bb0e3c7b6574cd4862988b23ee6fe5ceb1650b96
65858 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Sarannya S
|
4c3847f184 |
net: qrtr: Add irqsave/irqrestore spin locks
Add back the irq save and restore spin locks to qrtr_port_lookup, qrtr_port_remove and __qrtr_bind, to avoid any potential race condition, or use-after-free scenarios. Change-Id: I09e70dc70c6daac515a2fc04800a2f28582ebc20 Signed-off-by: Sarannya S <quic_sarannya@quicinc.com> |
||
|
Srinivasarao Pathipati
|
57d7f6b039 |
Merge keystone/android12-5.10-keystone-qcom-release.149+ (a3f0c2f) into msm-5.10
* refs/heads/tmp-a3f0c2f:
Revert "Input: atmel_mxt_ts - fix up inverted RESET handler"
ANDROID: cpu: correct dl_cpu_busy() calls
ANDROID: usb: gadget: uvc: remove duplicate code in unbind
ANDROID: mm: disable speculative page faults for CONFIG_NUMA
ANDROID: disable page table moves when speculative page faults are enabled
ANDROID: mm: skip pte_alloc during speculative page fault
UPSTREAM: binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
UPSTREAM: binder: Address corner cases in deferred copy and fixup
UPSTREAM: binder: fix pointer cast warning
UPSTREAM: binder: defer copies of pre-patched txn data
UPSTREAM: binder: read pre-translated fds from sender buffer
UPSTREAM: binder: avoid potential data leakage when copying txn
UPSTREAM: bpf: Ensure correct locking around vulnerable function find_vpid()
BACKPORT: UPSTREAM: usb: typec: ucsi: Wait for the USB role switches
UPSTREAM: HID: roccat: Fix use-after-free in roccat_read()
ANDROID: arm64: mm: perform clean & invalidation in __dma_map_area
BACKPORT: ANDROID: dma-buf: heaps: replace mutex lock with spinlock
UPSTREAM: binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
UPSTREAM: binder: Address corner cases in deferred copy and fixup
UPSTREAM: binder: fix pointer cast warning
UPSTREAM: binder: defer copies of pre-patched txn data
UPSTREAM: binder: read pre-translated fds from sender buffer
UPSTREAM: binder: avoid potential data leakage when copying txn
ANDROID: khugepaged: fix mixing declarations warning in retract_page_tables
ANDROID: mm: fix build issue in spf when CONFIG_USERFAULTFD=n
ANDROID: mm: disable speculative page faults for CONFIG_NUMA
ANDROID: mm: fix invalid backport in speculative page fault path
ANDROID: disable page table moves when speculative page faults are enabled
ANDROID: mm: assert that mmap_lock is taken exclusively in vm_write_begin
ANDROID: mm: remove sequence counting when mmap_lock is not exclusively owned
ANDROID: mm/khugepaged: add missing vm_write_{begin|end}
BACKPORT: FROMLIST: mm: implement speculative handling in filemap_fault()
ANDROID: mm: prevent reads of unstable pmd during speculation
ANDROID: mm: prevent speculative page fault handling for in do_swap_page()
ANDROID: mm: prevent speculative page fault handling for userfaults
ANDROID: mm: skip pte_alloc during speculative page fault
FROMGIT: mm/madvise: fix madvise_pageout for private file mappings
ANDROID: GKI: Update symbols to symbol list
Revert "FROMGIT: mm/vmalloc: Add override for lazy vunmap"
Revert "FROMGIT: arm64: Work around Cortex-A510 erratum 2454944"
UPSTREAM: efi: capsule-loader: Fix use-after-free in efi_capsule_write
FROMGIT: arm64: Work around Cortex-A510 erratum 2454944
FROMGIT: mm/vmalloc: Add override for lazy vunmap
BACKPORT: mm/page_alloc: always initialize memory map for the holes
UPSTREAM: usb: dwc3: gadget: Submit endxfer command if delayed during disconnect
UPSTREAM: usb: dwc3: Fix ep0 handling when getting reset while doing control transfer
UPSTREAM: mm/damon/core: initialize damon_target->list in damon_new_target()
UPSTREAM: usb: typec: ucsi: Remove incorrect warning
UPSTREAM: xhci: Don't show warning for reinit on known broken suspend
UPSTREAM: mm/damon: validate if the pmd entry is present before accessing
UPSTREAM: mm/damon/dbgfs: fix memory leak when using debugfs_lookup()
UPSTREAM: mm/damon/dbgfs: avoid duplicate context directory creation
UPSTREAM: crypto: lib - remove unneeded selection of XOR_BLOCKS
UPSTREAM: pinctrl: sunxi: Fix name for A100 R_PIO
UPSTREAM: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
BACKPORT: usb: gadget: f_uac2: fix superspeed transfer
BACKPORT: usb: dwc3: qcom: fix runtime PM wakeup
UPSTREAM: KVM: arm64: Reject 32bit user PSTATE on asymmetric systems
UPSTREAM: KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems
UPSTREAM: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
UPSTREAM: mm: fix page leak with multiple threads mapping the same page
UPSTREAM: PM: domains: Ensure genpd_debugfs_dir exists before remove
UPSTREAM: usb: gadget: uvc: fix changing interface name via configfs
BACKPORT: dma-mapping: Fix build error unused-value
UPSTREAM: tools/vm/slabinfo: Handle files in debugfs
UPSTREAM: mm/damon: use set_huge_pte_at() to make huge pte old
UPSTREAM: usb: gadget: f_mass_storage: Make CD-ROM emulation works with Windows OS
UPSTREAM: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
UPSTREAM: PM: domains: Fix initialization of genpd's next_wakeup
BACKPORT: f2fs: don't use casefolded comparison for "." and ".."
UPSTREAM: regulator: scmi: Fix refcount leak in scmi_regulator_probe
UPSTREAM: block/mq-deadline: Set the fifo_time member also if inserting at head
BACKPORT: Revert "mm/cma.c: remove redundant cma_mutex lock"
UPSTREAM: module.h: simplify MODULE_IMPORT_NS
UPSTREAM: iommu/mediatek: Add mutex for m4u_group and m4u_dom in data
UPSTREAM: iommu/mediatek: Remove clk_disable in mtk_iommu_remove
UPSTREAM: iommu/mediatek: Fix 2 HW sharing pgtable issue
UPSTREAM: mm: hugetlb: add missing cache flushing in hugetlb_unshare_all_pmds()
UPSTREAM: selftests/damon: add damon to selftests root Makefile
FROMGIT: f2fs: allow to read node block after shutdown
BACKPORT: f2fs: do not submit NEW_ADDR to read node block
BACKPORT: ext4,f2fs: fix readahead of verity data
ANDROID: GKI: db845c: Update symbols list and ABI
Linux 5.10.149
wifi: mac80211: fix MBSSID parsing use-after-free
wifi: mac80211: don't parse mbssid in assoc response
mac80211: mlme: find auth challenge directly
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
Linux 5.10.148
misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
misc: pci_endpoint_test: Aggregate params checking for xfer
Input: xpad - fix wireless 360 controller breaking after suspend
Input: xpad - add supported devices as contributed on github
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
wifi: mac80211: fix crash in beacon protection for P2P-device
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
wifi: cfg80211: avoid nontransmitted BSS list corruption
wifi: cfg80211: fix BSS refcounting bugs
wifi: cfg80211: ensure length byte is present before access
wifi: cfg80211/mac80211: reject bad MBSSID elements
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
random: use expired timer rather than wq for mixing fast pool
random: avoid reading two cache lines on irq randomness
USB: serial: qcserial: add new usb-id for Dell branded EM7455
scsi: stex: Properly zero out the passthrough command structure
efi: Correct Macmini DMI match in uefi cert quirk
ALSA: hda: Fix position reporting on Poulsbo
random: clamp credited irq bits to maximum mixed
random: restore O_NONBLOCK support
Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5"
rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
USB: serial: ftdi_sio: fix 300 bps rate for SIO
usb: mon: make mmapped memory read only
mmc: core: Terminate infinite loop in SD-UHS voltage switch
mmc: core: Replace with already defined values for readability
drm/amd/display: skip audio setup when audio stream is enabled
drm/amd/display: update gamut remap if plane has changed
net: atlantic: fix potential memory leak in aq_ndev_close()
arch: um: Mark the stack non-executable to fix a binutils warning
um: Cleanup compiler warning in arch/x86/um/tls_32.c
um: Cleanup syscall_handler_t cast in syscalls_32.h
ALSA: hda/hdmi: Fix the converter reuse for the silent stream
net/ieee802154: fix uninit value bug in dgram_sendmsg
scsi: qedf: Fix a UAF bug in __qedf_probe()
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
firmware: arm_scmi: Add SCMI PM driver remove routine
compiler_attributes.h: move __compiletime_{error|warning}
fs: fix UAF/GPF bug in nilfs_mdt_destroy
powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush
mm: gup: fix the fast GUP race against THP collapse
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
xsk: Inherit need_wakeup flag for shared sockets
perf tools: Fixup get_current_dir_name() compilation
docs: update mediator information in CoC docs
Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
ceph: don't truncate file in atomic_open
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
nilfs2: fix use-after-free bug of struct nilfs_root
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
Linux 5.10.147
ALSA: hda/hdmi: fix warning about PCM count when used with SOF
x86/alternative: Fix race in try_get_desc()
KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest
clk: iproc: Do not rely on node name for correct PLL setup
clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
selftests: Fix the if conditions of in test_extra_filter()
net: stmmac: power up/down serdes in stmmac_open/release
nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
nvme: add new line after variable declatation
cxgb4: fix missing unlock on ETHOFLD desc collect fail path
net: sched: act_ct: fix possible refcount leak in tcf_ct_init()
usbnet: Fix memory leak in usbnet_disconnect()
Input: melfas_mip4 - fix return value check in mip4_probe()
Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
ASoC: tas2770: Reinit regcache on reset
soc: sunxi: sram: Fix debugfs info for A64 SRAM C
soc: sunxi: sram: Fix probe function ordering issues
soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
soc: sunxi: sram: Prevent the driver from being unbound
soc: sunxi: sram: Actually claim SRAM regions
reset: imx7: Fix the iMX8MP PCIe PHY PERST support
ARM: dts: am33xx: Fix MMCHS0 dma properties
scsi: hisi_sas: Revert "scsi: hisi_sas: Limit max hw sectors for v3 HW"
swiotlb: max mapping size takes min align mask into account
media: rkvdec: Disable H.264 error detection
media: dvb_vb2: fix possible out of bound access
mm: fix madivse_pageout mishandling on non-LRU page
mm/migrate_device.c: flush TLB while holding PTL
mm: prevent page_frag_alloc() from corrupting the memory
mm/page_alloc: fix race condition between build_all_zonelists and page allocation
mmc: hsq: Fix data stomping during mmc recovery
mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
net: mt7531: only do PLL once after the reset
ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
ARM: dts: integrator: Tag PCI host with device_type
clk: ingenic-tcu: Properly enable registers before accessing timers
Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
thunderbolt: Explicitly reset plug events delay back to USB4 spec value
usb: typec: ucsi: Remove incorrect warning
uas: ignore UAS for Thinkplus chips
usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
uas: add no-uas quirk for Hiksemi usb_disk
btrfs: fix hang during unmount when stopping a space reclaim worker
ALSA: hda: Fix Nvidia dp infoframe
ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically
ALSA: hda/tegra: Reset hardware
ALSA: hda/tegra: Use clk_bulk helpers
thunderbolt: Add support for Intel Maple Ridge single port controller
thunderbolt: Add support for Intel Maple Ridge
Revert "usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind"
Linux 5.10.146
ext4: make directory inode spreading reflect flexbg size
ext4: limit the number of retries after discarding preallocations blocks
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
devdax: Fix soft-reservation memory description
i2c: mlxbf: Fix frequency calculation
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
i2c: mlxbf: incorrect base address passed during io write
i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
workqueue: don't skip lockdep work dependency in cancel_work_sync()
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage
drm/amd/display: Limit user regamma to a valid value
drm/amdgpu: use dirty framebuffer helper
drm/gma500: Fix BUG: sleeping function called from invalid context errors
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
cifs: always initialize struct msghdr smb_msg completely
cifs: use discard iterator to discard unneeded network data more efficiently
drm/amdgpu: Fix check for RAS support
vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external()
usb: xhci-mtk: fix issue of out-of-bounds array access
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
serial: Create uart_xmit_advance()
drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
selftests: forwarding: add shebang for sch_red.sh
net: sched: fix possible refcount leak in tc_new_tfilter()
net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
net/smc: Stop the CLC flow if no link to map buffers on
drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
perf kcore_copy: Do not check /proc/modules is unchanged
perf jit: Include program header in ELF files
can: gs_usb: gs_can_open(): fix race dev->can.state condition
netfilter: ebtables: fix memory leak when blob is malformed
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
net/sched: taprio: avoid disabling offload when it was never enabled
net: socket: remove register_gifconf
net: enetc: move enetc_set_psfp() out of the common enetc_set_features()
wireguard: netlink: avoid variable-sized memcpy on sockaddr
wireguard: ratelimiter: disable timings test by default
net: ipa: properly limit modem routing table use
net: ipa: kill IPA_TABLE_ENTRY_SIZE
net: ipa: DMA addresses are nicely aligned
net: ipa: avoid 64-bit modulus
net: ipa: fix table alignment requirement
net: ipa: fix assumptions about DMA address size
of: mdio: Add of_node_put() when breaking out of for_each_xx
drm/hisilicon: Add depends on MMU
drm/hisilicon/hibmc: Allow to be built if COMPILE_TEST is enabled
sfc: fix null pointer dereference in efx_hard_start_xmit
sfc: fix TX channel offset when using legacy interrupts
i40e: Fix set max_tx_rate when it is lower than 1 Mbps
i40e: Fix VF set max MTU size
iavf: Fix set max MTU size with port VLAN and jumbo frames
iavf: Fix bad page state
MIPS: Loongson32: Fix PHY-mode being left unspecified
MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
drm/panel: simple: Fix innolux_g121i1_l01 bus_format
net: team: Unsync device addresses on ndo_stop
net: bonding: Unsync device addresses on ndo_stop
net: bonding: Share lacpdu_mcast_addr definition
scsi: mpt3sas: Fix return value check of dma_get_required_mask()
scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region
net: phy: aquantia: wait for the suspend/resume operations to finish
net: core: fix flow symmetric hash
net: let flow have same hash in two directions
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
iavf: Fix cached head and tail value for iavf_get_tx_pending
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nf_conntrack_irc: Tighten matching on DCC message
netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
xfs: validate inode fork size against fork format
xfs: reorder iunlink remove operation in xfs_ifree
xfs: fix up non-directory creation in SGID directories
interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate
KVM: SEV: add cache flush to solve SEV cache incoherency issues
mm/slub: fix to return errno if kmalloc() fails
can: flexcan: flexcan_mailbox_read() fix return value for drop = true
riscv: fix a nasty sigreturn bug...
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
gpio: mockup: fix NULL pointer dereference when removing debugfs
wifi: mt76: fix reading current per-tid starting sequence number for aggregation
efi: libstub: check Shim mode using MokSBStateRT
efi: x86: Wipe setup_data on pure EFI boot
media: flexcop-usb: fix endpoint type check
iommu/vt-d: Check correct capability for sagaw determination
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
ALSA: hda/realtek: Re-arrange quirk table entries
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
ALSA: hda: add Intel 5 Series / 3400 PCI DID
ALSA: hda/tegra: set depop delay for tegra
USB: serial: option: add Quectel RM520N
USB: serial: option: add Quectel BG95 0x0203 composition
USB: core: Fix RST error in hub.c
arm64/bti: Disable in kernel BTI when cross section thunks are broken
arm64: Restrict ARM64_BTI_KERNEL to clang 12.0.0 and newer
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
vfio/type1: Unpin zero pages
vfio/type1: Prepare for batched pinning with struct vfio_batch
vfio/type1: Change success value of vaddr_get_pfn()
Revert "usb: add quirks for Lenovo OneLink+ Dock"
usb: cdns3: fix issue with rearming ISO OUT endpoint
usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: add quirks for Lenovo OneLink+ Dock
tty: serial: atmel: Preserve previous USART mode if RS485 disabled
serial: atmel: remove redundant assignment in rs485_config
mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure
usb: xhci-mtk: relax TT periodic bandwidth allocation
usb: xhci-mtk: allow multiple Start-Split in a microframe
usb: xhci-mtk: add some schedule error number
usb: xhci-mtk: add a function to (un)load bandwidth info
usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
usb: xhci-mtk: add only one extra CS for FS/LS INTR
usb: xhci-mtk: get the microframe boundary for ESIT
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
usb: dwc3: gadget: Refactor pullup()
usb: dwc3: gadget: Prevent repeat pullup()
usb: dwc3: Issue core soft reset before enabling run/stop
usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
usb: typec: intel_pmc_mux: Update IOM port status offset for AlderLake
drm/amdgpu: make sure to init common IP before gmc
drm/amdgpu: Separate vf2pf work item init from virt data exchange
drm/amdgpu: indirect register access for nv12 sriov
drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
Linux 5.10.145
ALSA: hda/sigmatel: Fix unused variable warning for beep power change
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
mksysmap: Fix the mismatch of 'L0' symbols in System.map
MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
net: usb: qmi_wwan: add Quectel RM520N
ALSA: hda/tegra: Align BDL entry to 4KB boundary
ALSA: hda/sigmatel: Keep power up while beep is enabled
wifi: mac80211_hwsim: check length for virtio packets
rxrpc: Fix calc of resend age
rxrpc: Fix local destruction being repeated
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
ASoC: nau8824: Fix semaphore unbalance at error paths
Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field"
video: fbdev: i740fb: Error out if 'pixclock' equals zero
tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa
cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
cifs: revalidate mapping when doing direct writes
of/device: Fix up of_dma_configure_id() stub
tracing: hold caller_addr to hardirq_{enable,disable}_ip
parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
drm/meson: Fix OSD1 RGB to YCbCr coefficient
drm/meson: Correct OSD1 global alpha value
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
pinctrl: sunxi: Fix name for A100 R_PIO
of: fdt: fix off-by-one error in unflatten_dt_nodes()
net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
platform/x86/intel: hid: add quirk to support Surface Go 3
usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests
powerpc/pseries/mobility: ignore ibm, platform-facilities updates
powerpc/pseries/mobility: refactor node lookup during DT update
dmaengine: bestcomm: fix system boot lockups
parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page
parisc: Optimize per-pagetable spinlocks
serial: 8250: Fix reporting real baudrate value in c_ospeed field
KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs
Revert "USB: core: Prevent nested device-reset calls"
Revert "xhci: Add grace period after xHC start to prevent premature runtime suspend."
Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse"
Revert "io_uring: disable polling pollfree files"
Linux 5.10.144
Input: goodix - add compatible string for GT1158
soc: fsl: select FSL_GUTS driver for DPIO
x86/ftrace: Use alternative RET encoding
x86/ibt,ftrace: Make function-graph play nice
Revert "x86/ftrace: Use alternative RET encoding"
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
Input: iforce - add support for Boeder Force Feedback Wheel
ieee802154: cc2520: add rc code in cc2520_tx()
gpio: mockup: remove gpio debugfs when remove device
tg3: Disable tg3 device on system reboot to avoid triggering AER
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
drm/msm/rd: Fix FIFO-full deadlock
Input: goodix - add support for GT1158
tracefs: Only clobber mode/uid/gid on remount if asked
iommu/vt-d: Correctly calculate sagaw value of IOMMU
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
ARM: dts: imx: align SPI NOR node name with dtschema
Linux 5.10.143
arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly
hwmon: (mr75203) enable polling for all VM channels
hwmon: (mr75203) fix multi-channel voltage reading
hwmon: (mr75203) fix voltage equation for negative source input
hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors
hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined
iommu/amd: use full 64-bit value in build_completion_wait()
swiotlb: avoid potential left shift overflow
MIPS: loongson32: ls1c: Fix hang during startup
ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion
ASoC: mchp-spdiftx: remove references to mchp_i2s_caps
sch_sfb: Also store skb len before calling child enqueue
tcp: fix early ETIMEDOUT after spurious non-SACK RTO
nvme-tcp: fix regression that causes sporadic requests to time out
nvme-tcp: fix UAF when detecting digest errors
RDMA/mlx5: Set local port to one when accessing counters
IB/core: Fix a nested dead lock as part of ODP flow
ipv6: sr: fix out-of-bounds read when setting HMAC data.
RDMA/siw: Pass a pointer to virt_to_page()
xen-netback: only remove 'hotplug-status' when the vif is actually destroyed
i40e: Fix kernel crash during module removal
ice: use bitmap_free instead of devm_kfree
tipc: fix shift wrapping bug in map_get()
sch_sfb: Don't assume the skb is still around after enqueueing to child
afs: Use the operation issue time instead of the reply time for callbacks
rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
ALSA: usb-audio: Register card again for iface over delayed_register option
ALSA: usb-audio: Inform the delayed registration more properly
netfilter: nf_conntrack_irc: Fix forged IP logic
netfilter: nf_tables: clean up hook list when offload flags check fails
netfilter: br_netfilter: Drop dst references before setting.
ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time
ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time
ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
RDMA/hns: Fix supported page size
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
RDMA/cma: Fix arguments order in net device validation
tee: fix compiler warning in tee_shm_register()
regulator: core: Clean up on enable failure
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
smb3: missing inode locks in punch hole
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
scsi: lpfc: Add missing destroy_workqueue() in error path
scsi: mpt3sas: Fix use-after-free warning
drm/i915: Implement WaEdpLinkRateDataReload
nvmet: fix a use-after-free
debugfs: add debugfs_lookup_and_remove()
kprobes: Prohibit probes in gate area
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
net/core/skbuff: Check the return value of skb_copy_bits()
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
drm/radeon: add a force flush to delay work when radeon
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini
drm/gem: Fix GEM handle release errors
scsi: megaraid_sas: Fix double kfree()
scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
fs: only do a memory barrier for the first set_buffer_uptodate()
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
efi: capsule-loader: Fix use-after-free in efi_capsule_write
efi: libstub: Disable struct randomization
tty: n_gsm: avoid call of sleeping functions from atomic context
tty: n_gsm: initialize more members at gsm_alloc_mux()
xen-blkfront: Cache feature_persistent value before advertisement
NFSD: Fix verifier returned in stable WRITEs
Linux 5.10.142
USB: serial: ch341: fix disabled rx timer on older devices
USB: serial: ch341: fix lost character on LCR updates
usb: dwc3: disable USB core PHY management
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
usb: dwc3: fix PHY disable sequence
mmc: core: Fix UHS-I SD 1.8V workaround branch
btrfs: harden identification of a stale device
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
ALSA: seq: Fix data-race at module auto-loading
ALSA: seq: oss: Fix data-race for max_midi_devs access
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
net: mac802154: Fix a condition in the receive path
net: Use u64_stats_fetch_begin_irq() for stats fetch.
ip: fix triggering of 'icmp redirect'
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
driver core: Don't probe devices after bus_type.match() probe deferral
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
USB: core: Prevent nested device-reset calls
s390: fix nospec table alignments
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
usb-storage: Add ignore-residue quirk for NXP PN7462AU
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
usb: dwc2: fix wrong order of phy_power_on and phy_init
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
USB: serial: option: add Quectel EM060K modem
USB: serial: option: add support for OPPO R11 diag port
USB: serial: cp210x: add Decagon UCA device id
xhci: Add grace period after xHC start to prevent premature runtime suspend.
media: mceusb: Use new usb_control_msg_*() routines
thunderbolt: Use the actual buffer in tb_async_error()
xen-blkfront: Advertise feature-persistent as user requested
xen-blkback: Advertise feature-persistent as user requested
mm: pagewalk: Fix race between unmap and page walker
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES
gpio: pca953x: Add mutex_lock for regcache sync in PM
hwmon: (gpio-fan) Fix array out of bounds access
clk: bcm: rpi: Add missing newline
clk: bcm: rpi: Prevent out-of-bounds access
clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
Input: rk805-pwrkey - fix module autoloading
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
binder: fix UAF of ref->proc caused by race condition
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
misc: fastrpc: fix memory corruption on open
misc: fastrpc: fix memory corruption on probe
iio: adc: mcp3911: use correct formula for AD conversion
iio: ad7292: Prevent regulator double disable
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
vt: Clear selection before changing the font
powerpc: align syscall table for ppc32
staging: rtl8712: fix use after free bugs
serial: fsl_lpuart: RS485 RTS polariy is inverse
net/smc: Remove redundant refcount increase
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
tcp: annotate data-race around challenge_timestamp
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
kcm: fix strp_init() order and cleanup
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
net/sched: fix netdevice reference leaks in attach_default_qdiscs()
net: sched: tbf: don't call qdisc_put() while holding tree lock
Revert "xhci: turn off port power in shutdown"
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg
ieee802154/adf7242: defer destroy_workqueue call
bpf, cgroup: Fix kernel BUG in purge_effective_progs
iio: adc: mcp3911: make use of the sign bit
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
drm/msm/dsi: Fix number of regulators for SDM660
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
drm/msm/dsi: fix the inconsistent indenting
Linux 5.10.141
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
net/af_packet: check len when min_header_len equals to 0
xfs: revert "xfs: actually bump warning counts when we send warnings"
xfs: fix soft lockup via spinning in filestream ag selection loop
xfs: fix overfilling of reserve pool
xfs: always succeed at setting the reserve pool size
xfs: remove infinite loop when reserving free block pool
io_uring: disable polling pollfree files
kprobes: don't call disarm_kprobe() for disabled kprobes
lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline()
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
drm/amdgpu: Increase tlb flush timeout for sriov
drm/amd/display: Fix pixel clock programming
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
s390/hypfs: avoid error message under KVM
neigh: fix possible DoS due to net iface start/stop loop
drm/amd/display: clear optc underflow before turn off odm clock
drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
drm/amd/display: Avoid MPC infinite loop
mmc: mtk-sd: Clear interrupts when cqe off/disable
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
bpf: Don't redirect packets with invalid pkt_len
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
fbdev: fb_pm2fb: Avoid potential divide by zero error
net: fix refcount bug in sk_psock_get (2)
HID: hidraw: fix memory leak in hidraw_release()
media: pvrusb2: fix memory leak in pvr_probe
udmabuf: Set the DMA mask for the udmabuf device (v2)
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
Bluetooth: L2CAP: Fix build errors in some archs
kbuild: Fix include path in scripts/Makefile.modpost
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
crypto: lib - remove unneeded selection of XOR_BLOCKS
x86/nospec: Fix i386 RSB stuffing
x86/nospec: Unwreck the RSB stuffing
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
Linux 5.10.140
bpf: Don't use tnum_range on array range checking for poke descriptors
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
scsi: ufs: core: Enable link lost interrupt
perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
perf python: Fix build when PYTHON_CONFIG is user supplied
blk-mq: fix io hung due to missing commit_rqs
Documentation/ABI: Mention retbleed vulnerability info file for sysfs
arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76
md: call __md_stop_writes in md_stop
Revert "md-raid: destroy the bitmap after destroying the thread"
mm/hugetlb: fix hugetlb not supporting softdirty tracking
xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
ACPI: processor: Remove freq Qos request for all CPUs
s390: fix double free of GS and RI CBs on fork() failure
asm-generic: sections: refactor memory_intersects
loop: Check for overflow while configuring loop
x86/bugs: Add "unknown" reporting for MMIO Stale Data
x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
perf/x86/lbr: Enable the branch type for the Arch LBR by default
btrfs: check if root is readonly while setting security xattr
btrfs: add info when mount fails due to stale replace target
btrfs: replace: drop assert for suspended replace
btrfs: fix silent failure when deleting root reference
ionic: fix up issues with handling EAGAIN on FW cmds
rxrpc: Fix locking in rxrpc's sendmsg
ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
net: Fix a data-race around sysctl_somaxconn.
net: Fix data-races around sysctl_devconf_inherit_init_net.
net: Fix data-races around sysctl_fb_tunnels_only_for_init_net.
net: Fix a data-race around netdev_budget_usecs.
net: Fix a data-race around netdev_budget.
net: Fix a data-race around sysctl_net_busy_read.
net: Fix a data-race around sysctl_net_busy_poll.
net: Fix a data-race around sysctl_tstamp_allow_data.
net: Fix data-races around sysctl_optmem_max.
bpf: Folding omem_charge() into sk_storage_charge()
ratelimit: Fix data-races in ___ratelimit().
net: Fix data-races around netdev_tstamp_prequeue.
net: Fix data-races around netdev_max_backlog.
net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
net: Fix data-races around sysctl_[rw]mem_(max|default).
net: Fix data-races around sysctl_[rw]mem(_offset)?.
tcp: tweak len/truesize ratio for coalesce candidates
netfilter: nf_tables: disallow binding to already bound chain
netfilter: nf_tables: disallow jump to implicit chain from set element
netfilter: nf_tables: upfront validation of data via nft_data_init()
netfilter: bitwise: improve error goto labels
netfilter: nft_cmp: optimize comparison for 16-bytes
netfilter: nf_tables: consolidate rule verdict trace call
netfilter: nftables: remove redundant assignment of variable err
netfilter: nft_tunnel: restrict it to netdev family
netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
netfilter: nf_tables: do not leave chain stats enabled on error
netfilter: nft_payload: do not truncate csum_offset and csum_type
netfilter: nft_payload: report ERANGE for too long offset and length
bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
netfilter: ebtables: reject blobs that don't provide all entry points
net: ipvtap - add __init/__exit annotations to module init/exit funcs
bonding: 802.3ad: fix no transmission of LACPDUs
net: moxa: get rid of asymmetry in DMA mapping/unmapping
net: ipa: don't assume SMEM is page-aligned
net/mlx5e: Properly disable vlan strip on non-UL reps
ice: xsk: prohibit usage of non-balanced queue id
ice: xsk: Force rings to be sized to power of 2
nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
rose: check NULL rose_loopback_neigh->loopback
mm/smaps: don't access young/dirty bit if pte unpresent
mm/huge_memory.c: use helper function migration_entry_to_page()
SUNRPC: RPC level errors should set task->tk_rpc_status
NFSv4.2 fix problems with __nfs42_ssc_open
NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
xfrm: policy: fix metadata dst->dev xmit null pointer dereference
af_key: Do not call xfrm_probe_algs in parallel
xfrm: clone missing x->lastused in xfrm_do_migrate
xfrm: fix refcount leak in __xfrm_policy_check()
kernel/sched: Remove dl_boosted flag comment
xfs: only bother with sync_filesystem during readonly remount
xfs: return errors in xfs_fs_sync_fs
vfs: make sync_filesystem return errors from ->sync_fs
fs: remove __sync_filesystem
xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
pinctrl: amd: Don't save/restore interrupt status and wake status bits
kernel/sys_ni: add compat entry for fadvise64_64
parisc: Fix exception handler for fldw and fstw instructions
audit: fix potential double free on error path from fsnotify_add_inode_mark
Revert "ALSA: control: Use deferred fasync helper"
Revert "block: remove the request_queue to argument request based tracepoints"
Revert "blktrace: Trace remapped requests correctly"
Revert "USB: HCD: Fix URB giveback issue in tasklet function"
Linux 5.10.139
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
Linux 5.10.138
tee: fix memory leak in tee_shm_register()
bpf: Fix KASAN use-after-free Read in compute_effective_progs
qrtr: Convert qrtr_ports from IDR to XArray
PCI/ERR: Retain status from error notification
can: j1939: j1939_session_destroy(): fix memory leak of skbs
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
tracing/probes: Have kprobes and uprobes use $COMM too
netfilter: nf_tables: fix audit memory leak in nf_tables_commit
netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect()
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
powerpc/64: Init jump labels before parse_early_param()
smb3: check xattr value length earlier
f2fs: fix to do sanity check on segment type in build_sit_entries()
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
ALSA: control: Use deferred fasync helper
ALSA: timer: Use deferred fasync helper
ALSA: core: Add async signal helpers
powerpc/32: Don't always pass -mcpu=powerpc to the compiler
watchdog: export lockup_detector_reconfigure
RISC-V: Add fast call path of crash_kexec()
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
modules: Ensure natural alignment for .altinstructions and __bug_table sections
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
vfio: Clear the caps->buf to NULL after free
tty: serial: Fix refcount leak bug in ucc_uart.c
lib/list_debug.c: Detect uninitialized lists
ext4: avoid resizing to a partial cluster size
ext4: avoid remove directory when directory is corrupted
drivers:md:fix a potential use-after-free bug
nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
md: Notify sysfs sync_completed in md_reap_sync_thread()
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
selftests/kprobe: Do not test for GRP/ without event failures
csky/kprobe: reclaim insn_slot on kprobe unregistration
RDMA/rxe: Limit the number of calls to each tasklet
um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
PCI/ACPI: Guard ARM64-specific mcfg_quirks
cxl: Fix a memory leak in an error handling path
pinctrl: intel: Check against matching data instead of ACPI companion
gadgetfs: ep_io - wait until IRQ finishes
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
zram: do not lookup algorithm in backends table
uacce: Handle parent device removal or parent driver module rmmod
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
vboxguest: Do not use devm for irq
usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
usb: renesas: Fix refcount leak bug
usb: host: ohci-ppc-of: Fix refcount leak bug
clk: ti: Stop using legacy clkctrl names for omap4 and 5
drm/meson: Fix overflow implicit truncation warnings
irqchip/tegra: Fix overflow implicit truncation warnings
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
usb: cdns3 fix use-after-free at workaround 2
platform/chrome: cros_ec_proto: don't show MKBP version if unsupported
PCI: Add ACS quirk for Broadcom BCM5750x NICs
drm/sun4i: dsi: Prevent underflow when computing packet sizes
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nftables: add helper function to set the base sequence number
audit: log nftables configuration change events once per table
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
ASoC: SOF: intel: move sof_intel_dsp_desc() forward
locking/atomic: Make test_and_*_bit() ordered on failure
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
kbuild: fix the modules order between drivers and libs
igb: Add lock to avoid data race
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
i40e: Fix to stop tx_timeout recovery if GLOBR fails
regulator: pca9450: Remove restrictions for regulator-name
i2c: imx: Make sure to unregister adapter on remove()
ice: Ignore EEXIST when setting promisc mode
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
net: genl: fix error path memory leak in policy dumping
net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
net: moxa: pass pdev instead of ndev to DMA functions
net: dsa: mv88e6060: prevent crash on an unused port
spi: meson-spicc: add local pow2 clock ops to preserve rate between messages
powerpc/pci: Fix get_phb_number() locking
netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: really skip inactive sets when allocating name
ASoC: tas2770: Fix handling of mute/unmute
ASoC: tas2770: Drop conflicting set_bias_level power setting
ASoC: tas2770: Allow mono streams
ASoC: tas2770: Set correct FSYNC polarity
iavf: Fix adminq error handling
nios2: add force_successful_syscall_return()
nios2: restarts apply only to the first sigframe we build...
nios2: fix syscall restart checks
nios2: traced syscall does need to check the syscall number
nios2: don't leave NULLs in sys_call_table[]
nios2: page fault et.al. are *not* restartable syscalls...
dpaa2-eth: trace the allocated address instead of page struct
perf probe: Fix an error handling path in 'parse_perf_probe_command()'
geneve: fix TOS inheriting for ipv4
atm: idt77252: fix use-after-free bugs caused by tst_timer
xen/xenbus: fix return type in xenbus_file_read()
nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
tools build: Switch to new openssl API for test-libcrypto
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
ceph: don't leak snap_rwsem in handle_cap_grant
tools/vm/slabinfo: use alphabetic order when two values are equal
ceph: use correct index when encoding client supported features
dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
vsock: Fix memory leak in vsock_connect()
plip: avoid rcu debug splat
ipv6: do not use RT_TOS for IPv6 flowlabel
geneve: do not use RT_TOS for IPv6 flowlabel
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
pinctrl: qcom: sm8250: Fix PDC map
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
net: bgmac: Fix a BUG triggered by wrong bytes_compl
devlink: Fix use-after-free after a failed reload
virtio_net: fix memory leak inside XPD_TX with mergeable
SUNRPC: Reinitialise the backchannel request buffers before reuse
sunrpc: fix expiry of auth creds
net: atlantic: fix aq_vec index out of range error
can: mcp251x: Fix race condition on receive interrupt
bpf: Check the validity of max_rdwr_access for sock local storage map iterator
bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
bpf: Acquire map uref in .init_seq_private for sock local storage map iterator
bpf: Acquire map uref in .init_seq_private for hash map iterator
bpf: Acquire map uref in .init_seq_private for array map iterator
NFSv4/pnfs: Fix a use-after-free bug in open
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
NFSv4.1: Don't decrease the value of seq_nr_highest_sent
Documentation: ACPI: EINJ: Fix obsolete example
apparmor: Fix memleak in aa_simple_write_to_buffer()
apparmor: fix reference count leak in aa_pivotroot()
apparmor: fix overlapping attachment computation
apparmor: fix setting unconfined mode on a loaded profile
apparmor: fix aa_label_asxprint return check
apparmor: Fix failed mount permission check error message
apparmor: fix absroot causing audited secids to begin with =
apparmor: fix quiet_denied for file rules
can: ems_usb: fix clang's -Wunaligned-access warning
ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
tracing: Have filter accept "common_cpu" to be consistent
btrfs: fix lost error handling when looking up extended ref on log replay
mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
mmc: pxamci: Fix an error handling path in pxamci_probe()
mmc: pxamci: Fix another error handling path in pxamci_probe()
ata: libata-eh: Add missing command name
rds: add missing barrier to release_refill
x86/mm: Use proper mask when setting PUD mapping
ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
ALSA: info: Fix llseek return value when using callback
Linux 5.10.137
btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
btrfs: only write the sectors in the vertical stripe which has data stripes
sched/fair: Fix fault in reweight_entity
net_sched: cls_route: disallow handle of 0
net/9p: Initialize the iounit field during fid creation
tee: add overflow check in register_shm_helper()
kvm: x86/pmu: Fix the compare function used by the pmu event filter
mtd: rawnand: arasan: Prevent an unsupported configuration
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
drm/vc4: change vc4_dma_range_matches from a global to static
drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function
Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
tcp: fix over estimation in sk_forced_mem_schedule()
mac80211: fix a memory leak where sta_info is not freed
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
KVM: Add infrastructure and macro to mark VM as bugged
net_sched: cls_route: remove from list when handle is 0
dm raid: fix address sanitizer warning in raid_status
dm raid: fix address sanitizer warning in raid_resume
ext4: correct the misjudgment in ext4_iget_extra_inode
ext4: correct max_inline_xattr_value_size computing
ext4: fix extent status tree race in writeback error recovery path
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: make sure ext4_append() always allocates new block
ext4: fix warning in ext4_iomap_begin as race between bmap and write
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
ext4: check if directory block is within i_size
tracing: Use a struct alignof to determine trace event field alignment
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
KEYS: asymmetric: enforce SM2 signature use pkey algo
xen-blkfront: Apply 'feature_persistent' parameter when connect
xen-blkback: Apply 'feature_persistent' parameter when connect
xen-blkback: fix persistent grants negotiation
KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU
KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
KVM: x86/pmu: Use different raw event masks for AMD and Intel
KVM: x86/pmu: Use binary search to check filtered events
KVM: x86/pmu: preserve IA32_PERF_CAPABILITIES across CPUID refresh
KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops hook
KVM: SVM: Drop VMXE check from svm_set_cr4()
KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()
KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
ACPI: CPPC: Do not prevent CPPC from working in the future
btrfs: reset block group chunk force if we have to wait
btrfs: reject log replay if there is unsupported RO compat flag
um: Allow PM with suspend-to-idle
timekeeping: contribute wall clock to rng on time change
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
dm writecache: set a default MAX_WRITEBACK_JOBS
serial: 8250: Fold EndRun device support into OxSemi Tornado code
serial: 8250_pci: Replace dev_*() by pci_*() macros
serial: 8250_pci: Refactor the loop in pci_ite887x_init()
serial: 8250: Correct the clock for OxSemi PCIe devices
serial: 8250: Dissociate 4MHz Titan ports from Oxford ports
PCI/AER: Iterate over error counters instead of error strings
PCI/ERR: Recover from RCEC AER errors
PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery()
PCI/ERR: Avoid negated conditional for clarity
PCI/ERR: Use "bridge" for clarity in pcie_do_recovery()
PCI/ERR: Simplify by computing pci_pcie_type() once
PCI/ERR: Simplify by using pci_upstream_bridge()
PCI/ERR: Rename reset_link() to reset_subordinates()
PCI/ERR: Bind RCEC devices to the Root Port driver
PCI/AER: Write AER Capability only when we control it
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
intel_th: pci: Add Raptor Lake-S CPU support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Meteor Lake-P support
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
usbnet: smsc95xx: Avoid link settings race on interrupt reception
usbnet: smsc95xx: Don't clear read-only PHY interrupt
mtd: rawnand: arasan: Fix clock rate in NV-DDR
mtd: rawnand: arasan: Support NV-DDR interface
mtd: rawnand: arasan: Fix a macro parameter
mtd: rawnand: Add NV-DDR timings
mtd: rawnand: arasan: Check the proposed data interface is supported
mtd: rawnand: Add a helper to clarify the interface configuration
drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
HID: hid-input: add Surface Go battery quirk
HID: Ignore battery for Elan touchscreen on HP Spectre X360 15-df0xxx
drm/mediatek: Keep dsi as LP00 before dcs cmds transfer
drm/mediatek: Allow commands to be sent during video mode
drm/i915/dg1: Update DMC_DEBUG3 register
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
__follow_mount_rcu(): verify that mount_lock remains unchanged
Input: gscps2 - check return value of ioremap() in gscps2_probe()
posix-cpu-timers: Cleanup CPU timers before freeing them during exec
x86/olpc: fix 'logical not is only applied to the left hand side'
ftrace/x86: Add back ftrace_expected assignment
x86/bugs: Enable STIBP for IBPB mitigated RETBleed
scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
scsi: qla2xxx: Turn off multi-queue for 8G adapters
scsi: qla2xxx: Fix discovery issues in FC-AL topology
scsi: zfcp: Fix missing auto port scan and thus missing target ports
video: fbdev: s3fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: vt8623fb: Check the size of screen before memset_io()
x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y
sched: Fix the check of nr_running at queue wakelist
tools/thermal: Fix possible path truncations
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
x86/numa: Use cpumask_available instead of hardcoded NULL check
sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
scripts/faddr2line: Fix vmlinux detection on arm64
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
powerpc/pci: Fix PHB numbering when using opal-phbid
kprobes: Forbid probing on trampoline and BPF code areas
perf symbol: Fail to read phdr workaround
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
f2fs: write checkpoint during FG_GC
f2fs: don't set GC_FAILURE_PIN for background GC
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
ASoC: mchp-spdifrx: disable end of block interrupt on failures
video: fbdev: sis: fix typos in SiS_GetModeID()
video: fbdev: amba-clcd: Fix refcount leak bugs
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
ASoC: audio-graph-card: Add of_node_put() in fail path
fuse: Remove the control interface for virtio-fs
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format
s390/zcore: fix race when reading from hardware system area
s390/dump: fix old lowcore virtual vs physical address confusion
perf tools: Fix dso_id inode generation comparison
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
mfd: max77620: Fix refcount leak in max77620_initialise_fps
mfd: t7l66xb: Drop platform disable callback
remoteproc: sysmon: Wait for SSCTL service to come up
lib/smp_processor_id: fix imbalanced instrumentation_end() call
kfifo: fix kfifo_to_user() return type
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
iommu/exynos: Handle failed IOMMU device registration properly
tty: n_gsm: fix missing corner cases in gsmld_poll()
