49c25af89c6ad02b60a1a2bcbe16ecef330782cf
50 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
477f5e6b9e |
Merge 5.10.188 into android12-5.10-lts
Changes in 5.10.188
media: atomisp: fix "variable dereferenced before check 'asd'"
x86/smp: Use dedicated cache-line for mwait_play_dead()
can: isotp: isotp_sendmsg(): fix return error fix on TX path
video: imsttfb: check for ioremap() failures
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
HID: wacom: Use ktime_t rather than int when dealing with timestamps
HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe"
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
nubus: Partially revert proc_create_single_data() conversion
fs: pipe: reveal missing function protoypes
x86/resctrl: Only show tasks' pid in current pid namespace
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
md/raid10: fix io loss while replacement replace rdev
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
posix-timers: Prevent RT livelock in itimer_delete()
tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
perf/arm-cmn: Fix DTC reset
powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
ARM: 9303/1: kprobes: avoid missing-declaration warnings
cpufreq: intel_pstate: Fix energy_performance_preference for passive
thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
rcuscale: Console output claims too few grace periods
rcuscale: Always log error message
rcuscale: Move shutdown from wait_event() to wait_event_idle()
rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
perf/ibs: Fix interface via core pmu events
x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
evm: Complete description of evm_inode_setattr()
ima: Fix build warnings
pstore/ram: Add check for kstrdup
igc: Enable and fix RX hash usage by netstack
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
samples/bpf: Fix buffer overflow in tcp_basertt
spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
wifi: wilc1000: fix for absent RSN capabilities WFA testcase
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
bpf: Remove extra lock_sock for TCP_ZEROCOPY_RECEIVE
sctp: add bpf_bypass_getsockopt proto callback
libbpf: fix offsetof() and container_of() to work with CO-RE
nfc: constify several pointers to u8, char and sk_buff
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
bpftool: JIT limited misreported as negative value on aarch64
regulator: core: Fix more error checking for debugfs_create_dir()
regulator: core: Streamline debugfs operations
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wl3501_cs: Fix misspelling and provide missing documentation
net: create netdev->dev_addr assignment helpers
wl3501_cs: use eth_hw_addr_set()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
wifi: iwlwifi: pull from TXQs with softirqs disabled
wifi: cfg80211: rewrite merging of inherited elements
wifi: ath9k: convert msecs to jiffies where needed
igc: Fix race condition in PTP tx code
net: stmmac: fix double serdes powerdown
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
selftests: rtnetlink: remove netdevsim device after ipsec offload test
gtp: Fix use-after-free in __gtp_encap_destroy().
net: axienet: Move reset before 64-bit DMA detection
sfc: fix crash when reading stats while NIC is resetting
nfc: llcp: simplify llcp_sock_connect() error paths
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
lib/ts_bm: reset initial match offset for every block of text
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
drm/amd/display: Explicitly specify update type per plane info change
Input: drv260x - sleep between polling GO bit
drm/bridge: tc358768: always enable HS video mode
drm/bridge: tc358768: fix PLL parameters computation
drm/bridge: tc358768: fix PLL target frequency
drm/bridge: tc358768: fix TCLK_ZEROCNT computation
drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
drm/bridge: tc358768: fix TCLK_TRAILCNT computation
drm/bridge: tc358768: fix THS_ZEROCNT computation
drm/bridge: tc358768: fix TXTAGOCNT computation
drm/bridge: tc358768: fix THS_TRAILCNT computation
drm/vram-helper: fix function names in vram helper doc
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
ARM: dts: meson8b: correct uart_B and uart_C clock references
Input: adxl34x - do not hardcode interrupt trigger type
drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
drm/panel: sharp-ls043t1le01: adjust mode settings
ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
bus: ti-sysc: Fix dispc quirk masking bool variables
arm64: dts: microchip: sparx5: do not use PSCI on reference boards
RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
RDMA/bnxt_re: Fix to remove unnecessary return labels
RDMA/bnxt_re: Use unique names while registering interrupts
RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
RDMA/bnxt_re: Fix to remove an unnecessary log
ARM: dts: gta04: Move model property out of pinctrl node
arm64: dts: qcom: msm8916: correct camss unit address
arm64: dts: qcom: msm8994: correct SPMI unit address
arm64: dts: qcom: msm8996: correct camss unit address
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ARM: omap2: fix missing tick_broadcast() prototype
arm64: dts: qcom: apq8096: fix fixed regulator name property
ARM: dts: stm32: Shorten the AV96 HDMI sound card name
memory: brcmstb_dpfe: fix testing array offset after use
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ASoC: es8316: Do not set rate constraints for unsupported MCLKs
ARM: dts: meson8: correct uart_B and uart_C clock references
soc/fsl/qe: fix usb.c build errors
IB/hfi1: Use bitmap_zalloc() when applicable
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
RDMA: Remove uverbs_ex_cmd_mask values that are linked to functions
RDMA/hns: Fix coding style issues
RDMA/hns: Use refcount_t APIs for HEM
RDMA/hns: Clean the hardware related code for HEM
RDMA/hns: Fix hns_roce_table_get return value
ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: ti: k3-j7200: Fix physical address of pin
ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
hwmon: (gsc-hwmon) fix fan pwm temperature scaling
hwmon: (adm1275) enable adm1272 temperature reporting
hwmon: (adm1275) Allow setting sample averaging
hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
ARM: dts: BCM5301X: fix duplex-full => full-duplex
drm/amdkfd: Fix potential deallocation of previously deallocated memory.
drm/radeon: fix possible division-by-zero errors
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
RDMA/bnxt_re: wraparound mbox producer index
RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
clk: tegra: tegra124-emc: Fix potential memory leak
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/msm/dpu: do not enable color-management if DSPPs are not available
drm/msm/dp: Free resources after unregistering them
clk: vc5: check memory returned by kasprintf()
clk: cdce925: check return value of kasprintf()
clk: si5341: Allow different output VDD_SEL values
clk: si5341: Add sysfs properties to allow checking/resetting device faults
clk: si5341: return error if one synth clock registration fails
clk: si5341: check return value of {devm_}kasprintf()
clk: si5341: free unused memory on probe failure
clk: keystone: sci-clk: check return value of kasprintf()
clk: ti: clkctrl: check return value of kasprintf()
drivers: meson: secure-pwrc: always enable DMA domain
ovl: update of dentry revalidate flags after copy up
ASoC: imx-audmix: check return value of devm_kasprintf()
PCI: cadence: Fix Gen2 Link Retraining process
scsi: qedf: Fix NULL dereference in error handling
pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: pciehp: Cancel bringup sequence if card is not present
PCI: ftpci100: Release the clock resources
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
perf bench: Use unbuffered output when pipe/tee'ing to a file
perf bench: Add missing setlocale() call to allow usage of %'d style formatting
pinctrl: cherryview: Return correct value if pin in push-pull mode
kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
perf script: Fixup 'struct evsel_script' method prefix
perf script: Fix allocation of evsel->priv related to per-event dump files
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
powerpc/powernv/sriov: perform null check on iov before dereferencing iov
mm: rename pud_page_vaddr to pud_pgtable and make it return pmd_t *
mm: rename p4d_page_vaddr to p4d_pgtable and make it return pud_t *
powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
hwrng: virtio - add an internal buffer
hwrng: virtio - don't wait on cleanup
hwrng: virtio - don't waste entropy
hwrng: virtio - always add a pending request
hwrng: virtio - Fix race on data_avail and actual data
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
crypto: marvell/cesa - Fix type mismatch warning
modpost: fix off by one in is_executable_section()
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
dax: Fix dax_mapping_release() use after free
dax: Introduce alloc_dev_dax_id()
hwrng: st - keep clock enabled while hwrng is registered
io_uring: ensure IOPOLL locks around deferred work
USB: serial: option: add LARA-R6 01B PIDs
usb: dwc3: gadget: Propagate core init errors to UDC during pullup
phy: tegra: xusb: Clear the driver reference in usb-phy dev
block: fix signed int overflow in Amiga partition support
block: change all __u32 annotations to __be32 in affs_hardblocks.h
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
w1: w1_therm: fix locking behavior in convert_t
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
serial: 8250: omap: Fix freeing of resources on failed register
clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
clk: qcom: reset: Allow specifying custom reset delay
clk: qcom: reset: support resetting multiple bits
clk: qcom: ipq6018: fix networking resets
usb: dwc3: qcom: Fix potential memory leak
usb: gadget: u_serial: Add null pointer check in gserial_suspend
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
usb: hide unused usbfs_notify_suspend/resume functions
serial: 8250: lock port for stop_rx() in omap8250_irq()
serial: 8250: lock port for UART_IER access in omap8250_irq()
kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
coresight: Fix loss of connection info when a module is unloaded
mfd: rt5033: Drop rt5033-battery sub-device
media: venus: helpers: Fix ALIGN() of non power of two
media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
usb: common: usb-conn-gpio: Set last role to unknown before initial detection
usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
mfd: intel-lpss: Add missing check for platform_get_resource
Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection"
serial: 8250_omap: Use force_suspend and resume for system suspend
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
mfd: stmfx: Fix error path in stmfx_chip_init
mfd: stmfx: Nullify stmfx->vdd in case of error
KVM: s390: vsie: fix the length of APCB bitmap
mfd: stmpe: Only disable the regulators if they are enabled
phy: tegra: xusb: check return value of devm_kzalloc()
pwm: imx-tpm: force 'real_period' to be zero in suspend
pwm: sysfs: Do not apply state to already disabled PWMs
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
media: cec: i2c: ch7322: also select REGMAP
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
net: dsa: vsc73xx: fix MTU configuration
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
octeontx2-af: Fix mapping for NIX block from CGX connection
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
xsk: Honor SO_BINDTODEVICE on bind
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
pptp: Fix fib lookup calls.
