, the first
skb's network_header is 44,transport_header is 64, other skbs in frag_list
didnot change.After skb_segment_list, the other skbs in frag_list has
different network_header(24) and transport_header(44), so there will be 20
bytes different from original,that is difference between ipv6 header and
ipv4 header. Just change transport_header to be the same with original.
Actually, there are two solutions to fix it, one is traversing all skbs
and changing every skb header in bpf_skb_proto_6_to_4, the other is
modifying frag_list skb's header in skb_segment_list. Considering
efficiency, adopt the second one--- when the first skb and other skbs in
frag_list has different network_header length, restore them to make sure
right udp payload is delivered to user space.
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit cf3ab8d4a797960b4be20565abb3bcd227b18a68 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master)
Bug: 218157620
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I36f2f329ec1a56bb0742141a7fa482cafa183ad3
in tunnel mode, if outer interface(ipv4) is less, it is easily to let
inner IPV6 mtu be less than 1280. If so, a Packet Too Big ICMPV6 message
is received. When send again, packets are fragmentized with 1280, they
are still rejected with ICMPV6(Packet Too Big) by xfrmi_xmit2().
According to RFC4213 Section3.2.2:
if (IPv4 path MTU - 20) is less than 1280
if packet is larger than 1280 bytes
Send ICMPv6 "packet too big" with MTU=1280
Drop packet
else
Encapsulate but do not set the Don't Fragment
flag in the IPv4 header. The resulting IPv4
packet might be fragmented by the IPv4 layer
on the encapsulator or by some router along
the IPv4 path.
endif
else
if packet is larger than (IPv4 path MTU - 20)
Send ICMPv6 "packet too big" with
MTU = (IPv4 path MTU - 20).
Drop packet.
else
Encapsulate and set the Don't Fragment flag
in the IPv4 header.
endif
endif
Packets should be fragmentized with ipv4 outer interface, so change it.
After it is fragemtized with ipv4, there will be double fragmenation.
No.48 & No.51 are ipv6 fragment packets, No.48 is double fragmentized,
then tunneled with IPv4(No.49& No.50), which obey spec. And received peer
cannot decrypt it rightly.
48 2002::10 2002::11 1296(length) IPv6 fragment (off=0 more=y ident=0xa20da5bc nxt=50)
49 0x0000 (0) 2002::10 2002::11 1304 IPv6 fragment (off=0 more=y ident=0x7448042c nxt=44)
50 0x0000 (0) 2002::10 2002::11 200 ESP (SPI=0x00035000)
51 2002::10 2002::11 180 Echo (ping) request
52 0x56dc 2002::10 2002::11 248 IPv6 fragment (off=1232 more=n ident=0xa20da5bc nxt=50)
xfrm6_noneed_fragment has fixed above issues. Finally, it acted like below:
1 0x6206 192.168.1.138 192.168.1.1 1316 Fragmented IP protocol (proto=Encap Security Payload 50, off=0, ID=6206) [Reassembled in #2]
2 0x6206 2002::10 2002::11 88 IPv6 fragment (off=0 more=y ident=0x1f440778 nxt=50)
3 0x0000 2002::10 2002::11 248 ICMPv6 Echo (ping) request
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Bug: 226699354
Change-Id: Ideec82bea6a1efa26352680cb3113f7c36b945ef
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
This is the merge of the upstream LTS release of 5.10.101 into the
android12-5.10 branch.
This merge contains the following new commits:
c194212a03 Merge 5.10.101 into android12-5.10-lts
3969aba589 Linux 5.10.101
cb86e511e7 iommu: Fix potential use-after-free during probe
f6b5d51976 perf: Fix list corruption in perf_cgroup_switch()
ce3ca12c63 arm64: dts: imx8mq: fix lcdif port node
759aeacdfe scsi: lpfc: Reduce log messages seen after firmware download
57c5d7d420 scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
199dab00f0 can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
3b10ebeb95 Makefile.extrawarn: Move -Wunaligned-access to W=1
ad53060bdf hwmon: (dell-smm) Speed up setting of fan speed
3c75d1017c phy: ti: Fix missing sentinel for clk_div_table
6eabe53492 speakup-dectlk: Restore pitch setting
3836a5ff4b USB: serial: cp210x: add CPI Bulk Coin Recycler id
51b03a9bcd USB: serial: cp210x: add NCR Retail IO box id
a21e6b2e08 USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
7113440a36 USB: serial: option: add ZTE MF286D modem
b7ed2f9619 USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
e07dde31ac usb: raw-gadget: fix handling of dual-direction-capable endpoints
e9f9b877eb usb: gadget: f_uac2: Define specific wTerminalType
fb4ff0f96d usb: gadget: rndis: check size of RNDIS_MSG_SET command
22ec100472 USB: gadget: validate interface OS descriptor requests
351159167c usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
3bfca38914 usb: dwc3: gadget: Prevent core from processing stale TRBs
2a17bd9f52 usb: ulpi: Call of_node_put correctly
8b89a69166 usb: ulpi: Move of_node_put to ulpi_dev_release
758290defe net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
a66a2b17b8 Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured"
73961057e9 usb: dwc2: drd: fix soft connect when gadget is unconfigured
a37960df7e eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
1b99fe34e2 n_tty: wake up poll(POLLRDNORM) on receiving data
f1b2573715 vt_ioctl: add array_index_nospec to VT_ACTIVATE
778302ca09 vt_ioctl: fix array_index_nospec in vt_setactivate
22249886dc net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
3a3c65c487 net: mscc: ocelot: fix mutex lock error during ethtool stats read
809f030745 ice: fix IPIP and SIT TSO offload
cf11949b91 ice: fix an error code in ice_cfg_phy_fec()
f8edc6feab dpaa2-eth: unregister the netdev before disconnecting from the PHY
ff6c9e0fce net: amd-xgbe: disable interrupts during pci removal
657aea7828 tipc: rate limit warning for received illegal binding update
ef5cdae8bc net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
bf99c14436 veth: fix races around rq->rx_notify_masked
00e6d6c3bc net: fix a memleak when uncloning an skb dst and its metadata
2e9fd2d0f6 net: do not keep the dst cache when uncloning an skb dst and its metadata
0bae953d7a nfp: flower: fix ida_idx not being released
09ac0fcb0a ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
e177d2e85e net: dsa: lantiq_gswip: don't use devres for mdiobus
95e5402f94 net: dsa: felix: don't use devres for mdiobus
2770b79529 net: dsa: bcm_sf2: don't use devres for mdiobus
475ce5dcf2 net: dsa: ar9331: register the mdiobus under devres
8ccebe77df net: dsa: mv88e6xxx: don't use devres for mdiobus
4a384c1e40 bonding: pair enable_port with slave_arr_updates
1ba45dd326 gpio: sifive: use the correct register to read output values
48e413087d ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
3b72d3f020 drm/panel: simple: Assign data from panel_dpi_probe() correctly
bf35639192 ixgbevf: Require large buffers for build_skb on 82599VF
e5a64f548a arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
04fe6569a7 netfilter: ctnetlink: disable helper autoassign
a5ce7ee5fc misc: fastrpc: avoid double fput() on failed usercopy
21c890ca8e drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
70ea005626 gpio: aggregator: Fix calling into sleeping GPIO controllers
0042178a69 usb: f_fs: Fix use-after-free for epfile
5a37fd9fdc ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
39bf132a6e phy: xilinx: zynqmp: Fix bus width setting for SGMII
108868dae2 ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
0a7b5e8d8c staging: fbtft: Fix error path in fbtft_driver_module_init()
74cd5cb219 ARM: dts: meson8b: Fix the UART device-tree schema validation
566b558e94 ARM: dts: meson8: Fix the UART device-tree schema validation
210d70f081 ARM: dts: meson: Fix the UART compatible strings
88f0e61354 ARM: dts: Fix timer regression for beagleboard revision c
c943a297ec drm/rockchip: vop: Correct RK3399 VOP register fields
a941384fba PM: s2idle: ACPI: Fix wakeup interrupts handling
fcbac51a64 ACPI/IORT: Check node revision for PMCG resources
57ede0ce65 nvme-tcp: fix bogus request completion when failing to send AER
3a669d77e5 ARM: socfpga: fix missing RESET_CONTROLLER
435e62d566 ARM: dts: Fix boot regression on Skomer
b217b89e60 ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
3f9843f2f6 riscv: fix build with binutils 2.38
3aa5c86572 KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow
bd39fe29bb KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
9efad4cb03 KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
db58a3d978 KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
dc129275a7 KVM: eventfd: Fix false positive RCU usage warning
87bbd78a2c net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
c9b8cc1046 nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
d0774cf730 perf: Always wake the parent event
a117e986e9 usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
4607218fde PM: hibernate: Remove register_nosave_region_late()
0e42c4a3d7 scsi: myrs: Fix crash in error case
3bc5b128b9 scsi: ufs: Treat link loss as fatal error
12cf120803 scsi: pm8001: Fix bogus FW crash for maxcpus=1
87f187e526 scsi: qedf: Fix refcount issue when LOGO is received during TMF
aa7352aa15 scsi: qedf: Add stag_work to all the vports
150d448c66 scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
7dbda616fc scsi: target: iscsi: Make sure the np under each tpg is unique
67baac10dd powerpc/fixmap: Fix VM debug warning on unmap
3d0eafd459 net: sched: Clarify error message when qdisc kind is unknown
9b569faabd drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
0d6b9d15ec x86/perf: Avoid warning for Arch LBR without XSAVE
b37dd03f2f NFSv4 handle port presence in fs_location server string
6f2974b52b NFSv4 expose nfs_parse_server_name function
5a9c613a29 NFSv4 remove zero number of fs_locations entries error check
1c79aad118 NFSv4.1: Fix uninitialised variable in devicenotify
c5619c510f nfs: nfs4clinet: check the return value of kstrdup()
db053bdece NFSv4 only print the label when its queried
e2b4435fd3 NFS: change nfs_access_get_cached to only report the mask
b4e0c9bcf1 tracing: Propagate is_signed to expression
5234de6c79 drm/amdgpu: Set a suitable dev_info.gart_page_size
6215fb4558 NFSD: Fix offset type in I/O trace points
3a6a2d43e3 NFSD: Clamp WRITE offsets
c72f7c2ec3 NFS: Fix initialisation of nfs_client cl_flags field
f47ee3a35f net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
6a33aa7113 net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
7b53d2204c can: isotp: fix potential CAN frame reception race in isotp_rcv()
c9cc027c55 mmc: sdhci-of-esdhc: Check for error num after setting mask
8027ba480c ima: Do not print policy rule with inactive LSM labels
8171c8a99f ima: Allow template selection with ima_template[_fmt]= after ima_hash=
0795b7100d ima: Remove ima_policy file before directory
7fea2e5200 integrity: check the return value of audit_log_start()
86e6176a42 Merge 5.10.100 into android12-5.10-lts
d4f7d322a4 Linux 5.10.100
3c7e594355 tipc: improve size validations for received domain records
2951d21689 crypto: api - Move cryptomgr soft dependency into algapi
b62267b8b0 KVM: s390: Return error on SIDA memop on normal guest
be93028d30 moxart: fix potential use-after-free on remove path
ca562bf79c Merge branch 'android12-5.10' into `android12-5.10-lts`
c3b53fcd90 Merge 5.10.99 into android12-5.10-lts
fb063a6465 Linux 5.10.99
4889d6ee9e selftests: nft_concat_range: add test for reload with no element add/del
5577273135 cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
f1f7d1a22f net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
84b76a509c ext4: fix incorrect type issue during replay_del_range
62e46e0ffc ext4: fix error handling in ext4_fc_record_modified_inode()
764793b4a5 ext4: fix error handling in ext4_restore_inline_data()
6c5bd55e36 ext4: modify the logic of ext4_mb_new_blocks_simple
8d71fc23fc ext4: prevent used blocks from being allocated during fast commit replay
ef2053afd7 EDAC/xgene: Fix deferred probing
2a12faf55b EDAC/altera: Fix deferred probing
dd274cf852 x86/perf: Default set FREEZE_ON_SMI for all
456f041e03 perf/x86/intel/pt: Fix crash with stop filters in single-range mode
8c0e6a8a63 perf stat: Fix display of grouped aliased events
57e8859acc fbcon: Add option to enable legacy hardware acceleration
460f6b1a23 Revert "fbcon: Disable accelerated scrolling"
460aa9d873 rtc: cmos: Evaluate century appropriate
2324f5fcdf tools/resolve_btfids: Do not print any commands when building silently
1536fafa23 selftests: futex: Use variable MAKE instead of make
8f0fff8b59 selftests/exec: Remove pipe from TEST_GEN_FILES
6304a613a9 bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
f744a06404 gve: fix the wrong AdminQ buffer queue index check
51e88e8922 nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
ec4334152d scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
fd482f2d63 pinctrl: bcm2835: Fix a few error paths
752d9eafc6 pinctrl: intel: fix unexpected interrupt
14bc9978b4 pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line
5a45448ac9 ASoC: max9759: fix underflow in speaker_gain_control_put()
02f4597198 ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
cb5f1fbd1f ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
56e0747d59 ASoC: fsl: Add missing error handling in pcm030_fabric_probe
3e69837551 drm/i915/overlay: Prevent divide by zero bugs in scaling
9ea0185361 net: stmmac: ensure PTP time register reads are consistent
41df2da2c1 net: stmmac: dump gmac4 DMA registers correctly
114bf93504 net: macsec: Verify that send_sci is on when setting Tx sci explicitly
2e7f5b6ee1 net: macsec: Fix offload support for NETDEV_UNREGISTER event
87b1c9fab6 net: ieee802154: Return meaningful error codes from the netlink helpers
78b3f20c17 net: ieee802154: ca8210: Stop leaking skb's
0bfe50dc5d net: ieee802154: mcr20a: Fix lifs/sifs periods
75bbda3189 net: ieee802154: hwsim: Ensure proper channel selection at probe time
e895e067d7 spi: uniphier: fix reference count leak in uniphier_spi_probe()
ec942d08e0 spi: meson-spicc: add IRQ check in meson_spicc_probe
c2cf65e100 spi: mediatek: Avoid NULL pointer crash in interrupt
30e05c98b9 spi: bcm-qspi: check for valid cs before applying chip select
6d226e8afe iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
9d9995b037 iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
b3958d3151 RDMA/mlx4: Don't continue event handler after memory allocation failure
d3f8b927df RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
c7db20f5be IB/rdmavt: Validate remote_addr during loopback atomic tests
75c610212b RDMA/ucma: Protect mc during concurrent multicast leaves
371979069a RDMA/cma: Use correct address when leaving multicast group
aa4ecd995f memcg: charge fs_context and legacy_fs_context
080f371d98 Revert "ASoC: mediatek: Check for error clk pointer"
4a9bd1e678 IB/hfi1: Fix AIP early init panic
5d40f1bdad dma-buf: heaps: Fix potential spectre v1 gadget
30de3bc099 block: bio-integrity: Advance seed correctly for larger interval sizes
352715593e mm/kmemleak: avoid scanning potential huge holes
7053188ddb mm/pgtable: define pte_index so that preprocessor could recognize it
bce7f5d74d mm/debug_vm_pgtable: remove pte entry from the page table
2d83a7463d nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
a0c73dbdd1 drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels
f071d9fa85 drm/nouveau: fix off by one in BIOS boundary checking
32747e0143 btrfs: fix deadlock between quota disable and qgroup rescan worker
aa5d406153 ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
d4aa3a9859 ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
3a8a8072e3 ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
532cde962f ALSA: hda/realtek: Add quirk for ASUS GU603
410f231fd7 ALSA: hda: realtek: Fix race at concurrent COEF updates
a7de100213 ALSA: hda: Fix UAF of leds class devs at unbinding
470bbb9cbd ALSA: usb-audio: Correct quirk for VF0770
6877f87579 ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
038f8b7caa ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
a9394f21fb ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
0ff6b80506 audit: improve audit queue handling when "audit=1" on cmdline
f446089a26 selinux: fix double free of cond_list on error paths
08942dae64 Merge 5.10.98 into android-5.10
26d02dc8ef Merge 5.10.97 into android12-5.10-lts
e33a5b611c Revert "perf: Fix perf_event_read_local() time"
0b4470b56e Merge 5.10.96 into android12-5.10-lts
12a0a56cba Linux 5.10.98
97a47e2555 Revert "drm/vc4: hdmi: Make sure the device is powered with CEC" again
e27042060f Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
c8ed22bd97 Linux 5.10.97
176356550c tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
32e1799710 af_packet: fix data-race in packet_setsockopt / packet_setsockopt
aa9e96db31 cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
3bbe2019dd rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
e7be569263 net: sched: fix use-after-free in tc_new_tfilter()
7b4741644c fanotify: Fix stale file descriptor in copy_event_to_user()
4d3fcfe846 net: amd-xgbe: Fix skb data length underflow
cadfa7dce5 net: amd-xgbe: ensure to reset the tx_timer_active flag
77534b114f ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
b4ced7a46d net/mlx5: E-Switch, Fix uninitialized variable modact
502c37b033 net/mlx5: Use del_timer_sync in fw reset flow of halting poll
a01ee1b816 net/mlx5e: Fix handling of wrong devices during bond netevent
1fc3444cda cgroup-v1: Require capabilities to set release_agent
ac4ba79bb0 drm/vc4: hdmi: Make sure the device is powered with CEC
46f919c6bd x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
fbdbf6743f x86/mce: Add Xeon Sapphire Rapids to list of CPUs that support PPIN
d4e4e61d4a psi: Fix uaf issue when psi trigger is destroyed while being polled
080dbe7e9b KVM: x86: Forcibly leave nested virt when SMM state is toggled
063029a882 Revert "drivers: bus: simple-pm-bus: Add support for probing simple bus only devices"
42fdbf8b7d net: ipa: prevent concurrent replenish
ad81380d3a net: ipa: use a bitmap for endpoint replenish_enabled
2ed912e3e0 net: ipa: fix atomic update in ipa_endpoint_replenish()
3b4c966fb1 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
a9839858b5 Merge 5.10.95 into android12-5.10-lts
f255ac9e87 Linux 5.10.96
b43e9d2f6f mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
b63e120189 block: Fix wrong offset in bio_truncate()
0b4e82403c fsnotify: invalidate dcache before IN_DELETE event
8bae6db29c usr/include/Makefile: add linux/nfc.h to the compile-test coverage
f36554de78 dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
446ff1fc37 net: bridge: vlan: fix memory leak in __allowed_ingress
bc58a5bb9e ipv4: remove sparse error in ip_neigh_gw4()
ebc5b8e471 ipv4: tcp: send zero IPID in SYNACK messages
58f72918f9 ipv4: raw: lock the socket in raw_bind()
9ffc94a81b net: bridge: vlan: fix single net device option dumping
869f1704f1 Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
699eef4ed9 net: hns3: handle empty unknown interrupt for VF
c9c81b393c net: cpsw: Properly initialise struct page_pool_params
729e54636b yam: fix a memory leak in yam_siocdevprivate()
93a6e920d8 drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
0b7d8db87d drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
d1d4616d3e video: hyperv_fb: Fix validation of screen resolution
0a60d04abc ibmvnic: don't spin in tasklet
55258b5059 ibmvnic: init ->running_cap_crqs early
b469cf91fb ipv4: fix ip option filtering for locally generated fragments
9b44441972 net: ipv4: Fix the warning for dereference
2f56c4845d net: ipv4: Move ip_options_fragment() out of loop
55402a4618 powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
0bdbf93ee2 hwmon: (lm90) Mark alert as broken for MAX6654
c534287a57 efi/libstub: arm64: Fix image check alignment at entry
3572205b19 rxrpc: Adjust retransmission backoff
5067f5699d octeontx2-pf: Forward error codes to VF
bd024e36f6 phylib: fix potential use-after-free
a839a79f4d net: phy: broadcom: hook up soft_reset for BCM54616S
57b2f3632b sched/pelt: Relax the sync of util_sum with util_avg
91b04e83c7 perf: Fix perf_event_read_local() time
cffed7e631 kernel: delete repeated words in comments
1af995c98b netfilter: conntrack: don't increment invalid counter on NF_REPEAT
129c71829d powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
7a32824f7a NFS: Ensure the server has an up to date ctime before renaming
666f6ab882 NFS: Ensure the server has an up to date ctime before hardlinking
4cd0ef6215 ipv6: annotate accesses to fn->fn_sernum
79c0b5287d drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
3ab44a408b drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
82c310d04b drm/msm: Fix wrong size calculation
f57a99c9a5 net-procfs: show net devices bound packet types
87880e3803 NFSv4: nfs_atomic_open() can race when looking up a non-regular file
ce8c552b88 NFSv4: Handle case where the lookup of a directory fails
b48a05cee2 hwmon: (lm90) Reduce maximum conversion rate for G781
b26fed25e6 ipv4: avoid using shared IP generator for connected sockets
283aa5a5af ping: fix the sk_bound_dev_if match in ping_lookup
7bcb0c19ab hwmon: (lm90) Mark alert as broken for MAX6680
925cbd596a hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
db044d9746 net: fix information leakage in /proc/net/ptype
feb770cc00 ipv6_tunnel: Rate limit warning messages
00849de10f scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
fcaf94c49a rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
1dbb206730 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
20f6675821 usb: roles: fix include/linux/usb/role.h compile issue
6aeff8a7c7 i40e: fix unsigned stat widths
d2ed5997a9 i40e: Fix for failed to init adminq while VF reset
768eb705e6 i40e: Fix queues reservation for XDP
39896710f7 i40e: Fix issue when maximum queues is exceeded
9068bcb219 i40e: Increase delay to 1 s after global EMP reset
b4c9b6afa3 powerpc/32: Fix boot failure with GCC latent entropy plugin
50f5d0a8bd powerpc/32s: Fix kasan_init_region() for KASAN
5d3af1dfdf powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs
08f090bb9b x86/MCE/AMD: Allow thresholding interface updates after init
791e5d5daa sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask
afbde455eb ocfs2: fix a deadlock when commit trans
97f75e7d4c jbd2: export jbd2_journal_[grab|put]_journal_head
3921d081c9 ucsi_ccg: Check DEV_INT bit only when starting CCG4
598a884c77 usb: typec: tcpm: Do not disconnect while receiving VBUS off
e3b131e30e USB: core: Fix hang in usb_kill_urb by adding memory barriers
3ca928c824 usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
053274bc6b usb: common: ulpi: Fix crash in ulpi_match()
20c51a4c52 usb: xhci-plat: fix crash when suspend if remote wake enable
38d1bf67a3 usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
e0fcae7bd7 tty: Add support for Brainboxes UC cards.
7079283d32 tty: n_gsm: fix SW flow control encoding/handling
2683b0d5d7 serial: stm32: fix software flow control transfer
4628b26df5 serial: 8250: of: Fix mapped region size when using reg-offset property
94b23988c3 netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
bf0d4ae5c6 arm64: errata: Fix exec handling in erratum 1418040 workaround
e92cac1dd8 KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
6b55af102b drm/etnaviv: relax submit size limits
7a32d17fb7 perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
a2c8e1d9e4 Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
abae88fb37 fsnotify: fix fsnotify hooks in pseudo filesystems
6ceac38e9b ceph: set pool_ns in new inode layout for async creates
e7be12ca7d ceph: properly put ceph_string reference after async create attempt
39986696fe tracing: Don't inc err_log entry count if entry allocation fails
d71b06aa99 tracing/histogram: Fix a potential memory leak for kstrdup()
561a22d44a PM: wakeup: simplify the output logic of pm_show_wakelocks()
b0f1cc093b efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
de7cc8bcca udf: Fix NULL ptr deref when converting from inline format
0a3cfd2589 udf: Restore i_lenAlloc when inode expansion fails
f08801252d scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
ff6bdc205f bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
6520fedfce s390/hypfs: include z/VM guests with access control group set
c10e0627c7 s390/module: fix loading modules with a lot of relocations
ba7c71a777 net: stmmac: skip only stmmac_ptp_register when resume from suspend
11191406f2 net: sfp: ignore disabled SFP node
e651772adc media: venus: core: Drop second v4l2 device unregister
83d5196b65 Bluetooth: refactor malicious adv data check
34fd8cb7e7 ANDROID: Fix CRC issue up with xfrm headers in 5.10.94
a50b069165 Revert "xfrm: rate limit SA mapping change message to user space"
67ea95e0e8 Revert "clocksource: Reduce clocksource-skew threshold"
fae0741a78 Revert "clocksource: Avoid accidental unstable marking of clocksources"
77656fde3c Linux 5.10.95
ae2b20f277 drm/vmwgfx: Fix stale file descriptors on failed usercopy
11ba2c6dfb select: Fix indefinitely sleeping task in poll_schedule_timeout()
a447d7f786 KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU
12d3389b7a rcu: Tighten rcu_advance_cbs_nowake() checks
4d63363c88 bnx2x: Invalidate fastpath HSI version for VFs
fdcfabd095 bnx2x: Utilize firmware 7.13.21.0
6a6acf9278 drm/i915: Flush TLBs before releasing backing store
4ec3c2eea5 Merge 5.10.94 into android12-5.10-lts
c525532e4f Linux 5.10.94
c76c132444 scripts: sphinx-pre-install: Fix ctex support on Debian
133cef0b61 scripts: sphinx-pre-install: add required ctex dependency
15ce9329a5 ath10k: Fix the MTU size on QCA9377 SDIO
25b1a6d330 mtd: nand: bbt: Fix corner case in bad block table handling
8104e589fa lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
6292503700 mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
33bb7f027b lib82596: Fix IRQ check in sni_82596_probe
078b5a4498 scripts/dtc: dtx_diff: remove broken example from help text
21513c4615 dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7
23bcf3615b dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
66467cc87a dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
4496e4a427 net: mscc: ocelot: fix using match before it is set
ee64479c9c net: sfp: fix high power modules without diagnostic monitoring
819e76bc57 net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
4691c9f047 bcmgenet: add WOL IRQ check
6973b38b9d net_sched: restore "mpu xxx" handling
20949c3816 net: bonding: fix bond_xmit_broadcast return value error bug
799730d182 arm64: dts: qcom: msm8996: drop not documented adreno properties
f6d4c0e017 devlink: Remove misleading internal_flags from health reporter dump
2e51a761b7 perf probe: Fix ppc64 'perf probe add events failed' case
59b44f7760 dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
0078f05371 dmaengine: at_xdmac: Fix lld view setting
7ab120636d dmaengine: at_xdmac: Fix concurrency over xfers_list
b5b27c5e33 dmaengine: at_xdmac: Print debug message after realeasing the lock
c536b351a7 dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
cd22e22e8e dmaengine: at_xdmac: Don't start transactions at tx_submit level
68a83051c8 perf script: Fix hex dump character output
7b9d40e9f6 libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
cd5c24d223 gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
7f2ca96bd2 xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
2b1415c60b netns: add schedule point in ops_exit_list()
edc09548ff inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
69e7e979ed taskstats: Cleanup the use of task->exit_code
56daa21414 virtio_ring: mark ring unused on error
0c4ebcb00d vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
c736ec01a2 rtc: pxa: fix null pointer dereference
8b8ff4c793 HID: vivaldi: fix handling devices not using numbered reports
d7544cf693 net: axienet: increase default TX ring size to 128
557829d42d net: axienet: fix for TX busy handling
41831d4967 net: axienet: fix number of TX ring slots for available check
6301f3566a net: axienet: Fix TX ring slot available check
7a3d3d7f6d net: axienet: limit minimum TX ring size
2f548489d6 net: axienet: add missing memory barriers
bcc5d57e60 net: axienet: reset core on initialization prior to MDIO access
46c0ccaff2 net: axienet: Wait for PhyRstCmplt after core reset
34942a228a net: axienet: increase reset timeout
a66b9bccf7 net/smc: Fix hung_task when removing SMC-R devices
51b52cf354 clk: si5341: Fix clock HW provider cleanup
fe40f7aef3 clk: Emit a stern warning with writable debugfs enabled
38221afa03 af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
a49e402f23 f2fs: fix to reserve space for IO align feature
39ad058117 f2fs: compress: fix potential deadlock of compress file
e1840365ed parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
d806eb5f4e net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
38c798384b net/fsl: xgmac_mdio: Add workaround for erratum A-009885
734f4b0f83 ipv4: avoid quadratic behavior in netns dismantle
86f0587f74 ipv4: update fib_info_cnt under spinlock protection
10e99ae9b5 perf evsel: Override attr->sample_period for non-libpfm4 events
58fa3e9002 xdp: check prog type before updating BPF link
38ee417f59 bpftool: Remove inclusion of utilities.mak from Makefiles
2bcab471a2 block: Fix fsync always failed if once failed
5e59f88535 powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
19aaef6519 powerpc/cell: Fix clang -Wimplicit-fallthrough warning
4cb7aba1e0 Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
78cf5f63a3 dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
16ad0aa917 RDMA/rxe: Fix a typo in opcode name
885860717c RDMA/hns: Modify the mapping attribute of doorbell to device
57cd8597c3 dmaengine: uniphier-xdmac: Fix type of address variables
4fe77b7cd2 scsi: core: Show SCMD_LAST in text form
b30240911d Bluetooth: hci_sync: Fix not setting adv set duration
55698d11c8 Documentation: fix firewire.rst ABI file path error
5d38cbf66d Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
abecf9d748 Documentation: ACPI: Fix data node reference documentation
d1e85fcd73 Documentation: dmaengine: Correctly describe dmatest with channel unset
f6736bd81d media: correct MEDIA_TEST_SUPPORT help text
55b10b88ac drm/vc4: hdmi: Make sure the device is powered with CEC
81ac08a800 media: rcar-csi2: Optimize the selection PHTW register
0baa3729d2 can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message
f62bf6ee4f firmware: Update Kconfig help text for Google firmware
12224c0d19 of: base: Improve argument length mismatch error
7bb99c7e13 drm/radeon: fix error handling in radeon_driver_open_kms
0ca7ec6db2 ext4: don't use the orphan list when migrating an inode
679fb06532 ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
d60e9daba2 ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
f26b24b4c1 ext4: fast commit may miss tracking unwritten range during ftruncate
04b5627306 ext4: use ext4_ext_remove_space() for fast commit replay delete range
53998b3f6d ext4: Fix BUG_ON in ext4_bread when write quota data
da364ab358 ext4: set csum seed in tmp inode while migrating to extents
e4221629d5 ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
720508dd11 ext4: initialize err_blk before calling __ext4_get_inode_loc
f9ed0ea0a9 ext4: fix a possible ABBA deadlock due to busy PA
115b762b48 ext4: make sure quota gets properly shutdown on error
762e4c33e9 ext4: make sure to reset inode lockdep class when quota enabling fails
f8c3ec2e21 btrfs: respect the max size in the header when activating swap file
e7764bccae btrfs: check the root node for uptodate before returning it
09e0ef287e btrfs: fix deadlock between quota enable and other quota operations
56f974d583 xfrm: fix policy lookup for ipv6 gre packets
84166c1177 PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
7aeeb9fe9c PCI: pci-bridge-emul: Correctly set PCIe capabilities
af1d0acdac PCI: pci-bridge-emul: Fix definitions of reserved bits
0f2ae6691e PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
2a0d437d8a PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only
def2825b09 PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
6cbe8f8deb PCI: xgene: Fix IB window setup
e09f47e77b powerpc/64s/radix: Fix huge vmap false positive
eb44b1386a parisc: Fix lpa and lpa_user defines
9b78ee2341 drm/bridge: analogix_dp: Make PSR-exit block less
8cbbf4a6f1 drm/nouveau/kms/nv04: use vzalloc for nv04_display
605583fccc drm/etnaviv: limit submit sizes
6c1e3d8b1b device property: Fix fwnode_graph_devcon_match() fwnode leak
ecb71f7bd5 s390/mm: fix 2KB pgtable release race
798754ba48 iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
c524f4cfb3 tracing/kprobes: 'nmissed' not showed correctly for kretprobe
b72075e395 cputime, cpuacct: Include guest time in user time in cpuacct.stat
13518f058f serial: Fix incorrect rs485 polarity on uart open
9668cf9e4a fuse: Pass correct lend value to filemap_write_and_wait_range()
9fbaddd783 xen/gntdev: fix unmap notification order
67b078d996 spi: uniphier: Fix a bug that doesn't point to private data correctly
05026c4e94 tpm: fix NPE on probe for missing device
76006d33f1 ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
4f0762ac32 crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
9e6ff2d572 crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
2031e0246e crypto: omap-aes - Fix broken pm_runtime_and_get() usage
43e94431c3 rpmsg: core: Clean up resources on announce_create failure.
082ff9e12b phy: mediatek: Fix missing check in mtk_mipi_tx_probe
ff08cf1e34 ASoC: mediatek: mt8183: fix device_node leak
f28672eef4 ASoC: mediatek: mt8173: fix device_node leak
0df5104008 scsi: sr: Don't use GFP_DMA
de9a936b04 MIPS: Octeon: Fix build errors using clang
da7df943e2 i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
f09f7ccb28 irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time
bc2d961d82 MIPS: OCTEON: add put_device() after of_find_device_by_node()
ce34b03a71 udf: Fix error handling in udf_new_inode()
15be042e7f powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic
f2e658d9bd powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
044164b419 selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
21125e0116 powerpc/40x: Map 32Mbytes of memory at startup
c330442f46 MIPS: Loongson64: Use three arguments for slti
af8d077350 ALSA: seq: Set upper limit of processed events
297210783a scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
dfde7afed7 dm: fix alloc_dax error handling in alloc_dev
2e2086f49e nvmem: core: set size for sysfs bin file
4a273a94bd w1: Misuse of get_user()/put_user() reported by sparse
87e91d6c6a KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
23bb3f01ce KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
03c1595a18 powerpc/powermac: Add missing lockdep_register_key()
df29c01b9f clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
30d35a1abd i2c: mpc: Correct I2C reset procedure
4b25aad655 powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
25714ad6bf i2c: i801: Don't silently correct invalid transfer size
75e2cfa5fa powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
a83639521a powerpc/btext: add missing of_node_put
fc10d8f00a powerpc/cell: add missing of_node_put
297ff7d5f1 powerpc/powernv: add missing of_node_put
c83ba875d7 powerpc/6xx: add missing of_node_put
d240b08d8a x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs
3681e9f3f0 parisc: Avoid calling faulthandler_disabled() twice
f2a27dd7a2 random: do not throw away excess input to crng_fast_load
f8fdebfb4b serial: core: Keep mctrl register state and cached copy in sync
a03fd1b198 serial: pl010: Drop CR register reset on set_termios
40ac338926 regulator: qcom_smd: Align probe function with rpmh-regulator
3dc751213f net: gemini: allow any RGMII interface mode
1063de8975 net: phy: marvell: configure RGMII delays for 88E1118
00580670b9 mlxsw: pci: Avoid flow control for EMAD packets
eaf8cffcf5 dm space map common: add bounds check to sm_ll_lookup_bitmap()
5850bef8e9 dm btree: add a defensive bounds check to insert_at()
754b663ea9 mac80211: allow non-standard VHT MCS-10/11
e8da60b3a6 net: mdio: Demote probed message to debug print
6b22c9824d btrfs: remove BUG_ON(!eie) in find_parent_nodes
623c65bc73 btrfs: remove BUG_ON() in find_parent_nodes()
44cbd2a16a ACPI: battery: Add the ThinkPad "Not Charging" quirk
7b6dc07c6e amdgpu/pm: Make sysfs pm attributes as read-only for VFs
516e332d6f drm/amdgpu: fixup bad vram size on gmc v8
ee88ff140d ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
8544074762 ACPICA: Fix wrong interpretation of PCC address
e70be17696 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
8ea9216d20 ACPICA: Utilities: Avoid deleting the same object twice in a row
fcfd8282c5 ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
e3a51d6c90 jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
e35cb5b122 drm/etnaviv: consider completed fence seqno in hang check
a0b13335a3 xfrm: rate limit SA mapping change message to user space
0b7beb2fea Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES
6ac117edac ath11k: Fix napi related hang
756a7188b2 um: registers: Rename function names to avoid conflicts and build problems
d817d10f7a iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ
f266e1c5bf iwlwifi: mvm: Fix calculation of frame length
6e44b60054 iwlwifi: remove module loading failure message
febab6b60d iwlwifi: fix leaks/bad data after failed firmware load
81d2e96aba PM: AVS: qcom-cpr: Use div64_ul instead of do_div
c0a1d844e3 rtw88: 8822c: update rx settings to prevent potential hw deadlock
3ef25f3122 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
e10de31055 usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
282286c632 cpufreq: Fix initialization of min and max frequency QoS requests
37b25de3af PM: runtime: Add safety net to supplier device release
5dfc6fa0b8 arm64: tegra: Adjust length of CCPLEX cluster MMIO region
b68c56a149 arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
b6f7f0ad5a audit: ensure userspace is penalized the same as the kernel when under pressure
5d54ed1550 mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
51a5156bb7 media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
f6bc6b178c media: igorplugusb: receiver overflow should be reported
d698e024be HID: quirks: Allow inverting the absolute X/Y values
59f0363346 bpf: Do not WARN in bpf_warn_invalid_xdp_action()
0e8805f73b net: bonding: debug: avoid printing debug logs when bond is not notifying peers
8c72de32ff x86/mce: Mark mce_read_aux() noinstr
1ad3e60f1f x86/mce: Mark mce_end() noinstr
f21ca973b4 x86/mce: Mark mce_panic() noinstr
de360d9443 x86/mce: Allow instrumentation during task work queueing
af371e0abb ath11k: Avoid false DEADLOCK warning reported by lockdep
aec69e2f33 selftests/ftrace: make kprobe profile testcase description unique
07ecabf15a gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
7e09f9d15e net: phy: prefer 1000baseT over 1000baseKX
443133330a net-sysfs: update the queue counts in the unregistration path
58b4c1ce83 ath10k: Fix tx hanging
fcba0bce33 ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work
93a108d466 iwlwifi: mvm: avoid clearing a just saved session protection id
ec01e0fe21 iwlwifi: mvm: synchronize with FW after multicast commands
c1976a4248 thunderbolt: Runtime PM activate both ends of the device link
830e5d1b43 media: m920x: don't use stack on USB reads
c33f0f22bf media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
526b6c9b45 media: rcar-vin: Update format alignment constraints
74e60c1dce media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
d0e3ab637d drm: rcar-du: Fix CRTC timings when CMM is used
e61aa46d0f x86/mm: Flush global TLB when switching to trampoline page-table
0946fdd929 floppy: Add max size check for user space request
409d45bcd3 usb: uhci: add aspeed ast2600 uhci support
d0aec428c0 arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node
fcb45ac39f ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD win
b8b2e74a87 ACPI / x86: Allow specifying acpi_device_override_status() quirks by path
cda755506d ACPI: Change acpi_device_always_present() into acpi_device_override_status()
b029625063 ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table
cf3b1a160d media: venus: avoid calling core_clk_setrate() concurrently during concurrent video sessions
adbe148672 ath11k: Avoid NULL ptr access during mgmt tx cleanup
ab523ea096 rsi: Fix out-of-bounds read in rsi_read_pkt()
7525876750 rsi: Fix use-after-free in rsi_rx_done_handler()
6036500fdf mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
8a6371d84c crypto: jitter - consider 32 LSB for APT
240cf5d3cb HSI: core: Fix return freed object in hsi_new_client
f4295b7dca gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
f0653cd4da tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown()
b8d10f601f drm/bridge: megachips: Ensure both bridges are probed before registration
43fc9e267e mlxsw: pci: Add shutdown method in PCI driver
b2e921fa92 soc: ti: pruss: fix referenced node in error message
07fbbc4dc7 drm/amdgpu/display: set vblank_disable_immediate for DC
019fe9723a drm/amd/display: check top_pipe_to_program pointer
3c3c0b6c4a ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
f54d8cd831 EDAC/synopsys: Use the quirk for version instead of ddr version
0b85d73fdb media: b2c2: Add missing check in flexcop_pci_isr:
c978d39a8b HID: apple: Do not reset quirks when the Fn key is not found
2df002e327 drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
5aa57672c6 usb: gadget: f_fs: Use stream_open() for endpoint files
129e8faaee ath11k: Fix crash caused by uninitialized TX ring
e8b271f2aa media: atomisp: handle errors at sh_css_create_isp_params()
ebe9c978d9 batman-adv: allow netlink usage in unprivileged containers
ff452db961 ARM: shmobile: rcar-gen2: Add missing of_node_put()
ff2138d6c2 media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure
51ef6582a2 media: atomisp: set per-device's default mode
ac08140677 media: atomisp: fix try_fmt logic
518e059789 drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
e3ba02b043 drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR
2f13f10fdd ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
a9d2ccfc7d selftests/bpf: Fix bpf_object leak in skb_ctx selftest
b207356933 drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
db1e878373 fs: dlm: filter user dlm messages for kernel locks
f9c9a46efd Bluetooth: Fix debugfs entry leak in hci_register_dev()
852d7d436f ARM: dts: omap3-n900: Fix lp5523 for multi color
b5793aff11 of: base: Fix phandle argument length mismatch error message
e16e836d51 clk: bm1880: remove kfrees on static allocations
36d46e21c9 ASoC: fsl_asrc: refine the check of available clock divider
5a6864e2e6 RDMA/cxgb4: Set queue pair state when being queried
80524c8cdf ASoC: fsl_mqs: fix MODULE_ALIAS
74988d017d powerpc/xive: Add missing null check after calling kmalloc
588e0b81ce mips: bcm63xx: add support for clk_set_parent()
e3de89d010 mips: lantiq: add support for clk_set_parent()
8f8468a089 arm64: tegra: Remove non existent Tegra194 reset
702902fc7f arm64: tegra: Fix Tegra194 HDA {clock,reset}-names ordering
24b047d72c counter: stm32-lptimer-cnt: remove iio counter abi
a394606104 misc: lattice-ecp3-config: Fix task hung when firmware load failed
696a50abbc ASoC: samsung: idma: Check of ioremap return value
d491a2c2cf ASoC: mediatek: Check for error clk pointer
c73ccdd62d phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
d781f4cd8c scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
6e2a169544 iommu/iova: Fix race between FQ timeout and teardown
57bc898575 ASoC: Intel: catpt: Test dmaengine_submit() result before moving on
676049a3d2 iommu/amd: Restore GA log/tail pointer on host resume
c2bd7c31de iommu/amd: Remove iommu_init_ga()
62ea255f2b dmaengine: pxa/mmp: stop referencing config->slave_id
0be9ae1e53 mips: fix Kconfig reference to PHYS_ADDR_T_64BIT
88d78b25db mips: add SYS_HAS_CPU_MIPS64_R5 config for MIPS Release 5 support
51b8e814bc clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
dff359e042 of: unittest: 64 bit dma address test requires arch support
918105df78 of: unittest: fix warning on PowerPC frame size warning
0e04518b1d ASoC: rt5663: Handle device_property_read_u32_array error codes
7c0d9c815c RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
2432d325f9 RDMA/core: Let ib_find_gid() continue search even after empty entry
d77916df16 powerpc/powermac: Add additional missing lockdep_register_key()
8b3783e517 PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
7be2a0bcaf RDMA/qedr: Fix reporting max_{send/recv}_wr attrs
e19469468b scsi: ufs: Fix race conditions related to driver data
ed43b2e048 iommu/io-pgtable-arm: Fix table descriptor paddr formatting
e9e4d1fb45 openrisc: Add clone3 ABI wrapper
551a785c26 binder: fix handling of error during copy
88ddf033a5 char/mwave: Adjust io port register size
8937aee4c0 ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
bcd533417f ALSA: oss: fix compile error when OSS_DEBUG is enabled
fd99aeb978 clocksource: Avoid accidental unstable marking of clocksources
cacc6c30e3 clocksource: Reduce clocksource-skew threshold
86ad478c99 powerpc/32s: Fix shift-out-of-bounds in KASAN init
ef798cd035 powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC
58014442a9 powerpc/irq: Add helper to set regs->softe
c9ffa84a3b powerpc/perf: move perf irq/nmi handling details into traps.c
a0758b3be4 powerpc/perf: MMCR0 control for PMU registers under PMCC=00
f4df6db5b0 powerpc/64s: Convert some cpu_setup() and cpu_restore() functions to C
a9c9d2ff64 dt-bindings: thermal: Fix definition of cooling-maps contribution property
2bd8d93795 ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
5a821af769 powerpc/prom_init: Fix improper check of prom_getprop()
9ca761ef94 clk: imx8mn: Fix imx8mn_clko1_sels
999528d8a7 scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
c5f414d69a RDMA/hns: Validate the pkey index
04a032ea24 RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit"
84cd5c029d ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
180e9d7384 ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
49d76154ba ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
f871cd8ee0 ext4: avoid trim error on fs with small groups
99590e820f net: mcs7830: handle usb read errors properly
2b948524ae iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing()
04ce9e2aed pcmcia: fix setting of kthread task states
5064bfe046 can: xilinx_can: xcan_probe(): check for error irq
b6dd1577bc can: softing: softing_startstop(): fix set but not used variable warning
b9ac866c23 tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
fb46223c9f tpm: add request_locality before write TPM_INT_ENABLE
20edf903a3 can: mcp251xfd: add missing newline to printed strings
d71fca5d01 regmap: Call regmap_debugfs_exit() prior to _init()
838acddcdf netrom: fix api breakage in nr_setsockopt()
0d04479857 ax25: uninitialized variable in ax25_setsockopt()
27e9910c45 spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
9d6350cf8e Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
9defd7d4c0 lib/mpi: Add the return value check of kcalloc()
e801f81cee net/mlx5: Set command entry semaphore up once got index free
d2b9ce705d Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
67e1a449a1 net/mlx5e: Don't block routes with nexthop objects in SW
cc40fa05c0 net/mlx5e: Fix page DMA map/unmap attributes
b3dda01d1d debugfs: lockdown: Allow reading debugfs files that are not world readable
b9b5da3e18 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
541c3a044b HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
c47f842e0c HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
cf5ad827ee HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
94177fcecc usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
4579954bf4 Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
f6bf3d6639 Bluetooth: hci_bcm: Check for error irq
f5e4f68d57 fsl/fman: Check for null pointer after calling devm_ioremap
60aca6fdc1 staging: greybus: audio: Check null pointer
a1068bfee4 rocker: fix a sleeping in atomic bug
2db344725e ppp: ensure minimum packet size in ppp_write()
45643b1b6c netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
8772700a9f bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
342332fb0b bpf: Don't promote bogus looking registers after null check.
0036c78c49 netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
2e718389b9 power: reset: mt6397: Check for null res pointer
4210c35fe8 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
2dee347f35 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
0f03132191 ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
595e1ec55b x86/mce/inject: Avoid out-of-bounds write when setting flags
df12681819 hwmon: (mr75203) fix wrong power-up delay value
aea5302d9d x86/boot/compressed: Move CLANG_FLAGS to beginning of KBUILD_CFLAGS
70eec71f32 Bluetooth: hci_qca: Stop IBS timer during BT OFF
1d4e722b62 software node: fix wrong node passed to find nargs_prop
f8f3c1720d backlight: qcom-wled: Respect enabled-strings in set_brightness
de79bcbfaf backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion
c79f9b8d8e backlight: qcom-wled: Override default length with qcom,enabled-strings
bf4daf6153 backlight: qcom-wled: Fix off-by-one maximum with default num_strings
09aed85e8c backlight: qcom-wled: Pass number of elements to read to read_u32_array
f4ed4fc504 backlight: qcom-wled: Validate enabled string indices in DT
e668ac6506 bpftool: Enable line buffering for stdout
009bb7ee15 Bluetooth: L2CAP: Fix using wrong mode
1a2241ad40 um: virtio_uml: Fix time-travel external time propagation
8411722e56 um: fix ndelay/udelay defines
b2b1b490bd selinux: fix potential memleak in selinux_add_opt()
3253cf0914 mmc: meson-mx-sdio: add IRQ check
decb209954 mmc: meson-mx-sdhc: add IRQ check
bdc6c9fc5f iwlwifi: mvm: test roc running status bits before removing the sta
a750fcd604 iwlwifi: mvm: fix 32-bit build in FTM
86b0122d26 ARM: dts: armada-38x: Add generic compatible to UART nodes
1f5428e438 arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
874b97e862 arm64: dts: marvell: cn9130: add GPIO and SPI aliases
407ef1db40 usb: ftdi-elan: fix memory leak on device disconnect
2a65da5a1e ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
47dd693c94 xfrm: state and policy should fail if XFRMA_IF_ID 0
db369047e3 xfrm: interface with if_id 0 should return error
37441ddadc media: hantro: Fix probe func error path
3849ec830b drm/tegra: vic: Fix DMA API misuse
b230114bc5 drm/bridge: ti-sn65dsi86: Set max register for regmap
db97fc2c44 drm/msm/dpu: fix safe status debugfs file
3580055d1f arm64: dts: qcom: ipq6018: Fix gpio-ranges property
6f20a5a98a arm64: dts: qcom: c630: Fix soundcard setup
394ee480aa ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
f6e4a6cbdb media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
1a8869de32 media: msi001: fix possible null-ptr-deref in msi001_probe()
a79327bb01 media: dw2102: Fix use after free
958a8819d4 ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
3e51460638 ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
b35263f000 crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
1f5b81874f crypto: stm32/cryp - fix bugs and crash in tests
1f6151b077 crypto: stm32/cryp - fix lrw chaining mode
2bd40e3a3a crypto: stm32/cryp - fix double pm exit
533af1621d crypto: stm32/cryp - check early input data
5deb24e503 crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
e9e0dd5da8 crypto: stm32/cryp - fix CTR counter carry
c40b1bc851 crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter
93033bbbdc selftests: harness: avoid false negatives if test has no ASSERTs
f568fd97d7 selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
d21b47c607 x86/uaccess: Move variable into switch case statement
3e801ea43c xfrm: fix a small bug in xfrm_sa_len()
b87034d7a2 mwifiex: Fix possible ABBA deadlock
0836f94040 rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
027165c491 drm/msm/dp: displayPort driver need algorithm rational
268f352456 sched/rt: Try to restart rt period timer when rt runtime exceeded
bb0579ab50 wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
b4b911b164 media: si2157: Fix "warm" tuner state detection
7009a5fbc5 media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
df79d2bf95 media: dib8000: Fix a memleak in dib8000_init()
f0cb43a2c6 arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
88ed31aab4 arm64: lib: Annotate {clear, copy}_page() as position-independent
69e402a985 bpf: Remove config check to enable bpf support for branch records
924886fa22 bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
218d952160 bpf: Adjust BTF log size limit.
b77ef5b4ea sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
d7d5b3bc52 sched/fair: Fix detection of per-CPU kthreads waking a task
ec121517ac Bluetooth: btmtksdio: fix resume failure
2a7edcb3ef staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
49f5cd2b7c staging: rtl8192e: return error code from rtllib_softmac_init()
04fdd426ce floppy: Fix hang in watchdog when disk is ejected
45bbe00801 serial: amba-pl011: do not request memory region twice
8409d2394c tty: serial: uartlite: allow 64 bit address
a001a15ab3 arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
75919207c1 arm64: dts: ti: k3-j721e: Fix the L2 cache sets
2dcfa3c765 arm64: dts: ti: k3-j7200: Fix the L2 cache sets
f277978d6c drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
3ca1b3b82f drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
96e05d2d93 thermal/drivers/imx8mm: Enable ADC when enabling monitor
ef72449e2d ACPI: EC: Rework flushing of EC work while suspended to idle
c0acd5a097 cgroup: Trace event cgroup id fields should be u64
e7e178e264 arm64: dts: qcom: msm8916: fix MMC controller aliases
894d91c633 netfilter: bridge: add support for pppoe filtering
13f64bbe42 thermal/drivers/imx: Implement runtime PM support
c3a59f34e8 media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
50c4244906 media: venus: core: Fix a potential NULL pointer dereference in an error handling path
eeefa2eae8 media: venus: core, venc, vdec: Fix probe dependency error
53f65afc26 media: venus: pm_helpers: Control core power domain manually
89f518b153 media: coda: fix CODA960 JPEG encoder buffer overflow
1da628d351 media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
2028fb832d media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
e8d78f924f media: imx-pxp: Initialize the spinlock prior to using it
621e8ce75d media: rcar-csi2: Correct the selection of hsfreqrange
ad52b9890b mfd: atmel-flexcom: Use .resume_noirq
46d6a23114 mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP
f93c9aa1d3 tty: serial: atmel: Call dma_async_issue_pending()
755a6c873b tty: serial: atmel: Check return code of dmaengine_submit()
bd85b2e77a arm64: dts: ti: k3-j721e: correct cache-sets info
32e9947e66 ath11k: Use host CE parameters for CE interrupts configuration
6a49acfaca crypto: qat - fix undetected PFVF timeout in ACK loop
475ac5c565 crypto: qat - make pfvf send message direction agnostic
ee1c74c3c9 crypto: qat - remove unnecessary collision prevention step in PFVF
472f768352 crypto: qat - fix spelling mistake: "messge" -> "message"
ae766527e6 ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco
eab4204588 mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove
867d4ace48 crypto: qce - fix uaf on qce_skcipher_register_one
e19b3c1b57 crypto: qce - fix uaf on qce_ahash_register_one
5de640f59f media: dmxdev: fix UAF when dvb_register_device() fails
1d64e2bd22 arm64: dts: renesas: cat875: Add rx/tx delays
a33eef23a6 drm/vboxvideo: fix a NULL vs IS_ERR() check
43220a61e7 fs: dlm: fix build with CONFIG_IPV6 disabled
0d7c5d10e7 tee: fix put order in teedev_close_context()
097e601eb8 ath11k: reset RSN/WPA present state for open BSS
fa51addd39 ath11k: clear the keys properly via DISABLE_KEY
df94b37e90 ath11k: Fix ETSI regd with weather radar overlap
ffc9019bd9 Bluetooth: stop proccessing malicious adv data
3273541fed memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails
55917db359 fs: dlm: don't call kernel_getpeername() in error_report()
98923ebb03 fs: dlm: use sk->sk_socket instead of con->sock
6edd1bd8e3 arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
eb1f75fa24 arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
6f012f2c44 arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+
96d710b1c6 arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name
0b57480ed5 media: aspeed: Update signal status immediately to ensure sane hw state
0ff0ae69d2 media: em28xx: fix memory leak in em28xx_init_dev
b441d94287 media: aspeed: fix mode-detect always time out at 2nd run
8d132d9dd8 media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr()
fc2b95e7ae media: atomisp: fix enum formats logic
6e5353238c media: atomisp: add NULL check for asd obtained from atomisp_video_pipe
6cbabad304 media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c
22b0b68f7d media: atomisp: fix ifdefs in sh_css.c
0bf5e8af6e media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid()
3cb3e66f58 media: atomisp: do not use err var when checking port validity for ISP2400
08e43223fb media: atomisp: fix inverted logic in buffers_needed()
fb370f6dc7 media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case
1daacf9bb6 media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities()
e1da9301cf media: videobuf2: Fix the size printk format
90807ab437 mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
9bfed11dcf ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
2fe056d979 wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
22406ed4e3 wcn36xx: populate band before determining rate on RX
92fea7bd5a wcn36xx: Put DXE block into reset before freeing memory
0d53c47f6a wcn36xx: Release DMA channel descriptor allocations
1850195a85 wcn36xx: Fix DMA channel enable/disable cycle
38a7842889 wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
fcb267bb95 wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
e53ff4dd70 drm/vc4: hdmi: Set a default HSM rate
b9c2343373 clk: bcm-2835: Remove rounding up the dividers
836dd37fe2 clk: bcm-2835: Pick the closest clock rate
88f1b613c3 Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
9ddfa1c191 drm/rockchip: dsi: Reconfigure hardware on resume()
58904ed186 drm/rockchip: dsi: Disable PLL clock on bind error
6215cde020 drm/rockchip: dsi: Hold pm-runtime across bind/unbind
8ccaafa1ca drm/rockchip: dsi: Fix unbalanced clock on probe error
9bc19022aa drm/panel: innolux-p079zca: Delete panel on attach() failure
b01b7b8684 drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
0499c863a8 drm: fix null-ptr-deref in drm_dev_init_release()
7798757013 drm/bridge: display-connector: fix an uninitialized pointer in probe()
cb5813b0e5 Bluetooth: L2CAP: Fix not initializing sk_peer_pid
ed0b1fd3ec drm/ttm: Put BO in its memory manager's lru list
7b9fa915a5 shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
6c6f86bb61 mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
e04b1dfe15 dma/pool: create dma atomic pool only if dma zone has managed pages
d2e5724117 mm_zone: add function to check if managed dma zone exists
2142a7e9bd PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
45c74f4f54 dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
191a24ceae gpu: host1x: Add back arm_iommu_detach_device()
0680674536 iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
3dae11f8e3 lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
e4a2c924a1 iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
256302cb2f can: softing_cs: softingcs_probe(): fix memleak on registration failure
aa57725e2d media: cec-pin: fix interrupt en/disable handling
2e566cacc3 media: stk1160: fix control-message timeouts
1a0ca711df media: pvrusb2: fix control-message timeouts
2dbf430ead media: redrat3: fix control-message timeouts
6e9c120bf9 media: dib0700: fix undefined behavior in tuner shutdown
5e98ac260d media: s2255: fix control-message timeouts
09b0b918a6 media: cpia2: fix control-message timeouts
d90833106c media: em28xx: fix control-message timeouts
2182575c83 media: mceusb: fix control-message timeouts
460525acc9 media: flexcop-usb: fix control-message timeouts
7cac8a5624 media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
1da0b1cd42 rtc: cmos: take rtc_lock while reading from CMOS
14f6cfe0d7 tools/nolibc: fix incorrect truncation of exit code
5e258640ba tools/nolibc: i386: fix initial stack alignment
06f7528d64 tools/nolibc: x86-64: Fix startup code bug
98259dd54e x86/gpu: Reserve stolen memory for first integrated Intel GPU
e2a17dcad5 mtd: rawnand: davinci: Rewrite function description
8933138a66 mtd: rawnand: davinci: Avoid duplicated page read
677764634b mtd: rawnand: davinci: Don't calculate ECC when reading page
a8a607b004 mtd: Fixed breaking list in __mtd_del_partition.
ff10cd7bb2 mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
538a5e208e mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
777a700ccf nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
08283b076f f2fs: fix to do sanity check in is_alive()
57cfc965e3 HID: wacom: Avoid using stale array indicies to read contact count
7fd22c99bb HID: wacom: Ignore the confidence flag when a touch is removed
9a4800e0f6 HID: wacom: Reset expected and received contact counts at the same time
c2e39d5df0 HID: uhid: Fix worker destroying device without any protection
aa1346113c KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
0347b16583 Merge 5.10.93 into android12-5.10-lts
fd187a4925 Linux 5.10.93
bed97c9036 mtd: fixup CFI on ixp4xx
f50803b519 powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS
68c1aa82be ALSA: hda/realtek: Re-order quirk entries for Lenovo
4d15a17d06 ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
d7b41464f1 ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk
87246ae94b ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
9c27e513fb ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices
4c7fb4d519 KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
6b8c3a1853 firmware: qemu_fw_cfg: fix kobject leak in probe error path
889c73305b firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
ff9588cf15 firmware: qemu_fw_cfg: fix sysfs information leak
358a4b054a rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
93c4506f9f media: uvcvideo: fix division by zero at stream start
4c3f70be6f video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
161e43ab8c 9p: only copy valid iattrs in 9P2000.L setattr implementation
0e6c0f3f40 KVM: s390: Clarify SIGP orders versus STOP/RESTART
413b427f5f KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest
723acd75a0 perf: Protect perf_guest_cbs with RCU
eadde287a6 vfs: fs_context: fix up param length parsing in legacy_parse_param
c5f3827716 remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
5d88e24b23 orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
0084fefe29 devtmpfs regression fix: reconfigure on each mount
ee40594c95 kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
f45f895af5 Merge branch 'android12-5.10' into `android12-5.10-lts`
7dd0d263fe Merge 5.10.92 into android12-5.10-lts
c982c1a839 Linux 5.10.92
c0091233f3 staging: greybus: fix stack size warning with UBSAN
66d21c005d drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
2d4fda471d staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
3609fed7ac media: Revert "media: uvcvideo: Set unique vdev name based in type"
9b3c761e78 random: fix crash on multiple early calls to add_bootloader_randomness()
61cca7d191 random: fix data race on crng init time
3de9478230 random: fix data race on crng_node_pool
43c494294f can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
45221a57b6 can: isotp: convert struct tpcon::{idx,len} to unsigned int
bd61ae808b can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
f68e600017 mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
5f76445a31 veth: Do not record rx queue hint in veth_xmit
ddfa53825f mmc: sdhci-pci: Add PCI ID for Intel ADL
2e691f9894 ath11k: Fix buffer overflow when scanning with extraie
a87cecf943 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
15982330b6 USB: core: Fix bug in resuming hub's handling of wakeup requests
413108ce3b ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100
b6dd070236 Bluetooth: bfusb: fix division by zero in send path
869e1677a0 Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0
c20021ce94 Bluetooth: btusb: Add support for Foxconn MT7922A
8349391838 Bluetooth: btusb: Add two more Bluetooth parts for WCN6855
294c0dd80d Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
35ab8c9085 bpf: Fix out of bounds access from invalid *_or_null type verification
c84fbba8a9 workqueue: Fix unbind_workers() VS wq_worker_running() race
c39d68ab38 md: revert io stats accounting
d605f2f30d Merge 5.10.91 into android12-5.10-lts
df395c763b Linux 5.10.91
674071c9eb Input: zinitix - make sure the IRQ is allocated before it gets enabled
ef81f7d406 ARM: dts: gpio-ranges property is now required
f63fa1a0d4 ipv6: raw: check passed optlen before reading
cf07884e6b drm/amd/display: Added power down for DCN10
10b9ccd067 mISDN: change function names to avoid conflicts
dd8a09cfbb atlantic: Fix buff_ring OOB in aq_ring_rx_clean
c2f4bb251e net: udp: fix alignment problem in udp4_seq_show()
f82b48d1d8 ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
8c87a83ef8 scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
b798b677f9 usb: mtu3: fix interval value for intr and isoc
498d77fc5e ipv6: Do cleanup if attribute validation fails in multipath route
72b0d14a0a ipv6: Continue processing multipath route even if gateway attribute is invalid
5a7d650bb1 power: bq25890: Enable continuous conversion for ADC at charging
4f260ea553 phonet: refcount leak in pep_sock_accep
6195293460 rndis_host: support Hytera digital radios
62cbde77d9 power: reset: ltc2952: Fix use of floating point literals
998d157e3b power: supply: core: Break capacity loop
16d8568378 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
aa606b82cd net: ena: Fix error handling when calculating max IO queues number
e7f5480978 net: ena: Fix undefined state when tx request id is out of bounds
2de3d961f8 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
4c34d5fd8c batman-adv: mcast: don't send link-local multicast to mcast routers
f403b5f96e lwtunnel: Validate RTA_ENCAP_TYPE attribute length
48d5adb08d ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
173bfa2782 ipv6: Check attribute length for RTA_GATEWAY in multipath route
914420a2a6 ipv4: Check attribute length for RTA_FLOW in multipath route
a8fe915be6 ipv4: Check attribute length for RTA_GATEWAY in multipath route
786a335fef ftrace/samples: Add missing prototypes direct functions
c859c4de0b i40e: Fix incorrect netdev's real number of RX/TX queues
d0ad64438f i40e: Fix for displaying message regarding NVM version
32845aa602 i40e: fix use-after-free in i40e_sync_filters_subtask()
f7edb6b943 sfc: The RX page_ring is optional
2b3f34da0d mac80211: initialize variable have_higher_than_11mbit
16e5cad6ec RDMA/uverbs: Check for null return of kmalloc_array
a7c2cae997 netrom: fix copying in user data in nr_setsockopt
beeb0fdeda RDMA/core: Don't infoleak GRH fields
3ca132e6b0 iavf: Fix limit of total number of queues to active queues of VF
396e301690 i40e: Fix to not show opcode msg on unsuccessful VF MAC change
7f13d14e56 ieee802154: atusb: fix uninit value in atusb_set_extended_addr
7db1e245cb tracing: Tag trace_percpu_buffer as a percpu pointer
760c6a6255 tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
c1e2da4b3f selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
384111e123 f2fs: quota: fix potential deadlock
a1bb21475e Merge 5.10.90 into android12-5.10-lts
d3e491a20d Linux 5.10.90
8c15bfb36a bpf: Add kconfig knob for disabling unpriv bpf by default
d8a5b1377b perf script: Fix CPU filtering of a script's switch events
2386e81a1d net: fix use-after-free in tw_timer_handler
34087cf960 Input: spaceball - fix parsing of movement data packets
9f329d0d6c Input: appletouch - initialize work before device registration
2a4f551dec scsi: vmw_pvscsi: Set residual data length conditionally
1cb8444f31 binder: fix async_free_space accounting for empty parcels
a6e26251dd usb: mtu3: set interval of FS intr and isoc endpoint
3b6efe0b7b usb: mtu3: fix list_head check warning
f10b01c48f usb: mtu3: add memory barrier before set GPD's HWO
1c4ace3e6b usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
1933fe8ce7 xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
b8553330a0 drm/amdgpu: add support for IP discovery gc_info table v2
28863ffe21 drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled
a0f3ac399e uapi: fix linux/nfc.h userspace compilation errors
818c9e0a04 nfc: uapi: use kernel size_t to fix user-space builds
8d31cbab4c i2c: validate user data in compat ioctl
51c94d8fbd fsl/fman: Fix missing put_device() call in fman_port_probe
920932b20e net/ncsi: check for error return from call to nla_put_u32
610af55f9f selftests/net: udpgso_bench_tx: fix dst ip argument
78503589b1 net/mlx5e: Fix wrong features assignment in case of error
6114600808 ionic: Initialize the 'lif->dbid_inuse' bitmap
b7c9a1427b igc: Fix TX timestamp support for non-MSI-X platforms
e8a5988a85 net/smc: fix kernel panic caused by race of smc_sock
97c87c1db9 net/smc: don't send CDC/LLC message if link not ready
99f19566b1 net/smc: improved fix wait on already cleared link
e553265ea5 NFC: st21nfca: Fix memory leak in device probe and remove
8d70dc0eec net: lantiq_xrx200: fix statistics of received bytes
7ef89bd1e8 net: ag71xx: Fix a potential double free in error handling paths
40d3618691 net: usb: pegasus: Do not drop long Ethernet frames
a67becdaa8 net/smc: fix using of uninitialized completions
769d14abd3 sctp: use call_rcu to free endpoint
13c1bf43b6 selftests: Calculate udpgso segment count without header adjustment
abe74fb433 udp: using datalen to cap ipv6 udp max gso segments
5e6ad649e9 net/mlx5e: Fix ICOSQ recovery flow for XSK
73665165b6 net/mlx5e: Wrap the tx reporter dump callback to extract the sq
4cd1da02f0 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
fcb32eb3d0 scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
4833ad4908 selinux: initialize proto variable in selinux_ip_postroute_compat()
ec941a2277 recordmcount.pl: fix typo in s390 mcount regex
a0e82d5ef9 memblock: fix memblock_phys_alloc() section mismatch error
7da855e939 platform/x86: apple-gmux: use resource_size() with res
d01e9ce1af parisc: Clear stale IIR value on instruction access rights trap
0643d9175d tomoyo: use hwight16() in tomoyo_domain_quota_is_ok()
e2048a1f91 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
210c7c6908 Input: i8042 - enable deferred probe quirk for ASUS UM325UA
bb672eff74 Input: i8042 - add deferred probe support
9b28b48fb3 Merge 5.10.89 into android12-5.10-lts
eb967e323f Linux 5.10.89
52ad5da8e3 phonet/pep: refuse to enable an unbound pipe
7dd52af1eb hamradio: improve the incomplete fix to avoid NPD
450121075a hamradio: defer ax25 kfree after unregister_netdev
8e34d07dd4 ax25: NPD bug when detaching AX25 device
50f78486f9 hwmon: (lm90) Do not report 'busy' status bit as alarm
ec1d222d37 hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
441d387366 pinctrl: mediatek: fix global-out-of-bounds issue
9c75a9657b ASoC: rt5682: fix the wrong jack type detected
94caab5af1 ASoC: tas2770: Fix setting of high sample rates
c7282790c7 Input: goodix - add id->model mapping for the "9111" model
3bb3bf50d6 Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312
ee6f34215c mm: mempolicy: fix THP allocations escaping mempolicy restrictions
8008fc1d0b KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
d91ed251fd usb: gadget: u_ether: fix race in setting MAC address in setup phase
6697f29bf5 ceph: fix up non-directory creation in SGID directories
fffb6581a2 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
ad338d825e tee: optee: Fix incorrect page free bug
1f20707674 mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
ac61b9c6c0 mac80211: fix locking in ieee80211_start_ap error path
89876d1083 ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
c3253d3a38 mmc: mmci: stm32: clear DLYB_CR after sending tuning command
0d66b39521 mmc: core: Disable card detect during shutdown
c8e366a01c mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands
4af7915361 mmc: sdhci-tegra: Fix switch to HS400ES mode
9a7ec79797 gpio: dln2: Fix interrupts when replugging the device
f5b02912e2 pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
28626e76ba KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU
7a37f2e370 platform/x86: intel_pmc_core: fix memleak on registration failure
b57afd1240 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
c05d8f66ec tee: handle lookup of shm with reference count 0
0ffb9f83e4 parisc: Fix mask used to select futex spinlock
5deeb9ad59 parisc: Correct completer in lws start
8b745616ba ipmi: fix initialization when workqueue allocation fails
1f6ab84746 ipmi: ssif: initialize ssif_info->client early
a5192f3116 ipmi: bail out if init_srcu_struct fails
bc674f1b21 Input: atmel_mxt_ts - fix double free in mxt_read_info_block
30140e252f ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s
2b4c020b70 ALSA: hda/realtek: Fix quirk for Clevo NJ51CU
7470780f3b ALSA: hda/realtek: Add new alc285-hp-amp-init model
4cb7dc2e30 ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
69e492161c ALSA: drivers: opl3: Fix incorrect use of vp->state
a96c08e0b4 ALSA: jack: Check the return value of kstrdup()
51c7b2a7b8 hwmon: (lm90) Drop critical attribute support for MAX6654
2464738d0e hwmon: (lm90) Introduce flag indicating extended temperature support
196df56c3d hwmon: (lm90) Add basic support for TI TMP461
fa2e149260 hwmon: (lm90) Fix usage of CONFIG2 register in detect function
ba696b4708 pinctrl: bcm2835: Change init order for gpio hogs
676c572439 Input: elantech - fix stack out of bound access in elantech_change_report_id()
2792fde84c sfc: falcon: Check null pointer of rx_queue->page_ring
d70b4001ef sfc: Check null pointer of rx_queue->page_ring
75c962f02a net: ks8851: Check for error irq
9db0f8d395 drivers: net: smc911x: Check for error irq
ca2a15053b fjes: Check for error irq
c6d2754006 bonding: fix ad_actor_system option setting to default
6809da5185 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
61e6b82e7b igb: fix deadlock caused by taking RTNL in RPM resume path
e00eace232 net: skip virtio_net_hdr_set_proto if protocol already set
ed05e4dcfb net: accept UFOv6 packages in virtio_net_hdr_to_skb
56b0bbba78 qlcnic: potential dereference null pointer of rx_queue->page_ring
78e49d77e5 net: marvell: prestera: fix incorrect return of port_find
861b4413e4 ARM: dts: imx6qdl-wandboard: Fix Ethernet support
d79f5e0d45 netfilter: fix regression in looped (broad|multi)cast's MAC handling
579cefef7c RDMA/hns: Replace kfree() with kvfree()
7cf6466e00 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
cd9c90682b ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent()
580ecf86e7 spi: change clk_disable_unprepare to clk_unprepare
93a957bbf4 arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
ef2dce4325 HID: potential dereference of null pointer
3110bc5862 HID: holtek: fix mouse probing
0875873b2a ext4: check for inconsistent extents between index and leaf block
76366c024f ext4: check for out-of-order index extents in ext4_valid_extent_entries()
1d4b1c4e8b ext4: prevent partial update of the extent blocks
f69a47fcbb net: usb: lan78xx: add Allied Telesis AT29M2-AF
8c0059a25c arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd
b16b124a42 arm64: vdso32: drop -no-integrated-as flag
ba13eb1927 Merge 5.10.88 into android12-5.10-lts
856f88f27b Linux 5.10.88
88f20cccbe xen/netback: don't queue unlimited number of packages
525875c410 xen/netback: fix rx queue stall detection
8fa3a370cc xen/console: harden hvc_xen against event channel storms
d31b337917 xen/netfront: harden netfront against event channel storms
8ac3b6ee7c xen/blkfront: harden blkfront against event channel storms
76ec7fe2d8 Revert "xsk: Do not sleep in poll() when need_wakeup set"
e24fc89830 bus: ti-sysc: Fix variable set but not used warning for reinit_modules
70692b0620 rcu: Mark accesses to rcu_state.n_force_qs
a9078e7914 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
bdb854f134 scsi: scsi_debug: Fix type in min_t to avoid stack OOB
aa1f912712 scsi: scsi_debug: Don't call kcalloc() if size arg is zero
6859985a2f ovl: fix warning in ovl_create_real()
5fd7d62daa fuse: annotate lock in fuse_reverse_inval_entry()
b99bdf127a media: mxl111sf: change mutex_init() location
0413f7a1a5 xsk: Do not sleep in poll() when need_wakeup set
6b8d8ecdd9 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
8affa1b68d Input: touchscreen - avoid bitwise vs logical OR warning
aec5897b27 drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
c1d519263d libata: if T_LENGTH is zero, dma direction should be DMA_NONE
a9f2c6af5a timekeeping: Really make sure wall_to_monotonic isn't positive
6471ebcd6f serial: 8250_fintek: Fix garbled text for console
a7c8067453 iocost: Fix divide-by-zero on donation from low hweight cgroup
bcebb8eb19 zonefs: add MODULE_ALIAS_FS
1c414ff63b btrfs: fix double free of anon_dev after failure to create subvolume
005d9292b5 btrfs: fix memory leak in __add_inode_ref()
cd98cb5216 USB: serial: option: add Telit FN990 compositions
5c93584d9a USB: serial: cp210x: fix CP2105 GPIO registration
8f207f1263 usb: xhci: Extend support for runtime power management for AMD's Yellow carp.
e5949933f3 PCI/MSI: Mask MSI-X vectors only on success
f8aa09186c PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
d17c5a3897 usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe
2b2edc8fc5 USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
fd623e16b2 tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
9439fabfc3 KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES
5fe305c6d4 Revert "usb: early: convert to readl_poll_timeout_atomic()"
2b54f485f2 USB: gadget: bRequestType is a bitfield, not a enum
151ffac3ac powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n
fcf9194d36 bpf, selftests: Fix racing issue in btf_skc_cls_ingress test
6f46c59e60 sit: do not call ipip6_dev_free() from sit_init_net()
6e1011cd18 net: systemport: Add global locking for descriptor lifecycle
d1765f984c net/smc: Prevent smc_release() from long blocking
337bb7bf7c net: Fix double 0x prefix print in SKB dump
734a3f3106 sfc_ef100: potential dereference of null pointer
7da349f07e net/packet: rx_owner_map depends on pg_vec
1a34fb9e2b netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
d3e1f54508 ixgbe: set X550 MDIO speed before talking to PHY
48e01e3881 ixgbe: Document how to enable NBASE-T support
776ed8b366 igc: Fix typo in i225 LTR functions
74a16e062b igbvf: fix double free in `igbvf_probe`
ddac50d04f igb: Fix removal of unicast MAC filters of VFs
12c1938870 soc/tegra: fuse: Fix bitwise vs. logical OR warning
451f1eded7 mptcp: clear 'kern' flag from fallback sockets
222cebd995 drm/amd/pm: fix a potential gpu_metrics_table memory leak
74dc97dfb2 rds: memory leak in __rds_conn_create()
67f4362ae2 flow_offload: return EOPNOTSUPP for the unsupported mpls action type
03fd6ca056 mac80211: fix lookup when adding AddBA extension element
bef59d6a83 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
96bc86cac0 drm/ast: potential dereference of null pointer
cac0fd4b9b selftest/net/forwarding: declare NETIFS p9 p10
81fbdd4565 net/sched: sch_ets: don't remove idle classes from the round-robin list
be32c8a788 dmaengine: st_fdma: fix MODULE_ALIAS
dfff1d5e85 selftests: Fix IPv6 address bind tests
08896ecfff selftests: Fix raw socket bind tests with VRF
5ba4dfb8b8 selftests: Add duplicate config only for MD5 VRF tests
12512bc8f2 net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
3a4f6dba1e inet_diag: fix kernel-infoleak for UDP sockets
20ad1ef02f sch_cake: do not call cake_destroy() from cake_init()
1208b445a4 s390/kexec_file: fix error handling when applying relocations
c058c544e7 selftests: net: Correct ping6 expected rc from 2 to 1
9983425c20 virtio/vsock: fix the transport to work with VMADDR_CID_ANY
94a01e6fb2 soc: imx: Register SoC device only on i.MX boards
cc426a91d3 clk: Don't parent clks until the parent is fully registered
429bb01e4d ARM: socfpga: dts: fix qspi node compatible
7b4cc168d9 ceph: initialize pathlen variable in reconnect_caps_cb
e0f06c32af ceph: fix duplicate increment of opened_inodes metric
640e28d618 tee: amdtee: fix an IS_ERR() vs NULL bug
eed897a222 mac80211: track only QoS data frames for admission control
24983f7508 arm64: dts: rockchip: fix audio-supply for Rock Pi 4
49bd597719 arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
9fcdbbf396 arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply
ba866840b2 arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge
3516bc1492 arm64: dts: imx8mp-evk: Improve the Ethernet PHY description
06294e7e34 arm64: dts: imx8m: correct assigned clocks for FEC
4cc6badff9 audit: improve robustness of the audit queue handling
0e21e6cd5e dm btree remove: fix use after free in rebalance_children()
f5187a9d52 recordmcount.pl: look for jgnop instruction as well as bcrl on s390
51f6302f81 vdpa: check that offsets are within bounds
e3a1ab5aea virtio_ring: Fix querying of maximum DMA mapping size for virtio device
0612679e48 bpf, selftests: Add test case trying to taint map value pointer
279e0bf80d bpf: Make 32->64 bounds propagation slightly more robust
e2aad0b5f2 bpf: Fix signed bounds propagation after mov32
f0f484714f firmware: arm_scpi: Fix string overflow in SCPI genpd driver
7fd214fc7f mac80211: validate extended element ID is present
0bb50470f1 mac80211: send ADDBA requests using the tid/queue of the aggregation session
29bb131dbb mac80211: mark TX-during-stop for TX in in_reconfig
15640e40e3 mac80211: fix regression in SSN handling of addba tx
49b7e49692 KVM: downgrade two BUG_ONs to WARN_ON_ONCE
8d0f56c2ed KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
c4d08791d9 Merge 5.10.87 into android12-5.10-lts
272aedd4a3 Linux 5.10.87
8dd559d53b arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
65c578935b arm: extend pfn_valid to take into account freed memory map alignment
6e634c0e71 memblock: ensure there is no overflow in memblock_overlaps_region()
74551f13c6 memblock: align freed memory map on pageblock boundaries with SPARSEMEM
b4b54c7ba1 memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
b6a1cbd187 perf intel-pt: Fix error timestamp setting on the decoder error path
0612aa02c2 perf intel-pt: Fix missing 'instruction' events with 'q' option
71c795028b perf intel-pt: Fix next 'err' value, walking trace
02681dd178 perf intel-pt: Fix state setting when receiving overflow (OVF) packet
cbed09b44c perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type
3bb7fd4be8 perf intel-pt: Fix sync state when a PSB (synchronization) packet is found
731ff78841 perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage
b23f9252a4 perf inject: Fix itrace space allowed for new attributes
7c26da3be1 ethtool: do not perform operations on net devices being unregistered
6992d8c215 hwmon: (dell-smm) Fix warning on /proc/i8k creation error
c31470a30c fuse: make sure reclaim doesn't write the inode
613725436e bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
9099f35126 staging: most: dim2: use device release method
ac76adc87a KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
6f0d9d3e74 tracing: Fix a kmemleak false positive in tracing_map
f35f7f04aa drm/amd/display: add connector type check for CRC source set
dd3cea3425 drm/amd/display: Fix for the no Audio bug with Tiled Displays
dadce61247 net: netlink: af_netlink: Prevent empty skb by adding a check on len.
bca6af4325 i2c: rk3x: Handle a spurious start completion interrupt flag
d6edec8a7b parisc/agp: Annotate parisc agp init functions with __init
cf520ccffd ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P
701a07fd02 ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
6d22a96d12 net/mlx4_en: Update reported link modes for 1/10G
999069d8b0 Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
27f4ce02b3 s390/test_unwind: use raw opcode instead of invalid instruction
9eab949e2b KVM: arm64: Save PSTATE early on exit
990fd815ec drm/msm/dsi: set default num_data_lanes
c602863ad2 nfc: fix segfault in nfc_genl_dump_devices_done
4f0b8b90b8 Merge 5.10.86 into android12-5.10-lts
37050f17f2 Linux 5.10.86
3241449183 netfilter: selftest: conntrack_vrf.sh: fix file permission
afc997898e Merge 5.10.85 into android12-5.10-lts
e4f2aee661 Linux 5.10.85
47301c06f6 Documentation/Kbuild: Remove references to gcc-plugin.sh
af5ba49cf7 MAINTAINERS: adjust GCC PLUGINS after gcc-plugin.sh removal
ad13421fd2 doc: gcc-plugins: update gcc-plugins.rst
9fc17c3af5 kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc
d428e54774 bpf: Add selftests to cover packet access corner cases
0ec0eda3f3 misc: fastrpc: fix improper packet size calculation
261d45a4c2 irqchip: nvic: Fix offset for Interrupt Priority Offsets
cd946f0ebe irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
e1c6611f82 irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
8f3ed9deaa irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
d530e9943d irqchip/aspeed-scu: Replace update_bits with write_bits.
014c2fa5dc csky: fix typo of fpu config macro
ee86d0bad8 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
c10c53419d iio: ad7768-1: Call iio_trigger_notify_done() on error
0f86c9e818 iio: adc: axp20x_adc: fix charging current reporting on AXP22x
af7fbb8c0b iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
fff92f3712 iio: at91-sama5d2: Fix incorrect sign extension
a2545b147d iio: dln2: Check return value of devm_iio_trigger_register()
69ae78c1ab iio: dln2-adc: Fix lockdep complaint
416383999c iio: itg3200: Call iio_trigger_notify_done() on error
bc4d8367ed iio: kxsd9: Don't return error code in trigger handler
28ea539a31 iio: ltr501: Don't return error code in trigger handler
db12d95085 iio: mma8452: Fix trigger reference couting
4e78529110 iio: stk3310: Don't return error code in interrupt handler
5c4a0f307f iio: trigger: stm32-timer: fix MODULE_ALIAS
5de9c5b130 iio: trigger: Fix reference counting
cbc04c0c9a iio: gyro: adxrs290: fix data signedness
fee8be5bde xhci: avoid race between disable slot command and host runtime suspend
1b43c9b65f usb: core: config: using bit mask instead of individual bits
74b6a6a239 xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
ef284f086d usb: core: config: fix validation of wMaxPacketValue entries
e4de8ca013 USB: gadget: zero allocate endpoint 0 buffers
7193ad3e50 USB: gadget: detect too-big endpoint 0 requests
63fc70bffa selftests/fib_tests: Rework fib_rp_filter_test()
126d1897cb net/qla3xxx: fix an error code in ql_adapter_up()
5e663bcd9a net, neigh: clear whole pneigh_entry at alloc time
ae67383208 net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
83b16b9c44 net: altera: set a couple error code in probe()
385ffd31eb net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
47322fddb4 tools build: Remove needless libpython-version feature check that breaks test-all fast path
42bea3a1b7 dt-bindings: net: Reintroduce PHY no lane swap binding
3f57215f74 Documentation/locking/locktypes: Update migrate_disable() bits.
77d255d28b perf tools: Fix SMT detection fast read path
391ca20ea1 Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge"
e5b7fb2198 i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
347cc9b4d9 mtd: rawnand: fsmc: Fix timing computation
0b2e1fccdf mtd: rawnand: fsmc: Take instruction delay into account
57f290572f i40e: Fix pre-set max number of queues for VF
eb87117c27 i40e: Fix failed opcode appearing if handling messages from VF
82ed3829c9 clk: imx: use module_platform_driver
4d12546cf9 RDMA/hns: Do not destroy QP resources in the hw resetting phase
33f320c35d RDMA/hns: Do not halt commands during reset until later
4458938b29 ASoC: codecs: wcd934x: return correct value from mixer put
1089dac26c ASoC: codecs: wcd934x: handle channel mappping list correctly
83dae68fc0 ASoC: codecs: wsa881x: fix return values from kcontrol put
62e4dc5e13 ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
2f4764fe36 ASoC: rt5682: Fix crash due to out of scope stack vars
bdd8129c66 PM: runtime: Fix pm_runtime_active() kerneldoc comment
661c4412c5 qede: validate non LSO skb length
c4d2d7c935 scsi: scsi_debug: Fix buffer size of REPORT ZONES command
1e434d2687 scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
5dfe611474 block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
5f1f94c26b tracefs: Set all files to the same group ownership as the mount option
2ba0738f71 net: mvpp2: fix XDP rx queues registering
47ffefd88a aio: fix use-after-free due to missing POLLFREE handling
e4d19740bc aio: keep poll requests on waitqueue until completed
fc2f636ffc signalfd: use wake_up_pollfree()
9f3acee7ea binder: use wake_up_pollfree()
8e04c8397b wait: add wake_up_pollfree()
2f8eb4c4c8 libata: add horkage for ASMedia 1092
f76580d82c can: m_can: Disable and ignore ELO interrupt
703dde1120 can: pch_can: pch_can_rx_normal: fix use after free
2737d0bc21 drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
17edb38e76 clk: qcom: regmap-mux: fix parent clock lookup
172a982244 mmc: renesas_sdhi: initialize variable properly when tuning
33204825cc tracefs: Have new files inherit the ownership of their parent
c520943a00 nfsd: Fix nsfd startup race (again)
eeb0711801 nfsd: fix use-after-free due to delegation race
8b4264c27b md: fix update super 1.0 on rdev size change
caf9b352dc btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
41b3cc57d6 btrfs: clear extent buffer uptodate when we fail to write it
75490bcbd0 scsi: qla2xxx: Format log strings only if needed
07977a3f3d ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ad45babf78 ALSA: pcm: oss: Limit the period size to 16MB
02b2b691b7 ALSA: pcm: oss: Fix negative period/buffer sizes
6760e6ddeb ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1
7fe903d354 ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
3063ee5164 ALSA: ctl: Fix copy of updated id with element read/write
c581090228 mm: bdi: initialize bdi_min_ratio when bdi is unregistered
06368922f3 KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall
2a51edaf5c net/sched: fq_pie: prevent dismantle issue
4b7e90672a devlink: fix netns refcount leak in devlink_nl_cmd_reload()
9d683d14f6 IB/hfi1: Correct guard on eager buffer deallocation
2e2edebb5d iavf: Fix reporting when setting descriptor count
aada0b3f33 iavf: restore MSI state on reset
32a329b731 netfilter: conntrack: annotate data-races around ct->timeout
5e39de85b7 udp: using datalen to cap max gso segments
666521b385 seg6: fix the iif in the IPv6 socket control block
484069b5de nfp: Fix memory leak in nfp_cpp_area_cache_add()
b1830ede16 bonding: make tx_rebalance_counter an atomic
a59df4ea71 ice: ignore dropped packets during init
349e83c0cf bpf: Fix the off-by-two error in range markings
f26951db84 bpf, x86: Fix "no previous prototype" warning
74685aaece vrf: don't run conntrack on vrf with !dflt qdisc
d5cf399a6d selftests: netfilter: add a vrf+conntrack testcase
83ea620a1b nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
f3d9114ac9 drm/amdkfd: fix boot failure when iommu is disabled in Picasso.
7508a9aa65 drm/amdgpu: init iommu after amdkfd device init
ac9db04ee3 drm/amdgpu: move iommu_resume before ip init/resume
fe9dca7dda drm/amdgpu: add amdgpu_amdkfd_resume_iommu
5d191b0976 drm/amdkfd: separate kfd_iommu_resume from kfd_resume
46dcf66d6e drm/amd/amdkfd: adjust dummy functions' placement
dded8d76a7 x86/sme: Explicitly map new EFI memmap table as encrypted
923f4dc5df can: sja1000: fix use after free in ems_pcmcia_add_card()
819251da71 can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
854a2bede1 can: kvaser_usb: get CAN clock frequency from device
2c08271f4e IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
d87c10607b IB/hfi1: Fix early init panic
d60dd3685d IB/hfi1: Insure use of smp_processor_id() is preempt disabled
05eb0e4a12 nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups
89f3edc98f HID: check for valid USB device for many HID drivers
889c39113f HID: wacom: fix problems when device is not a valid USB device
6272b17001 HID: bigbenff: prevent null pointer dereference
d877651afd HID: add USB_HID dependancy on some USB HID drivers
a7e9c5ddf5 HID: add USB_HID dependancy to hid-chicony
28989ed4d7 HID: add USB_HID dependancy to hid-prodikeys
6114432960 HID: add hid_is_usb() function to make it simpler for USB detection
2298d5edd8 HID: google: add eel USB id
12362cd3a4 HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
cc97d73215 gcc-plugins: fix gcc 11 indigestion with plugins...
1eee36a552 gcc-plugins: simplify GCC plugin-dev capability test
518c3f98e5 usb: gadget: uvc: fix multiple opens
e2aed161fc ANDROID: GKI: fix up abi breakage in fib_rules.h
1b71a028a2 Merge 5.10.84 into android12-5.10-lts
a0582e24d3 Linux 5.10.84
e6edaf2677 ipmi: msghandler: Make symbol 'remove_work_wq' static
a8d18fb4d1 net/tls: Fix authentication failure in CCM mode
dbe73dace9 parisc: Mark cr16 CPU clocksource unstable on all SMP machines
01300d2150 iwlwifi: mvm: retry init flow if failed
a5d0a72b80 serial: 8250: Fix RTS modem control while in rs485 mode
f9802d7049 serial: 8250_pci: rewrite pericom_do_set_divisor()
50b06889c8 serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
e1722acf4f serial: core: fix transmit-buffer reset and memleak
bda142bbeb serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
901f7e0aa4 serial: pl011: Add ACPI SBSA UART match id
946ded2287 tty: serial: msm_serial: Deactivate RX DMA for polling support
67d08450a0 x86/64/mm: Map all kernel memory into trampoline_pgd
b3a519b5a5 x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
1ed4a8fd36 x86/tsc: Add a timer to make sure TSC_adjust is always checked
a92f044a9f usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
6d8c191bf4 USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
90c915051c xhci: Fix commad ring abort, write all 64 bits to CRCR register.
1235485c63 vgacon: Propagate console boot parameters before calling `vc_resize'
92b9113c6d parisc: Fix "make install" on newer debian releases
c27a548d3f parisc: Fix KBUILD_IMAGE for self-extracting kernel
92f309c838 x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry()
4bbbc9c4f3 x86/pv: Switch SWAPGS to ALTERNATIVE
4d42b7bcf0 sched/uclamp: Fix rq->uclamp_max not set on first enqueue
2015ffa3a4 x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
8b9279cad2 x86/entry: Use the correct fence macro after swapgs in kernel CR3
c8e3411918 x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword
64ca109bf8 KVM: VMX: Set failure code in prepare_vmcs02()
60ce9a7540 KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
cfebd5a277 atlantic: Remove warn trace message.
95f6fae9a0 atlantic: Fix statistics logic for production hardware
695d9c6bc6 Remove Half duplex mode speed capabilities.
0c67e7b98f atlantic: Add missing DIDs and fix 115c.
ca350298bc atlantic: Fix to display FW bundle version instead of FW mac version.
93a4f3f4fd atlatnic: enable Nbase-t speeds with base-t
44812111a3 atlantic: Increase delay for fw transactions
13f290d5aa drm/msm: Do hw_init() before capturing GPU state
d646856a60 drm/msm/a6xx: Allocate enough space for GMU registers
a792b3d564 net/smc: Keep smc_close_final rc during active close
e226180acc net/rds: correct socket tunable error in rds_tcp_tune()
77731fede2 net/smc: fix wrong list_del in smc_lgr_cleanup_early
9a40a1e0eb ipv4: convert fib_num_tclassid_users to atomic_t
fa973bf5fd net: annotate data-races on txq->xmit_lock_owner
e26dab79e1 dpaa2-eth: destroy workqueue at the end of remove function
dde240695d net: marvell: mvpp2: Fix the computation of shared CPUs
3260b8d120 net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
acef1c2b15 ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec
60f0b9c42c rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
35b40f724c rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
4afb32090a ASoC: tegra: Fix kcontrol put callback in AHUB
fe4eb5297a ASoC: tegra: Fix kcontrol put callback in DSPK
256aa15aac ASoC: tegra: Fix kcontrol put callback in DMIC
1cf1f9a1f3 ASoC: tegra: Fix kcontrol put callback in I2S
0ee53a1d88 ASoC: tegra: Fix kcontrol put callback in ADMAIF
e6fb4c3fd3 ASoC: tegra: Fix wrong value type in DSPK
0265ef0dff ASoC: tegra: Fix wrong value type in DMIC
e66e75fb22 ASoC: tegra: Fix wrong value type in I2S
6b54c0d845 ASoC: tegra: Fix wrong value type in ADMAIF
932b338f4e mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
a0335cda6d selftests: net: Correct case name
f1d43efa59 net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
59d2dc7710 arm64: ftrace: add missing BTIs
ef55f0f8af siphash: use _unaligned version by default
fd52e1f8c0 net: mpls: Fix notifications when deleting a device
15fa12c119 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
c6f340a331 tcp: fix page frag corruption on page fault
aa6c393a3c natsemi: xtensa: fix section mismatch warnings
289ee320b5 i2c: cbus-gpio: set atomic transfer callback
58d5c53f25 i2c: stm32f7: stop dma transfer in case of NACK
c221244917 i2c: stm32f7: recover the bus on access timeout
8de6ea757c i2c: stm32f7: flush TX FIFO upon transfer errors
1c75779dd9 wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
cb2d7c1992 wireguard: receive: drop handshakes if queue lock is contended
8a29a50dbd wireguard: receive: use ring buffer for incoming handshakes
e3be118327 wireguard: device: reset peer src endpoint when netns exits
f7b6672fab wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
0584bf51c3 wireguard: selftests: actually test for routing loops
3d1dc3c677 wireguard: allowedips: add missing __rcu annotation to satisfy sparse
4caf965f6c wireguard: selftests: increase default dmesg log size
3d73021f8d tracing/histograms: String compares should not care about signed values
d4af6d9749 KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg()
c71b5f37b5 KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1
5f33887a36 KVM: x86: Use a stable condition around all VT-d PI paths
7722e88505 KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST
6a44f200f1 KVM: Disallow user memslot with size that exceeds "unsigned long"
775191dd4c drm/amd/display: Allow DSC on supported MST branch devices
209d35ee34 ipv6: fix memory leak in fib6_rule_suppress
16c242b091 sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
4a46b2f5dc sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
4baba6ba56 fget: check that the fd still exists after getting a ref to it
80bfed369b s390/pci: move pseudo-MMIO to prevent MIO overlap
92283c2728 cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
f717f29e84 ipmi: Move remove_work to dedicated workqueue
de4f5eb02c rt2x00: do not mark device gone on EPROTO errors during start
c200721f8e kprobes: Limit max data_size of the kretprobe instances
2a74c13dfe vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
136cabf157 ACPI: Add stubs for wakeup handler functions
cc443ac5bb net/smc: Avoid warning of possible recursive locking
ff061b5bda perf report: Fix memory leaks around perf_tip()
a4c17ebdd6 perf hist: Fix memory leak of a perf_hpp_fmt
d9b72274f3 perf inject: Fix ARM SPE handling
2c15d2a6ba net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
f059fa40f0 net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
4d5968ea06 ipv6: check return value of ipv6_skip_exthdr
22519eff7d ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
9a32d3c08d ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
c746945fb6 drm/amd/amdgpu: fix potential memleak
74aafe99ef drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
f0c9f49b0c scsi: iscsi: Unblock session then wake up error handler
bc8c423a28 thermal: core: Reset previous low and high trip during thermal zone init
8e4d2ac434 btrfs: check-integrity: fix a warning on write caching disabled disk
0395722905 s390/setup: avoid using memblock_enforce_memory_limit
fd1e70ef65 platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
226b21ad01 platform/x86: thinkpad_acpi: Add support for dual fan control
3fc88660ed net: return correct error code
2c514d2500 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
ff6eeb6278 net/smc: Transfer remaining wait queue entries during fallback
e1a165599a mac80211: do not access the IV when it was stripped
c386d7aa59 drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
57e36973fa powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory"
7b2b7e03e8 gfs2: Fix length of holes reported at end-of-file
664cceab6f gfs2: release iopen glock early in evict
bcce010f92 ovl: fix deadlock in splice write
dca4f9a581 ovl: simplify file splice
7774dd934a can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
60ae63ef19 NFSv42: Fix pagecache invalidation after COPY/CLONE
6e6898e23c ANDROID: GKI: update abi_gki_aarch64.xml due to bpf changes in 5.10.83
cd1062d64e Revert "net: ipv6: add fib6_nh_release_dsts stub"
0bf59ac0b2 Revert "net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group"
65836a68d9 Revert "mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB"
249dae115a Merge 5.10.83 into android-5.10
bc8ae0e2af Merge branch 'android12-5.10' into `android12-5.10-lts`
a324ad7945 Linux 5.10.83
45b42cd053 drm/amdgpu/gfx9: switch to golden tsc registers for renoir+
98b02755d5 net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP
a15261d2a1 shm: extend forced shm destroy to support objects from several IPC nses
aa20e966d8 s390/mm: validate VMA in PGSTE manipulation functions
a94e4a7b77 tty: hvc: replace BUG_ON() with negative return value
1c5f722a8f xen/netfront: don't trust the backend response data blindly
334b0f2787 xen/netfront: disentangle tx_skb_freelist
e17ee047ee xen/netfront: don't read data from request on the ring page
f5e4937098 xen/netfront: read response from backend only once
1ffb20f052 xen/blkfront: don't trust the backend response data blindly
8e147855fc xen/blkfront: don't take local copy of a request from the ring page
273f04d5d1 xen/blkfront: read response from backend only once
b98284aa3f xen: sync include/xen/interface/io/ring.h with Xen's newest version
406f2d5fe3 tracing: Check pid filtering when creating events
4fd0ad08ee vhost/vsock: fix incorrect used length reported to the guest
fbc0514e1a iommu/amd: Clarify AMD IOMMUv2 initialization messages
5655b8bccb smb3: do not error on fsync when readonly
c380062d08 ceph: properly handle statfs on multifs setups
22423c966e f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
e6ee7abd6b sched/scs: Reset task stack state in bringup_cpu()
71e38a0c7c tcp: correctly handle increased zerocopy args struct size
72f2117e45 net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
73115a2b38 net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
62343dadbb net: hns3: fix VF RSS failed problem after PF enable multi-TCs
215167df45 net/smc: Don't call clcsock shutdown twice when smc shutdown
6e800ee432 net: vlan: fix underflow for the real_dev refcnt
ae2659d2c6 net/sched: sch_ets: don't peek at classes beyond 'nbands'
e3509feb46 tls: fix replacing proto_ops
22156242b1 tls: splice_read: fix record type check
3b6c71c097 MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
a6a5d853f1 MIPS: loongson64: fix FTLB configuration
5e823dbee2 igb: fix netpoll exit with traffic
f2a58ff3e3 nvmet: use IOCB_NOWAIT only if the filesystem supports it
12ceb52f2c net/smc: Fix loop in smc_listen
c94cbd262b net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
3d4937c6a3 net: phylink: Force retrigger in case of latched link-fail indicator
50162ff3c8 net: phylink: Force link down and retrigger resolve on interface change
95ba8f0d57 lan743x: fix deadlock in lan743x_phy_link_status_change()
c5e4316d9c tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
3187623096 drm/amd/display: Set plane update flags for all planes in reset
f634c755a0 PM: hibernate: use correct mode for swsusp_close()
440bd9faad net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
ac88cb3c44 nvmet-tcp: fix incomplete data digest send
8889ff80fd net: marvell: mvpp2: increase MTU limit when XDP enabled
90d0736876 mlxsw: spectrum: Protect driver from buggy firmware
33d89128a9 mlxsw: Verify the accessed index doesn't exceed the array length
29e1b57347 net/smc: Ensure the active closing peer first closes clcsock
77d9c2efa8 erofs: fix deadlock when shrink erofs slab
9f540c7ffb scsi: scsi_debug: Zero clear zones at reset write pointer
725ba12895 scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
e65a8707b4 ice: avoid bpf_prog refcount underflow
1eb5395add ice: fix vsi->txq_map sizing
26ed13d064 net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
3c40584595 net: ipv6: add fib6_nh_release_dsts stub
dc2f7e9d8d net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
79068e6b1c net: stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume
cc301ad312 nfp: checking parameter process for rx-usecs/tx-usecs is invalid
9b44cb67d3 ipv6: fix typos in __ip6_finish_output()
6d9e8dabd4 firmware: smccc: Fix check for ARCH_SOC_ID not implemented
bbd1683e79 mptcp: fix delack timer
061542815a ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec
f5af2def7e iavf: Prevent changing static ITR values if adaptive moderation is on
5dca8eff46 net: marvell: prestera: fix double free issue on err path
b33c5c8281 drm/vc4: fix error code in vc4_create_object()
2bf9c5a503 scsi: mpt3sas: Fix kernel panic during drive powercycle test
29ecb4c0f0 drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
0effb7f51b ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
86c5adc780 NFSv42: Don't fail clone() unless the OP_CLONE operation failed
c9ba7864d3 firmware: arm_scmi: pm: Propagate return value to caller
8730a679c3 net: ieee802154: handle iftypes as u32
2925aadd1f ASoC: codecs: wcd934x: return error code correctly from hw_params
3a25def06d ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
4a4f900e04 ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
9196a68581 ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
2be17eca48 ARM: dts: bcm2711: Fix PCIe interrupts
9db1d4a3c2 ARM: dts: BCM5301X: Add interrupt properties to GPIO node
b2cd6fdcbe ARM: dts: BCM5301X: Fix I2C controller interrupt
b7ef25e8c2 netfilter: flowtable: fix IPv6 tunnel addr match
d689176e0e netfilter: ipvs: Fix reuse connection if RS weight is 0
994065f6ef netfilter: ctnetlink: do not erase error code with EINVAL
a3d829e5f3 netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
a8a917058f proc/vmcore: fix clearing user buffer by properly using clear_user()
1f520a0d78 PCI: aardvark: Fix link training
aec0751f61 PCI: aardvark: Simplify initialization of rootcap on virtual bridge
df57480988 PCI: aardvark: Implement re-issuing config requests on CRS response
e7f2e2c758 PCI: aardvark: Update comment about disabling link training
2b7bc1c4b2 PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
dfe906da9a powerpc/32: Fix hardlockup on vmap stack overflow
bf00edd9e6 mdio: aspeed: Fix "Link is Down" issue
14c3ce30dd mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
63195705b3 mmc: sdhci-esdhc-imx: disable CMDQ support
092a58f0d9 tracing: Fix pid filtering when triggers are attached
68fa6bf7f1 tracing/uprobe: Fix uprobe_perf_open probes iteration
b777c866aa KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
bfed9c2f2f xen: detect uninitialized xenbus in xenbus_init
e1d492c275 xen: don't continue xenstore initialization in case of errors
8f4d0719f3 fuse: release pipe buf after last use
8d0163cec7 staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
0bfed81b2c staging: greybus: Add missing rwsem around snd_ctl_remove() calls
146283f16b staging/fbtft: Fix backlight
8fc5e3c7ca HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
6ca32e2e77 Revert "parisc: Fix backtrace to always include init funtion names"
3a4aeb37a7 media: cec: copy sequence field for the reply
3798218a1a ALSA: hda/realtek: Fix LED on HP ProBook 435 G7
60274e248e ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
172167bc8d ALSA: ctxfi: Fix out-of-range access
4402cf0402 binder: fix test regression due to sender_euid change
aea184ae64 usb: hub: Fix locking issues with address0_mutex
5bf3a0c778 usb: hub: Fix usb enumeration issue due to address0 race
00f1038c72 usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
56fbab4937 usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe
b70ff391de net: nexthop: fix null pointer dereference when IPv6 is not enabled
0755f3f322 usb: dwc3: gadget: Fix null pointer exception
140e2df472 usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer
3abf746e80 usb: dwc3: gadget: Ignore NoStream after End Transfer
2b7ab82f51 usb: dwc2: hcd_queue: Fix use of floating point literal
4b18ccad96 usb: dwc2: gadget: Fix ISOC flow for elapsed frames
16f1cac8f7 USB: serial: option: add Fibocom FM101-GL variants
ff72128636 USB: serial: option: add Telit LE910S1 0x9200 composition
854c14b2a1 ACPI: Get acpi_device's parent from the parent field
33fe044f6a bpf: Fix toctou on read-only map's constant scalar tracking
8d21bcc704 Merge 5.10.82 into android12-5.10-lts
d5259a9ba6 Linux 5.10.82
d35250ec5a Revert "perf: Rework perf_event_exit_event()"
6718f79c40 ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
f751fb54f2 ALSA: hda: hdac_ext_stream: fix potential locking issues
b3ef5051a7 x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
2ec78af152 btrfs: update device path inode time instead of bd_inode
9febc9d8d2 fs: export an inode_update_time helper
cade5d7a28 ice: Delete always true check of PF pointer
fe65cecd27 usb: max-3421: Use driver data instead of maintaining a list of bound devices
6186c7b9bd ASoC: DAPM: Cover regression by kctl change notification fix
b17dd53cac selinux: fix NULL-pointer dereference when hashtab allocation fails
1ae0d59c4f RDMA/netlink: Add __maybe_unused to static inline in C file
40bc831ab5 hugetlbfs: flush TLBs correctly after huge_pmd_unshare
86ab0f8ff0 scsi: ufs: core: Fix task management completion timeout race
ddd4e46cff scsi: ufs: core: Fix task management completion
04c586a601 drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
47901b77bf drm/i915/dp: Ensure sink rate values are always valid
82de15ca6b drm/nouveau: clean up all clients on device removal
c81c90fbf5 drm/nouveau: use drm_dev_unplug() during device removal
9221aff33e drm/nouveau: Add a dedicated mutex for the clients list
65517975cb drm/udl: fix control-message timeout
3d68d6ee83 drm/amd/display: Update swizzle mode enums
7b97b5776d cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
1ab297809d parisc/sticon: fix reverse colors
6adbc07ebc btrfs: fix memory ordering between normal and ordered work functions
6289b494b3 net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform
5875f87e2f udf: Fix crash after seekdir
6b43cf113a KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load
cc73242889 block: Check ADMIN before NICE for IOPRIO_CLASS_RT
63e2f34abc s390/kexec: fix memory leak of ipl report buffer
b1cf0d2fc4 scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
08fd6df8ea powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
9c177eee11 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
b2e2fb6407 mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
99032adf7d ipc: WARN if trying to remove ipc object which is absent
a7d9162586 tipc: check for null after calling kmemdup
f5995fcb75 hexagon: clean up timer-regs.h
0854c9ff21 hexagon: export raw I/O routines for modules
528971af64 tun: fix bonding active backup with arp monitoring
af1d3c437e arm64: vdso32: suppress error message for 'make mrproper'
97653ba562 net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices
4cebe23c03 s390/kexec: fix return code handling
d4fb80ae98 perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
175135a5ea perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
84f64c7c52 pinctrl: qcom: sdm845: Enable dual edge errata
a8230fb74b KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
4e6cce20fb e100: fix device suspend/resume
34e54703fb NFC: add NCI_UNREG flag to eliminate the race
b2a60b4a01 net: nfc: nci: Change the NCI close sequence
73a0d12114 NFC: reorder the logic in nfc_{un,}register_device
cb14b196d9 NFC: reorganize the functions in nci_request
41dc8dcb49 i40e: Fix display error code in dmesg
028ea7b090 i40e: Fix creation of first queue by omitting it if is not power of two
69868d7a88 i40e: Fix warning message and call stack during rmmod i40e driver
20645482d1 i40e: Fix ping is lost after configuring ADq on VF
6d64743045 i40e: Fix changing previously set num_queue_pairs for PFs
f866513ead i40e: Fix NULL ptr dereference on VSI filter sync
0719488565 i40e: Fix correct max_pkt_size on VF RX queue
8e6bae950d net: virtio_net_hdr_to_skb: count transport header in UFO
1c4099dc0d net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
381a30f7e3 net: sched: act_mirred: drop dst for the direction from egress to ingress
a792e0128d scsi: core: sysfs: Fix hang when device state is set via sysfs
4b4302a02b net/mlx5: E-Switch, return error if encap isn't supported
68748ea4d1 net/mlx5: E-Switch, Change mode lock from mutex to rw semaphore
6190e1a2d4 net/mlx5: Lag, update tracker when state change event received
471c492890 net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
d1f8f1e04a platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
da16f907cb mips: lantiq: add support for clk_get_parent()
17dfbe1b2f mips: bcm63xx: add support for clk_get_parent()
34284b3a2f MIPS: generic/yamon-dt: fix uninitialized variable error
a61f90b216 iavf: Fix for setting queues to 0
a8a1e601c2 iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
77f5ae5441 iavf: validate pointers
ddcc185baa iavf: prevent accidental free of filter structure
a420b26128 iavf: Fix failure to exit out from last all-multicast mode
78638b4713 iavf: free q_vectors before queues in iavf_disable_vf
84a13bfe27 iavf: check for null in iavf_fix_features
1555d83ddb iavf: Fix return of set the new channel count
09decd0a10 net/smc: Make sure the link_id is unique
437e21e2c9 sock: fix /proc/net/sockstat underflow in sk_clone_lock()
4da14ddad1 net: reduce indentation level in sk_clone_lock()
9c3c2ef6ca tipc: only accept encrypted MSG_CRYPTO msgs
3d59416647 bnxt_en: reject indirect blk offload when hw-tc-offload is off
4fc060abaa net: bnx2x: fix variable dereferenced before check
3ae75cc38a net: ipa: disable HOLB drop when updating timer
3984876f91 tracing: Add length protection to histogram string copies
900ea2f628 tcp: Fix uninitialized access in skb frags array for Rx 0cp.
d1a6150ca6 net-zerocopy: Refactor skb frag fast-forward op.
5f7aadf03f net-zerocopy: Copy straggler unaligned data for TCP Rx. zerocopy.
8da80ec6d4 drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
aa31e3fda6 perf tests: Remove bash construct from record+zstd_comp_decomp.sh
2ada5c0877 perf bench futex: Fix memory leak of perf_cpu_map__new()
11589d3144 perf bpf: Avoid memory leak from perf_env__insert_btf()
5b2f2cbbc9 tracing/histogram: Do not copy the fixed-size char array field over the field size
1d61255327 blkcg: Remove extra blkcg_bio_issue_init
dadcc935f4 perf/x86/vlbr: Add c->flags to vlbr event constraints
68fcb52b61 sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
91191d47af mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
fbe27d0e1d clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
9b3d3b72be clk/ast2600: Fix soc revision for AHB
03bc8ea0ae clk: ingenic: Fix bugs with divided dividers
7a5439474e f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
0a17fff6f0 f2fs: compress: disallow disabling compress on non-empty compressed file
4ce685cc9a sh: define __BIG_ENDIAN for math-emu
73383f670d sh: math-emu: drop unused functions
f44defd569 sh: fix kconfig unmet dependency warning for FRAME_POINTER
3d7c5d08a4 f2fs: fix to use WHINT_MODE
e8bd5e3305 f2fs: fix up f2fs_lookup tracepoints
5d5bf899e5 maple: fix wrong return value of maple_bus_init().
8748f08a2f sh: check return code of request_irq
29b742690a powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST
bc4bc07fb4 powerpc/dcr: Use cmplwi instead of 3-argument cmpli
1ac6cd87d8 ALSA: gus: fix null pointer dereference on pointer block
850416bead ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
8c4d9764e7 powerpc/5200: dts: fix memory node unit name
833ad27927 iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
e0fef1c8cd scsi: target: Fix alua_tg_pt_gps_count tracking
8176441373 scsi: target: Fix ordered tag handling
8440377e1a scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
3e20cb0726 scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
9635581aa9 MIPS: sni: Fix the build
77e9fed330 tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
da82a207c4 ALSA: ISA: not for M68K
c788ac4750 ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
cbba09f869 ARM: dts: ls1021a: move thermal-zones node out of soc/
2474eb7fc3 usb: host: ohci-tmio: check return value after calling platform_get_resource()
02d9ebe0cc ARM: dts: omap: fix gpmc,mux-add-data type
c6c9bbe7fa firmware_loader: fix pre-allocated buf built-in firmware use
02a22911ed ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec
055eced3ed scsi: advansys: Fix kernel pointer leak
97f3cbb57b ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
ae2207a078 clk: imx: imx6ul: Move csi_sel mux to correct base register
0c6daf4799 ASoC: SOF: Intel: hda-dai: fix potential locking issue
19d193c576 arm64: dts: freescale: fix arm,sp805 compatible string
36446a094a arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
e52fecdd0c arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
568d94c5c9 ARM: BCM53016: Specify switch ports for Meraki MR32
3a53d9ad9b staging: rtl8723bs: remove possible deadlock when disconnect (v2)
3544c33879 ARM: dts: ux500: Skomer regulator fixes
eff8b76284 usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
679eee466d usb: musb: tusb6010: check return value after calling platform_get_resource()
2492de6f5e bus: ti-sysc: Use context lost quirk for otg
5eca1c8412 bus: ti-sysc: Add quirk handling for reinit on context lost
dcd6eefcee RDMA/bnxt_re: Check if the vlan is valid before reporting
4e5bc9fb23 arm64: dts: hisilicon: fix arm,sp805 compatible string
109a63bb07 arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
c097bd5a59 scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
db90c50783 ARM: dts: NSP: Fix mpcore, mmc node names
5010df76ab staging: wfx: ensure IRQ is ready before enabling it
2651d06e46 arm64: dts: allwinner: a100: Fix thermal zone node name
fa98ac472e arm64: dts: allwinner: h5: Fix GPU thermal zone node name
aed195558f ARM: dts: sunxi: Fix OPPs node name
e2e1056312 arm64: zynqmp: Fix serial compatible string
48f154e8b9 arm64: zynqmp: Do not duplicate flash partition label property
Some minor ABI signatures have changed due to internal structures
changing. All of these have been pre-approved already:
Leaf changes summary: 3 artifacts changed
Changed leaf types summary: 3 leaf types changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct bpf_map at bpf.h:146:1' changed:
type size hasn't changed
there are data member changes:
type 'typedef u64' of 'bpf_map::writecnt' changed:
typedef name changed from u64 to atomic64_t at types.h:175:1
underlying type 'typedef __u64' at int-ll64.h:31:1 changed:
entity changed from 'typedef __u64' to 'struct {s64 counter;}' at types.h:173:1
type size hasn't changed
4790 impacted interfaces
'struct bpf_offloaded_map at bpf.h:229:1' changed (indirectly):
type size hasn't changed
there are data member changes:
type 'struct bpf_map' of 'bpf_offloaded_map::map' changed, as reported earlier
4790 impacted interfaces
'struct fib_rules_ops at fib_rules.h:60:1' changed:
type size hasn't changed
there are data member changes:
type 'typedef bool (fib_rule*, fib_lookup_arg*)*' of 'fib_rules_ops::suppress' changed:
pointer type changed from: 'typedef bool (fib_rule*, fib_lookup_arg*)*' to: 'typedef bool (fib_rule*, int, fib_lookup_arg*)*'
4790 impacted interfaces
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id7f25c9e0edb30698178b138cc1b15a82ca5ef48
Changes in 5.10.101
integrity: check the return value of audit_log_start()
ima: Remove ima_policy file before directory
ima: Allow template selection with ima_template[_fmt]= after ima_hash=
ima: Do not print policy rule with inactive LSM labels
mmc: sdhci-of-esdhc: Check for error num after setting mask
can: isotp: fix potential CAN frame reception race in isotp_rcv()
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
NFS: Fix initialisation of nfs_client cl_flags field
NFSD: Clamp WRITE offsets
NFSD: Fix offset type in I/O trace points
drm/amdgpu: Set a suitable dev_info.gart_page_size
tracing: Propagate is_signed to expression
NFS: change nfs_access_get_cached to only report the mask
NFSv4 only print the label when its queried
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4.1: Fix uninitialised variable in devicenotify
NFSv4 remove zero number of fs_locations entries error check
NFSv4 expose nfs_parse_server_name function
NFSv4 handle port presence in fs_location server string
x86/perf: Avoid warning for Arch LBR without XSAVE
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
net: sched: Clarify error message when qdisc kind is unknown
powerpc/fixmap: Fix VM debug warning on unmap
scsi: target: iscsi: Make sure the np under each tpg is unique
scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
scsi: qedf: Add stag_work to all the vports
scsi: qedf: Fix refcount issue when LOGO is received during TMF
scsi: pm8001: Fix bogus FW crash for maxcpus=1
scsi: ufs: Treat link loss as fatal error
scsi: myrs: Fix crash in error case
PM: hibernate: Remove register_nosave_region_late()
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
perf: Always wake the parent event
nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
KVM: eventfd: Fix false positive RCU usage warning
KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow
riscv: fix build with binutils 2.38
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
ARM: dts: Fix boot regression on Skomer
ARM: socfpga: fix missing RESET_CONTROLLER
nvme-tcp: fix bogus request completion when failing to send AER
ACPI/IORT: Check node revision for PMCG resources
PM: s2idle: ACPI: Fix wakeup interrupts handling
drm/rockchip: vop: Correct RK3399 VOP register fields
ARM: dts: Fix timer regression for beagleboard revision c
ARM: dts: meson: Fix the UART compatible strings
ARM: dts: meson8: Fix the UART device-tree schema validation
ARM: dts: meson8b: Fix the UART device-tree schema validation
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
phy: xilinx: zynqmp: Fix bus width setting for SGMII
ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
usb: f_fs: Fix use-after-free for epfile
gpio: aggregator: Fix calling into sleeping GPIO controllers
drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
misc: fastrpc: avoid double fput() on failed usercopy
netfilter: ctnetlink: disable helper autoassign
arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
ixgbevf: Require large buffers for build_skb on 82599VF
drm/panel: simple: Assign data from panel_dpi_probe() correctly
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
gpio: sifive: use the correct register to read output values
bonding: pair enable_port with slave_arr_updates
net: dsa: mv88e6xxx: don't use devres for mdiobus
net: dsa: ar9331: register the mdiobus under devres
net: dsa: bcm_sf2: don't use devres for mdiobus
net: dsa: felix: don't use devres for mdiobus
net: dsa: lantiq_gswip: don't use devres for mdiobus
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
nfp: flower: fix ida_idx not being released
net: do not keep the dst cache when uncloning an skb dst and its metadata
net: fix a memleak when uncloning an skb dst and its metadata
veth: fix races around rq->rx_notify_masked
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
tipc: rate limit warning for received illegal binding update
net: amd-xgbe: disable interrupts during pci removal
dpaa2-eth: unregister the netdev before disconnecting from the PHY
ice: fix an error code in ice_cfg_phy_fec()
ice: fix IPIP and SIT TSO offload
net: mscc: ocelot: fix mutex lock error during ethtool stats read
net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
vt_ioctl: fix array_index_nospec in vt_setactivate
vt_ioctl: add array_index_nospec to VT_ACTIVATE
n_tty: wake up poll(POLLRDNORM) on receiving data
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
usb: dwc2: drd: fix soft connect when gadget is unconfigured
Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured"
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
usb: ulpi: Move of_node_put to ulpi_dev_release
usb: ulpi: Call of_node_put correctly
usb: dwc3: gadget: Prevent core from processing stale TRBs
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
USB: gadget: validate interface OS descriptor requests
usb: gadget: rndis: check size of RNDIS_MSG_SET command
usb: gadget: f_uac2: Define specific wTerminalType
usb: raw-gadget: fix handling of dual-direction-capable endpoints
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
USB: serial: option: add ZTE MF286D modem
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: cp210x: add CPI Bulk Coin Recycler id
speakup-dectlk: Restore pitch setting
phy: ti: Fix missing sentinel for clk_div_table
hwmon: (dell-smm) Speed up setting of fan speed
Makefile.extrawarn: Move -Wunaligned-access to W=1
can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
scsi: lpfc: Reduce log messages seen after firmware download
arm64: dts: imx8mq: fix lcdif port node
perf: Fix list corruption in perf_cgroup_switch()
iommu: Fix potential use-after-free during probe
Linux 5.10.101
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic9c80389b155cf05bc1c6a64d0ca92837c83fbb1
commit 8375dfac4f683e1b2c5956d919d36aeedad46699 upstream.
Commit 43a08c3bdac4 ("can: isotp: isotp_sendmsg(): fix TX buffer concurrent
access in isotp_sendmsg()") introduced a new locking scheme that may render
the userspace application in a locking state when an error is detected.
This issue shows up under high load on simultaneously running isotp channels
with identical configuration which is against the ISO specification and
therefore breaks any reasonable PDU communication anyway.
Fixes: 43a08c3bdac4 ("can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()")
Link: https://lore.kernel.org/all/20220209073601.25728-1-socketcan@hartkopp.net
Cc: stable@vger.kernel.org
Cc: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit c7223d687758462826a20e9735305d55bb874c70 ]
It would be easy to craft a message containing an illegal binding table
update operation. This is handled correctly by the code, but the
corresponding warning printout is not rate limited as is should be.
We fix this now.
Fixes: b97bf3fd8f ("[TIPC] Initial merge")
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d1ca60efc53d665cf89ed847a14a510a81770b81 ]
When userspace, e.g. conntrackd, inserts an entry with a specified helper,
its possible that the helper is lost immediately after its added:
ctnetlink_create_conntrack
-> nf_ct_helper_ext_add + assign helper
-> ctnetlink_setup_nat
-> ctnetlink_parse_nat_setup
-> parse_nat_setup -> nfnetlink_parse_nat_setup
-> nf_nat_setup_info
-> nf_conntrack_alter_reply
-> __nf_ct_try_assign_helper
... and __nf_ct_try_assign_helper will zero the helper again.
Set IPS_HELPER bit to bypass auto-assign logic, its unwanted, just like
when helper is assigned via ruleset.
Dropped old 'not strictly necessary' comment, it referred to use of
rcu_assign_pointer() before it got replaced by RCU_INIT_POINTER().
NB: Fixes tag intentionally incorrect, this extends the referenced commit,
but this change won't build without IPS_HELPER introduced there.
Fixes: 6714cf5465 ("netfilter: nf_conntrack: fix explicit helper attachment and NAT")
Reported-by: Pham Thanh Tuyen <phamtyn@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 973bf8fdd12f0e70ea351c018e68edd377a836d1 ]
When adding a tc rule with a qdisc kind that is not supported or not
compiled into the kernel, the kernel emits the following error: "Error:
Specified qdisc not found.". Found via tdc testing when ETS qdisc was not
compiled in and it was not obvious right away what the message meant
without looking at the kernel code.
Change the error message to be more explicit and say the qdisc kind is
unknown.
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7c759040c1dd03954f650f147ae7175476d51314 upstream.
When receiving a CAN frame the current code logic does not consider
concurrently receiving processes which do not show up in real world
usage.
Ziyang Xuan writes:
The following syz problem is one of the scenarios. so->rx.len is
changed by isotp_rcv_ff() during isotp_rcv_cf(), so->rx.len equals
0 before alloc_skb() and equals 4096 after alloc_skb(). That will
trigger skb_over_panic() in skb_put().
=======================================================
CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc8-syzkaller #0
RIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:113
Call Trace:
<TASK>
skb_over_panic net/core/skbuff.c:118 [inline]
skb_put.cold+0x24/0x24 net/core/skbuff.c:1990
isotp_rcv_cf net/can/isotp.c:570 [inline]
isotp_rcv+0xa38/0x1e30 net/can/isotp.c:668
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x445/0x8d0 net/can/af_can.c:635
can_receive+0x31d/0x580 net/can/af_can.c:665
can_rcv+0x120/0x1c0 net/can/af_can.c:696
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5465
__netif_receive_skb+0x24/0x1b0 net/core/dev.c:5579
Therefore we make sure the state changes and data structures stay
consistent at CAN frame reception time by adding a spin_lock in
isotp_rcv(). This fixes the issue reported by syzkaller but does not
affect real world operation.
Fixes: e057dd3fc2 ("can: add ISO 15765-2:2016 transport protocol")
Link: https://lore.kernel.org/linux-can/d7e69278-d741-c706-65e1-e87623d9a8e8@huawei.com/T/
Link: https://lore.kernel.org/all/20220208200026.13783-1-socketcan@hartkopp.net
Cc: stable@vger.kernel.org
Reported-by: syzbot+4c63f36709a642f801c5@syzkaller.appspotmail.com
Reported-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
While commit 097b9146c0e2 ("net: fix up truesize of cloned
skb in skb_prepare_for_shift()") fixed immediate issues found
when KFENCE was enabled/tested, there are still similar issues,
when tcp_trim_head() hits KFENCE while the master skb
is cloned.
This happens under heavy networking TX workloads,
when the TX completion might be delayed after incoming ACK.
This patch fixes the WARNING in sk_stream_kill_queues
when sk->sk_mem_queued/sk->sk_forward_alloc are not zero.
Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/20211102004555.1359210-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit c4777efa751d293e369aec464ce6875e957be255)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I5e456705bd01396c05c79009aeba36e00829e037
commit 9aa422ad326634b76309e8ff342c246800621216 upstream.
The function tipc_mon_rcv() allows a node to receive and process
domain_record structs from peer nodes to track their views of the
network topology.
This patch verifies that the number of members in a received domain
record does not exceed the limit defined by MAX_MON_DOMAIN, something
that may otherwise lead to a stack overflow.
tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where
we are reading a 32 bit message data length field into a uint16. To
avert any risk of bit overflow, we add an extra sanity check for this in
that function. We cannot see that happen with the current code, but
future designers being unaware of this risk, may introduce it by
allowing delivery of very large (> 64k) sk buffers from the bearer
layer. This potential problem was identified by Eric Dumazet.
This fixes CVE-2022-0435
Reported-by: Samuel Page <samuel.page@appgate.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: 35c55c9877 ("tipc: add neighbor monitoring framework")
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Samuel Page <samuel.page@appgate.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3c7e594355)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5da5bc6880456ec91e6d3f3a283d2c24b6cc269c
Changes in 5.10.100
moxart: fix potential use-after-free on remove path
KVM: s390: Return error on SIDA memop on normal guest
crypto: api - Move cryptomgr soft dependency into algapi
tipc: improve size validations for received domain records
Linux 5.10.100
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I171e1de80869482794b41d437fd66993a0c8a1d5
commit 9aa422ad326634b76309e8ff342c246800621216 upstream.
The function tipc_mon_rcv() allows a node to receive and process
domain_record structs from peer nodes to track their views of the
network topology.
This patch verifies that the number of members in a received domain
record does not exceed the limit defined by MAX_MON_DOMAIN, something
that may otherwise lead to a stack overflow.
tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where
we are reading a 32 bit message data length field into a uint16. To
avert any risk of bit overflow, we add an extra sanity check for this in
that function. We cannot see that happen with the current code, but
future designers being unaware of this risk, may introduce it by
allowing delivery of very large (> 64k) sk buffers from the bearer
layer. This potential problem was identified by Eric Dumazet.
This fixes CVE-2022-0435
Reported-by: Samuel Page <samuel.page@appgate.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: 35c55c9877 ("tipc: add neighbor monitoring framework")
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Samuel Page <samuel.page@appgate.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 5.10.99
selinux: fix double free of cond_list on error paths
audit: improve audit queue handling when "audit=1" on cmdline
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ALSA: usb-audio: Correct quirk for VF0770
ALSA: hda: Fix UAF of leds class devs at unbinding
ALSA: hda: realtek: Fix race at concurrent COEF updates
ALSA: hda/realtek: Add quirk for ASUS GU603
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
btrfs: fix deadlock between quota disable and qgroup rescan worker
drm/nouveau: fix off by one in BIOS boundary checking
drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels
nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
mm/debug_vm_pgtable: remove pte entry from the page table
mm/pgtable: define pte_index so that preprocessor could recognize it
mm/kmemleak: avoid scanning potential huge holes
block: bio-integrity: Advance seed correctly for larger interval sizes
dma-buf: heaps: Fix potential spectre v1 gadget
IB/hfi1: Fix AIP early init panic
Revert "ASoC: mediatek: Check for error clk pointer"
memcg: charge fs_context and legacy_fs_context
RDMA/cma: Use correct address when leaving multicast group
RDMA/ucma: Protect mc during concurrent multicast leaves
IB/rdmavt: Validate remote_addr during loopback atomic tests
RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
RDMA/mlx4: Don't continue event handler after memory allocation failure
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
spi: bcm-qspi: check for valid cs before applying chip select
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: meson-spicc: add IRQ check in meson_spicc_probe
spi: uniphier: fix reference count leak in uniphier_spi_probe()
net: ieee802154: hwsim: Ensure proper channel selection at probe time
net: ieee802154: mcr20a: Fix lifs/sifs periods
net: ieee802154: ca8210: Stop leaking skb's
net: ieee802154: Return meaningful error codes from the netlink helpers
net: macsec: Fix offload support for NETDEV_UNREGISTER event
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: stmmac: dump gmac4 DMA registers correctly
net: stmmac: ensure PTP time register reads are consistent
drm/i915/overlay: Prevent divide by zero bugs in scaling
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
ASoC: max9759: fix underflow in speaker_gain_control_put()
pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line
pinctrl: intel: fix unexpected interrupt
pinctrl: bcm2835: Fix a few error paths
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
gve: fix the wrong AdminQ buffer queue index check
bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
selftests/exec: Remove pipe from TEST_GEN_FILES
selftests: futex: Use variable MAKE instead of make
tools/resolve_btfids: Do not print any commands when building silently
rtc: cmos: Evaluate century appropriate
Revert "fbcon: Disable accelerated scrolling"
fbcon: Add option to enable legacy hardware acceleration
perf stat: Fix display of grouped aliased events
perf/x86/intel/pt: Fix crash with stop filters in single-range mode
x86/perf: Default set FREEZE_ON_SMI for all
EDAC/altera: Fix deferred probing
EDAC/xgene: Fix deferred probing
ext4: prevent used blocks from being allocated during fast commit replay
ext4: modify the logic of ext4_mb_new_blocks_simple
ext4: fix error handling in ext4_restore_inline_data()
ext4: fix error handling in ext4_fc_record_modified_inode()
ext4: fix incorrect type issue during replay_del_range
net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
selftests: nft_concat_range: add test for reload with no element add/del
Linux 5.10.99
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idc1d987b935d86d2a201e0b4a8db801c08c71b98
Changes in 5.10.97
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
net: ipa: fix atomic update in ipa_endpoint_replenish()
net: ipa: use a bitmap for endpoint replenish_enabled
net: ipa: prevent concurrent replenish
Revert "drivers: bus: simple-pm-bus: Add support for probing simple bus only devices"
KVM: x86: Forcibly leave nested virt when SMM state is toggled
psi: Fix uaf issue when psi trigger is destroyed while being polled
x86/mce: Add Xeon Sapphire Rapids to list of CPUs that support PPIN
x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
drm/vc4: hdmi: Make sure the device is powered with CEC
cgroup-v1: Require capabilities to set release_agent
net/mlx5e: Fix handling of wrong devices during bond netevent
net/mlx5: Use del_timer_sync in fw reset flow of halting poll
net/mlx5: E-Switch, Fix uninitialized variable modact
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
net: amd-xgbe: ensure to reset the tx_timer_active flag
net: amd-xgbe: Fix skb data length underflow
fanotify: Fix stale file descriptor in copy_event_to_user()
net: sched: fix use-after-free in tc_new_tfilter()
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
Linux 5.10.97
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I428a930b475ba1b15d4b1ad05dde7df36cec6405
Changes in 5.10.96
Bluetooth: refactor malicious adv data check
media: venus: core: Drop second v4l2 device unregister
net: sfp: ignore disabled SFP node
net: stmmac: skip only stmmac_ptp_register when resume from suspend
s390/module: fix loading modules with a lot of relocations
s390/hypfs: include z/VM guests with access control group set
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
PM: wakeup: simplify the output logic of pm_show_wakelocks()
tracing/histogram: Fix a potential memory leak for kstrdup()
tracing: Don't inc err_log entry count if entry allocation fails
ceph: properly put ceph_string reference after async create attempt
ceph: set pool_ns in new inode layout for async creates
fsnotify: fix fsnotify hooks in pseudo filesystems
Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
drm/etnaviv: relax submit size limits
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
arm64: errata: Fix exec handling in erratum 1418040 workaround
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: stm32: fix software flow control transfer
tty: n_gsm: fix SW flow control encoding/handling
tty: Add support for Brainboxes UC cards.
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
usb: xhci-plat: fix crash when suspend if remote wake enable
usb: common: ulpi: Fix crash in ulpi_match()
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: typec: tcpm: Do not disconnect while receiving VBUS off
ucsi_ccg: Check DEV_INT bit only when starting CCG4
jbd2: export jbd2_journal_[grab|put]_journal_head
ocfs2: fix a deadlock when commit trans
sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask
x86/MCE/AMD: Allow thresholding interface updates after init
powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs
powerpc/32s: Fix kasan_init_region() for KASAN
powerpc/32: Fix boot failure with GCC latent entropy plugin
i40e: Increase delay to 1 s after global EMP reset
i40e: Fix issue when maximum queues is exceeded
i40e: Fix queues reservation for XDP
i40e: Fix for failed to init adminq while VF reset
i40e: fix unsigned stat widths
usb: roles: fix include/linux/usb/role.h compile issue
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
ipv6_tunnel: Rate limit warning messages
net: fix information leakage in /proc/net/ptype
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
hwmon: (lm90) Mark alert as broken for MAX6680
ping: fix the sk_bound_dev_if match in ping_lookup
ipv4: avoid using shared IP generator for connected sockets
hwmon: (lm90) Reduce maximum conversion rate for G781
NFSv4: Handle case where the lookup of a directory fails
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
net-procfs: show net devices bound packet types
drm/msm: Fix wrong size calculation
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
ipv6: annotate accesses to fn->fn_sernum
NFS: Ensure the server has an up to date ctime before hardlinking
NFS: Ensure the server has an up to date ctime before renaming
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
kernel: delete repeated words in comments
perf: Fix perf_event_read_local() time
sched/pelt: Relax the sync of util_sum with util_avg
net: phy: broadcom: hook up soft_reset for BCM54616S
phylib: fix potential use-after-free
octeontx2-pf: Forward error codes to VF
rxrpc: Adjust retransmission backoff
efi/libstub: arm64: Fix image check alignment at entry
hwmon: (lm90) Mark alert as broken for MAX6654
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
net: ipv4: Move ip_options_fragment() out of loop
net: ipv4: Fix the warning for dereference
ipv4: fix ip option filtering for locally generated fragments
ibmvnic: init ->running_cap_crqs early
ibmvnic: don't spin in tasklet
video: hyperv_fb: Fix validation of screen resolution
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
yam: fix a memory leak in yam_siocdevprivate()
net: cpsw: Properly initialise struct page_pool_params
net: hns3: handle empty unknown interrupt for VF
Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
net: bridge: vlan: fix single net device option dumping
ipv4: raw: lock the socket in raw_bind()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: remove sparse error in ip_neigh_gw4()
net: bridge: vlan: fix memory leak in __allowed_ingress
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
usr/include/Makefile: add linux/nfc.h to the compile-test coverage
fsnotify: invalidate dcache before IN_DELETE event
block: Fix wrong offset in bio_truncate()
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
Linux 5.10.96
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie34be06fa082557e93eda246f1a9ebf9f155a138
commit b67985be400969578d4d4b17299714c0e5d2c07b upstream.
tcp_shift_skb_data() might collapse three packets into a larger one.
P_A, P_B, P_C -> P_ABC
Historically, it used a single tcp_skb_can_collapse_to(P_A) call,
because it was enough.
In commit 8571248411 ("tcp: coalesce/collapse must respect MPTCP extensions"),
this call was replaced by a call to tcp_skb_can_collapse(P_A, P_B)
But the now needed test over P_C has been missed.
This probably broke MPTCP.
Then later, commit 9b65b17db723 ("net: avoid double accounting for pure zerocopy skbs")
added an extra condition to tcp_skb_can_collapse(), but the missing call
from tcp_shift_skb_data() is also breaking TCP zerocopy, because P_A and P_C
might have different skb_zcopy_pure() status.
Fixes: 8571248411 ("tcp: coalesce/collapse must respect MPTCP extensions")
Fixes: 9b65b17db723 ("net: avoid double accounting for pure zerocopy skbs")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: Talal Ahmad <talalahmad@google.com>
Cc: Arjun Roy <arjunroy@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220201184640.756716-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e42e70ad6ae2ae511a6143d2e8da929366e58bd9 upstream.
When packet_setsockopt( PACKET_FANOUT_DATA ) reads po->fanout,
no lock is held, meaning that another thread can change po->fanout.
Given that po->fanout can only be set once during the socket lifetime
(it is only cleared from fanout_release()), we can use
READ_ONCE()/WRITE_ONCE() to document the race.
BUG: KCSAN: data-race in packet_setsockopt / packet_setsockopt
write to 0xffff88813ae8e300 of 8 bytes by task 14653 on cpu 0:
fanout_add net/packet/af_packet.c:1791 [inline]
packet_setsockopt+0x22fe/0x24a0 net/packet/af_packet.c:3931
__sys_setsockopt+0x209/0x2a0 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__x64_sys_setsockopt+0x62/0x70 net/socket.c:2188
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff88813ae8e300 of 8 bytes by task 14654 on cpu 1:
packet_setsockopt+0x691/0x24a0 net/packet/af_packet.c:3935
__sys_setsockopt+0x209/0x2a0 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__x64_sys_setsockopt+0x62/0x70 net/socket.c:2188
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x0000000000000000 -> 0xffff888106f8c000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 14654 Comm: syz-executor.3 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: 47dceb8ecd ("packet: add classic BPF fanout mode")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20220201022358.330621-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit fd20d9738395cf8e27d0a17eba34169699fccdff ]
When using per-vlan state, if vlan snooping and stats are disabled,
untagged or priority-tagged ingress frame will go to check pvid state.
If the port state is forwarding and the pvid state is not
learning/forwarding, untagged or priority-tagged frame will be dropped
but skb memory is not freed.
Should free skb when __allowed_ingress returns false.
Fixes: a580c76d53 ("net: bridge: vlan: add per-vlan state")
Signed-off-by: Tim Yi <tim.yi@pica8.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20220127074953.12632-1-tim.yi@pica8.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 970a5a3ea86da637471d3cd04d513a0755aba4bf ]
In commit 431280eebe ("ipv4: tcp: send zero IPID for RST and
ACK sent in SYN-RECV and TIME-WAIT state") we took care of some
ctl packets sent by TCP.
It turns out we need to use a similar strategy for SYNACK packets.
By default, they carry IP_DF and IPID==0, but there are ways
to ask them to use the hashed IP ident generator and thus
be used to build off-path attacks.
(Ref: Off-Path TCP Exploits of the Mixed IPID Assignment)
One of this way is to force (before listener is started)
echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc
Another way is using forged ICMP ICMP_FRAG_NEEDED
with a very small MTU (like 68) to force a false return from
ip_dont_fragment()
In this patch, ip_build_and_send_pkt() uses the following
heuristics.
1) Most SYNACK packets are smaller than IPV4_MIN_MTU and therefore
can use IP_DF regardless of the listener or route pmtu setting.
2) In case the SYNACK packet is bigger than IPV4_MIN_MTU,
we use prandom_u32() generator instead of the IPv4 hashed ident one.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Ray Che <xijiache@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Cc: Geoff Alexander <alexandg@cs.unm.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit dcb2c5c6ca9b9177f04abaf76e5a983d177c9414 ]
When dumping vlan options for a single net device we send the same
entries infinitely because user-space expects a 0 return at the end but
we keep returning skb->len and restarting the dump on retry. Fix it by
returning the value from br_vlan_dump_dev() if it completed or there was
an error. The only case that must return skb->len is when the dump was
incomplete and needs to continue (-EMSGSIZE).
Reported-by: Benjamin Poirier <bpoirier@nvidia.com>
Fixes: 8dcea18708 ("net: bridge: vlan: add rtm definitions and dump support")
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 36268983e90316b37000a005642af42234dabb36 ]
This reverts commit b75326c201.
This commit breaks Linux compatibility with USGv6 tests. The RFC this
commit was based on is actually an expired draft: no published RFC
currently allows the new behaviour it introduced.
Without full IETF endorsement, the flash renumbering scenario this
patch was supposed to enable is never going to work, as other IPv6
equipements on the same LAN will keep the 2 hours limit.
Fixes: b75326c201 ("ipv6: Honor all IPv6 PIO Valid Lifetime values")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 27a8caa59babb96c5890569e131bc0eb6d45daee ]
During IP fragmentation we sanitize IP options. This means overwriting
options which should not be copied with NOPs. Only the first fragment
has the original, full options.
ip_fraglist_prepare() copies the IP header and options from previous
fragment to the next one. Commit 19c3401a91 ("net: ipv4: place control
buffer handling away from fragmentation iterators") moved sanitizing
options before ip_fraglist_prepare() which means options are sanitized
and then overwritten again with the old values.
Fixing this is not enough, however, nor did the sanitization work
prior to aforementioned commit.
ip_options_fragment() (which does the sanitization) uses ipcb->opt.optlen
for the length of the options. ipcb->opt of fragments is not populated
(it's 0), only the head skb has the state properly built. So even when
called at the right time ip_options_fragment() does nothing. This seems
to date back all the way to v2.5.44 when the fast path for pre-fragmented
skbs had been introduced. Prior to that ip_options_build() would have been
called for every fragment (in fact ever since v2.5.44 the fragmentation
handing in ip_options_build() has been dead code, I'll clean it up in
-next).
In the original patch (see Link) caixf mentions fixing the handling
for fragments other than the second one, but I'm not sure how _any_
fragment could have had their options sanitized with the code
as it stood.
Tested with python (MTU on lo lowered to 1000 to force fragmentation):
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.IPPROTO_IP, socket.IP_OPTIONS,
bytearray([7,4,5,192, 20|0x80,4,1,0]))
s.sendto(b'1'*2000, ('127.0.0.1', 1234))
Before:
IP (tos 0x0, ttl 64, id 1053, offset 0, flags [+], proto UDP (17), length 996, options (RR [bad length 4] [bad ptr 5] 192.148.4.1,,RA value 256))
localhost.36500 > localhost.search-agent: UDP, length 2000
IP (tos 0x0, ttl 64, id 1053, offset 968, flags [+], proto UDP (17), length 996, options (RR [bad length 4] [bad ptr 5] 192.148.4.1,,RA value 256))
localhost > localhost: udp
IP (tos 0x0, ttl 64, id 1053, offset 1936, flags [none], proto UDP (17), length 100, options (RR [bad length 4] [bad ptr 5] 192.148.4.1,,RA value 256))
localhost > localhost: udp
After:
IP (tos 0x0, ttl 96, id 42549, offset 0, flags [+], proto UDP (17), length 996, options (RR [bad length 4] [bad ptr 5] 192.148.4.1,,RA value 256))
localhost.51607 > localhost.search-agent: UDP, bad length 2000 > 960
IP (tos 0x0, ttl 96, id 42549, offset 968, flags [+], proto UDP (17), length 996, options (NOP,NOP,NOP,NOP,RA value 256))
localhost > localhost: udp
IP (tos 0x0, ttl 96, id 42549, offset 1936, flags [none], proto UDP (17), length 100, options (NOP,NOP,NOP,NOP,RA value 256))
localhost > localhost: udp
RA (20 | 0x80) is now copied as expected, RR (7) is "NOPed out".
Link: https://lore.kernel.org/netdev/20220107080559.122713-1-ooppublic@163.com/
Fixes: 19c3401a91 ("net: ipv4: place control buffer handling away from fragmentation iterators")
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: caixf <ooppublic@163.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1b9fbe813016b08e08b22ddba4ddbf9cb1b04b00 ]
Add a if statements to avoid the warning.
Dan Carpenter report:
The patch faf482ca196a: "net: ipv4: Move ip_options_fragment() out of
loop" from Aug 23, 2021, leads to the following Smatch complaint:
net/ipv4/ip_output.c:833 ip_do_fragment()
warn: variable dereferenced before check 'iter.frag' (see line 828)
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: faf482ca196a ("net: ipv4: Move ip_options_fragment() out of loop")
Link: https://lore.kernel.org/netdev/20210830073802.GR7722@kadam/T/#t
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit faf482ca196a5b16007190529b3b2dd32ab3f761 ]
The ip_options_fragment() only called when iter->offset is equal to zero,
so move it out of loop, and inline 'Copy the flags to each fragment.'
As also, remove the unused parameter in ip_frag_ipcb().
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2c13c05c5ff4b9fc907b07f7311821910ebaaf8a ]
Improve retransmission backoff by only backing off when we retransmit data
packets rather than when we set the lost ack timer.
To this end:
(1) In rxrpc_resend(), use rxrpc_get_rto_backoff() when setting the
retransmission timer and only tell it that we are retransmitting if we
actually have things to retransmit.
Note that it's possible for the retransmission algorithm to race with
the processing of a received ACK, so we may see no packets needing
retransmission.
(2) In rxrpc_send_data_packet(), don't bump the backoff when setting the
ack_lost_at timer, as it may then get bumped twice.
With this, when looking at one particular packet, the retransmission
intervals were seen to be 1.5ms, 2ms, 3ms, 5ms, 9ms, 17ms, 33ms, 71ms,
136ms, 264ms, 544ms, 1.088s, 2.1s, 4.2s and 8.3s.
Fixes: c410bf0193 ("rxrpc: Fix the excessive initial retransmission timeout")
Suggested-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://lore.kernel.org/r/164138117069.2023386.17446904856843997127.stgit@warthog.procyon.org.uk/
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 830af2eba40327abec64325a5b08b1e85c37a2e0 ]
The packet isn't invalid, REPEAT means we're trying again after cleaning
out a stale connection, e.g. via tcp tracker.
This caused increases of invalid stat counter in a test case involving
frequent connection reuse, even though no packet is actually invalid.
Fixes: 56a62e2218 ("netfilter: conntrack: fix NF_REPEAT handling")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1d10f8a1f40b965d449e8f2d5ed7b96a7c138b77 upstream.
After commit:7866a621043f ("dev: add per net_device packet type chains"),
we can not get packet types that are bound to a specified net device by
/proc/net/ptype, this patch fix the regression.
Run "tcpdump -i ens192 udp -nns0" Before and after apply this patch:
Before:
[root@localhost ~]# cat /proc/net/ptype
Type Device Function
0800 ip_rcv
0806 arp_rcv
86dd ipv6_rcv
After:
[root@localhost ~]# cat /proc/net/ptype
Type Device Function
ALL ens192 tpacket_rcv
0800 ip_rcv
0806 arp_rcv
86dd ipv6_rcv
v1 -> v2:
- fix the regression rather than adding new /proc API as
suggested by Stephen Hemminger.
Fixes: 7866a62104 ("dev: add per net_device packet type chains")
Signed-off-by: Jianguo Wu <wujianguo@chinatelecom.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2afc3b5a31f9edf3ef0f374f5d70610c79c93a42 upstream.
When 'ping' changes to use PING socket instead of RAW socket by:
# sysctl -w net.ipv4.ping_group_range="0 100"
the selftests 'router_broadcast.sh' will fail, as such command
# ip vrf exec vrf-h1 ping -I veth0 198.51.100.255 -b
can't receive the response skb by the PING socket. It's caused by mismatch
of sk_bound_dev_if and dif in ping_rcv() when looking up the PING socket,
as dif is vrf-h1 if dif's master was set to vrf-h1.
This patch is to fix this regression by also checking the sk_bound_dev_if
against sdif so that the packets can stil be received even if the socket
is not bound to the vrf device but to the real iif.
Fixes: c319b4d76b ("net: ipv4: add IPPROTO_ICMP socket kind")
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 47934e06b65637c88a762d9c98329ae6e3238888 upstream.
In one net namespace, after creating a packet socket without binding
it to a device, users in other net namespaces can observe the new
`packet_type` added by this packet socket by reading `/proc/net/ptype`
file. This is minor information leakage as packet socket is
namespace aware.
Add a net pointer in `packet_type` to keep the net namespace of
of corresponding packet socket. In `ptype_seq_show`, this net pointer
must be checked when it is not NULL.
Fixes: 2feb27dbe0 ("[NETNS]: Minor information leak via /proc/net/ptype file.")
Signed-off-by: Congyu Liu <liu3101@purdue.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6cee105e7f2ced596373951d9ea08dacc3883c68 upstream.
The warning messages can be invoked from the data path for every packet
transmitted through an ip6gre netdev, leading to high CPU utilization.
Fix that by rate limiting the messages.
Fixes: 09c6bbf090 ("[IPV6]: Do mandatory IPv6 tunnel endpoint checks in realtime")
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Tested-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 29044dae2e746949ad4b9cbdbfb248994d1dcdb4 upstream.
Commit 49246466a9 ("fsnotify: move fsnotify_nameremove() hook out of
d_delete()") moved the fsnotify delete hook before d_delete() so fsnotify
will have access to a positive dentry.
This allowed a race where opening the deleted file via cached dentry
is now possible after receiving the IN_DELETE event.
To fix the regression in pseudo filesystems, convert d_delete() calls
to d_drop() (see commit 46c46f8df9 ("devpts_pty_kill(): don't bother
with d_delete()") and move the fsnotify hook after d_drop().
Add a missing fsnotify_unlink() hook in nfsdfs that was found during
the audit of fsnotify hooks in pseudo filesystems.
Note that the fsnotify hooks in simple_recursive_removal() follow
d_invalidate(), so they require no change.
Link: https://lore.kernel.org/r/20220120215305.282577-2-amir73il@gmail.com
Reported-by: Ivan Delalande <colona@arista.com>
Link: https://lore.kernel.org/linux-fsdevel/YeNyzoDM5hP5LtGW@visor/
Fixes: 49246466a9 ("fsnotify: move fsnotify_nameremove() hook out of d_delete()")
Cc: stable@vger.kernel.org # v5.3+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 899663be5e75dc0174dc8bda0b5e6826edf0b29a upstream.
Check for out-of-bound read was being performed at the end of while
num_reports loop, and would fill journal with false positives. Added
check to beginning of loop processing so that it doesn't get checked
after ptr has been advanced.
Signed-off-by: Brian Gix <brian.gix@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: syphyr <syphyr@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Two changes to net/xfrm/xfrm_policy.c in the 5.10.94 release ended up
changing the CRC for a xfrm function, despite no actual change
happening. Fix this up by putting __GENKSYMS__ bounds on the include
files to preserve the CRC.
Bug: 161946584
Fixes: 7f2ca96bd2 ("xfrm: Don't accidentally set RTO_ONLINK in decode_session4()")
Fixes: 56f974d583 ("xfrm: fix policy lookup for ipv6 gre packets")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia09ea8d4439ec276716396f40dc82c0958624690
This reverts commit a0b13335a3 which is
commit 4e484b3e969b52effd95c17f7a86f39208b2ccf4 upstream.
It breaks the Android kernel ABI and is not a problem for Android
systems, so revert it.
Bug: 161946584
Fixes: a0b13335a3 ("xfrm: rate limit SA mapping change message to user space")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I00273c8a02ac367e0b429d7d8793ea2686752f77
Changes in 5.10.94
KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
HID: uhid: Fix worker destroying device without any protection
HID: wacom: Reset expected and received contact counts at the same time
HID: wacom: Ignore the confidence flag when a touch is removed
HID: wacom: Avoid using stale array indicies to read contact count
f2fs: fix to do sanity check in is_alive()
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
mtd: Fixed breaking list in __mtd_del_partition.
mtd: rawnand: davinci: Don't calculate ECC when reading page
mtd: rawnand: davinci: Avoid duplicated page read
mtd: rawnand: davinci: Rewrite function description
x86/gpu: Reserve stolen memory for first integrated Intel GPU
tools/nolibc: x86-64: Fix startup code bug
tools/nolibc: i386: fix initial stack alignment
tools/nolibc: fix incorrect truncation of exit code
rtc: cmos: take rtc_lock while reading from CMOS
media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
media: flexcop-usb: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: s2255: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: redrat3: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: stk1160: fix control-message timeouts
media: cec-pin: fix interrupt en/disable handling
can: softing_cs: softingcs_probe(): fix memleak on registration failure
iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
gpu: host1x: Add back arm_iommu_detach_device()
dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
mm_zone: add function to check if managed dma zone exists
dma/pool: create dma atomic pool only if dma zone has managed pages
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
drm/ttm: Put BO in its memory manager's lru list
Bluetooth: L2CAP: Fix not initializing sk_peer_pid
drm/bridge: display-connector: fix an uninitialized pointer in probe()
drm: fix null-ptr-deref in drm_dev_init_release()
drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
drm/panel: innolux-p079zca: Delete panel on attach() failure
drm/rockchip: dsi: Fix unbalanced clock on probe error
drm/rockchip: dsi: Hold pm-runtime across bind/unbind
drm/rockchip: dsi: Disable PLL clock on bind error
drm/rockchip: dsi: Reconfigure hardware on resume()
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
clk: bcm-2835: Pick the closest clock rate
clk: bcm-2835: Remove rounding up the dividers
drm/vc4: hdmi: Set a default HSM rate
wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
wcn36xx: Fix DMA channel enable/disable cycle
wcn36xx: Release DMA channel descriptor allocations
wcn36xx: Put DXE block into reset before freeing memory
wcn36xx: populate band before determining rate on RX
wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
media: videobuf2: Fix the size printk format
media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities()
media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case
media: atomisp: fix inverted logic in buffers_needed()
media: atomisp: do not use err var when checking port validity for ISP2400
media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid()
media: atomisp: fix ifdefs in sh_css.c
media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c
media: atomisp: add NULL check for asd obtained from atomisp_video_pipe
media: atomisp: fix enum formats logic
media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr()
media: aspeed: fix mode-detect always time out at 2nd run
media: em28xx: fix memory leak in em28xx_init_dev
media: aspeed: Update signal status immediately to ensure sane hw state
arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name
arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+
arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
fs: dlm: use sk->sk_socket instead of con->sock
fs: dlm: don't call kernel_getpeername() in error_report()
memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails
Bluetooth: stop proccessing malicious adv data
ath11k: Fix ETSI regd with weather radar overlap
ath11k: clear the keys properly via DISABLE_KEY
ath11k: reset RSN/WPA present state for open BSS
tee: fix put order in teedev_close_context()
fs: dlm: fix build with CONFIG_IPV6 disabled
drm/vboxvideo: fix a NULL vs IS_ERR() check
arm64: dts: renesas: cat875: Add rx/tx delays
media: dmxdev: fix UAF when dvb_register_device() fails
crypto: qce - fix uaf on qce_ahash_register_one
crypto: qce - fix uaf on qce_skcipher_register_one
mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove
ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco
crypto: qat - fix spelling mistake: "messge" -> "message"
crypto: qat - remove unnecessary collision prevention step in PFVF
crypto: qat - make pfvf send message direction agnostic
crypto: qat - fix undetected PFVF timeout in ACK loop
ath11k: Use host CE parameters for CE interrupts configuration
arm64: dts: ti: k3-j721e: correct cache-sets info
tty: serial: atmel: Check return code of dmaengine_submit()
tty: serial: atmel: Call dma_async_issue_pending()
mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP
mfd: atmel-flexcom: Use .resume_noirq
media: rcar-csi2: Correct the selection of hsfreqrange
media: imx-pxp: Initialize the spinlock prior to using it
media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
media: coda: fix CODA960 JPEG encoder buffer overflow
media: venus: pm_helpers: Control core power domain manually
media: venus: core, venc, vdec: Fix probe dependency error
media: venus: core: Fix a potential NULL pointer dereference in an error handling path
media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
thermal/drivers/imx: Implement runtime PM support
netfilter: bridge: add support for pppoe filtering
arm64: dts: qcom: msm8916: fix MMC controller aliases
cgroup: Trace event cgroup id fields should be u64
ACPI: EC: Rework flushing of EC work while suspended to idle
thermal/drivers/imx8mm: Enable ADC when enabling monitor
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
arm64: dts: ti: k3-j7200: Fix the L2 cache sets
arm64: dts: ti: k3-j721e: Fix the L2 cache sets
arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
tty: serial: uartlite: allow 64 bit address
serial: amba-pl011: do not request memory region twice
floppy: Fix hang in watchdog when disk is ejected
staging: rtl8192e: return error code from rtllib_softmac_init()
staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
Bluetooth: btmtksdio: fix resume failure
sched/fair: Fix detection of per-CPU kthreads waking a task
sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
bpf: Adjust BTF log size limit.
bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
bpf: Remove config check to enable bpf support for branch records
arm64: lib: Annotate {clear, copy}_page() as position-independent
arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
media: dib8000: Fix a memleak in dib8000_init()
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: si2157: Fix "warm" tuner state detection
wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
sched/rt: Try to restart rt period timer when rt runtime exceeded
drm/msm/dp: displayPort driver need algorithm rational
rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
mwifiex: Fix possible ABBA deadlock
xfrm: fix a small bug in xfrm_sa_len()
x86/uaccess: Move variable into switch case statement
selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
selftests: harness: avoid false negatives if test has no ASSERTs
crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter
crypto: stm32/cryp - fix CTR counter carry
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
crypto: stm32/cryp - check early input data
crypto: stm32/cryp - fix double pm exit
crypto: stm32/cryp - fix lrw chaining mode
crypto: stm32/cryp - fix bugs and crash in tests
crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
media: dw2102: Fix use after free
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
arm64: dts: qcom: c630: Fix soundcard setup
arm64: dts: qcom: ipq6018: Fix gpio-ranges property
drm/msm/dpu: fix safe status debugfs file
drm/bridge: ti-sn65dsi86: Set max register for regmap
drm/tegra: vic: Fix DMA API misuse
media: hantro: Fix probe func error path
xfrm: interface with if_id 0 should return error
xfrm: state and policy should fail if XFRMA_IF_ID 0
ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
usb: ftdi-elan: fix memory leak on device disconnect
arm64: dts: marvell: cn9130: add GPIO and SPI aliases
arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
ARM: dts: armada-38x: Add generic compatible to UART nodes
iwlwifi: mvm: fix 32-bit build in FTM
iwlwifi: mvm: test roc running status bits before removing the sta
mmc: meson-mx-sdhc: add IRQ check
mmc: meson-mx-sdio: add IRQ check
selinux: fix potential memleak in selinux_add_opt()
um: fix ndelay/udelay defines
um: virtio_uml: Fix time-travel external time propagation
Bluetooth: L2CAP: Fix using wrong mode
bpftool: Enable line buffering for stdout
backlight: qcom-wled: Validate enabled string indices in DT
backlight: qcom-wled: Pass number of elements to read to read_u32_array
backlight: qcom-wled: Fix off-by-one maximum with default num_strings
backlight: qcom-wled: Override default length with qcom,enabled-strings
backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion
backlight: qcom-wled: Respect enabled-strings in set_brightness
software node: fix wrong node passed to find nargs_prop
Bluetooth: hci_qca: Stop IBS timer during BT OFF
x86/boot/compressed: Move CLANG_FLAGS to beginning of KBUILD_CFLAGS
hwmon: (mr75203) fix wrong power-up delay value
x86/mce/inject: Avoid out-of-bounds write when setting flags
ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
power: reset: mt6397: Check for null res pointer
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
bpf: Don't promote bogus looking registers after null check.
bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
ppp: ensure minimum packet size in ppp_write()
rocker: fix a sleeping in atomic bug
staging: greybus: audio: Check null pointer
fsl/fman: Check for null pointer after calling devm_ioremap
Bluetooth: hci_bcm: Check for error irq
Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
debugfs: lockdown: Allow reading debugfs files that are not world readable
net/mlx5e: Fix page DMA map/unmap attributes
net/mlx5e: Don't block routes with nexthop objects in SW
Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
net/mlx5: Set command entry semaphore up once got index free
lib/mpi: Add the return value check of kcalloc()
Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
ax25: uninitialized variable in ax25_setsockopt()
netrom: fix api breakage in nr_setsockopt()
regmap: Call regmap_debugfs_exit() prior to _init()
can: mcp251xfd: add missing newline to printed strings
tpm: add request_locality before write TPM_INT_ENABLE
tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
can: softing: softing_startstop(): fix set but not used variable warning
can: xilinx_can: xcan_probe(): check for error irq
pcmcia: fix setting of kthread task states
iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing()
net: mcs7830: handle usb read errors properly
ext4: avoid trim error on fs with small groups
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit"
RDMA/hns: Validate the pkey index
scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
clk: imx8mn: Fix imx8mn_clko1_sels
powerpc/prom_init: Fix improper check of prom_getprop()
ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
dt-bindings: thermal: Fix definition of cooling-maps contribution property
powerpc/64s: Convert some cpu_setup() and cpu_restore() functions to C
powerpc/perf: MMCR0 control for PMU registers under PMCC=00
powerpc/perf: move perf irq/nmi handling details into traps.c
powerpc/irq: Add helper to set regs->softe
powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC
powerpc/32s: Fix shift-out-of-bounds in KASAN init
clocksource: Reduce clocksource-skew threshold
clocksource: Avoid accidental unstable marking of clocksources
ALSA: oss: fix compile error when OSS_DEBUG is enabled
ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
char/mwave: Adjust io port register size
binder: fix handling of error during copy
openrisc: Add clone3 ABI wrapper
iommu/io-pgtable-arm: Fix table descriptor paddr formatting
scsi: ufs: Fix race conditions related to driver data
RDMA/qedr: Fix reporting max_{send/recv}_wr attrs
PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
powerpc/powermac: Add additional missing lockdep_register_key()
RDMA/core: Let ib_find_gid() continue search even after empty entry
RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
ASoC: rt5663: Handle device_property_read_u32_array error codes
of: unittest: fix warning on PowerPC frame size warning
of: unittest: 64 bit dma address test requires arch support
clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
mips: add SYS_HAS_CPU_MIPS64_R5 config for MIPS Release 5 support
mips: fix Kconfig reference to PHYS_ADDR_T_64BIT
dmaengine: pxa/mmp: stop referencing config->slave_id
iommu/amd: Remove iommu_init_ga()
iommu/amd: Restore GA log/tail pointer on host resume
ASoC: Intel: catpt: Test dmaengine_submit() result before moving on
iommu/iova: Fix race between FQ timeout and teardown
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
ASoC: mediatek: Check for error clk pointer
ASoC: samsung: idma: Check of ioremap return value
misc: lattice-ecp3-config: Fix task hung when firmware load failed
counter: stm32-lptimer-cnt: remove iio counter abi
arm64: tegra: Fix Tegra194 HDA {clock,reset}-names ordering
arm64: tegra: Remove non existent Tegra194 reset
mips: lantiq: add support for clk_set_parent()
mips: bcm63xx: add support for clk_set_parent()
powerpc/xive: Add missing null check after calling kmalloc
ASoC: fsl_mqs: fix MODULE_ALIAS
RDMA/cxgb4: Set queue pair state when being queried
ASoC: fsl_asrc: refine the check of available clock divider
clk: bm1880: remove kfrees on static allocations
of: base: Fix phandle argument length mismatch error message
ARM: dts: omap3-n900: Fix lp5523 for multi color
Bluetooth: Fix debugfs entry leak in hci_register_dev()
fs: dlm: filter user dlm messages for kernel locks
drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
selftests/bpf: Fix bpf_object leak in skb_ctx selftest
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR
drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
media: atomisp: fix try_fmt logic
media: atomisp: set per-device's default mode
media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure
ARM: shmobile: rcar-gen2: Add missing of_node_put()
batman-adv: allow netlink usage in unprivileged containers
media: atomisp: handle errors at sh_css_create_isp_params()
ath11k: Fix crash caused by uninitialized TX ring
usb: gadget: f_fs: Use stream_open() for endpoint files
drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
HID: apple: Do not reset quirks when the Fn key is not found
media: b2c2: Add missing check in flexcop_pci_isr:
EDAC/synopsys: Use the quirk for version instead of ddr version
ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
drm/amd/display: check top_pipe_to_program pointer
drm/amdgpu/display: set vblank_disable_immediate for DC
soc: ti: pruss: fix referenced node in error message
mlxsw: pci: Add shutdown method in PCI driver
drm/bridge: megachips: Ensure both bridges are probed before registration
tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown()
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
HSI: core: Fix return freed object in hsi_new_client
crypto: jitter - consider 32 LSB for APT
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
rsi: Fix use-after-free in rsi_rx_done_handler()
rsi: Fix out-of-bounds read in rsi_read_pkt()
ath11k: Avoid NULL ptr access during mgmt tx cleanup
media: venus: avoid calling core_clk_setrate() concurrently during concurrent video sessions
ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table
ACPI: Change acpi_device_always_present() into acpi_device_override_status()
ACPI / x86: Allow specifying acpi_device_override_status() quirks by path
ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD win
arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node
usb: uhci: add aspeed ast2600 uhci support
floppy: Add max size check for user space request
x86/mm: Flush global TLB when switching to trampoline page-table
drm: rcar-du: Fix CRTC timings when CMM is used
media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
media: rcar-vin: Update format alignment constraints
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
media: m920x: don't use stack on USB reads
thunderbolt: Runtime PM activate both ends of the device link
iwlwifi: mvm: synchronize with FW after multicast commands
iwlwifi: mvm: avoid clearing a just saved session protection id
ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work
ath10k: Fix tx hanging
net-sysfs: update the queue counts in the unregistration path
net: phy: prefer 1000baseT over 1000baseKX
gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
selftests/ftrace: make kprobe profile testcase description unique
ath11k: Avoid false DEADLOCK warning reported by lockdep
x86/mce: Allow instrumentation during task work queueing
x86/mce: Mark mce_panic() noinstr
x86/mce: Mark mce_end() noinstr
x86/mce: Mark mce_read_aux() noinstr
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
HID: quirks: Allow inverting the absolute X/Y values
media: igorplugusb: receiver overflow should be reported
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
audit: ensure userspace is penalized the same as the kernel when under pressure
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
PM: runtime: Add safety net to supplier device release
cpufreq: Fix initialization of min and max frequency QoS requests
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
rtw88: 8822c: update rx settings to prevent potential hw deadlock
PM: AVS: qcom-cpr: Use div64_ul instead of do_div
iwlwifi: fix leaks/bad data after failed firmware load
iwlwifi: remove module loading failure message
iwlwifi: mvm: Fix calculation of frame length
iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ
um: registers: Rename function names to avoid conflicts and build problems
ath11k: Fix napi related hang
Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES
xfrm: rate limit SA mapping change message to user space
drm/etnaviv: consider completed fence seqno in hang check
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
ACPICA: Utilities: Avoid deleting the same object twice in a row
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Fix wrong interpretation of PCC address
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
drm/amdgpu: fixup bad vram size on gmc v8
amdgpu/pm: Make sysfs pm attributes as read-only for VFs
ACPI: battery: Add the ThinkPad "Not Charging" quirk
btrfs: remove BUG_ON() in find_parent_nodes()
btrfs: remove BUG_ON(!eie) in find_parent_nodes
net: mdio: Demote probed message to debug print
mac80211: allow non-standard VHT MCS-10/11
dm btree: add a defensive bounds check to insert_at()
dm space map common: add bounds check to sm_ll_lookup_bitmap()
mlxsw: pci: Avoid flow control for EMAD packets
net: phy: marvell: configure RGMII delays for 88E1118
net: gemini: allow any RGMII interface mode
regulator: qcom_smd: Align probe function with rpmh-regulator
serial: pl010: Drop CR register reset on set_termios
serial: core: Keep mctrl register state and cached copy in sync
random: do not throw away excess input to crng_fast_load
parisc: Avoid calling faulthandler_disabled() twice
x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs
powerpc/6xx: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/btext: add missing of_node_put
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
i2c: i801: Don't silently correct invalid transfer size
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: mpc: Correct I2C reset procedure
clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
powerpc/powermac: Add missing lockdep_register_key()
KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
w1: Misuse of get_user()/put_user() reported by sparse
nvmem: core: set size for sysfs bin file
dm: fix alloc_dax error handling in alloc_dev
scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
ALSA: seq: Set upper limit of processed events
MIPS: Loongson64: Use three arguments for slti
powerpc/40x: Map 32Mbytes of memory at startup
selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic
udf: Fix error handling in udf_new_inode()
MIPS: OCTEON: add put_device() after of_find_device_by_node()
irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
MIPS: Octeon: Fix build errors using clang
scsi: sr: Don't use GFP_DMA
ASoC: mediatek: mt8173: fix device_node leak
ASoC: mediatek: mt8183: fix device_node leak
phy: mediatek: Fix missing check in mtk_mipi_tx_probe
rpmsg: core: Clean up resources on announce_create failure.
crypto: omap-aes - Fix broken pm_runtime_and_get() usage
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
tpm: fix NPE on probe for missing device
spi: uniphier: Fix a bug that doesn't point to private data correctly
xen/gntdev: fix unmap notification order
fuse: Pass correct lend value to filemap_write_and_wait_range()
serial: Fix incorrect rs485 polarity on uart open
cputime, cpuacct: Include guest time in user time in cpuacct.stat
tracing/kprobes: 'nmissed' not showed correctly for kretprobe
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
s390/mm: fix 2KB pgtable release race
device property: Fix fwnode_graph_devcon_match() fwnode leak
drm/etnaviv: limit submit sizes
drm/nouveau/kms/nv04: use vzalloc for nv04_display
drm/bridge: analogix_dp: Make PSR-exit block less
parisc: Fix lpa and lpa_user defines
powerpc/64s/radix: Fix huge vmap false positive
PCI: xgene: Fix IB window setup
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only
PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
PCI: pci-bridge-emul: Fix definitions of reserved bits
PCI: pci-bridge-emul: Correctly set PCIe capabilities
PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
xfrm: fix policy lookup for ipv6 gre packets
btrfs: fix deadlock between quota enable and other quota operations
btrfs: check the root node for uptodate before returning it
btrfs: respect the max size in the header when activating swap file
ext4: make sure to reset inode lockdep class when quota enabling fails
ext4: make sure quota gets properly shutdown on error
ext4: fix a possible ABBA deadlock due to busy PA
ext4: initialize err_blk before calling __ext4_get_inode_loc
ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
ext4: set csum seed in tmp inode while migrating to extents
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: use ext4_ext_remove_space() for fast commit replay delete range
ext4: fast commit may miss tracking unwritten range during ftruncate
ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
ext4: don't use the orphan list when migrating an inode
drm/radeon: fix error handling in radeon_driver_open_kms
of: base: Improve argument length mismatch error
firmware: Update Kconfig help text for Google firmware
can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message
media: rcar-csi2: Optimize the selection PHTW register
drm/vc4: hdmi: Make sure the device is powered with CEC
media: correct MEDIA_TEST_SUPPORT help text
Documentation: dmaengine: Correctly describe dmatest with channel unset
Documentation: ACPI: Fix data node reference documentation
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Documentation: fix firewire.rst ABI file path error
Bluetooth: hci_sync: Fix not setting adv set duration
scsi: core: Show SCMD_LAST in text form
dmaengine: uniphier-xdmac: Fix type of address variables
RDMA/hns: Modify the mapping attribute of doorbell to device
RDMA/rxe: Fix a typo in opcode name
dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
powerpc/cell: Fix clang -Wimplicit-fallthrough warning
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
block: Fix fsync always failed if once failed
bpftool: Remove inclusion of utilities.mak from Makefiles
xdp: check prog type before updating BPF link
perf evsel: Override attr->sample_period for non-libpfm4 events
ipv4: update fib_info_cnt under spinlock protection
ipv4: avoid quadratic behavior in netns dismantle
net/fsl: xgmac_mdio: Add workaround for erratum A-009885
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
f2fs: compress: fix potential deadlock of compress file
f2fs: fix to reserve space for IO align feature
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
clk: Emit a stern warning with writable debugfs enabled
clk: si5341: Fix clock HW provider cleanup
net/smc: Fix hung_task when removing SMC-R devices
net: axienet: increase reset timeout
net: axienet: Wait for PhyRstCmplt after core reset
net: axienet: reset core on initialization prior to MDIO access
net: axienet: add missing memory barriers
net: axienet: limit minimum TX ring size
net: axienet: Fix TX ring slot available check
net: axienet: fix number of TX ring slots for available check
net: axienet: fix for TX busy handling
net: axienet: increase default TX ring size to 128
HID: vivaldi: fix handling devices not using numbered reports
rtc: pxa: fix null pointer dereference
vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
virtio_ring: mark ring unused on error
taskstats: Cleanup the use of task->exit_code
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
netns: add schedule point in ops_exit_list()
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
perf script: Fix hex dump character output
dmaengine: at_xdmac: Don't start transactions at tx_submit level
dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Fix concurrency over xfers_list
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
perf probe: Fix ppc64 'perf probe add events failed' case
devlink: Remove misleading internal_flags from health reporter dump
arm64: dts: qcom: msm8996: drop not documented adreno properties
net: bonding: fix bond_xmit_broadcast return value error bug
net_sched: restore "mpu xxx" handling
bcmgenet: add WOL IRQ check
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
net: sfp: fix high power modules without diagnostic monitoring
net: mscc: ocelot: fix using match before it is set
dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7
scripts/dtc: dtx_diff: remove broken example from help text
lib82596: Fix IRQ check in sni_82596_probe
mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
mtd: nand: bbt: Fix corner case in bad block table handling
ath10k: Fix the MTU size on QCA9377 SDIO
scripts: sphinx-pre-install: add required ctex dependency
scripts: sphinx-pre-install: Fix ctex support on Debian
Linux 5.10.94
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I857f2417c899508815a1ba13d1285fd400a1f133
commit fb80445c438c78b40b547d12b8d56596ce4ccfeb upstream.
commit 56b765b79e ("htb: improved accuracy at high rates") broke
"overhead X", "linklayer atm" and "mpu X" attributes.
"overhead X" and "linklayer atm" have already been fixed. This restores
the "mpu X" handling, as might be used by DOCSIS or Ethernet shaping:
tc class add ... htb rate X overhead 4 mpu 64
The code being fixed is used by htb, tbf and act_police. Cake has its
own mpu handling. qdisc_calculate_pkt_len still uses the size table
containing values adjusted for mpu by user space.
iproute2 tc has always passed mpu into the kernel via a tc_ratespec
structure, but the kernel never directly acted on it, merely stored it
so that it could be read back by `tc class show`.
Rather, tc would generate length-to-time tables that included the mpu
(and linklayer) in their construction, and the kernel used those tables.
Since v3.7, the tables were no longer used. Along with "mpu", this also
broke "overhead" and "linklayer" which were fixed in 01cb71d2d4
("net_sched: restore "overhead xxx" handling", v3.10) and 8a8e3d84b1
("net_sched: restore "linklayer atm" handling", v3.11).
"overhead" was fixed by simply restoring use of tc_ratespec::overhead -
this had originally been used by the kernel but was initially omitted
from the new non-table-based calculations.
"linklayer" had been handled in the table like "mpu", but the mode was
not originally passed in tc_ratespec. The new implementation was made to
handle it by getting new versions of tc to pass the mode in an extended
tc_ratespec, and for older versions of tc the table contents were analysed
at load time to deduce linklayer.
As "mpu" has always been given to the kernel in tc_ratespec,
accompanying the mpu-based table, we can restore system functionality
with no userspace change by making the kernel act on the tc_ratespec
value.
Fixes: 56b765b79e ("htb: improved accuracy at high rates")
Signed-off-by: Kevin Bracey <kevin@bracey.fi>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Vimalkumar <j.vimal@gmail.com>
Link: https://lore.kernel.org/r/20220112170210.1014351-1-kevin@bracey.fi
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e9538f8270db24d272659e15841854c7ea11119e upstream.
DEVLINK_CMD_HEALTH_REPORTER_DUMP_GET command doesn't have .doit callback
and has no use in internal_flags at all. Remove this misleading assignment.
Fixes: e44ef4e451 ("devlink: Hang reporter's dump method on a dumpit cb")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f7716b318568b22fbf0e3be99279a979e217cf71 upstream.
Mask the ECN bits before initialising ->flowi4_tos. The tunnel key may
have the last ECN bit set, which will interfere with the route lookup
process as ip_route_output_key_hash() interpretes this bit specially
(to restrict the route scope).
Found by code inspection, compile tested only.
Fixes: 962924fa2b ("ip_gre: Refactor collect metatdata mode tunnel xmit to ip_md_tunnel_xmit")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lina Wang