tty: n_gsm: fix DM command
tty: n_gsm: fix wrong T1 retry count handling
vfio/ccw: Do not change FSM state in subchannel event
vfio/mdev: Make to_mdev_device() into a static inline
vfio: Split creation of a vfio_device into init and register ops
vfio: Simplify the lifetime logic for vfio_device
vfio: Remove extra put/gets around vfio_device->group
remoteproc: qcom: wcnss: Fix handling of IRQs
ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe()
tty: n_gsm: fix race condition in gsmld_write()
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix non flow control frames during mux flow off
tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
tty: n_gsm: fix user open not possible at responder until initiator open
tty: n_gsm: Delete gsmtty open SABM frame when config requester
ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables
powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable
ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
profiling: fix shift too large makes kernel panic
selftests/livepatch: better synchronize test_klp_callbacks_busy
remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
rpmsg: mtk_rpmsg: Fix circular locking dependency
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
serial: 8250: Export ICR access helpers for internal use
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
ASoC: samsung: Fix error handling in aries_audio_probe
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
opp: Fix error check in dev_pm_opp_attach_genpd()
usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable()
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
null_blk: fix ida error handling in null_add_dev()
RDMA/rxe: Fix error unwind in rxe_create_qp()
RDMA/mlx5: Add missing check for return value in get namespace flow
selftests: kvm: set rax before vmcall
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
RDMA/srpt: Fix a use-after-free
RDMA/srpt: Introduce a reference count in struct srpt_device
RDMA/srpt: Duplicate port name members
platform/olpc: Fix uninitialized data in debugfs write
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
USB: serial: fix tty-port initialized comments
PCI: tegra194: Fix link up retry sequence
PCI: tegra194: Fix Root Port interrupt handling
HID: alps: Declare U1_UNICORN_LEGACY support
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
RDMA/hns: Fix incorrect clearing of interrupt status register
RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
RDMA/qedr: Improve error logs for rdma_alloc_tid error return
RDMA/rtrs-srv: Fix modinfo output for stringify
RDMA/rtrs: Avoid Wtautological-constant-out-of-range-compare
RDMA/rtrs: Define MIN_CHUNK_SIZE
um: random: Don't initialise hwrng struct with zero
interconnect: imx: fix max_node_id
eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
usb: dwc3: qcom: fix missing optional irq warnings
usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
usb: gadget: udc: amd5536 depends on HAS_DMA
xtensa: iss: fix handling error cases in iss_net_configure()
xtensa: iss/network: provide release() callback
scsi: smartpqi: Fix DMA direction for RAID requests
PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
KVM: s390: pv: leak the topmost page table when destroy fails
mmc: block: Add single read for 4k sector cards
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
memstick/ms_block: Fix a memory leak
memstick/ms_block: Fix some incorrect memory allocation
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
intel_th: msu: Fix vmalloced buffers
intel_th: msu-sink: Potential dereference of null pointer
intel_th: Fix a resource leak in an error handling path
PCI: endpoint: Don't stop controller when unbinding endpoint function
dmaengine: sf-pdma: Add multithread support for a DMA channel
dmaengine: sf-pdma: apply proper spinlock flags in sf_pdma_prep_dma_memcpy()
KVM: arm64: Don't return from void function
soundwire: bus_type: fix remove and shutdown support
PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
clk: qcom: ipq8074: fix NSS port frequency tables
clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
clk: qcom: ipq8074: fix NSS core PLL-s
usb: host: xhci: use snprintf() in xhci_decode_trb()
clk: qcom: clk-krait: unlock spin after mux completion
driver core: fix potential deadlock in __driver_attach
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
mwifiex: Ignore BTCOEX events from the 88W8897 firmware
KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
clk: mediatek: reset: Fix written reset bit offset
iio: accel: bma400: Reordering of header files
platform/chrome: cros_ec: Always expose last resume result
iio: accel: bma400: Fix the scale min and max macro values
netfilter: xtables: Bring SPDX identifier back
usb: xhci: tegra: Fix error check
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
fpga: altera-pr-ip: fix unsigned comparison with less than zero
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
mtd: partitions: Fix refcount leak in parse_redboot_of
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
mtd: rawnand: meson: Fix a potential double free issue
mtd: maps: Fix refcount leak in ap_flash_init
mtd: maps: Fix refcount leak in of_flash_probe_versatile
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
wireguard: allowedips: don't corrupt stack when detecting overflow
wireguard: ratelimiter: use hrtimer in selftest
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
net: ionic: fix error check for vlan flags in ionic_set_nic_features()
net: rose: fix netdev reference changes
netdevsim: Avoid allocation warnings triggered from user space
iavf: Fix max_rate limiting
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
crypto: hisilicon/sec - fix auth key size error
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version
media: cedrus: hevc: Add check for invalid timestamp
wifi: libertas: Fix possible refcount leak in if_usb_probe()
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
i2c: cadence: Support PEC for SMBus block read
Bluetooth: hci_intel: Add check for platform_driver_register
can: pch_can: pch_can_error(): initialize errc before using it
can: error: specify the values of data[5..7] of CAN error frames
can: usb_8dev: do not report txerr and rxerr during bus-off
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: pch_can: do not report txerr and rxerr during bus-off
selftests/bpf: fix a test for snprintf() overflow
wifi: p54: add missing parentheses in p54_flush()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
fs: check FMODE_LSEEK to control internal pipe splicing
bpf: Fix subprog names in stack traces.
selftests: timers: clocksource-switch: fix passing errors from child
selftests: timers: valid-adjtimex: build fix for newer toolchains
libbpf: Fix the name of a reused map
tcp: make retransmitted SKB fit into the send window
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
crypto: hisilicon/sec - don't sleep when in softirq
crypto: hisilicon/sec - fixes some coding style
drm/msm/mdp5: Fix global state lock backoff
net: hinic: avoid kernel hung in hinic_get_stats64()
net: hinic: fix bug that ethtool get wrong stats
hinic: Use the bitmap API when applicable
lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
lib: bitmap: order includes alphabetically
drm: bridge: sii8620: fix possible off-by-one
drm/mediatek: dpi: Only enable dpi after the bridge is enabled
drm/mediatek: dpi: Remove output format of YUV
drm/rockchip: Fix an error handling path rockchip_dp_probe()
drm/rockchip: vop: Don't crash for invalid duplicate_state()
selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
drm/vc4: hdmi: Fix timings for interlaced modes
drm/vc4: hdmi: Limit the BCM2711 to the max without scrambling
drm/vc4: hdmi: Don't access the connector state in reset if kmalloc fails
drm/vc4: hdmi: Avoid full hdmi audio fifo writes
drm/vc4: hdmi: Remove firmware logic for MAI threshold setting
drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration
drm/vc4: dsi: Fix dsi0 interrupt support
drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
drm/vc4: dsi: Introduce a variant structure
drm/vc4: dsi: Use snprintf for the PHY clocks instead of an array
drm/vc4: drv: Remove the DSI pointer in vc4_drv
drm/vc4: dsi: Correct pixel order for DSI0
drm/vc4: dsi: Correct DSI divider calculations
drm/vc4: plane: Fix margin calculations for the right/bottom edges
drm/vc4: plane: Remove subpixel positioning check
media: tw686x: Fix memory leak in tw686x_video_init
media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
media: hdpvr: fix error value returns in hdpvr_read
drm/mcde: Fix refcount leak in mcde_dsi_bind
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
crypto: ccp - During shutdown, check SEV data pointer before using
test_bpf: fix incorrect netdev features
drm/radeon: fix incorrrect SPDX-License-Identifiers
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
media: tw686x: Register the irq at the end of probe
crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs()
i2c: Fix a potential use after free
net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
crypto: sun8i-ss - fix error codes in allocate_flows()
crypto: sun8i-ss - do not allocate memory when handling hash requests
drm: adv7511: override i2c address of cec before accessing it
virtio-gpu: fix a missing check to avoid NULL dereference
i2c: npcm: Correct slave role behavior
i2c: npcm: Remove own slave addresses 2:10
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs
drm/mediatek: Modify dsi funcs to atomic operations
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
ath11k: Fix incorrect debug_mask mappings
drm/mipi-dbi: align max_chunk to 2 in spi_transfer
ath11k: fix netdev open race
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
drm/st7735r: Fix module autoloading for Okaya RH128128T
ath10k: do not enforce interrupt trigger type
drm/bridge: tc358767: Make sure Refclk clock are enabled
drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function
pwm: lpc18xx-sct: Convert to devm_platform_ioremap_resource()
pwm: sifive: Shut down hardware only after pwmchip_remove() completed
pwm: sifive: Ensure the clk is enabled exactly once per running PWM
pwm: sifive: Simplify offset calculation for PWMCMP registers
pwm: sifive: Don't check the return code of pwmchip_remove()
dm: return early from dm_pr_call() if DM device is suspended
thermal/tools/tmon: Include pthread and time headers in tmon.h
selftests/seccomp: Fix compile warning when CC=clang
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment
soc: qcom: Make QCOM_RPMPD depend on PM
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
blktrace: Trace remapped requests correctly
block: remove the request_queue to argument request based tracepoints
hwmon: (drivetemp) Add module alias
blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
erofs: avoid consecutive detection for Highmem memory
arm64: tegra: Fix SDMMC1 CD on P2888
arm64: dts: mt7622: fix BPI-R64 WPS button
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
soc: qcom: ocmem: Fix refcount leak in of_get_ocmem
ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
regulator: qcom_smd: Fix pm8916_pldo range
cpufreq: zynq: Fix refcount leak in zynq_get_revision
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
ARM: OMAP2+: Fix refcount leak in omapdss_init_of
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
block: fix infinite loop for invalid zone append
soc: fsl: guts: machine variable might be unset
locking/lockdep: Fix lockdep_init_map_*() confusion
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
hexagon: select ARCH_WANT_LD_ORPHAN_WARN
ARM: dts: ast2600-evb: fix board compatible
ARM: dts: ast2500-evb: fix board compatible
x86/pmem: Fix platform-device leak in error path
arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
Input: atmel_mxt_ts - fix up inverted RESET handler
ARM: dts: imx7d-colibri-emmc: add cpu1 supply
ACPI: processor/idle: Annotate more functions to live in cpuidle section
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
arm64: dts: renesas: beacon: Fix regulator node names
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
ARM: findbit: fix overflowing offset
spi: spi-rspi: Fix PIO fallback on RZ platforms
powerpc/64s: Disable stack variable initialisation for prom_init
selinux: Add boundary check in put_entry()
PM: hibernate: defer device probing when resuming from hibernation
firmware: tegra: Fix error check return value of debugfs_create_file()
ARM: shmobile: rcar-gen2: Increase refcount for new reference
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
arm64: dts: qcom: ipq8074: fix NAND node name
ACPI: LPSS: Fix missing check in register_device_clock()
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
ARM: OMAP2+: display: Fix refcount leak bug
spi: synquacer: Add missing clk_disable_unprepare()
ARM: dts: BCM5301X: Add DT for Meraki MR26
ARM: dts: imx6ul: fix qspi node compatible
ARM: dts: imx6ul: fix lcdif node compatible
ARM: dts: imx6ul: fix csi node compatible
ARM: dts: imx6ul: fix keypad compatible
ARM: dts: imx6ul: change operating-points to uint32-matrix
ARM: dts: imx6ul: add missing properties for sram
wait: Fix __wait_event_hrtimeout for RT/DL tasks
irqchip/mips-gic: Check the return value of ioremap() in gic_of_init()
genirq: GENERIC_IRQ_IPI depends on SMP
irqchip/mips-gic: Only register IPI domain when SMP is enabled
genirq: Don't return error on missing optional irq_request_resources()
ext2: Add more validity checks for inode counts
arm64: fix oops in concurrently setting insn_emulation sysctls
arm64: Do not forget syscall when starting a new thread.
x86: Handle idle=nomwait cmdline properly for x86_idle
epoll: autoremove wakers even more aggressively
netfilter: nf_tables: fix null deref due to zeroed list head
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
netfilter: nf_tables: do not allow SET_ID to refer to another table
lockdep: Allow tuning tracing capacity constants.
usb: dwc3: gadget: fix high speed multiplier setting
usb: dwc3: gadget: refactor dwc3_repare_one_trb
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
USB: HCD: Fix URB giveback issue in tasklet function
usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
coresight: Clear the connection field properly
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
powerpc/powernv: Avoid crashing if rng is NULL
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
PCI: Add defines for normal and subtractive PCI bridges
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator
md-raid10: fix KASAN warning
md-raid: destroy the bitmap after destroying the thread
serial: mvebu-uart: uart2 error bits clearing
fuse: limit nsec
scsi: qla2xxx: Zero undefined mailbox IN registers
scsi: qla2xxx: Fix incorrect display of max frame size
scsi: sg: Allow waiting for commands to complete on removed device
iio: light: isl29028: Fix the warning in isl29028_remove()
mtd: rawnand: arasan: Update NAND bus clock instead of system clock
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime
drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend()
drm/nouveau: fix another off-by-one in nvbios_addr
drm/vc4: hdmi: Disable audio if dmas property is present but empty
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
parisc: Check the return value of ioremap() in lba_driver_probe()
parisc: Fix device names in /proc/iomem
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
usbnet: Fix linkwatch use-after-free on disconnect
fbcon: Fix accelerated fbdev scrolling while logo is still shown
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
thermal: sysfs: Fix cooling_device_stats_setup() error code path
fs: Add missing umask strip in vfs_tmpfile
vfs: Check the truncate maximum size in inode_newsize_ok()
tty: vt: initialize unicode screen buffer
ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
ALSA: hda/realtek: Add quirk for another Asus K42JZ model
ALSA: hda/cirrus - support for iMac 12,1 model
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
mm/mremap: hold the rmap lock in write mode when moving page table entries.
xfs: fix I_DONTCACHE
xfs: only set IOMAP_F_SHARED when providing a srcmap to a write
mm: Add kvrealloc()
riscv: set default pm_power_off to NULL
KVM: x86: Tag kvm_mmu_x86_module_init() with __init
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
KVM: s390: pv: don't present the ecall interrupt twice
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
HID: wacom: Don't register pad_input for touch switch
HID: wacom: Only report rotation for art pen
add barriers to buffer_uptodate and set_buffer_uptodate
wifi: mac80211_hwsim: use 32-bit skb cookie
wifi: mac80211_hwsim: add back erroneously removed cast
wifi: mac80211_hwsim: fix race condition in pending packet
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
ALSA: hda/realtek: Add quirk for Clevo NV45PZ
ALSA: bcd2000: Fix a UAF bug on the error path of probing
scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
Makefile: link with -z noexecstack --no-warn-rwx-segments
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/arm/qcom.yaml
Documentation/devicetree/bindings/clock/qcom,gcc-msm8996.yaml
Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt
Documentation/devicetree/bindings/regulator/nxp,pca9450-regulator.yaml
drivers/interconnect/qcom/icc-rpmh.c
drivers/remoteproc/qcom_sysmon.c
drivers/rpmsg/qcom_glink_native.c
net/qrtr/qrtr.c
Change-Id: If4f77aa8e63e7847571d37c1ba947f235236afff
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
|
qctecmdr
|
7247a2a87f | Merge "net: qrtr: gunyah: Add bounds check in rx path" | ||
|
Sarannya S
|
32d9c3a2f2 |
net: qrtr: gunyah: Add bounds check on tx path
Add bounds check on values read from shared memory in the tx path. In cases where the VM is misbehaving, the qrtr gunyah transport should exit and print a warning when bogus values may cause out of bounds to be read. Change-Id: I73abb3994b90850ccfd8d41266e53eb4a38a62f6 Signed-off-by: Chris Lew <quic_clew@quicinc.com> Signed-off-by: Sarannya S <quic_sarannya@quicinc.com> |
||
|
qctecmdr
|
2319bccf54 |
Merge "Merge keystone/android12-5.10-keystone-qcom-release.136+ (897411a) into msm-5.10"
|
||
|
Srinivasarao Pathipati
|
f0e9702eed |
Merge keystone/android12-5.10-keystone-qcom-release.136+ (897411a) into msm-5.10
* refs/heads/tmp-897411a: ANDROID: dma-buf: don't re-purpose kobject as work_struct ANDROID: dma-buf: Fix build breakage with !CONFIG_DMABUF_SYSFS_STATS ANDROID: usb: gadget: uvc: remove duplicate code in unbind FROMGIT: mm/madvise: fix madvise_pageout for private file mappings ANDROID: arm64: mm: perform clean & invalidation in __dma_map_area BACKPORT: mm/page_alloc: always initialize memory map for the holes ANDROID: dma-buf: Add vendor hook for deferred dmabuf sysfs stats release ANDROID: dm-user: Remove bio recount in I/O path ANDROID: abi_gki_aarch64_qcom: Add wait_on_page_bit UPSTREAM: drm/meson: Fix overflow implicit truncation warnings UPSTREAM: irqchip/tegra: Fix overflow implicit truncation warnings UPSTREAM: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write UPSTREAM: irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling UPSTREAM: mm: kfence: fix missing objcg housekeeping for SLAB UPSTREAM: clk: Fix clk_hw_get_clk() when dev is NULL UPSTREAM: arm64: kasan: fix include error in MTE functions UPSTREAM: arm64: prevent instrumentation of bp hardening callbacks UPSTREAM: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() UPSTREAM: mm: fix use-after-free bug when mm->mmap is reused after being freed BACKPORT: vsprintf: Fix %pK with kptr_restrict == 0 UPSTREAM: net: preserve skb_end_offset() in skb_unclone_keeptruesize() BACKPORT: net: add skb_set_end_offset() helper UPSTREAM: arm64: Correct wrong label in macro __init_el2_gicv3 UPSTREAM: KVM: arm64: Stop handle_exit() from handling HVC twice when an SError occurs UPSTREAM: KVM: arm64: Avoid consuming a stale esr value when SError occur BACKPORT: arm64: Enable Cortex-A510 erratum 2051678 by default UPSTREAM: usb: typec: tcpm: Do not disconnect when receiving VSAFE0V UPSTREAM: usb: typec: tcpci: don't touch CC line if it's Vconn source UPSTREAM: dt-bindings: memory: mtk-smi: Correct minItems to 2 for the gals clocks BACKPORT: dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 BACKPORT: dt-bindings: memory: mtk-smi: Rename clock to clocks UPSTREAM: KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE UPSTREAM: block: fix async_depth sysfs interface for mq-deadline UPSTREAM: dma-buf: cma_heap: Fix mutex locking section UPSTREAM: scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() UPSTREAM: f2fs: include non-compressed blocks in compr_written_block UPSTREAM: kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS UPSTREAM: dma-buf: DMABUF_SYSFS_STATS should depend on DMA_SHARED_BUFFER UPSTREAM: mmflags.h: add missing __GFP_ZEROTAGS and __GFP_SKIP_KASAN_POISON names BACKPORT: scsi: ufs: Optimize serialization of setup_xfer_req() calls UPSTREAM: Kbuild: lto: fix module versionings mismatch in GNU make 3.X UPSTREAM: clk: versatile: Depend on HAS_IOMEM BACKPORT: arm64: meson: select COMMON_CLK UPSTREAM: kbuild: do not include include/config/auto.conf from adjust_autoksyms.sh UPSTREAM: inet: fully convert sk->sk_rx_dst to RCU rules ANDROID: Update symbol list for mtk FROMLIST: binder: fix UAF of alloc->vma in race with munmap() ANDROID: GKI: Update symbol list for mtk tablet projects UPSTREAM: af_key: Do not call xfrm_probe_algs in parallel UPSTREAM: mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() UPSTREAM: mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() FROMGIT: f2fs: let's avoid to get cp_rwsem twice by f2fs_evict_inode by d_invalidate ANDROID: abi_gki_aarch64_qcom: whitelist some vm symbols ANDROID: vendor_hook: skip trace_android_vh_page_trylock_set when ignore_references is true BACKPORT: ANDROID: dma-buf: Move sysfs work out of DMA-BUF export path UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response UPSTREAM: mac80211: mlme: find auth challenge directly UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON UPSTREAM: wifi: mac80211: fix crash in beacon protection for P2P-device UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs UPSTREAM: wifi: cfg80211: ensure length byte is present before access UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() ANDROID: GKI: Update symbols to symbol list ANDROID: sched: add restricted hooks to replace the former hooks ANDROID: GKI: Add symbol snd_pcm_stop_xrun ANDROID: ABI: update allowed list for galaxy ANDROID: GKI: Update symbols to symbol list UPSTREAM: dma-buf: ensure unique directory name for dmabuf stats UPSTREAM: dma-buf: call dma_buf_stats_setup after dmabuf is in valid list Conflicts: Documentation/devicetree/bindings Documentation/devicetree/bindings/memory-controllers/mediatek,smi-common.yaml Documentation/devicetree/bindings/memory-controllers/mediatek,smi-larb.yaml Change-Id: If8181c06536ceb430cde0826f557298b4ab648e7 Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com> |
||
|
Chris Lew
|
711797f614 |
net: qrtr: gunyah: Add bounds check in rx path
Validate the values read from shared memory in the receive path. In the case where a VM is misbehaving, the qrtr gunyah transport should return immediately and print a warning. Change-Id: I88ec702e3f6e90a3aadb77d5d817129817ad6bbd Signed-off-by: Chris Lew <quic_clew@quicinc.com> |
||
|
Greg Kroah-Hartman
|
9ef4727680 |
Merge tag 'android12-5.10.149_r00' into android12-5.10
This is the merge of the upstream LTS release of 5.10.149 into the android12-5.10 branch. It contains the following commits: |
||
|
Sarannya S
|
b150edebe3 |
net: qrtr: mhi: Do not free skb on EAGAIN error
When MHI layer returns -EAGAIN to mhi_qrtr_send, do not free skb as it would lead to use-after-free of sk_buff when the message is retransmitted again. Change-Id: I8c117c4b5303b6ea158f47c46edf5501237fc8a4 Signed-off-by: Sarannya S <quic_sarannya@quicinc.com> |
||
|
Sarannya S
|
b984f1b22d |
net: qrtr: mhi: Retry mhi_qrtr send on error
On getting an EAGAIN error from MHI, add a retry to retransmit the message again. Change-Id: I8e1c75bec7fdd0871dd92e14f640cab19c7f0985 Signed-off-by: Sarannya S <quic_sarannya@quicinc.com> |
||
|
qctecmdr
|
a432f6e333 |
Merge "Merge keystone/android12-5.10-keystone-qcom-release.136+ (3593700) into msm-5.10"
|
||
|
Sivasri Kumar, Vanka
|
25b8343bd4 |
Merge keystone/android12-5.10-keystone-qcom-release.136+ (3593700) into msm-5.10
* refs/heads/tmp-3593700c:
ANDROID: abi_gki_aarch64_qcom: Add wait_on_page_bit
FROMLIST: binder: fix UAF of alloc->vma in race with munmap()
UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free
UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response
UPSTREAM: mac80211: mlme: find auth challenge directly
UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
UPSTREAM: wifi: mac80211: fix crash in beacon protection for P2P-device
UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption
UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs
UPSTREAM: wifi: cfg80211: ensure length byte is present before access
UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements
UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
UPSTREAM: psi: Fix psi state corruption when schedule() races with cgroup move
ANDROID: GKI: Update symbol list for mtk AIoT projects
UPSTREAM: psi: Fix psi state corruption when schedule() races with cgroup move
BACKPORT: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
BACKPORT: mm: don't be stuck to rmap lock on reclaim path
Revert "firmware_loader: use kernel credentials when reading firmware"
Revert "firmware_loader: use kernel credentials when reading firmware"
UPSTREAM: crypto: jitter - add oversampling of noise source
ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS
FROMGIT: f2fs: support recording stop_checkpoint reason into super_block
UPSTREAM: wifi: mac80211_hwsim: use 32-bit skb cookie
UPSTREAM: wifi: mac80211_hwsim: add back erroneously removed cast
UPSTREAM: wifi: mac80211_hwsim: fix race condition in pending packet
ANDROID: abi_gki_aarch64_qcom: Add android_vh_madvise_cold_or_pageout
ANDROID: force struct page_vma_mapped_walk to be defined in KMI
ANDROID: vendor_hooks: Allow shared pages reclaim via MADV_PAGEOUT
UPSTREAM: usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
ANDROID: GKI: Update symbols to symbol list
ANDROID: make sure all types for hooks are defined in KMI
ANDROID: force struct selinux_state to be defined in KMI
BACKPORT: erofs: fix use-after-free of on-stack io[]
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hook: rename the the name of hooks
ANDROID: ABI: Add extcon_get_property_capability symbol
Revert "ANDROID: arm64: debug-monitors: export break hook APIs"
Revert "ANDROID: vendor_hooks:vendor hook for __alloc_pages_slowpath."