net: dsa: tag_sja1105: fix MAC DA patching from meta frames
s390/qeth: Fix vipa deletion
sh: dma: Fix DMA channel offset calculation
apparmor: fix missing error check for rhashtable_insert_fast
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Don't try to handle more interrupt events after error
ALSA: jack: Fix mutex call in snd_jack_report()
i2c: qup: Add missing unwind goto in qup_i2c_probe()
NFSD: add encoding of op_recall flag for write delegation
io_uring: wait interruptibly for request completions on exit
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
bcache: fixup btree_cache_wait list damage
bcache: Remove unnecessary NULL point check in node allocations
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
um: Use HOST_DIR for mrproper
integrity: Fix possible multiple allocation in integrity_inode_get()
autofs: use flexible array in ioctl structure
shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
fs: avoid empty option when generating legacy mount string
ext4: Remove ext4 locking of moved directory
Revert "f2fs: fix potential corruption when moving a directory"
fs: Establish locking order for unrelated directories
fs: Lock moved directories
btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
btrfs: fix race when deleting quota root from the dirty cow roots list
ASoC: mediatek: mt8173: Fix irq error path
ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
ARM: orion5x: fix d2net gpio initialization
leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
fs: no need to check source
fanotify: disallow mount/sb marks on kernel internal pseudo fs
tpm, tpm_tis: Claim locality in interrupt handler
selftests/bpf: Add verifier test for PTR_TO_MEM spill
block: add overflow checks for Amiga partition support
sh: pgtable-3level: Fix cast to pointer from integer of different size
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: fix chain binding transaction logic
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: reject unbound chain set before commit phase
netfilter: nftables: rename set element data activation/deactivation functions
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: do not ignore genmask when looking up chain by id
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
wireguard: queueing: use saner cpu selection wrapping
wireguard: netlink: send staged packets when setting initial private key
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
rcu-tasks: Mark ->trc_reader_nesting data races
rcu-tasks: Mark ->trc_reader_special.b.need_qs data races
rcu-tasks: Simplify trc_read_check_handler() atomic operations
block/partition: fix signedness issue for Amiga partitions
io_uring: Use io_schedule* in cqring wait
io_uring: add reschedule point to handle_tw_list()
net: lan743x: Don't sleep in atomic context
workqueue: clean up WORK_* constant types, clarify masking
drm/panel: simple: Add connector_type for innolux_at043tn24
drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
igc: Remove delay during TX ring configuration
net/mlx5e: fix double free in mlx5e_destroy_flow_table
net/mlx5e: Check for NOT_READY flag state after locking
igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings
scsi: qla2xxx: Fix error code in qla2x00_start_sp()
net: mvneta: fix txq_map in case of txq_number==1
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
gve: Set default duplex configuration to full
ionic: remove WARN_ON to prevent panic_on_warn
net: bgmac: postpone turning IRQs off to avoid SoC hangs
net: prevent skb corruption on frag list segmentation
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
NTB: ntb_tool: Add check for devm_kcalloc
ipv6/addrconf: fix a potential refcount underflow for idev
platform/x86: wmi: remove unnecessary argument
platform/x86: wmi: use guid_t and guid_equal()
platform/x86: wmi: move variables
platform/x86: wmi: Break possible infinite loop when parsing GUID
igc: Fix launchtime before start of cycle
igc: Fix inserting of empty frame for launchtime
riscv: bpf: Move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
riscv: bpf: Avoid breaking W^X
bpf, riscv: Support riscv jit to provide bpf_line_info
riscv, bpf: Fix inconsistent JIT image generation
erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
wifi: airo: avoid uninitialized warning in airo_get_rate()
net/sched: flower: Ensure both minimum and maximum ports are specified
netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
net/sched: make psched_mtu() RTNL-less safe
net/sched: sch_qfq: refactor parsing of netlink parameters
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
nvme-pci: fix DMA direction of unmapping integrity data
f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
pinctrl: amd: Fix mistake in handling clearing pins at startup
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Only use special debounce behavior for GPIO 0
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
mtd: rawnand: meson: fix unaligned DMA buffers handling
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
powerpc: Fail build if using recordmcount with binutils v2.37
misc: fastrpc: Create fastrpc scalar with correct buffer count
erofs: fix compact 4B support for 16k block size
MIPS: Loongson: Fix cpu_probe_loongson() again
ext4: Fix reusing stale buffer heads from last failed mounting
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: get block from bh in ext4_free_blocks for fast commit replay
ext4: fix wrong unit use in ext4_mb_new_blocks
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
hwrng: imx-rngc - fix the timeout for init and self check
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Set address alignment for endpoint mode
misc: pci_endpoint_test: Free IRQs before removing the device
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
drm/atomic: Allow vblank-enabled + self-refresh "disable"
drm/rockchip: vop: Leave vblank enabled in self-refresh
drm/amd/display: Correct `DMUB_FW_VERSION` macro
serial: atmel: don't enable IRQs prematurely
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
ceph: don't let check_caps skip sending responses for revoke msgs
xhci: Fix resume issue of some ZHAOXIN hosts
xhci: Fix TRB prefetch issue of ZHAOXIN hosts
xhci: Show ZHAOXIN xHCI root hub speed correctly
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
s390/decompressor: fix misaligned symbol build error
tracing/histograms: Add histograms to hist_vars if they have referenced variables
samples: ftrace: Save required argument registers in sample trampolines
net: ena: fix shift-out-of-bounds in exponential backoff
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
tracing: Fix null pointer dereference in tracing_err_log_open()
tracing/probes: Fix not to count error code to total length
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix buffer overrun
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Correct the index of array
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
net/sched: sch_qfq: reintroduce lmax bound check for MTU
RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
drm/atomic: Fix potential use-after-free in nonblocking commits
ALSA: hda/realtek - remove 3k pull low procedure
ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
keys: Fix linking a duplicate key to a keyring's assoc_array
perf probe: Add test for regression introduced by switch to die_get_decl_file()
btrfs: fix warning when putting transaction with qgroups enabled after abort
fuse: revalidate: don't invalidate if interrupted
selftests: tc: set timeout to 15 minutes
selftests: tc: add 'ct' action kconfig dep
regmap: Drop initial version of maximum transfer length fixes
regmap: Account for register length in SMBus I/O limits
can: bcm: Fix UAF in bcm_proc_show()
drm/client: Fix memory leak in drm_client_target_cloned
drm/client: Fix memory leak in drm_client_modeset_probe
ASoC: fsl_sai: Disable bit clock with transmitter
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
btrfs: add xxhash to fast checksum implementations
ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version)
arm64: set __exception_irq_entry with __irq_entry as a default
arm64: mm: fix VA-range sanity check
sched/fair: Don't balance task to its current running CPU
wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range
bpf: Address KCSAN report on bpf_lru_list
devlink: report devlink_port_type_warn source device
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
wifi: iwlwifi: mvm: avoid baid size integer overflow
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
bridge: Add extack warning when enabling STP in netns.
iavf: Fix use-after-free in free_netdev
iavf: Fix out-of-bounds when setting channels on remove
security: keys: Modify mismatched function name
octeontx2-pf: Dont allocate BPIDs for LBK interfaces
tcp: annotate data-races around tcp_rsk(req)->ts_recent
net: ipv4: Use kfree_sensitive instead of kfree
net:ipv6: check return value of pskb_trim()
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nft_set_pipapo: fix improper element removal
netfilter: nf_tables: skip bound chain in netns release path
netfilter: nf_tables: skip bound chain on rule flush
tcp: annotate data-races around tp->tcp_tx_delay
tcp: annotate data-races around tp->keepalive_time
tcp: annotate data-races around tp->keepalive_intvl
tcp: annotate data-races around tp->keepalive_probes
net: Introduce net.ipv4.tcp_migrate_req.
tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries.
tcp: annotate data-races around icsk->icsk_syn_retries
tcp: annotate data-races around tp->linger2
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around icsk->icsk_user_timeout
tcp: annotate data-races around fastopenq.max_qlen
net: phy: prevent stale pointer dereference in phy_init()
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
tracing: Fix memory leak of iter->temp when reading trace_pipe
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
Linux 5.10.188
Change-Id: Ibcc1adc43df5b8f649b12078eedd5d4f57de4578
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jens Axboe
|
dc4a25fa75 |
io_uring: add reschedule point to handle_tw_list()
Commit f58680085478dd292435727210122960d38e8014 upstream. If CONFIG_PREEMPT_NONE is set and the task_work chains are long, we could be running into issues blocking others for too long. Add a reschedule check in handle_tw_list(), and flush the ctx if we need to reschedule. Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andres Freund
|
297883bbca |
io_uring: Use io_schedule* in cqring wait
Commit 8a796565cec3601071cbbd27d6304e202019d014 upstream. I observed poor performance of io_uring compared to synchronous IO. That turns out to be caused by deeper CPU idle states entered with io_uring, due to io_uring using plain schedule(), whereas synchronous IO uses io_schedule(). The losses due to this are substantial. On my cascade lake workstation, t/io_uring from the fio repository e.g. yields regressions between 20% and 40% with the following command: ./t/io_uring -r 5 -X0 -d 1 -s 1 -c 1 -p 0 -S$use_sync -R 0 /mnt/t2/fio/write.0.0 This is repeatable with different filesystems, using raw block devices and using different block devices. Use io_schedule_prepare() / io_schedule_finish() in io_cqring_wait_schedule() to address the difference. After that using io_uring is on par or surpassing synchronous IO (using registered files etc makes it reliably win, but arguably is a less fair comparison). There are other calls to schedule() in io_uring/, but none immediately jump out to be similarly situated, so I did not touch them. Similarly, it's possible that mutex_lock_io() should be used, but it's not clear if there are cases where that matters. Cc: stable@vger.kernel.org # 5.10+ Cc: Pavel Begunkov <asml.silence@gmail.com> Cc: io-uring@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Andres Freund <andres@anarazel.de> Link: https://lore.kernel.org/r/20230707162007.194068-1-andres@anarazel.de [axboe: minor style fixup] Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
28e649dc99 |
io_uring: wait interruptibly for request completions on exit
commit 4826c59453b3b4677d6bf72814e7ababdea86949 upstream. WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by io_ring_exit_work. That function is invoked by kworker, which doesn't take any signals. Because of that, it doesn't really matter if we wait for completions in TASK_INTERRUPTIBLE or TASK_UNINTERRUPTIBLE state. However, it does matter to the hung task detection checker! Normally we expect cancelations and completions to happen rather quickly. Some test cases, however, will exit the ring and park the owning task stopped (eg via SIGSTOP). If the owning task needs to run task_work to complete requests, then io_ring_exit_work won't make any progress until the task is runnable again. Hence io_ring_exit_work can trigger the hung task detection, which is particularly problematic if panic-on-hung-task is enabled. As the ring exit doesn't take signals to begin with, have it wait interruptibly rather than uninterruptibly. io_uring has a separate stuck-exit warning that triggers independently anyway, so we're not really missing anything by making this switch. Cc: stable@vger.kernel.org # 5.10+ Link: https://lore.kernel.org/r/b0e4aaef-7088-56ce-244c-976edeac0e66@kernel.dk Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
810e401b34 |
io_uring: ensure IOPOLL locks around deferred work
No direct upstream commit exists for this issue. It was fixed in 5.18 as part of a larger rework of the completion side. io_commit_cqring() writes the CQ ring tail to make it visible, but it also kicks off any deferred work we have. A ring setup with IOPOLL does not need any locking around the CQ ring updates, as we're always under the ctx uring_lock. But if we have deferred work that needs processing, then io_queue_deferred() assumes that the completion_lock is held, as it is for !IOPOLL. Add a lockdep assertion to check and document this fact, and have io_iopoll_complete() check if we have deferred work and run that separately with the appropriate lock grabbed. Cc: stable@vger.kernel.org # 5.10, 5.15 Reported-by: dghost david <daviduniverse18@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
02a1b32243 |
Merge 5.10.186 into android12-5.10-lts
Changes in 5.10.186 drm/amd/display: fix the system hang while disable PSR net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs tracing: Add tracing_reset_all_online_cpus_unlocked() function tick/common: Align tick period during sched_timer setup selftests: mptcp: lib: skip if missing symbol selftests: mptcp: lib: skip if not below kernel version selftests: mptcp: pm nl: remove hardcoded default limits selftests: mptcp: join: skip check if MIB counter not supported nilfs2: fix buffer corruption due to concurrent device reads Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs PCI: hv: Fix a race condition bug in hv_pci_query_relations() Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic cgroup: Do not corrupt task iteration when rebinding subsystem mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: mmci: stm32: fix max busy timeout calculation ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK regmap: spi-avmm: Fix regmap_bus max_raw_write writeback: fix dereferencing NULL mapping->host on writeback_page_template io_uring/net: save msghdr->msg_control for retries io_uring/net: clear msg_controllen on partial sendmsg retry io_uring/net: disable partial retries for recvmsg with cmsg nilfs2: prevent general protection fault in nilfs_clear_dirty_page() x86/mm: Avoid using set_pgd() outside of real PGD pages mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% sysctl: move some boundary constants from sysctl.c to sysctl_vals memfd: check for non-NULL file_seals in memfd_create() syscall ieee802154: hwsim: Fix possible memory leaks xfrm: Treat already-verified secpath entries as optional xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c xfrm: Ensure policies always checked on XFRM-I input path bpf: track immediate values written to stack by BPF_ST instruction bpf: Fix verifier id tracking of scalars on spill xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets selftests: net: vrf-xfrm-tests: change authentication and encryption algos selftests: net: fcnal-test: check if FIPS mode is enabled xfrm: Linearize the skb after offloading if needed. net: qca_spi: Avoid high load if QCA7000 is not available mmc: mtk-sd: fix deferred probing mmc: mvsdio: fix deferred probing mmc: omap: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: owl: fix deferred probing mmc: sdhci-acpi: fix deferred probing mmc: sh_mmcif: fix deferred probing mmc: usdhi60rol0: fix deferred probing ipvs: align inner_mac_header for encapsulation net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch be2net: Extend xmit workaround to BE3 chip netfilter: nft_set_pipapo: .walk does not deal with generations netfilter: nf_tables: disallow element updates of bound anonymous sets netfilter: nfnetlink_osf: fix module autoload Revert "net: phy: dp83867: perform soft reset and retain established link" sch_netem: acquire qdisc lock in netem_change() gpio: Allow per-parent interrupt data gpiolib: Fix GPIO chip IRQ initialization restriction scsi: target: iscsi: Prevent login threads from racing between each other HID: wacom: Add error check to wacom_parse_and_register() arm64: Add missing Set/Way CMO encodings media: cec: core: don't set last_initiator if tx in progress nfcsim.c: Fix error checking for debugfs_create_dir usb: gadget: udc: fix NULL dereference in remove() Input: soc_button_array - add invalid acpi_index DMI quirk handling s390/cio: unregister device when the only path is gone spi: lpspi: disable lpspi module irq in DMA mode ASoC: simple-card: Add missing of_node_put() in case of error ASoC: nau8824: Add quirk to active-high jack-detect s390/purgatory: disable branch profiling ARM: dts: Fix erroneous ADS touchscreen polarities drm/exynos: vidi: fix a wrong error return drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle netfilter: nftables: statify nft_parse_register() netfilter: nf_tables: validate registers coming from userspace. netfilter: nf_tables: hold mutex on netns pre_exit path bpf/btf: Accept function names that contain dots Linux 5.10.186 Change-Id: I2c45f6bd0cb20e43ac316ed751d2708315db80f0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c6ac900e26 |
Merge 5.10.185 into android12-5.10-lts
Changes in 5.10.185 lib: cleanup kstrto*() usage kernel.h: split out kstrtox() and simple_strtox() to a separate header test_firmware: Use kstrtobool() instead of strtobool() test_firmware: prevent race conditions by a correct implementation of locking test_firmware: fix a memory leak with reqs buffer power: supply: ab8500: Fix external_power_changed race power: supply: sc27xx: Fix external_power_changed race power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() ARM: dts: vexpress: add missing cache properties tools: gpio: fix debounce_period_us output of lsgpio power: supply: Ratelimit no data debug output platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 regulator: Fix error checking for debugfs_create_dir irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues power: supply: Fix logic checking if system is running from battery btrfs: scrub: try harder to mark RAID56 block groups read-only btrfs: handle memory allocation failure in btrfs_csum_one_bio ASoC: soc-pcm: test if a BE can be prepared parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() MIPS: Alchemy: fix dbdma2 mips: Move initrd_start check after initrd address sanitisation. ASoC: dwc: move DMA init to snd_soc_dai_driver probe() xen/blkfront: Only check REQ_FUA for writes drm:amd:amdgpu: Fix missing buffer object unlock in failure path irqchip/gic: Correctly validate OF quirk descriptors io_uring: hold uring mutex around poll removal epoll: ep_autoremove_wake_function should use list_del_init_careful ocfs2: fix use-after-free when unmounting read-only filesystem ocfs2: check new file size on fallocate call nios2: dts: Fix tse_mac "max-frame-size" property nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nilfs2: fix possible out-of-bounds segment allocation in resize ioctl kexec: support purgatories with .text.hot sections x86/purgatory: remove PGO flags powerpc/purgatory: remove PGO flags nouveau: fix client work fence deletion race RDMA/uverbs: Restrict usage of privileged QKEYs net: usb: qmi_wwan: add support for Compal RXM-G1 ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Remove DECnet support from kernel USB: serial: option: add Quectel EM061KGL series serial: lantiq: add missing interrupt ack usb: dwc3: gadget: Reset num TRBs before giving back the request RDMA/rtrs: Fix the last iu->buf leak in err path spi: fsl-dspi: avoid SCK glitches with continuous transfers netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM net: enetc: correct the indexes of highest and 2nd highest TCs ping6: Fix send to link-local addresses with VRF. net/sched: cls_u32: Fix reference counter leak leading to overflow RDMA/rxe: Remove the unused variable obj RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Fix the use-before-initialization error of resp_pkts iavf: remove mask from iavf_irq_enable_queues() octeontx2-af: fixed resource availability check RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions RDMA/cma: Always set static rate to 0 for RoCE IB/uverbs: Fix to consider event queue closing also upon non-blocking mode IB/isert: Fix dead lock in ib_isert IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix incorrect release of isert connection ipvlan: fix bound dev checking for IPv6 l3s mode sctp: fix an error code in sctp_sf_eat_auth() igb: fix nvm.ops.read() error handling drm/nouveau: don't detect DSM for non-NVIDIA device drm/nouveau/dp: check for NULL nv_connector->native_mode drm/nouveau: add nv_encoder pointer check for NULL ext4: drop the call to ext4_error() from ext4_get_group_info() net/sched: cls_api: Fix lockup on flushing explicitly created chain net: lapbether: only support ethernet devices net: tipc: resize nlattr array to correct size selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET afs: Fix vlserver probe RTT handling cgroup: always put cset in cgroup_css_set_put_fork rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period neighbour: Remove unused inline function neigh_key_eq16() net: Remove unused inline function dst_hold_and_use() net: Remove DECnet leftovers from flow.h. neighbour: delete neigh_lookup_nodev as not used batman-adv: Switch to kstrtox.h for kstrtou64 mmc: block: ensure error propagation for non-blk mm/memory_hotplug: extend offline_and_remove_memory() to handle more than one memory block nilfs2: reject devices with insufficient block count media: dvbdev: Fix memleak in dvb_register_device media: dvbdev: fix error logic at dvb_register_device() media: dvb-core: Fix use-after-free due to race at dvb_register_device() drm/i915/dg1: Wait for pcode/uncore handshake at startup drm/i915/gen11+: Only load DRAM information from pcode um: Fix build w/o CONFIG_PM_SLEEP Linux 5.10.185 Change-Id: I05ba9c2e38c013c553c9f89e2a6b71ec9bdb0bd3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jens Axboe
|
3845c38417 |
io_uring/net: disable partial retries for recvmsg with cmsg
Commit 78d0d2063bab954d19a1696feae4c7706a626d48 upstream. We cannot sanely handle partial retries for recvmsg if we have cmsg attached. If we don't, then we'd just be overwriting the initial cmsg header on retries. Alternatively we could increment and handle this appropriately, but it doesn't seem worth the complication. Move the MSG_WAITALL check into the non-multishot case while at it, since MSG_WAITALL is explicitly disabled for multishot anyway. Link: https://lore.kernel.org/io-uring/0b0d4411-c8fd-4272-770b-e030af6919a0@kernel.dk/ Cc: stable@vger.kernel.org # 5.10+ Reported-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
826ee9fa36 |
io_uring/net: clear msg_controllen on partial sendmsg retry
Commit b1dc492087db0f2e5a45f1072a743d04618dd6be upstream. If we have cmsg attached AND we transferred partial data at least, clear msg_controllen on retry so we don't attempt to send that again. Cc: stable@vger.kernel.org # 5.10+ Fixes: cac9e4418f4c ("io_uring/net: save msghdr->msg_control for retries") Reported-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
5fdea4468f |
io_uring/net: save msghdr->msg_control for retries
Commit cac9e4418f4cbd548ccb065b3adcafe073f7f7d2 upstream. If the application sets ->msg_control and we have to later retry this command, or if it got queued with IOSQE_ASYNC to begin with, then we need to retain the original msg_control value. This is due to the net stack overwriting this field with an in-kernel pointer, to copy it in. Hitting that path for the second time will now fail the copy from user, as it's attempting to copy from a non-user address. Cc: stable@vger.kernel.org # 5.10+ Link: https://github.com/axboe/liburing/issues/880 Reported-and-tested-by: Marek Majkowski <marek@cloudflare.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
4716c73b18 |
io_uring: hold uring mutex around poll removal
Snipped from commit 9ca9fb24d5febccea354089c41f96a8ad0d853f8 upstream. While reworking the poll hashing in the v6.0 kernel, we ended up grabbing the ctx->uring_lock in poll update/removal. This also fixed a bug with linked timeouts racing with timeout expiry and poll removal. Bring back just the locking fix for that. Reported-and-tested-by: Querijn Voet <querijnqyn@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
df23049a96 |
Merge 5.10.176 into android12-5.10-lts
Changes in 5.10.176 xfrm: Allow transport-mode states with AF_UNSPEC selector drm/panfrost: Don't sync rpm suspension after mmu flushing cifs: Move the in_send statistic to __smb_send_rqst() drm/meson: fix 1px pink line on GXM when scaling video overlay clk: HI655X: select REGMAP instead of depending on it docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() netfilter: nft_nat: correct length for loading protocol registers netfilter: nft_masq: correct length for loading protocol registers netfilter: nft_redir: correct length for loading protocol registers netfilter: nft_redir: correct value of inet type `.maxattrs` scsi: core: Fix a comment in function scsi_host_dev_release() scsi: core: Fix a procfs host directory removal regression tcp: tcp_make_synack() can be called from process context nfc: pn533: initialize struct pn533_out_arg properly ipvlan: Make skb->skb_iif track skb->dev for l3s mode i40e: Fix kernel crash during reboot when adapter is in recovery mode net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() qed/qed_dev: guard against a possible division by zero net: tunnels: annotate lockless accesses to dev->needed_headroom net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net/smc: fix deadlock triggered by cancel_delayed_work_syn() net: usb: smsc75xx: Limit packet length to skb->len drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc null_blk: Move driver into its own directory block: null_blk: Fix handling of fake timeout request nvme: fix handling single range discard request nvmet: avoid potential UAF in nvmet_req_complete() block: sunvdc: add check for mdesc_grab() returning NULL ice: xsk: disable txq irq before flushing hw net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290 ipv4: Fix incorrect table ID in IOCTL path net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull net/iucv: Fix size of interrupt data selftests: net: devlink_port_split.py: skip test if no suitable device available qed/qed_mng_tlv: correctly zero out ->min instead of ->hour ethernet: sun: add check for the mdesc_grab() hwmon: (adt7475) Display smoothing attributes in correct order hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (ina3221) return prober error code hwmon: (ucd90320) Add minimum delay between bus accesses hwmon: tmp512: drop of_match_ptr for ID table hwmon: (adm1266) Set `can_sleep` flag for GPIO chip media: m5mols: fix off-by-one loop termination error mmc: atmel-mci: fix race between stop command and start of next command jffs2: correct logic when creating a hole in jffs2_write_begin ext4: fail ext4_iget if special inode unallocated ext4: fix task hung in ext4_xattr_delete_inode drm/amdkfd: Fix an illegal memory access sh: intc: Avoid spurious sizeof-pointer-div warning drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes ext4: fix possible double unlock when moving a directory tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted serial: 8250_em: Fix UART port type firmware: xilinx: don't make a sleepable memory allocation from an atomic context interconnect: fix mem leak when freeing nodes tracing: Make splice_read available again tracing: Check field value in hist_field_name() tracing: Make tracepoint lockdep check actually test something cifs: Fix smb2_set_path_size() KVM: nVMX: add missing consistency checks for CR0 and CR4 ALSA: hda: intel-dsp-config: add MTL PCI id ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro drm/shmem-helper: Remove another errant put in error path mptcp: avoid setting TCP_CLOSE state twice ftrace: Fix invalid address access in lookup_rec() when index is 0 mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage mmc: sdhci_am654: lower power-on failed message severity fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks cpuidle: psci: Iterate backwards over list in psci_pd_remove() x86/mce: Make sure logged MCEs are processed after sysfs update x86/mm: Fix use of uninitialized buffer in sme_enable() drm/i915: Don't use stolen memory for ring buffers with LLC drm/i915/active: Fix misuse of non-idle barriers as fence trackers io_uring: avoid null-ptr-deref in io_arm_poll_handler s390/ipl: add missing intersection check to ipl_report handling PCI: Unify delay handling for reset and resume PCI/DPC: Await readiness of secondary bus after reset xfs: don't assert fail on perag references on teardown xfs: purge dquots after inode walk fails during quotacheck xfs: don't leak btree cursor when insrec fails after a split xfs: remove XFS_PREALLOC_SYNC xfs: fallocate() should call file_modified() xfs: set prealloc flag in xfs_alloc_file_space() xfs: use setattr_copy to set vfs inode attributes fs: add mode_strip_sgid() helper fs: move S_ISGID stripping into the vfs_*() helpers attr: add in_group_or_capable() fs: move should_remove_suid() attr: add setattr_should_drop_sgid() attr: use consistent sgid stripping checks fs: use consistent setgid checks in is_sxid() xfs: remove xfs_setattr_time() declaration HID: core: Provide new max_buffer_size attribute to over-ride the default HID: uhid: Over-ride the default maximum data buffer value with our own Linux 5.10.176 Change-Id: Icd45189f4182c749d1758c13e18705abb4ea9c5a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Fedor Pchelkin
|
84e2e393bf |
io_uring: avoid null-ptr-deref in io_arm_poll_handler
No upstream commit exists for this commit.
The issue was introduced with backporting upstream commit c16bda37594f
("io_uring/poll: allow some retries for poll triggering spuriously").
Memory allocation can possibly fail causing invalid pointer be
dereferenced just before comparing it to NULL value.
Move the pointer check in proper place (upstream has the similar location
of the check). In case the request has REQ_F_POLLED flag up, apoll can't
be NULL so no need to check there.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
0847230e9b |
Merge 5.10.173 into android12-5.10-lts
Changes in 5.10.173
HID: asus: Remove check for same LED brightness on set
HID: asus: use spinlock to protect concurrent accesses
HID: asus: use spinlock to safely schedule workers
powerpc/mm: Rearrange if-else block to avoid clang warning
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
arm64: dts: qcom: sc7180: correct SPMI bus address cells
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes
arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
ARM: s3c: fix s3c64xx_set_timer_source prototype
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: imx: Call ida_simple_remove() for ida_simple_get
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: correct stale comment of .get_budget
s390/dasd: Prepare for additional path event handling
s390/dasd: Fix potential memleak in dasd_eckd_init()
sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
sched/rt: pick_next_rt_entity(): check list_entry
x86/perf/zhaoxin: Add stepping check for ZXC
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
wifi: rsi: Fix memory leak in rsi_coex_attach()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
rtlwifi: fix -Wpointer-sign warning
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
crypto: x86/ghash - fix unaligned access in ghash_setkey()
ACPICA: Drop port I/O validation for some regions
genirq: Fix the return type of kstat_cpu_irqs_sum()
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
lib/mpi: Fix buffer overrun when SG is too long
crypto: ccp: Use the stack for small SEV command buffers
crypto: ccp: Use the stack and common buffer for status commands
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
ACPICA: nsrepair: handle cases without a return value correctly
thermal/drivers/tsens: Drop msm8976-specific defines
thermal/drivers/qcom/tsens_v1: Enable sensor 3 on MSM8976
thermal/drivers/tsens: Add compat string for the qcom,msm8960
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
wifi: orinoco: check return value of hermes_write_wordrec()
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
ath9k: hif_usb: simplify if-if to if-else
ath9k: htc: clean up statistics macros
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
ACPI: battery: Fix missing NUL-termination with large strings
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
crypto: essiv - Handle EBUSY correctly
crypto: seqiv - Handle EBUSY correctly
powercap: fix possible name leak in powercap_register_zone()
x86/cpu: Init AP exception handling from cpu_init_secondary()
x86/microcode: Replace deprecated CPU-hotplug functions.
x86: Mark stop_this_cpu() __noreturn
x86/microcode: Rip out the OLD_INTERFACE
x86/microcode: Default-disable late loading
x86/microcode: Print previous version of microcode after reload
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Adjust late loading result reporting message
net: ethernet: ti: am65-cpsw: fix tx csum offload for multi mac mode
net: ethernet: ti: am65-cpsw: handle deferred probe with dev_err_probe()
net: ethernet: ti: add missing of_node_put before return
crypto: xts - Handle EBUSY correctly
leds: led-class: Add missing put_device() to led_put()
crypto: ccp - Refactor out sev_fw_alloc()
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
bpftool: profile online CPUs instead of possible
net/mlx5: Enhance debug print in page allocation failure
irqchip: Fix refcount leak in platform_irqchip_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
s390/vmem: fix empty page tables cleanup under KASAN
net: add sock_init_data_uid()
tun: tun_chr_open(): correctly initialize socket uid
tap: tap_open(): correctly initialize socket uid
OPP: fix error checking in opp_migrate_dentry()
Bluetooth: L2CAP: Fix potential user-after-free
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
crypto: rsa-pkcs1pad - Use akcipher_request_complete
m68k: /proc/hardware should depend on PROC_FS
RISC-V: time: initialize hrtimer based broadcast clock event device
wifi: iwl3945: Add missing check for create_singlethread_workqueue
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
selftests/bpf: Fix out-of-srctree build
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
thermal/drivers/hisi: Drop second sensor hi3660
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
bpf: Fix global subprog context argument resolution logic
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
selftests/net: Interpret UDP_GRO cmsg data as an int value
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
net: bcmgenet: fix MoCA LED control
selftest: fib_tests: Always cleanup before exit
sefltests: netdevsim: wait for devlink instance after netns removal
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/vc4: dpi: Add option for inverting pixel clock and output enable
drm/vc4: dpi: Fix format mapping for RGB565
drm: tidss: Fix pixel format definition
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: rockchip: add support for rk3568
pinctrl: rockchip: do coding style for mux route struct
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
drm/vc4: hvs: Set AXI panic modes
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hdmi: Correct interlaced timings again
ASoC: fsl_sai: initialize is_dsp_mode flag
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
ALSA: hda/ca0132: minor fix for allocation size
drm/msm/dpu: Disallow unallocated resources to be returned
drm/bridge: lt9611: fix sleep mode setup
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: pass a pointer to the of node
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drm/msm: use strscpy instead of strncpy
drm/msm/dpu: Add check for cstate
drm/msm/dpu: Add check for pstates
drm/msm/mdp5: Add check for kzalloc
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: mediatek: Initialize variable *buf to zero
gpu: host1x: Don't skip assigning syncpoints to channels
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Clean dangling pointer on bind error path
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
gpio: vf610: connect GPIO label to dev name
spi: dw_bt1: fix MUX_MMIO dependencies
ASoC: mchp-spdifrx: fix controls which rely on rsr register
ASoC: atmel: fix spelling mistakes
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: dt-bindings: meson: fix gx-card codec node regex
hwmon: (ltc2945) Handle error case in ltc2945_value_store
drm/amdgpu: fix enum odm_combine_mode mismatch
scsi: mpt3sas: Fix a memory leak
scsi: aic94xx: Add missing check for dma_map_single()
spi: bcm63xx-hsspi: fix pm_runtime
spi: bcm63xx-hsspi: Fix multi-bit mode setting
hwmon: (mlxreg-fan) Return zero speed for broken fan
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
dm: remove flush_scheduled_work() during local_exit()
NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
NFSv4: keep state manager thread active if swap is enabled
nfs4trace: fix state manager flag printing
NFS: fix disabling of swap
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
HID: bigben: use spinlock to protect concurrent accesses
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to safely schedule workers
hid: bigben_probe(): validate report count
nfsd: fix race to check ls_layouts
cifs: Fix lost destroy smbd connection when MR allocate failed
cifs: Fix warning and UAF when destroy the MR list
gfs2: jdata writepage fix
perf llvm: Fix inadvertent file creation
leds: led-core: Fix refcount leak in of_led_get()
perf tools: Fix auto-complete on aarch64
sparc: allow PM configs for sparc32 COMPILE_TEST
selftests/ftrace: Fix bash specific "==" operator
printf: fix errname.c list
objtool: add UACCESS exceptions for __tsan_volatile_read/write
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
RISC-V: fix funct4 definition for c.jalr in parse_asm.h
mtd: rawnand: sunxi: Fix the size of the last OOB region
Input: iqs269a - drop unused device node references
Input: iqs269a - increase interrupt handler return delay
Input: iqs269a - configure device with a single block write
linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
clk: renesas: cpg-mssr: Remove superfluous check in resume code
clk: imx: avoid memory leak
Input: ads7846 - don't report pressure for ads7845
Input: ads7846 - convert to full duplex
Input: ads7846 - convert to one message
Input: ads7846 - always set last command to PWRDOWN
Input: ads7846 - don't check penirq immediately for 7845
clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
powerpc/perf/hv-24x7: add missing RTAS retry status handling
powerpc/pseries/lpar: add missing RTAS retry status handling
powerpc/pseries/lparcfg: add missing RTAS retry status handling
powerpc/rtas: make all exports GPL
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/eeh: Small refactor of eeh_handle_normal_event()
powerpc/eeh: Set channel state after notifying the drivers
MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
MIPS: vpe-mt: drop physical_memsize
vdpa/mlx5: Don't clear mr struct on destroy MR
alpha/boot/tools/objstrip: fix the check for ELF header
Input: iqs269a - do not poll during suspend or resume
Input: iqs269a - do not poll during ATI
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
media: ti: cal: fix possible memory leak in cal_ctx_create()
media: platform: ti: Add missing check for devm_regulator_get
powerpc: Remove linker flag from KBUILD_AFLAGS
builddeb: clean generated package content
media: max9286: Fix memleak in max9286_v4l2_register()
media: ov2740: Fix memleak in ov2740_init_controls()
media: ov5675: Fix memleak in ov5675_init_controls()
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: i2c: imx219: remove redundant writes
media: i2c: imx219: Split common registers from mode tables
media: i2c: imx219: Fix binning for RAW8 capture
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: saa7134: Use video_unregister_device for radio_dev
rpmsg: glink: Avoid infinite loop on intent for missing channel
udf: Define EFSCORRUPTED error code
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
blk-iocost: fix divide by 0 error in calc_lcoefs()
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
wifi: ath11k: debugfs: fix to work with multiple PCI devices
thermal: intel: Fix unsigned comparison with less than zero
timers: Prevent union confusion from unexpected restart_syscall()
x86/bugs: Reset speculation control settings on init
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
wifi: mt7601u: fix an integer underflow
inet: fix fast path in __inet_hash_connect()
ice: add missing checks for PF vsi type
ACPI: Don't build ACPICA with '-Os'
clocksource: Suspend the watchdog temporarily when high read latency detected
crypto: hisilicon: Wipe entire pool on error
net: bcmgenet: Add a check for oversized packets
m68k: Check syscall_trace_enter() return code
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
net/mlx5: fw_tracer: Fix debug print
coda: Avoid partial allocation of sig_inputArgs
uaccess: Add minimum bounds check on kernel buffer size
PM: EM: fix memory leak with using debugfs_lookup()
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
drm/amd/display: Fix potential null-deref in dm_resume
drm/omap: dsi: Fix excessive stack usage
HID: Add Mapping for System Microphone Mute
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
drm/radeon: free iio for atombios when driver shutdown
drm: amd: display: Fix memory leakage
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
docs/scripts/gdb: add necessary make scripts_gdb step
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
regulator: max77802: Bounds check regulator id against opmode
regulator: s5m8767: Bounds check id indexing into arrays
gfs2: Improve gfs2_make_fs_rw error handling
hwmon: (coretemp) Simplify platform device handling
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
HID: logitech-hidpp: Don't restart communication if not necessary
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
dm thin: add cond_resched() to various workqueue loops
dm cache: add cond_resched() to various workqueue loops
nfsd: zero out pointers after putting nfsd_files on COPY setup error
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
rtc: pm8xxx: fix set-alarm race
ipmi_ssif: Rename idle state and check
s390/extmem: return correct segment type in __segment_load()
s390: discard .interp section
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
fs: hfsplus: fix UAF issue in hfsplus_put_super
exfat: fix reporting fs error when reading dir beyond EOF
exfat: fix unexpected EOF while reading dir
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix inode->i_blocks for non-512 byte sector size device
f2fs: fix information leak in f2fs_move_inline_dirents()
f2fs: fix cgroup writeback accounting with fs-layer encryption
ocfs2: fix defrag path triggering jbd2 ASSERT
ocfs2: fix non-auto defrag path not working issue
udf: Truncate added extents on failed expansion
udf: Do not bother merging very long extents
udf: Do not update file length for failed writes to inline files
udf: Preserve link count of system files
udf: Detect system inodes linked into directory hierarchy
udf: Fix file corruption when appending just after end of preallocated extent
KVM: Destroy target device if coalesced MMIO unregistration fails
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: s390: disable migration mode when dirty tracking is disabled
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/AMD: Fix mixed steppings support
x86/speculation: Allow enabling STIBP with legacy IBRS
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
brd: return 0/-error from brd_insert_page()
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
irqdomain: Fix association race
irqdomain: Fix disassociation race
irqdomain: Drop bogus fwspec-mapping error handling
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
io_uring: mark task TASK_RUNNING before handling resume/task work
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring/rsrc: disallow multi-source reg buffers
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring/poll: allow some retries for poll triggering spuriously
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ext4: optimize ea_inode block expansion
ext4: refuse to create ea block when umounted
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
dm: add cond_resched() to dm_wq_work()
wifi: rtl8xxxu: Use a longer retry limit of 48
wifi: cfg80211: Fix use after free for wext
thermal: intel: powerclamp: Fix cur_state for multi package system
dm flakey: fix logic when corrupting a bio
dm flakey: don't corrupt the zero page
ARM: dts: exynos: correct TMU phandle in Exynos4210
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Odroid HC1
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
alpha: fix FEN fault handling
dax/kmem: Fix leak of memory-hotplug resources
mips: fix syscall_get_nr
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
remoteproc/mtk_scp: Move clk ops outside send_lock
docs: gdbmacros: print newest record
mm: memcontrol: deprecate charge moving
mm/thp: check and bail out if page in deferred queue already
ktest.pl: Give back console on Ctrt^C on monitor
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ring-buffer: Handle race between rb_move_tail and rb_check_pages
scsi: qla2xxx: Fix link failure in NPIV environment
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Fix erroneous link down
scsi: ses: Don't attach if enclosure has no components
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
riscv: jump_label: Fixup unaligned arch_static_branch function
PCI/PM: Observe reset delay irrespective of bridge_d3
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI: Avoid FLR for AMD FCH AHCI adapters
vfio/type1: prevent underflow of locked_vm via exec()
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
drm/radeon: Fix eDP for single-display iMac11,2
drm/edid: fix AVI infoframe aspect ratio handling
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
wifi: ath9k: use proper statements in conditionals
pinctrl: rockchip: fix mux route data for rk3568
pinctrl: rockchip: fix reading pull type on rk3568
kbuild: Port silent mode detection to future gnu make.
net/sched: Retire tcindex classifier
fs/jfs: fix shift exponent db_agl2size negative
objtool: Fix memory leak in create_static_call_sections()
pwm: sifive: Reduce time the controller lock is held
pwm: sifive: Always let the first pwm_apply_state succeed
pwm: stm32-lp: fix the check on arr and cmp registers update
f2fs: use memcpy_{to,from}_page() where possible
fs: f2fs: initialize fsdata in pagecache_write()
um: vector: Fix memory leak in vector_config
ubi: ensure that VID header offset + VID header size <= alloc, size
ubifs: Fix build errors as symbol undefined
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Reserve one leb for each journal head while doing budget
ubi: Fix use-after-free when volume resizing failed
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubifs: Fix memory leak in alloc_wbufs()
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubifs: Re-statistic cleaned znode count if commit failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
netfilter: ebtables: fix table blob use-after-free
ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
net: fix __dev_kfree_skb_any() vs drop monitor
9p/xen: fix version parsing
9p/xen: fix connection sequence
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
net/mlx5: Geneve, Fix handling of Geneve object id as error code
nfc: fix memory leak of se_io context in nfc_genl_se_io
net/sched: act_sample: fix action bind logic
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
tcp: tcp_check_req() can be called from process context
vc_screen: modify vcs_size() handling in vcs_read()
rtc: sun6i: Always export the internal oscillator
scsi: ipr: Work around fortify-string warning
loop: loop_set_status_from_info() check before assignment
ASoC: adau7118: don't disable regulators on device unbind
ASoC: zl38060: Remove spurious gpiolib select
ASoC: zl38060 add gpiolib dependency
thermal: intel: quark_dts: fix error pointer dereference
thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
IB/hfi1: Update RMT size calculation
media: uvcvideo: Handle cameras with invalid descriptors
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
media: uvcvideo: Silence memcpy() run-time false positive warnings
staging: emxx_udc: Add checks for dma_alloc_coherent()
tty: fix out-of-bounds access in tty_driver_lookup_tty()
tty: serial: fsl_lpuart: disable the CTS when send break signal
serial: sc16is7xx: setup GPIO controller later in probe
mei: bus-fixup:upon error print return values of send and receive
tools/iio/iio_utils:fix memory leak
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
PCI: loongson: Prevent LS7A MRRS increases
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
USB: ene_usb6250: Allocate enough memory for full object
usb: uvc: Enumerate valid values for color matching
usb: gadget: uvc: Make bSourceID read/write
PCI: Align extra resources for hotplug bridges properly
PCI: Take other bus devices into account when distributing resources
kernel/fail_function: fix memory leak with using debugfs_lookup()
PCI: loongson: Add more devices that need MRRS quirk
PCI: Add ACS quirk for Wangxun NICs
phy: rockchip-typec: Fix unsigned comparison with less than zero
soundwire: cadence: Remove wasted space in response_buf
soundwire: cadence: Drain the RX FIFO after an IO timeout
net: tls: avoid hanging tasks on the tx_lock
x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
x86/resctl: fix scheduler confusion with 'current'
drm/display/dp_mst: Fix down/up message handling after sink disconnect
drm/display/dp_mst: Fix down message handling after a packet reception error
Bluetooth: hci_sock: purge socket queues in the destruct() callback
tcp: Fix listen() regression in 5.10.163
drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
media: uvcvideo: Fix race condition with usb_kill_urb
Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
scsi: mpt3sas: Don't change DMA mask while reallocating pools
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
malidp: Fix NULL vs IS_ERR() checking
usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
Linux 5.10.173
Change-Id: Iedcbc093feb171d48c70976d0aa99e972fac3ad1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
2b5ee1cbc1 |
Merge 5.10.172 into android12-5.10-lts
Changes in 5.10.172 io_uring: ensure that io_init_req() passes in the right issue_flags Linux 5.10.172 Change-Id: Ic1bffa21a9ded5c77a905567594e985bcb52bc96 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
78985e3685 |
Merge 5.10.171 into android12-5.10-lts
Changes in 5.10.171 Fix XFRM-I support for nested ESP tunnels arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc ARM: dts: rockchip: add power-domains property to dp node on rk3288 ACPI: NFIT: fix a potential deadlock during NFIT teardown btrfs: send: limit number of clones and allocated memory size IB/hfi1: Assign npages earlier neigh: make sure used and confirmed times are valid HID: core: Fix deadloop in hid_apply_multiplier. bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). vc_screen: don't clobber return value in vcs_read md: Flush workqueue md_rdev_misc_wq in md_alloc() scripts/tags.sh: Invoke 'realpath' via 'xargs' scripts/tags.sh: fix incompatibility with PCRE2 drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling USB: serial: option: add support for VW/Skoda "Carstick LTE" usb: gadget: u_serial: Add null pointer check in gserial_resume USB: core: Don't hold device lock while reading the "descriptors" sysfs file io_uring: add missing lock in io_get_file_fixed Linux 5.10.171 Change-Id: I4ffd5ae7f55bc0579b65c9cff91327ffd5194c2f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jens Axboe
|
246f26664b |
io_uring/poll: allow some retries for poll triggering spuriously
commit c16bda37594f83147b167d381d54c010024efecf upstream. If we get woken spuriously when polling and fail the operation with -EAGAIN again, then we generally only allow polling again if data had been transferred at some point. This is indicated with REQ_F_PARTIAL_IO. However, if the spurious poll triggers when the socket was originally empty, then we haven't transferred data yet and we will fail the poll re-arm. This either punts the socket to io-wq if it's blocking, or it fails the request with -EAGAIN if not. Neither condition is desirable, as the former will slow things down, while the latter will make the application confused. We want to ensure that a repeated poll trigger doesn't lead to infinite work making no progress, that's what the REQ_F_PARTIAL_IO check was for. But it doesn't protect against a loop post the first receive, and it's unnecessarily strict if we started out with an empty socket. Add a somewhat random retry count, just to put an upper limit on the potential number of retries that will be done. This should be high enough that we won't really hit it in practice, unless something needs to be aborted anyway. Cc: stable@vger.kernel.org # v5.10+ Link: https://github.com/axboe/liburing/issues/364 Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
David Lamparter
|
7f3d132415 |
io_uring: remove MSG_NOSIGNAL from recvmsg
commit 7605c43d67face310b4b87dee1a28bc0c8cd8c0f upstream. MSG_NOSIGNAL is not applicable for the receiving side, SIGPIPE is generated when trying to write to a "broken pipe". AF_PACKET's packet_recvmsg() does enforce this, giving back EINVAL when MSG_NOSIGNAL is set - making it unuseable in io_uring's recvmsg. Remove MSG_NOSIGNAL from io_recvmsg_prep(). Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: David Lamparter <equinox@diac24.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jens Axboe <axboe@kernel.dk> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230224150123.128346-1-equinox@diac24.net Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
72783d2af8 |
io_uring/rsrc: disallow multi-source reg buffers
commit edd478269640b360c6f301f2baa04abdda563ef3 upstream. If two or more mappings go back to back to each other they can be passed into io_uring to be registered as a single registered buffer. That would even work if mappings came from different sources, e.g. it's possible to mix in this way anon pages and pages from shmem or hugetlb. That is not a problem but it'd rather be less prone if we forbid such mixing. Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
a442f12e47 |
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
commit fcc926bb857949dbfa51a7d95f3f5ebc657f198c upstream.
If the kernel is configured with CONFIG_PREEMPT_NONE, we could be
sitting in a tight loop reaping events but not giving them a chance to
finish. This results in a trace ala:
rcu: INFO: rcu_sched self-detected stall on CPU
rcu: 2-...!: (5249 ticks this GP) idle=935c/1/0x4000000000000000 softirq=4265/4274 fqs=1
(t=5251 jiffies g=465 q=4135 ncpus=4)
rcu: rcu_sched kthread starved for 5249 jiffies! g465 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_sched state:R running task stack:0 pid:12 ppid:2 flags:0x00000008
Call trace:
__switch_to+0xb0/0xc8
__schedule+0x43c/0x520
schedule+0x4c/0x98
schedule_timeout+0xbc/0xdc
rcu_gp_fqs_loop+0x308/0x344
rcu_gp_kthread+0xd8/0xf0
kthread+0xb8/0xc8
ret_from_fork+0x10/0x20
rcu: Stack dump where RCU GP kthread last ran:
Task dump for CPU 0:
task:kworker/u8:10 state:R running task stack:0 pid:89 ppid:2 flags:0x0000000a
Workqueue: events_unbound io_ring_exit_work
Call trace:
__switch_to+0xb0/0xc8
0xffff0000c8fefd28
CPU: 2 PID: 95 Comm: kworker/u8:13 Not tainted 6.2.0-rc5-00042-g40316e337c80-dirty #2759
Hardware name: linux,dummy-virt (DT)
Workqueue: events_unbound io_ring_exit_work
pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : io_do_iopoll+0x344/0x360
lr : io_do_iopoll+0xb8/0x360
sp : ffff800009bebc60
x29: ffff800009bebc60 x28: 0000000000000000 x27: 0000000000000000
x26: ffff0000c0f67d48 x25: ffff0000c0f67840 x24: ffff800008950024
x23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c27d3200
x20: ffff0000c0f67840 x19: ffff0000c0f67800 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000001 x13: 0000000000000001 x12: 0000000000000000
x11: 0000000000000179 x10: 0000000000000870 x9 : ffff800009bebd60
x8 : ffff0000c27d3ad0 x7 : fefefefefefefeff x6 : 0000646e756f626e
x5 : ffff0000c0f67840 x4 : 0000000000000000 x3 : ffff0000c2398000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
io_do_iopoll+0x344/0x360
io_uring_try_cancel_requests+0x21c/0x334
io_ring_exit_work+0x90/0x40c
process_one_work+0x1a4/0x254
worker_thread+0x1ec/0x258
kthread+0xb8/0xc8
ret_from_fork+0x10/0x20
Add a cond_resched() in the cancelation IOPOLL loop to fix this.
Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
3d1f9533a3 |
io_uring: mark task TASK_RUNNING before handling resume/task work
commit 2f2bb1ffc9983e227424d0787289da5483b0c74f upstream.
Just like for task_work, set the task mode to TASK_RUNNING before doing
potential resume work. We're not holding any locks at this point,
but we may have already set the task state to TASK_INTERRUPTIBLE in
preparation for going to sleep waiting for events. Ensure that we set it
back to TASK_RUNNING if we have work to process, to avoid warnings on
calling blocking operations with !TASK_RUNNING.
Fixes: b5d3ae202fbf ("io_uring: handle TIF_NOTIFY_RESUME when checking for task_work")
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/oe-lkp/202302062208.24d3e563-oliver.sang@intel.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
3f32f8492e |
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
commit b5d3ae202fbfe055aa2a8ae8524531ee1dcab717 upstream. If TIF_NOTIFY_RESUME is set, then we need to call resume_user_mode_work() for PF_IO_WORKER threads. They never return to usermode, hence never get a chance to process any items that are marked by this flag. Most notably this includes the final put of files, but also any throttling markers set by block cgroups. Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
da24142b1e |
io_uring: ensure that io_init_req() passes in the right issue_flags
We can't use 0 here, as io_init_req() is always invoked with the
ctx uring_lock held. Newer kernels have IO_URING_F_UNLOCKED for this,
but previously we used IO_URING_F_NONBLOCK to indicate this as well.
Fixes:
|
||
|
Bing-Jhong Billy Jheng
|
08681391b8 |
io_uring: add missing lock in io_get_file_fixed
io_get_file_fixed will access io_uring's context. Lock it if it is invoked unlocked (eg via io-wq) to avoid a race condition with fixed files getting unregistered. No single upstream patch exists for this issue, it was fixed as part of the file assignment changes that went into the 5.18 cycle. Signed-off-by: Jheng, Bing-Jhong Billy <billy@starlabs.sg> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
78da590924 |
Merge 5.10.165 into android12-5.10-lts
Changes in 5.10.165
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
pNFS/filelayout: Fix coalescing test for single DS
selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID
tools/virtio: initialize spinlocks in vring_test.c
net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
RDMA/srp: Move large values to a new enum for gcc13
btrfs: always report error in run_one_delayed_ref()
x86/asm: Fix an assembler warning with current binutils
f2fs: let's avoid panic if extent_tree is not created
wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
wifi: mac80211: sdata can be NULL during AMPDU start
Add exception protection processing for vd in axi_chan_handle_err function
zonefs: Detect append writes at invalid locations
nilfs2: fix general protection fault in nilfs_btree_insert()
efi: fix userspace infinite retry read efivars after EFI runtime services page fault
ALSA: hda/realtek - Turn on power early
drm/i915/gt: Reset twice
Bluetooth: hci_qca: Wait for timeout during suspend
Bluetooth: hci_qca: Fix driver shutdown on closed serdev
io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL
io_uring: improve send/recv error handling
io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly
io_uring: add flag for disabling provided buffer recycling
io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG)
io_uring: allow re-poll if we made progress
io_uring: fix async accept on O_NONBLOCK sockets
io_uring: check for valid register opcode earlier
io_uring: lock overflowing for IOPOLL
io_uring: fix CQ waiting timeout handling
io_uring: ensure that cached task references are always put on exit
io_uring: remove duplicated calls to io_kiocb_ppos
io_uring: update kiocb->ki_pos at execution time
io_uring: do not recalculate ppos unnecessarily
io_uring/rw: defer fsnotify calls to task context
xhci-pci: set the dma max_seg_size
usb: xhci: Check endpoint is valid before dereferencing it
xhci: Fix null pointer dereference when host dies
xhci: Add update_hub_device override for PCI xHCI hosts
xhci: Add a flag to disable USB3 lpm on a xhci root port level.
usb: acpi: add helper to check port lpm capability using acpi _DSM
xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
prlimit: do_prlimit needs to have a speculation check
USB: serial: option: add Quectel EM05-G (GR) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EM05CN modem
staging: vchiq_arm: fix enum vchiq_status return types
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
misc: fastrpc: Don't remove map on creater_process and device_release
misc: fastrpc: Fix use-after-free race condition for maps
usb: core: hub: disable autosuspend for TI TUSB8041
comedi: adv_pci1760: Fix PWM instruction handling
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
btrfs: fix race between quota rescan and disable leading to NULL pointer deref
cifs: do not include page data when checking signature
thunderbolt: Use correct function to calculate maximum USB3 link rate
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
USB: gadgetfs: Fix race between mounting and unmounting
USB: serial: cp210x: add SCALANCE LPE-9000 device id
usb: host: ehci-fsl: Fix module alias
usb: typec: altmodes/displayport: Add pin assignment helper
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation
dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
serial: pch_uart: Pass correct sg to dma_unmap_sg()
dmaengine: tegra210-adma: fix global intr clear
serial: atmel: fix incorrect baudrate setup
gsmi: fix null-deref in gsmi_get_variable
mei: me: add meteor lake point M DID
drm/i915: re-disable RC6p on Sandy Bridge
drm/amd/display: Fix set scaling doesn's work
drm/amd/display: Calculate output_color_space after pixel encoding adjustment
drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
arm64: efi: Execute runtime services from a dedicated stack
efi: rt-wrapper: Add missing include
Revert "drm/amdgpu: make display pinning more flexible (v2)"
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
tracing: Use alignof__(struct {type b;}) instead of offsetof()
io_uring: io_kiocb_update_pos() should not touch file for non -1 offset
io_uring/net: fix fast_iov assignment in io_setup_async_msg()
net/ulp: use consistent error code when blocking ULP
net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work()
Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
soc: qcom: apr: Make qcom,protection-domain optional again
Bluetooth: hci_qca: Wait for SSR completion during suspend
Bluetooth: hci_qca: check for SSR triggered flag while suspend
Bluetooth: hci_qca: Fixed issue during suspend
mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
io_uring: Clean up a false-positive warning from GCC 9.3.0
io_uring: fix double poll leak on repolling
io_uring/rw: ensure kiocb_end_write() is always called
io_uring/rw: remove leftover debug statement
Linux 5.10.165
Change-Id: Icb91157d9fa1b56cd79eedb8a9cc6118d0705244
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
4922049993 |
Merge 5.10.163 into android12-5.10-lts
Changes in 5.10.163
usb: musb: remove extra check in musb_gadget_vbus_draw
arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins
arm64: dts: qcom: msm8996: fix GPU OPP table
ARM: dts: qcom: apq8064: fix coresight compatible
arm64: dts: qcom: sdm630: fix UART1 pin bias
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
arm64: dts: qcom: msm8916: Drop MSS fallback compatible
objtool, kcsan: Add volatile read/write instrumentation to whitelist
ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96
ARM: dts: stm32: Fix AV96 WLAN regulator gpio property
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
soc: qcom: llcc: make irq truly optional
soc: qcom: apr: make code more reuseable
soc: qcom: apr: Add check for idr_alloc and of_property_read_string_index
arm: dts: spear600: Fix clcd interrupt
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node
arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init()
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
sched/fair: Cleanup task_util and capacity type
sched/uclamp: Fix relationship between uclamp and migration margin
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
lib/debugobjects: fix stat count and optimize debug_objects_mem_init
platform/x86: huawei-wmi: fix return value calculation
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
lib/fonts: fix undefined behavior in bit shift for get_default_font
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
selftests/efivarfs: Add checking of the test return value
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()
perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box()
platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
nfsd: don't call nfsd_file_put from client states seqfile display
genirq/irqdesc: Don't try to remove non-existing sysfs files
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
docs: fault-injection: fix non-working usage of negative values
debugfs: fix error when writing negative value to atomic_t debugfs file
ocfs2: ocfs2_mount_volume does cleanup job before return error
ocfs2: rewrite error handling of ocfs2_fill_super
ocfs2: fix memory leak in ocfs2_mount_volume()
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
clocksource/drivers/sh_cmt: Access registers according to spec
futex: Move to kernel/futex/
futex: Resend potentially swallowed owner death notification
cpu/hotplug: Make target_store() a nop when target == state
clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock()
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
MIPS: OCTEON: warn only once if deprecated link status is being used
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge
libbpf: Fix use-after-free in btf_dump_name_dups
libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: coda: jpeg: Add check for kmalloc
media: i2c: ad5820: Fix error path
venus: pm_helpers: Fix error check in vcodec_domains_get()
media: exynos4-is: Use v4l2_async_notifier_add_fwnode_remote_subdev
media: exynos4-is: don't rely on the v4l2_async_subdev internals
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
drm/rockchip: lvds: fix PM usage counter unbalance in poweron
clk: renesas: r9a06g032: Repair grave increment error
spi: Update reference to struct spi_controller
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
ima: Fix fall-through warnings for Clang
ima: Handle -ESTALE returned by ima_filter_rule_match()
drm/msm/hdmi: switch to drm_bridge_connector
drm/msm/hdmi: drop unused GPIO support
bpf: Fix slot type check in check_stack_write_var_off
media: vivid: fix compose size exceed boundary
media: platform: exynos4-is: fix return value check in fimc_md_probe()
bpf: propagate precision in ALU/ALU64 operations
bpf: Check the other end of slot_type for STACK_SPILL
bpf: propagate precision across all frames, not just the last one
clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs
mtd: Fix device name leak when register device failed in add_mtd_device()
Input: joystick - fix Kconfig warning for JOYSTICK_ADC
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
rxrpc: Fix ack.bufferSize to be 0 when generating an ack
drm/radeon: Add the missed acpi_put_table() to fix memory leak
drm/mediatek: Modify dpi power on/off sequence.
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
drm/fourcc: Add packed 10bit YUV 4:2:0 format
drm/fourcc: Fix vsub/hsub for Q410 and Q401
integrity: Fix memory leakage in keyring allocation error path
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: videobuf-dma-contig: use dma_mmap_coherent
inet: add READ_ONCE(sk->sk_bound_dev_if) in inet_csk_bind_conflict()
bpf: Move skb->len == 0 checks into __bpf_redirect
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
regulator: core: use kfree_const() to free space conditionally
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
drm/amdgpu: fix pci device refcount leak
bonding: fix link recovery in mode 2 when updelay is nonzero
mtd: maps: pxa2xx-flash: fix memory leak in probe
drbd: fix an invalid memory access caused by incorrect use of list iterator
ASoC: qcom: Add checks for devm_kcalloc
media: vimc: Fix wrong function called when vimc_init() fails
media: imon: fix a race condition in send_packet()
clk: imx: replace osc_hdmi with dummy
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
ASoC: dt-bindings: wcd9335: fix reset line polarity in example
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix initialisation of struct nfs4_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFS: Fix an Oops in nfs_d_automount()
ALSA: asihpi: fix missing pci_disable_device()
wifi: iwlwifi: mvm: fix double free on tx path.
ASoC: mediatek: mt8173: Fix debugfs registration for components
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
drm/amd/pm/smu11: BACO is supported when it's in BACO state
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
netfilter: conntrack: set icmpv6 redirects as RELATED
bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
bonding: uninitialized variable in bond_miimon_inspect()
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
wifi: mac80211: fix memory leak in ieee80211_if_add()
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
wifi: mt76: fix coverity overrun-call in mt76_get_txpower()
regulator: core: fix module refcount leak in set_supply()
clk: qcom: clk-krait: fix wrong div2 functions
hsr: Add a rcu-read lock to hsr_forward_skb().
net: hsr: generate supervision frame without HSR/PRP tag
hsr: Disable netpoll.
hsr: Synchronize sending frames to have always incremented outgoing seq nr.
hsr: Synchronize sequence number updates.
configfs: fix possible memory leak in configfs_create_dir()
regulator: core: fix resource leak in regulator_register()
hwmon: (jc42) Convert register access and caching to regmap/regcache
hwmon: (jc42) Restore the min/max/critical temperatures on resume
bpf, sockmap: fix race in sock_map_free()
ALSA: pcm: Set missing stop_operating flag at undoing trigger start
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: alcor: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: pxamci: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: omap_hsmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: rtl8xxxu: Fix the channel width reporting
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: Fix memory leak in socfpga_gate_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
can: tcan4x5x: Remove invalid write in clear_interrupts
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
sctp: sysctl: make extra pointers netns aware
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
crypto: sun8i-ss - use dma_addr instead u32
crypto: nitrox - avoid double free on error path in nitrox_sriov_init()
scsi: core: Fix a race between scsi_done() and scsi_timeout()
apparmor: Use pointer to struct aa_label for lbs_cred
PCI: dwc: Fix n_fts[] array overrun
RDMA/core: Fix order of nldev_exit call
PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled
f2fs: Fix the race condition of resize flag between resizefs
crypto: rockchip - do not do custom power management
crypto: rockchip - do not store mode globally
crypto: rockchip - add fallback for cipher
crypto: rockchip - add fallback for ahash
crypto: rockchip - better handle cipher key
crypto: rockchip - remove non-aligned handling
crypto: rockchip - delete unneeded variable initialization
crypto: rockchip - rework by using crypto_engine
apparmor: Fix memleak in alloc_ns()
f2fs: fix normal discard process
RDMA/siw: Fix immediate work request flush to completion queue
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
RDMA/siw: Set defined status for work completion with undefined status
scsi: scsi_debug: Fix a warning in resp_write_scat()
crypto: ccree - Remove debugfs when platform_driver_register failed
crypto: cryptd - Use request context instead of stack for sub-request
crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set()
RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data()
RDMA/hns: Fix ext_sge num error when post send
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hns: fix memory leak in hns_roce_alloc_mr()
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
padata: Always leave BHs disabled when running ->parallel()
padata: Fix list iterator in padata_do_serial()
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: scsi_debug: Fix a warning in resp_verify()
scsi: scsi_debug: Fix a warning in resp_report_zones()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
f2fs: avoid victim selection from previous victim section
RDMA/nldev: Fix failure to send large messages
crypto: amlogic - Remove kcalloc without check
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
riscv/mm: add arch hook arch_clear_hugepage_flags
RDMA/hfi1: Fix error return code in parse_platform_config()
RDMA/srp: Fix error return code in srp_parse_options()
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hns: Fix PBL page MTR find
RDMA/hns: Fix page size cap from firmware
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
usb: typec: tipd: Fix spurious fwnode_handle_put in error path
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: ocxl: fix possible name leak in ocxl_file_register_afu()
ocxl: fix pci device refcount leak when calling get_function_0()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
iio: temperature: ltc2983: make bulk write buffer DMA-safe
genirq: Add IRQF_NO_AUTOEN for request_irq/nmi()
iio:imu:adis: Use IRQF_NO_AUTOEN instead of irq request then disable
iio: adis: handle devices that cannot unmask the drdy pin
iio: adis: stylistic changes
iio:imu:adis: Move exports into IIO_ADISLIB namespace
iio: adis: add '__adis_enable_irq()' implementation
counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
gpiolib: Get rid of redundant 'else'
gpiolib: cdev: fix NULL-pointer dereferences
i2c: mux: reg: check return value after calling platform_get_resource()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
thermal/drivers/imx8mm_thermal: Validate temperature range
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf trace: Return error if a system call doesn't exist
perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
perf trace: Handle failure when trace point folder is missed
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
power: supply: fix null pointer dereferencing in power_supply_get_battery_info
RDMA/siw: Fix pointer cast warning
iommu/sun50i: Fix reset release
iommu/sun50i: Consider all fault sources for reset
iommu/sun50i: Fix R/W permission check
iommu/sun50i: Fix flush size
phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices
include/uapi/linux/swab: Fix potentially missing __always_inline
pwm: tegra: Improve required rate calculation
dmaengine: idxd: Fix crc_val field for completion record
rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0
rtc: cmos: Fix event handler registration ordering issue
rtc: cmos: Fix wake alarm breakage
rtc: cmos: fix build on non-ACPI platforms
rtc: cmos: Call cmos_wake_setup() from cmos_do_probe()
rtc: cmos: Call rtc_wake_setup() from cmos_do_probe()
rtc: cmos: Eliminate forward declarations of some functions
rtc: cmos: Rename ACPI-related functions
rtc: cmos: Disable ACPI RTC event on removal
rtc: snvs: Allow a time difference on clock register read
rtc: pcf85063: Fix reading alarm
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xmon: Enable breakpoints on 8xx
powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
kbuild: remove unneeded mkdir for external modules_install
kbuild: unify modules(_install) for in-tree and external modules
kbuild: refactor single builds of *.ko
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove
remoteproc: qcom_q6v5_pas: detach power domains on remove
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
powerpc/eeh: Drop redundant spinlock initialization
powerpc/pseries/eeh: use correct API for error log size
netfilter: flowtable: really fix NAT IPv6 offload
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
rtc: pcf85063: fix pcf85063_clkout_control
NFSD: Remove spurious cb_setup_err tracepoint
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
net: macsec: fix net device access prior to holding a lock
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
net: switch to storing KCOV handle directly in sk_buff
net: add inline function skb_csum_is_sctp
net: igc: use skb_csum_is_sctp instead of protocol check
net: add a helper to avoid issues with HW TX timestamping and SO_TXTIME
igc: Enhance Qbv scheduling by using first flag bit
igc: Use strict cycles for Qbv scheduling
igc: Add checking for basetime less than zero
igc: recalculate Qbv end_time by considering cycle time
igc: Lift TAPRIO schedule restriction
igc: Set Qbv start_time and end_time to end_time if not being configured in GCL
rtc: mxc_v2: Add missing clk_disable_unprepare()
selftests: devlink: fix the fd redirect in dummy_reporter_test
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
mailbox: zynq-ipi: fix error handling while device_register() fails
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
arm64: make is_ttbrX_addr() noinstr-safe
video: hyperv_fb: Avoid taking busy spinlock on panic path
x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
nilfs2: fix shift-out-of-bounds due to too large exponent of block size
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
drm/etnaviv: add missing quirks for GC300
brcmfmac: return error when getting invalid max_flowrings from dongle
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
drm/amd/display: prevent memory leak
qed (gcc13): use u16 for fid to be big enough
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
drm/amdgpu: Fix type of second parameter in trans_msg() callback
drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/msm: Use drm_mode_copy()
drm/rockchip: Use drm_mode_copy()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drm/amd/display: fix array index out of bound error in bios parser
net: add atomic_long_t to net_device_stats fields
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
bpf: Prevent decl_tag from being referenced in func_proto arg
ethtool: avoiding integer overflow in ethtool_phys_id()
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
libbpf: Avoid enum forward-declarations in public API in C++ mode
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
mmc: renesas_sdhi: better reset from HS400 mode
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
hwmon: (jc42) Fix missing unlock on error in jc42_write()
ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
ALSA: hda: add snd_hdac_stop_streams() helper
ASoC: Intel: Skylake: Fix driver hang during shutdown
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
LoadPin: Ignore the "contents" argument of the LSM hooks
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option()
afs: Fix lost servers_outstanding count
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
ima: Simplify ima_lsm_copy_rule
ALSA: usb-audio: add the quirk for KT0206 device
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
HID: mcp2221: don't connect hidraw
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
iio: adc128s052: add proper .data members in adc128_of_match table
regulator: core: fix deadlock on regulator enable
gcov: add support for checksum field
ovl: fix use inode directly in rcu-walk mode
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
pwm: tegra: Fix 32 bit build
usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
cifs: fix oops during encryption
nvme-pci: fix doorbell buffer value endianness
nvme-pci: fix mempool alloc size
nvme-pci: fix page size checks
ata: ahci: Fix PCS quirk application for suspend
nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
nvmet: don't defer passthrough commands with trivial effects to the workqueue
objtool: Fix SEGFAULT
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
HID: plantronics: Additional PIDs for double volume key presses quirk
pstore/zone: Use GFP_ATOMIC to allocate zone buffer
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
binfmt: Fix error return code in load_elf_fdpic_binary()
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mm, compaction: fix fast_isolate_around() to stay within boundaries
f2fs: should put a page when checking the summary info
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: acpi: Call acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
kcsan: Instrument memcpy/memset/memmove with newer Clang
ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio
ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire
net/mlx5e: Fix nullptr in mlx5e_tc_add_fdb_flow()
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
wifi: rtlwifi: 8192de: correct checking of IQK reload
torture: Exclude "NOHZ tick-stop error" from fatal errors
rcu: Prevent lockdep-RCU splats on lock acquisition/release
net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
net/af_packet: make sure to pull mac header
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl minconfig: Unset configs instead of just removing them
jbd2: use the correct print format
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
btrfs: fix resolving backrefs for inline extent followed by prealloc
ARM: ux500: do not directly dereference __iomem
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
selftests: Use optional USERCFLAGS and USERLDFLAGS
PM/devfreq: governor: Add a private governor_data for governor
cpufreq: Init completion before kobject_init_and_add()
ALSA: patch_realtek: Fix Dell Inspiron Plus 16
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm thin: Use last transaction's pmd->root when commit failed
dm thin: resume even if in FAIL mode
dm thin: Fix UAF in run_timer_softirq()
dm integrity: Fix UAF in dm_integrity_dtr()
dm clone: Fix UAF in clone_dtr()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
perf/core: Call LSM hook after copying perf_event_attr
KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
x86/microcode/intel: Do not retry microcode reloading on the APs
ftrace/x86: Add back ftrace_expected for ftrace bug reports
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
staging: media: tegra-video: fix chan->mipi value on error
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
cifs: fix missing display of three mount options
rtc: ds1347: fix value written to century register
md/bitmap: Fix bitmap chunk size overflow issues
efi: Add iMac Pro 2017 to uefi skip cert quirk
wifi: wilc1000: sdio: fix module autoloading
ASoC: jz4740-i2s: Handle independent FIFO flush bits
ipmi: fix long wait in unload when IPMI disconnect
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
driver core: Fix bus_type.match() error handling in __driver_attach()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
drm/i915/dsi: fix VBT send packet port selection for dual link DSI
drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init()
ext4: silence the warning when evicting inode with dioread_nolock
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: add helper to check quota inums
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: check and assert if marking an no_delete evicting inode dirty
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
drm/amdgpu: handle polaris10/11 overlap asics (v2)
drm/amdgpu: make display pinning more flexible (v2)
ARM: renumber bits related to _TIF_WORK_MASK
perf/x86/intel/uncore: Generalize I/O stacks to PMON mapping procedure
perf/x86/intel/uncore: Clear attr_update properly
btrfs: replace strncpy() with strscpy()
x86/mce: Get rid of msr_ops
x86/MCE/AMD: Clear DFR errors found in THR handler
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
x86/kprobes: Convert to insn_decode()
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
staging: media: tegra-video: fix device_node use after free
ravb: Fix "failed to switch device to config mode" message during unbind
riscv/stacktrace: Fix stack output without ra on the stack top
riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
mm/highmem: Lift memcpy_[to|from]_page to core
ext4: use memcpy_to_page() in pagecache_write()
fs: ext4: initialize fsdata in pagecache_write()
ext4: move functions in super.c
ext4: simplify ext4 error translation
ext4: fix various seppling typos
ext4: fix leaking uninitialized memory in fast-commit journal
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
drm/panfrost: Fix GEM handle creation ref-counting
vmxnet3: correctly report csum_level for encapsulated packet
veth: Fix race with AF_XDP exposing old or uninitialized descriptors
nfsd: shut down the NFSv4 state objects before the filecache
net: hns3: add interrupts re-initialization while doing VF FLR
net: sched: fix memory leak in tcindex_set_parms
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
vhost/vsock: Fix error handling in vhost_vsock_init()
vringh: fix range used in iotlb_translate()
vhost: fix range used in translate_desc()
net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
net/mlx5: Avoid recovery in probe flows
net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default
net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
drm/meson: Reduce the FIFO lines held when AFBC is not used
filelock: new helper: vfs_inode_has_locks
ceph: switch to vfs_inode_has_locks() to fix file lock bug
gpio: sifive: Fix refcount leak in sifive_gpio_probe
net: sched: atm: dont intepret cls results when asked to drop
net: sched: cbq: dont intepret cls results when asked to drop
netfilter: ipset: fix hash:net,port,net hang with /0 subnet
netfilter: ipset: Rework long task execution when adding/deleting entries
perf tools: Fix resources leak in perf_data__open_dir()
drivers/net/bonding/bond_3ad: return when there's no aggregator
usb: rndis_host: Secure rndis_query check against int overflow
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
nvme: fix multipath crash caused by flush request when blktrace is enabled
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
riscv: uaccess: fix type of 0 variable on error in get_user()
drm/i915/gvt: fix gvt debugfs destroy
drm/i915/gvt: fix vgpu debugfs clean in remove
ext4: don't allow journal inode to have encrypt flag
selftests: set the BUILD variable to absolute path
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
efi: random: combine bootloader provided RNG seed with RNG protocol output
io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res()
parisc: Align parisc MADV_XXX constants with all other architectures
ext4: disable fast-commit of encrypted dir operations
ext4: don't set up encryption key during jbd2 transaction
fsl_lpuart: Don't enable interrupts too early
serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way"
mptcp: mark ops structures as ro_after_init
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
mptcp: dedicated request sock for subflow in v6
mptcp: use proper req destructor for IPv6
net: sched: disallow noqueue for qdisc classes
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
ALSA: hda - Enable headset mic on another Dell laptop with ALC3254
Linux 5.10.163
Change-Id: I9026971760be8484f1e1fa607f9f91243cc87785
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
1cd4863ea8 |
ANDROID: struct io_uring ABI preservation hack for 5.10.162 changes
In the 5.10.162 release, the io_uring code was synced with the version
that is in the 5.15.y kernel tree in order to resolve a huge number of
potential, and known, problems with the codebase. This makes for a more
secure and easier-to-update-and-maintain 5.10.y kernel tree, so this is
a great thing, however this caused some issues when it comes to the
Android KABI preservation and checking tools.
A number of the io_uring structures get used in other core kernel
structures, only as "opaque" pointers, so there is not any real ABI
breakage. But, due to the visibility of the structures going away, the
CRC values of many scheduler variables and functions were changed.
In order to preserve the CRC values, to prevent all device kernels to be
forced to rebuild for no reason whatsoever from a functional point of
view, we need to keep around the "old" io_uring structures for the CRC
calculation only. This is done by the following definitions of struct
io_identity and struct io_uring_task which will only be visible when the
CRC calculation build happens, not in any functional kernel build.
Yes, this all is a horrible hack, and these really are not the true
structures that any code uses, but so life is in the world of stable
apis.
Bug: 161946584
Fixes:
|
||
|
Jens Axboe
|
e699cce29a |
io_uring/rw: remove leftover debug statement
commit 5c61795ea97c170347c5c4af0c159bd877b8af71 upstream.
This debug statement was never meant to go into the upstream release,
kill it off before it ends up in a release. It was just part of the
testing for the initial version of the patch.
Fixes: 2ec33a6c3cca ("io_uring/rw: ensure kiocb_end_write() is always called")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
3d5f181bda |
io_uring/rw: ensure kiocb_end_write() is always called
commit 2ec33a6c3cca9fe2465e82050c81f5ffdc508b36 upstream.
A previous commit moved the notifications and end-write handling, but
it is now missing a few spots where we also want to call both of those.
Without that, we can potentially be missing file notifications, and
more importantly, have an imbalance in the super_block writers sem
accounting.
Fixes: b000145e9907 ("io_uring/rw: defer fsnotify calls to task context")
Reported-by: Dave Chinner <david@fromorbit.com>
Link: https://lore.kernel.org/all/20221010050319.GC2703033@dread.disaster.area/
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Begunkov
|
c1a279d79e |
io_uring: fix double poll leak on repolling
commit c0737fa9a5a5cf5a053bcc983f72d58919b997c6 upstream.
We have re-polling for partial IO, so a request can be polled twice. If
it used two poll entries the first time then on the second
io_arm_poll_handler() it will find the old apoll entry and NULL
kmalloc()'ed second entry, i.e. apoll->double_poll, so leaking it.
Fixes: 10c873334feba ("io_uring: allow re-poll if we made progress")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/fee2452494222ecc7f1f88c8fb659baef971414a.1655852245.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Alviro Iskandar Setiawan
|
ddaaadf22b |
io_uring: Clean up a false-positive warning from GCC 9.3.0
commit 0d7c1153d9291197c1dc473cfaade77acb874b4b upstream. In io_recv(), if import_single_range() fails, the @flags variable is uninitialized, then it will goto out_free. After the goto, the compiler doesn't know that (ret < min_ret) is always true, so it thinks the "if ((flags & MSG_WAITALL) ..." path could be taken. The complaint comes from gcc-9 (Debian 9.3.0-22) 9.3.0: ``` fs/io_uring.c:5238 io_recvfrom() error: uninitialized symbol 'flags' ``` Fix this by bypassing the @ret and @flags check when import_single_range() fails. Reasons: 1. import_single_range() only returns -EFAULT when it fails. 2. At that point, @flags is uninitialized and shouldn't be read. Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Reported-by: "Chen, Rong A" <rong.a.chen@intel.com> Link: https://lore.gnuweeb.org/timl/d33bb5a9-8173-f65b-f653-51fc0681c6d6@intel.com/ Cc: Pavel Begunkov <asml.silence@gmail.com> Suggested-by: Ammar Faizi <ammarfaizi2@gnuweeb.org> Fixes: 7297ce3d59449de49d3c9e1f64ae25488750a1fc ("io_uring: improve send/recv error handling") Signed-off-by: Alviro Iskandar Setiawan <alviro.iskandar@gmail.com> Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org> Link: https://lore.kernel.org/r/20220207140533.565411-1-ammarfaizi2@gnuweeb.org Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Stefan Metzmacher
|
fc2491562a |
io_uring/net: fix fast_iov assignment in io_setup_async_msg()
commit 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 upstream.
I hit a very bad problem during my tests of SENDMSG_ZC.
BUG(); in first_iovec_segment() triggered very easily.
The problem was io_setup_async_msg() in the partial retry case,
which seems to happen more often with _ZC.
iov_iter_iovec_advance() may change i->iov in order to have i->iov_offset
being only relative to the first element.
Which means kmsg->msg.msg_iter.iov is no longer the
same as kmsg->fast_iov.
But this would rewind the copy to be the start of
async_msg->fast_iov, which means the internal
state of sync_msg->msg.msg_iter is inconsitent.
I tested with 5 vectors with length like this 4, 0, 64, 20, 8388608
and got a short writes with:
- ret=2675244 min_ret=8388692 => remaining 5713448 sr->done_io=2675244
- ret=-EAGAIN => io_uring_poll_arm
- ret=4911225 min_ret=5713448 => remaining 802223 sr->done_io=7586469
- ret=-EAGAIN => io_uring_poll_arm
- ret=802223 min_ret=802223 => res=8388692
While this was easily triggered with SENDMSG_ZC (queued for 6.1),
it was a potential problem starting with 7ba89d2af17aa879dda30f5d5d3f152e587fc551
in 5.18 for IORING_OP_RECVMSG.
And also with 4c3c09439c08b03d9503df0ca4c7619c5842892e in 5.19
for IORING_OP_SENDMSG.
However 257e84a5377fbbc336ff563833a8712619acce56 introduced the critical
code into io_setup_async_msg() in 5.11.
Fixes: 7ba89d2af17aa ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly")
Fixes: 257e84a5377fb ("io_uring: refactor sendmsg/recvmsg iov managing")
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b2e7be246e2fb173520862b0c7098e55767567a2.1664436949.git.metze@samba.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
89a77271d2 |
io_uring: io_kiocb_update_pos() should not touch file for non -1 offset
commit 6f83ab22adcb77a5824d2c274dace0d99e21319f upstream.
-1 tells use to use the current position, but we check if the file is
a stream regardless of that. Fix up io_kiocb_update_pos() to only
dip into file if we need to. This is both more efficient and also drops
12 bytes of text on aarch64 and 64 bytes on x86-64.
Fixes: b4aec4001595 ("io_uring: do not recalculate ppos unnecessarily")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
ea2e6286e3 |
io_uring/rw: defer fsnotify calls to task context
commit b000145e9907809406d8164c3b2b8861d95aecd1 upstream. We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the task_work for this request. That avoids valid complaints like: stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 Fixes: f63cf5192fe3 ("io_uring: ensure that fsnotify is always called") Link: https://lore.kernel.org/all/20220929135627.ykivmdks2w5vzrwg@quack3/ Reported-by: syzbot+dfcc5f4da15868df7d4d@syzkaller.appspotmail.com Reported-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Dylan Yudaken
|
e90cfb9699 |
io_uring: do not recalculate ppos unnecessarily
commit b4aec40015953b65f2f114641e7fd7714c8df8e6 upstream. There is a slight optimisation to be had by calculating the correct pos pointer inside io_kiocb_update_pos and then using that later. It seems code size drops by a bit: 000000000000a1b0 0000000000000400 t io_read 000000000000a5b0 0000000000000319 t io_write vs 000000000000a1b0 00000000000003f6 t io_read 000000000000a5b0 0000000000000310 t io_write Signed-off-by: Dylan Yudaken <dylany@fb.com> Reviewed-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Dylan Yudaken
|
ea528ecac3 |
io_uring: update kiocb->ki_pos at execution time
commit d34e1e5b396a0dbaa4a29b7138df662cfb9d8e8e upstream. Update kiocb->ki_pos at execution time rather than in io_prep_rw(). io_prep_rw() happens before the job is enqueued to a worker and so the offset might be read multiple times before being executed once. Ensures that the file position in a set of _linked_ SQEs will be only obtained after earlier SQEs have completed, and so will include their incremented file position. Signed-off-by: Dylan Yudaken <dylany@fb.com> Reviewed-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Dylan Yudaken
|
076f872314 |
io_uring: remove duplicated calls to io_kiocb_ppos
commit af9c45ecebaf1b428306f41421f4bcffe439f735 upstream. io_kiocb_ppos is called in both branches, and it seems that the compiler does not fuse this. Fusing removes a few bytes from loop_rw_iter. Before: $ nm -S fs/io_uring.o | grep loop_rw_iter 0000000000002430 0000000000000124 t loop_rw_iter After: $ nm -S fs/io_uring.o | grep loop_rw_iter 0000000000002430 000000000000010d t loop_rw_iter Signed-off-by: Dylan Yudaken <dylany@fb.com> Reviewed-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
e9c6556708 |
io_uring: ensure that cached task references are always put on exit
commit e775f93f2ab976a2cdb4a7b53063cbe890904f73 upstream. io_uring caches task references to avoid doing atomics for each of them per request. If a request is put from the same task that allocated it, then we can maintain a per-ctx cache of them. This obviously relies on io_uring always pruning caches in a reliable way, and there's currently a case off io_uring fd release where we can miss that. One example is a ring setup with IOPOLL, which relies on the task polling for completions, which will free them. However, if such a task submits a request and then exits or closes the ring without reaping the completion, then ring release will reap and put. If release happens from that very same task, the completed request task refs will get put back into the cache pool. This is problematic, as we're now beyond the point of pruning caches. Manually drop these caches after doing an IOPOLL reap. This releases references from the current task, which is enough. If another task happens to be doing the release, then the caching will not be triggered and there's no issue. Cc: stable@vger.kernel.org Fixes: e98e49b2bbf7 ("io_uring: extend task put optimisations") Reported-by: Homin Rhee <hominlab@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pavel Begunkov
|
e0140e9da3 |
io_uring: fix CQ waiting timeout handling
commit 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 upstream. Jiffy to ktime CQ waiting conversion broke how we treat timeouts, in particular we rearm it anew every time we get into io_cqring_wait_schedule() without adjusting the timeout. Waiting for 2 CQEs and getting a task_work in the middle may double the timeout value, or even worse in some cases task may wait indefinitely. Cc: stable@vger.kernel.org Fixes: 228339662b398 ("io_uring: don't convert to jiffies for waiting on timeouts") Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/f7bffddd71b08f28a877d44d37ac953ddb01590d.1672915663.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pavel Begunkov
|
de77faee28 |
io_uring: lock overflowing for IOPOLL
commit 544d163d659d45a206d8929370d5a2984e546cb7 upstream. syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773 io_fill_cqe_req io_uring/io_uring.h:168 [inline] io_do_iopoll+0x474/0x62c io_uring/rw.c:1065 io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513 io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056 io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path. Reported-and-tested-by: syzbot+6805087452d72929404e@syzkaller.appspotmail.com Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
78e8151f04 |
io_uring: check for valid register opcode earlier
[ Upstream commit 343190841a1f22b96996d9f8cfab902a4d1bfd0e ] We only check the register opcode value inside the restricted ring section, move it into the main io_uring_register() function instead and check it up front. Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Dylan Yudaken
|
aa4c9b3e45 |
io_uring: fix async accept on O_NONBLOCK sockets
commit a73825ba70c93e1eb39a845bb3d9885a787f8ffe upstream. Do not set REQ_F_NOWAIT if the socket is non blocking. When enabled this causes the accept to immediately post a CQE with EAGAIN, which means you cannot perform an accept SQE on a NONBLOCK socket asynchronously. By removing the flag if there is no pending accept then poll is armed as usual and when a connection comes in the CQE is posted. Signed-off-by: Dylan Yudaken <dylany@fb.com> Link: https://lore.kernel.org/r/20220324143435.2875844-1-dylany@fb.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
4bc17e6381 |
io_uring: allow re-poll if we made progress
commit 10c873334febaeea9aa0c25c10b5ac0951b77a5f upstream. We currently check REQ_F_POLLED before arming async poll for a notification to retry. If it's set, then we don't allow poll and will punt to io-wq instead. This is done to prevent a situation where a buggy driver will repeatedly return that there's space/data available yet we get -EAGAIN. However, if we already transferred data, then it should be safe to rely on poll again. Gate the check on whether or not REQ_F_PARTIAL_IO is also set. Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
f901b4bfd0 |
io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG)
commit 4c3c09439c08b03d9503df0ca4c7619c5842892e upstream. Like commit 7ba89d2af17a for recv/recvmsg, support MSG_WAITALL for the send side. If this flag is set and we do a short send, retry for a stream of seqpacket socket. Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
96ccba4a1a |
io_uring: add flag for disabling provided buffer recycling
commit 8a3e8ee56417f5e0e66580d93941ed9d6f4c8274 upstream. If we need to continue doing this IO, then we don't want a potentially selected buffer recycled. Add a flag for that. Set this for recv/recvmsg if they do partial IO. Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
aadd9b0930 |
io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly
commit 7ba89d2af17aa879dda30f5d5d3f152e587fc551 upstream. We currently don't attempt to get the full asked for length even if MSG_WAITALL is set, if we get a partial receive. If we do see a partial receive, then just note how many bytes we did and return -EAGAIN to get it retried. The iov is advanced appropriately for the vector based case, and we manually bump the buffer and remainder for the non-vector case. Cc: stable@vger.kernel.org Reported-by: Constantine Gavrilov <constantine.gavrilov@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pavel Begunkov
|
abdc16c836 |
io_uring: improve send/recv error handling
commit 7297ce3d59449de49d3c9e1f64ae25488750a1fc upstream. Hide all error handling under common if block, removes two extra ifs on the success path and keeps the handling more condensed. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/5761545158a12968f3caf30f747eea65ed75dfc1.1637524285.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Harshit Mogalapalli
|
07b3672c40 |
io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res()
Smatch warning: io_fixup_rw_res() warn:
unsigned 'res' is never less than zero.
Change type of 'res' from unsigned to long.
Fixes: d6b7efc722a2 ("io_uring/rw: fix error'ed retry return values")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jens Axboe
|
189556b05e |
io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups
[ Upstream commit 4464853277d0ccdb9914608dd1332f0fa2f9846f ] Pass in EPOLL_URING_WAKE when signaling eventfd or doing poll related wakups, so that we can check for a circular event dependency between eventfd and epoll. If this flag is set when our wakeup handlers are called, then we know we have a dependency that needs to terminate multishot requests. eventfd and epoll are the only such possible dependencies. Cc: stable@vger.kernel.org # 6.0 Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
788d082426 |
io_uring: import 5.15-stable io_uring
No upstream commit exists. This imports the io_uring codebase from 5.15.85, wholesale. Changes from that code base: - Drop IOCB_ALLOC_CACHE, we don't have that in 5.10. - Drop MKDIRAT/SYMLINKAT/LINKAT. Would require further VFS backports, and we don't support these in 5.10 to begin with. - sock_from_file() old style calling convention. - Use compat_get_bitmap() only for CONFIG_COMPAT=y Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |