86f9bee9c0b90b2f7661607bfbb30ca52777e3b3
1043 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
9c2a5eef8f |
Merge tag 'android12-5.10.117_r00' into 'android12-5.10'
This is the merge of the upstream LTS release of 5.10.117 into the android12-5.10 branch. It contains the following commits: |
||
|
Bing Han
|
f7c932399e |
ANDROID: vendor_hook: Add hook in handle_pte_fault()
android_vh_handle_pte_fault_end: after handle_pte_fault, update the information that whether this page need to be reclaimed to a swap location. Bug: 234214858 Signed-off-by: Bing Han <bing.han@transsion.com> Change-Id: I0ceb02422fc858ed96fbb47e220bf96bdc8fa68c |
||
|
Bing Han
|
50148ce249 |
ANDROID: vendor_hook: Add hook in do_swap_page()
android_vh_swapin_add_anon_rmap: after add pte mapping to an anonymous page durning do_swap_page, update the status that whether this page need to be reclaimed to a swap location, according to the information of vm_fault. Bug: 234214858 Signed-off-by: Bing Han <bing.han@transsion.com> Change-Id: I8a2d603102c315323817e6c9366db9b0da878344 |
||
|
Bing Han
|
9d4b553252 |
ANDROID: vendor_hook: Add hook in wp_page_copy()
android_vh_cow_user_page: when copy a page to a new page, set the status that whether the new page should be reclaimed to a specified swap location, according to the information of vm_fault. Bug: 234214858 Signed-off-by: Bing Han <bing.han@transsion.com> Change-Id: Ie445c7b034ca176ec1e8fd1cd67c88581bf9ddf4 |
||
|
Greg Kroah-Hartman
|
0577ff1c69 |
Merge 5.10.116 into android12-5.10-lts
Changes in 5.10.116
MIPS: Use address-of operator on section symbols
regulator: consumer: Add missing stubs to regulator/consumer.h
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
nfp: bpf: silence bitwise vs. logical OR warning
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
Bluetooth: Fix the creation of hdev->name
mm: fix missing cache flush for all tail pages of compound page
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
Linux 5.10.116
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie56f60d172ca37af63c180390007d6b65d0618a5
|
||
|
Muchun Song
|
c6cbf5431a |
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream.
userfaultfd calls copy_huge_page_from_user() which does not do any cache
flushing for the target page. Then the target page will be mapped to
the user space with a different address (user address), which might have
an alias issue with the kernel address used to copy the data from the
user to.
Fix this issue by flushing dcache in copy_huge_page_from_user().
Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
5dadf6321c |
Merge 5.10.111 into android12-5.10-lts
Changes in 5.10.111
ubifs: Rectify space amount budget for mkdir/tmpfile operations
gfs2: Check for active reservation in gfs2_release
gfs2: Fix gfs2_release for non-writers regression
gfs2: gfs2_setattr_size error path fix
rtc: wm8350: Handle error for wm8350_register_irq
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
drm: Add orientation quirk for GPD Win Max
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
drm/amd/display: Add signal type check when verify stream backends same
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
usb: gadget: tegra-xudc: Do not program SPARAM
usb: gadget: tegra-xudc: Fix control endpoint's definitions
ptp: replace snprintf with sysfs_emit
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ath11k: fix kernel panic during unload/load ath11k modules
ath11k: mhi: use mhi_sync_power_up()
bpf: Make dst_port field in struct bpf_sock 16-bit wide
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
power: supply: axp20x_battery: properly report current when discharging
mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
cfg80211: don't add non transmitted BSS to 6GHz scanned channels
libbpf: Fix build issue with llvm-readelf
ipv6: make mc_forwarding atomic
powerpc: Set crashkernel offset to mid of RMA region
drm/amdgpu: Fix recursive locking warning
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
usb: ehci: add pci device support for Aspeed platforms
PCI: endpoint: Fix alignment fault error in copy tests
tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
power: supply: axp288-charger: Set Vhold to 4.4V
iwlwifi: mvm: Correctly set fragmented EBS
ipv4: Invalidate neighbour for broadcast address upon address addition
dm ioctl: prevent potential spectre v1 gadget
dm: requeue IO if mapping table not yet available
drm/amdkfd: make CRAT table missing message informational only
scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: pm8001: Fix task leak in pm8001_send_abort_all()
scsi: pm8001: Fix tag leaks on error
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
mt76: mt7615: Fix assigning negative values to unsigned variable
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: hisi_sas: Free irq vectors in order for v3 HW
net/smc: correct settings of RMB window update limit
mips: ralink: fix a refcount leak in ill_acc_of_setup()
macvtap: advertise link netns via netlink
tuntap: add sanity checks about msg_controllen in sendmsg
Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
Bluetooth: use memset avoid memory leaks
bnxt_en: Eliminate unintended link toggle during FW reset
PCI: endpoint: Fix misused goto label
MIPS: fix fortify panic when copying asm exception handlers
powerpc/secvar: fix refcount leak in format_show()
scsi: libfc: Fix use after free in fc_exch_abts_resp()
can: isotp: set default value for N_As to 50 micro seconds
net: account alternate interface name memory
net: limit altnames to 64k total
net: sfp: add 2500base-X quirk for Lantech SFP module
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
xtensa: fix DTC warning unit_address_format
MIPS: ingenic: correct unit node address
Bluetooth: Fix use after free in hci_send_acl
netlabel: fix out-of-bounds memory accesses
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
init/main.c: return 1 from handled __setup() functions
minix: fix bug when opening a file with O_DIRECT
clk: si5341: fix reported clk_rate when output divider is 2
staging: vchiq_core: handle NULL result of find_service_by_handle
phy: amlogic: meson8b-usb2: Use dev_err_probe()
staging: wfx: fix an error handling in wfx_init_common()
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
NFSv4: Protect the state recovery thread against direct reclaim
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
clk: ti: Preserve node in ti_dt_clocks_register()
clk: Enforce that disjoints limits are invalid
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
SUNRPC/xprt: async tasks mustn't block waiting for memory
SUNRPC: remove scheduling boost for "SWAPPER" tasks.
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
SUNRPC: Fix socket waits for write buffer space
NFS: nfsiod should not block forever in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempool_alloc()
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
parisc: Fix patch code locking and flushing
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
Revert "hv: utils: add PTP_1588_CLOCK to Kconfig to fix build"
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
Drivers: hv: vmbus: Fix potential crash on module unload
Revert "NFSv4: Handle the special Linux file open access mode"
NFSv4: fix open failure with O_ACCMODE flag
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
net/tls: fix slab-out-of-bounds bug in decrypt_internal
ice: Clear default forwarding VSI during VSI release
net: ipv4: fix route with nexthop object delete warning
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: imx-ldb: Check for null pointer after calling kmemdup
drm/imx: Fix memory leak in imx_pd_connector_get_modes
bnxt_en: reserve space inside receive page for skb_shared_info
sfc: Do not free an empty page_ring
RDMA/mlx5: Don't remove cache MRs when a delay is needed
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
ice: Set txq_teid to ICE_INVAL_TEID on ring creation
ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
ipv6: Fix stats accounting in ip6_pkt_drop
ice: synchronize_rcu() when terminating rings
net: openvswitch: don't send internal clone attribute to the userspace.
net: openvswitch: fix leak of nested actions
rxrpc: fix a race in rxrpc_exit_net()
net: phy: mscc-miim: reject clause 45 register accesses
qede: confirm skb is allocated before using
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
drbd: Fix five use after free bugs in get_initial_state
io_uring: don't touch scm_fp_list after queueing skb
SUNRPC: Handle ENOMEM in call_transmit_status()
SUNRPC: Handle low memory situations in call_status()
SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
iommu/omap: Fix regression in probe for NULL pointer dereference
perf: arm-spe: Fix perf report --mem-mode
perf tools: Fix perf's libperf_print callback
perf session: Remap buf if there is no space for event
arm64: Add part number for Arm Cortex-A78AE
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmc: mmci: stm32: correctly check all elements of sg list
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
lz4: fix LZ4_decompress_safe_partial read out of bound
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
io_uring: fix race between timeout flush and removal
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
btrfs: fix qgroup reserve overflow the qgroup limit
btrfs: prevent subvol with swapfile from being deleted
arm64: patch_text: Fixup last cpu should be master
RDMA/hfi1: Fix use-after-free bug for mm struct
gpio: Restrict usage of GPIO chip irq members before initialization
ata: sata_dwc_460ex: Fix crash due to OOB write
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
drm/amdgpu/smu10: fix SoC/fclk units in auto mode
drm/nouveau/pmu: Add missing callbacks for Tegra devices
drm/amdkfd: Create file descriptor after client is added to smi_clients list
perf build: Don't use -ffat-lto-objects in the python feature test when building with clang-13
perf python: Fix probing for some clang command line options
tools build: Filter out options and warnings not supported by clang
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
ubsan: remove CONFIG_UBSAN_OBJECT_SIZE
mm: don't skip swap entry even if zap_details specified
cgroup: Use open-time credentials for process migraton perm checks
selftests/cgroup: Fix build on older distros
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
selftests: cgroup: Test open-time credential usage for migration checks
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
arm64: module: remove (NOLOAD) from linker script
Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
irqchip/gic, gic-v3: Prevent GSI to SGI translations
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
Linux 5.10.111
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9b4c1d30ae226b865494df03d871db2a2b9281c7
|
||
|
Greg Kroah-Hartman
|
95f4203fc9 |
Merge 5.10.110 into android12-5.10-lts
Changes in 5.10.110
swiotlb: fix info leak with DMA_FROM_DEVICE
USB: serial: pl2303: add IBM device IDs
USB: serial: simple: add Nokia phone driver
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
netdevice: add the case if dev is NULL
HID: logitech-dj: add new lightspeed receiver id
xfrm: fix tunnel model fragmentation behavior
ARM: mstar: Select HAVE_ARM_ARCH_TIMER
virtio_console: break out of buf poll on remove
vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
tools/virtio: fix virtio_test execution
ethernet: sun: Free the coherent when failing in probing
gpio: Revert regression in sysfs-gpio (gpiolib.c)
spi: Fix invalid sgs value
net:mcf8390: Use platform_get_irq() to get the interrupt
Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
spi: Fix erroneous sgs value with min_t()
Input: zinitix - do not report shadow fingers
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
net: dsa: microchip: add spi_device_id tables
locking/lockdep: Avoid potential access of invalid memory in lock_class
iommu/iova: Improve 32-bit free space estimate
tpm: fix reference counting for struct tpm_chip
virtio-blk: Use blk_validate_block_size() to validate block size
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
xhci: fix garbage USBSTS being logged in some cases
xhci: fix runtime PM imbalance in USB2 resume
xhci: make xhci_handshake timeout for xhci_reset() adjustable
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
mei: me: add Alder Lake N device id.
mei: avoid iterator usage outside of list_for_each_entry
coresight: Fix TRCCONFIGR.QE sysfs interface
iio: afe: rescale: use s64 for temporary scale calculations
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
greybus: svc: fix an error handling bug in gb_svc_hello()
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
KEYS: fix length validation in keyctl_pkey_params_get_2()
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
firmware: stratix10-svc: add missing callback parameter on RSU
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFSD: prevent underflow in nfssvc_decode_writeargs()
NFSD: prevent integer overflow on 32 bit systems
f2fs: fix to unlock page correctly in error path of is_alive()
f2fs: quota: fix loop condition at f2fs_quota_sync()
f2fs: fix to do sanity check on .cp_pack_total_block_count
remoteproc: Fix count check in rproc_coredump_write()
pinctrl: samsung: drop pin banks references on error paths
spi: mxic: Fix the transmit path
mtd: rawnand: protect access to rawnand devices while in suspend
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mm: invalidate hwpoison page cache page in fault path
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
riscv: Fix fill_callchain return value
riscv: Increase stack size under KASAN
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
cifs: prevent bad output lengths in smb2_ioctl_query_info()
cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
ALSA: cs4236: fix an incorrect NULL check on list iterator
ALSA: hda: Avoid unsol event during RPM suspending
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
mm: madvise: skip unmapped vma holes passed to process_madvise
mm: madvise: return correct bytes advised with process_madvise
Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
mm,hwpoison: unmap poisoned page before invalidation
mm/kmemleak: reset tag when compare object pointer
dm integrity: set journal entry unused when shrinking device
drbd: fix potential silent data corruption
can: isotp: sanitize CAN ID checks in isotp_bind()
powerpc/kvm: Fix kvm_use_magic_page
udp: call udp_encap_enable for v6 sockets when enabling encap
arm64: signal: nofpsimd: Do not allocate fp/simd context when not available
arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
ACPI: properties: Consistently return -ENOENT if there are no more references
coredump: Also dump first pages of non-executable ELF libraries
ext4: fix ext4_fc_stats trace point
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
mailbox: tegra-hsp: Flush whole channel
block: limit request dispatch loop duration
block: don't merge across cgroup boundaries if blkcg is enabled
drm/edid: check basic audio support on CEA extension block
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
mgag200 fix memmapsl configuration in GCTL6 register
carl9170: fix missing bit-wise or operator for tx_params
pstore: Don't use semaphores in always-atomic-context code
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
exec: Force single empty string when argv is empty
crypto: rsa-pkcs1pad - only allow with rsa
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
crypto: rsa-pkcs1pad - restore signature length check
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
bcache: fixup multiple threads crash
DEC: Limit PMAX memory probing to R3k systems
media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
media: davinci: vpif: fix unbalanced runtime PM get
media: davinci: vpif: fix unbalanced runtime PM enable
xtensa: fix stop_machine_cpuslocked call in patch_text
xtensa: fix xtensa_wsr always writing 0
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: pcie: Fix crashes due to early IRQs
drm/i915/opregion: check port number bounds for SWSCI display power state
drm/i915/gem: add missing boundary check in vm_access
PCI: pciehp: Clear cmd_busy bit in polling mode
PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
regulator: qcom_smd: fix for_each_child.cocci warnings
selinux: check return value of sel_make_avc_files
hwrng: cavium - Check health status while reading random data
hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
crypto: sun8i-ss - really disable hash on A80
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
thermal: int340x: Check for NULL after calling kmemdup()
spi: tegra114: Add missing IRQ check in tegra_spi_probe
arm64/mm: avoid fixmap race condition when create pud mapping
selftests/x86: Add validity check and allow field splitting
crypto: rockchip - ECB does not need IV
audit: log AUDIT_TIME_* records only from rules
EVM: fix the evm= __setup handler return value
crypto: ccree - don't attempt 0 len DMA mappings
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
nvme: cleanup __nvme_check_ids
block: don't delete queue kobject before its children
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
hwrng: atmel - disable trng on failure path
crypto: sun8i-ss - call finalize with bh disabled
crypto: sun8i-ce - call finalize with bh disabled
crypto: amlogic - call finalize with bh disabled
crypto: vmx - add missing dependencies
clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix
clocksource/drivers/exynos_mct: Refactor resources allocation
clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts
clocksource/drivers/timer-microchip-pit64b: Use notrace
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: ccree - Fix use after free in cc_cipher_exit()
vfio: platform: simplify device removal
amba: Make the remove callback return void
hwrng: nomadik - Change clk_disable to clk_disable_unprepare
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
io_uring: terminate manual loop iterator loop correctly for non-vecs
watch_queue: Fix NULL dereference in error cleanup
watch_queue: Actually free the watch
f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
sched/core: Export pelt_thermal_tp
rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
rseq: Remove broken uapi field layout on 32-bit little endian
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
f2fs: fix missing free nid in f2fs_handle_failed_inode
nfsd: more robust allocation failure handling in nfsd_file_cache_init
f2fs: fix to avoid potential deadlock
btrfs: fix unexpected error path when reflinking an inline extent
f2fs: compress: remove unneeded read when rewrite whole cluster
f2fs: fix compressed file start atomic write may cause data corruption
selftests, x86: fix how check_cc.sh is being invoked
kunit: make kunit_test_timeout compatible with comment
media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
media: mtk-vcodec: potential dereference of null pointer
media: bttv: fix WARNING regression on tunerless devices
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
ASoC: generic: simple-card-utils: remove useless assignment
media: coda: Fix missing put_device() call in coda_get_vdoa_data
media: meson: vdec: potential dereference of null pointer
media: hantro: Fix overfill bottom register field name
media: aspeed: Correct value for h-total-pixels
video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen
video: fbdev: controlfb: Fix set but not used warnings
video: fbdev: controlfb: Fix COMPILE_TEST build
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
firmware: qcom: scm: Remove reassignment to desc following initializer
ARM: dts: qcom: ipq4019: fix sleep clock
soc: qcom: rpmpd: Check for null return of devm_kcalloc
soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
arm64: dts: qcom: sdm845: fix microphone bias properties and values
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: sun8i: v3s: Move the csi1 block to follow address order
ARM: dts: imx: Add missing LVDS decoder on M53Menlo
media: video/hdmi: handle short reads of hdmi info frame.
media: em28xx: initialize refcount before kref_get
media: usb: go7007: s2250-board: fix leak in probe()
media: cedrus: H265: Fix neighbour info buffer size
media: cedrus: h264: Fix neighbour info buffer size
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
uaccess: fix nios2 and microblaze get_user_8()
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: dwc-i2s: Handle errors for clk_enable
ASoC: soc-compress: prevent the potentially use of null pointer
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
media: vidtv: Check for null return of vzalloc
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
media: saa7134: convert list_for_each to entry variant
media: saa7134: fix incorrect use to determine if list is empty
ivtv: fix incorrect device_caps for ivtvfb
ASoC: rockchip: i2s: Use devm_platform_get_and_ioremap_resource()
ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe
ASoC: SOF: Add missing of_node_put() in imx8m_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: fsl_spdif: Disable TX clock when stop
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mmc: davinci_mmc: Handle error for clk_enable
ASoC: atmel: sam9x5_wm8731: use devm_snd_soc_register_card()
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS
drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
drm: bridge: adv7511: Fix ADV7535 HPD enablement
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
drm/panfrost: Check for error num after setting mask
libbpf: Fix possible NULL pointer dereference when destroying skeleton
udmabuf: validate ubuf->pagecount
Bluetooth: hci_serdev: call init_rwsem() before p->open()
mtd: onenand: Check for error irq
mtd: rawnand: gpmi: fix controller timings setting
drm/edid: Don't clear formats if using deep color
ionic: fix type complaint in ionic_dev_cmd_clean()
drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
ath9k_htc: fix uninit value bugs
RDMA/core: Set MR type in ib_reg_user_mr
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
i40e: respect metadata on XSK Rx to skb
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch
KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
powerpc/perf: Don't use perf_hw_context for trace IMC PMU
mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
net: dsa: mv88e6xxx: Enable port policy support on 6097
scripts/dtc: Call pkg-config POSIXly correct
livepatch: Fix build failure on 32 bits processors
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
drm/bridge: dw-hdmi: use safe format when first in bridge chain
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iommu/ipmmu-vmsa: Check for error num after setting mask
drm/amd/pm: enable pm sysfs write for one VF mode
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
IB/cma: Allow XRC INI QPs to set their local ACK timeout
dax: make sure inodes are flushed before destroy cache
iwlwifi: Fix -EIO error code that is never returned
iwlwifi: mvm: Fix an error code in iwl_mvm_up()
drm/msm/dp: populate connector of struct dp_panel
drm/msm/dpu: add DSPP blocks teardown
drm/msm/dpu: fix dp audio condition
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config()
scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
scsi: pm8001: Fix NCQ NON DATA command task initialization
scsi: pm8001: Fix NCQ NON DATA command completion handling
scsi: pm8001: Fix abort all task initialization
RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
drm/amd/display: Remove vupdate_int_entry definition
TOMOYO: fix __setup handlers return values
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
scsi: hisi_sas: Change permission of parameter prot_mask
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
bpf, arm64: Call build_prologue() first in first JIT pass
bpf, arm64: Feed byte-offset into bpf line info
gpu: host1x: Fix a memory leak in 'host1x_remove()'
libbpf: Skip forward declaration when counting duplicated type names
powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
hv_balloon: rate-limit "Unhandled message" warning
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
IB/hfi1: Allow larger MTU without AIP
PCI: Reduce warnings on possible RW1C corruption
net: axienet: fix RX ring refill allocation failure handling
mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
powerpc/sysdev: fix incorrect use to determine if list is empty
mfd: mc13xxx: Add check for mc13xxx_irq_request
libbpf: Unmap rings when umem deleted
selftests/bpf: Make test_lwt_ip_encap more stable and faster
platform/x86: huawei-wmi: check the return value of device_create_file()
powerpc: 8xx: fix a return value error in mpc8xx_pic_init
vxcan: enable local echo for sent CAN frames
ath10k: Fix error handling in ath10k_setup_msa_resources
mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
MIPS: RB532: fix return value of __setup handler
MIPS: pgalloc: fix memory leak caused by pgd_free()
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix more uncharged while msg has more_data
bpf, sockmap: Fix double uncharge the mem of sk_msg
samples/bpf, xdpsock: Fix race when running for fix duration of time
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
can: isotp: support MSG_TRUNC flag when reading from socket
bareudp: use ipv6_mod_enabled to check if IPv6 enabled
selftests/bpf: Fix error reporting from sock_fields programs
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
af_netlink: Fix shift out of bounds in group mask calculation
i2c: meson: Fix wrong speed use from probe
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
PCI: Avoid broken MSI on SB600 USB devices
net: bcmgenet: Use stronger register read/writes to assure ordering
tcp: ensure PMTU updates are processed during fastopen
openvswitch: always update flow key after nat
tipc: fix the timer expires after interval 100ms
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
mxser: fix xmit_buf leak in activate when LSR == 0xff
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
fsi: aspeed: convert to devm_platform_ioremap_resource
fsi: Aspeed: Fix a potential double free
misc: alcor_pci: Fix an error handling path
cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
soundwire: intel: fix wrong register name in intel_shim_wake
clk: qcom: ipq8074: fix PCI-E clock oops
iio: mma8452: Fix probe failing when an i2c_device_id is used
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
pinctrl: renesas: checker: Fix miscalculation of number of states
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250_lpss: Balance reference count for PCI DMA device
NFS: Use of mapping_set_error() results in spurious errors
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
habanalabs: Add check for pci_enable_device
NFS: Return valid errors from nfs2/3_decode_dirent()
dma-debug: fix return value of __setup handlers
clk: imx7d: Remove audio_mclk_root_clk
clk: at91: sama7g5: fix parents of PDMCs' GCLK
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
clk: qcom: clk-rcg2: Update the frac table for pixel clock
dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
nvdimm/region: Fix default alignment for small regions
clk: actions: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
NFS: remove unneeded check in decode_devicenotify_args()
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
staging: mt7621-dts: fix formatting
staging: mt7621-dts: fix pinctrl properties for ethernet
staging: mt7621-dts: fix GB-PC2 devicetree
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
pinctrl: mediatek: paris: Fix pingroup pin config state readback
pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
serial: 8250: fix XOFF/XON sending when DMA is used
kgdbts: fix return value of __setup handler
firmware: google: Properly state IOMEM dependency
driver core: dd: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
kdb: Fix the putarea helper function
clk: qcom: gcc-msm8994: Fix gpll4 width
clk: Initialize orphan req_rate
xen: fix is_xen_pmu()
net: enetc: report software timestamping via SO_TIMESTAMPING
net: hns3: fix bug when PF set the duplicate MAC address for VFs
net: phy: broadcom: Fix brcm_fet_config_init()
selftests: test_vxlan_under_vrf: Fix broken test case
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
fs: fd tables have to be multiples of BITS_PER_LONG
lib/test: use after free in register_test_dev_kmod()
fs: fix fd table size alignment properly
LSM: general protection fault in legacy_parse_param
regulator: rpi-panel: Handle I2C errors/timing to the Atmel
gcc-plugins/stackleak: Exactly match strings instead of prefixes
pinctrl: npcm: Fix broken references to chip->parent_device
block, bfq: don't move oom_bfqq
selinux: use correct type for context length
selinux: allow FIOCLEX and FIONCLEX with policy capability
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/qcom-pdc: Fix broken locking
irqchip/nvic: Release nvic_base upon failure
fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
bfq: fix use-after-free in bfq_dispatch_request
ACPICA: Avoid walking the ACPI Namespace if it is not there
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
Revert "Revert "block, bfq: honor already-setup queue merges""
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
parisc: Fix handling off probe non-access faults
nvme-tcp: lockdep: annotate in-kernel sockets
spi: tegra20: Use of_device_get_match_data()
locking/lockdep: Iterate lock_classes directly when reading lockdep files
ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
ext4: don't BUG if someone dirty pages without asking ext4 first
f2fs: fix to do sanity check on curseg->alloc_type
NFSD: Fix nfsd_breaker_owns_lease() return values
f2fs: compress: fix to print raw data size in error path of lz4 decompression
ntfs: add sanity check on allocation size
media: staging: media: zoran: move videodev alloc
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
media: staging: media: zoran: fix various V4L2 compliance errors
media: ir_toy: free before error exiting
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ASoC: madera: Add dependencies on MFD
media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards
media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
ARM: ftrace: avoid redundant loads or clobbering IP
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
arm64: defconfig: build imx-sdma as a module
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
ARM: dts: bcm2711: Add the missing L1/L2 cache information
ASoC: soc-core: skip zero num_dai component in searching dai name
media: cx88-mpeg: clear interrupt status register before streaming video
uaccess: fix type mismatch warnings from access_ok()
lib/test_lockup: fix kernel pointer check for separate address spaces
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: Revert "media: em28xx: add missing em28xx_close_extension"
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: atomisp: fix bad usage at error handling logic
ALSA: hda/realtek: Add alc256-samsung-headphone fixup
KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU
powerpc/kasan: Fix early region not updated correctly
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
powerpc: Fix build errors with newer binutils
scsi: qla2xxx: Fix stuck session in gpdb
scsi: qla2xxx: Fix scheduling while atomic
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Fix device reconnect in loop topology
scsi: qla2xxx: Add devids and conditionals for 28xx
scsi: qla2xxx: Check for firmware dump already collected
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
scsi: qla2xxx: Fix disk failure to rediscover
scsi: qla2xxx: Fix incorrect reporting of task management failure
scsi: qla2xxx: Fix hang due to session stuck
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
scsi: qla2xxx: Fix N2N inconsistent PLOGI
scsi: qla2xxx: Reduce false trigger to login
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
platform: chrome: Split trace include file
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
KVM: Prevent module exit until all VMs are freed
KVM: x86: fix sending PV IPI
KVM: SVM: fix panic on out-of-bounds guest IRQ
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: Fix to add refcount once page is set private
ubifs: rename_whiteout: correct old_dir size computing
wireguard: queueing: use CFI-safe ptr_ring cleanup function
wireguard: socket: free skb in send6 when ipv6 is disabled
wireguard: socket: ignore v6 endpoints when ipv6 is disabled
XArray: Fix xas_create_range() when multi-order entry present
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value
XArray: Update the LRU list in xas_split()
rtc: check if __rtc_read_time was successful
gfs2: Make sure FITRIM minlen is rounded up to fs block size
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
rxrpc: Fix call timer start racing with call destruction
mailbox: imx: fix wakeup failure from freeze mode
crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
watch_queue: Free the page array when watch_queue is dismantled
pinctrl: pinconf-generic: Print arguments for bias-pull-*
watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ARM: iop32x: offset IRQ numbers by 1
io_uring: fix memory leak of uid in files registration
riscv module: remove (NOLOAD)
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
platform/chrome: cros_ec_typec: Check for EC device
can: isotp: restore accidentally removed MSG_PEEK feature
proc: bootconfig: Add null pointer check
staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet
ASoC: soc-compress: Change the check for codec_dai
batman-adv: Check ptr for NULL before reducing its refcnt
mm/mmap: return 1 from stack_guard_gap __setup() handler
ARM: 9187/1: JIVE: fix return value of __setup handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/usercopy: return 1 from hardened_usercopy __setup() handler
bpf: Adjust BPF stack helper functions to accommodate skip > 0
bpf: Fix comment for helper bpf_current_task_under_cgroup()
dt-bindings: mtd: nand-controller: Fix the reg property description
dt-bindings: mtd: nand-controller: Fix a comment in the examples
dt-bindings: spi: mxic: The interrupt property is not mandatory
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: topology: Allow TLV control to be either read or write
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
um: Fix uml_mconsole stop/go
docs: sysctl/kernel: add missing bit to panic_print
openvswitch: Fixed nd target mask field in the flow dump.
KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
can: m_can: m_can_tx_handler(): fix use after free of skb
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
coredump: Snapshot the vmas in do_coredump
coredump: Remove the WARN_ON in dump_vma_snapshot
coredump/elf: Pass coredump_params into fill_note_info
coredump: Use the vma snapshot in fill_files_note
arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones
PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
Linux 5.10.110
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I12fbe227793dd40c0582588e1700cf88cafd0ac6
|
||
|
Peter Xu
|
f089471d1b |
mm: don't skip swap entry even if zap_details specified
commit 5abfd71d936a8aefd9f9ccd299dea7a164a5d455 upstream.
Patch series "mm: Rework zap ptes on swap entries", v5.
Patch 1 should fix a long standing bug for zap_pte_range() on
zap_details usage. The risk is we could have some swap entries skipped
while we should have zapped them.
Migration entries are not the major concern because file backed memory
always zap in the pattern that "first time without page lock, then
re-zap with page lock" hence the 2nd zap will always make sure all
migration entries are already recovered.
However there can be issues with real swap entries got skipped
errornoously. There's a reproducer provided in commit message of patch
1 for that.
Patch 2-4 are cleanups that are based on patch 1. After the whole
patchset applied, we should have a very clean view of zap_pte_range().
Only patch 1 needs to be backported to stable if necessary.
This patch (of 4):
The "details" pointer shouldn't be the token to decide whether we should
skip swap entries.
For example, when the callers specified details->zap_mapping==NULL, it
means the user wants to zap all the pages (including COWed pages), then
we need to look into swap entries because there can be private COWed
pages that was swapped out.
Skipping some swap entries when details is non-NULL may lead to wrongly
leaving some of the swap entries while we should have zapped them.
A reproducer of the problem:
===8<===
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
int page_size;
int shmem_fd;
char *buffer;
void main(void)
{
int ret;
char val;
page_size = getpagesize();
shmem_fd = memfd_create("test", 0);
assert(shmem_fd >= 0);
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
buffer = mmap(NULL, page_size * 2, PROT_READ | PROT_WRITE,
MAP_PRIVATE, shmem_fd, 0);
assert(buffer != MAP_FAILED);
/* Write private page, swap it out */
buffer[page_size] = 1;
madvise(buffer, page_size * 2, MADV_PAGEOUT);
/* This should drop private buffer[page_size] already */
ret = ftruncate(shmem_fd, page_size);
assert(ret == 0);
/* Recover the size */
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
/* Re-read the data, it should be all zero */
val = buffer[page_size];
if (val == 0)
printf("Good\n");
else
printf("BUG\n");
}
===8<===
We don't need to touch up the pmd path, because pmd never had a issue with
swap entries. For example, shmem pmd migration will always be split into
pte level, and same to swapping on anonymous.
Add another helper should_zap_cows() so that we can also check whether we
should zap private mappings when there's no page pointer specified.
This patch drops that trick, so we handle swap ptes coherently. Meanwhile
we should do the same check upon migration entry, hwpoison entry and
genuine swap entries too.
To be explicit, we should still remember to keep the private entries if
even_cows==false, and always zap them when even_cows==true.
The issue seems to exist starting from the initial commit of git.
[peterx@redhat.com: comment tweaks]
Link: https://lkml.kernel.org/r/20220217060746.71256-2-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220217060746.71256-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-2-peterx@redhat.com
Fixes:
|
||
|
Rik van Riel
|
bc2f58b8e4 |
mm,hwpoison: unmap poisoned page before invalidation
commit 3149c79f3cb0e2e3bafb7cfadacec090cbd250d3 upstream. In some cases it appears the invalidation of a hwpoisoned page fails because the page is still mapped in another process. This can cause a program to be continuously restarted and die when it page faults on the page that was not invalidated. Avoid that problem by unmapping the hwpoisoned page when we find it. Another issue is that sometimes we end up oopsing in finish_fault, if the code tries to do something with the now-NULL vmf->page. I did not hit this error when submitting the previous patch because there are several opportunities for alloc_set_pte to bail out before accessing vmf->page, and that apparently happened on those systems, and most of the time on other systems, too. However, across several million systems that error does occur a handful of times a day. It can be avoided by returning VM_FAULT_NOPAGE which will cause do_read_fault to return before calling finish_fault. Link: https://lkml.kernel.org/r/20220325161428.5068d97e@imladris.surriel.com Fixes: e53ac7374e64 ("mm: invalidate hwpoison page cache page in fault path") Signed-off-by: Rik van Riel <riel@surriel.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Tested-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Cc: Mel Gorman <mgorman@suse.de> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Rik van Riel
|
fa37c17143 |
mm: invalidate hwpoison page cache page in fault path
commit e53ac7374e64dede04d745ff0e70ff5048378d1f upstream. Sometimes the page offlining code can leave behind a hwpoisoned clean page cache page. This can lead to programs being killed over and over and over again as they fault in the hwpoisoned page, get killed, and then get re-spawned by whatever wanted to run them. This is particularly embarrassing when the page was offlined due to having too many corrected memory errors. Now we are killing tasks due to them trying to access memory that probably isn't even corrupted. This problem can be avoided by invalidating the page from the page fault handler, which already has a branch for dealing with these kinds of pages. With this patch we simply pretend the page fault was successful if the page was invalidated, return to userspace, incur another page fault, read in the file from disk (to a new memory page), and then everything works again. Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com Signed-off-by: Rik van Riel <riel@surriel.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Matthew Wilcox <willy@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Vijayanand Jitta
|
a817d6ed87 |
ANDROID: mm: Fix page table lookup in speculative fault path
In speculative fault path, while doing page table lookup, offset is obtained at each level and value at that offset is read and checks are perfomed on it, later to get next level offset we read from previous level offset again. A concurrent page table reclaimation operation could result in change in value at this offset, and we go ahead and access it, this would result in reading an invalid entry. Fix this by reading from previous level offset again and comparing before performing next level access. Bug: 221005439 Change-Id: I66b3d24ae79c7ee5ccce4ba7a94f028f4cf3fda0 Signed-off-by: Vijayanand Jitta <quic_vjitta@quicinc.com> |
||
|
Suren Baghdasaryan
|
6971350406 |
ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPF
When pagefaults are handled speculatively,the pair of
mmu_notifier_invalidate_range_start/mmu_notifier_invalidate_range_end
calls happen without mmap_lock being taken. This enables the following
race:
mmu_notifier_invalidate_range_start
mmap_write_lock
mmu_notifier_register
mmap_write_unlock
mmu_notifier_invalidate_range_end
In this case mmu_notifier_invalidate_range_end will see a new
subscriber not seen at the time of mmu_notifier_invalidate_range_start
and will call ops->invalidate_range_end for that subscriber without
the matching ops->invalidate_range_start, creating imbalance.
Fix this by introducing a new mm->mmu_notifier_lock percpu_rw_semaphore
to synchronize mmu_notifier_invalidate_range_start/
mmu_notifier_invalidate_range_end with mmu_notifier_register when
handling pagefaults speculatively without holding mmap_lock.
percpu_rw_semaphore is used instead of rw_semaphore to prevent cache
line bouncing in the pagefault path.
Fixes:
|
||
|
Suren Baghdasaryan
|
6ad609468d |
ANDROID: Fix mmu_notifier imbalance
SPF patchset introduced an mmu_notifier imbalance by adding a new exit
path that skips mmu_notifier_invalidate_range_only_end after calling
mmu_notifier_invalidate_range_start. This triggers a BUG in KVM driver
checking for mmu_notifier_count to remain balanced
Fixes:
|
||
|
Greg Kroah-Hartman
|
af06413d4c |
Merge branch 'android12-5.10' into android12-5.10-lts
Sync up with android12-5.10 for the following commits: |
||
|
Qi Zheng
|
3649d38887 |
UPSTREAM: mm: fix the deadlock in finish_fault()
Commit
|
||
|
Greg Kroah-Hartman
|
afe9ed0e13 |
Merge 5.10.53 into android12-5.10-lts
Changes in 5.10.53 ARM: dts: gemini: rename mdio to the right name ARM: dts: gemini: add device_type on pci ARM: dts: rockchip: Fix thermal sensor cells o rk322x ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi ARM: dts: rockchip: Fix the timer clocks order ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x ARM: dts: rockchip: Fix power-controller node names for rk3066a ARM: dts: rockchip: Fix power-controller node names for rk3188 ARM: dts: rockchip: Fix power-controller node names for rk3288 arm64: dts: rockchip: Fix power-controller node names for px30 arm64: dts: rockchip: Fix power-controller node names for rk3328 arm64: dts: rockchip: Fix power-controller node names for rk3399 reset: ti-syscon: fix to_ti_syscon_reset_data macro ARM: brcmstb: dts: fix NAND nodes names ARM: Cygnus: dts: fix NAND nodes names ARM: NSP: dts: fix NAND nodes names ARM: dts: BCM63xx: Fix NAND nodes names ARM: dts: Hurricane 2: Fix NAND nodes names ARM: dts: imx6: phyFLEX: Fix UART hardware flow control ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info arm64: dts: rockchip: fix regulator-gpio states array ARM: dts: ux500: Fix interrupt cells ARM: dts: ux500: Rename gpio-controller node ARM: dts: ux500: Fix orientation of accelerometer ARM: dts: imx6dl-riotboard: configure PHY clock and set proper EEE value rtc: mxc_v2: add missing MODULE_DEVICE_TABLE kbuild: sink stdout from cmd for silent build ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios ARM: dts: am335x: fix ti,no-reset-on-init flag for gpios ARM: dts: OMAP2+: Replace underscores in sub-mailbox node names arm64: dts: ti: k3-am654x/j721e/j7200-common-proc-board: Fix MCU_RGMII1_TXC direction ARM: tegra: wm8903: Fix polarity of headphones-detection GPIO in device-trees ARM: tegra: nexus7: Correct 3v3 regulator GPIO of PM269 variant arm64: dts: qcom: sc7180: Move rmtfs memory region ARM: dts: stm32: Remove extra size-cells on dhcom-pdk2 ARM: dts: stm32: Fix touchscreen node on dhcom-pdk2 ARM: dts: stm32: fix stm32mp157c-odyssey card detect pin ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards ARM: dts: stm32: fix RCC node name on stm32f429 MCU ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings memory: tegra: Fix compilation warnings on 64bit platforms firmware: arm_scmi: Add SMCCC discovery dependency in Kconfig firmware: arm_scmi: Fix the build when CONFIG_MAILBOX is not selected ARM: dts: bcm283x: Fix up MMC node names ARM: dts: bcm283x: Fix up GPIO LED node names arm64: dts: juno: Update SCPI nodes as per the YAML schema ARM: dts: rockchip: fix supply properties in io-domains nodes ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15 ARM: dts: stm32: fix the Odyssey SoM eMMC VQMMC supply ARM: dts: stm32: Drop unused linux,wakeup from touchscreen node on DHCOM SoM ARM: dts: stm32: Rename spi-flash/mx66l51235l@N to flash@N on DHCOM SoM ARM: dts: stm32: fix stpmic node for stm32mp1 boards ARM: OMAP2+: Block suspend for am3 and am4 if PM is not configured soc/tegra: fuse: Fix Tegra234-only builds firmware: tegra: bpmp: Fix Tegra234-only builds arm64: dts: ls208xa: remove bus-num from dspi node arm64: dts: imx8mq: assign PCIe clocks thermal/core: Correct function name thermal_zone_device_unregister() thermal/drivers/rcar_gen3_thermal: Do not shadow rcar_gen3_ths_tj_1 thermal/drivers/imx_sc: Add missing of_node_put for loop iteration thermal/drivers/sprd: Add missing of_node_put for loop iteration kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set arch/arm64/boot/dts/marvell: fix NAND partitioning scheme rtc: max77686: Do not enforce (incorrect) interrupt trigger type scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 scsi: libsas: Add LUN number check in .slave_alloc callback scsi: libfc: Fix array index out of bound exception scsi: qedf: Add check to synchronize abort and flush sched/fair: Fix CFS bandwidth hrtimer expiry type perf/x86/intel/uncore: Clean up error handling path of iio mapping thermal/core/thermal_of: Stop zone device before unregistering it s390/traps: do not test MONITOR CALL without CONFIG_BUG s390: introduce proper type handling call_on_stack() macro cifs: prevent NULL deref in cifs_compose_mount_options() firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file Revert "swap: fix do_swap_page() race with swapoff" f2fs: Show casefolding support only when supported mm/thp: simplify copying of huge zero page pmd when fork mm/userfaultfd: fix uffd-wp special cases for fork() mm/page_alloc: fix memory map initialization for descending nodes usb: cdns3: Enable TDL_CHK only for OUT ep net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz net: dsa: mv88e6xxx: enable devlink ATU hash param for Topaz net: ipv6: fix return value of ip6_skb_dst_mtu netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo net/sched: act_ct: fix err check for nf_conntrack_confirm vmxnet3: fix cksum offload issues for tunnels with non-default udp ports net/sched: act_ct: remove and free nf_table callbacks net: bridge: sync fdb to new unicast-filtering ports net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops net: bcmgenet: Ensure all TX/RX queues DMAs are disabled net: ip_tunnel: fix mtu calculation for ETHER tunnel devices net: moxa: fix UAF in moxart_mac_probe net: qcom/emac: fix UAF in emac_remove net: ti: fix UAF in tlan_remove_one net: send SYNACK packet with accepted fwmark net: validate lwtstate->data before returning from skb_tunnel_info() Revert "mm/shmem: fix shmem_swapin() race with swapoff" net: dsa: properly check for the bridge_leave methods in dsa_switch_bridge_leave() net: fddi: fix UAF in fza_probe dma-buf/sync_file: Don't leak fences on merge failure kbuild: do not suppress Kconfig prompts for silent build ARM: dts: aspeed: Fix AST2600 machines line names ARM: dts: tacoma: Add phase corrections for eMMC tcp: consistently disable header prediction for mptcp tcp: annotate data races around tp->mtu_info tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized ipv6: tcp: drop silly ICMPv6 packet too big messages tcp: call sk_wmem_schedule before sk_mem_charge in zerocopy path tools: bpf: Fix error in 'make -C tools/ bpf_install' bpftool: Properly close va_list 'ap' by va_end() on error bpf: Track subprog poke descriptors correctly and fix use-after-free perf test bpf: Free obj_buf drm/panel: nt35510: Do not fail if DSI read fails udp: annotate data races around unix_sk(sk)->gso_size Linux 5.10.53 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iac8fe9cd2abb2d8dd993967205a97c89f01f3647 |
||
|
Peter Xu
|
9e1cf2d1ed |
mm/userfaultfd: fix uffd-wp special cases for fork()
commit 8f34f1eac3820fc2722e5159acceb22545b30b0d upstream. We tried to do something similar in |
||
|
Greg Kroah-Hartman
|
277b311ae1 |
Revert "swap: fix do_swap_page() race with swapoff"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
1328352dcd |
Merge branch 'android12-5.10' into android12-5.10-lts
Sync up with android12-5.10 for the following commits: |
||
|
Minchan Kim
|
9938b82be1 |
ANDROID: mm: bail out tlb free batching on page zapping when cma is going on
I found sometime cma allocation took a long time to be succeeded because one of the pages is in the middle of zapping(e.g., munmap, exit) so alloc_contig_range couldn't migrate the page because it was zero page mapcount. So, CMA allocator need to wait it until tlb batching frees the page and the batching free happens on the target process's context which is quite random, sometimes, very low priority process on little core. It makes CMA allocation very slow up to several hundreds millisecond. To solve the issue, let's make the TLB free batching aware of CMA progress so whenever cma allocation is going on, TLB free batching should bail out asap to minimize cma allocation latency. Bug: 192475091 Signed-off-by: Minchan Kim <minchan@google.com> Change-Id: Ic76ecff795639085c4372791d922301467563a06 |
||
|
Greg Kroah-Hartman
|
2df0fb4a4b |
Merge 5.10.50 into android12-5.10-lts
Changes in 5.10.50
Bluetooth: hci_qca: fix potential GPF
Bluetooth: btqca: Don't modify firmware contents in-place
Bluetooth: Remove spurious error message
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
ALSA: usb-audio: Fix OOB access at proc output
ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire
ALSA: usb-audio: scarlett2: Fix wrong resume call
ALSA: intel8x0: Fix breakage at ac97 clock measurement
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8
ALSA: hda/realtek: Add another ALC236 variant support
ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8
ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx
ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too
ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
usb: gadget: eem: fix echo command packet response issue
usb: renesas-xhci: Fix handling of unknown ROM state
USB: cdc-acm: blacklist Heimann USB Appset device
usb: dwc3: Fix debugfs creation flow
usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
xhci: solve a double free problem while doing s4
gfs2: Fix underflow in gfs2_page_mkwrite
gfs2: Fix error handling in init_statfs
ntfs: fix validity check for file name attribute
selftests/lkdtm: Avoid needing explicit sub-shell
copy_page_to_iter(): fix ITER_DISCARD case
iov_iter_fault_in_readable() should do nothing in xarray case
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
crypto: nx - Fix memcpy() over-reading in nonce
crypto: ccp - Annotate SEV Firmware file names
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
ARM: dts: ux500: Fix LED probing
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: send: fix invalid path for unlink operations after parent orphanization
btrfs: compression: don't try to compress if we don't have enough pages
btrfs: clear defrag status of a root if starting transaction fails
ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
ext4: fix kernel infoleak via ext4_extent_header
ext4: fix overflow in ext4_iomap_alloc()
ext4: return error code when ext4_fill_flex_info() fails
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
ext4: use ext4_grp_locked_error in mb_find_extent
can: bcm: delay release of struct bcm_op after synchronize_rcu()
can: gw: synchronize rcu operations before removing gw job entry
can: isotp: isotp_release(): omit unintended hrtimer restart on socket release
can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
mac80211: remove iwlwifi specific workaround that broke sta NDP tx
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
bus: mhi: Wait for M2 state during system resume
mm/gup: fix try_grab_compound_head() race with split_huge_page()
perf/smmuv3: Don't trample existing events with global filter
KVM: nVMX: Handle split-lock #AC exceptions that happen in L2
KVM: PPC: Book3S HV: Workaround high stack usage with clang
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
KVM: x86/mmu: Use MMU's role to detect CR4.SMEP value in nested NPT walk
s390/cio: dont call css_wait_for_slow_path() inside a lock
s390: mm: Fix secure storage access exception handling
f2fs: Prevent swap file in LFS mode
clk: agilex/stratix10/n5x: fix how the bypass_reg is handled
clk: agilex/stratix10: remove noc_clk
clk: agilex/stratix10: fix bypass representation
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
iio: frequency: adf4350: disable reg and clk on error in adf4350_probe()
iio: light: tcs3472: do not free unallocated IRQ
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: accel: bma180: Fix BMA25x bandwidth register values
serial: mvebu-uart: fix calculation of clock divisor
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial_cs: remove wrong GLOBETROTTER.cis entry
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
ssb: sdio: Don't overwrite const buffer if block_write fails
rsi: Assign beacon rate settings to the correct rate_info descriptor field
rsi: fix AP mode with WPA failure due to encrypted EAPOL
tracing/histograms: Fix parsing of "sym-offset" modifier
tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
loop: Fix missing discard support when using LOOP_CONFIGURE
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
fuse: Fix crash in fuse_dentry_automount() error path
fuse: Fix crash if superblock of submount gets killed early
fuse: Fix infinite loop in sget_fc()
fuse: ignore PG_workingset after stealing
fuse: check connected before queueing on fpq->io
fuse: reject internal errno
thermal/cpufreq_cooling: Update offline CPUs per-cpu thermal_pressure
spi: Make of_register_spi_device also set the fwnode
Add a reference to ucounts for each cred
staging: media: rkvdec: fix pm_runtime_get_sync() usage count
media: marvel-ccic: fix some issues when getting pm_runtime
media: mdk-mdp: fix pm_runtime_get_sync() usage count
media: s5p: fix pm_runtime_get_sync() usage count
media: am437x: fix pm_runtime_get_sync() usage count
media: sh_vou: fix pm_runtime_get_sync() usage count
media: mtk-vcodec: fix PM runtime get logic
media: s5p-jpeg: fix pm_runtime_get_sync() usage count
media: sunxi: fix pm_runtime_get_sync() usage count
media: sti/bdisp: fix pm_runtime_get_sync() usage count
media: exynos4-is: fix pm_runtime_get_sync() usage count
media: exynos-gsc: fix pm_runtime_get_sync() usage count
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: omap-100k: Fix the length judgment problem
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
sched/core: Initialize the idle task with preemption disabled
hwrng: exynos - Fix runtime PM imbalance on error
crypto: nx - add missing MODULE_DEVICE_TABLE
media: sti: fix obj-$(config) targets
media: cpia2: fix memory leak in cpia2_usb_probe
media: cobalt: fix race condition in setting HPD
media: hevc: Fix dependent slice segment flags
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: imx: imx7_mipi_csis: Fix logging of only error event counters
crypto: qat - check return code of qat_hal_rd_rel_reg()
crypto: qat - remove unused macro in FW loader
crypto: qce: skcipher: Fix incorrect sg count for dma transfers
arm64: perf: Convert snprintf to sysfs_emit
sched/fair: Fix ascii art by relpacing tabs
media: i2c: ov2659: Use clk_{prepare_enable,disable_unprepare}() to set xvclk on/off
media: bt878: do not schedule tasklet when it is not setup
media: em28xx: Fix possible memory leak of em28xx struct
media: hantro: Fix .buf_prepare
media: cedrus: Fix .buf_prepare
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
media: st-hva: Fix potential NULL pointer dereferences
crypto: hisilicon/sec - fixup 3des minimum key size declaration
Makefile: fix GDB warning with CONFIG_RELR
media: dvd_usb: memory leak in cinergyt2_fe_attach
memstick: rtsx_usb_ms: fix UAF
mmc: sdhci-sprd: use sdhci_sprd_writew
mmc: via-sdmmc: add a check against NULL pointer dereference
spi: meson-spicc: fix a wrong goto jump for avoiding memory leak.
spi: meson-spicc: fix memory leak in meson_spicc_probe
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
media: siano: fix device register error path
media: imx-csi: Skip first few frames from a BT.656 source
hwmon: (max31790) Report correct current pwm duty cycles
hwmon: (max31790) Fix pwmX_enable attributes
drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe()
KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10 processors
btrfs: fix error handling in __btrfs_update_delayed_inode
btrfs: abort transaction if we fail to update the delayed inode
btrfs: sysfs: fix format string for some discard stats
btrfs: don't clear page extent mapped if we're not invalidating the full page
btrfs: disable build on platforms having page size 256K
locking/lockdep: Fix the dep path printing for backwards BFS
lockding/lockdep: Avoid to find wrong lock dep path in check_irq_usage()
KVM: s390: get rid of register asm usage
regulator: mt6358: Fix vdram2 .vsel_mask
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
media: Fix Media Controller API config checks
ACPI: video: use native backlight for GA401/GA502/GA503
HID: do not use down_interruptible() when unbinding devices
EDAC/ti: Add missing MODULE_DEVICE_TABLE
ACPI: processor idle: Fix up C-state latency if not ordered
hv_utils: Fix passing zero to 'PTR_ERR' warning
lib: vsprintf: Fix handling of number field widths in vsscanf
Input: goodix - platform/x86: touchscreen_dmi - Move upside down quirks to touchscreen_dmi.c
platform/x86: touchscreen_dmi: Add an extra entry for the upside down Goodix touchscreen on Teclast X89 tablets
platform/x86: touchscreen_dmi: Add info for the Goodix GT912 panel of TM800A550L tablets
ACPI: EC: Make more Asus laptops use ECDT _GPE
block_dump: remove block_dump feature in mark_inode_dirty()
blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
blk-mq: clear stale request in tags->rq[] before freeing one request pool
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_seed_state()
open: don't silently ignore unknown O-flags in openat2()
drivers: hv: Fix missing error code in vmbus_connect()
fs: dlm: fix memory leak when fenced
ACPICA: Fix memory leak caused by _CID repair function
ACPI: bus: Call kobject_put() in acpi_init() error path
ACPI: resources: Add checks for ACPI IRQ override
block: fix race between adding/removing rq qos and normal IO
platform/x86: asus-nb-wmi: Revert "Drop duplicate DMI quirk structures"
platform/x86: asus-nb-wmi: Revert "add support for ASUS ROG Zephyrus G14 and G15"
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
nvme-pci: fix var. type for increasing cq_head
nvmet-fc: do not check for invalid target port in nvmet_fc_handle_fcp_rqst()
EDAC/Intel: Do not load EDAC driver when running as a guest
PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
cifs: improve fallocate emulation
ACPI: EC: trust DSDT GPE for certain HP laptop
clocksource: Retry clock read if long delays detected
clocksource: Check per-CPU clock synchronization when marked unstable
tpm_tis_spi: add missing SPI device ID entries
ACPI: tables: Add custom DSDT file as makefile prerequisite
HID: wacom: Correct base usage for capacitive ExpressKey status bits
cifs: fix missing spinlock around update to ses->status
mailbox: qcom: Use PLATFORM_DEVID_AUTO to register platform device
block: fix discard request merge
kthread_worker: fix return value when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
ia64: mca_drv: fix incorrect array size calculation
writeback, cgroup: increment isw_nr_in_flight before grabbing an inode
spi: Allow to have all native CSs in use along with GPIOs
spi: Avoid undefined behaviour when counting unused native CSs
media: venus: Rework error fail recover logic
media: s5p_cec: decrement usage count if disabled
media: hantro: do a PM resume earlier
crypto: ixp4xx - dma_unmap the correct address
crypto: ixp4xx - update IV after requests
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
sched/uclamp: Fix wrong implementation of cpu.uclamp.min
sched/uclamp: Fix locking around cpu_util_update_eff()
kbuild: Fix objtool dependency for 'OBJECT_FILES_NON_STANDARD_<obj> := n'
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
evm: fix writing <securityfs>/evm overflow
x86/elf: Use _BITUL() macro in UAPI headers
crypto: sa2ul - Fix leaks on failure paths with sa_dma_init()
crypto: sa2ul - Fix pm_runtime enable in sa_ul_probe()
crypto: ccp - Fix a resource leak in an error handling path
media: rc: i2c: Fix an error message
pata_ep93xx: fix deferred probing
locking/lockdep: Reduce LOCKDEP dependency list
media: rkvdec: Fix .buf_prepare
media: exynos4-is: Fix a use after free in isp_video_release
media: au0828: fix a NULL vs IS_ERR() check
media: tc358743: Fix error return code in tc358743_probe_of()
media: gspca/gl860: fix zero-length control requests
m68k: atari: Fix ATARI_KBD_CORE kconfig unmet dependency warning
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
regulator: fan53880: Fix vsel_mask setting for FAN53880_BUCK
crypto: nitrox - fix unchecked variable in nitrox_register_interrupts
crypto: omap-sham - Fix PM reference leak in omap sham ops
crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit
crypto: sm2 - remove unnecessary reset operations
crypto: sm2 - fix a memory leak in sm2
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
arm64: consistently use reserved_pg_dir
arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
media: subdev: remove VIDIOC_DQEVENT_TIME32 handling
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
hwmon: (lm70) Use device_get_match_data()
hwmon: (lm70) Revert "hwmon: (lm70) Add support for ACPI"
hwmon: (max31722) Remove non-standard ACPI device IDs
hwmon: (max31790) Fix fan speed reporting for fan7..12
KVM: nVMX: Sync all PGDs on nested transition with shadow paging
KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
KVM: nVMX: Don't clobber nested MMU's A/D status on EPTP switch
KVM: x86/mmu: Fix return value in tdp_mmu_map_handle_target_level()
perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number
KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set
regulator: hi655x: Fix pass wrong pointer to config.driver_data
btrfs: clear log tree recovering status if starting transaction fails
x86/sev: Make sure IRQs are disabled while GHCB is active
x86/sev: Split up runtime #VC handler for correct state tracking
sched/rt: Fix RT utilization tracking during policy change
sched/rt: Fix Deadline utilization tracking during policy change
sched/uclamp: Fix uclamp_tg_restrict()
lockdep: Fix wait-type for empty stack
lockdep/selftests: Fix selftests vs PROVE_RAW_LOCK_NESTING
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
psi: Fix race between psi_trigger_create/destroy
media: v4l2-async: Clean v4l2_async_notifier_add_fwnode_remote_subdev
media: video-mux: Skip dangling endpoints
PM / devfreq: Add missing error code in devfreq_add_device()
ACPI: PM / fan: Put fan device IDs into separate header file
block: avoid double io accounting for flush request
nvme-pci: look for StorageD3Enable on companion ACPI device instead
ACPI: sysfs: Fix a buffer overrun problem with description_show()
mark pstore-blk as broken
clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG
extcon: extcon-max8997: Fix IRQ freeing at error path
ACPI: APEI: fix synchronous external aborts in user-mode
blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
blk-wbt: make sure throttle is enabled properly
ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros
ACPI: bgrt: Fix CFI violation
cpufreq: Make cpufreq_online() call driver->offline() on errors
blk-mq: update hctx->dispatch_busy in case of real scheduler
ocfs2: fix snprintf() checking
dax: fix ENOMEM handling in grab_mapping_entry()
mm/debug_vm_pgtable/basic: add validation for dirtiness after write protect
mm/debug_vm_pgtable/basic: iterate over entire protection_map[]
mm/debug_vm_pgtable: ensure THP availability via has_transparent_hugepage()
swap: fix do_swap_page() race with swapoff
mm/shmem: fix shmem_swapin() race with swapoff
mm: memcg/slab: properly set up gfp flags for objcg pointer array
mm: page_alloc: refactor setup_per_zone_lowmem_reserve()
mm/page_alloc: fix counting of managed_pages
xfrm: xfrm_state_mtu should return at least 1280 for ipv6
drm/bridge/sii8620: fix dependency on extcon
drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable()
drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect()
drm/ast: Fix missing conversions to managed API
video: fbdev: imxfb: Fix an error message
net: mvpp2: Put fwnode in error case during ->probe()
net: pch_gbe: Propagate error from devm_gpio_request_one()
pinctrl: renesas: r8a7796: Add missing bias for PRESET# pin
pinctrl: renesas: r8a77990: JTAG pins do not have pull-down capabilities
drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command
drm/vmwgfx: Fix cpu updates of coherent multisample surfaces
net: qrtr: ns: Fix error return code in qrtr_ns_init()
clk: meson: g12a: fix gp0 and hifi ranges
net: ftgmac100: add missing error return code in ftgmac100_probe()
drm: rockchip: set alpha_en to 0 if it is not used
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
drm/rockchip: dsi: move all lane config except LCDC mux to bind()
drm/rockchip: lvds: Fix an error handling path
drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result
mptcp: fix pr_debug in mptcp_token_new_connect
mptcp: generate subflow hmac after mptcp_finish_join()
RDMA/srp: Fix a recently introduced memory leak
RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats
RDMA/rtrs: Do not reset hb_missed_max after re-connection
RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object
RDMA/rtrs-srv: Fix memory leak when having multiple sessions
RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection
RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats
ehea: fix error return code in ehea_restart_qps()
clk: tegra30: Use 300MHz for video decoder by default
xfrm: remove the fragment check for ipv6 beet mode
net/sched: act_vlan: Fix modify to allow 0
RDMA/core: Sanitize WQ state received from the userspace
drm/pl111: depend on CONFIG_VEXPRESS_CONFIG
RDMA/rxe: Fix failure during driver load
drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends
drm/vc4: hdmi: Fix error path of hpd-gpios
clk: vc5: fix output disabling when enabling a FOD
drm: qxl: ensure surf.data is ininitialized
tools/bpftool: Fix error return code in do_batch()
ath10k: go to path err_unsupported when chip id is not supported
ath10k: add missing error return code in ath10k_pci_probe()
wireless: carl9170: fix LEDS build errors & warnings
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
clk: imx8mq: remove SYS PLL 1/2 clock gates
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ssb: Fix error return code in ssb_bus_scan()
brcmfmac: fix setting of station info chains bitmask
brcmfmac: correctly report average RSSI in station info
brcmfmac: Fix a double-free in brcmf_sdio_bus_reset
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
cw1200: Revert unnecessary patches that fix unreal use-after-free bugs
ath11k: Fix an error handling path in ath11k_core_fetch_board_data_api_n()
ath10k: Fix an error code in ath10k_add_interface()
ath11k: send beacon template after vdev_start/restart during csa
netlabel: Fix memory leak in netlbl_mgmt_add_common
RDMA/mlx5: Don't add slave port to unaffiliated list
netfilter: nft_exthdr: check for IPv6 packet before further processing
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
RDMA/rxe: Fix qp reference counting for atomic ops
selftests/bpf: Whitelist test_progs.h from .gitignore
xsk: Fix missing validation for skb and unaligned mode
xsk: Fix broken Tx ring validation
bpf: Fix libelf endian handling in resolv_btfids
RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr
samples/bpf: Fix Segmentation fault for xdp_redirect command
samples/bpf: Fix the error return code of xdp_redirect's main()
mt76: fix possible NULL pointer dereference in mt76_tx
mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
vrf: do not push non-ND strict packets with a source LLA through packet taps again
net: sched: add barrier to ensure correct ordering for lockless qdisc
tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic
pkt_sched: sch_qfq: fix qfq_change_class() error path
xfrm: Fix xfrm offload fallback fail case
iwlwifi: increase PNVM load timeout
rtw88: 8822c: fix lc calibration timing
vxlan: add missing rcu_read_lock() in neigh_reduce()
ip6_tunnel: fix GRE6 segmentation
net/ipv4: swap flow ports when validating source
net: ti: am65-cpsw-nuss: Fix crash when changing number of TX queues
tc-testing: fix list handling
ieee802154: hwsim: Fix memory leak in hwsim_add_one
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
bpf: Fix null ptr deref with mixed tail calls and subprogs
drm/msm: Fix error return code in msm_drm_init()
drm/msm/dpu: Fix error return code in dpu_mdss_init()
mac80211: remove iwlwifi specific workaround NDPs of null_response
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
ipv6: exthdrs: do not blindly use init_net
can: j1939: j1939_sk_setsockopt(): prevent allocation of j1939 filter for optlen == 0
bpf: Do not change gso_size during bpf_skb_change_proto()
i40e: Fix error handling in i40e_vsi_open
i40e: Fix autoneg disabling for non-10GBaseT links
i40e: Fix missing rtnl locking when setting up pf switch
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
ibmvnic: set ltb->buff to NULL after freeing
ibmvnic: free tx_pool if tso_pool alloc fails
RDMA/cma: Protect RMW with qp_mutex
net: macsec: fix the length used to copy the key for offloading
net: phy: mscc: fix macsec key length
net: atlantic: fix the macsec key length
ipv6: fix out-of-bound access in ip6_parse_tlv()
e1000e: Check the PCIm state
net: dsa: sja1105: fix NULL pointer dereference in sja1105_reload_cbs()
bpfilter: Specify the log level for the kmsg message
RDMA/cma: Fix incorrect Packet Lifetime calculation
gve: Fix swapped vars when fetching max queues
Revert "be2net: disable bh with spin_lock in be_process_mcc"
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
Bluetooth: Fix not sending Set Extended Scan Response
Bluetooth: Fix Set Extended (Scan Response) Data
Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
clk: actions: Fix UART clock dividers on Owl S500 SoC
clk: actions: Fix SD clocks factor table on Owl S500 SoC
clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC
clk: actions: Fix AHPPREDIV-H-AHB clock chain on Owl S500 SoC
clk: qcom: clk-alpha-pll: fix CAL_L write in alpha_pll_fabia_prepare
clk: si5341: Wait for DEVICE_READY on startup
clk: si5341: Avoid divide errors due to bogus register contents
clk: si5341: Check for input clock presence and PLL lock on startup
clk: si5341: Update initialization magic
writeback: fix obtain a reference to a freeing memcg css
net: lwtunnel: handle MTU calculation in forwading
net: sched: fix warning in tcindex_alloc_perfect_hash
net: tipc: fix FB_MTU eat two pages
RDMA/mlx5: Don't access NULL-cleared mpi pointer
RDMA/core: Always release restrack object
MIPS: Fix PKMAP with 32-bit MIPS huge page support
staging: fbtft: Rectify GPIO handling
staging: fbtft: Don't spam logs when probe is deferred
ASoC: rt5682: Disable irq on shutdown
rcu: Invoke rcu_spawn_core_kthreads() from rcu_spawn_gp_kthread()
serial: fsl_lpuart: don't modify arbitrary data on lpuart32
serial: fsl_lpuart: remove RTSCTS handling from get_mctrl()
serial: 8250_omap: fix a timeout loop condition
tty: nozomi: Fix a resource leak in an error handling function
mwifiex: re-fix for unaligned accesses
iio: adis_buffer: do not return ints in irq handlers
iio: adis16400: do not return ints in irq handlers
iio: adis16475: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: mxc4005: Fix overread of data and alignment issue.
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: chemical: atlas: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: cros_ec_sensors: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
backlight: lm3630a_bl: Put fwnode in error case during ->probe()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
Input: hil_kbd - fix error return code in hil_dev_connect()
perf scripting python: Fix tuple_set_u64()
mtd: partitions: redboot: seek fis-index-block in the right node
mtd: rawnand: arasan: Ensure proper configuration for the asserted target
staging: mmal-vchiq: Fix incorrect static vchiq_instance.
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
firmware: stratix10-svc: Fix a resource leak in an error handling path
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
leds: class: The -ENOTSUPP should never be seen by user space
leds: lm3532: select regmap I2C API
leds: lm36274: Put fwnode in error case during ->probe()
leds: lm3692x: Put fwnode in any case during ->probe()
leds: lm3697: Don't spam logs when probe is deferred
leds: lp50xx: Put fwnode in error case during ->probe()
scsi: FlashPoint: Rename si_flags field
scsi: iscsi: Flush block work before unblock
mfd: mp2629: Select MFD_CORE to fix build error
mfd: rn5t618: Fix IRQ trigger by changing it to level mode
fsi: core: Fix return of error values on failures
fsi: scom: Reset the FSI2PIB engine for any error
fsi: occ: Don't accept response from un-initialized OCC
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi/sbefifo: Fix reset timeout
visorbus: fix error return code in visorchipset_init()
iommu/amd: Fix extended features logging
s390/irq: select HAVE_IRQ_EXIT_ON_IRQ_STACK
s390: enable HAVE_IOREMAP_PROT
s390: appldata depends on PROC_SYSCTL
selftests: splice: Adjust for handler fallback removal
iommu/dma: Fix IOVA reserve dma ranges
ASoC: max98373-sdw: use first_hw_init flag on resume
ASoC: rt1308-sdw: use first_hw_init flag on resume
ASoC: rt5682-sdw: use first_hw_init flag on resume
ASoC: rt700-sdw: use first_hw_init flag on resume
ASoC: rt711-sdw: use first_hw_init flag on resume
ASoC: rt715-sdw: use first_hw_init flag on resume
ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test
ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID
ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()'
usb: gadget: f_fs: Fix setting of device and driver data cross-references
usb: dwc2: Don't reset the core after setting turnaround time
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default()
iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: light: vcnl4000: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
ASoC: fsl_spdif: Fix error handler with pm_runtime_enable
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: rtl8712: fix error handling in r871xu_drv_init
staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
coresight: core: Fix use of uninitialized pointer
staging: mt7621-dts: fix pci address for PCI memory range
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
of: Fix truncation of memory sizes on 32-bit platforms
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
habanalabs: Fix an error handling path in 'hl_pci_probe()'
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
soundwire: stream: Fix test for DP prepare complete
phy: uniphier-pcie: Fix updating phy parameters
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
powerpc/powernv: Fix machine check reporting of async store errors
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
configfs: fix memleak in configfs_release_bin_file
ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake
ASoC: fsl_spdif: Fix unexpected interrupt after suspend
leds: as3645a: Fix error return code in as3645a_parse_node()
leds: ktd2692: Fix an error handling path
selftests/ftrace: fix event-no-pid on 1-core machine
serial: 8250: 8250_omap: Disable RX interrupt after DMA enable
serial: 8250: 8250_omap: Fix possible interrupt storm on K3 SoCs
powerpc: Offline CPU in stop_this_cpu()
powerpc/papr_scm: Properly handle UUID types and API
powerpc/64s: Fix copy-paste data exposure into newly created tasks
powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable
ALSA: firewire-lib: Fix 'amdtp_domain_start()' when no AMDTP_OUT_STREAM stream is found
serial: mvebu-uart: do not allow changing baudrate when uartclk is not available
serial: mvebu-uart: correctly calculate minimal possible baudrate
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
vfio/pci: Handle concurrent vma faults
mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled
mm/huge_memory.c: remove dedicated macro HPAGE_CACHE_INDEX_MASK
mm/huge_memory.c: add missing read-only THP checking in transparent_hugepage_enabled()
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
mm/hugetlb: use helper huge_page_order and pages_per_huge_page
mm/hugetlb: remove redundant check in preparing and destroying gigantic page
hugetlb: remove prep_compound_huge_page cleanup
include/linux/huge_mm.h: remove extern keyword
mm/z3fold: fix potential memory leak in z3fold_destroy_pool()
mm/z3fold: use release_z3fold_page_locked() to release locked z3fold page
lib/math/rational.c: fix divide by zero
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
selftests/vm/pkeys: handle negative sys_pkey_alloc() return code
selftests/vm/pkeys: refill shadow register after implicit kernel write
perf llvm: Return -ENOMEM when asprintf() fails
csky: fix syscache.c fallthrough warning
csky: syscache: Fixup duplicate cache flush
exfat: handle wrong stream entry size in exfat_readdir()
scsi: fc: Correct RHBA attributes length
scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd()
mailbox: qcom-ipcc: Fix IPCC mbox channel exhaustion
fscrypt: don't ignore minor_hash when hash is 0
fscrypt: fix derivation of SipHash keys on big endian CPUs
tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status()
erofs: fix error return code in erofs_read_superblock()
block: return the correct bvec when checking for gaps
io_uring: fix blocking inline submission
mmc: block: Disable CMDQ on the ioctl path
mmc: vub3000: fix control-request direction
media: exynos4-is: remove a now unused integer
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
crypto: qce - fix error return code in qce_skcipher_async_req_handle()
s390: preempt: Fix preempt_count initialization
cred: add missing return error code when set_cred_ucounts() failed
iommu/dma: Fix compile warning in 32-bit builds
powerpc/preempt: Don't touch the idle task's preempt_count during hotplug
Linux 5.10.50
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iec4eab24ea8eb5a6d79739a1aec8432d93a8f82c
|
||
|
Miaohe Lin
|
a5dcdfe4cb |
swap: fix do_swap_page() race with swapoff
[ Upstream commit 2799e77529c2a25492a4395db93996e3dacd762d ]
When I was investigating the swap code, I found the below possible race
window:
CPU 1 CPU 2
----- -----
do_swap_page
if (data_race(si->flags & SWP_SYNCHRONOUS_IO)
swap_readpage
if (data_race(sis->flags & SWP_FS_OPS)) {
swapoff
..
p->swap_file = NULL;
..
struct file *swap_file = sis->swap_file;
struct address_space *mapping = swap_file->f_mapping;[oops!]
Note that for the pages that are swapped in through swap cache, this isn't
an issue. Because the page is locked, and the swap entry will be marked
with SWAP_HAS_CACHE, so swapoff() can not proceed until the page has been
unlocked.
Fix this race by using get/put_swap_device() to guard against concurrent
swapoff.
Link: https://lkml.kernel.org/r/20210426123316.806267-3-linmiaohe@huawei.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
194be71cc6 |
Merge 5.10.47 into android12-5.10-lts
Changes in 5.10.47 module: limit enabling module.sig_enforce Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue." Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell." drm: add a locked version of drm_is_current_master drm/nouveau: wait for moving fence after pinning v2 drm/radeon: wait for moving fence after pinning drm/amdgpu: wait for moving fence after pinning ARM: 9081/1: fix gcc-10 thumb2-kernel regression mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk MIPS: generic: Update node names to avoid unit addresses arm64: Ignore any DMA offsets in the max_zone_phys() calculation arm64: Force NO_BLOCK_MAPPINGS if crashkernel reservation is required spi: spi-nxp-fspi: move the register operation after the clock enable Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" drm/vc4: hdmi: Move the HSM clock enable to runtime_pm drm/vc4: hdmi: Make sure the controller is powered in detect x86/entry: Fix noinstr fail in __do_fast_syscall_32() x86/xen: Fix noinstr fail in exc_xen_unknown_trap() locking/lockdep: Improve noinstr vs errors perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context perf/x86/intel/lbr: Zero the xstate buffer on allocation dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() dmaengine: stm32-mdma: fix PM reference leak in stm32_mdma_alloc_chan_resourc() dmaengine: xilinx: dpdma: Add missing dependencies to Kconfig dmaengine: xilinx: dpdma: Limit descriptor IDs to 16 bits mac80211: remove warning in ieee80211_get_sband() mac80211_hwsim: drop pending frames on stop cfg80211: call cfg80211_leave_ocb when switching away from OCB dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() dmaengine: mediatek: free the proper desc in desc_free handler dmaengine: mediatek: do not issue a new desc if one is still current dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma net: ipv4: Remove unneed BUG() function mac80211: drop multicast fragments net: ethtool: clear heap allocations for ethtool function inet: annotate data race in inet_send_prepare() and inet_dgram_connect() ping: Check return value of function 'ping_queue_rcv_skb' net: annotate data race in sock_error() inet: annotate date races around sk->sk_txhash net/packet: annotate data race in packet_sendmsg() net: phy: dp83867: perform soft reset and retain established link riscv32: Use medany C model for modules net: caif: fix memory leak in ldisc_open net/packet: annotate accesses to po->bind net/packet: annotate accesses to po->ifindex r8152: Avoid memcpy() over-reading of ETH_SS_STATS sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS r8169: Avoid memcpy() over-reading of ETH_SS_STATS KVM: selftests: Fix kvm_check_cap() assertion net: qed: Fix memcpy() overflow of qed_dcbx_params() mac80211: reset profile_periodicity/ema_ap mac80211: handle various extensible elements correctly recordmcount: Correct st_shndx handling PCI: Add AMD RS690 quirk to enable 64-bit DMA net: ll_temac: Add memory-barriers for TX BD access net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY perf/x86: Track pmu in per-CPU cpu_hw_events pinctrl: stm32: fix the reported number of GPIO lines per bank i2c: i801: Ensure that SMBHSTSTS_INUSE_STS is cleared when leaving i801_access gpiolib: cdev: zero padding during conversion to gpioline_info_changed scsi: sd: Call sd_revalidate_disk() for ioctl(BLKRRPART) nilfs2: fix memory leak in nilfs_sysfs_delete_device_group s390/stack: fix possible register corruption with stack switch helper KVM: do not allow mapping valid but non-reference-counted pages i2c: robotfuzz-osif: fix control-request directions ceph: must hold snap_rwsem when filling inode for async create kthread_worker: split code for canceling the delayed work timer kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() x86/fpu: Make init_fpstate correct with optimized XSAVE mm: add VM_WARN_ON_ONCE_PAGE() macro mm/rmap: remove unneeded semicolon in page_not_mapped() mm/rmap: use page_not_mapped in try_to_unmap() mm, thp: use head page in __migration_entry_wait() mm/thp: fix __split_huge_pmd_locked() on shmem migration entry mm/thp: make is_huge_zero_pmd() safe and quicker mm/thp: try_to_unmap() use TTU_SYNC for safe splitting mm/thp: fix vma_address() if virtual address below file offset mm/thp: fix page_address_in_vma() on file THP tails mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split mm: page_vma_mapped_walk(): use page for pvmw->page mm: page_vma_mapped_walk(): settle PageHuge on entry mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block mm: page_vma_mapped_walk(): crossing page table boundary mm: page_vma_mapped_walk(): add a level of indentation mm: page_vma_mapped_walk(): use goto instead of while (1) mm: page_vma_mapped_walk(): get vma_address_end() earlier mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() mm, futex: fix shared futex pgoff on shmem huge page KVM: SVM: Call SEV Guest Decommission if ASID binding fails swiotlb: manipulate orig_addr when tlb_addr has offset netfs: fix test for whether we can skip read when writing beyond EOF Revert "drm: add a locked version of drm_is_current_master" certs: Add EFI_CERT_X509_GUID support for dbx entries certs: Move load_system_certificate_list to a common function certs: Add ability to preload revocation certs integrity: Load mokx variables into the blacklist keyring Linux 5.10.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I68f731ad78a5db003c41093e4faf59f6f9f2e446 |
||
|
Hugh Dickins
|
0010275ca2 |
mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
[ Upstream commit 22061a1ffabdb9c3385de159c5db7aac3a4df1cc ]
There is a race between THP unmapping and truncation, when truncate sees
pmd_none() and skips the entry, after munmap's zap_huge_pmd() cleared
it, but before its page_remove_rmap() gets to decrement
compound_mapcount: generating false "BUG: Bad page cache" reports that
the page is still mapped when deleted. This commit fixes that, but not
in the way I hoped.
The first attempt used try_to_unmap(page, TTU_SYNC|TTU_IGNORE_MLOCK)
instead of unmap_mapping_range() in truncate_cleanup_page(): it has
often been an annoyance that we usually call unmap_mapping_range() with
no pages locked, but there apply it to a single locked page.
try_to_unmap() looks more suitable for a single locked page.
However, try_to_unmap_one() contains a VM_BUG_ON_PAGE(!pvmw.pte,page):
it is used to insert THP migration entries, but not used to unmap THPs.
Copy zap_huge_pmd() and add THP handling now? Perhaps, but their TLB
needs are different, I'm too ignorant of the DAX cases, and couldn't
decide how far to go for anon+swap. Set that aside.
The second attempt took a different tack: make no change in truncate.c,
but modify zap_huge_pmd() to insert an invalidated huge pmd instead of
clearing it initially, then pmd_clear() between page_remove_rmap() and
unlocking at the end. Nice. But powerpc blows that approach out of the
water, with its serialize_against_pte_lookup(), and interesting pgtable
usage. It would need serious help to get working on powerpc (with a
minor optimization issue on s390 too). Set that aside.
Just add an "if (page_mapped(page)) synchronize_rcu();" or other such
delay, after unmapping in truncate_cleanup_page()? Perhaps, but though
that's likely to reduce or eliminate the number of incidents, it would
give less assurance of whether we had identified the problem correctly.
This successful iteration introduces "unmap_mapping_page(page)" instead
of try_to_unmap(), and goes the usual unmap_mapping_range_tree() route,
with an addition to details. Then zap_pmd_range() watches for this
case, and does spin_unlock(pmd_lock) if so - just like
page_vma_mapped_walk() now does in the PVMW_SYNC case. Not pretty, but
safe.
Note that unmap_mapping_page() is doing a VM_BUG_ON(!PageLocked) to
assert its interface; but currently that's only used to make sure that
page->mapping is stable, and zap_pmd_range() doesn't care if the page is
locked or not. Along these lines, in invalidate_inode_pages2_range()
move the initial unmap_mapping_range() out from under page lock, before
then calling unmap_mapping_page() under page lock if still mapped.
Link: https://lkml.kernel.org/r/a2a4a148-cdd8-942c-4ef8-51b77f643dbe@google.com
Fixes:
|
||
|
Axel Rasmussen
|
0c959cd889 |
BACKPORT: FROMGIT: userfaultfd/shmem: support minor fault registration for shmem
This patch allows shmem-backed VMAs to be registered for minor faults. Minor faults are appropriately relayed to userspace in the fault path, for VMAs with the relevant flag. This commit doesn't hook up the UFFDIO_CONTINUE ioctl for shmem-backed minor faults, though, so userspace doesn't yet have a way to resolve such faults. Because of this, we also don't yet advertise this as a supported feature. That will be done in a separate commit when the feature is fully implemented. Link: https://lkml.kernel.org/r/20210503180737.2487560-4-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Acked-by: Peter Xu <peterx@redhat.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Brian Geffon <bgeffon@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Joe Perches <joe@perches.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Cc: Shaohua Li <shli@fb.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Wang Qing <wangqing@vivo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 5e5c844fd6d406a47c921c54b99f023ee6e3da8b https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1420970/ Conflicts: mm/shmem.c (Manual rebase) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 187930641 Change-Id: Ib8e3fe202feab7404742814f4250a0981065368c |
||
|
Lokesh Gidra
|
84330a5f50 |
Revert "BACKPORT: FROMGIT: userfaultfd: support minor fault handling for shmem"
This reverts commit
|
||
|
Minchan Kim
|
458e81ecf7 |
ANDROID: mm: spf: fix task fault accounting
SPF has missed per-process fault account logic. Fix it. Bug: 187072626 Signed-off-by: Minchan Kim <minchan@google.com> Change-Id: Ibd854bf350721917ef0be1af65055691d16b52f0 |
||
|
Minchan Kim
|
df9a9d821c |
ANDROID: mm: page_pinner: use put_user_page at access_remote_vm
/proc/<pid>/cmdline calls __get_user_pages_remote indirectly so close the false positive reporting by using put_user_page. Page pinned via pid 792, ts 11450624760 ns PFN 220828 Block 431 type Movable Flags 0xfffffc0080036(referenced|uptodate|lru|active|swapbacked) try_grab_page+0x144/0x160 follow_page_mask+0x4a1/0x630 __get_user_pages+0x24e/0x760 __get_user_pages_remote+0xd4/0x320 __access_remote_vm+0x110/0x390 proc_pid_cmdline_read+0x16a/0x3f0 vfs_read+0x98/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Bug: 183414571 Signed-off-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Minchan Kim <minchan@google.com> Change-Id: I88625af49600b82f6f96157d69988fbda455d819 |
||
|
Vinayak Menon
|
35eacb5c87 |
ANDROID: mm: allow vmas with vm_ops to be speculatively handled
Right now only anonymous page faults are speculatively handled, thus leaving out a large percentage of faults still requiring to take mmap_sem. These were left out since there can be fault handlers mainly in the fs layer which may use vma in unknown ways. This patch enables speculative fault for ext4, f2fs and shmem. The feature is disabled by default and enabled via allow_file_spec_access kernel param. Bug: 171954515 Change-Id: I0d23ebf299000e4ac5e2c71bc0b7fc9006e98da9 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Carlos Llamas
|
e98d2de6a6 |
ANDROID: mm: fix mixed declaration and code warning
This fixes the following warning:
mm/memory.c: In function ‘___handle_speculative_fault’:
mm/memory.c:4871:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
4871 | struct mempolicy *pol;
| ^~~~~~
Bug: 183339614
Fixes:
|
||
|
Axel Rasmussen
|
d672123ec4 |
BACKPORT: FROMGIT: userfaultfd: support minor fault handling for shmem
Patch series "userfaultfd: support minor fault handling for shmem", v2. Overview ======== See my original series [1] for a detailed overview of minor fault handling in general. The feature in this series works exactly like the hugetblfs version (from userspace's perspective). I'm sending this as a separate series because: - The original minor fault handling series has a full set of R-Bs, and seems close to being merged. So, it seems reasonable to start looking at this next step, which extends the basic functionality. - shmem is different enough that this series may require some additional work before it's ready, and I don't want to delay the original series unnecessarily by bundling them together. Use Case ======== In some cases it is useful to have VM memory backed by tmpfs instead of hugetlbfs. So, this feature will be used to support the same VM live migration use case described in my original series. Additionally, Android folks (Lokesh Gidra <lokeshgidra@google.com>) hope to optimize the Android Runtime garbage collector using this feature: "The plan is to use userfaultfd for concurrently compacting the heap. With this feature, the heap can be shared-mapped at another location where the GC-thread(s) could continue the compaction operation without the need to invoke userfault ioctl(UFFDIO_COPY) each time. OTOH, if and when Java threads get faults on the heap, UFFDIO_CONTINUE can be used to resume execution. Furthermore, this feature enables updating references in the 'non-moving' portion of the heap efficiently. Without this feature, uneccessary page copying (ioctl(UFFDIO_COPY)) would be required." [1] https://lore.kernel.org/linux-fsdevel/20210301222728.176417-1-axelrasmussen@google.com/T/#t This patch (of 5): Modify the userfaultfd register API to allow registering shmem VMAs in minor mode. Modify the shmem mcopy implementation to support UFFDIO_CONTINUE in order to resolve such faults. Combine the shmem mcopy handler functions into a single shmem_mcopy_atomic_pte, which takes a mode parameter. This matches how the hugetlbfs implementation is structured, and lets us remove a good chunk of boilerplate. Link: https://lkml.kernel.org/r/20210302000133.272579-1-axelrasmussen@google.com Link: https://lkml.kernel.org/r/20210302000133.272579-2-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Joe Perches <joe@perches.com> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Peter Xu <peterx@redhat.com> Cc: Shaohua Li <shli@fb.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Wang Qing <wangqing@vivo.com> Cc: Brian Geffon <bgeffon@google.com> Cc: Cannon Matthews <cannonmatthews@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Michel Lespinasse <walken@google.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 4cc6e15679966aa49afc5b114c3c83ba0ac39b05 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1388146/ Conflicts: mm/shmem.c (1. Manual rebase 2. Enclosed shmem_copy_atomic_pte() with CONFIG_USERFAULTFD to avoid compile erros when USERFAULTFD is not enabled.) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: Idcd822b2a124a089121b9ad8c65061f6979126ec |
||
|
Greg Kroah-Hartman
|
e92949726c |
Merge 5.10.28 into android12-5.10
Changes in 5.10.28 arm64: mm: correct the inside linear map range during hotplug check bpf: Fix fexit trampoline. virtiofs: Fail dax mount if device does not support it ext4: shrink race window in ext4_should_retry_alloc() ext4: fix bh ref count on error paths fs: nfsd: fix kconfig dependency warning for NFSD_V4 rpc: fix NULL dereference on kmalloc failure iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate ASoC: rt1015: fix i2c communication error ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe ASoC: es8316: Simplify adc_pga_gain_tlv table ASoC: soc-core: Prevent warning if no DMI table is present ASoC: cs42l42: Fix Bitclock polarity inversion ASoC: cs42l42: Fix channel width support ASoC: cs42l42: Fix mixer volume control ASoC: cs42l42: Always wait at least 3ms after reset NFSD: fix error handling in NFSv4.0 callbacks kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing vhost: Fix vhost_vq_reset() io_uring: fix ->flags races by linked timeouts scsi: st: Fix a use after free in st_open() scsi: qla2xxx: Fix broken #endif placement staging: comedi: cb_pcidas: fix request_irq() warn staging: comedi: cb_pcidas64: fix request_irq() warn ASoC: rt5659: Update MCLK rate in set_sysclk() ASoC: rt711: add snd_soc_component remove callback thermal/core: Add NULL pointer check before using cooling device stats locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling locking/ww_mutex: Fix acquire/release imbalance in ww_acquire_init()/ww_acquire_fini() nvmet-tcp: fix kmap leak when data digest in use io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls static_call: Align static_call_is_init() patching condition ext4: do not iput inode under running transaction in ext4_rename() io_uring: call req_set_fail_links() on short send[msg]()/recv[msg]() with MSG_WAITALL net: mvpp2: fix interrupt mask/unmask skip condition flow_dissector: fix TTL and TOS dissection on IPv4 fragments can: dev: move driver related infrastructure into separate subdir net: introduce CAN specific pointer in the struct net_device can: tcan4x5x: fix max register value brcmfmac: clear EAP/association status bits on linkdown events ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer rtw88: coex: 8821c: correct antenna switch function netdevsim: dev: Initialize FIB module after debugfs iwlwifi: pcie: don't disable interrupts for reg_lock ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() net: ethernet: aquantia: Handle error cleanup of start on open appletalk: Fix skb allocation size in loopback case net: ipa: remove two unused register definitions net: ipa: fix register write command validation net: wan/lmc: unregister device when no matching device is found net: 9p: advance iov on empty read bpf: Remove MTU check in __bpf_skb_max_len ACPI: tables: x86: Reserve memory occupied by ACPI tables ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() ALSA: usb-audio: Apply sample rate quirk to Logitech Connect ALSA: hda: Re-add dropped snd_poewr_change_state() calls ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 xtensa: fix uaccess-related livelock in do_page_fault xtensa: move coprocessor_flush to the .text section KVM: SVM: load control fields from VMCB12 before checking them KVM: SVM: ensure that EFER.SVME is set when running nested guest or on nested vmexit PM: runtime: Fix race getting/putting suppliers at probe PM: runtime: Fix ordering in pm_runtime_get_suppliers() tracing: Fix stack trace event size s390/vdso: copy tod_steering_delta value to vdso_data page s390/vdso: fix tod_steering_delta type mm: fix race by making init_zero_pfn() early_initcall drm/amdkfd: dqm fence memory corruption drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() drm/amdgpu: check alignment on CPU page for bo map reiserfs: update reiserfs_xattrs_initialized() condition drm/imx: fix memory leak when fails to init drm/tegra: dc: Restore coupling of display controllers drm/tegra: sor: Grab runtime PM reference across reset vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends pinctrl: rockchip: fix restore error in resume extcon: Add stubs for extcon_register_notifier_all() functions extcon: Fix error handling in extcon_dev_register firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield video: hyperv_fb: Fix a double free in hvfb_probe firewire: nosy: Fix a use-after-free bug in nosy_ioctl() usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem usb: musb: Fix suspend with devices connected for a64 usb: xhci-mtk: fix broken streams issue on 0.96 xHCI cdc-acm: fix BREAK rx code path adding necessary calls USB: cdc-acm: untangle a circular dependency between callback and softint USB: cdc-acm: downgrade message to debug USB: cdc-acm: fix double free on probe failure USB: cdc-acm: fix use-after-free after probe failure usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. usb: dwc2: Prevent core suspend when port connection flag is 0 usb: dwc3: qcom: skip interconnect init for ACPI probe usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable soc: qcom-geni-se: Cleanup the code to remove proxy votes staging: rtl8192e: Fix incorrect source in memcpy() staging: rtl8192e: Change state information from u16 to u8 driver core: clear deferred probe reason on probe retry drivers: video: fbcon: fix NULL dereference in fbcon_cursor() riscv: evaluate put_user() arg before enabling user access Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing" bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG Linux 5.10.28 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifdbbeda8de3ee22a7aa3f5d3b10becf0aba1a124 |
||
|
Ilya Lipnitskiy
|
ec3e06e06f |
mm: fix race by making init_zero_pfn() early_initcall
commit e720e7d0e983bf05de80b231bccc39f1487f0f16 upstream.
There are code paths that rely on zero_pfn to be fully initialized
before core_initcall. For example, wq_sysfs_init() is a core_initcall
function that eventually results in a call to kernel_execve, which
causes a page fault with a subsequent mmput. If zero_pfn is not
initialized by then it may not get cleaned up properly and result in an
error:
BUG: Bad rss-counter state mm:(ptrval) type:MM_ANONPAGES val:1
Here is an analysis of the race as seen on a MIPS device. On this
particular MT7621 device (Ubiquiti ER-X), zero_pfn is PFN 0 until
initialized, at which point it becomes PFN 5120:
1. wq_sysfs_init calls into kobject_uevent_env at core_initcall:
kobject_uevent_env+0x7e4/0x7ec
kset_register+0x68/0x88
bus_register+0xdc/0x34c
subsys_virtual_register+0x34/0x78
wq_sysfs_init+0x1c/0x4c
do_one_initcall+0x50/0x1a8
kernel_init_freeable+0x230/0x2c8
kernel_init+0x10/0x100
ret_from_kernel_thread+0x14/0x1c
2. kobject_uevent_env() calls call_usermodehelper_exec() which executes
kernel_execve asynchronously.
3. Memory allocations in kernel_execve cause a page fault, bumping the
MM reference counter:
add_mm_counter_fast+0xb4/0xc0
handle_mm_fault+0x6e4/0xea0
__get_user_pages.part.78+0x190/0x37c
__get_user_pages_remote+0x128/0x360
get_arg_page+0x34/0xa0
copy_string_kernel+0x194/0x2a4
kernel_execve+0x11c/0x298
call_usermodehelper_exec_async+0x114/0x194
4. In case zero_pfn has not been initialized yet, zap_pte_range does
not decrement the MM_ANONPAGES RSS counter and the BUG message is
triggered shortly afterwards when __mmdrop checks the ref counters:
__mmdrop+0x98/0x1d0
free_bprm+0x44/0x118
kernel_execve+0x160/0x1d8
call_usermodehelper_exec_async+0x114/0x194
ret_from_kernel_thread+0x14/0x1c
To avoid races such as described above, initialize init_zero_pfn at
early_initcall level. Depending on the architecture, ZERO_PAGE is
either constant or gets initialized even earlier, at paging_init, so
there is no issue with initializing zero_pfn earlier.
Link: https://lkml.kernel.org/r/CALCv0x2YqOXEAy2Q=hafjhHCtTHVodChv1qpM=niAXOpqEbt7w@mail.gmail.com
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: stable@vger.kernel.org
Tested-by: 周琰杰 (Zhou Yanjie) <zhouyanjie@wanyeetech.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
3ccfc59f82 |
Merge 5.10.24 into android12-5.10-lts
Changes in 5.10.24
uapi: nfnetlink_cthelper.h: fix userspace compilation error
powerpc/perf: Fix handling of privilege level checks in perf interrupt context
powerpc/pseries: Don't enforce MSI affinity with kdump
ethernet: alx: fix order of calls on resume
crypto: mips/poly1305 - enable for all MIPS processors
ath9k: fix transmitting to stations in dynamic SMPS mode
net: Fix gro aggregation for udp encaps with zero csum
net: check if protocol extracted by virtio_net_hdr_set_proto is correct
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
net: l2tp: reduce log level of messages in receive path, add counter instead
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
can: flexcan: enable RX FIFO after FRZ/HALT valid
can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before entering Normal Mode
tcp: Fix sign comparison bug in getsockopt(TCP_ZEROCOPY_RECEIVE)
tcp: add sanity tests to TCP_QUEUE_SEQ
netfilter: nf_nat: undo erroneous tcp edemux lookup
netfilter: x_tables: gpf inside xt_find_revision()
net: always use icmp{,v6}_ndo_send from ndo_start_xmit
net: phy: fix save wrong speed and duplex problem if autoneg is on
selftests/bpf: Use the last page in test_snprintf_btf on s390
selftests/bpf: No need to drop the packet when there is no geneve opt
selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier
samples, bpf: Add missing munmap in xdpsock
libbpf: Clear map_info before each bpf_obj_get_info_by_fd
ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning.
ibmvnic: always store valid MAC address
mt76: dma: do not report truncated frames to mac80211
powerpc/603: Fix protection of user pages mapped with PROT_NONE
mount: fix mounting of detached mounts onto targets that reside on shared mounts
cifs: return proper error code in statfs(2)
Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
docs: networking: drop special stable handling
net: dsa: tag_rtl4_a: fix egress tags
sh_eth: fix TRSCER mask for SH771x
net: enetc: don't overwrite the RSS indirection table when initializing
net: enetc: take the MDIO lock only once per NAPI poll cycle
net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets
net: enetc: don't disable VLAN filtering in IFF_PROMISC mode
net: enetc: force the RGMII speed and duplex instead of operating in inband mode
net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr
net: enetc: keep RX ring consumer index in sync with hardware
net: ethernet: mtk-star-emac: fix wrong unmap in RX handling
net/mlx4_en: update moderation when config reset
net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
nexthop: Do not flush blackhole nexthops when loopback goes down
net: sched: avoid duplicates in classes dump
net: mscc: ocelot: properly reject destination IP keys in VCAP IS1
net: dsa: sja1105: fix SGMII PCS being forced to SPEED_UNKNOWN instead of SPEED_10
net: usb: qmi_wwan: allow qmimux add/del with master up
netdevsim: init u64 stats for 32bit hardware
cipso,calipso: resolve a number of problems with the DOI refcounts
net: stmmac: Fix VLAN filter delete timeout issue in Intel mGBE SGMII
stmmac: intel: Fixes clock registration error seen for multiple interfaces
net: lapbether: Remove netif_start_queue / netif_stop_queue
net: davicom: Fix regulator not turned off on failed probe
net: davicom: Fix regulator not turned off on driver removal
net: enetc: allow hardware timestamping on TX queues with tc-etf enabled
net: qrtr: fix error return code of qrtr_sendmsg()
s390/qeth: fix memory leak after failed TX Buffer allocation
r8169: fix r8168fp_adjust_ocp_cmd function
ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
tools/resolve_btfids: Fix build error with older host toolchains
perf build: Fix ccache usage in $(CC) when generating arch errno table
net: stmmac: stop each tx channel independently
net: stmmac: fix watchdog timeout during suspend/resume stress test
net: stmmac: fix wrongly set buffer2 valid when sph unsupport
ethtool: fix the check logic of at least one channel for RX/TX
net: phy: make mdio_bus_phy_suspend/resume as __maybe_unused
selftests: forwarding: Fix race condition in mirror installation
mlxsw: spectrum_ethtool: Add an external speed to PTYS register
perf traceevent: Ensure read cmdlines are null terminated.
perf report: Fix -F for branch & mem modes
net: hns3: fix query vlan mask value error for flow director
net: hns3: fix bug when calculating the TCAM table info
s390/cio: return -EFAULT if copy_to_user() fails again
bnxt_en: reliably allocate IRQ table on reset to avoid crash
gpiolib: acpi: Add ACPI_GPIO_QUIRK_ABSOLUTE_NUMBER quirk
gpiolib: acpi: Allow to find GpioInt() resource by name and index
gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2
gpio: fix gpio-device list corruption
drm/compat: Clear bounce structures
drm/amd/display: Add a backlight module option
drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp()
drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth()
drm/amd/pm: bug fix for pcie dpm
drm/amdgpu/display: simplify backlight setting
drm/amdgpu/display: don't assert in set backlight function
drm/amdgpu/display: handle aux backlight in backlight_get_brightness
drm/shmem-helper: Check for purged buffers in fault handler
drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
drm: Use USB controller's DMA mask when importing dmabufs
drm: meson_drv add shutdown function
drm/shmem-helpers: vunmap: Don't put pages for dma-buf
drm/i915: Wedge the GPU if command parser setup fails
s390/cio: return -EFAULT if copy_to_user() fails
s390/crypto: return -EFAULT if copy_to_user() fails
qxl: Fix uninitialised struct field head.surface_id
sh_eth: fix TRSCER mask for R7S9210
media: usbtv: Fix deadlock on suspend
media: rkisp1: params: fix wrong bits settings
media: v4l: vsp1: Fix uif null pointer access
media: v4l: vsp1: Fix bru null pointer access
media: rc: compile rc-cec.c into rc-core
cifs: fix credit accounting for extra channel
net: hns3: fix error mask definition of flow director
s390/qeth: don't replace a fully completed async TX buffer
s390/qeth: remove QETH_QDIO_BUF_HANDLED_DELAYED state
s390/qeth: improve completion of pending TX buffers
s390/qeth: fix notification for pending buffers during teardown
net: dsa: implement a central TX reallocation procedure
net: dsa: tag_ksz: don't allocate additional memory for padding/tagging
net: dsa: trailer: don't allocate additional memory for padding/tagging
net: dsa: tag_qca: let DSA core deal with TX reallocation
net: dsa: tag_ocelot: let DSA core deal with TX reallocation
net: dsa: tag_mtk: let DSA core deal with TX reallocation
net: dsa: tag_lan9303: let DSA core deal with TX reallocation
net: dsa: tag_edsa: let DSA core deal with TX reallocation
net: dsa: tag_brcm: let DSA core deal with TX reallocation
net: dsa: tag_dsa: let DSA core deal with TX reallocation
net: dsa: tag_gswip: let DSA core deal with TX reallocation
net: dsa: tag_ar9331: let DSA core deal with TX reallocation
net: dsa: tag_mtk: fix 802.1ad VLAN egress
enetc: Fix unused var build warning for CONFIG_OF
net: enetc: initialize RFS/RSS memories for unused ports too
ath11k: peer delete synchronization with firmware
ath11k: start vdev if a bss peer is already created
ath11k: fix AP mode for QCA6390
i2c: rcar: faster irq code to minimize HW race condition
i2c: rcar: optimize cacheline to minimize HW race condition
scsi: ufs: WB is only available on LUN #0 to #7
udf: fix silent AED tagLocation corruption
iommu/vt-d: Clear PRQ overflow only when PRQ is empty
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
mmc: mediatek: fix race condition between msdc_request_timeout and irq
mmc: sdhci-iproc: Add ACPI bindings for the RPi
Platform: OLPC: Fix probe error handling
powerpc/pci: Add ppc_md.discover_phbs()
spi: stm32: make spurious and overrun interrupts visible
powerpc: improve handling of unrecoverable system reset
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
HID: logitech-dj: add support for the new lightspeed connection iteration
powerpc/64: Fix stack trace not displaying final frame
iommu/amd: Fix performance counter initialization
clk: qcom: gdsc: Implement NO_RET_PERIPH flag
sparc32: Limit memblock allocation to low memory
sparc64: Use arch_validate_flags() to validate ADI flag
Input: applespi - don't wait for responses to commands indefinitely.
PCI: xgene-msi: Fix race in installing chained irq handler
PCI: mediatek: Add missing of_node_put() to fix reference leak
drivers/base: build kunit tests without structleak plugin
PCI/LINK: Remove bandwidth notification
ext4: don't try to processed freed blocks until mballoc is initialized
kbuild: clamp SUBLEVEL to 255
PCI: Fix pci_register_io_range() memory leak
i40e: Fix memory leak in i40e_probe
kasan: fix memory corruption in kasan_bitops_tags test
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
drivers/base/memory: don't store phys_device in memory blocks
sysctl.c: fix underflow value setting risk in vm_table
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
scsi: target: core: Add cmd length set before cmd complete
scsi: target: core: Prevent underflow for service actions
clk: qcom: gpucc-msm8998: Add resets, cxc, fix flags on gpu_gx_gdsc
mmc: sdhci: Update firmware interface API
ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler
ARM: assembler: introduce adr_l, ldr_l and str_l macros
ARM: efistub: replace adrl pseudo-op with adr_l macro invocation
ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
ALSA: hda/hdmi: Cancel pending works before suspend
ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5
ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support
ALSA: hda: Drop the BATCH workaround for AMD controllers
ALSA: hda: Flush pending unsolicited events before suspend
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
ALSA: usb-audio: Apply the control quirk to Plantronics headsets
ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend()
ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
ALSA: usb-audio: fix use after free in usb_audio_disconnect
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
block: Discard page cache of zone reset target range
block: Try to handle busy underlying device on discard
arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
arm64: mte: Map hotplugged memory as Normal Tagged
arm64: perf: Fix 64-bit event counter read truncation
s390/dasd: fix hanging DASD driver unbind
s390/dasd: fix hanging IO request during DASD driver unbind
software node: Fix node registration
xen/events: reset affinity of 2-level event when tearing it down
mmc: mmci: Add MMC_CAP_NEED_RSP_BUSY for the stm32 variants
mmc: core: Fix partition switch time for eMMC
mmc: cqhci: Fix random crash when remove mmc module/card
cifs: do not send close in compound create+close requests
Goodix Fingerprint device is not a modem
USB: gadget: udc: s3c2410_udc: fix return value check in s3c2410_udc_probe()
USB: gadget: u_ether: Fix a configfs return code
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
usb: gadget: f_uac1: stop playback on function disable
usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
usb: dwc3: qcom: add URS Host support for sdm845 ACPI boot
usb: dwc3: qcom: add ACPI device id for sc8180x
usb: dwc3: qcom: Honor wakeup enabled/disabled state
USB: usblp: fix a hang in poll() if disconnected
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
usb: xhci: do not perform Soft Retry for some xHCI hosts
xhci: Improve detection of device initiated wake signal.
usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state
USB: serial: io_edgeport: fix memory leak in edge_startup
USB: serial: ch341: add new Product ID
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: cp210x: add some more GE USB IDs
usbip: fix stub_dev to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix vudc to check for stream socket
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vhci_hcd attach_store() races leading to gpf
usbip: fix vudc usbip_sockfd_store races leading to gpf
Revert "serial: max310x: rework RX interrupt handling"
misc/pvpanic: Export module FDT device table
misc: fastrpc: restrict user apps from sending kernel RPC messages
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: pcl818: Fix endian problem for AI command data
sh_eth: fix TRSCER mask for R7S72100
cpufreq: qcom-hw: fix dereferencing freed memory 'data'
cpufreq: qcom-hw: Fix return value check in qcom_cpufreq_hw_cpu_init()
arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
SUNRPC: Set memalloc_nofs_save() for sync tasks
NFS: Don't revalidate the directory permissions on a lookup failure
NFS: Don't gratuitously clear the inode cache when lookup failed
NFSv4.2: fix return value of _nfs4_get_security_label()
block: rsxx: fix error return code of rsxx_pci_probe()
nvme-fc: fix racing controller reset and create association
configfs: fix a use-after-free in __configfs_open_file
arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
perf/core: Flush PMU internal buffers for per-CPU events
perf/x86/intel: Set PERF_ATTACH_SCHED_CB for large PEBS and LBR
hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event()
powerpc/64s/exception: Clean up a missed SRR specifier
seqlock,lockdep: Fix seqcount_latch_init()
stop_machine: mark helpers __always_inline
include/linux/sched/mm.h: use rcu_dereference in in_vfork()
zram: fix return value on writeback_store
linux/compiler-clang.h: define HAVE_BUILTIN_BSWAP*
sched/membarrier: fix missing local execution of ipi_sync_rq_state()
efi: stub: omit SetVirtualAddressMap() if marked unsupported in RT_PROP table
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
powerpc: Fix inverted SET_FULL_REGS bitop
powerpc: Fix missing declaration of [en/dis]able_kernel_vsx()
binfmt_misc: fix possible deadlock in bm_register_write
x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
x86/sev-es: Introduce ip_within_syscall_gap() helper
x86/sev-es: Check regs->sp is trusted before adjusting #VC IST stack
x86/entry: Move nmi entry/exit into common code
x86/sev-es: Correctly track IRQ states in runtime #VC handler
x86/sev-es: Use __copy_from_user_inatomic()
x86/entry: Fix entry/exit mismatch on failed fast 32-bit syscalls
KVM: x86: Ensure deadline timer has truly expired before posting its IRQ
KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged
KVM: arm64: Fix range alignment when walking page tables
KVM: arm64: Avoid corrupting vCPU context register in guest exit
KVM: arm64: nvhe: Save the SPE context early
KVM: arm64: Reject VM creation when the default IPA size is unsupported
KVM: arm64: Fix exclusive limit for IPA size
mm/userfaultfd: fix memory corruption due to writeprotect
mm/madvise: replace ptrace attach requirement for process_madvise
KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
mm/page_alloc.c: refactor initialization of struct page for holes in memory layout
xen/events: don't unmask an event channel when an eoi is pending
xen/events: avoid handling the same event on two cpus at the same time
KVM: arm64: Fix nVHE hyp panic host context restore
RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size
Linux 5.10.24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie53a3c1963066a18d41357b6be41cff00690bd40
|
||
|
Nadav Amit
|
2aaa79f694 |
mm/userfaultfd: fix memory corruption due to writeprotect
commit 6ce64428d62026a10cb5d80138ff2f90cc21d367 upstream. Userfaultfd self-test fails occasionally, indicating a memory corruption. Analyzing this problem indicates that there is a real bug since mmap_lock is only taken for read in mwriteprotect_range() and defers flushes, and since there is insufficient consideration of concurrent deferred TLB flushes in wp_page_copy(). Although the PTE is flushed from the TLBs in wp_page_copy(), this flush takes place after the copy has already been performed, and therefore changes of the page are possible between the time of the copy and the time in which the PTE is flushed. To make matters worse, memory-unprotection using userfaultfd also poses a problem. Although memory unprotection is logically a promotion of PTE permissions, and therefore should not require a TLB flush, the current userrfaultfd code might actually cause a demotion of the architectural PTE permission: when userfaultfd_writeprotect() unprotects memory region, it unintentionally *clears* the RW-bit if it was already set. Note that this unprotecting a PTE that is not write-protected is a valid use-case: the userfaultfd monitor might ask to unprotect a region that holds both write-protected and write-unprotected PTEs. The scenario that happens in selftests/vm/userfaultfd is as follows: cpu0 cpu1 cpu2 ---- ---- ---- [ Writable PTE cached in TLB ] userfaultfd_writeprotect() [ write-*unprotect* ] mwriteprotect_range() mmap_read_lock() change_protection() change_protection_range() ... change_pte_range() [ *clear* “write”-bit ] [ defer TLB flushes ] [ page-fault ] ... wp_page_copy() cow_user_page() [ copy page ] [ write to old page ] ... set_pte_at_notify() A similar scenario can happen: cpu0 cpu1 cpu2 cpu3 ---- ---- ---- ---- [ Writable PTE cached in TLB ] userfaultfd_writeprotect() [ write-protect ] [ deferred TLB flush ] userfaultfd_writeprotect() [ write-unprotect ] [ deferred TLB flush] [ page-fault ] wp_page_copy() cow_user_page() [ copy page ] ... [ write to page ] set_pte_at_notify() This race exists since commit |
||
|
Greg Kroah-Hartman
|
d8c7f0a3cd |
Merge 5.10.20 into android12-5.10
Changes in 5.10.20 vmlinux.lds.h: add DWARF v5 sections vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() debugfs: be more robust at handling improper input in debugfs_lookup() debugfs: do not attempt to create a new file before the filesystem is initalized scsi: libsas: docs: Remove notify_ha_event() scsi: qla2xxx: Fix mailbox Ch erroneous error kdb: Make memory allocations more robust w1: w1_therm: Fix conversion result for negative temperatures PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 PCI: Decline to resize resources if boot config must be preserved virt: vbox: Do not use wait_event_interruptible when called from kernel context bfq: Avoid false bfq queue merging ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section vmlinux.lds.h: Define SANTIZER_DISCARDS with CONFIG_GCOV_KERNEL=y random: fix the RNDRESEEDCRNG ioctl ALSA: pcm: Call sync_stop at disconnection ALSA: pcm: Assure sync with the pending stop operation at suspend ALSA: pcm: Don't call sync_stop if it hasn't been stopped drm/i915/gt: One more flush for Baytrail clear residuals ath10k: Fix error handling in case of CE pipe init failure Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function Bluetooth: hci_uart: Fix a race for write_work scheduling Bluetooth: Fix initializing response id after clearing struct arm64: dts: renesas: beacon kit: Fix choppy Bluetooth Audio arm64: dts: renesas: beacon: Fix audio-1.8V pin enable ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 ARM: dts: exynos: correct PMIC interrupt trigger level on Monk ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato ARM: dts: exynos: correct PMIC interrupt trigger level on Spring ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family arm64: dts: exynos: correct PMIC interrupt trigger level on TM2 arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops Bluetooth: hci_qca: Fix memleak in qca_controller_memdump staging: vchiq: Fix bulk userdata handling staging: vchiq: Fix bulk transfers on 64-bit builds arm64: dts: qcom: msm8916-samsung-a5u: Fix iris compatible net: stmmac: dwmac-meson8b: fix enabling the timing-adjustment clock bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args firmware: arm_scmi: Fix call site of scmi_notification_exit arm64: dts: allwinner: A64: properly connect USB PHY to port 0 arm64: dts: allwinner: H6: properly connect USB PHY to port 0 arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card arm64: dts: allwinner: H6: Allow up to 150 MHz MMC bus frequency arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz arm64: dts: qcom: msm8916-samsung-a2015: Fix sensors cpufreq: brcmstb-avs-cpufreq: Free resources in error path cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() arm64: dts: rockchip: rk3328: Add clock_in_out property to gmac2phy node ACPICA: Fix exception code class checks usb: gadget: u_audio: Free requests only after callback arm64: dts: qcom: sdm845-db845c: Fix reset-pin of ov8856 node soc: qcom: socinfo: Fix an off by one in qcom_show_pmic_model() soc: ti: pm33xx: Fix some resource leak in the error handling paths of the probe function staging: media: atomisp: Fix size_t format specifier in hmm_alloc() debug statemenet Bluetooth: drop HCI device reference before return Bluetooth: Put HCI device if inquiry procedure interrupts memory: ti-aemif: Drop child node when jumping out loop ARM: dts: Configure missing thermal interrupt for 4430 usb: dwc2: Do not update data length if it is 0 on inbound transfers usb: dwc2: Abort transaction after errors with unknown reason usb: dwc2: Make "trimming xfer length" a debug message staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules x86/MSR: Filter MSR writes through X86_IOC_WRMSR_REGS ioctl too arm64: dts: renesas: beacon: Fix EEPROM compatible value can: mcp251xfd: mcp251xfd_probe(): fix errata reference ARM: dts: armada388-helios4: assign pinctrl to LEDs ARM: dts: armada388-helios4: assign pinctrl to each fan arm64: dts: armada-3720-turris-mox: rename u-boot mtd partition to a53-firmware opp: Correct debug message in _opp_add_static_v2() Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv soc: qcom: ocmem: don't return NULL in of_get_ocmem arm64: dts: msm8916: Fix reserved and rfsa nodes unit address arm64: dts: meson: fix broken wifi node for Khadas VIM3L iwlwifi: mvm: set enabled in the PPAG command properly ARM: s3c: fix fiq for clang IAS optee: simplify i2c access staging: wfx: fix possible panic with re-queued frames ARM: at91: use proper asm syntax in pm_suspend ath10k: Fix suspicious RCU usage warning in ath10k_wmi_tlv_parse_peer_stats_info() ath10k: Fix lockdep assertion warning in ath10k_sta_statistics ath11k: fix a locking bug in ath11k_mac_op_start() soc: aspeed: snoop: Add clock control logic iwlwifi: mvm: fix the type we use in the PPAG table validity checks iwlwifi: mvm: store PPAG enabled/disabled flag properly iwlwifi: mvm: send stored PPAG command instead of local iwlwifi: mvm: assign SAR table revision to the command later iwlwifi: mvm: don't check if CSA event is running before removing bpf_lru_list: Read double-checked variable once without lock iwlwifi: pnvm: set the PNVM again if it was already loaded iwlwifi: pnvm: increment the pointer before checking the TLV ath9k: fix data bus crash when setting nf_override via debugfs selftests/bpf: Convert test_xdp_redirect.sh to bash ibmvnic: Set to CLOSED state even on error bnxt_en: reverse order of TX disable and carrier off bnxt_en: Fix devlink info's stored fw.psid version format. xen/netback: fix spurious event detection for common event case dpaa2-eth: fix memory leak in XDP_REDIRECT net: phy: consider that suspend2ram may cut off PHY power net/mlx5e: Don't change interrupt moderation params when DIM is enabled net/mlx5e: Change interrupt moderation channel params also when channels are closed net/mlx5: Fix health error state handling net/mlx5e: Replace synchronize_rcu with synchronize_net net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context net/mlx5: Disable devlink reload for multi port slave device net/mlx5: Disallow RoCE on multi port slave device net/mlx5: Disallow RoCE on lag device net/mlx5: Disable devlink reload for lag devices net/mlx5e: CT: manage the lifetime of the ct entry object net/mlx5e: Check tunnel offload is required before setting SWP mac80211: fix potential overflow when multiplying to u32 integers libbpf: Ignore non function pointer member in struct_ops bpf: Fix an unitialized value in bpf_iter bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx selftests: mptcp: fix ACKRX debug message tcp: fix SO_RCVLOWAT related hangs under mem pressure net: axienet: Handle deferred probe on clock properly cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds b43: N-PHY: Fix the update of coef for the PHY revision >= 3case bpf: Clear subreg_def for global function return values ibmvnic: add memory barrier to protect long term buffer ibmvnic: skip send_request_unmap for timeout reset net: dsa: felix: perform teardown in reverse order of setup net: dsa: felix: don't deinitialize unused ports net: phy: mscc: adding LCPLL reset to VSC8514 net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning net: amd-xgbe: Reset link when the link never comes back net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP net: mvneta: Remove per-cpu queue mapping for Armada 3700 net: enetc: fix destroyed phylink dereference during unbind tty: convert tty_ldisc_ops 'read()' function to take a kernel pointer tty: implement read_iter fbdev: aty: SPARC64 requires FB_ATY_CT drm/gma500: Fix error return code in psb_driver_load() gma500: clean up error handling in init drm/fb-helper: Add missed unlocks in setcmap_legacy() drm/panel: mantix: Tweak init sequence drm/vc4: hdmi: Take into account the clock doubling flag in atomic_check crypto: sun4i-ss - linearize buffers content must be kept crypto: sun4i-ss - fix kmap usage crypto: arm64/aes-ce - really hide slower algos when faster ones are enabled hwrng: ingenic - Fix a resource leak in an error handling path media: allegro: Fix use after free on error kcsan: Rewrite kcsan_prandom_u32_max() without prandom_u32_state() drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() drm: rcar-du: Fix crash when using LVDS1 clock for CRTC drm: rcar-du: Fix the return check of of_parse_phandle and of_find_device_by_node drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition MIPS: c-r4k: Fix section mismatch for loongson2_sc_init MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 drm/virtio: make sure context is created in gem open drm/fourcc: fix Amlogic format modifier masks media: ipu3-cio2: Build only for x86 media: i2c: ov5670: Fix PIXEL_RATE minimum value media: imx: Unregister csc/scaler only if registered media: imx: Fix csc/scaler unregister media: mtk-vcodec: fix error return code in vdec_vp9_decode() media: camss: missing error code in msm_video_register() media: vsp1: Fix an error handling path in the probe function media: em28xx: Fix use-after-free in em28xx_alloc_urbs media: media/pci: Fix memleak in empress_init media: tm6000: Fix memleak in tm6000_start_stream media: aspeed: fix error return code in aspeed_video_setup_video() ASoC: cs42l56: fix up error handling in probe ASoC: qcom: qdsp6: Move frontend AIFs to q6asm-dai evm: Fix memleak in init_desc crypto: bcm - Rename struct device_private to bcm_device_private sched/fair: Avoid stale CPU util_est value for schedutil in task dequeue drm/sun4i: tcon: fix inverted DCLK polarity media: imx7: csi: Fix regression for parallel cameras on i.MX6UL media: imx7: csi: Fix pad link validation media: ti-vpe: cal: fix write to unallocated memory MIPS: properly stop .eh_frame generation MIPS: Compare __SYNC_loongson3_war against 0 drm/tegra: Fix reference leak when pm_runtime_get_sync() fails drm/amdgpu: toggle on DF Cstate after finishing xgmi injection bsg: free the request before return error code macintosh/adb-iop: Use big-endian autopoll mask drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction. drm/amd/display: Fix HDMI deep color output for DCE 6-11. media: software_node: Fix refcounts in software_node_get_next_child() media: lmedm04: Fix misuse of comma media: vidtv: psi: fix missing crc for PMT media: atomisp: Fix a buffer overflow in debug code media: qm1d1c0042: fix error return code in qm1d1c0042_init() media: cx25821: Fix a bug when reallocating some dma memory media: mtk-vcodec: fix argument used when DEBUG is defined media: pxa_camera: declare variable when DEBUG is defined media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values sched/eas: Don't update misfit status if the task is pinned f2fs: compress: fix potential deadlock ASoC: qcom: lpass-cpu: Remove bit clock state check ASoC: SOF: Intel: hda: cancel D0i3 work during runtime suspend perf/arm-cmn: Fix PMU instance naming perf/arm-cmn: Move IRQs when migrating context mtd: parser: imagetag: fix error codes in bcm963xx_parse_imagetag_partitions() crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) crypto: talitos - Fix ctr(aes) on SEC1 drm/nouveau: bail out of nouveau_channel_new if channel init fails mm: proc: Invalidate TLB after clearing soft-dirty page state ata: ahci_brcm: Add back regulators management ASoC: cpcap: fix microphone timeslot mask ASoC: codecs: add missing max_register in regmap config mtd: parsers: afs: Fix freeing the part name memory in failure f2fs: fix to avoid inconsistent quota data drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() f2fs: fix a wrong condition in __submit_bio ASoC: qcom: Fix typo error in HDMI regmap config callbacks KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs drm/mediatek: Check if fb is null Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A5E ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A3E locking/lockdep: Avoid unmatched unlock ASoC: qcom: lpass: Fix i2s ctl register bit map ASoC: rt5682: Fix panic in rt5682_jack_detect_handler happening during system shutdown ASoC: SOF: debug: Fix a potential issue on string buffer termination btrfs: clarify error returns values in __load_free_space_cache btrfs: fix double accounting of ordered extent for subpage case in btrfs_invalidapge KVM: x86: Restore all 64 bits of DR6 and DR7 during RSM on x86-64 s390/zcrypt: return EIO when msg retry limit reached drm/vc4: hdmi: Move hdmi reset to bind drm/vc4: hdmi: Fix register offset with longer CEC messages drm/vc4: hdmi: Fix up CEC registers drm/vc4: hdmi: Restore cec physical address on reconnect drm/vc4: hdmi: Compute the CEC clock divider from the clock rate drm/vc4: hdmi: Update the CEC clock divider on HSM rate change drm/lima: fix reference leak in lima_pm_busy drm/dp_mst: Don't cache EDIDs for physical ports hwrng: timeriomem - Fix cooldown period calculation crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() io_uring: fix possible deadlock in io_uring_poll nvmet-tcp: fix receive data digest calculation for multiple h2cdata PDUs nvmet-tcp: fix potential race of tcp socket closing accept_work nvme-multipath: set nr_zones for zoned namespaces nvmet: remove extra variable in identify ns nvmet: set status to 0 in case for invalid nsid ASoC: SOF: sof-pci-dev: add missing Up-Extreme quirk ima: Free IMA measurement buffer on error ima: Free IMA measurement buffer after kexec syscall ASoC: simple-card-utils: Fix device module clock fs/jfs: fix potential integer overflow on shift of a int jffs2: fix use after free in jffs2_sum_write_data() ubifs: Fix memleak in ubifs_init_authentication ubifs: replay: Fix high stack usage, again ubifs: Fix error return code in alloc_wbufs() irqchip/imx: IMX_INTMUX should not default to y, unconditionally smp: Process pending softirqs in flush_smp_call_function_from_idle() drm/amdgpu/display: remove hdcp_srm sysfs on device removal capabilities: Don't allow writing ambiguous v3 file capabilities HSI: Fix PM usage counter unbalance in ssi_hw_init power: supply: cpcap: Add missing IRQF_ONESHOT to fix regression clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL clk: meson: clk-pll: make "ret" a signed integer clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() selftests/powerpc: Make the test check in eeh-basic.sh posix compliant regulator: qcom-rpmh-regulator: add pm8009-1 chip revision arm64: dts: qcom: qrb5165-rb5: fix pm8009 regulators quota: Fix memory leak when handling corrupted quota file i2c: iproc: handle only slave interrupts which are enabled i2c: iproc: update slave isr mask (ISR_MASK_SLAVE) i2c: iproc: handle master read request spi: cadence-quadspi: Abort read if dummy cycles required are too many clk: sunxi-ng: h6: Fix CEC clock clk: renesas: r8a779a0: Remove non-existent S2 clock clk: renesas: r8a779a0: Fix parent of CBFUSA clock HID: core: detect and skip invalid inputs to snto32() RDMA/siw: Fix handling of zero-sized Read and Receive Queues. dmaengine: fsldma: Fix a resource leak in the remove function dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function dmaengine: owl-dma: Fix a resource leak in the remove function dmaengine: hsu: disable spurious interrupt mfd: bd9571mwv: Use devm_mfd_add_devices() power: supply: cpcap-charger: Fix missing power_supply_put() power: supply: cpcap-battery: Fix missing power_supply_put() power: supply: cpcap-charger: Fix power_supply_put on null battery pointer fdt: Properly handle "no-map" field in the memory region of/fdt: Make sure no-map does not remove already reserved regions RDMA/rtrs: Extend ibtrs_cq_qp_create RDMA/rtrs-srv: Release lock before call into close_sess RDMA/rtrs-srv: Use sysfs_remove_file_self for disconnect RDMA/rtrs-clt: Set mininum limit when create QP RDMA/rtrs: Call kobject_put in the failure path RDMA/rtrs-srv: Fix missing wr_cqe RDMA/rtrs-clt: Refactor the failure cases in alloc_clt RDMA/rtrs-srv: Init wr_cnt as 1 power: reset: at91-sama5d2_shdwc: fix wkupdbc mask rtc: s5m: select REGMAP_I2C dmaengine: idxd: set DMA channel to be private power: supply: fix sbs-charger build, needs REGMAP_I2C clocksource/drivers/ixp4xx: Select TIMER_OF when needed clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined spi: imx: Don't print error on -EPROBEDEFER RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex clk: sunxi-ng: h6: Fix clock divider range on some clocks platform/chrome: cros_ec_proto: Use EC_HOST_EVENT_MASK not BIT platform/chrome: cros_ec_proto: Add LID and BATTERY to default mask regulator: axp20x: Fix reference cout leak watch_queue: Drop references to /dev/watch_queue certs: Fix blacklist flag type confusion regulator: s5m8767: Fix reference count leak spi: atmel: Put allocated master before return regulator: s5m8767: Drop regulators OF node reference power: supply: axp20x_usb_power: Init work before enabling IRQs power: supply: smb347-charger: Fix interrupt usage if interrupt is unavailable regulator: core: Avoid debugfs: Directory ... already present! error isofs: release buffer head before return watchdog: intel-mid_wdt: Postpone IRQ handler registration till SCU is ready auxdisplay: ht16k33: Fix refresh rate handling objtool: Fix error handling for STD/CLD warnings objtool: Fix retpoline detection in asm code objtool: Fix ".cold" section suffix check for newer versions of GCC scsi: lpfc: Fix ancient double free iommu: Switch gather->end to the inclusive end IB/umad: Return EIO in case of when device disassociated IB/umad: Return EPOLLERR in case of when device disassociated KVM: PPC: Make the VMX instruction emulation routines static powerpc/47x: Disable 256k page size powerpc/time: Enable sched clock for irqtime mmc: owl-mmc: Fix a resource leak in an error handling path and in the remove function mmc: sdhci-sprd: Fix some resource leaks in the remove function mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct amba: Fix resource leak for drivers without .remove iommu: Move iotlb_sync_map out from __iommu_map iommu: Properly pass gfp_t in _iommu_map() to avoid atomic sleeping IB/mlx5: Return appropriate error code instead of ENOMEM IB/cm: Avoid a loop when device has 255 ports tracepoint: Do not fail unregistering a probe due to memory failure rtc: zynqmp: depend on HAS_IOMEM perf tools: Fix DSO filtering when not finding a map for a sampled address perf vendor events arm64: Fix Ampere eMag event typo RDMA/rxe: Fix coding error in rxe_recv.c RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt RDMA/rxe: Correct skb on loopback path spi: stm32: properly handle 0 byte transfer mfd: altera-sysmgr: Fix physical address storing more mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() powerpc/pseries/dlpar: handle ibm, configure-connector delay status powerpc/8xx: Fix software emulation interrupt clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs kunit: tool: fix unit test cleanup handling kselftests: dmabuf-heaps: Fix Makefile's inclusion of the kernel's usr/include dir RDMA/hns: Fixed wrong judgments in the goto branch RDMA/siw: Fix calculation of tx_valid_cpus size RDMA/hns: Fix type of sq_signal_bits RDMA/hns: Disable RQ inline by default clk: divider: fix initialization with parent_hw spi: pxa2xx: Fix the controller numbering for Wildcat Point powerpc/uaccess: Avoid might_fault() when user access is enabled powerpc/kuap: Restore AMR after replaying soft interrupts regulator: qcom-rpmh: fix pm8009 ldo7 clk: aspeed: Fix APLL calculate formula from ast2600-A2 selftests/ftrace: Update synthetic event syntax errors perf symbols: Use (long) for iterator for bfd symbols regulator: bd718x7, bd71828, Fix dvs voltage levels spi: dw: Avoid stack content exposure spi: Skip zero-length transfers in spi_transfer_one_message() printk: avoid prb_first_valid_seq() where possible perf symbols: Fix return value when loading PE DSO nfsd: register pernet ops last, unregister first svcrdma: Hold private mutex while invoking rdma_accept() ceph: fix flush_snap logic after putting caps RDMA/hns: Fixes missing error code of CMDQ RDMA/ucma: Fix use-after-free bug in ucma_create_uevent RDMA/rtrs-srv: Fix stack-out-of-bounds RDMA/rtrs: Only allow addition of path to an already established session RDMA/rtrs-srv: fix memory leak by missing kobject free RDMA/rtrs-srv-sysfs: fix missing put_device RDMA/rtrs-srv: Do not pass a valid pointer to PTR_ERR() Input: sur40 - fix an error code in sur40_probe() perf record: Fix continue profiling after draining the buffer perf intel-pt: Fix missing CYC processing in PSB perf intel-pt: Fix premature IPC perf intel-pt: Fix IPC with CYC threshold perf test: Fix unaligned access in sample parsing test Input: elo - fix an error code in elo_connect() sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set sparc: fix led.c driver when PROC_FS is not enabled Input: zinitix - fix return type of zinitix_init_touch() ARM: 9065/1: OABI compat: fix build when EPOLL is not enabled misc: eeprom_93xx46: Fix module alias to enable module autoprobe phy: rockchip-emmc: emmc_phy_init() always return 0 phy: cadence-torrent: Fix error code in cdns_torrent_phy_probe() misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users PCI: rcar: Always allocate MSI addresses in 32bit space soundwire: cadence: fix ACK/NAK handling pwm: rockchip: Enable APB clock during register access while probing pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() pwm: rockchip: Eliminate potential race condition when probing PCI: xilinx-cpm: Fix reference count leak on error path VMCI: Use set_page_dirty_lock() when unregistering guest memory PCI: Align checking of syscall user config accessors mei: hbm: call mei_set_devstate() on hbm stop response drm/msm: Fix MSM_INFO_GET_IOVA with carveout drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) drm/msm/mdp5: Fix wait-for-commit for cmd panels drm/msm: Fix race of GPU init vs timestamp power management. drm/msm: Fix races managing the OOB state for timestamp vs timestamps. drm/msm/dp: trigger unplug event in msm_dp_display_disable vfio/iommu_type1: Populate full dirty when detach non-pinned group vfio/iommu_type1: Fix some sanity checks in detach group vfio-pci/zdev: fix possible segmentation fault issue ext4: fix potential htree index checksum corruption phy: USB_LGM_PHY should depend on X86 coresight: etm4x: Skip accessing TRCPDCR in save/restore nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of() nvmem: core: skip child nodes not matching binding soundwire: bus: use sdw_update_no_pm when initializing a device soundwire: bus: use sdw_write_no_pm when setting the bus scale registers soundwire: export sdw_write/read_no_pm functions soundwire: bus: fix confusion on device used by pm_runtime misc: fastrpc: fix incorrect usage of dma_map_sgtable remoteproc/mediatek: acknowledge watchdog IRQ after handled regmap: sdw: use _no_pm functions in regmap_read/write ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL device-dax: Fix default return code of range_parse() PCI: pci-bridge-emul: Fix array overruns, improve safety PCI: cadence: Fix DMA range mapping early return error i40e: Fix flow for IPv6 next header (extension header) i40e: Add zero-initialization of AQ command structures i40e: Fix overwriting flow control settings during driver loading i40e: Fix addition of RX filters after enabling FW LLDP agent i40e: Fix VFs not created Take mmap lock in cacheflush syscall nios2: fixed broken sys_clone syscall i40e: Fix add TC filter for IPv6 octeontx2-af: Fix an off by one in rvu_dbg_qsize_write() pwm: iqs620a: Fix overflow and optimize calculations vfio/type1: Use follow_pte() ice: report correct max number of TCs ice: Account for port VLAN in VF max packet size calculation ice: Fix state bits on LLDP mode switch ice: update the number of available RSS queues net: stmmac: fix CBS idleslope and sendslope calculation net/mlx4_core: Add missed mlx4_free_cmd_mailbox() PCI: rockchip: Make 'ep-gpios' DT property optional vxlan: move debug check after netdev unregister wireguard: device: do not generate ICMP for non-IP packets wireguard: kconfig: use arm chacha even with no neon ocfs2: fix a use after free on error mm: memcontrol: fix NR_ANON_THPS accounting in charge moving mm: memcontrol: fix slub memory accounting mm/memory.c: fix potential pte_unmap_unlock pte error mm/hugetlb: fix potential double free in hugetlb_register_node() error path mm/hugetlb: suppress wrong warning info when alloc gigantic page mm/compaction: fix misbehaviors of fast_find_migrateblock() r8169: fix jumbo packet handling on RTL8168e NFSv4: Fixes for nfs4_bitmask_adjust() KVM: SVM: Intercept INVPCID when it's disabled to inject #UD KVM: x86/mmu: Expand collapsible SPTE zap for TDP MMU to ZONE_DEVICE and HugeTLB pages arm64: Add missing ISB after invalidating TLB in __primary_switch i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition i2c: exynos5: Preserve high speed master code mm,thp,shmem: make khugepaged obey tmpfs mount flags mm: fix memory_failure() handling of dax-namespace metadata mm/rmap: fix potential pte_unmap on an not mapped pte proc: use kvzalloc for our kernel buffer csky: Fix a size determination in gpr_get() scsi: bnx2fc: Fix Kconfig warning & CNIC build errors scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc block: reopen the device in blkdev_reread_part ide/falconide: Fix module unload scsi: sd: Fix Opal support blk-settings: align max_sectors on "logical_block_size" boundary soundwire: intel: fix possible crash when no device is detected ACPI: property: Fix fwnode string properties matching ACPI: configfs: add missing check after configfs_register_default_group() cpufreq: ACPI: Set cpuinfo.max_freq directly if max boost is known HID: logitech-dj: add support for keyboard events in eQUAD step 4 Gaming HID: wacom: Ignore attempts to overwrite the touch_max value from HID Input: raydium_ts_i2c - do not send zero length Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Input: joydev - prevent potential read overflow in ioctl Input: i8042 - add ASUS Zenbook Flip to noselftest list media: mceusb: Fix potential out-of-bounds shift USB: serial: option: update interface mapping for ZTE P685M usb: musb: Fix runtime PM race in musb_queue_resume_work usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt USB: serial: ftdi_sio: fix FTX sub-integer prescaler USB: serial: pl2303: fix line-speed handling on newer chips USB: serial: mos7840: fix error code in mos7840_write() USB: serial: mos7720: fix error code in mos7720_write() phy: lantiq: rcu-usb2: wait after clock enable ALSA: fireface: fix to parse sync status register of latter protocol ALSA: hda: Add another CometLake-H PCI ID ALSA: hda/hdmi: Drop bogus check at closing a stream ALSA: hda/realtek: modify EAPD in the ALC886 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup MIPS: Ingenic: Disable HPTLB for D0 XBurst CPUs too MIPS: Support binutils configured with --enable-mips-fix-loongson3-llsc=yes MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target=' Revert "MIPS: Octeon: Remove special handling of CONFIG_MIPS_ELF_APPENDED_DTB=y" Revert "bcache: Kill btree_io_wq" bcache: Give btree_io_wq correct semantics again bcache: Move journal work to new flush wq Revert "drm/amd/display: Update NV1x SR latency values" drm/amd/display: Add FPU wrappers to dcn21_validate_bandwidth() drm/amd/display: Remove Assert from dcn10_get_dig_frontend drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1 drm/amdkfd: Fix recursive lock warnings drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2) drm/nouveau/kms: handle mDP connectors drm/modes: Switch to 64bit maths to avoid integer overflow drm/sched: Cancel and flush all outstanding jobs before finish. drm/panel: kd35t133: allow using non-continuous dsi clock drm/rockchip: Require the YTR modifier for AFBC ASoC: siu: Fix build error by a wrong const prefix selinux: fix inconsistency between inode_getxattr and inode_listsecurity erofs: initialized fields can only be observed after bit is set tpm_tis: Fix check_locality for correct locality acquisition tpm_tis: Clean up locality release KEYS: trusted: Fix incorrect handling of tpm_get_random() KEYS: trusted: Fix migratable=1 failing KEYS: trusted: Reserve TPM for seal and unseal operations btrfs: do not cleanup upper nodes in btrfs_backref_cleanup_node btrfs: do not warn if we can't find the reloc root when looking up backref btrfs: add asserts for deleting backref cache nodes btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root btrfs: fix reloc root leak with 0 ref reloc roots on recovery btrfs: splice remaining dirty_bg's onto the transaction dirty bg list btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself btrfs: account for new extents being deleted in total_bytes_pinned btrfs: fix extent buffer leak on failure to copy root drm/i915/gt: Flush before changing register state drm/i915/gt: Correct surface base address for renderclear crypto: arm64/sha - add missing module aliases crypto: aesni - prevent misaligned buffers on the stack crypto: michael_mic - fix broken misalignment handling crypto: sun4i-ss - checking sg length is not sufficient crypto: sun4i-ss - IV register does not work on A10 and A13 crypto: sun4i-ss - handle BigEndian for cipher crypto: sun4i-ss - initialize need_fallback soc: samsung: exynos-asv: don't defer early on not-supported SoCs soc: samsung: exynos-asv: handle reading revision register error seccomp: Add missing return in non-void function arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) misc: rtsx: init of rts522a add OCP power off when no card is present drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue pstore: Fix typo in compression option name dts64: mt7622: fix slow sd card access arm64: dts: agilex: fix phy interface bit shift for gmac1 and gmac2 staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c staging: gdm724x: Fix DMA from stack staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table floppy: reintroduce O_NDELAY fix media: i2c: max9286: fix access to unallocated memory media: ir_toy: add another IR Droid device media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() media: marvell-ccic: power up the device on mclk enable media: smipcie: fix interrupt handling and IR timeout x86/virt: Eat faults on VMXOFF in reboot flows x86/reboot: Force all cpus to exit VMX root if VMX is supported x86/fault: Fix AMD erratum #91 errata fixup for user code x86/entry: Fix instrumentation annotation powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers rcu/nocb: Perform deferred wake up before last idle's need_resched() check kprobes: Fix to delay the kprobes jump optimization arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 iommu/arm-smmu-qcom: Fix mask extraction for bootloader programmed SMRs arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing arm64 module: set plt* section addresses to 0x0 arm64: spectre: Prevent lockdep splat on v4 mitigation enable path riscv: Disable KSAN_SANITIZE for vDSO watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ watchdog: mei_wdt: request stop on unregister coresight: etm4x: Handle accesses to TRCSTALLCTLR mtd: spi-nor: sfdp: Fix last erase region marking mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region mtd: spi-nor: core: Fix erase type discovery for overlaid region mtd: spi-nor: core: Add erase size check for erase command initialization mtd: spi-nor: hisi-sfc: Put child node np on error path fs/affs: release old buffer head on error path seq_file: document how per-entry resources are managed. x86: fix seq_file iteration for pat/memtype.c mm: memcontrol: fix swap undercounting in cgroup2 mm: memcontrol: fix get_active_memcg return value hugetlb: fix update_and_free_page contig page struct assumption hugetlb: fix copy_huge_page_from_user contig page struct assumption mm/vmscan: restore zone_reclaim_mode ABI mm, compaction: make fast_isolate_freepages() stay within zone KVM: nSVM: fix running nested guests when npt=0 nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols mmc: sdhci-esdhc-imx: fix kernel panic when remove module mmc: sdhci-pci-o2micro: Bug fix for SDR104 HW tuning failure powerpc/32: Preserve cr1 in exception prolog stack check to fix build error powerpc/kexec_file: fix FDT size estimation for kdump kernel powerpc/32s: Add missing call to kuep_lock on syscall entry spmi: spmi-pmic-arb: Fix hw_irq overflow mei: fix transfer over dma with extended header mei: me: emmitsburg workstation DID mei: me: add adler lake point S DID mei: me: add adler lake point LP DID gpio: pcf857x: Fix missing first interrupt mfd: gateworks-gsc: Fix interrupt type printk: fix deadlock when kernel panic exfat: fix shift-out-of-bounds in exfat_fill_super() zonefs: Fix file size of zones in full condition kcmp: Support selection of SYS_kcmp without CHECKPOINT_RESTORE thermal: cpufreq_cooling: freq_qos_update_request() returns < 0 on error cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks cpufreq: intel_pstate: Change intel_pstate_get_hwp_max() argument cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available proc: don't allow async path resolution of /proc/thread-self components s390/vtime: fix inline assembly clobber list virtio/s390: implement virtio-ccw revision 2 correctly um: mm: check more comprehensively for stub changes um: defer killing userspace on page table update failures irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap f2fs: fix out-of-repair __setattr_copy() f2fs: enforce the immutable flag on open files f2fs: flush data when enabling checkpoint back sparc32: fix a user-triggerable oops in clear_user() spi: fsl: invert spisel_boot signal on MPC8309 spi: spi-synquacer: fix set_cs handling gfs2: fix glock confusion in function signal_our_withdraw gfs2: Don't skip dlm unlock if glock has an lvb gfs2: Lock imbalance on error path in gfs2_recover_one gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end dm: fix deadlock when swapping to encrypted device dm table: fix iterate_devices based device capability checks dm table: fix DAX iterate_devices based device capability checks dm table: fix zoned iterate_devices based device capability checks dm writecache: fix performance degradation in ssd mode dm writecache: return the exact table values that were set dm writecache: fix writing beyond end of underlying device when shrinking dm era: Recover committed writeset after crash dm era: Update in-core bitset after committing the metadata dm era: Verify the data block size hasn't changed dm era: Fix bitset memory leaks dm era: Use correct value size in equality function of writeset tree dm era: Reinitialize bitset cache before digesting a new writeset dm era: only resize metadata in preresume drm/i915: Reject 446-480MHz HDMI clock on GLK kgdb: fix to kill breakpoints on initmem after boot ipv6: silence compilation warning for non-IPV6 builds net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending wireguard: selftests: test multiple parallel streams wireguard: queueing: get rid of per-peer ring buffers net: sched: fix police ext initialization net: qrtr: Fix memory leak in qrtr_tun_open net_sched: fix RTNL deadlock again caused by request_module() ARM: dts: aspeed: Add LCLK to lpc-snoop Linux 5.10.20 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3fbcecd9413ce212dac68d5cc800c9457feba56a |
||
|
Mike Kravetz
|
32e970488f |
hugetlb: fix copy_huge_page_from_user contig page struct assumption
commit 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef upstream.
page structs are not guaranteed to be contiguous for gigantic pages. The
routine copy_huge_page_from_user can encounter gigantic pages, yet it
assumes page structs are contiguous when copying pages from user space.
Since page structs for the target gigantic page are not contiguous, the
data copied from user space could overwrite other pages not associated
with the gigantic page and cause data corruption.
Non-contiguous page structs are generally not an issue. However, they can
exist with a specific kernel configuration and hotplug operations. For
example: Configure the kernel with CONFIG_SPARSEMEM and
!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where
the gigantic page will be allocated.
Link: https://lkml.kernel.org/r/20210217184926.33567-2-mike.kravetz@oracle.com
Fixes:
|
||
|
Miaohe Lin
|
6c074ae0a4 |
mm/memory.c: fix potential pte_unmap_unlock pte error
[ Upstream commit 90a3e375d324b2255b83e3dd29e99e2b05d82aaf ] Since commit |
||
|
Greg Kroah-Hartman
|
e1a763aea5 |
Merge 5.10.19 into android-5.10
Changes in 5.10.19
bpf: Fix truncation handling for mod32 dst reg wrt zero
HID: make arrays usage and value to be the same
RDMA: Lift ibdev_to_node from rds to common code
nvme-rdma: Use ibdev_to_node instead of dereferencing ->dma_device
USB: quirks: sort quirk entries
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
ceph: downgrade warning from mdsmap decode to debug
ntfs: check for valid standard information attribute
Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working
arm64: tegra: Add power-domain for Tegra210 HDA
hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist
KVM: x86: Zap the oldest MMU pages, not the newest
mm: unexport follow_pte_pmd
mm: simplify follow_pte{,pmd}
KVM: do not assume PTE is writable after follow_pfn
mm: provide a saner PTE walking API for modules
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
drm/xlnx: fix kmemleak by sending vblank_event in atomic_disable
NET: usb: qmi_wwan: Adding support for Cinterion MV31
cxgb4: Add new T6 PCI device id 0x6092
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
kbuild: fix CONFIG_TRIM_UNUSED_KSYMS build for ppc64
scripts/recordmcount.pl: support big endian for ARCH sh
Linux 5.10.19
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie460e26abc91311bcdd6b8484f5b42a7ffe1058f
|
||
|
Paolo Bonzini
|
a42150f1c9 |
mm: provide a saner PTE walking API for modules
commit 9fd6dad1261a541b3f5fa7dc5b152222306e6702 upstream. Currently, the follow_pfn function is exported for modules but follow_pte is not. However, follow_pfn is very easy to misuse, because it does not provide protections (so most of its callers assume the page is writable!) and because it returns after having already unlocked the page table lock. Provide instead a simplified version of follow_pte that does not have the pmdpp and range arguments. The older version survives as follow_invalidate_pte() for use by fs/dax.c. Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Christoph Hellwig
|
6d9c9ec0d8 |
mm: simplify follow_pte{,pmd}
commit ff5c19ed4b087073cea38ff0edc80c23d7256943 upstream. Merge __follow_pte_pmd, follow_pte_pmd and follow_pte into a single follow_pte function and just pass two additional NULL arguments for the two previous follow_pte callers. [sfr@canb.auug.org.au: merge fix for "s390/pci: remove races against pte updates"] Link: https://lkml.kernel.org/r/20201111221254.7f6a3658@canb.auug.org.au Link: https://lkml.kernel.org/r/20201029101432.47011-3-hch@lst.de Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Christoph Hellwig
|
f8d8fb7ae8 |
mm: unexport follow_pte_pmd
commit 7336375734d65ecc82956b59a79cf5deccce880c upstream. Patch series "simplify follow_pte a bit". This small series drops the not needed follow_pte_pmd exports, and simplifies the follow_pte family of functions a bit. This patch (of 2): follow_pte_pmd() is only used by the DAX code, which can't be modular. Link: https://lkml.kernel.org/r/20201029101432.47011-2-hch@lst.de Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Daniel Vetter <daniel@ffwll.ch> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Vinayak Menon
|
c3cbea9229 |
ANDROID: mm: avoid writing to read-only elements
Refactor speculative page fault handler to avoid assigning to read-only elements of vmfault struct. Change-Id: I1b5072d880a485948fad9591d7e8dc20e47d73a4 Bug: 171278850 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Will Deacon
|
db6cf10907 |
BACKPORT: FROMGIT: mm: Pass 'address' to map to do_set_pte() and drop FAULT_FLAG_PREFAULT
Rather than modifying the 'address' field of the 'struct vm_fault' passed to do_set_pte(), leave that to identify the real faulting address and pass in the virtual address to be mapped by the new pte as a separate argument. This makes FAULT_FLAG_PREFAULT redundant, as a prefault entry can be identified simply by comparing the new address parameter with the faulting address, so remove the redundant flag at the same time. Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Will Deacon <will@kernel.org> Change-Id: I495c06047bac0f4e2241bc47a18b8ee8f97e4af8 Bug: 171278850 (cherry picked from commit 9d3af4b448a119ac81378d3bc775f1c4a2a7ff36 https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/faultaround) [vinmenon: changes for speculative page fault] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Will Deacon
|
ef3b732457 |
BACKPORT: FROMGIT: mm: Allow architectures to request 'old' entries when prefaulting
Commit |
||
|
Kirill A. Shutemov
|
0aa300a252 |
BACKPORT: FROMGIT: mm: Cleanup faultaround and finish_fault() codepaths
alloc_set_pte() has two users with different requirements: in the faultaround code, it called from an atomic context and PTE page table has to be preallocated. finish_fault() can sleep and allocate page table as needed. PTL locking rules are also strange, hard to follow and overkill for finish_fault(). Let's untangle the mess. alloc_set_pte() has gone now. All locking is explicit. The price is some code duplication to handle huge pages in faultaround path, but it should be fine, having overall improvement in readability. Link: https://lore.kernel.org/r/20201229132819.najtavneutnf7ajp@box Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> [will: s/from from/from/ in comment; spotted by willy] Signed-off-by: Will Deacon <will@kernel.org> Change-Id: I2746b62adfe63e4f1b62e806df06b1b7a17574ad Bug: 171278850 (cherry picked from commit f9ce0be71d1fbb038ada15ced83474b0e63f264d https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/faultaround) [vinmenon: changes for speculative page fault] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Suren Baghdasaryan
|
9e4d84273c |
ANDROID: Fix sparse warning in __handle_speculative_fault caused by SPF
SPF patchset introduced a sparse warning caused by the mismatch in
__handle_speculative_fault function's return type. Fix the return
type.
Fixes:
|
||
|
Vinayak Menon
|
cf397c6c26 |
ANDROID: mm: sync rss in speculative page fault path
The speculative page fault path does not sync the rss in task_struct to mm_struct leading to large variance in the RSS values observed by userspace tools and also in the OOM task dump. Change-Id: Id45f1b9b0a51a9afffbaf8e65f5ef747d409d0d7 Bug: 179217427 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Suren Baghdasaryan
|
b55d8223ca |
ANDROID: Fix sparse warning in wp_page_copy caused by SPF patchset
SPF patchset introduced a sparse warning caused by type mismatch in wp_page_copy. Fix the variable type. Fixes: 'FROMLIST: mm: prepare for FAULT_FLAG_SPECULATIVE' Bug: 161210518 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: Id0db15db82bce0808d58f27bd72a1db0f63c72b7 |