Revert "ANDROID: Export functions to be used with dma_map_ops in modules"
FROMLIST: f2fs: let FI_OPU_WRITE override FADVISE_COLD_BIT
ANDROID: remove unused xhci_get_endpoint_address export
ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hooks: Add hooks for lookaround
Revert "Revert "ANDROID: add for tuning readahead size""
ANDROID: transsion: Update the ABI xml and symbol list
ANDROID: vendor_hooks: Add hooks for lookaround
BACKPORT: dm verity: set DM_TARGET_IMMUTABLE feature flag
BACKPORT: pipe: Fix missing lock in pipe_resize_ring()
BACKPORT: KVM: x86: avoid calling x86 emulator without a decoded instruction
ANDROID: GKI: add symbols in android/abi_gki_aarch64_oplus
BACKPORT: watchqueue: make sure to serialize 'wqueue->defunct' properly
ANDROID: GKI: Update symbol list for Exynos SoC
Linux 5.10.136
x86/speculation: Add LFENCE to RSB fill sequence
x86/speculation: Add RSB VM Exit protections
macintosh/adb: fix oob read in do_adb_query() function
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
Bluetooth: btusb: Add support of IMC Networks PID 0x3568
Bluetooth: hci_bcm: Add DT compatible for CYW55572
Bluetooth: hci_bcm: Add BCM4349B1 variant
selftests: KVM: Handle compiler optimizations in ucall
tools/kvm_stat: fix display of error when multiple processes are found
crypto: arm64/poly1305 - fix a read out-of-bound
ACPI: APEI: Better fix to avoid spamming the console with old error logs
ACPI: video: Shortening quirk list by identifying Clevo by board_name only
ACPI: video: Force backlight native for some TongFang devices
tun: avoid double free in tun_free_netdev
selftests/bpf: Check dst_port only on the client socket
selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
x86/speculation: Make all RETbleed mitigations 64-bit only
Linux 5.10.135
selftests: bpf: Don't run sk_lookup in verifier tests
bpf: Add PROG_TEST_RUN support for sk_lookup programs
bpf: Consolidate shared test timing code
x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
xfs: Enforce attr3 buffer recovery order
xfs: logging the on disk inode LSN can make it go backwards
xfs: remove dead stale buf unpin handling code
xfs: hold buffer across unpin and potential shutdown processing
xfs: force the log offline when log intent item recovery fails
xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
xfs: prevent UAF in xfs_log_item_in_current_chkpt
xfs: xfs_log_force_lsn isn't passed a LSN
xfs: refactor xfs_file_fsync
docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed
EDAC/ghes: Set the DIMM label unconditionally
ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
page_alloc: fix invalid watermark check on a negative value
ARM: crypto: comment out gcc warning that breaks clang builds
sctp: leave the err path free in sctp_stream_init to sctp_stream_free
sfc: disable softirqs for ptp TX
perf symbol: Correct address for bss symbols
virtio-net: fix the race between refill work and close
netfilter: nf_queue: do not allow packet truncation below transport header offset
sctp: fix sleep in atomic context bug in timer handlers
i40e: Fix interface init with MSI interrupts (no MSI-X)
tcp: Fix data-races around sysctl_tcp_reflect_tos.
tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa()
macsec: always read MACSEC_SA_ATTR_PN as a u64
macsec: limit replay window size with XPN
macsec: fix error message in macsec_add_rxsa and _txsa
macsec: fix NULL deref in macsec_add_rxsa
Documentation: fix sctp_wmem in ip-sysctl.rst
tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
tcp: Fix a data-race around sysctl_tcp_autocorking.
tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
igmp: Fix data-races around sysctl_igmp_qrv.
net/tls: Remove the context from the list in tls_device_down
ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
net: ping6: Fix memleak in ipv6_renew_options().
tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
Revert "tcp: change pingpong threshold to 3"
scsi: ufs: host: Hold reference returned by of_parse_phandle()
ice: do not setup vlan for loopback VSI
ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
tcp: Fix a data-race around sysctl_tcp_nometrics_save.
tcp: Fix a data-race around sysctl_tcp_frto.
tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
tcp: Fix a data-race around sysctl_tcp_app_win.
tcp: Fix data-races around sysctl_tcp_dsack.
watch_queue: Fix missing locking in add_watch_to_object()
watch_queue: Fix missing rcu annotation
nouveau/svm: Fix to migrate all requested pages
s390/archrandom: prevent CPACF trng invocations in interrupt context
ntfs: fix use-after-free in ntfs_ucsncmp()
Revert "ocfs2: mount shared volume without ha stack"
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
ANDROID: fix up 5.10.132 merge with the virtio_mmio.c driver
Linux 5.10.134
watch-queue: remove spurious double semicolon
net: usb: ax88179_178a needs FLAG_SEND_ZLP
tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
tty: drop tty_schedule_flip()
tty: the rest, stop using tty_schedule_flip()
tty: drivers/tty/, stop using tty_schedule_flip()
watchqueue: make sure to serialize 'wqueue->defunct' properly
x86/alternative: Report missing return thunk details
x86/amd: Use IBPB for firmware calls
Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
Bluetooth: SCO: Fix sco_send_frame returning skb->len
Bluetooth: Fix passing NULL to PTR_ERR
Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
Bluetooth: Add bt_skb_sendmmsg helper
Bluetooth: Add bt_skb_sendmsg helper
ALSA: memalloc: Align buffer allocations in page size
bitfield.h: Fix "type of reg too small for mask" test
drm/imx/dcss: fix unused but set variable warnings
dlm: fix pending remove if msg allocation fails
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
sched/deadline: Fix BUG_ON condition for deboosted tasks
bpf: Make sure mac_header was set before using it
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
KVM: Don't null dereference ops->destroy
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
tcp: Fix data-races around sysctl_tcp_max_reordering.
tcp: Fix a data-race around sysctl_tcp_rfc1337.
tcp: Fix a data-race around sysctl_tcp_stdurg.
tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
tcp: Fix data-races around sysctl_tcp_recovery.
tcp: Fix a data-race around sysctl_tcp_early_retrans.
tcp: Fix data-races around sysctl knobs related to SYN option.
udp: Fix a data-race around sysctl_udp_l3mdev_accept.
ip: Fix data-races around sysctl_ip_prot_sock.
ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
drm/imx/dcss: Add missing of_node_put() in fail path
be2net: Fix buffer overflow in be_get_module_eeprom
gpio: pca953x: use the correct register address when regcache sync during init
gpio: pca953x: use the correct range when do regmap sync
gpio: pca953x: only use single read/write for No AI mode
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
i40e: Fix erroneous adapter reinitialization during recovery process
iavf: Fix handling of dummy receive descriptors
tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
tcp: Fix data-races around sysctl_tcp_fastopen.
tcp: Fix data-races around sysctl_max_syn_backlog.
tcp: Fix a data-race around sysctl_tcp_tw_reuse.
tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
tcp: Fix data-races around some timeout sysctl knobs.
tcp: Fix data-races around sysctl_tcp_reordering.
tcp: Fix data-races around sysctl_tcp_syncookies.
tcp: Fix data-races around keepalive sysctl knobs.
igmp: Fix data-races around sysctl_igmp_max_msf.
igmp: Fix a data-race around sysctl_igmp_max_memberships.
igmp: Fix data-races around sysctl_igmp_llm_reports.
net/tls: Fix race in TLS device down flow
net: stmmac: fix dma queue left shift overflow issue
i2c: cadence: Change large transfer count reset logic to be unconditional
net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
tcp: Fix a data-race around sysctl_tcp_probe_interval.
tcp: Fix a data-race around sysctl_tcp_probe_threshold.
tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
tcp: Fix data-races around sysctl_tcp_min_snd_mss.
tcp: Fix data-races around sysctl_tcp_base_mss.
tcp: Fix data-races around sysctl_tcp_mtu_probing.
tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
ip: Fix a data-race around sysctl_fwmark_reflect.
ip: Fix a data-race around sysctl_ip_autobind_reuse.
ip: Fix data-races around sysctl_ip_nonlocal_bind.
ip: Fix data-races around sysctl_ip_fwd_update_priority.
ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
ip: Fix data-races around sysctl_ip_no_pmtu_disc.
igc: Reinstate IGC_REMOVED logic and implement it properly
drm/amdgpu/display: add quirk handling for stutter mode
perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
pinctrl: ralink: Check for null return of devm_kcalloc
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
serial: mvebu-uart: correctly report configured baudrate value
PCI: hv: Fix interrupt mapping for multi-MSI
PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
PCI: hv: Fix multi-MSI to allow more than one MSI vector
Revert "m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch"
net: inline rollback_registered_many()
net: move rollback_registered_many()
net: inline rollback_registered()
net: move net_set_todo inside rollback_registered()
net: make sure devices go through netdev_wait_all_refs
net: make free_netdev() more lenient with unregistering devices
docs: net: explain struct net_device lifetime
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
io_uring: Use original task for req identity in io_identity_cow()
lockdown: Fix kexec lockdown bypass with ima policy
mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
riscv: add as-options for modules with assembly compontents
pinctrl: stm32: fix optional IRQ support to gpios
Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration"
Revert "drm: fix EDID struct for old ARM OABI format"
Revert "mailbox: forward the hrtimer if not queued and under a lock"
Revert "Fonts: Make font size unsigned in font_desc"
Revert "parisc/stifb: Keep track of hardware path of graphics card"
Revert "Bluetooth: Interleave with allowlist scan"
Revert "Bluetooth: use inclusive language when filtering devices"
Revert "Bluetooth: use hdev lock for accept_list and reject_list in conn req"
Revert "thermal/drivers/core: Use a char pointer for the cooling device name"
Revert "thermal/core: Fix memory leak in __thermal_cooling_device_register()"
Revert "thermal/core: fix a UAF bug in __thermal_cooling_device_register()"
Revert "thermal/core: Fix memory leak in the error path"
Revert "ALSA: jack: Access input_dev under mutex"
Revert "gpiolib: of: Introduce hook for missing gpio-ranges"
Revert "pinctrl: bcm2835: implement hook for missing gpio-ranges"
Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
Revert "ext4: verify dir block before splitting it"
Linux 5.10.133
tools headers: Remove broken definition of __LITTLE_ENDIAN
tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' - again
objtool: Fix elf_create_undef_symbol() endianness
kvm: fix objtool relocation warning
x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
um: Add missing apply_returns()
x86/bugs: Remove apostrophe typo
tools headers cpufeatures: Sync with the kernel sources
tools arch x86: Sync the msr-index.h copy with the kernel sources
KVM: emulate: do not adjust size of fastop and setcc subroutines
x86/kvm: fix FASTOP_SIZE when return thunks are enabled
efi/x86: use naked RET on mixed mode call wrapper
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
x86/ftrace: Add UNWIND_HINT_FUNC annotation for ftrace_stub
x86/xen: Fix initialisation in hypercall_page after rethunk
x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
tools/insn: Restore the relative include paths for cross building
x86/static_call: Serialize __static_call_fixup() properly
x86/speculation: Disable RRSBA behavior
x86/kexec: Disable RET on kexec
x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/retbleed: Add fine grained Kconfig knobs
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
KVM: VMX: Convert launched argument to flags
KVM: VMX: Flatten __vmx_vcpu_run()
objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/cpu/amd: Add Spectral Chicken
objtool: Add entry UNRET validation
x86/bugs: Do IBPB fallback check only once
x86/bugs: Add retbleed=ibpb
x86/xen: Rename SYS* entry points
objtool: Update Retpoline validation
intel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Enable STIBP for JMP2RET
x86/bugs: Add AMD retbleed= boot parameter
x86/bugs: Report AMD retbleed vulnerability
x86: Add magic AMD return-thunk
objtool: Treat .text.__x86.* as noinstr
x86: Use return-thunk in asm code
x86/sev: Avoid using __x86_return_thunk
x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
x86/kvm: Fix SETcc emulation for return thunks
x86/bpf: Use alternative RET encoding
x86/ftrace: Use alternative RET encoding
x86,static_call: Use alternative RET encoding
objtool: skip non-text sections when adding return-thunk sites
x86,objtool: Create .return_sites
x86: Undo return-thunk damage
x86/retpoline: Use -mfunction-return
Makefile: Set retpoline cflags based on CONFIG_CC_IS_{CLANG,GCC}
x86/retpoline: Swizzle retpoline thunk
x86/retpoline: Cleanup some #ifdefery
x86/cpufeatures: Move RETPOLINE flags to word 11
x86/kvm/vmx: Make noinstr clean
x86/realmode: build with -D__DISABLE_EXPORTS
objtool: Fix objtool regression on x32 systems
x86/entry: Remove skip_r11rcx
objtool: Fix symbol creation
objtool: Fix type of reloc::addend
objtool: Fix code relocs vs weak symbols
objtool: Fix SLS validation for kcov tail-call replacement
crypto: x86/poly1305 - Fixup SLS
objtool: Default ignore INT3 for unreachable
kvm/emulate: Fix SETcc emulation function offsets with SLS
tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy'
x86: Add straight-line-speculation mitigation
objtool: Add straight-line-speculation validation
x86/alternative: Relax text_poke_bp() constraint
x86: Prepare inline-asm for straight-line-speculation
x86: Prepare asm files for straight-line-speculation
x86/lib/atomic64_386_32: Rename things
bpf,x86: Respect X86_FEATURE_RETPOLINE*
bpf,x86: Simplify computing label offsets
x86/alternative: Add debug prints to apply_retpolines()
x86/alternative: Try inline spectre_v2=retpoline,amd
x86/alternative: Handle Jcc __x86_indirect_thunk_\reg
x86/alternative: Implement .retpoline_sites support
x86/retpoline: Create a retpoline thunk array
x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h
x86/asm: Fixup odd GEN-for-each-reg.h usage
x86/asm: Fix register order
x86/retpoline: Remove unused replacement symbols
objtool,x86: Replace alternatives with .retpoline_sites
objtool: Explicitly avoid self modifying code in .altinstr_replacement
objtool: Classify symbols
objtool: Handle __sanitize_cov*() tail calls
objtool: Introduce CFI hash
objtool: Make .altinstructions section entry size consistent
objtool: Remove reloc symbol type checks in get_alt_entry()
objtool: print out the symbol type when complaining about it
objtool: Teach get_alt_entry() about more relocation types
objtool: Don't make .altinstructions writable
objtool/x86: Ignore __x86_indirect_alt_* symbols
objtool: Only rewrite unconditional retpoline thunk calls
objtool: Fix .symtab_shndx handling for elf_create_undef_symbol()
x86/alternative: Optimize single-byte NOPs at an arbitrary position
objtool: Support asm jump tables
objtool/x86: Rewrite retpoline thunk calls
objtool: Skip magical retpoline .altinstr_replacement
objtool: Cache instruction relocs
objtool: Keep track of retpoline call sites
objtool: Add elf_create_undef_symbol()
objtool: Extract elf_symbol_add()
objtool: Extract elf_strtab_concat()
objtool: Create reloc sections implicitly
objtool: Add elf_create_reloc() helper
objtool: Rework the elf_rebuild_reloc_section() logic
objtool: Handle per arch retpoline naming
objtool: Correctly handle retpoline thunk calls
x86/retpoline: Simplify retpolines
x86/alternatives: Optimize optimize_nops()
x86: Add insn_decode_kernel()
x86/alternative: Use insn_decode()
x86/insn-eval: Handle return values from the decoder
x86/insn: Add an insn_decode() API
x86/insn: Add a __ignore_sync_check__ marker
x86/insn: Rename insn_decode() to insn_decode_from_regs()
x86/alternative: Use ALTERNATIVE_TERNARY() in _static_cpu_has()
x86/alternative: Support ALTERNATIVE_TERNARY
x86/alternative: Support not-feature
x86/alternative: Merge include files
x86/xen: Support objtool vmlinux.o validation in xen-head.S
x86/xen: Support objtool validation in xen-asm.S
objtool: Combine UNWIND_HINT_RET_OFFSET and UNWIND_HINT_FUNC
objtool: Assume only ELF functions do sibling calls
objtool: Support retpoline jump detection for vmlinux.o
objtool: Support stack layout changes in alternatives
objtool: Add 'alt_group' struct
objtool: Refactor ORC section generation
KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
Linux 5.10.132
x86/pat: Fix x86_has_pat_wp()
serial: 8250: Fix PM usage_count for console handover
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
serial: stm32: Clear prev values before setting RTS delays
serial: 8250: fix return error code in serial8250_request_std_resource()
vt: fix memory overlapping when deleting chars in the buffer
tty: serial: samsung_tty: set dma burst_size to 1
usb: dwc3: gadget: Fix event pending check
usb: typec: add missing uevent when partner support PD
USB: serial: ftdi_sio: add Belimo device ids
signal handling: don't use BUG_ON() for debugging
nvme-pci: phison e16 has bogus namespace ids
Revert "can: xilinx_can: Limit CANFD brp to 2"
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
soc: ixp4xx/npe: Fix unused match warning
x86: Clear .brk area at early boot
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
ASoC: madera: Fix event generation for rate controls
ASoC: madera: Fix event generation for OUT1 demux
ASoC: cs47l15: Fix event generation for low power mux control
ASoC: dapm: Initialise kcontrol data for mux/demux controls
ASoC: wm5110: Fix DRE control
ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
ASoC: ops: Fix off by one in range control validation
net: sfp: fix memory leak in sfp_probe()
nvme: fix regression when disconnect a recovering ctrl
nvme-tcp: always fail a request when sending it failed
NFC: nxp-nci: don't print header length mismatch on i2c error
net: tipc: fix possible refcount leak in tipc_sk_create()
platform/x86: hp-wmi: Ignore Sanitization Mode event
cpufreq: pmac32-cpufreq: Fix refcount leak bug
scsi: hisi_sas: Limit max hw sectors for v3 HW
netfilter: br_netfilter: do not skip all hooks with 0 priority
virtio_mmio: Restore guest page size on resume
virtio_mmio: Add missing PM calls to freeze/restore
mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
net/tls: Check for errors in tls_device_init
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
net: atlantic: remove aq_nic_deinit() when resume
net: atlantic: remove deep parameter on suspend/resume functions
sfc: fix kernel panic when creating VF
seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
seg6: fix skb checksum evaluation in SRH encapsulation/insertion
sfc: fix use after free when disabling sriov
ima: Fix potential memory leak in ima_init_crypto()
ima: force signature verification when CONFIG_KEXEC_SIG is configured
net: ftgmac100: Hold reference returned by of_get_child_by_name()
nexthop: Fix data-races around nexthop_compat_mode.
ipv4: Fix data-races around sysctl_ip_dynaddr.
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
icmp: Fix a data-race around sysctl_icmp_ratemask.
icmp: Fix a data-race around sysctl_icmp_ratelimit.
sysctl: Fix data-races in proc_dointvec_ms_jiffies().
drm/i915/gt: Serialize TLB invalidates with GT resets
drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
ARM: dts: at91: sama5d2: Fix typo in i2s1 node
ipv4: Fix a data-race around sysctl_fib_sync_mem.
icmp: Fix data-races around sysctl.
cipso: Fix data-races around sysctl.
net: Fix data-races around sysctl_mem.
inetpeer: Fix data-races around sysctl.
tcp: Fix a data-race around sysctl_tcp_max_orphans.
sysctl: Fix data races in proc_dointvec_jiffies().
sysctl: Fix data races in proc_doulongvec_minmax().
sysctl: Fix data races in proc_douintvec_minmax().
sysctl: Fix data races in proc_dointvec_minmax().
sysctl: Fix data races in proc_douintvec().
sysctl: Fix data races in proc_dointvec().
net: stmmac: dwc-qos: Disable split header for Tegra194
ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
ASoC: tas2764: Fix amp gain register offset & default
ASoC: tas2764: Correct playback volume range
ASoC: tas2764: Fix and extend FSYNC polarity handling
ASoC: tas2764: Add post reset delays
ASoC: sgtl5000: Fix noise on shutdown/remove
ima: Fix a potential integer overflow in ima_appraise_measurement
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
net/mlx5e: Fix capability check for updating vnic env counters
net/mlx5e: kTLS, Fix build time constant test in RX
net/mlx5e: kTLS, Fix build time constant test in TX
ARM: 9210/1: Mark the FDT_FIXED sections as shareable
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
spi: amd: Limit max transfer and message size
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
ext4: fix race condition between ext4_write and ext4_convert_inline_data
Revert "evm: Fix memleak in init_desc"
sh: convert nommu io{re,un}map() to static inline functions
nilfs2: fix incorrect masking of permission flags for symlinks
fs/remap: constrain dedupe of EOF blocks
drm/panfrost: Fix shrinker list corruption by madvise IOCTL
drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error
btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents
cgroup: Use separate src/dst nodes when preloading css_sets for migration
wifi: mac80211: fix queue selection for mesh/OCB interfaces
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
ARM: 9213/1: Print message about disabled Spectre workarounds only once
ip: fix dflt addr selection for connected nexthop
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
tracing/histograms: Fix memory leak problem
mm: split huge PUD on wp_huge_pud fallback
fix race between exit_itimers() and /proc/pid/timers
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ALSA: hda/realtek: Fix headset mic for Acer SF313-51
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
ALSA: hda - Add fixup for Dell Latitidue E5430
Linux 5.10.131
Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"
ANDROID: random: fix CRC issues with the merge
ANDROID: change function signatures for some random functions.
ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps
ANDROID: random: add back removed callback functions
UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
UPSTREAM: lib/crypto: add prompts back to crypto libraries
Linux 5.10.130
dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
dmaengine: pl330: Fix lockdep warning about non-static key
ida: don't use BUG_ON() for debugging
dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
misc: rtsx_usb: set return value in rsp_buf alloc err path
misc: rtsx_usb: use separate command and response buffers
misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
i2c: cadence: Unregister the clk notifier in error path
r8169: fix accessing unset transport header
selftests: forwarding: fix error message in learning_test
selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
ibmvnic: Properly dispose of all skbs during a failover.
i40e: Fix dropped jumbo frames statistics
xsk: Clear page contiguity bit when unmapping pool
ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
ARM: at91: pm: use proper compatible for sama5d2's rtc
arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
pinctrl: sunxi: sunxi_pconf_set: use correct offset
arm64: dts: imx8mp-evk: correct I2C3 pad settings
arm64: dts: imx8mp-evk: correct gpio-led pad settings
arm64: dts: imx8mp-evk: correct the uart2 pinctl value
arm64: dts: imx8mp-evk: correct mmc pad settings
arm64: dts: qcom: msm8994: Fix CPU6/7 reg values
pinctrl: sunxi: a83t: Fix NAND function name for some pins
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
xfs: remove incorrect ASSERT in xfs_rename
can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
powerpc/powernv: delay rng platform device creation until later in boot
video: of_display_timing.h: include errno.h
memregion: Fix memregion_free() fallback definition
PM: runtime: Redefine pm_runtime_release_supplier()
fbcon: Prevent that screen size is smaller than font size
fbcon: Disallow setting font bigger than screen size
fbmem: Check virtual screen sizes in fb_set_var()
fbdev: fbmem: Fix logo center image dx issue
iommu/vt-d: Fix PCI bus rescan device hot add
netfilter: nf_tables: stricter validation of element data
netfilter: nft_set_pipapo: release elements in clone from abort path
net: rose: fix UAF bug caused by rose_t0timer_expiry
usbnet: fix memory leak in error case
bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
can: gs_usb: gs_usb_open/close(): fix memory leak
can: grcan: grcan_probe(): remove extra of_node_get()
can: bcm: use call_rcu() instead of costly synchronize_rcu()
ALSA: hda/realtek: Add quirk for Clevo L140PU
mm/slub: add missing TID updates on slab deactivation
Linux 5.10.129
clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup()
net: usb: qmi_wwan: add Telit 0x1070 composition
net: usb: qmi_wwan: add Telit 0x1060 composition
xen/arm: Fix race in RB-tree based P2M accounting
xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()
xen/blkfront: force data bouncing when backend is untrusted
xen/netfront: force data bouncing when backend is untrusted
xen/netfront: fix leaking data in shared pages
xen/blkfront: fix leaking data in shared pages
selftests/rseq: Change type of rseq_offset to ptrdiff_t
selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area
selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area
selftests/rseq: Fix: work-around asm goto compiler bugs
selftests/rseq: Remove arm/mips asm goto compiler work-around
selftests/rseq: Fix warnings about #if checks of undefined tokens
selftests/rseq: Fix ppc32 offsets by using long rather than off_t
selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store
selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
selftests/rseq: Introduce thread pointer getters
selftests/rseq: Introduce rseq_get_abi() helper
selftests/rseq: Remove volatile from __rseq_abi
selftests/rseq: Remove useless assignment to cpu variable
selftests/rseq: introduce own copy of rseq uapi header
selftests/rseq: remove ARRAY_SIZE define from individual tests
hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
ipv6/sit: fix ipip6_tunnel_get_prl return value
sit: use min
drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
xen/gntdev: Avoid blocking in unmap_grant_pages()
tcp: add a missing nf_reset_ct() in 3WHS handling
xfs: fix xfs_reflink_unshare usage of filemap_write_and_wait_range
xfs: update superblock counters correctly for !lazysbcount
xfs: fix xfs_trans slab cache name
xfs: ensure xfs_errortag_random_default matches XFS_ERRTAG_MAX
xfs: Skip repetitive warnings about mount options
xfs: rename variable mp to parsing_mp
xfs: use current->journal_info for detecting transaction recursion
net: tun: avoid disabling NAPI twice
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio
epic100: fix use after free on rmmod
tipc: move bc link creation back to tipc_node_create
NFC: nxp-nci: Don't issue a zero length i2c_master_read()
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
net: bonding: fix use-after-free after 802.3ad slave unbind
net: bonding: fix possible NULL deref in rlb code
net/sched: act_api: Notify user space if any actions were flushed before error
netfilter: nft_dynset: restore set element counter when failing to update
s390: remove unneeded 'select BUILD_BIN2C'
PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
caif_virtio: fix race between virtio_device_ready() and ndo_open()
NFSD: restore EINVAL error translation in nfsd_commit()
net: ipv6: unexport __init-annotated seg6_hmac_net_init()
usbnet: fix memory allocation in helpers
linux/dim: Fix divide by 0 in RDMA DIM
RDMA/cm: Fix memory leak in ib_cm_insert_listen
RDMA/qedr: Fix reporting QP timeout attribute
net: dp83822: disable rx error interrupt
net: dp83822: disable false carrier interrupt
net: tun: stop NAPI when detaching queues
net: tun: unlink NAPI from device on destruction
net: dsa: bcm_sf2: force pause link settings
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
virtio-net: fix race between ndo_open() and virtio_device_ready()
net: usb: ax88179_178a: Fix packet receiving
net: rose: fix UAF bugs caused by timer handler
SUNRPC: Fix READ_PLUS crasher
s390/archrandom: simplify back to earlier design and initialize earlier
dm raid: fix KASAN warning in raid5_add_disks
dm raid: fix accesses beyond end of raid member array
powerpc/bpf: Fix use of user_pt_regs in uapi
powerpc/book3e: Fix PUD allocation size in map_kernel_page()
powerpc/prom_init: Fix kernel config grep
nvdimm: Fix badblocks clear off-by-one error
nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G)
ipv6: take care of disable_policy when restoring routes
drm/amdgpu: To flush tlb for MMHUB of RAVEN series
Linux 5.10.128
net: mscc: ocelot: allow unregistered IP multicast flooding
powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
xfs: check sb_meta_uuid for dabuf buffer recovery
xfs: remove all COW fork extents when remounting readonly
xfs: Fix the free logic of state in xfs_attr_node_hasname
xfs: punch out data fork delalloc blocks on COW writeback failure
xfs: use kmem_cache_free() for kmem_cache objects
bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init()
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
drm: remove drm_fb_helper_modinit
MAINTAINERS: add Amir as xfs maintainer for 5.10.y
Linux 5.10.127
powerpc/pseries: wire up rng during setup_arch()
kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
random: update comment from copy_to_user() -> copy_to_iter()
modpost: fix section mismatch check for exported init/exit sections
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings
ARM: Fix refcount leak in axxia_boot_secondary
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node
powerpc/powernv: wire up rng during setup_arch
powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
powerpc: Enable execve syscall exit tracepoint
parisc: Enable ARCH_HAS_STRICT_MODULE_RWX
parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client
iio: adc: axp288: Override TS pin bias current for some models
iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message
iio: adc: stm32: Fix ADCs iteration in irq handler
iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value)
iio: adc: stm32: fix maximum clock rate for stm32mp15x
iio: trigger: sysfs: fix use-after-free on remove
iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:mxc4005: rearrange iio trigger get and register
iio:accel:bma180: rearrange iio trigger get and register
iio:chemical:ccs811: rearrange iio trigger get and register
f2fs: attach inline_data after setting compression
usb: chipidea: udc: check request status before setting device address
USB: gadget: Fix double-free bug in raw_gadget driver
usb: gadget: Fix non-unique driver names in raw-gadget driver
xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI
xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI
xhci: turn off port power in shutdown
usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC
iio: adc: vf610: fix conversion mode sysfs node name
iio: mma8452: fix probe fail when device tree compatible is used.
s390/cpumf: Handle events cycles and instructions identical
gpio: winbond: Fix error code in winbond_gpio_get()
nvme: move the Samsung X5 quirk entry to the core quirks
nvme-pci: add NO APST quirk for Kioxia device
nvme-pci: allocate nvme_command within driver pdu
nvme: don't check nvme_req flags for new req
nvme: mark nvme_setup_passsthru() inline
nvme: split nvme_alloc_request()
nvme: centralize setting the timeout in nvme_alloc_request
Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
virtio_net: fix xdp_rxq_info bug after suspend/resume
igb: Make DMA faster when CPU is active on the PCIe link
regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
ice: ethtool: advertise 1000M speeds properly
afs: Fix dynamic root getattr
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh
udmabuf: add back sanity check
net/tls: fix tls_sk_proto_close executed repeatedly
erspan: do not assume transport header is always set
drm/msm/dp: fix connect/disconnect handled at irq_hpd
drm/msm/dp: promote irq_hpd handle to handle link training correctly
drm/msm/dp: deinitialize mainlink if link training failed
drm/msm/dp: fixes wrong connection state caused by failure of link train
drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind()
drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
igb: fix a use-after-free issue in igb_clean_tx_ring
tipc: fix use-after-free Read in tipc_named_reinit
tipc: simplify the finalize work queue
phy: aquantia: Fix AN when higher speeds than 1G are not advertised
bpf, x86: Fix tail call count offset calculation on bpf2bpf call
drm/sun4i: Fix crash during suspend after component bind failure
bpf: Fix request_sock leak in sk lookup helpers
drm/msm: use for_each_sgtable_sg to iterate over scatterlist
scsi: scsi_debug: Fix zone transition to full condition
netfilter: use get_random_u32 instead of prandom
netfilter: nftables: add nft_parse_register_store() and use it
netfilter: nftables: add nft_parse_register_load() and use it
drm/msm: Fix double pm_runtime_disable() call
USB: serial: option: add Quectel RM500K module support
USB: serial: option: add Quectel EM05-G modem
USB: serial: option: add Telit LE910Cx 0x1250 composition
dm mirror log: clear log bits up to BITS_PER_LONG boundary
dm era: commit metadata in postsuspend after worker stops
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
mtd: rawnand: gpmi: Fix setting busy timeout setting
mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing
btrfs: add error messages to all unrecognized mount options
net: openvswitch: fix parsing of nw_proto for IPv6 fragments
ALSA: hda/realtek: Add quirk for Clevo NS50PU
ALSA: hda/realtek: Add quirk for Clevo PD70PNT
ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
ALSA: hda/conexant: Fix missing beep setup
ALSA: hda/via: Fix missing beep setup
random: quiet urandom warning ratelimit suppression message
random: schedule mix_interrupt_randomness() less often
vt: drop old FONT ioctls
Linux 5.10.126
io_uring: use separate list entry for iopoll requests
Linux 5.10.125
io_uring: add missing item types for various requests
arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
serial: core: Initialize rs485 RTS polarity already on probe
tcp: drop the hash_32() part from the index calculation
tcp: increase source port perturb table to 2^16
tcp: dynamically allocate the perturb table used by source ports
tcp: add small random increments to the source port
tcp: use different parts of the port_offset for index and offset
tcp: add some entropy in __inet_hash_connect()
usb: gadget: u_ether: fix regression in setting fixed MAC address
zonefs: fix zonefs_iomap_begin() for reads
s390/mm: use non-quiescing sske for KVM switch to keyed guest
Revert "xfrm: Add possibility to set the default to block if we have no policy"
Revert "net: xfrm: fix shift-out-of-bounce"
Revert "xfrm: make user policy API complete"
Revert "xfrm: notify default policy on update"
Revert "xfrm: fix dflt policy check when there is no policy configured"
Revert "xfrm: rework default policy structure"
Revert "xfrm: fix "disable_policy" flag use when arriving from different devices"
Revert "include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage"
Linux 5.10.124
clk: imx8mp: fix usb_root_clk parent
powerpc/book3e: get rid of #include <generated/compile.h>
igc: Enable PCIe PTM
Revert "PCI: Make pci_enable_ptm() private"
net: openvswitch: fix misuse of the cached connection on tuple changes
net/sched: act_police: more accurate MTU policing
dma-direct: don't over-decrypt memory
virtio-pci: Remove wrong address verification in vp_del_vqs()
ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
KVM: x86: Account a variety of miscellaneous allocations
KVM: arm64: Don't read a HW interrupt pending state in user context
ext4: add reserved GDT blocks check
ext4: make variable "count" signed
ext4: fix bug_on ext4_mb_use_inode_pa
drm/amd/display: Cap OLED brightness per max frame-average luminance
dm mirror log: round up region bitmap size to BITS_PER_LONG
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: dwc2: Fix memory leak in dwc2_hcd_init
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
crypto: memneq - move into lib/
comedi: vmk80xx: fix expression for tx buffer size
mei: me: add raptor lake point S DID
i2c: designware: Use standard optional ref clock implementation
irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
i2c: npcm7xx: Add check for platform_driver_register
faddr2line: Fix overlapping text section failures, the sequel
block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
certs/blacklist_hashes.c: fix const confusion in certs blacklist
arm64: ftrace: consistently handle PLTs.
arm64: ftrace: fix branch range checks
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
mlxsw: spectrum_cnt: Reorder counter pools
nvme: add device name to warning in uuid_show()
nvme: use sysfs_emit instead of sprintf
drm/i915/reset: Fix error_state_read ptr + offset use
misc: atmel-ssc: Fix IRQ check in ssc_probe
tty: goldfish: Fix free_irq() on remove
Drivers: hv: vmbus: Release cpu lock in error case
i40e: Fix call trace in setup_tx_descriptors
i40e: Fix calculating the number of queue pairs
i40e: Fix adding ADQ filter to TC0
clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
pNFS: Avoid a live lock condition in pnfs_update_layout()
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
random: credit cpu and bootloader seeds by default
gpio: dwapb: Don't print error on -EPROBE_DEFER
MIPS: Loongson-3: fix compile mips cpu_hwmon as module build error.
mellanox: mlx5: avoid uninitialized variable warning with gcc-12
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
ALSA: hda/realtek - Add HW8326 support
scsi: pmcraid: Fix missing resource cleanup in error case
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq
ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
ASoC: es8328: Fix event generation for deemphasis control
ASoC: wm8962: Fix suspend while playing music
quota: Prevent memory allocation recursion while holding dq_lock
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l51: Correct minimum value for SX volume control
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs35l36: Update digital volume TLV
ASoC: cs42l52: Fix TLV scales for mixer controls
dma-debug: make things less spammy under memory pressure
ASoC: nau8822: Add operation for internal PLL off and on
powerpc/kasan: Silence KASAN warnings in __get_wchan()
arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3
bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
nfsd: Replace use of rwsem with errseq_t
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Linux 5.10.123
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
Linux 5.10.122
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
dmaengine: idxd: add missing callback function to support DMA_INTERRUPT
zonefs: fix handling of explicit_open option on mount
PCI: qcom: Fix pipe clock imbalance
md/raid0: Ignore RAID0 layout if the second zone has only one device
interconnect: Restore sync state by ignoring ipa-virt in provider count
interconnect: qcom: sc7180: Drop IP0 interconnects
powerpc/mm: Switch obsolete dssall to .long
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
drm/atomic: Force bridge self-refresh-exit on CRTC switch
drm/bridge: analogix_dp: Support PSR-exit to disable transition
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
ixgbe: fix bcast packets Rx on VF after promisc removal
nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
net: phy: dp83867: retrigger SGMII AN when link change
mmc: block: Fix CQE recovery reset success
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: fix reconnect on smb3 mount types
cifs: return errors during session setup during reconnects
ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021
ALSA: hda/conexant - Fix loopback issue with CX20632
scripts/gdb: change kernel config dumping method
vringh: Fix loop descriptors check in the indirect cases
nodemask: Fix return values to be unsigned
cifs: version operations for smb20 unneeded when legacy support disabled
s390/gmap: voluntarily schedule during key setting
nbd: fix io hung while disconnecting device
nbd: fix race between nbd_alloc_config() and module removal
nbd: call genl_unregister_family() first in nbd_cleanup()
jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds
x86/cpu: Elide KCSAN for cpu_has() and friends
modpost: fix undefined behavior of is_arm_mapping_symbol()
drm/radeon: fix a possible null pointer dereference
ceph: allow ceph.dir.rctime xattr to be updatable
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
scsi: myrb: Fix up null pointer access on myrb_cleanup()
md: protect md_unregister_thread from reentrancy
watchdog: wdat_wdt: Stop watchdog when rebooting the system
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
staging: rtl8712: fix uninit-value in usb_read8() and friends
clocksource/drivers/sp804: Avoid error on multiple instances
extcon: Modify extcon device to be created after driver data is set
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
sysrq: do not omit current cpu when showing backtrace of all active CPUs
USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: st_sensors: Add a local lock for protecting odr
staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
drm: imx: fix compiler warning with gcc-12
net: altera: Fix refcount leak in altera_tse_mdio_create
ip_gre: test csum_start instead of transport header
net/mlx5: fs, fail conflicting actions
net/mlx5: Rearm the FW tracer after each tracer event
net: ipv6: unexport __init-annotated seg6_hmac_init()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: mdio: unexport __init-annotated mdio_bus_init()
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
bpf, arm64: Clear prog->jited_len along prog->jited
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
netfilter: nf_tables: bail out early if hardware offload is not supported
netfilter: nf_tables: memleak flow rule from commit path
netfilter: nf_tables: release new hooks on unsupported flowtable flags
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
netfilter: nf_tables: always initialize flowtable hook list in transaction
powerpc/kasan: Force thread size increase with KASAN
netfilter: nf_tables: delete flowtable hooks via transaction list
netfilter: nat: really support inet nat without l3 address
xprtrdma: treat all calls not a bcall when bc_serv is NULL
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1
NFSv4: Don't hold the layoutget locks across multiple RPC calls
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
iommu/arm-smmu-v3: check return value after calling platform_get_resource()
iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
tracing: Avoid adding tracer option before update_tracer_options
tracing: Fix sleeping function called from invalid context on RT kernel
bootconfig: Make the bootconfig.o as a normal object file
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
dmaengine: idxd: set DMA_INTERRUPT cap bit
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
tipc: check attribute length for bearer name
scsi: sd: Fix potential NULL pointer dereference
afs: Fix infinite loop found by xfstest generic/676
gpio: pca953x: use the correct register address to do regcache sync
tcp: tcp_rtx_synack() can be called from process context
net: sched: add barrier to fix packet stuck problem for lockless qdisc
net/mlx5e: Update netdev features after changing XDP state
net/mlx5: correct ECE offset in query qp output
net/mlx5: Don't use already freed action pointer
sfc: fix wrong tx channel offset with efx_separate_tx_channels
sfc: fix considering that all channels have TX queues
nfp: only report pause frame configuration for physical device
net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *"
riscv: read-only pages should not be writable
bpf: Fix probe read error in ___bpf_prog_run()
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty
jffs2: fix memory leak in jffs2_do_fill_super
modpost: fix removing numeric suffixes
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking
driver core: fix deadlock in __device_attach
driver: base: fix UAF when driver_attach failed
bus: ti-sysc: Fix warnings for unbind for serial
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: stm32-usart: Correct CSIZE, bits, and parity
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sifive: Sanitize CSIZE and c_iflag
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: rda-uart: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
clocksource/drivers/riscv: Events are stopped during CPU suspend
soc: rockchip: Fix refcount leak in rockchip_grf_init
extcon: ptn5150: Add queue work sync before driver release
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
serial: sifive: Report actual baud base rather than fixed 115200
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
iio: adc: sc27xx: Fine tune the scale calibration values
iio: adc: sc27xx: fix read big scale voltage not right
iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
usb: typec: mux: Check dev_set_name() return value
firmware: stratix10-svc: fix a missing check on list iterator
misc: fastrpc: fix an incorrect NULL check on list iterator
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
usb: musb: Fix missing of_node_put() in omap2430_probe
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
tty: n_tty: Restore EOF push handling behavior
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
tty: goldfish: Use tty_port_destroy() to destroy port
lkdtm/bugs: Check for the NULL pointer after calling kmalloc
iio: adc: ad7124: Remove shift from scan_type
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
Linux 5.10.121
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
ext4: only allow test_dummy_encryption when supported
MIPS: IP30: Remove incorrect `cpu_has_fpu' override
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
Revert "random: use static branch for crng_ready()"
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
bfq: Make sure bfqg for which we are queueing requests is online
bfq: Get rid of __bio_blkcg() usage
bfq: Remove pointless bfq_init_rq() calls
bfq: Drop pointless unlock-lock pair
bfq: Avoid merging queues with different parents
thermal/core: Fix memory leak in the error path
thermal/core: fix a UAF bug in __thermal_cooling_device_register()
kseltest/cgroup: Make test_stress.sh work if run interactively
xfs: assert in xfs_btree_del_cursor should take into account error
xfs: consider shutdown in bmapbt cursor delete assert
xfs: force log and push AIL to clear pinned inodes when aborting mount
xfs: restore shutdown check in mapped write fault path
xfs: fix incorrect root dquot corruption error when switching group/project quota types
xfs: fix chown leaking delalloc quota blocks when fssetxattr fails
xfs: sync lazy sb accounting on quiesce of read-only mounts
xfs: set inode size after creating symlink
net: ipa: fix page free in ipa_endpoint_replenish_one()
net: ipa: fix page free in ipa_endpoint_trans_release()
phy: qcom-qmp: fix reset-controller leak on probe errors
coresight: core: Fix coresight device probe failure issue
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
vdpasim: allow to enable a vq repeatedly
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
ARM: pxa: maybe fix gpio lookup tables
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
phy: qcom-qmp: fix struct clk leak on probe errors
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
gma500: fix an incorrect NULL check on list iterator
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
serial: pch: don't overwrite xmit->buf[0] by x_char
bcache: avoid journal no-space deadlock by reserving 1 journal bucket
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
bcache: improve multithreaded bch_sectors_dirty_init()
bcache: improve multithreaded bch_btree_check()
stm: ltdc: fix two incorrect NULL checks on list iterator
carl9170: tx: fix an incorrect use of list iterator
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
rtl818x: Prevent using not initialized queues
xtensa/simdisk: fix proc_read_simdisk()
hugetlb: fix huge_pmd_unshare address update
nodemask.h: fix compilation error with GCC12
iommu/msm: Fix an incorrect NULL check on list iterator
ftrace: Clean up hash direct_functions on register failures
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
cfg80211: declare MODULE_FIRMWARE for regulatory.db
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
csky: patch_text: Fixup last cpu should be master
RDMA/hfi1: Fix potential integer multiplication overflow errors
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
ima: remove the IMA_TEMPLATE Kconfig option
media: coda: Add more H264 levels for CODA960
media: coda: Fix reported H264 profile
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/i915/dsi: fix VBT send packet port selection for ICL+
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
s390/perf: obtain sie_block from the right address
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
PCI: qcom: Fix unbalanced PHY init on probe errors
PCI: qcom: Fix runtime PM imbalance on probe errors
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
tracing: Fix potential double free in create_var_ref()
ACPI: property: Release subnode properties with data nodes
ext4: avoid cycles in directory h-tree
ext4: verify dir block before splitting it
ext4: fix bug_on in __es_tree_search
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
ext4: fix bug_on in ext4_writepages
ext4: fix warning in ext4_handle_inode_extension
ext4: fix use-after-free in ext4_rename_dir_prepare
bfq: Track whether bfq_group is still online
bfq: Update cgroup information before merging bio
bfq: Split shared queues on move between cgroups
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
f2fs: fix to do sanity check for inline inode
f2fs: fix fallocate to use file_modified to update permissions consistently
f2fs: fix to do sanity check on total_data_blocks
f2fs: don't need inode lock for system hidden quota
f2fs: fix deadloop in foreground GC
f2fs: fix to clear dirty inode in f2fs_evict_inode()
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
perf jevents: Fix event syntax error caused by ExtSel
perf c2c: Use stdio interface if slang is not supported
i2c: rcar: fix PM ref counts in probe error paths
i2c: npcm: Handle spurious interrupts
i2c: npcm: Correct register access width
i2c: npcm: Fix timeout calculation
iommu/amd: Increase timeout waiting for GA log enablement
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
dmaengine: stm32-mdma: rework interrupt handler
dmaengine: stm32-mdma: remove GISR1 register
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
NFS: Don't report errors from nfs_pageio_complete() more than once
NFS: Do not report flush errors in nfs_write_end()
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
i2c: at91: Initialize dma_buf in at91_twi_xfer()
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
cpufreq: mediatek: Unregister platform device on exit
cpufreq: mediatek: Use module_init and add module_exit
cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init
i2c: at91: use dma safe buffers
iommu/mediatek: Add list_del in mtk_iommu_remove
f2fs: fix dereference of stale list iterator after loop body
OPP: call of_node_put() on error path in _bandwidth_supported()
Input: stmfts - do not leave device disabled in stmfts_input_open
RDMA/hfi1: Prevent use of lock before it is initialized
mailbox: forward the hrtimer if not queued and under a lock
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
macintosh: via-pmu and via-cuda need RTC_LIB
powerpc/perf: Fix the threshold compare group constraint for power9
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
Input: sparcspkr - fix refcount leak in bbc_beep_probe
crypto: cryptd - Protect per-CPU resource by disabling BH.
crypto: sun8i-ss - handle zero sized sg
crypto: sun8i-ss - rework handling of IV
tty: fix deadlock caused by calling printk() under tty_port->lock
PCI: imx6: Fix PERST# start-up sequence
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
ASoC: atmel-classd: Remove endianness flag on class d component
ASoC: atmel-pdmic: Remove endianness flag on pdmic component
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
dax: fix cache flush on PMD-mapped pages
drivers/base/node.c: fix compaction sysfs file leak
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
nvdimm: Allow overwrite in the presence of disabled dimms
nvdimm: Fix firmware activation deadlock scenarios
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
powerpc/fadump: fix PT_LOAD segment for boot memory area
arm: mediatek: select arch timer for mt7629
pinctrl: bcm2835: implement hook for missing gpio-ranges
gpiolib: of: Introduce hook for missing gpio-ranges
crypto: marvell/cesa - ECB does not IV
misc: ocxl: fix possible double free in ocxl_file_register_afu
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
can: xilinx_can: mark bit timing constants as const
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
platform/chrome: cros_ec: fix error handling in cros_ec_register()
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
PCI: dwc: Fix setting error return on MSI DMA mapping failure
PCI: rockchip: Fix find_first_zero_bit() limit
PCI: cadence: Fix find_first_zero_bit() limit
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
ARM: dts: suniv: F1C100: fix watchdog compatible
memory: samsung: exynos5422-dmc: Avoid some over memory allocation
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
net/smc: postpone sk_refcnt increment in connect()
hinic: Avoid some over memory allocation
net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc()
rxrpc: Fix decision on when to generate an IDLE ACK
rxrpc: Don't let ack.previousPacket regress
rxrpc: Fix overlapping ACK accounting
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
hv_netvsc: Fix potential dereference of NULL pointer
net: stmmac: fix out-of-bounds access in a selftest
net: stmmac: selftests: Use kcalloc() instead of kzalloc()
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
thermal/core: Fix memory leak in __thermal_cooling_device_register()
thermal/drivers/core: Use a char pointer for the cooling device name
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
thermal/drivers/bcm2711: Don't clamp temperature at zero
drm/i915: Fix CFI violation with show_dynamic_id()
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
x86/sev: Annotate stack change in the #VC handler
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
ext4: reject the 'commit' option on ext2 filesystems
media: rkvdec: h264: Fix bit depth wrap in pps packet
media: rkvdec: h264: Fix dpb_valid implementation
media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource()
media: ov7670: remove ov7670_power_off from ov7670_remove
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
m68k: math-emu: Fix dependencies of math emulation support
nvme: set dma alignment to dword
Bluetooth: use hdev lock for accept_list and reject_list in conn req
Bluetooth: use inclusive language when filtering devices
Bluetooth: use inclusive language in HCI role comments
Bluetooth: LL privacy allow RPA
Bluetooth: L2CAP: Rudimentary typo fixes
Bluetooth: Interleave with allowlist scan
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
media: vsp1: Fix offset calculation for plane cropping
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
media: aspeed: Fix an error handling path in aspeed_video_probe()
scripts/faddr2line: Fix overlapping text section failures
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
ASoC: samsung: Fix refcount leak in aries_audio_probe
ASoC: samsung: Use dev_err_probe() helper
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
ath11k: Don't check arvif->is_started before sending management frames
perf/amd/ibs: Use interrupt regs ip for stack unwinding
regulator: qcom_smd: Fix up PM8950 regulator configuration
Revert "cpufreq: Fix possible race in cpufreq online error path"
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
iomap: iomap_write_failed fix
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
arm64: fix types in copy_highpage()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
x86: Fix return value of __setup handlers
virtio_blk: fix the discard_granularity and discard_alignment queue limits
perf tools: Use Python devtools for version autodetection rather than runtime
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
drm/msm: add missing include to msm_drv.c
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/dp: fix error check return value of irq_of_parse_and_map()
drm/msm/dp: stop event kernel thread when DP unbind
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
perf tools: Add missing headers needed by util/data.h
ASoC: rk3328: fix disabling mclk on pclk probe failure
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
x86/pm: Fix false positive kmemleak report in msr_build_context()
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
libbpf: Fix logic for finding matching program for CO-RE relocation
selftests/resctrl: Fix null pointer dereference on open failed
scsi: ufs: core: Exclude UECxx from SFR dump list
scsi: ufs: qcom: Fix ufs_qcom_resume()
drm/msm/dpu: adjust display_v_end for eDP and DP
of: overlay: do not break notify on NOTIFY_{OK|STOP}
fsnotify: fix wrong lockdep annotations
inotify: show inotify mask flags in proc fdinfo
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
media: hantro: Empty encoder capture buffers by default
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
cpufreq: Fix possible race in cpufreq online error path
spi: img-spfi: Fix pm_runtime_get_sync() error checking
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
drm/bridge: Fix error handling in analogix_dp_probe
HID: elan: Fix potential double free in elan_input_configured
HID: hid-led: fix maximum brightness for Dream Cheeky
mtd: rawnand: denali: Use managed device resources
EDAC/dmc520: Don't print an error for each unconfigured interrupt line
drbd: fix duplicate array initializer
target: remove an incorrect unmap zeroes data deduction
efi: Add missing prototype for efi_capsule_setup_info
NFC: NULL out the dev->rfkill to prevent UAF
net: dsa: mt7530: 1G can also support 1000BASE-X link mode
scftorture: Fix distribution of short handler delays
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm: mali-dp: potential dereference of null pointer
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
nl80211: show SSID for P2P_GO interfaces
bpf: Fix excessive memory allocation in stack_map_alloc()
libbpf: Don't error out on CO-RE relos for overriden weak subprogs
drm/vc4: txp: Force alpha to be 0xff if it's disabled
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/vc4: hvs: Reset muxes at probe time
drm/mediatek: Fix mtk_cec_mask()
drm/ingenic: Reset pixclock rate when parent clock rate changes
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
spi: qcom-qspi: Add minItems to interconnect-names
drm/bridge: adv7511: clean up CEC adapter when probe fails
drm/edid: fix invalid EDID extension block filtering
ath9k: fix ar9003_get_eepmisc
ath11k: acquire ab->base_lock in unassign when finding the peer by addr
dt-bindings: display: sitronix, st7735r: Fix backlight in example
drm: fix EDID struct for old ARM OABI format
RDMA/hfi1: Prevent panic when SDMA is disabled
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/powernv: fix missing of_node_put in uv_init()
powerpc/xics: fix refcount leak in icp_opal_init()
powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
fat: add ratelimit to fat*_ent_bread()
powerpc/fadump: Fix fadump to work with a different endian capture kernel
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
crypto: ccree - use fine grained DMA mapping dir
PM / devfreq: rk3399_dmc: Disable edev on remove()
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
ARM: dts: s5pv210: align DMA channels with dtschema
ARM: dts: ox820: align interrupt controller node name with dtschema
IB/rdmavt: add missing locks in rvt_ruc_loopback
gfs2: use i_lock spin_lock for inode qadata
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
eth: tg3: silence the GCC 12 array-bounds warning
rxrpc, afs: Fix selection of abort codes
rxrpc: Return an error to sendmsg if call failed
m68k: atari: Make Atari ROM port I/O write macros return void
x86/microcode: Add explicit CPU vendor dependency
can: mcp251xfd: silence clang's -Wunaligned-access warning
ASoC: rt1015p: remove dependency on GPIOLIB
ASoC: max98357a: remove dependency on GPIOLIB
media: exynos4-is: Fix compile warning
net: phy: micrel: Allow probing without .driver_data
nbd: Fix hung on disconnect request if socket is closed before
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
media: cec-adap.c: fix is_configuring state
media: imon: reorganize serialization
media: coda: limit frame interval enumeration to supported encoder frame sizes
media: rga: fix possible memory leak in rga_probe
rtlwifi: Use pr_warn instead of WARN_ONCE
ipmi: Fix pr_fmt to avoid compilation issues
ipmi:ssif: Check for NULL msg when handling events and messages
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
perf/amd/ibs: Cascade pmu init functions' return value
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
net: remove two BUG() from skb_checksum_help()
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
mlxsw: Treat LLDP packets as control
mlxsw: spectrum_dcb: Do not warn about priority changes
ASoC: dapm: Don't fold register value changes into notifications
net/mlx5: fs, delete the FTE when there are no rules attached to it
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
drm: msm: fix error check return value of irq_of_parse_and_map()
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
ath10k: skip ath10k_halt during suspend for driver state RESTARTING
drm/amd/pm: fix the compile warning
drm/plane: Move range check for format_count earlier
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
ath11k: disable spectral scan during spectral deinit
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
scsi: megaraid: Fix error check return value of register_chrdev()
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
mmc: jz4740: Apply DMA engine limits to maximum segment size
md/bitmap: don't set sb values if can't pass sanity check
media: cx25821: Fix the warning when removing the module
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: venus: hfi: avoid null dereference in deinit
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
tools/power turbostat: fix ICX DRAM power numbers
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
ALSA: jack: Access input_dev under mutex
sfc: ef10: Fix assigning negative value to unsigned variable
rcu: Make TASKS_RUDE_RCU select IRQ_WORK
rcu-tasks: Fix race in schedule and flush work
drm/komeda: return early if drm_universal_plane_init() fails.
ACPICA: Avoid cache flush inside virtual machines
x86/platform/uv: Update TSC sync state for UV5
fbcon: Consistently protect deferred_takeover with console_lock()
ipv6: fix locking issues with loops over idev->addr_list
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
iommu/vt-d: Add RPLS to quirk list to skip TE disabling
btrfs: repair super block num_devices automatically
btrfs: add "0x" prefix for unsupported optional features
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
perf/x86/intel: Fix event constraints for ICL
x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
parisc/stifb: Keep track of hardware path of graphics card
Fonts: Make font size unsigned in font_desc
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
cifs: when extending a file with falloc we should make files not-sparse
usb: core: hcd: Add support for deferring roothub registration
usb: dwc3: gadget: Move null pinter check to proper place
USB: new quirk for Dell Gen 2 devices
USB: serial: option: add Quectel BG95 modem
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
riscv: Fix irq_work when SMP is disabled
riscv: Initialize thread pointer before calling C functions
parisc/stifb: Implement fb_is_primary_device()
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
Linux 5.10.120
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
bpf: Fix potential array overflow in bpf_trampoline_get_progs()
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: add quirks to enable Lenovo X12 trackpoint
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries
Bluetooth: hci_qca: Use del_timer_sync() before freeing
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
crypto: caam - fix i.MX6SX entropy delay value
KVM: x86: avoid calling x86 emulator without a decoded instruction
x86, kvm: use correct GFP flags for preemption disabled
x86/kvm: Alloc dummy async #PF token outside of raw spinlock
KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator
netfilter: conntrack: re-fetch conntrack after insertion
netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - prepare for more fine-grained tracking of seeding state
lib/crypto: add prompts back to crypto libraries
exfat: check if cluster num is valid
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
xfs: Fix CIL throttle hang when CIL space used going backwards
xfs: fix an ABBA deadlock in xfs_rename
xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
xfs: show the proper user quota options
xfs: detect overflows in bmbt records
net: ipa: compute proper aggregation limit
io_uring: fix using under-expanded iters
io_uring: don't re-import iovecs from callbacks
assoc_array: Fix BUG_ON during garbage collect
cfg80211: set custom regdomain after wiphy registration
pipe: Fix missing lock in pipe_resize_ring()
pipe: make poll_usage boolean and annotate its access
netfilter: nf_tables: disallow non-stateful expression in sets earlier
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
nfc: pn533: Fix buggy cleanup order
net: af_key: check encryption module availability consistency
percpu_ref_init(): clean ->percpu_count_ref on failure
pinctrl: sunxi: fix f1c100s uart2 function
Linux 5.10.119
ALSA: ctxfi: Add SB046x PCI ID
random: check for signals after page of pool writes
random: wire up fops->splice_{read,write}_iter()
random: convert to using fops->write_iter()
random: convert to using fops->read_iter()
random: unify batched entropy implementations
random: move randomize_page() into mm where it belongs
random: move initialization functions out of hot pages
random: make consistent use of buf and len
random: use proper return types on get_random_{int,long}_wait()
random: remove extern from functions in header
random: use static branch for crng_ready()
random: credit architectural init the exact amount
random: handle latent entropy and command line from random_init()
random: use proper jiffies comparison macro
random: remove ratelimiting for in-kernel unseeded randomness
random: move initialization out of reseeding hot path
random: avoid initializing twice in credit race
random: use symbolic constants for crng_init states
siphash: use one source of truth for siphash permutations
random: help compiler out with fast_mix() by using simpler arguments
random: do not use input pool from hard IRQs
random: order timer entropy functions below interrupt functions
random: do not pretend to handle premature next security model
random: use first 128 bits of input as fast init
random: do not use batches when !crng_ready()
random: insist on random_get_entropy() existing in order to simplify
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
riscv: use fallback for random_get_entropy() instead of zero
m68k: use fallback for random_get_entropy() instead of zero
timekeeping: Add raw clock fallback for random_get_entropy()
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
init: call time_init() before rand_initialize()
random: fix sysctl documentation nits
random: document crng_fast_key_erasure() destination possibility
random: make random_get_entropy() return an unsigned long
random: allow partial reads if later user copies fail
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: check for signal_pending() outside of need_resched() check
random: do not allow user to keep crng key around on stack
random: do not split fast init input in add_hwgenerator_randomness()
random: mix build-time latent entropy into pool at init
random: re-add removed comment about get_random_{u32,u64} reseeding
random: treat bootloader trust toggle the same way as cpu trust toggle
random: skip fast_init if hwrng provides large chunk of entropy
random: check for signal and try earlier when generating entropy
random: reseed more often immediately after booting
random: make consistent usage of crng_ready()
random: use SipHash as interrupt entropy accumulator
random: replace custom notifier chain with standard one
random: don't let 644 read-only sysctls be written to
random: give sysctl_random_min_urandom_seed a more sensible value
random: do crng pre-init loading in worker rather than irq
random: unify cycles_t and jiffies usage and types
random: cleanup UUID handling
random: only wake up writers after zap if threshold was passed
random: round-robin registers as ulong, not u32
random: clear fast pool, crng, and batches in cpuhp bring up
random: pull add_hwgenerator_randomness() declaration into random.h
random: check for crng_init == 0 in add_device_randomness()
random: unify early init crng load accounting
random: do not take pool spinlock at boot
random: defer fast pool mixing to worker
random: rewrite header introductory comment
random: group sysctl functions
random: group userspace read/write functions
random: group entropy collection functions
random: group entropy extraction functions
random: group crng functions
random: group initialization wait functions
random: remove whitespace and reorder includes
random: remove useless header comment
random: introduce drain_entropy() helper to declutter crng_reseed()
random: deobfuscate irq u32/u64 contributions
random: add proper SPDX header
random: remove unused tracepoints
random: remove ifdef'd out interrupt bench
random: tie batched entropy generation to base_crng generation
random: fix locking for crng_init in crng_reseed()
random: zero buffer after reading entropy from userspace
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: make more consistent use of integer types
random: use hash function for crng_slow_load()
random: use simpler fast key erasure flow on per-cpu keys
random: absorb fast pool into input pool after fast load
random: do not xor RDRAND when writing into /dev/random
random: ensure early RDSEED goes through mixer on init
random: inline leaves of rand_initialize()
random: get rid of secondary crngs
random: use RDSEED instead of RDRAND in entropy extraction
random: fix locking in crng_fast_load()
random: remove batched entropy locking
random: remove use_input_pool parameter from crng_reseed()
random: make credit_entropy_bits() always safe
random: always wake up entropy writers after extraction
random: use linear min-entropy accumulation crediting
random: simplify entropy debiting
random: use computational hash for entropy extraction
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: continually use hwgenerator randomness
random: simplify arithmetic function flow in account()
random: selectively clang-format where it makes sense
random: access input_pool_data directly rather than through pointer
random: cleanup fractional entropy shift constants
random: prepend remaining pool constants with POOL_
random: de-duplicate INPUT_POOL constants
random: remove unused OUTPUT_POOL constants
random: rather than entropy_store abstraction, use global
random: remove unused extract_entropy() reserved argument
random: remove incomplete last_data logic
random: cleanup integer types
random: cleanup poolinfo abstraction
random: fix typo in comments
random: don't reset crng_init_cnt on urandom_read()
random: avoid superfluous call to RDRAND in CRNG extraction
random: early initialization of ChaCha constants
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: harmonize "crng init done" messages
random: mix bootloader randomness into pool
random: do not re-init if crng_reseed completes before primary init
random: do not sign extend bytes for rotation when mixing
random: use BLAKE2s instead of SHA1 in extraction
random: remove unused irq_flags argument from add_interrupt_randomness()
random: document add_hwgenerator_randomness() with other input functions
lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: blake2s: include as built-in
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
crypto: blake2s - add comment for blake2s_state fields
crypto: blake2s - optimize blake2s initialization
crypto: blake2s - share the "shash" API boilerplate code
crypto: blake2s - move update and final logic to internal/blake2s.h
crypto: blake2s - remove unneeded includes
crypto: x86/blake2s - define shash_alg structs using macros
crypto: blake2s - define shash_alg structs using macros
crypto: lib/blake2s - Move selftest prototype into header file
MAINTAINERS: add git tree for random.c
MAINTAINERS: co-maintain random.c
random: remove dead code left over from blocking pool
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
media: vim2m: initialize the media device earlier
media: vim2m: Register video device after setting up internals
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: change source port randomizarion at connect() time
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
KVM: x86: Properly handle APF vs disabled LAPIC situation
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
lockdown: also lock down previous kgdb use
Linux 5.10.118
module: check for exit sections in layout_sections() instead of module_init_section()
include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
afs: Fix afs_getattr() to refetch file status if callback break occurred
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
Input: ili210x - fix reset timing
arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs
net: atlantic: verify hw_head_ lies within TX buffer ring
net: atlantic: add check for MAX_SKB_FRAGS
net: atlantic: reduce scope of is_rsc_complete
net: atlantic: fix "frag[0] not initialized"
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
nl80211: fix locking in nl80211_set_tx_bitrate_mask()
selftests: add ping test with ping_group_range tuned
nl80211: validate S1G channel width
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
riscv: dts: sifive: fu540-c000: align dma node name with dtschema
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
ice: fix possible under reporting of ethtool Tx and Rx statistics
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net: systemport: Fix an error handling path in bcm_sysport_probe()
net/sched: act_pedit: sanitize shift argument before usage
xfrm: fix "disable_policy" flag use when arriving from different devices
xfrm: rework default policy structure
xfrm: fix dflt policy check when there is no policy configured
xfrm: notify default policy on update
xfrm: make user policy API complete
net: xfrm: fix shift-out-of-bounce
xfrm: Add possibility to set the default to block if we have no policy
net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
net: macb: Increment rx bd head after allocating skb and buffer
net: ipa: record proper RX transaction count
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
libceph: fix potential use-after-free on linger ping and resends
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
arm64: mte: Ensure the cleared tags are visible before setting the PTE
arm64: paravirt: Use RCU read locks to guard stolen_time
KVM: x86/mmu: Update number of zapped pages even if page list is stable
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
Fix double fget() in vhost_net_set_backend()
selinux: fix bad cleanup on error in hashtab_duplicate()
perf: Fix sys_perf_event_open() race against self
ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
ALSA: wavefront: Proper check of get_user() error
ALSA: usb-audio: Restore Rane SL-1 quirk
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
fs: fix an infinite loop in iomap_fiemap
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
nvme-multipath: fix hang when disk goes live over reconnect
tools/virtio: compile with -pthread
vhost_vdpa: don't setup irq offloading when irq_num < 0
s390/pci: improve zpci_dev reference counting
ALSA: hda/realtek: Enable headset mic on Lenovo P360
crypto: x86/chacha20 - Avoid spurious jumps to other functions
crypto: stm32 - fix reference leak in stm32_crc_remove
rtc: sun6i: Fix time overflow handling
gfs2: Disable page faults during lockless buffered reads
nvme-pci: add quirks for Samsung X5 SSDs
Input: stmfts - fix reference leak in stmfts_input_open
Input: add bounds checking to input_set_capability()
um: Cleanup syscall_handler_t definition/cast, fix warning
rtc: pcf2127: fix bug when reading alarm registers
rtc: fix use-after-free on device removal
igc: Update I226_K device ID
igc: Remove phy->type checking
igc: Remove _I_PHY_ID checking
Revert "drm/i915/opregion: check port number bounds for SWSCI display power state"
floppy: use a statically allocated error counter
io_uring: always grab file table for deferred statx
usb: gadget: fix race when gadget driver register via ioctl
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/display/sitronix,st7735r.yaml
Documentation/devicetree/bindings/dma/allwinner,sun50i-a64-dma.yaml
Documentation/devicetree/bindings/gpio/gpio-altera.txt
Documentation/devicetree/bindings/pinctrl/aspeed,ast2600-pinctrl.yaml
Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml
drivers/scsi/ufs/ufs-qcom.c
drivers/soc/qcom/llcc-qcom.c
drivers/virtio/virtio_mmio.c
Change-Id: I7130d4c99319ff2a9474e07159e3943d94059e3a
Signed-off-by: Sivasri Kumar, Vanka <quic_svanka@quicinc.com>
|
||
|
Luiz Augusto von Dentz
|
f1bf5340cd |
UPSTREAM: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
The patch d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused
by l2cap_chan_put" from Jul 21, 2022, leads to the following Smatch
static checker warning:
net/bluetooth/l2cap_core.c:1977 l2cap_global_chan_by_psm()
error: we previously assumed 'c' could be null (see line 1996)
Bug: 254441685
Fixes: d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
(cherry picked from commit 332f1795ca202489c665a75e62e18ff6284de077)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I81c57064d558d8304d889fa3448a8aff45c7a408
|
||
|
Eric Dumazet
|
712eaeb09c |
UPSTREAM: net: preserve skb_end_offset() in skb_unclone_keeptruesize()
syzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len) in skb_try_coalesce() [1] I was able to root cause the issue to kfence. When kfence is in action, the following assertion is no longer true: int size = xxxx; void *ptr1 = kmalloc(size, gfp); void *ptr2 = kmalloc(size, gfp); if (ptr1 && ptr2) ASSERT(ksize(ptr1) == ksize(ptr2)); We attempted to fix these issues in the blamed commits, but forgot that TCP was possibly shifting data after skb_unclone_keeptruesize() has been used, notably from tcp_retrans_try_collapse(). So we not only need to keep same skb->truesize value, we also need to make sure TCP wont fill new tailroom that pskb_expand_head() was able to get from a addr = kmalloc(...) followed by ksize(addr) Split skb_unclone_keeptruesize() into two parts: 1) Inline skb_unclone_keeptruesize() for the common case, when skb is not cloned. 2) Out of line __skb_unclone_keeptruesize() for the 'slow path'. WARNING: CPU: 1 PID: 6490 at net/core/skbuff.c:5295 skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295 Modules linked in: CPU: 1 PID: 6490 Comm: syz-executor161 Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295 Code: bf 01 00 00 00 0f b7 c0 89 c6 89 44 24 20 e8 62 24 4e fa 8b 44 24 20 83 e8 01 0f 85 e5 f0 ff ff e9 87 f4 ff ff e8 cb 20 4e fa <0f> 0b e9 06 f9 ff ff e8 af b2 95 fa e9 69 f0 ff ff e8 95 b2 95 fa RSP: 0018:ffffc900063af268 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00000000ffffffd5 RCX: 0000000000000000 RDX: ffff88806fc05700 RSI: ffffffff872abd55 RDI: 0000000000000003 RBP: ffff88806e675500 R08: 00000000ffffffd5 R09: 0000000000000000 R10: ffffffff872ab659 R11: 0000000000000000 R12: ffff88806dd554e8 R13: ffff88806dd9bac0 R14: ffff88806dd9a2c0 R15: 0000000000000155 FS: 00007f18014f9700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020002000 CR3: 000000006be7a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tcp_try_coalesce net/ipv4/tcp_input.c:4651 [inline] tcp_try_coalesce+0x393/0x920 net/ipv4/tcp_input.c:4630 tcp_queue_rcv+0x8a/0x6e0 net/ipv4/tcp_input.c:4914 tcp_data_queue+0x11fd/0x4bb0 net/ipv4/tcp_input.c:5025 tcp_rcv_established+0x81e/0x1ff0 net/ipv4/tcp_input.c:5947 tcp_v4_do_rcv+0x65e/0x980 net/ipv4/tcp_ipv4.c:1719 sk_backlog_rcv include/net/sock.h:1037 [inline] __release_sock+0x134/0x3b0 net/core/sock.c:2779 release_sock+0x54/0x1b0 net/core/sock.c:3311 sk_wait_data+0x177/0x450 net/core/sock.c:2821 tcp_recvmsg_locked+0xe28/0x1fd0 net/ipv4/tcp.c:2457 tcp_recvmsg+0x137/0x610 net/ipv4/tcp.c:2572 inet_recvmsg+0x11b/0x5e0 net/ipv4/af_inet.c:850 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_recvmsg net/socket.c:962 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632 ___sys_recvmsg+0x127/0x200 net/socket.c:2674 __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Bug: 254441685 Fixes: c4777efa751d ("net: add and use skb_unclone_keeptruesize() helper") Fixes: 097b9146c0e2 ("net: fix up truesize of cloned skb in skb_prepare_for_shift()") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Marco Elver <elver@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 2b88cba55883eaafbc9b7cbff0b2c7cdba71ed01) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I9c25fea9153c553d7105ea73f7aaf486d00804db |
||
|
Eric Dumazet
|
0455741716 |
BACKPORT: net: add skb_set_end_offset() helper
We have multiple places where this helper is convenient, and plan using it in the following patch. Bug: 254441685 Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 763087dab97547230a6807c865a6a5ae53a59247) [Lee: Solves a dependency for the next Fixes: patch] Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I044e7020f9d0b85073253fbd4629cf97bbd38736 |
||
|
Eric Dumazet
|
a2afe6cc0f |
UPSTREAM: inet: fully convert sk->sk_rx_dst to RCU rules
commit 8f905c0e7354ef261360fb7535ea079b1082c105 upstream. syzbot reported various issues around early demux, one being included in this changelog [1] sk->sk_rx_dst is using RCU protection without clearly documenting it. And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv() are not following standard RCU rules. [a] dst_release(dst); [b] sk->sk_rx_dst = NULL; They look wrong because a delete operation of RCU protected pointer is supposed to clear the pointer before the call_rcu()/synchronize_rcu() guarding actual memory freeing. In some cases indeed, dst could be freed before [b] is done. We could cheat by clearing sk_rx_dst before calling dst_release(), but this seems the right time to stick to standard RCU annotations and debugging facilities. [1] BUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline] BUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792 Read of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204 CPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 dst_check include/net/dst.h:470 [inline] tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792 ip_rcv_finish_core.constprop.0+0x15de/0x1e80 net/ipv4/ip_input.c:340 ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583 ip_sublist_rcv net/ipv4/ip_input.c:609 [inline] ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644 __netif_receive_skb_list_ptype net/core/dev.c:5508 [inline] __netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556 __netif_receive_skb_list net/core/dev.c:5608 [inline] netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699 gro_normal_list net/core/dev.c:5853 [inline] gro_normal_list net/core/dev.c:5849 [inline] napi_complete_done+0x1f1/0x880 net/core/dev.c:6590 virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline] virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557 __napi_poll+0xaf/0x440 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x801/0xb40 net/core/dev.c:7177 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629 RIP: 0033:0x7f5e972bfd57 Code: 39 d1 73 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e <48> 8b 3e 48 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73 RSP: 002b:00007fff8a413210 EFLAGS: 00000283 RAX: 00007f5e97108990 RBX: 00007f5e97108338 RCX: ffffffff81d3aa45 RDX: ffffffff81d3aa45 RSI: 00007f5e97108340 RDI: ffffffff81d3aa45 RBP: 00007f5e97107eb8 R08: 00007f5e97108d88 R09: 0000000093c2e8d9 R10: 0000000000000000 R11: 0000000000000000 R12: 00007f5e97107eb0 R13: 00007f5e97108338 R14: 00007f5e97107ea8 R15: 0000000000000019 </TASK> Allocated by task 13: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x90/0xc0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:259 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:3234 [inline] slab_alloc mm/slub.c:3242 [inline] kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247 dst_alloc+0x146/0x1f0 net/core/dst.c:92 rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613 ip_route_input_slow+0x1817/0x3a20 net/ipv4/route.c:2340 ip_route_input_rcu net/ipv4/route.c:2470 [inline] ip_route_input_noref+0x116/0x2a0 net/ipv4/route.c:2415 ip_rcv_finish_core.constprop.0+0x288/0x1e80 net/ipv4/ip_input.c:354 ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583 ip_sublist_rcv net/ipv4/ip_input.c:609 [inline] ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644 __netif_receive_skb_list_ptype net/core/dev.c:5508 [inline] __netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556 __netif_receive_skb_list net/core/dev.c:5608 [inline] netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699 gro_normal_list net/core/dev.c:5853 [inline] gro_normal_list net/core/dev.c:5849 [inline] napi_complete_done+0x1f1/0x880 net/core/dev.c:6590 virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline] virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557 __napi_poll+0xaf/0x440 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x801/0xb40 net/core/dev.c:7177 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 Freed by task 13: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xff/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1749 slab_free mm/slub.c:3513 [inline] kmem_cache_free+0xbd/0x5d0 mm/slub.c:3530 dst_destroy+0x2d6/0x3f0 net/core/dst.c:127 rcu_do_batch kernel/rcu/tree.c:2506 [inline] rcu_core+0x7ab/0x1470 kernel/rcu/tree.c:2741 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 Last potentially related work creation: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 __kasan_record_aux_stack+0xf5/0x120 mm/kasan/generic.c:348 __call_rcu kernel/rcu/tree.c:2985 [inline] call_rcu+0xb1/0x740 kernel/rcu/tree.c:3065 dst_release net/core/dst.c:177 [inline] dst_release+0x79/0xe0 net/core/dst.c:167 tcp_v4_do_rcv+0x612/0x8d0 net/ipv4/tcp_ipv4.c:1712 sk_backlog_rcv include/net/sock.h:1030 [inline] __release_sock+0x134/0x3b0 net/core/sock.c:2768 release_sock+0x54/0x1b0 net/core/sock.c:3300 tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1441 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 sock_write_iter+0x289/0x3c0 net/socket.c:1057 call_write_iter include/linux/fs.h:2162 [inline] new_sync_write+0x429/0x660 fs/read_write.c:503 vfs_write+0x7cd/0xae0 fs/read_write.c:590 ksys_write+0x1ee/0x250 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88807f1cb700 which belongs to the cache ip_dst_cache of size 176 The buggy address is located 58 bytes inside of 176-byte region [ffff88807f1cb700, ffff88807f1cb7b0) The buggy address belongs to the page: page:ffffea0001fc72c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f1cb flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 dead000000000100 dead000000000122 ffff8881413bb780 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 5, ts 108466983062, free_ts 108048976062 prep_new_page mm/page_alloc.c:2418 [inline] get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369 alloc_pages+0x1a7/0x300 mm/mempolicy.c:2191 alloc_slab_page mm/slub.c:1793 [inline] allocate_slab mm/slub.c:1930 [inline] new_slab+0x32d/0x4a0 mm/slub.c:1993 ___slab_alloc+0x918/0xfe0 mm/slub.c:3022 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3109 slab_alloc_node mm/slub.c:3200 [inline] slab_alloc mm/slub.c:3242 [inline] kmem_cache_alloc+0x35c/0x3a0 mm/slub.c:3247 dst_alloc+0x146/0x1f0 net/core/dst.c:92 rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613 __mkroute_output net/ipv4/route.c:2564 [inline] ip_route_output_key_hash_rcu+0x921/0x2d00 net/ipv4/route.c:2791 ip_route_output_key_hash+0x18b/0x300 net/ipv4/route.c:2619 __ip_route_output_key include/net/route.h:126 [inline] ip_route_output_flow+0x23/0x150 net/ipv4/route.c:2850 ip_route_output_key include/net/route.h:142 [inline] geneve_get_v4_rt+0x3a6/0x830 drivers/net/geneve.c:809 geneve_xmit_skb drivers/net/geneve.c:899 [inline] geneve_xmit+0xc4a/0x3540 drivers/net/geneve.c:1082 __netdev_start_xmit include/linux/netdevice.h:4994 [inline] netdev_start_xmit include/linux/netdevice.h:5008 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3606 __dev_queue_xmit+0x299a/0x3650 net/core/dev.c:4229 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1338 [inline] free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1389 free_unref_page_prepare mm/page_alloc.c:3309 [inline] free_unref_page+0x19/0x690 mm/page_alloc.c:3388 qlink_free mm/kasan/quarantine.c:146 [inline] qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:259 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:3234 [inline] kmem_cache_alloc_node+0x255/0x3f0 mm/slub.c:3270 __alloc_skb+0x215/0x340 net/core/skbuff.c:414 alloc_skb include/linux/skbuff.h:1126 [inline] alloc_skb_with_frags+0x93/0x620 net/core/skbuff.c:6078 sock_alloc_send_pskb+0x783/0x910 net/core/sock.c:2575 mld_newpack+0x1df/0x770 net/ipv6/mcast.c:1754 add_grhead+0x265/0x330 net/ipv6/mcast.c:1857 add_grec+0x1053/0x14e0 net/ipv6/mcast.c:1995 mld_send_initial_cr.part.0+0xf6/0x230 net/ipv6/mcast.c:2242 mld_send_initial_cr net/ipv6/mcast.c:1232 [inline] mld_dad_work+0x1d3/0x690 net/ipv6/mcast.c:2268 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445 Memory state around the buggy address: ffff88807f1cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88807f1cb680: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc >ffff88807f1cb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88807f1cb780: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc ffff88807f1cb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: |
||
|
Herbert Xu
|
3813ca3253 |
UPSTREAM: af_key: Do not call xfrm_probe_algs in parallel
[ Upstream commit ba953a9d89a00c078b85f4b190bc1dde66fe16b5 ]
When namespace support was added to xfrm/afkey, it caused the
previously single-threaded call to xfrm_probe_algs to become
multi-threaded. This is buggy and needs to be fixed with a mutex.
Bug: 245674737
Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Fixes:
|
||
|
Johannes Berg
|
3335f95077 |
UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free
Commit ff05d4b45dd89b922578dac497dcabf57cf771c6 upstream.
This is a different version of the commit, changed to store
the non-transmitted profile in the elems, and freeing it in
the few places where it's relevant, since that is only the
case when the last argument for parsing (the non-tx BSSID)
is non-NULL.
When we parse a multi-BSSID element, we might point some
element pointers into the allocated nontransmitted_profile.
However, we free this before returning, causing UAF when the
relevant pointers in the parsed elements are accessed.
Fix this by not allocating the scratch buffer separately but
as part of the returned structure instead, that way, there
are no lifetime issues with it.
The scratch buffer introduction as part of the returned data
here is taken from MLO feature work done by Ilan.
This fixes CVE-2022-42719.
Bug: 253642087
Bug: 256773215
Fixes:
|
||
|
Johannes Berg
|
254348ee7b |
UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response
This is simply not valid and simplifies the next commit.
11;rgb:ffff/ffff/ddddI'll make a separate patch for this in the current main
tree as well.
Bug: 254180332
Bug: 256773215
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
(cherry picked from commit
|
||
|
Johannes Berg
|
3b8b7caece |
UPSTREAM: mac80211: mlme: find auth challenge directly
There's no need to parse all elements etc. just to find the
authentication challenge - use cfg80211_find_elem() instead.
This also allows us to remove WLAN_EID_CHALLENGE handling
from the element parsing entirely.
Bug: 254180332
Bug: 256773215
Link: https://lore.kernel.org/r/20210920154009.45f9b3a15722.Ice3159ffad03a007d6154cbf1fb3a8c48489e86f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
(cherry picked from commit
|
||
|
Johannes Berg
|
97e742c53f |
UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
commit c90b93b5b782891ebfda49d4e5da36632fefd5d1 upstream.
When updating beacon elements in a non-transmitted BSS,
also update the hidden sub-entries to the same beacon
elements, so that a future update through other paths
won't trigger a WARN_ON().
The warning is triggered because the beacon elements in
the hidden BSSes that are children of the BSS should
always be the same as in the parent.
Bug: 254180332
Bug: 256773215
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
a08a4fdd8c |
UPSTREAM: wifi: mac80211: fix crash in beacon protection for P2P-device
commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.
If beacon protection is active but the beacon cannot be
decrypted or is otherwise malformed, we call the cfg80211
API to report this to userspace, but that uses a netdev
pointer, which isn't present for P2P-Device. Fix this to
call it only conditionally to ensure cfg80211 won't crash
in the case of P2P-Device.
This fixes CVE-2022-42722.
Bug: 253642089
Bug: 256773215
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
68544e6856 |
UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption
commit bcca852027e5878aec911a347407ecc88d6fff7f upstream.
If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.
Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.
This fixes CVE-2022-42721.
Bug: 253642088
Bug: 256773215
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
71e1fbbb62 |
UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs
commit 0b7808818cb9df6680f98996b8e9a439fa7bcc2f upstream.
There are multiple refcounting bugs related to multi-BSSID:
- In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
the bss pointer is overwritten before checking for the
transmitted BSS, which is clearly wrong. Fix this by using
the bss_from_pub() macro.
- In cfg80211_bss_update() we copy the transmitted_bss pointer
from tmp into new, but then if we release new, we'll unref
it erroneously. We already set the pointer and ref it, but
need to NULL it since it was copied from the tmp data.
- In cfg80211_inform_single_bss_data(), if adding to the non-
transmitted list fails, we unlink the BSS and yet still we
return it, but this results in returning an entry without
a reference. We shouldn't return it anyway if it was broken
enough to not get added there.
This fixes CVE-2022-42720.
Bug: 253642015
Bug: 256773215
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
32f866aa2e |
UPSTREAM: wifi: cfg80211: ensure length byte is present before access
commit 567e14e39e8f8c6997a1378bc3be615afca86063 upstream.
When iterating the elements here, ensure the length byte is
present before checking it to see if the entire element will
fit into the buffer.
Longer term, we should rewrite this code using the type-safe
element iteration macros that check all of this.
Bug: 254180332
Bug: 256773215
Fixes:
|
||
|
Johannes Berg
|
2fd63a0312 |
UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements
commit 8f033d2becc24aa6bfd2a5c104407963560caabc upstream.
Per spec, the maximum value for the MaxBSSID ('n') indicator is 8,
and the minimum is 1 since a multiple BSSID set with just one BSSID
doesn't make sense (the # of BSSIDs is limited by 2^n).
Limit this in the parsing in both cfg80211 and mac80211, rejecting
any elements with an invalid value.
This fixes potentially bad shifts in the processing of these inside
the cfg80211_gen_new_bssid() function later.
I found this during the investigation of CVE-2022-41674 fixed by the
previous patch.
Bug: 253641805
Bug: 256773215
Fixes:
|
||
|
Johannes Berg
|
39157f2ec2 |
UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
commit aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d upstream.
In the copy code of the elements, we do the following calculation
to reach the end of the MBSSID element:
/* copy the IEs after MBSSID */
cpy_len = mbssid[1] + 2;
This looks fine, however, cpy_len is a u8, the same as mbssid[1],
so the addition of two can overflow. In this case the subsequent
memcpy() will overflow the allocated buffer, since it copies 256
bytes too much due to the way the allocation and memcpy() sizes
are calculated.
Fix this by using size_t for the cpy_len variable.
This fixes CVE-2022-41674.
Bug: 253641805
Bug: 256773215
Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
d61d7ebf6f |
UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free
Commit ff05d4b45dd89b922578dac497dcabf57cf771c6 upstream.
This is a different version of the commit, changed to store
the non-transmitted profile in the elems, and freeing it in
the few places where it's relevant, since that is only the
case when the last argument for parsing (the non-tx BSSID)
is non-NULL.
When we parse a multi-BSSID element, we might point some
element pointers into the allocated nontransmitted_profile.
However, we free this before returning, causing UAF when the
relevant pointers in the parsed elements are accessed.
Fix this by not allocating the scratch buffer separately but
as part of the returned structure instead, that way, there
are no lifetime issues with it.
The scratch buffer introduction as part of the returned data
here is taken from MLO feature work done by Ilan.
This fixes CVE-2022-42719.
Bug: 253642087
Fixes:
|
||
|
Johannes Berg
|
173913b365 |
UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response
This is simply not valid and simplifies the next commit.
I'll make a separate patch for this in the current main
tree as well.
Bug: 254180332
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
(cherry picked from commit
|
||
|
Johannes Berg
|
9ed9ab8ca9 |
UPSTREAM: mac80211: mlme: find auth challenge directly
There's no need to parse all elements etc. just to find the
authentication challenge - use cfg80211_find_elem() instead.
This also allows us to remove WLAN_EID_CHALLENGE handling
from the element parsing entirely.
Bug: 254180332
Link: https://lore.kernel.org/r/20210920154009.45f9b3a15722.Ice3159ffad03a007d6154cbf1fb3a8c48489e86f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
(cherry picked from commit
|
||
|
Johannes Berg
|
d6e68e31b8 |
UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
commit c90b93b5b782891ebfda49d4e5da36632fefd5d1 upstream.
When updating beacon elements in a non-transmitted BSS,
also update the hidden sub-entries to the same beacon
elements, so that a future update through other paths
won't trigger a WARN_ON().
The warning is triggered because the beacon elements in
the hidden BSSes that are children of the BSS should
always be the same as in the parent.
Bug: 254180332
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
3ea906ba30 |
UPSTREAM: wifi: mac80211: fix crash in beacon protection for P2P-device
commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.
If beacon protection is active but the beacon cannot be
decrypted or is otherwise malformed, we call the cfg80211
API to report this to userspace, but that uses a netdev
pointer, which isn't present for P2P-Device. Fix this to
call it only conditionally to ensure cfg80211 won't crash
in the case of P2P-Device.
This fixes CVE-2022-42722.
Bug: 253642089
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
50e27143a5 |
UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption
commit bcca852027e5878aec911a347407ecc88d6fff7f upstream.
If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.
Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.
This fixes CVE-2022-42721.
Bug: 253642088
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
05a0122295 |
UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs
commit 0b7808818cb9df6680f98996b8e9a439fa7bcc2f upstream.
There are multiple refcounting bugs related to multi-BSSID:
- In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
the bss pointer is overwritten before checking for the
transmitted BSS, which is clearly wrong. Fix this by using
the bss_from_pub() macro.
- In cfg80211_bss_update() we copy the transmitted_bss pointer
from tmp into new, but then if we release new, we'll unref
it erroneously. We already set the pointer and ref it, but
need to NULL it since it was copied from the tmp data.
- In cfg80211_inform_single_bss_data(), if adding to the non-
transmitted list fails, we unlink the BSS and yet still we
return it, but this results in returning an entry without
a reference. We shouldn't return it anyway if it was broken
enough to not get added there.
This fixes CVE-2022-42720.
Bug: 253642015
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
2e8c292e35 |
UPSTREAM: wifi: cfg80211: ensure length byte is present before access
commit 567e14e39e8f8c6997a1378bc3be615afca86063 upstream.
When iterating the elements here, ensure the length byte is
present before checking it to see if the entire element will
fit into the buffer.
Longer term, we should rewrite this code using the type-safe
element iteration macros that check all of this.
Bug: 254180332
Fixes:
|
||
|
Johannes Berg
|
5f6b14356a |
UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements
commit 8f033d2becc24aa6bfd2a5c104407963560caabc upstream.
Per spec, the maximum value for the MaxBSSID ('n') indicator is 8,
and the minimum is 1 since a multiple BSSID set with just one BSSID
doesn't make sense (the # of BSSIDs is limited by 2^n).
Limit this in the parsing in both cfg80211 and mac80211, rejecting
any elements with an invalid value.
This fixes potentially bad shifts in the processing of these inside
the cfg80211_gen_new_bssid() function later.
I found this during the investigation of CVE-2022-41674 fixed by the
previous patch.
Bug: 253641805
Fixes:
|
||
|
Johannes Berg
|
6aeb3ccf09 |
UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
commit aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d upstream.
In the copy code of the elements, we do the following calculation
to reach the end of the MBSSID element:
/* copy the IEs after MBSSID */
cpy_len = mbssid[1] + 2;
This looks fine, however, cpy_len is a u8, the same as mbssid[1],
so the addition of two can overflow. In this case the subsequent
memcpy() will overflow the allocated buffer, since it copies 256
bytes too much due to the way the allocation and memcpy() sizes
are calculated.
Fix this by using size_t for the cpy_len variable.
This fixes CVE-2022-41674.
Bug: 253641805
Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Greg Kroah-Hartman
|
2498b03977 |
Merge 5.10.149 into android12-5.10-lts
Changes in 5.10.149 Revert "fs: check FMODE_LSEEK to control internal pipe splicing" mac80211: mlme: find auth challenge directly wifi: mac80211: don't parse mbssid in assoc response wifi: mac80211: fix MBSSID parsing use-after-free Linux 5.10.149 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I527f235f0d3e4c1de679bb54c6714aac5021b0f9 |
||
|
Johannes Berg
|
31ce5da48a |
wifi: mac80211: fix MBSSID parsing use-after-free
Commit ff05d4b45dd89b922578dac497dcabf57cf771c6 upstream.
This is a different version of the commit, changed to store
the non-transmitted profile in the elems, and freeing it in
the few places where it's relevant, since that is only the
case when the last argument for parsing (the non-tx BSSID)
is non-NULL.
When we parse a multi-BSSID element, we might point some
element pointers into the allocated nontransmitted_profile.
However, we free this before returning, causing UAF when the
relevant pointers in the parsed elements are accessed.
Fix this by not allocating the scratch buffer separately but
as part of the returned structure instead, that way, there
are no lifetime issues with it.
The scratch buffer introduction as part of the returned data
here is taken from MLO feature work done by Ilan.
This fixes CVE-2022-42719.
Fixes:
|
||
|
Johannes Berg
|
353b5c8d4b |
wifi: mac80211: don't parse mbssid in assoc response
This is simply not valid and simplifies the next commit. I'll make a separate patch for this in the current main tree as well. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Johannes Berg
|
66dacdbc2e |
mac80211: mlme: find auth challenge directly
There's no need to parse all elements etc. just to find the authentication challenge - use cfg80211_find_elem() instead. This also allows us to remove WLAN_EID_CHALLENGE handling from the element parsing entirely. Link: https://lore.kernel.org/r/20210920154009.45f9b3a15722.Ice3159ffad03a007d6154cbf1fb3a8c48489e86f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
c1e111543d |
Merge 5.10.148 into android12-5.10-lts
Changes in 5.10.148
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
nilfs2: fix use-after-free bug of struct nilfs_root
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
ceph: don't truncate file in atomic_open
Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
docs: update mediator information in CoC docs
perf tools: Fixup get_current_dir_name() compilation
xsk: Inherit need_wakeup flag for shared sockets
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
mm: gup: fix the fast GUP race against THP collapse
powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush
fs: fix UAF/GPF bug in nilfs_mdt_destroy
compiler_attributes.h: move __compiletime_{error|warning}
firmware: arm_scmi: Add SCMI PM driver remove routine
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
scsi: qedf: Fix a UAF bug in __qedf_probe()
net/ieee802154: fix uninit value bug in dgram_sendmsg
ALSA: hda/hdmi: Fix the converter reuse for the silent stream
um: Cleanup syscall_handler_t cast in syscalls_32.h
um: Cleanup compiler warning in arch/x86/um/tls_32.c
arch: um: Mark the stack non-executable to fix a binutils warning
net: atlantic: fix potential memory leak in aq_ndev_close()
drm/amd/display: update gamut remap if plane has changed
drm/amd/display: skip audio setup when audio stream is enabled
mmc: core: Replace with already defined values for readability
mmc: core: Terminate infinite loop in SD-UHS voltage switch
usb: mon: make mmapped memory read only
USB: serial: ftdi_sio: fix 300 bps rate for SIO
rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5"
random: restore O_NONBLOCK support
random: clamp credited irq bits to maximum mixed
ALSA: hda: Fix position reporting on Poulsbo
efi: Correct Macmini DMI match in uefi cert quirk
scsi: stex: Properly zero out the passthrough command structure
USB: serial: qcserial: add new usb-id for Dell branded EM7455
random: avoid reading two cache lines on irq randomness
random: use expired timer rather than wq for mixing fast pool
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
wifi: cfg80211/mac80211: reject bad MBSSID elements
wifi: cfg80211: ensure length byte is present before access
wifi: cfg80211: fix BSS refcounting bugs
wifi: cfg80211: avoid nontransmitted BSS list corruption
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
wifi: mac80211: fix crash in beacon protection for P2P-device
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
Input: xpad - add supported devices as contributed on github
Input: xpad - fix wireless 360 controller breaking after suspend
misc: pci_endpoint_test: Aggregate params checking for xfer
misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
Linux 5.10.148
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ieced30eaa00066cb2fc36836250f8f0a553f490f
|
||
|
Johannes Berg
|
b2b9386667 |
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
commit c90b93b5b782891ebfda49d4e5da36632fefd5d1 upstream.
When updating beacon elements in a non-transmitted BSS,
also update the hidden sub-entries to the same beacon
elements, so that a future update through other paths
won't trigger a WARN_ON().
The warning is triggered because the beacon elements in
the hidden BSSes that are children of the BSS should
always be the same as in the parent.
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
58c0306d0b |
wifi: mac80211: fix crash in beacon protection for P2P-device
commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.
If beacon protection is active but the beacon cannot be
decrypted or is otherwise malformed, we call the cfg80211
API to report this to userspace, but that uses a netdev
pointer, which isn't present for P2P-Device. Fix this to
call it only conditionally to ensure cfg80211 won't crash
in the case of P2P-Device.
This fixes CVE-2022-42722.
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
b0e5c5deb7 |
wifi: cfg80211: avoid nontransmitted BSS list corruption
commit bcca852027e5878aec911a347407ecc88d6fff7f upstream.
If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.
Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.
This fixes CVE-2022-42721.
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
6b94484503 |
wifi: cfg80211: fix BSS refcounting bugs
commit 0b7808818cb9df6680f98996b8e9a439fa7bcc2f upstream.
There are multiple refcounting bugs related to multi-BSSID:
- In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
the bss pointer is overwritten before checking for the
transmitted BSS, which is clearly wrong. Fix this by using
the bss_from_pub() macro.
- In cfg80211_bss_update() we copy the transmitted_bss pointer
from tmp into new, but then if we release new, we'll unref
it erroneously. We already set the pointer and ref it, but
need to NULL it since it was copied from the tmp data.
- In cfg80211_inform_single_bss_data(), if adding to the non-
transmitted list fails, we unlink the BSS and yet still we
return it, but this results in returning an entry without
a reference. We shouldn't return it anyway if it was broken
enough to not get added there.
This fixes CVE-2022-42720.
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Johannes Berg
|
6144c97f96 |
wifi: cfg80211: ensure length byte is present before access
commit 567e14e39e8f8c6997a1378bc3be615afca86063 upstream.
When iterating the elements here, ensure the length byte is
present before checking it to see if the entire element will
fit into the buffer.
Longer term, we should rewrite this code using the type-safe
element iteration macros that check all of this.
Fixes:
|
||
|
Johannes Berg
|
e7aa7fd10e |
wifi: cfg80211/mac80211: reject bad MBSSID elements
commit 8f033d2becc24aa6bfd2a5c104407963560caabc upstream.
Per spec, the maximum value for the MaxBSSID ('n') indicator is 8,
and the minimum is 1 since a multiple BSSID set with just one BSSID
doesn't make sense (the # of BSSIDs is limited by 2^n).
Limit this in the parsing in both cfg80211 and mac80211, rejecting
any elements with an invalid value.
This fixes potentially bad shifts in the processing of these inside
the cfg80211_gen_new_bssid() function later.
I found this during the investigation of CVE-2022-41674 fixed by the
previous patch.
Fixes:
|
||
|
Johannes Berg
|
a6408e0b69 |
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
commit aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d upstream.
In the copy code of the elements, we do the following calculation
to reach the end of the MBSSID element:
/* copy the IEs after MBSSID */
cpy_len = mbssid[1] + 2;
This looks fine, however, cpy_len is a u8, the same as mbssid[1],
so the addition of two can overflow. In this case the subsequent
memcpy() will overflow the allocated buffer, since it copies 256
bytes too much due to the way the allocation and memcpy() sizes
are calculated.
Fix this by using size_t for the cpy_len variable.
This fixes CVE-2022-41674.
Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes:
|
||
|
Haimin Zhang
|
c1337f8ea8 |
net/ieee802154: fix uninit value bug in dgram_sendmsg
[ Upstream commit 94160108a70c8af17fa1484a37e05181c0e094af ] There is uninit value bug in dgram_sendmsg function in net/ieee802154/socket.c when the length of valid data pointed by the msg->msg_name isn't verified. We introducing a helper function ieee802154_sockaddr_check_size to check namelen. First we check there is addr_type in ieee802154_addr_sa. Then, we check namelen according to addr_type. Also fixed in raw_bind, dgram_bind, dgram_connect. Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |