[ Upstream commit 7d1025e559782b58824b36cb8ad547a69f2e4b31 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_dointvec_ms_jiffies() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_dointvec_ms_jiffies() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e877820877663fbae8cb9582ea597a7230b94df3 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_dointvec_jiffies() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_dointvec_jiffies() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c31bcc8fb89fc2812663900589c6325ba35d9a65 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_doulongvec_minmax() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_doulongvec_minmax() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2d3b559df3ed39258737789aae2ae7973d205bc1 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_douintvec_minmax() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_douintvec_minmax() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
Fixes: 61d9b56a89 ("sysctl: add unsigned int range support")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f613d86d014b6375a4085901de39406598121e35 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_dointvec_minmax() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_dointvec_minmax() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4762b532ec9539755aab61445d5da6e1926ccb99 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE()
internally to fix data-races on the sysctl side. For now, proc_douintvec()
itself is tolerant to a data-race, but we still need to add annotations on
the other subsystem's side.
Fixes: e7d316a02f ("sysctl: handle error writing UINT_MAX to u32 fields")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1f1be04b4d48a2475ea1aab46a99221bfc5c0968 ]
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_dointvec() to use READ_ONCE() and WRITE_ONCE()
internally to fix data-races on the sysctl side. For now, proc_dointvec()
itself is tolerant to a data-race, but we still need to add annotations on
the other subsystem's side.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 07fd5b6cdf3cc30bfde8fe0f644771688be04447 upstream.
Each cset (css_set) is pinned by its tasks. When we're moving tasks around
across csets for a migration, we need to hold the source and destination
csets to ensure that they don't go away while we're moving tasks about. This
is done by linking cset->mg_preload_node on either the
mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the
same cset->mg_preload_node for both the src and dst lists was deemed okay as
a cset can't be both the source and destination at the same time.
Unfortunately, this overloading becomes problematic when multiple tasks are
involved in a migration and some of them are identity noop migrations while
others are actually moving across cgroups. For example, this can happen with
the following sequence on cgroup1:
#1> mkdir -p /sys/fs/cgroup/misc/a/b
#2> echo $$ > /sys/fs/cgroup/misc/a/cgroup.procs
#3> RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS &
#4> PID=$!
#5> echo $PID > /sys/fs/cgroup/misc/a/b/tasks
#6> echo $PID > /sys/fs/cgroup/misc/a/cgroup.procs
the process including the group leader back into a. In this final migration,
non-leader threads would be doing identity migration while the group leader
is doing an actual one.
After #3, let's say the whole process was in cset A, and that after #4, the
leader moves to cset B. Then, during #6, the following happens:
1. cgroup_migrate_add_src() is called on B for the leader.
2. cgroup_migrate_add_src() is called on A for the other threads.
3. cgroup_migrate_prepare_dst() is called. It scans the src list.
4. It notices that B wants to migrate to A, so it tries to A to the dst
list but realizes that its ->mg_preload_node is already busy.
5. and then it notices A wants to migrate to A as it's an identity
migration, it culls it by list_del_init()'ing its ->mg_preload_node and
putting references accordingly.
6. The rest of migration takes place with B on the src list but nothing on
the dst list.
This means that A isn't held while migration is in progress. If all tasks
leave A before the migration finishes and the incoming task pins it, the
cset will be destroyed leading to use-after-free.
This is caused by overloading cset->mg_preload_node for both src and dst
preload lists. We wanted to exclude the cset from the src list but ended up
inadvertently excluding it from the dst list too.
This patch fixes the issue by separating out cset->mg_preload_node into
->mg_src_preload_node and ->mg_dst_preload_node, so that the src and dst
preloadings don't interfere with each other.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reported-by: shisiyuan <shisiyuan19870131@gmail.com>
Link: http://lkml.kernel.org/r/1654187688-27411-1-git-send-email-shisiyuan@xiaomi.com
Link: https://www.spinics.net/lists/cgroups/msg33313.html
Fixes: f817de9851 ("cgroup: prepare migration path for unified hierarchy")
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7edc3945bdce9c39198a10d6129377a5c53559c2 upstream.
This reverts commit 46bbe5c671.
As commit 46bbe5c671 ("tracing: fix double free") said, the
"double free" problem reported by clang static analyzer is:
> In parse_var_defs() if there is a problem allocating
> var_defs.expr, the earlier var_defs.name is freed.
> This free is duplicated by free_var_defs() which frees
> the rest of the list.
However, if there is a problem allocating N-th var_defs.expr:
+ in parse_var_defs(), the freed 'earlier var_defs.name' is
actually the N-th var_defs.name;
+ then in free_var_defs(), the names from 0th to (N-1)-th are freed;
IF ALLOCATING PROBLEM HAPPENED HERE!!! -+
\
|
0th 1th (N-1)-th N-th V
+-------------+-------------+-----+-------------+-----------
var_defs: | name | expr | name | expr | ... | name | expr | name | ///
+-------------+-------------+-----+-------------+-----------
These two frees don't act on same name, so there was no "double free"
problem before. Conversely, after that commit, we get a "memory leak"
problem because the above "N-th var_defs.name" is not freed.
If enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th
var_defs.expr allocated, then execute on shell like:
$ echo 'hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc' > \
/sys/kernel/debug/tracing/events/kmem/kmalloc/trigger
Then kmemleak reports:
unreferenced object 0xffff8fb100ef3518 (size 8):
comm "bash", pid 196, jiffies 4295681690 (age 28.538s)
hex dump (first 8 bytes):
76 31 00 00 b1 8f ff ff v1......
backtrace:
[<0000000038fe4895>] kstrdup+0x2d/0x60
[<00000000c99c049a>] event_hist_trigger_parse+0x206f/0x20e0
[<00000000ae70d2cc>] trigger_process_regex+0xc0/0x110
[<0000000066737a4c>] event_trigger_write+0x75/0xd0
[<000000007341e40c>] vfs_write+0xbb/0x2a0
[<0000000087fde4c2>] ksys_write+0x59/0xd0
[<00000000581e9cdf>] do_syscall_64+0x3a/0x80
[<00000000cf3b065c>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Link: https://lkml.kernel.org/r/20220711014731.69520-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes: 46bbe5c671 ("tracing: fix double free")
Reported-by: Hulk Robot <hulkci@huawei.com>
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Reviewed-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d5b36a4dbd06c5e8e36ca8ccc552f679069e2946 upstream.
As Chris explains, the comment above exit_itimers() is not correct,
we can race with proc_timers_seq_ops. Change exit_itimers() to clear
signal->posix_timers with ->siglock held.
Cc: <stable@vger.kernel.org>
Reported-by: chris@accessvector.net
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add vendor hook when detecting process status through
pidfd_open.
Bug: 238725692
Change-Id: I565988cb8bf6dd44ab4dc15c410c2dcf50703def
Signed-off-by: xiaofeng <xiaofeng5@xiaomi.com>
We can't add more values to the cpuhp_state enum, lest we break some
vendor module. So instead break out existing steps into helper functions
which call both steps. Fortunately none of these steps return anything
other than 0, so we don't need to worry about rollback.
Bug: 161946584
Fixes: 5064550d42 ("random: clear fast pool, crng, and batches in cpuhp bring up")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icaa61291207d799bab741be7bab2b636cda09422
Changes in 5.10.119
lockdown: also lock down previous kgdb use
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
KVM: x86: Properly handle APF vs disabled LAPIC situation
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
ACPI: sysfs: Make sparse happy about address space in use
ACPI: sysfs: Fix BERT error region memory mapping
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
MAINTAINERS: add git tree for random.c
crypto: lib/blake2s - Move selftest prototype into header file
crypto: blake2s - define shash_alg structs using macros
crypto: x86/blake2s - define shash_alg structs using macros
crypto: blake2s - remove unneeded includes
crypto: blake2s - move update and final logic to internal/blake2s.h
crypto: blake2s - share the "shash" API boilerplate code
crypto: blake2s - optimize blake2s initialization
crypto: blake2s - add comment for blake2s_state fields
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
lib/crypto: blake2s: include as built-in
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: selectively clang-format where it makes sense
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: get rid of secondary crngs
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use simpler fast key erasure flow on per-cpu keys
random: use hash function for crng_slow_load()
random: make more consistent use of integer types
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: fix locking for crng_init in crng_reseed()
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group crng functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: allow partial reads if later user copies fail
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
riscv: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: use first 128 bits of input as fast init
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: move initialization out of reseeding hot path
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: make consistent use of buf and len
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: unify batched entropy implementations
random: convert to using fops->read_iter()
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
ALSA: ctxfi: Add SB046x PCI ID
Linux 5.10.119
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I65f898474b7704881a3dd528012e7e91b09b3767
commit 3844d153a41adea718202c10ae91dc96b37453b5 upstream.
Kuee reported a corner case where the tnum becomes constant after the call
to __reg_bound_offset(), but the register's bounds are not, that is, its
min bounds are still not equal to the register's max bounds.
This in turn allows to leak pointers through turning a pointer register as
is into an unknown scalar via adjust_ptr_min_max_vals().
Before:
func#0 @0
0: R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
0: (b7) r0 = 1 ; R0_w=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0))
1: (b7) r3 = 0 ; R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0))
2: (87) r3 = -r3 ; R3_w=scalar()
3: (87) r3 = -r3 ; R3_w=scalar()
4: (47) r3 |= 32767 ; R3_w=scalar(smin=-9223372036854743041,umin=32767,var_off=(0x7fff; 0xffffffffffff8000),s32_min=-2147450881)
5: (75) if r3 s>= 0x0 goto pc+1 ; R3_w=scalar(umin=9223372036854808575,var_off=(0x8000000000007fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)
6: (95) exit
from 5 to 7: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
7: (d5) if r3 s<= 0x8000 goto pc+1 ; R3=scalar(umin=32769,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)
8: (95) exit
from 7 to 9: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=32768,var_off=(0x7fff; 0x8000)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
9: (07) r3 += -32767 ; R3_w=scalar(imm=0,umax=1,var_off=(0x0; 0x0)) <--- [*]
10: (95) exit
What can be seen here is that R3=scalar(umin=32767,umax=32768,var_off=(0x7fff;
0x8000)) after the operation R3 += -32767 results in a 'malformed' constant, that
is, R3_w=scalar(imm=0,umax=1,var_off=(0x0; 0x0)). Intersecting with var_off has
not been done at that point via __update_reg_bounds(), which would have improved
the umax to be equal to umin.
Refactor the tnum <> min/max bounds information flow into a reg_bounds_sync()
helper and use it consistently everywhere. After the fix, bounds have been
corrected to R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0)) and thus the register
is regarded as a 'proper' constant scalar of 0.
After:
func#0 @0
0: R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
0: (b7) r0 = 1 ; R0_w=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0))
1: (b7) r3 = 0 ; R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0))
2: (87) r3 = -r3 ; R3_w=scalar()
3: (87) r3 = -r3 ; R3_w=scalar()
4: (47) r3 |= 32767 ; R3_w=scalar(smin=-9223372036854743041,umin=32767,var_off=(0x7fff; 0xffffffffffff8000),s32_min=-2147450881)
5: (75) if r3 s>= 0x0 goto pc+1 ; R3_w=scalar(umin=9223372036854808575,var_off=(0x8000000000007fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)
6: (95) exit
from 5 to 7: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
7: (d5) if r3 s<= 0x8000 goto pc+1 ; R3=scalar(umin=32769,umax=9223372036854775807,var_off=(0x7fff; 0x7fffffffffff8000),s32_min=-2147450881,u32_min=32767)
8: (95) exit
from 7 to 9: R0=scalar(imm=1,umin=1,umax=1,var_off=(0x1; 0x0)) R1=ctx(off=0,imm=0,umax=0,var_off=(0x0; 0x0)) R3=scalar(umin=32767,umax=32768,var_off=(0x7fff; 0x8000)) R10=fp(off=0,imm=0,umax=0,var_off=(0x0; 0x0))
9: (07) r3 += -32767 ; R3_w=scalar(imm=0,umax=0,var_off=(0x0; 0x0)) <--- [*]
10: (95) exit
Fixes: b03c9f9fdc ("bpf/verifier: track signed and unsigned min/max values")
Reported-by: Kuee K1r0a <liulin063@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220701124727.11153-2-daniel@iogearbox.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a12ca6277eca6aeeccf66e840c23a2b520e24c8f upstream.
Kuee reported a quirk in the jmp32's jeq/jne simulation, namely that the
register value does not match expectations for the fall-through path. For
example:
Before fix:
0: R1=ctx(off=0,imm=0) R10=fp0
0: (b7) r2 = 0 ; R2_w=P0
1: (b7) r6 = 563 ; R6_w=P563
2: (87) r2 = -r2 ; R2_w=Pscalar()
3: (87) r2 = -r2 ; R2_w=Pscalar()
4: (4c) w2 |= w6 ; R2_w=Pscalar(umin=563,umax=4294967295,var_off=(0x233; 0xfffffdcc),s32_min=-2147483085) R6_w=P563
5: (56) if w2 != 0x8 goto pc+1 ; R2_w=P571 <--- [*]
6: (95) exit
R0 !read_ok
After fix:
0: R1=ctx(off=0,imm=0) R10=fp0
0: (b7) r2 = 0 ; R2_w=P0
1: (b7) r6 = 563 ; R6_w=P563
2: (87) r2 = -r2 ; R2_w=Pscalar()
3: (87) r2 = -r2 ; R2_w=Pscalar()
4: (4c) w2 |= w6 ; R2_w=Pscalar(umin=563,umax=4294967295,var_off=(0x233; 0xfffffdcc),s32_min=-2147483085) R6_w=P563
5: (56) if w2 != 0x8 goto pc+1 ; R2_w=P8 <--- [*]
6: (95) exit
R0 !read_ok
As can be seen on line 5 for the branch fall-through path in R2 [*] is that
given condition w2 != 0x8 is false, verifier should conclude that r2 = 8 as
upper 32 bit are known to be zero. However, verifier incorrectly concludes
that r2 = 571 which is far off.
The problem is it only marks false{true}_reg as known in the switch for JE/NE
case, but at the end of the function, it uses {false,true}_{64,32}off to
update {false,true}_reg->var_off and they still hold the prior value of
{false,true}_reg->var_off before it got marked as known. The subsequent
__reg_combine_32_into_64() then propagates this old var_off and derives new
bounds. The information between min/max bounds on {false,true}_reg from
setting the register to known const combined with the {false,true}_reg->var_off
based on the old information then derives wrong register data.
Fix it by detangling the BPF_JEQ/BPF_JNE cases and updating relevant
{false,true}_{64,32}off tnums along with the register marking to known
constant.
Fixes: 3f50f132d8 ("bpf: Verifier, do explicit ALU32 bounds tracking")
Reported-by: Kuee K1r0a <liulin063@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220701124727.11153-1-daniel@iogearbox.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Each cset (css_set) is pinned by its tasks. When we're moving tasks around
across csets for a migration, we need to hold the source and destination
csets to ensure that they don't go away while we're moving tasks about. This
is done by linking cset->mg_preload_node on either the
mgctx->preloaded_dst_csets or mgctx->preloaded_dst_csets list. Using the
same cset->mg_preload_node for both the src and dst lists was deemed okay as
a cset can't be both the source and destination at the same time.
Unfortunately, this overloading becomes problematic when multiple tasks are
involved in a migration and some of them are identity noop migrations while
others are actually moving across cgroups. For example, this can happen with
the following sequence on cgroup1:
#1> mkdir -p /sys/fs/cgroup/misc/a/b
#2> echo $$ > /sys/fs/cgroup/misc/a/cgroup.procs
#3> RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS &
#4> PID=$!
#5> echo $PID > /sys/fs/cgroup/misc/a/b/tasks
#6> echo $PID > /sys/fs/cgroup/misc/a/cgroup.procs
the process including the group leader back into a. In this final migration,
non-leader threads would be doing identity migration while the group leader
is doing an actual one.
After #3, let's say the whole process was in cset A, and that after #4, the
leader moves to cset B. Then, during #6, the following happens:
1. cgroup_migrate_add_src() is called on B for the leader.
2. cgroup_migrate_add_src() is called on A for the other threads.
3. cgroup_migrate_prepare_dst() is called. It scans the src list.
3. It notices that B wants to migrate to A, so it tries to A to the dst
list but realizes that its ->mg_preload_node is already busy.
4. and then it notices A wants to migrate to A as it's an identity
migration, it culls it by list_del_init()'ing its ->mg_preload_node and
putting references accordingly.
5. The rest of migration takes place with B on the src list but nothing on
the dst list.
This means that A isn't held while migration is in progress. If all tasks
leave A before the migration finishes and the incoming task pins it, the
cset will be destroyed leading to use-after-free.
This is caused by overloading cset->mg_preload_node for both src and dst
preload lists. We wanted to exclude the cset from the src list but ended up
inadvertently excluding it from the dst list too.
This patch fixes the issue by separating out cset->mg_preload_node into
->mg_src_preload_node and ->mg_dst_preload_node, so that the src and dst
preloadings don't interfere with each other.
Bug: 236582926
Change-Id: Ieaf1c0c8fc23753570897fd6e48a54335ab939ce
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reported-by: shisiyuan <shisiyuan19870131@gmail.com>
Link: http://lkml.kernel.org/r/1654187688-27411-1-git-send-email-shisiyuan@xiaomi.com
Link: https://lore.kernel.org/lkml/Yh+RGIJ0f3nrqIiN@slm.duckdns.org/#t
Fixes: f817de9851 ("cgroup: prepare migration path for unified hierarchy")
Cc: stable@vger.kernel.org # v3.16+
(cherry picked from commit 07fd5b6cdf3cc30bfde8fe0f644771688be04447
https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git for-5.19-fixes)
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
[mojha: Move the two new list heads into a wrapper ext_css_set struct to ensure
ABI doesn't break and also defined a macro init_css_set which will be replaced
with init_ext_css_set.cset to avoid too much code changes]
commit 2390095113e98fc52fffe35c5206d30d9efe3f78 upstream.
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it had been broken for a decade.
Commit 28438794aba4 ("modpost: fix section mismatch check for exported
init/exit sections") fixed it so modpost started to warn it again, then
this showed up:
MODPOST vmlinux.symvers
WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
The symbol tick_nohz_full_setup is exported and annotated __init
Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.
Drop the export because tick_nohz_full_setup() is only called from the
built-in code in kernel/sched/isolation.c.
Fixes: ae9e557b5b ("time: Export tick start/stop functions for rcutorture")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Backlund <tmb@tmb.nu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
check_sync() checks for whether device driver DMA sync sg list entry count equals to map sg list entry count, but in struct dma_buf_ops, there has below interface:
int (*begin_cpu_access_partial)
int (*end_cpu_access_partial)
When vendor implement these interface in dma heap to support dma-buf partial cache sync for performance improvement, in dma_buf_ops of heap, we copy a sgtable from orginal sgtable but with necessary nents, it will less then nents used in map attachment, in the way, the following warning had occurred:
DMA-API: device_xxx: device driver syncs DMA sg list with different entry count [map count=5] [sync count=1]
Call trace:
check_sync+0x6d8/0xb40
debug_dma_sync_sg_for_cpu+0x114/0x16c
dma_sync_sg_for_cpu+0xa0/0xe4
So need change check conditation in check_sync to support dma-buf partial cache sync.
Bug: 236343688
Signed-off-by: Mingyuan Ma <mingyuan.ma@mediatek.com>
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Change-Id: I2f4db3b156e752eeb022927957f77a3fa534a573
(cherry picked from commit d61fe3ad4bab3f4bc040e7ac0c7ec919b50e8a43)
commit 4a37f3dd9a83186cb88d44808ab35b78375082c9 upstream.
The original x86 sev_alloc() only called set_memory_decrypted() on
memory returned by alloc_pages_node(), so the page order calculation
fell out of that logic. However, the common dma-direct code has several
potential allocators, not all of which are guaranteed to round up the
underlying allocation to a power-of-two size, so carrying over that
calculation for the encryption/decryption size was a mistake. Fix it by
rounding to a *number* of pages, rather than an order.
Until recently there was an even worse interaction with DMA_DIRECT_REMAP
where we could have ended up decrypting part of the next adjacent
vmalloc area, only averted by no architecture actually supporting both
configs at once. Don't ask how I found that one out...
Fixes: c10f07aa27 ("dma/direct: Handle force decryption for DMA coherent buffers in common code")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: David Rientjes <rientjes@google.com>
[ backport the functional change without all the prior refactoring ]
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e19f8fa6ce1ca9b8b934ba7d2e8f34c95abc6e60 ]
Limit the error msg to avoid flooding the console. If you have a lot of
threads hitting this at once, they could have already gotten passed the
dma_debug_disabled() check before they get to the point of allocation
failure, resulting in quite a lot of this error message spamming the
log. Use pr_err_once() to limit that.
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b45043192b3e481304062938a6561da2ceea46a6 upstream.
This is a backport of the original upstream patch for 5.4/5.10.
The original upstream patch has been applied to 5.4/5.10 branches, which
simply removed the line:
cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
This is correct for upstream branch but incorrect for 5.4/5.10 branches,
as the 5.4/5.10 branches do not have the commit 370868107bf6 ("bpf:
Eliminate rlimit-based memory accounting for stackmap maps"), so the
bpf_map_charge_init() function has not been removed.
Currently the bpf_map_charge_init() function in 5.4/5.10 branches takes a
wrong memory charge cost, the
attr->max_entries * (sizeof(struct stack_map_bucket) + (u64)value_size))
part is missing, let's fix it.
Cc: <stable@vger.kernel.org> # 5.4.y
Cc: <stable@vger.kernel.org> # 5.10.y
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* keystone/mirror-android12-5.10-2022-06: (1166 commits)
BACKPORT: exfat: improve write performance when dirsync enabled
FROMGIT: usb: gadget: uvc: calculate the number of request depending on framesize
ANDROID: GKI: Add tracing_is_on interface into symbol list
UPSTREAM: usb: gadget: f_mass_storage: Make CD-ROM emulation work with Mac OS-X
BACKPORT: io_uring: fix race between timeout flush and removal
BACKPORT: net/sched: cls_u32: fix netns refcount changes in u32_change()
UPSTREAM: io_uring: always use original task when preparing req identity
FROMLIST: remoteproc: Fix dma_mem leak after rproc_shutdown
FROMLIST: dma-mapping: Add dma_release_coherent_memory to DMA API
ANDROID: Update QCOM symbol list for __reset_control_get
ANDROID: vendor_hooks: Add hooks for mutex
BACKPORT: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
ANDROID: fix up abi issue with struct snd_pcm_runtime, again
Revert "coredump: Snapshot the vmas in do_coredump"
Revert "coredump: Remove the WARN_ON in dump_vma_snapshot"
Revert "coredump: Use the vma snapshot in fill_files_note"
Revert "pstore: Don't use semaphores in always-atomic-context code"
Revert "PCI: Reduce warnings on possible RW1C corruption"
ANDROID: GKI: fix crc issue with commit ce1927b8cf ("block: don't merge across cgroup boundaries if blkcg is enabled")
ANDROID: remove CONFIG_HW_RANDOM_CAVIUM from arm64 gki_defconfig
...
Signed-off-by: deyaoren@google.com <deyaoren@google.com>
Change-Id: I33849fc486eb1f5fe38aa07aa9aa3436b0e0519b
Bug: 236589610
[ Upstream commit ef9188bcc6ca1d8a2ad83e826b548e6820721061 ]
To prepare for support asynchronous tracer_init_tracefs initcall,
avoid calling create_trace_option_files before __update_tracer_options.
Otherwise, create_trace_option_files will show warning because
some tracers in trace_types list are already in tr->topts.
For example, hwlat_tracer call register_tracer in late_initcall,
and global_trace.dir is already created in tracing_init_dentry,
hwlat_tracer will be put into tr->topts.
Then if the __update_tracer_options is executed after hwlat_tracer
registered, create_trace_option_files find that hwlat_tracer is
already in tr->topts.
Link: https://lkml.kernel.org/r/20220426122407.17042-2-mark-pk.tsai@mediatek.com
Link: https://lore.kernel.org/lkml/20220322133339.GA32582@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 12025abdc8539ed9d5014e2d647a3fd1bd3de5cd ]
When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the
cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the
atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,
these locks are replaced with sleepable rt-spinlock, so the stack calltrace will
be triggered.
Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start
tp_printk=1" enabled.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
[<ffffffff8992303e>] try_to_wake_up+0x7e/0xba0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x60/0x8c
dump_stack+0x10/0x12
__might_resched.cold+0x11d/0x155
rt_spin_lock+0x40/0x70
trace_event_buffer_commit+0x2fa/0x4c0
? map_vsyscall+0x93/0x93
trace_event_raw_event_initcall_start+0xbe/0x110
? perf_trace_initcall_finish+0x210/0x210
? probe_sched_wakeup+0x34/0x40
? ttwu_do_wakeup+0xda/0x310
? trace_hardirqs_on+0x35/0x170
? map_vsyscall+0x93/0x93
do_one_initcall+0x217/0x3c0
? trace_event_raw_event_initcall_level+0x170/0x170
? push_cpu_stop+0x400/0x400
? cblist_init_generic+0x241/0x290
kernel_init_freeable+0x1ac/0x347
? _raw_spin_unlock_irq+0x65/0x80
? rest_init+0xf0/0xf0
kernel_init+0x1e/0x150
ret_from_fork+0x22/0x30
</TASK>
Link: https://lkml.kernel.org/r/20220419013910.894370-1-jun.miao@intel.com
Signed-off-by: Jun Miao <jun.miao@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit caff1fa4118cec4dfd4336521ebd22a6408a1e3e ]
I think there is something wrong with BPF_PROBE_MEM in ___bpf_prog_run()
in big-endian machine. Let's make a test and see what will happen if we
want to load a 'u16' with BPF_PROBE_MEM.
Let's make the src value '0x0001', the value of dest register will become
0x0001000000000000, as the value will be loaded to the first 2 byte of
DST with following code:
bpf_probe_read_kernel(&DST, SIZE, (const void *)(long) (SRC + insn->off));
Obviously, the value in DST is not correct. In fact, we can compare
BPF_PROBE_MEM with LDX_MEM_H:
DST = *(SIZE *)(unsigned long) (SRC + insn->off);
If the memory load is done by LDX_MEM_H, the value in DST will be 0x1 now.
And I think this error results in the test case 'test_bpf_sk_storage_map'
failing:
test_bpf_sk_storage_map:PASS:bpf_iter_bpf_sk_storage_map__open_and_load 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:attach_iter 0 nsec
test_bpf_sk_storage_map:PASS:create_iter 0 nsec
test_bpf_sk_storage_map:PASS:read 0 nsec
test_bpf_sk_storage_map:FAIL:ipv6_sk_count got 0 expected 3
$10/26 bpf_iter/bpf_sk_storage_map:FAIL
The code of the test case is simply, it will load sk->sk_family to the
register with BPF_PROBE_MEM and check if it is AF_INET6. With this patch,
now the test case 'bpf_iter' can pass:
$10 bpf_iter:OK
Fixes: 2a02759ef5 ("bpf: Add support for BTF pointers to interpreter")
Signed-off-by: Menglong Dong <imagedong@tencent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jiang Biao <benbjiang@tencent.com>
Reviewed-by: Hao Peng <flyingpeng@tencent.com>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Link: https://lore.kernel.org/bpf/20220524021228.533216-1-imagedong@tencent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream.
Since commit d1bcae833b32f1 ("ELF: Don't generate unused section
symbols") [1], binutils (v2.36+) started dropping section symbols that
it thought were unused. This isn't an issue in general, but with
kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a
separate .text.unlikely section and the section symbol ".text.unlikely"
is being dropped. Due to this, recordmcount is unable to find a non-weak
symbol in .text.unlikely to generate a relocation record against.
Address this by dropping the weak attribute from these functions.
Instead, follow the existing pattern of having architectures #define the
name of the function they want to override in their headers.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1
[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h]
Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 99696a2592bca641eb88cc9a80c90e591afebd0f upstream.
In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.
Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().
Link: https://lkml.kernel.org/r/20220425063739.3859998-1-keitasuzuki.park@sslab.ics.keio.ac.jp
Fixes: 067fe038e7 ("tracing: Add variable reference handling to hist triggers")
CC: stable@vger.kernel.org
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 64eaf50731ac0a8c76ce2fedd50ef6652aabc5ff ]
Since commit 2312729688 ("sched/fair: Update scale invariance of PELT")
change to use rq_clock_pelt() instead of rq_clock_task(), we should also
use rq_clock_pelt() for throttled_clock_task_time and throttled_clock_task
accounting to get correct cfs_rq_clock_pelt() of throttled cfs_rq. And
rename throttled_clock_task(_time) to be clock_pelt rather than clock_task.
Fixes: 2312729688 ("sched/fair: Update scale invariance of PELT")
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Ben Segall <bsegall@google.com>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lore.kernel.org/r/20220408115309.81603-1-zhouchengming@bytedance.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8106bddbab5f0ba180e6d693c7c1fc6926d57caa ]
The scftorture test module's scf_handler() function is supposed to provide
three different distributions of short delays (including "no delay") and
one distribution of long delays, if specified by the scftorture.longwait
module parameter. However, the second of the two non-zero-wait short delays
is disabled due to the first such delay's "goto out" not being enclosed in
the "then" clause with the "udelay()".
This commit therefore adjusts the code to provide the intended set of
delays.
Fixes: e9d338a0b1 ("scftorture: Add smp_call_function() torture test")
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of the
allocated memory for 'smap' is never used after the memlock accounting was
removed, thus get rid of it.
[ Note, Daniel:
Commit b936ca643a ("bpf: rework memlock-based memory accounting for maps")
moved `cost += n_buckets * (value_size + sizeof(struct stack_map_bucket))`
up and therefore before the bpf_map_area_alloc() allocation, sigh. In a later
step commit c85d69135a ("bpf: move memory size checks to bpf_map_charge_init()"),
and the overflow checks of `cost >= U32_MAX - PAGE_SIZE` moved into
bpf_map_charge_init(). And then 370868107bf6 ("bpf: Eliminate rlimit-based
memory accounting for stackmap maps") finally removed the bpf_map_charge_init().
Anyway, the original code did the allocation same way as /after/ this fix. ]
Fixes: b936ca643a ("bpf: rework memlock-based memory accounting for maps")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 84bc4f1dbbbb5f8aa68706a96711dccb28b518e5 ]
We observed the error "cacheline tracking ENOMEM, dma-debug disabled"
during a light system load (copying some files). The reason for this error
is that the dma_active_cacheline radix tree uses GFP_NOWAIT allocation -
so it can't access the emergency memory reserves and it fails as soon as
anybody reaches the watermark.
This patch changes GFP_NOWAIT to GFP_ATOMIC, so that it can access the
emergency memory reserves.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 46e861be589881e0905b9ade3d8439883858721c ]
The TASKS_RUDE_RCU does not select IRQ_WORK, which can result in build
failures for kernels that do not otherwise select IRQ_WORK. This commit
therefore causes the TASKS_RUDE_RCU Kconfig option to select IRQ_WORK.
Reported-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f75fd4b9221d93177c50dcfde671b2e907f53e86 ]
While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping
online cpumask stable. The transient online mask results in below
calltrace.
[ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083]
[ 0.346652] Detected PIPT I-cache on CPU2
[ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083]
[ 0.377255] Detected PIPT I-cache on CPU3
[ 0.377823] CPU3: Booted secondary processor 0x0000000003 [0x410fd083]
[ 0.379040] ------------[ cut here ]------------
[ 0.383662] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:3084 __flush_work+0x12c/0x138
[ 0.384850] Modules linked in:
[ 0.385403] CPU: 0 PID: 10 Comm: rcu_tasks_rude_ Not tainted 5.17.0-rc3-v8+ #13
[ 0.386473] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 0.387289] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.388308] pc : __flush_work+0x12c/0x138
[ 0.388970] lr : __flush_work+0x80/0x138
[ 0.389620] sp : ffffffc00aaf3c60
[ 0.390139] x29: ffffffc00aaf3d20 x28: ffffffc009c16af0 x27: ffffff80f761df48
[ 0.391316] x26: 0000000000000004 x25: 0000000000000003 x24: 0000000000000100
[ 0.392493] x23: ffffffffffffffff x22: ffffffc009c16b10 x21: ffffffc009c16b28
[ 0.393668] x20: ffffffc009e53861 x19: ffffff80f77fbf40 x18: 00000000d744fcc9
[ 0.394842] x17: 000000000000000b x16: 00000000000001c2 x15: ffffffc009e57550
[ 0.396016] x14: 0000000000000000 x13: ffffffffffffffff x12: 0000000100000000
[ 0.397190] x11: 0000000000000462 x10: ffffff8040258008 x9 : 0000000100000000
[ 0.398364] x8 : 0000000000000000 x7 : ffffffc0093c8bf4 x6 : 0000000000000000
[ 0.399538] x5 : 0000000000000000 x4 : ffffffc00a976e40 x3 : ffffffc00810444c
[ 0.400711] x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
[ 0.401886] Call trace:
[ 0.402309] __flush_work+0x12c/0x138
[ 0.402941] schedule_on_each_cpu+0x228/0x278
[ 0.403693] rcu_tasks_rude_wait_gp+0x130/0x144
[ 0.404502] rcu_tasks_kthread+0x220/0x254
[ 0.405264] kthread+0x174/0x1ac
[ 0.405837] ret_from_fork+0x10/0x20
[ 0.406456] irq event stamp: 102
[ 0.406966] hardirqs last enabled at (101): [<ffffffc0093c8468>] _raw_spin_unlock_irq+0x78/0xb4
[ 0.408304] hardirqs last disabled at (102): [<ffffffc0093b8270>] el1_dbg+0x24/0x5c
[ 0.409410] softirqs last enabled at (54): [<ffffffc0081b80c8>] local_bh_enable+0xc/0x2c
[ 0.410645] softirqs last disabled at (50): [<ffffffc0081b809c>] local_bh_disable+0xc/0x2c
[ 0.411890] ---[ end trace 0000000000000000 ]---
[ 0.413000] smp: Brought up 1 node, 4 CPUs
[ 0.413762] SMP: Total of 4 processors activated.
[ 0.414566] CPU features: detected: 32-bit EL0 Support
[ 0.415414] CPU features: detected: 32-bit EL1 Support
[ 0.416278] CPU features: detected: CRC32 instructions
[ 0.447021] Callback from call_rcu_tasks_rude() invoked.
[ 0.506693] Callback from call_rcu_tasks() invoked.
This commit therefore fixes this issue by applying a single-CPU
optimization to the RCU Tasks Rude grace-period process. The key point
here is that the purpose of this RCU flavor is to force a schedule on
each online CPU since some past event. But the rcu_tasks_rude_wait_gp()
function runs in the context of the RCU Tasks Rude's grace-period kthread,
so there must already have been a context switch on the current CPU since
the call to either synchronize_rcu_tasks_rude() or call_rcu_tasks_rude().
So if there is only a single CPU online, RCU Tasks Rude's grace-period
kthread does not need to anything at all.
It turns out that the rcu_tasks_rude_wait_gp() function's call to
schedule_on_each_cpu() causes problems during early boot. During that
time, there is only one online CPU, namely the boot CPU. Therefore,
applying this single-CPU optimization fixes early-boot instances of
this problem.
Link: https://lore.kernel.org/lkml/20220210184319.25009-1-treasure4paddy@gmail.com/T/
Suggested-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6a2d90ba027adba528509ffa27097cffd3879257 upstream.
The current implementation of PTRACE_KILL is buggy and has been for
many years as it assumes it's target has stopped in ptrace_stop. At a
quick skim it looks like this assumption has existed since ptrace
support was added in linux v1.0.
While PTRACE_KILL has been deprecated we can not remove it as
a quick search with google code search reveals many existing
programs calling it.
When the ptracee is not stopped at ptrace_stop some fields would be
set that are ignored except in ptrace_stop. Making the userspace
visible behavior of PTRACE_KILL a noop in those case.
As the usual rules are not obeyed it is not clear what the
consequences are of calling PTRACE_KILL on a running process.
Presumably userspace does not do this as it achieves nothing.
Replace the implementation of PTRACE_KILL with a simple
send_sig_info(SIGKILL) followed by a return 0. This changes the
observable user space behavior only in that PTRACE_KILL on a process
not stopped in ptrace_stop will also kill it. As that has always
been the intent of the code this seems like a reasonable change.
Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-7-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 5.10.118
usb: gadget: fix race when gadget driver register via ioctl
io_uring: always grab file table for deferred statx
floppy: use a statically allocated error counter
Revert "drm/i915/opregion: check port number bounds for SWSCI display power state"
igc: Remove _I_PHY_ID checking
igc: Remove phy->type checking
igc: Update I226_K device ID
rtc: fix use-after-free on device removal
rtc: pcf2127: fix bug when reading alarm registers
um: Cleanup syscall_handler_t definition/cast, fix warning
Input: add bounds checking to input_set_capability()
Input: stmfts - fix reference leak in stmfts_input_open
nvme-pci: add quirks for Samsung X5 SSDs
gfs2: Disable page faults during lockless buffered reads
rtc: sun6i: Fix time overflow handling
crypto: stm32 - fix reference leak in stm32_crc_remove
crypto: x86/chacha20 - Avoid spurious jumps to other functions
ALSA: hda/realtek: Enable headset mic on Lenovo P360
s390/pci: improve zpci_dev reference counting
vhost_vdpa: don't setup irq offloading when irq_num < 0
tools/virtio: compile with -pthread
nvme-multipath: fix hang when disk goes live over reconnect
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
fs: fix an infinite loop in iomap_fiemap
MIPS: lantiq: check the return value of kzalloc()
drbd: remove usage of list iterator variable after loop
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
nilfs2: fix lockdep warnings in page operations for btree nodes
nilfs2: fix lockdep warnings during disk space reclamation
Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ALSA: usb-audio: Restore Rane SL-1 quirk
ALSA: wavefront: Proper check of get_user() error
ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
perf: Fix sys_perf_event_open() race against self
selinux: fix bad cleanup on error in hashtab_duplicate()
Fix double fget() in vhost_net_set_backend()
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
KVM: x86/mmu: Update number of zapped pages even if page list is stable
arm64: paravirt: Use RCU read locks to guard stolen_time
arm64: mte: Ensure the cleared tags are visible before setting the PTE
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
libceph: fix potential use-after-free on linger ping and resends
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
net: ipa: record proper RX transaction count
net: macb: Increment rx bd head after allocating skb and buffer
net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
xfrm: Add possibility to set the default to block if we have no policy
net: xfrm: fix shift-out-of-bounce
xfrm: make user policy API complete
xfrm: notify default policy on update
xfrm: fix dflt policy check when there is no policy configured
xfrm: rework default policy structure
xfrm: fix "disable_policy" flag use when arriving from different devices
net/sched: act_pedit: sanitize shift argument before usage
net: systemport: Fix an error handling path in bcm_sysport_probe()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
ice: fix possible under reporting of ethtool Tx and Rx statistics
clk: at91: generated: consider range when calculating best rate
net/qla3xxx: Fix a test in ql_reset_work()
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/mlx5e: Properly block LRO when XDP is enabled
net: af_key: add check for pfkey_broadcast in function pfkey_process
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
igb: skip phy status check where unavailable
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
riscv: dts: sifive: fu540-c000: align dma node name with dtschema
gpio: gpio-vf610: do not touch other bits when set the target bit
gpio: mvebu/pwm: Refuse requests with inverted polarity
perf bench numa: Address compiler error on s390
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
mac80211: fix rx reordering with non explicit / psmp ack policy
nl80211: validate S1G channel width
selftests: add ping test with ping_group_range tuned
nl80211: fix locking in nl80211_set_tx_bitrate_mask()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
net: atlantic: fix "frag[0] not initialized"
net: atlantic: reduce scope of is_rsc_complete
net: atlantic: add check for MAX_SKB_FRAGS
net: atlantic: verify hw_head_ lies within TX buffer ring
arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs
Input: ili210x - fix reset timing
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
afs: Fix afs_getattr() to refetch file status if callback break occurred
include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
module: check for exit sections in layout_sections() instead of module_init_section()
Linux 5.10.118
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7093fab7ea7d43c42962f2d7fe799df255049a17
commit a2aa95b71c9bbec793b5c5fa50f0a80d882b3e8d upstream.
The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not
include BPF_TRAMP_MODIFY_RETURN bpf programs, so the number of
the attached BPF_TRAMP_MODIFY_RETURN bpf programs in a trampoline
can exceed BPF_MAX_TRAMP_PROGS.
When this happens, the assignment '*progs++ = aux->prog' in
bpf_trampoline_get_progs() will cause progs array overflow as the
progs field in the bpf_tramp_progs struct can only hold at most
BPF_MAX_TRAMP_PROGS bpf programs.
Fixes: 88fd9e5352 ("bpf: Refactor trampoline update code")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Link: https://lore.kernel.org/r/20220430130803.210624-1-ytcoode@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* keystone/mirror-android12-5.10-2022-05: (135 commits)
BACKPORT: can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
ANDROID: GKI: Update symbols to symbol list
ANDROID: oplus: Update the ABI xml and symbol list
UPSTREAM: remoteproc: Fix count check in rproc_coredump_write()
BACKPORT: esp: Fix possible buffer overflow in ESP transformation
ANDROID: Fix the drain_all_pages default condition broken by a hook
UPSTREAM: Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
UPSTREAM: xfrm: fix MTU regression
ANDROID: signal: Add vendor hook for memory reaping
FROMGIT: usb: gadget: uvc: allow for application to cleanly shutdown
FROMGIT: usb: dwc3: gadget: increase tx fifo size for ss isoc endpoints
UPSTREAM: usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
FROMGIT: usb: gadget: uvc: remove pause flag use
FROMGIT: usb: gadget: uvc: allow changing interface name via configfs
UPSTREAM: usb: gadget: uvc: Fix crash when encoding data for usb request
UPSTREAM: usb: gadget: uvc: test if ep->desc is valid on ep_queue
UPSTREAM: usb: gadget: uvc: only pump video data if necessary
UPSTREAM: usb: gadget: uvc: only schedule stream in streaming state
UPSTREAM: usb: dwc3: gadget: Give some time to schedule isoc
UPSTREAM: usb: gadget: uvc: make uvc_num_requests depend on gadget speed
...
Change-Id: I438ffbf5441deb75dadf2150e235232bc53c37ea
commit 1366992e16bddd5e2d9a561687f367f9f802e2e4 upstream.
The addition of random_get_entropy_fallback() provides access to
whichever time source has the highest frequency, which is useful for
gathering entropy on platforms without available cycle counters. It's
not necessarily as good as being able to quickly access a cycle counter
that the CPU has, but it's still something, even when it falls back to
being jiffies-based.
In the event that a given arch does not define get_cycles(), falling
back to the get_cycles() default implementation that returns 0 is really
not the best we can do. Instead, at least calling
random_get_entropy_fallback() would be preferable, because that always
needs to return _something_, even falling back to jiffies eventually.
It's not as though random_get_entropy_fallback() is super high precision
or guaranteed to be entropic, but basically anything that's not zero all
the time is better than returning zero all the time.
Finally, since random_get_entropy_fallback() is used during extremely
early boot when randomizing freelists in mm_init(), it can be called
before timekeeping has been initialized. In that case there really is
nothing we can do; jiffies hasn't even started ticking yet. So just give
up and return 0.
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3191dd5a1179ef0fad5a050a1702ae98b6251e8f upstream.
For the irq randomness fast pool, rather than having to use expensive
atomics, which were visibly the most expensive thing in the entire irq
handler, simply take care of the extreme edge case of resetting count to
zero in the cpuhp online handler, just after workqueues have been
reenabled. This simplifies the code a bit and lets us use vanilla
variables rather than atomics, and performance should be improved.
As well, very early on when the CPU comes up, while interrupts are still
disabled, we clear out the per-cpu crng and its batches, so that it
always starts with fresh randomness.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Sultan Alsawaf <sultan@kerneltoast.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit eadb2f47a3ced5c64b23b90fd2a3463f63726066 upstream.
KGDB and KDB allow read and write access to kernel memory, and thus
should be restricted during lockdown. An attacker with access to a
serial port (for example, via a hypervisor console, which some cloud
vendors provide over the network) could trigger the debugger so it is
important that the debugger respect the lockdown mode when/if it is
triggered.
Fix this by integrating lockdown into kdb's existing permissions
mechanism. Unfortunately kgdb does not have any permissions mechanism
(although it certainly could be added later) so, for now, kgdb is simply
and brutally disabled by immediately exiting the gdb stub without taking
any action.
For lockdowns established early in the boot (e.g. the normal case) then
this should be fine but on systems where kgdb has set breakpoints before
the lockdown is enacted than "bad things" will happen.
CVE: CVE-2022-21499
Co-developed-by: Stephen Brennan <stephen.s.brennan@oracle.com>
Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is the merge of the upstream LTS release of 5.4.110 into the
android12-5.10 branch.
It contains the following commits:
e08dd85cc9 ANDROID: fix up abi issue with struct snd_pcm_runtime, again
8f4bd2a63f Revert "coredump: Snapshot the vmas in do_coredump"
b7dbb1ee1f Revert "coredump: Remove the WARN_ON in dump_vma_snapshot"
5f24894332 Revert "coredump: Use the vma snapshot in fill_files_note"
c4eb663fca Revert "pstore: Don't use semaphores in always-atomic-context code"
562c3bd65c Revert "PCI: Reduce warnings on possible RW1C corruption"
0038e1f40c ANDROID: GKI: fix crc issue with commit ce1927b8cf ("block: don't merge across cgroup boundaries if blkcg is enabled")
62fa3399b4 ANDROID: remove CONFIG_HW_RANDOM_CAVIUM from arm64 gki_defconfig
95f4203fc9 Merge 5.10.110 into android12-5.10-lts
3238bffaf9 Linux 5.10.110
cf342cbfb3 PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
a25864c5bc arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones
558564db44 coredump: Use the vma snapshot in fill_files_note
b7933f145a coredump/elf: Pass coredump_params into fill_note_info
b043ae637a coredump: Remove the WARN_ON in dump_vma_snapshot
936c8be4d1 coredump: Snapshot the vmas in do_coredump
5318cdf4fd can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
869016a293 can: m_can: m_can_tx_handler(): fix use after free of skb
e90518d10c KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
e36c45263a openvswitch: Fixed nd target mask field in the flow dump.
415edc68b6 docs: sysctl/kernel: add missing bit to panic_print
272c74323d um: Fix uml_mconsole stop/go
c0a6a54738 ARM: dts: spear13xx: Update SPI dma properties
ea3912af8b ARM: dts: spear1340: Update serial node properties
74f7971985 ASoC: topology: Allow TLV control to be either read or write
3ca47556d9 ubi: fastmap: Return error code if memory allocation fails in add_aeb()
7704f243cb dt-bindings: spi: mxic: The interrupt property is not mandatory
648ab1dcc1 dt-bindings: mtd: nand-controller: Fix a comment in the examples
71917e45e1 dt-bindings: mtd: nand-controller: Fix the reg property description
73f2f37417 bpf: Fix comment for helper bpf_current_task_under_cgroup()
90805175a2 bpf: Adjust BPF stack helper functions to accommodate skip > 0
86489492e8 mm/usercopy: return 1 from hardened_usercopy __setup() handler
81a04b9a32 mm/memcontrol: return 1 from cgroup.memory __setup() handler
f321621f5c ARM: 9187/1: JIVE: fix return value of __setup handler
d57feed3b1 mm/mmap: return 1 from stack_guard_gap __setup() handler
73f7cbb151 batman-adv: Check ptr for NULL before reducing its refcnt
f6da750bfa ASoC: soc-compress: Change the check for codec_dai
d3f786b7cf staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet
12e380bb6f proc: bootconfig: Add null pointer check
90ec1b1538 can: isotp: restore accidentally removed MSG_PEEK feature
16960ac92b platform/chrome: cros_ec_typec: Check for EC device
e5b681822c ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
785a53373c riscv module: remove (NOLOAD)
b27de7011c io_uring: fix memory leak of uid in files registration
20499ed3c0 ARM: iop32x: offset IRQ numbers by 1
432b057f8e ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
f28a857a61 ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
ecfc3f8a63 pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
503868a7c0 pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
d9afc5146b watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function
402b53dc7c pinctrl: pinconf-generic: Print arguments for bias-pull-*
7169f60110 watch_queue: Free the page array when watch_queue is dismantled
e64dc94990 crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
a16f5ae8ad mailbox: imx: fix wakeup failure from freeze mode
051360e513 rxrpc: Fix call timer start racing with call destruction
a94d98e06e net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
c73af4bc8a gfs2: Make sure FITRIM minlen is rounded up to fs block size
33c204266c rtc: check if __rtc_read_time was successful
381636f33f XArray: Update the LRU list in xas_split()
3b9fabe8f6 can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value
ef0acc5141 can: mcba_usb: properly check endpoint type
0801a51d79 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
1ac49c8fd4 XArray: Fix xas_create_range() when multi-order entry present
49f77ab50a wireguard: socket: ignore v6 endpoints when ipv6 is disabled
096f9d35ca wireguard: socket: free skb in send6 when ipv6 is disabled
cd032f218c wireguard: queueing: use CFI-safe ptr_ring cleanup function
8a0c70c238 ubifs: rename_whiteout: correct old_dir size computing
c34ae24a25 ubifs: Fix to add refcount once page is set private
07a209fade ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
d07a242169 ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
13b2a8151e ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
83e42a7842 ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
a90e2dbe66 ubifs: rename_whiteout: Fix double free for whiteout_ui->data
0c307349fe ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
0fb470eb48 KVM: SVM: fix panic on out-of-bounds guest IRQ
cd8c2d7c7c KVM: x86: fix sending PV IPI
eccfee4494 KVM: Prevent module exit until all VMs are freed
09c771c45c KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
aea4ffdcf3 platform: chrome: Split trace include file
d3a913ba1f scsi: qla2xxx: Use correct feature type field during RFF_ID processing
633450063c scsi: qla2xxx: Reduce false trigger to login
dd48727cab scsi: qla2xxx: Fix N2N inconsistent PLOGI
0910a791a6 scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
f296e888e9 scsi: qla2xxx: Fix hang due to session stuck
edea037716 scsi: qla2xxx: Fix incorrect reporting of task management failure
9dc104edd7 scsi: qla2xxx: Fix disk failure to rediscover
f97316dd39 scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
0e4a89efc2 scsi: qla2xxx: Check for firmware dump already collected
ef10a7530c scsi: qla2xxx: Add devids and conditionals for 28xx
bad77c9a47 scsi: qla2xxx: Fix device reconnect in loop topology
8b52e20c22 scsi: qla2xxx: Fix warning for missing error code
7c9745421d scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
7fef50214d scsi: qla2xxx: Fix scheduling while atomic
c45147018d scsi: qla2xxx: Fix stuck session in gpdb
031547f4c6 powerpc: Fix build errors with newer binutils
68fa67e939 powerpc/lib/sstep: Fix build errors with newer binutils
ad806b4022 powerpc/lib/sstep: Fix 'sthcx' instruction
f39a330939 powerpc/kasan: Fix early region not updated correctly
89e5a42687 KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU
a3ad453008 ALSA: hda/realtek: Add alc256-samsung-headphone fixup
aa2ad067cd media: atomisp: fix bad usage at error handling logic
2412a5d294 mmc: host: Return an error when ->enable_sdio_irq() ops is missing
808990afd8 media: hdpvr: initialize dev->worker at hdpvr_register_videodev
32582f82df media: Revert "media: em28xx: add missing em28xx_close_extension"
b1c2857752 video: fbdev: sm712fb: Fix crash in smtcfb_write()
e7bb29df2a ARM: mmp: Fix failure to remove sram device
add823a9a5 ARM: tegra: tamonten: Fix I2C3 pad setting
08ec8450f3 lib/test_lockup: fix kernel pointer check for separate address spaces
40a5c93a74 uaccess: fix type mismatch warnings from access_ok()
a49b687a75 media: cx88-mpeg: clear interrupt status register before streaming video
4606350268 ASoC: soc-core: skip zero num_dai component in searching dai name
a840fc067e ARM: dts: bcm2711: Add the missing L1/L2 cache information
681a317034 video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
a7c624abf6 video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
543dae0a46 video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
910715c4b4 arm64: defconfig: build imx-sdma as a module
14df2556a1 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
c241cfd0a5 ARM: ftrace: avoid redundant loads or clobbering IP
41082d6432 media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
b554196e6d media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards
370b50492e ASoC: madera: Add dependencies on MFD
0020667edc ARM: dts: bcm2837: Add the missing L1/L2 cache information
f040c08102 ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
da210b1b55 video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
8c7e2141fb video: fbdev: cirrusfb: check pixclock to avoid divide by zero
1e33f19746 video: fbdev: w100fb: Reset global state
08dff48201 video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
99e3f83539 media: ir_toy: free before error exiting
d658178b5a media: staging: media: zoran: fix various V4L2 compliance errors
bafec1a6ba media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
bd01629315 media: staging: media: zoran: move videodev alloc
b230f2d944 ntfs: add sanity check on allocation size
f7e8aff062 f2fs: compress: fix to print raw data size in error path of lz4 decompression
d91d1e681c NFSD: Fix nfsd_breaker_owns_lease() return values
498b7088db f2fs: fix to do sanity check on curseg->alloc_type
330d0e44fc ext4: don't BUG if someone dirty pages without asking ext4 first
cd6d719534 ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
69d2421b55 ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
ecd384c436 locking/lockdep: Iterate lock_classes directly when reading lockdep files
3ad817f1bd spi: tegra20: Use of_device_get_match_data()
1c200c8bce nvme-tcp: lockdep: annotate in-kernel sockets
7e4967e913 parisc: Fix handling off probe non-access faults
ede1ef1a7d PM: core: keep irq flags in device_pm_check_callbacks()
227718c8bb ACPI/APEI: Limit printable size of BERT table data
cc051f497e Revert "Revert "block, bfq: honor already-setup queue merges""
1b69302bfa lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
1b87ce6a77 ACPICA: Avoid walking the ACPI Namespace if it is not there
df6e00b1a5 bfq: fix use-after-free in bfq_dispatch_request
dd85ed4af8 fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
9fc899ce5a irqchip/nvic: Release nvic_base upon failure
4bbd910de1 irqchip/qcom-pdc: Fix broken locking
f038185b6a Fix incorrect type in assignment of ipv6 port for audit
012c572007 loop: use sysfs_emit() in the sysfs xxx show()
448857f580 selinux: allow FIOCLEX and FIONCLEX with policy capability
4b9b60b5bf selinux: use correct type for context length
7507ead1e9 block, bfq: don't move oom_bfqq
79b16d00de pinctrl: npcm: Fix broken references to chip->parent_device
9d1d8e5e42 gcc-plugins/stackleak: Exactly match strings instead of prefixes
b0f2f89d74 regulator: rpi-panel: Handle I2C errors/timing to the Atmel
2784604c8c LSM: general protection fault in legacy_parse_param
e600b5973e fs: fix fd table size alignment properly
327f07e370 lib/test: use after free in register_test_dev_kmod()
00d2b9fe5e fs: fd tables have to be multiples of BITS_PER_LONG
1752fcd404 net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
edb91a475d NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
5c94b6205e net/x25: Fix null-ptr-deref caused by x25_disconnect
4896c308a5 qlcnic: dcb: default to returning -EOPNOTSUPP
2165d0ebfb selftests: test_vxlan_under_vrf: Fix broken test case
f98dc124a4 net: phy: broadcom: Fix brcm_fet_config_init()
3e7a483af3 net: hns3: fix bug when PF set the duplicate MAC address for VFs
3eb92660e6 net: enetc: report software timestamping via SO_TIMESTAMPING
e9445a7a59 xen: fix is_xen_pmu()
af0c3ced24 clk: Initialize orphan req_rate
845e734f97 clk: qcom: gcc-msm8994: Fix gpll4 width
e2a2625392 kdb: Fix the putarea helper function
a9fa7d48a1 NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
8cd30d28da netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
fbd56a61ce jfs: fix divide error in dbNextAG
acb96e62e6 driver core: dd: fix return value of __setup handler
89748be18f firmware: google: Properly state IOMEM dependency
3d934d7b90 kgdbts: fix return value of __setup handler
f65ba8b988 serial: 8250: fix XOFF/XON sending when DMA is used
45e95a7bf8 kgdboc: fix return value of __setup handler
96038b1cf4 tty: hvc: fix return value of __setup handler
566e30289d pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
669b05ff43 pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
9d095fe2fb pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs
861946289d pinctrl: mediatek: paris: Fix pingroup pin config state readback
7675fb2aaf pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
901e192ac9 pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
72ea0fefea pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
fddbfe43bf staging: mt7621-dts: fix GB-PC2 devicetree
00e0739ca1 staging: mt7621-dts: fix pinctrl properties for ethernet
47c31fe8ca staging: mt7621-dts: fix formatting
59ec187d7c staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
942f68bf29 NFS: remove unneeded check in decode_devicenotify_args()
e025c66387 clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
54c8128297 clk: clps711x: Terminate clk_div_table with sentinel element
9ff533033d clk: loongson1: Terminate clk_div_table with sentinel element
bb680cabf2 clk: actions: Terminate clk_div_table with sentinel element
431f8a9cec nvdimm/region: Fix default alignment for small regions
f7210ca29a remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
7a494580a8 remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
5c1d484d96 remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
f95fd61dd8 dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
d047d68ff0 clk: qcom: clk-rcg2: Update the frac table for pixel clock
334720f418 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
639744b242 clk: at91: sama7g5: fix parents of PDMCs' GCLK
0553ecbce9 clk: imx7d: Remove audio_mclk_root_clk
867258d3f3 dma-debug: fix return value of __setup handlers
2f3885514e NFS: Return valid errors from nfs2/3_decode_dirent()
7b59afe84a habanalabs: Add check for pci_enable_device
afcbc63752 iio: adc: Add check for devm_request_threaded_irq
df2dc4cf71 serial: 8250: Fix race condition in RTS-after-send handling
469ce5119f NFS: Use of mapping_set_error() results in spurious errors
659fe4d653 serial: 8250_lpss: Balance reference count for PCI DMA device
0aebb3944a serial: 8250_mid: Balance reference count for PCI DMA device
c92bd51313 phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
80805f555e clk: qcom: ipq8074: Use floor ops for SDCC1 clock
fd2601e366 pinctrl: renesas: checker: Fix miscalculation of number of states
c5cf977515 pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
b5db33a81e staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
f5b01abf5f iio: mma8452: Fix probe failing when an i2c_device_id is used
8b89c9e68a clk: qcom: ipq8074: fix PCI-E clock oops
a70d5dbe2e soundwire: intel: fix wrong register name in intel_shim_wake
091704a9a7 cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
f90ad94322 misc: alcor_pci: Fix an error handling path
553541c453 fsi: Aspeed: Fix a potential double free
cb212c3f0d fsi: aspeed: convert to devm_platform_ioremap_resource
c0b3c06414 pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
2cd05c38a2 mxser: fix xmit_buf leak in activate when LSR == 0xff
8513c93ead mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
084be6309f tipc: fix the timer expires after interval 100ms
5d8162371c openvswitch: always update flow key after nat
4593c76a65 tcp: ensure PMTU updates are processed during fastopen
b26091a020 net: bcmgenet: Use stronger register read/writes to assure ordering
9088614323 PCI: Avoid broken MSI on SB600 USB devices
75a4a97b74 selftests/bpf/test_lirc_mode2.sh: Exit with proper code
0d3ad6142a i2c: mux: demux-pinctrl: do not deactivate a master that is not active
c483f8002d i2c: meson: Fix wrong speed use from probe
b089836218 af_netlink: Fix shift out of bounds in group mask calculation
40f3b8dada ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
70a6cf749d Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
b441fcdff2 Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
876cfe1380 selftests/bpf: Fix error reporting from sock_fields programs
ac1ec6f319 bareudp: use ipv6_mod_enabled to check if IPv6 enabled
c037e13539 can: isotp: support MSG_TRUNC flag when reading from socket
f402c49865 can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
8a9d996d4e USB: storage: ums-realtek: fix error code in rts51x_read_mem()
f9a6661009 samples/bpf, xdpsock: Fix race when running for fix duration of time
cd84ea3920 bpf, sockmap: Fix double uncharge the mem of sk_msg
7b812a369e bpf, sockmap: Fix more uncharged while msg has more_data
bec34a91eb bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
c98d903ff9 RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
a3587259ae mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
fa3d444245 MIPS: pgalloc: fix memory leak caused by pgd_free()
8c4808ff9e MIPS: RB532: fix return value of __setup handler
ef1728e3cb mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
315772133a ath10k: Fix error handling in ath10k_setup_msa_resources
71f311b123 vxcan: enable local echo for sent CAN frames
3c2a397849 powerpc: 8xx: fix a return value error in mpc8xx_pic_init
956fab99ad platform/x86: huawei-wmi: check the return value of device_create_file()
1ba28cb692 selftests/bpf: Make test_lwt_ip_encap more stable and faster
08ab406781 libbpf: Unmap rings when umem deleted
6fa8edfc90 mfd: mc13xxx: Add check for mc13xxx_irq_request
bcf93175ed powerpc/sysdev: fix incorrect use to determine if list is empty
ab0a335b54 mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
bbd91cdb62 net: axienet: fix RX ring refill allocation failure handling
9ec698984d PCI: Reduce warnings on possible RW1C corruption
a84cb039d2 IB/hfi1: Allow larger MTU without AIP
48d23ef901 power: supply: wm8350-power: Add missing free in free_charger_irq
9d3dab40af power: supply: wm8350-power: Handle error for wm8350_register_irq
5cf1371628 i2c: xiic: Make bus names unique
f01e08083c hv_balloon: rate-limit "Unhandled message" warning
ba2c6e353b KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
fa9089949d KVM: x86: Fix emulation in writing cr8
3e7e73ae2b powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
05abd49972 powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
3e04a837db libbpf: Skip forward declaration when counting duplicated type names
6bb107332d gpu: host1x: Fix a memory leak in 'host1x_remove()'
d1c7759304 bpf, arm64: Feed byte-offset into bpf line info
694398af5f bpf, arm64: Call build_prologue() first in first JIT pass
06a0001366 drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
a3d53f0005 scsi: hisi_sas: Change permission of parameter prot_mask
705c70399e power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
1e06710c43 drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
9ffa07c699 ext2: correct max file size computing
60605acf5b TOMOYO: fix __setup handlers return values
adb7c8d1de drm/amd/display: Remove vupdate_int_entry definition
e462b0f518 RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
279f318bd7 scsi: pm8001: Fix abort all task initialization
780c668a2d scsi: pm8001: Fix NCQ NON DATA command completion handling
f7a3f9e4e8 scsi: pm8001: Fix NCQ NON DATA command task initialization
f76bbee39e scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
6bc86bca35 scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
27ccdcaa01 scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
6c0e850c22 scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config()
edde1ede76 scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
257a55622c scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
f55a7bc38f scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
5349cde1df dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
d4862bea08 drm/msm/dpu: fix dp audio condition
7b52fb813c drm/msm/dpu: add DSPP blocks teardown
413c62697b drm/msm/dp: populate connector of struct dp_panel
441a83ff27 iwlwifi: mvm: Fix an error code in iwl_mvm_up()
c12692c3e9 iwlwifi: Fix -EIO error code that is never returned
ec376f5c11 dax: make sure inodes are flushed before destroy cache
5e6b030ac3 IB/cma: Allow XRC INI QPs to set their local ACK timeout
9c384e1afa drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
80b96ac9d2 drm/amd/pm: enable pm sysfs write for one VF mode
06e778d184 iommu/ipmmu-vmsa: Check for error num after setting mask
ab63b24ae6 HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
879356a6a0 power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
f03ef518c1 drm/bridge: dw-hdmi: use safe format when first in bridge chain
e0e25e131d PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
b1af8b9ec0 livepatch: Fix build failure on 32 bits processors
6f095441f8 scripts/dtc: Call pkg-config POSIXly correct
080822563b net: dsa: mv88e6xxx: Enable port policy support on 6097
2ac4f049db mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
2430af1241 mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
232c1cc986 mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
253cc4aafc mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
b5d363ff17 powerpc/perf: Don't use perf_hw_context for trace IMC PMU
c18b538617 KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
8b64c158a0 powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch
be703360ed ray_cs: Check ioremap return value
43f2fe2a69 power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
da71a1483b i40e: respect metadata on XSK Rx to skb
b2e48cd141 i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
e8fe653fa7 KVM: PPC: Fix vmx/vsx mixup in mmio emulation
11cb9eba06 RDMA/core: Set MR type in ib_reg_user_mr
11f11ac281 ath9k_htc: fix uninit value bugs
6e669baa33 drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
19a7eba284 drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
9abee51534 drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
47402eaf88 ionic: fix type complaint in ionic_dev_cmd_clean()
1ba10e5c39 drm/edid: Don't clear formats if using deep color
d99e7feaed mtd: rawnand: gpmi: fix controller timings setting
364b2eee62 mtd: onenand: Check for error irq
96ea88eb9b Bluetooth: hci_serdev: call init_rwsem() before p->open()
b267a8118c udmabuf: validate ubuf->pagecount
56722aa77b libbpf: Fix possible NULL pointer dereference when destroying skeleton
4a9c268a40 drm/panfrost: Check for error num after setting mask
5d1114ede5 ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
fb2be762a4 drm: bridge: adv7511: Fix ADV7535 HPD enablement
d9d61beb21 drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
064e7f7532 drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
d8db734df6 drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
ec3924eab5 drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
a1c665f5b7 ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS
1f24716e38 ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
abefbf602c ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
90ac679aa6 ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
ec26e3ce3c ASoC: atmel: sam9x5_wm8731: use devm_snd_soc_register_card()
541251b903 mmc: davinci_mmc: Handle error for clk_enable
19eb5c7957 ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
42042c7a3d ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
fe4db4ea21 ASoC: fsl_spdif: Disable TX clock when stop
86b6cf9894 ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
c8c981cfc0 ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
f452cff025 ASoC: SOF: Add missing of_node_put() in imx8m_probe
0d82401d46 ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe
7e8b0fd0eb ASoC: rockchip: i2s: Use devm_platform_get_and_ioremap_resource()
b5664a584e ivtv: fix incorrect device_caps for ivtvfb
ebd4f1501e media: saa7134: fix incorrect use to determine if list is empty
dd67315994 media: saa7134: convert list_for_each to entry variant
066d9b48f9 video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
20da8404e4 ASoC: fsi: Add check for clk_enable
db1c00a025 ASoC: wm8350: Handle error for wm8350_register_irq
662ee5ac6b ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
663e7a7287 media: vidtv: Check for null return of vzalloc
4d68603cc4 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
b02752d753 m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined
9ca3635a0a arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
7e6f578662 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
64eee4127c memory: emif: check the pointer temp in get_device_details()
330a9b0d38 memory: emif: Add check for setup_interrupts
4639c1d97f ASoC: soc-compress: prevent the potentially use of null pointer
a6ee60d4a9 ASoC: dwc-i2s: Handle errors for clk_enable
39bee81e30 ASoC: atmel_ssc_dai: Handle errors for clk_enable
dc947d175c ASoC: mxs-saif: Handle errors for clk_enable
a754ea0de3 printk: fix return value of printk.devkmsg __setup handler
87a265e292 arm64: dts: broadcom: Fix sata nodename
f63122803d arm64: dts: ns2: Fix spi-cpol and spi-cpha property
5d6a0dc6ba ALSA: spi: Add check for clk_enable()
039fae34f8 ASoC: ti: davinci-i2s: Add check for clk_enable()
94cb9fe5d8 ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
7ce3e6e103 uaccess: fix nios2 and microblaze get_user_8()
19894751f6 ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
f126dcbe70 media: cedrus: h264: Fix neighbour info buffer size
c011ae1665 media: cedrus: H265: Fix neighbour info buffer size
44973633b0 media: usb: go7007: s2250-board: fix leak in probe()
ec8a37b2d9 media: em28xx: initialize refcount before kref_get
1b46f57d51 media: video/hdmi: handle short reads of hdmi info frame.
170ad3942b ARM: dts: imx: Add missing LVDS decoder on M53Menlo
2a0eb50d9a ARM: dts: sun8i: v3s: Move the csi1 block to follow address order
77406ac6ef soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
18b2ec361a firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined
8395a17ef6 arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
d19248e23f arm64: dts: qcom: sdm845: fix microphone bias properties and values
2042c6fbfb soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
5a990a65d4 soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
b5d6eba719 soc: qcom: rpmpd: Check for null return of devm_kcalloc
0c11cb8db4 ARM: dts: qcom: ipq4019: fix sleep clock
22474dfd0c firmware: qcom: scm: Remove reassignment to desc following initializer
bf4bad1114 video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
6de6a64f23 video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
64ec3e678d video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
0dff86aeb1 video: fbdev: controlfb: Fix COMPILE_TEST build
ec1c20b02a video: fbdev: controlfb: Fix set but not used warnings
f8bf19f7f3 video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen
3187a1d4d5 media: aspeed: Correct value for h-total-pixels
245561612b media: hantro: Fix overfill bottom register field name
032b141a91 media: meson: vdec: potential dereference of null pointer
d3e5106c67 media: coda: Fix missing put_device() call in coda_get_vdoa_data
c9f4586d99 ASoC: generic: simple-card-utils: remove useless assignment
2c357e0277 ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
712dd2ac26 media: bttv: fix WARNING regression on tunerless devices
bc2573abc6 media: mtk-vcodec: potential dereference of null pointer
8a83731a09 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
c76188715d media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size
f622bd0758 kunit: make kunit_test_timeout compatible with comment
9e63bcb71d selftests, x86: fix how check_cc.sh is being invoked
d2c53e77b0 f2fs: fix compressed file start atomic write may cause data corruption
1c4d94e4f0 f2fs: compress: remove unneeded read when rewrite whole cluster
2c4741d1b0 btrfs: fix unexpected error path when reflinking an inline extent
3ef3bc75cd f2fs: fix to avoid potential deadlock
85cc399b65 nfsd: more robust allocation failure handling in nfsd_file_cache_init
1a11a87374 f2fs: fix missing free nid in f2fs_handle_failed_inode
c0cffc1fb3 perf/x86/intel/pt: Fix address filter config for 32-bit kernel
13c8e37e1f perf/core: Fix address filter parser for multiple filters
a9faa5beda rseq: Remove broken uapi field layout on 32-bit little endian
f0250e05e5 rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
ecc17de4b9 sched/core: Export pelt_thermal_tp
40732cab51 sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
2b5d41bcf2 f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
9d92be1a09 watch_queue: Actually free the watch
5ae75b4ed3 watch_queue: Fix NULL dereference in error cleanup
509565faed io_uring: terminate manual loop iterator loop correctly for non-vecs
44a77e52bd clocksource: acpi_pm: fix return value of __setup handler
d678f002f0 hwmon: (pmbus) Add Vin unit off handling
7ca525b4cc hwrng: nomadik - Change clk_disable to clk_disable_unprepare
e4c777fd8c amba: Make the remove callback return void
1c6ac39763 vfio: platform: simplify device removal
c93017c8d5 crypto: ccree - Fix use after free in cc_cipher_exit()
78622926fe crypto: ccp - ccp_dmaengine_unregister release dma channels
9eeee6f684 ACPI: APEI: fix return value of __setup handlers
0b45bf1659 clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
b33c753cff clocksource/drivers/timer-microchip-pit64b: Use notrace
db9d00461b clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts
d4e13c4a6f clocksource/drivers/exynos_mct: Refactor resources allocation
42d331a279 clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix
aedff03da4 crypto: vmx - add missing dependencies
51939008ca crypto: amlogic - call finalize with bh disabled
24857d87cc crypto: sun8i-ce - call finalize with bh disabled
bf4814d58b crypto: sun8i-ss - call finalize with bh disabled
a4067ccb97 hwrng: atmel - disable trng on failure path
b7940bef6f spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
3928a04bc6 PM: suspend: fix return value of __setup handler
052a218db0 PM: hibernate: fix __setup handler error handling
0b5924a14d block: don't delete queue kobject before its children
40b288a861 nvme: cleanup __nvme_check_ids
32c4db2a52 hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
ec8536f701 hwmon: (pmbus) Add mutex to regulator ops
18a18594ae spi: pxa2xx-pci: Balance reference count for PCI DMA device
55259cb374 crypto: ccree - don't attempt 0 len DMA mappings
d788ad472f EVM: fix the evm= __setup handler return value
a137f93ae5 audit: log AUDIT_TIME_* records only from rules
5e9501e60b crypto: rockchip - ECB does not need IV
8265bea7d8 selftests/x86: Add validity check and allow field splitting
f7d9249af3 arm64/mm: avoid fixmap race condition when create pud mapping
99a8dfce7c spi: tegra114: Add missing IRQ check in tegra_spi_probe
71dba67138 thermal: int340x: Check for NULL after calling kmemdup()
8e57117142 crypto: mxs-dcp - Fix scatterlist processing
ec1d372974 crypto: authenc - Fix sleep in atomic context in decrypt_tail
fdfaafeb4b crypto: sun8i-ss - really disable hash on A80
19693838c8 hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
bc20294cc8 hwrng: cavium - Check health status while reading random data
962d1f59d5 selinux: check return value of sel_make_avc_files
1ae9b020dd regulator: qcom_smd: fix for_each_child.cocci warnings
c20975954e PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
0f56f24015 PCI: pciehp: Clear cmd_busy bit in polling mode
89ddcc8191 drm/i915/gem: add missing boundary check in vm_access
b84857c06e drm/i915/opregion: check port number bounds for SWSCI display power state
88975951d4 brcmfmac: pcie: Fix crashes due to early IRQs
1cbcf93a93 brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
f3820ddaf4 brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
daa07f2902 brcmfmac: firmware: Allocate space for default boardrev in nvram
1dd031eb99 xtensa: fix xtensa_wsr always writing 0
dac518bbce xtensa: fix stop_machine_cpuslocked call in patch_text
20f974dce5 media: davinci: vpif: fix unbalanced runtime PM enable
7c9b915b94 media: davinci: vpif: fix unbalanced runtime PM get
cde90e8291 media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
785ffce44a DEC: Limit PMAX memory probing to R3k systems
8dde2296ec bcache: fixup multiple threads crash
37d2b4fa5c crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
b89fb8b882 crypto: rsa-pkcs1pad - restore signature length check
f38c318068 crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
c1db3f44f2 crypto: rsa-pkcs1pad - only allow with rsa
27a6f495b6 exec: Force single empty string when argv is empty
b02d33171d lib/raid6/test: fix multiple definition linking error
bf057eac9a thermal: int340x: Increase bitmap size
86a926c3f0 pstore: Don't use semaphores in always-atomic-context code
b26f400e4f carl9170: fix missing bit-wise or operator for tx_params
3aef4df6e1 mgag200 fix memmapsl configuration in GCTL6 register
ef1df91685 ARM: dts: exynos: add missing HDMI supplies on SMDK5420
3cde68a1eb ARM: dts: exynos: add missing HDMI supplies on SMDK5250
5ac205c414 ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
7187c9beb7 ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
2ca2a5552a video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
72af881092 video: fbdev: sm712fb: Fix crash in smtcfb_read()
ba09b04173 drm/edid: check basic audio support on CEA extension block
ce1927b8cf block: don't merge across cgroup boundaries if blkcg is enabled
6e0d24598c block: limit request dispatch loop duration
958e9b56de mailbox: tegra-hsp: Flush whole channel
f67a140078 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
b35eb48471 ext4: fix fs corruption when tring to remove a non-empty directory with IO error
a1e6884b2d ext4: fix ext4_fc_stats trace point
c119fb65f6 coredump: Also dump first pages of non-executable ELF libraries
7ad5ccc3da ACPI: properties: Consistently return -ENOENT if there are no more references
ef3a87e0c4 arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
18864e8b83 arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
e85fa9f4e9 arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
7ce550a01b arm64: signal: nofpsimd: Do not allocate fp/simd context when not available
210e7b43d4 udp: call udp_encap_enable for v6 sockets when enabling encap
e1a58498ef powerpc/kvm: Fix kvm_use_magic_page
d72866a7f5 can: isotp: sanitize CAN ID checks in isotp_bind()
fde8c5cad0 drbd: fix potential silent data corruption
b101e74f9a dm integrity: set journal entry unused when shrinking device
d5d5804acc mm/kmemleak: reset tag when compare object pointer
bc2f58b8e4 mm,hwpoison: unmap poisoned page before invalidation
608c501d70 Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
8b354e3032 mm: madvise: return correct bytes advised with process_madvise
928c06c114 mm: madvise: skip unmapped vma holes passed to process_madvise
51f7557c3c ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
9017201e8d ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
7b7a03d8b5 ALSA: hda: Avoid unsol event during RPM suspending
a55e2d7423 ALSA: cs4236: fix an incorrect NULL check on list iterator
edefc4b2a8 cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
9963ccea60 cifs: prevent bad output lengths in smb2_ioctl_query_info()
b75198edda Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
34bc1f69bf riscv: Increase stack size under KASAN
24b9b8e95c riscv: Fix fill_callchain return value
0f8c0bd0a4 qed: validate and restrict untrusted VFs vlan promisc mode
a3af3d4319 qed: display VF trust config
aa28075f06 scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
4bcefc78c8 mempolicy: mbind_range() set_policy() after vma_merge()
fa37c17143 mm: invalidate hwpoison page cache page in fault path
7188e7c96f mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
51dbb5e36d jffs2: fix memory leak in jffs2_scan_medium
607d3aab73 jffs2: fix memory leak in jffs2_do_mount_fs
7bb7428dd7 jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
b417f9c505 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
3a21ee89bc mtd: rawnand: protect access to rawnand devices while in suspend
145a63201d spi: mxic: Fix the transmit path
be22ebe79e pinctrl: samsung: drop pin banks references on error paths
b97b305656 remoteproc: Fix count check in rproc_coredump_write()
784630df17 f2fs: fix to do sanity check on .cp_pack_total_block_count
e58ee6bd93 f2fs: quota: fix loop condition at f2fs_quota_sync()
ec67040703 f2fs: fix to unlock page correctly in error path of is_alive()
7af164fa2f NFSD: prevent integer overflow on 32 bit systems
65e21cc042 NFSD: prevent underflow in nfssvc_decode_writeargs()
b7b430104a SUNRPC: avoid race between mod_timer() and del_timer_sync()
f51ab2f60a HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
a1df8e60f2 firmware: stratix10-svc: add missing callback parameter on RSU
e94f5fbe7a Documentation: update stable tree link
f4bab992ee Documentation: add link to stable release candidate tree
10ee5662d5 KEYS: fix length validation in keyctl_pkey_params_get_2()
5a41a3033a ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
2775d8e364 clk: uniphier: Fix fixed-rate initialization
25cd5872d9 greybus: svc: fix an error handling bug in gb_svc_hello()
9f0cd81174 iio: inkern: make a best effort on offset calculation
19e533452f iio: inkern: apply consumer scale when no channel scale is available
e10dbe7f6a iio: inkern: apply consumer scale on IIO_VAL_INT cases
9f4fffc2ab iio: afe: rescale: use s64 for temporary scale calculations
9cd1b02655 coresight: Fix TRCCONFIGR.QE sysfs interface
7b478cb67b mei: avoid iterator usage outside of list_for_each_entry
ec8975417d mei: me: add Alder Lake N device id.
0a0c61dd07 xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
811f403519 xhci: make xhci_handshake timeout for xhci_reset() adjustable
3a820d1ca1 xhci: fix runtime PM imbalance in USB2 resume
c41387f96a xhci: fix garbage USBSTS being logged in some cases
1e0f089f70 USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
39a70732eb virtio-blk: Use blk_validate_block_size() to validate block size
290e05f346 tpm: fix reference counting for struct tpm_chip
fcd3c31dd1 iommu/iova: Improve 32-bit free space estimate
68c80088f5 locking/lockdep: Avoid potential access of invalid memory in lock_class
f19d8dfad6 net: dsa: microchip: add spi_device_id tables
8d3f4ad430 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
ef1a6ab36d Input: zinitix - do not report shadow fingers
21680aabc4 spi: Fix erroneous sgs value with min_t()
8fb7af1b5a Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
18a4417a19 net:mcf8390: Use platform_get_irq() to get the interrupt
102d7f6c2e spi: Fix invalid sgs value
a4f4ce3dee gpio: Revert regression in sysfs-gpio (gpiolib.c)
fc9a35627c ethernet: sun: Free the coherent when failing in probing
3c84471925 tools/virtio: fix virtio_test execution
6d98dc2369 vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
c97ffb4184 virtio_console: break out of buf poll on remove
0c00d38337 ARM: mstar: Select HAVE_ARM_ARCH_TIMER
a7e75e5ed4 xfrm: fix tunnel model fragmentation behavior
e05ae08ea8 HID: logitech-dj: add new lightspeed receiver id
ff919a7ad9 netdevice: add the case if dev is NULL
c4dc584a2d hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
d136a2574a USB: serial: simple: add Nokia phone driver
38e3d48ffe USB: serial: pl2303: add IBM device IDs
d4d975e792 swiotlb: fix info leak with DMA_FROM_DEVICE
414e6c8e94 ANDROID: fix up abi issue with struct snd_pcm_runtime
51790ed529 Merge 5.10.109 into android12-5.10-lts
d9c5818a0b Linux 5.10.109
163960a7de llc: only change llc->dev when bind() succeeds
2b5a6d7714 nds32: fix access_ok() checks in get/put_user
c064268eb8 wcn36xx: Differentiate wcn3660 from wcn3620
95193d12f1 tpm: use try_get_ops() in tpm-space.c
5d3ff9542a mac80211: fix potential double free on mesh join
fcc9797d0d rcu: Don't deboost before reporting expedited quiescent state
87f7ed7c36 Revert "ath: add support for special 0x0 regulatory domain"
c971e6a1c8 crypto: qat - disable registration of algorithms
9f4e64611e ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
0b2ffba2de ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
2724b72b22 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
2c74374c2e netfilter: nf_tables: initialize registers in nft_do_chain()
eb1ba8d1c3 drivers: net: xgene: Fix regression in CRC stripping
a2368d10b7 ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
6936d2ecf8 ALSA: cmipci: Restore aux vol on suspend/resume
cbd27127af ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
0ae81ef3ea ALSA: pcm: Add stream lock during PCM reset ioctl operations
b560d670c8 ALSA: pcm: Fix races among concurrent prealloc proc writes
a38440f006 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
8527c8f052 ALSA: pcm: Fix races among concurrent read/write and buffer changes
0f6947f5f5 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
014c81dfb3 ALSA: hda/realtek: Add quirk for ASUS GA402
05256f3fd6 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ca8247b4df ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
26fe8f3103 ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
80eab86a86 ALSA: usb-audio: add mapping for new Corsair Virtuoso SE
5ce74ff705 ALSA: oss: Fix PCM OSS buffer allocation overflow
db03abd0da ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
571df3393f llc: fix netdevice reference leaks in llc_ui_bind()
56dc187b35 staging: fbtft: fb_st7789v: reset display before initialization
351493858e tpm: Fix error handling in async work
ea21245cdc cgroup-v1: Correct privileges check in release_agent writes
824a950c3f cgroup: Use open-time cgroup namespace for process migration perm checks
f28364fe38 cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
9eeaa2d7d5 exfat: avoid incorrectly releasing for root inode
ae8ec5eabb net: ipv6: fix skb_over_panic in __ip6_append_data
25c23fe40e nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
ab2d1d40a1 Revert "vsock: each transport cycles only on its own sockets"
644c989f41 Merge 5.10.108 into android12-5.10-lts
9940314ebf Linux 5.10.108
37119edab8 Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
9248694dac esp: Fix possible buffer overflow in ESP transformation
96340cdd55 smsc95xx: Ignore -ENODEV errors when device is unplugged
e27b51af54 net: usb: Correct reset handling of smsc95xx
b54daeafc1 net: usb: Correct PHY handling of smsc95xx
204d38dc6a perf symbols: Fix symbol size calculation condition
f0d43d22d2 Input: aiptek - properly check endpoint type
98e7a654a5 scsi: mpt3sas: Page fault in reply q processing
10a805334a usb: usbtmc: Fix bug in pipe direction for control transfers
00bdd9bf1a usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
28bc026739 usb: gadget: rndis: prevent integer overflow in rndis_set_response()
2c010c61e6 arm64: fix clang warning about TRAMP_VALIAS
277b7f6394 net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload
2550afba2a net: bcmgenet: skip invalid partial checksums
bf5b7aae86 bnx2x: fix built-in kernel driver load failure
c07fdba12f net: phy: mscc: Add MODULE_FIRMWARE macros
ba50073cf4 net: dsa: Add missing of_node_put() in dsa_port_parse_of
a630ad5e8b net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
336b6be6ad drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
9d45aec02f drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check()
9b763ceda6 hv_netvsc: Add check for kvmalloc_array
09a7264fb0 atm: eni: Add check for dma_map_single
70b7b3c055 net/packet: fix slab-out-of-bounds access in packet_recvmsg()
169add82d2 net: phy: marvell: Fix invalid comparison in the resume and suspend functions
01fac1ca8a esp6: fix check on ipv6_skip_exthdr's return value
d9fe590970 vsock: each transport cycles only on its own sockets
ac7dd60946 efi: fix return value of __setup handlers
fa3aa103e7 mm: swap: get rid of livelock in swapin readahead
df3301dc60 ocfs2: fix crash when initialize filecheck kobj fails
0f9b7b8df1 crypto: qcom-rng - ensure buffer for generate is completely filled
9a559b8868 Merge branch 'android12-5.10' into `android12-5.10-lts`
8646e92696 Merge 5.10.107 into android12-5.10-lts
4c8814277b Linux 5.10.107
7a0d13ef67 arm64: kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
dc1163203a io_uring: return back safer resurrect
8fdaab341b kselftest/vm: fix tests build with old libc
2490695ffd sfc: extend the locking on mcdi->seqno
2fad5b6948 tcp: make tcp_read_sock() more robust
3f9a8f8a95 nl80211: Update bss channel on channel switch for P2P_CLIENT
0ba557d330 drm/vrr: Set VRR capable prop only if it is attached to connector
9a8e4a5c5b iwlwifi: don't advertise TWT support
c5ea0221c8 atm: firestream: check the return value of ioremap() in fs_init()
efdd92c18e can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ebe106eac6 ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
e8ad9ecc40 MIPS: smp: fill in sibling and core maps earlier
8c70b9b470 mac80211: refuse aggregations sessions before authorized
d687d7559e ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
6f0a94931c ARM: dts: rockchip: reorder rk322x hmdi clocks
6493c6aa8b arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg"
c5c8c649fe arm64: dts: rockchip: reorder rk3399 hdmi clocks
f7f062919f arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
ca142038a5 xfrm: Fix xfrm migrate issues when address family changes
d8889a445b xfrm: Check if_id in xfrm_migrate
6056abc99b sctp: fix the processing for INIT chunk
bdf0316982 Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
5287773dba Merge 5.10.106 into android12-5.10-lts
9e8aa4cec7 Merge 5.10.105 into android12-5.10-lts
55d57b8929 Merge b65b87e718 ("arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting") into android12-5.10-lts
9fddd6c893 UPSTREAM: arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
531b5ce9dd UPSTREAM: arm64: Use the clearbhb instruction in mitigations
d05b159f71 UPSTREAM: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
11bed3edbd UPSTREAM: arm64: Mitigate spectre style branch history side channels
9bc6a2543d UPSTREAM: arm64: Do not include __READ_ONCE() block in assembly files
2434153e7e UPSTREAM: KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
cfa82070a7 UPSTREAM: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
5195a80d07 UPSTREAM: arm64: Add percpu vectors for EL1
9e96a3d6ae Merge 56cf5326bd ("arm64: entry: Add macro for reading symbol addresses from the trampoline") into android12-5.10-lts
327f1e7d81 Linux 5.10.106
648895da69 watch_queue: Fix filter limit check
8bb5b72dbd ARM: fix Thumb2 regression with Spectre BHB
6b1249db9e ext4: add check to prevent attempting to resize an fs with sparse_super2
b297cf764d x86/traps: Mark do_int3() NOKPROBE_SYMBOL
29f6f35001 x86/boot: Add setup_indirect support in early_memremap_is_setup_data()
b3444e5b64 x86/boot: Fix memremap of setup_indirect structures
24d268130e watch_queue: Make comment about setting ->defunct more accurate
ec03510e0a watch_queue: Fix lack of barrier/sync/lock between post and read
06ab844439 watch_queue: Free the alloc bitmap when the watch_queue is torn down
880acbb718 watch_queue: Fix the alloc bitmap size to reflect notes allocated
e2b52ca498 watch_queue: Fix to always request a pow-of-2 pipe ring size
2039900aad watch_queue: Fix to release page in ->release()
d729d4e99f watch_queue, pipe: Free watchqueue state after clearing pipe ring
573a3228ca virtio: acknowledge all features before access
bf52b627cf virtio: unexport virtio_finalize_features
8bfb959ea2 arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
1ef5fe3dba riscv: Fix auipc+jalr relocation range checks
a69aa422b4 mmc: meson: Fix usage of meson_mmc_post_req()
0c6eeaf8c1 net: macb: Fix lost RX packet wakeup race in NAPI receive
6d9700b445 staging: gdm724x: fix use after free in gdm_lte_rx()
8c1bc04c8c staging: rtl8723bs: Fix access-point mode deadlock
ab5595b45f fuse: fix pipe buffer lifetime for direct_io
f2c52a4baf ARM: Spectre-BHB: provide empty stub for non-config
f1f5d089fc selftests/memfd: clean up mapping in mfd_fail_write
71013d071b selftest/vm: fix map_fixed_noreplace test failure
8d276f10e8 tracing: Ensure trace buffer is at least 4096 bytes large
ae7597b47d ipv6: prevent a possible race condition with lifetimes
8c0c50e9fc Revert "xen-netback: Check for hotplug-status existence before watching"
625c04b523 Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
a0e2768fb9 gpio: Return EPROBE_DEFER if gc->to_irq is NULL
65d4e9d130 hwmon: (pmbus) Clear pmbus fault/warning bits after read
d15c9f6e33 net-sysfs: add check for netdevice being present to speed_show
8c023c3039 spi: rockchip: terminate dma transmission when slave abort
889254f98e spi: rockchip: Fix error in getting num-cs property
4fb9be675b selftests/bpf: Add test for bpf_timer overwriting crash
dc1c2b47b5 net: bcmgenet: Don't claim WOL when its not available
b7e4d9ba2d sctp: fix kernel-infoleak for SCTP sockets
3cf533f120 net: phy: DP83822: clear MISR2 register to disable interrupts
21044e679e gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
3a4cd1c51e gpio: ts4900: Do not set DAT and OE together
7702e7e9e3 selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
2b1c85f565 NFC: port100: fix use-after-free in port100_send_complete
1fdabf2cf4 net/mlx5e: Lag, Only handle events from highest priority multipath entry
f3331bc174 net/mlx5: Fix a race on command flush flow
5f1340963b net/mlx5: Fix size field in bufferx_reg struct
e2201ef32f ax25: Fix NULL pointer dereference in ax25_kill_by_device
cc7679079c net: ethernet: lpc_eth: Handle error for clk_enable
b3e4fcb539 net: ethernet: ti: cpts: Handle error for clk_enable
5e42f90d72 tipc: fix incorrect order of state message data sanity check
979b418b96 ethernet: Fix error handling in xemaclite_of_probe
506d61bc1b ice: Fix curr_link_speed advertised speed
852a9e97d3 ice: Rename a couple of variables
b21ffd5469 ice: Remove unnecessary checker loop
875967aff5 ice: Align macro names to the specification
8c613f7cd3 ice: stop disabling VFs due to PF error responses
d9ee2cbff2 i40e: stop disabling VFs due to PF error responses
965070a2b7 ARM: dts: aspeed: Fix AST2600 quad spi group
96b01b8541 net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate()
ed5bb00d86 drm/sun4i: mixer: Fix P010 and P210 format numbers
93223495bc qed: return status of qed_iov_get_link
5bee2ed050 esp: Fix BEET mode inter address family tunneling on GSO
16386479ef net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
33c74f8085 isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
cca9d5035b virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
a3d5fcc6cf mISDN: Fix memory leak in dsp_pipeline_build()
f97ad179d1 mISDN: Remove obsolete PIPELINE_DEBUG debugging information
2de76d37d4 tipc: fix kernel panic when enabling bearer
ea3a5e6df5 arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
2c6a75ea32 HID: vivaldi: fix sysfs attributes leak
2a18a38cbc clk: qcom: gdsc: Add support to update GDSC transition delay
0d6882dd15 ARM: boot: dts: bcm2711: Fix HVS register range
5c5685cc64 Merge 7ae8127e41 ("arm64: Add HWCAP for self-synchronising virtual counter") into android12-5.10-lts
19787ca417 Merge b19eaa004f ("arm64: Add Cortex-A510 CPU part definition") into android12-5.10-lts
199789221d Merge fc8070a9c5 ("arm64: Add Neoverse-N2, Cortex-A710 CPU part definition") into android-mainline
f14cf58208 UPSTREAM: ARM: fix Thumb2 regression with Spectre BHB
74562af594 UPSTREAM: ARM: Spectre-BHB: provide empty stub for non-config
b0ff4e14b1 UPSTREAM: ARM: fix build warning in proc-v7-bugs.c
f3ec5e6124 UPSTREAM: ARM: Do not use NOCROSSREFS directive with ld.lld
5c1f913cd2 UPSTREAM: ARM: fix co-processor register typo
4c5218ead0 UPSTREAM: ARM: fix build error when BPF_SYSCALL is disabled
7ab81873bd Merge 302754d023 ("ARM: include unprivileged BPF status in Spectre V2 reporting") into android12-5.10-lts
d221da1d6f Merge d04937ae94 ("x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT") into android12-5.10-lts
0773736e48 Merge 5.10.104 into android12-5.10-lts
56d625a4ce ANDROID: fix up rndis ABI breakage
67c781d938 Linux 5.10.105
561e91e5fe Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
206c8e271b xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
39c00d0928 xen/gnttab: fix gnttab_end_foreign_access() without page specified
c4b16486d6 xen/pvcalls: use alloc/free_pages_exact()
8357d75bfd xen/9p: use alloc/free_pages_exact()
17f01b7206 xen: remove gnttab_query_foreign_access()
5f36ae75b8 xen/gntalloc: don't use gnttab_query_foreign_access()
3047255182 xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
f6690dd944 xen/netfront: don't use gnttab_query_foreign_access() for mapped status
96219af4e5 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
3d81e85f30 xen/grant-table: add gnttab_try_end_foreign_access()
5c600371b8 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
b65b87e718 arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
90f59cc2f2 ARM: fix build warning in proc-v7-bugs.c
551717cf3b arm64: Use the clearbhb instruction in mitigations
8c4192d126 ARM: Do not use NOCROSSREFS directive with ld.lld
38c26bdb3c KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
1749b553d7 ARM: fix co-processor register typo
e192c8baa6 arm64: Mitigate spectre style branch history side channels
a330601c63 ARM: fix build error when BPF_SYSCALL is disabled
192023e6ba KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
13a807a0a0 arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
56cf5326bd arm64: entry: Add macro for reading symbol addresses from the trampoline
1f63326a52 arm64: Add percpu vectors for EL1
3f21b7e355 arm64: entry: Add vectors that have the bhb mitigation sequences
4937955296 arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
26211252c1 arm64: entry: Allow the trampoline text to occupy multiple pages
73ee716a1f arm64: entry: Make the kpti trampoline's kpti sequence optional
8c691e5308 arm64: entry: Move trampoline macros out of ifdef'd section
e550250632 arm64: entry: Don't assume tramp_vectors is the start of the vectors
5275fb5ea5 arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
bda8960281 arm64: entry: Move the trampoline data page before the text page
d93b25a665 arm64: entry: Free up another register on kpti's tramp_exit path
7ae8127e41 arm64: Add HWCAP for self-synchronising virtual counter
b19eaa004f arm64: Add Cortex-A510 CPU part definition
fc8070a9c5 arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
5242d6971e arm64: entry: Make the trampoline cleanup optional
8617156931 arm64: Add Cortex-X2 CPU part definition
7048a21086 arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
dc5b630c0d arm64: entry.S: Add ventry overflow sanity checks
97d8bdf331 arm64: cpufeature: add HWCAP for FEAT_RPRES
162aa002ec arm64: cpufeature: add HWCAP for FEAT_AFP
dbcfa98539 arm64: add ID_AA64ISAR2_EL1 sys register
302754d023 ARM: include unprivileged BPF status in Spectre V2 reporting
d04937ae94 x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
f3c12fc53e arm64: cputype: Add CPU implementor & types for the Apple M1 cores
3f9c958e35 ARM: Spectre-BHB workaround
cc9e3e55bd x86/speculation: Warn about Spectre v2 LFENCE mitigation
29d9b56df1 ARM: use LOADADDR() to get load address of sections
e335384560 x86/speculation: Update link to AMD speculation whitepaper
46deb22468 ARM: early traps initialisation
2fdf67a1d2 x86/speculation: Use generic retpoline by default on AMD
b7f1e73c4d ARM: report Spectre v2 status through sysfs
afc2d635b5 x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
071e8b69d7 Documentation/hw-vuln: Update spectre doc
a6a119d647 x86/speculation: Add eIBRS + Retpoline options
f38774bb6e x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
206cfe2dac x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
97581b56b5 Linux 5.10.104
dbbe09d953 hamradio: fix macro redefine warning
dcd03efd7e Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
292e1c88b8 btrfs: add missing run of delayed items after unlink during log replay
41712c5fa5 btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
6e0319e770 btrfs: fix lost prealloc extents beyond eof after full fsync
827172ffa9 tracing: Fix return value of __setup handlers
78059b1cfc tracing/histogram: Fix sorting on old "cpu" value
0e188fde82 HID: add mapping for KEY_ALL_APPLICATIONS
f276ea5035 HID: add mapping for KEY_DICTATE
3b8f2a7aed Input: samsung-keypad - properly state IOMEM dependency
a621ae6394 Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
1397bbcd81 Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
988f4f29cc net: dcb: disable softirqs in dcbnl_flush_dev()
6828da5dea drm/amdgpu: fix suspend/resume hang regression
f5e496ef73 nl80211: Handle nla_memdup failures in handle_nan_filter
64e4305a03 iavf: Refactor iavf state machine tracking
e6bc597fbc net: chelsio: cxgb3: check the return value of pci_find_capability()
320980b249 ibmvnic: complete init_done on transport events
86027004bb ARM: tegra: Move panels to AUX bus
fbb810825a soc: fsl: qe: Check of ioremap return value
2824f6939e soc: fsl: guts: Add a missing memory allocation failure check
3afe488d5c soc: fsl: guts: Revert commit 3c0d64e8674470913079 ARM: dts: Use 32KiHz oscillator on devkit8000
298f6fae54 ARM: dts: switch timer config to common devkit8000 devicetree
8b20c1999d s390/extable: fix exception table sorting
49aa9c9c7f memfd: fix F_SEAL_WRITE after shmem huge page allocated
6acbc88752 ibmvnic: free reset-work-item when flushing
9d8a11d74d igc: igc_write_phy_reg_gpy: drop premature return
223744f521 pinctrl: sunxi: Use unique lockdep classes for IRQs
2851b76e5f selftests: mlxsw: tc_police_scale: Make test more robust
85bf489c5c ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
6b63410490 ARM: Fix kgdb breakpoint for Thumb2
fefe4cb4a6 igc: igc_read_phy_reg_gpy: drop premature return
0632854fb1 arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
43eaf1b178 can: gs_usb: change active_channels's type from atomic_t to u8
daaed6ced8 ASoC: cs4265: Fix the duplicated control name
8b8ac465bf firmware: arm_scmi: Remove space in MODULE_ALIAS name
667df6fe3e efivars: Respect "block" flag in efivar_entry_set_safe()
283c37e542 ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
5f394102ee net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
92b791771a ibmvnic: register netdev after init of adapter
6e0f986032 net: sxgbe: fix return value of __setup handler
e1a82db1eb iavf: Fix missing check for running netdev
c9a066fe45 mac80211: treat some SAE auth steps as final
e6d7f57f91 net: stmmac: fix return value of __setup handler
fa65989a48 mac80211: fix forwarded mesh frames AC & queue selection
dcc3423c1d ia64: ensure proper NUMA distance and possible map initialization
1312ef5ad0 sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
d753aecb3d sched/topology: Make sched_init_numa() use a set for the deduplicating sort
05ae1f0fe9 ice: fix concurrent reset and removal of VFs
41edeeaae5 ice: Fix race conditions between virtchnl handling and VF ndo ops
0c145262ac rcu/nocb: Fix missed nocb_timer requeue
9bb7237cc7 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
d7eb662625 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
2e8d465b83 net/smc: fix connection leak
6a8a4dc2a2 net: dcb: flush lingering app table entries for unregistered devices
f4c63b24de net: ipv6: ensure we call ipv6_mc_down() at most once
a9c4a74ad5 batman-adv: Don't expect inter-netns unique iflink indices
3dae11d21f batman-adv: Request iflink once in batadv_get_real_netdevice
dcf10d78ff batman-adv: Request iflink once in batadv-on-batadv check
81f817f3e5 netfilter: nf_queue: handle socket prefetch
4d05239203 netfilter: nf_queue: fix possible use-after-free
3b9ba964f7 netfilter: nf_queue: don't assume sk is full socket
4e178ed14b net: fix up skbs delta_truesize in UDP GRO frag_list
eb5e444fe3 e1000e: Correct NVM checksum verification flow
b53d4bfd1a xfrm: enforce validity of offload input flags
2f0e6d80e8 xfrm: fix the if_id check in changelink
24efaae03b bpf, sockmap: Do not ignore orig_len parameter
8b0142c414 netfilter: fix use-after-free in __nf_register_net_hook()
4952faa77d xfrm: fix MTU regression
e93f2be33d mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
912186db09 ntb: intel: fix port config status offset for SPR
1c0b51e62a thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
a1753d5c29 xen/netfront: destroy queues before real_num_tx_queues is zeroed
ce41d80391 drm/i915: s/JSP2/ICP2/ PCH
61a895da48 iommu/amd: Recover from event log overflow
6951a58881 ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
dd9dd24fd7 riscv: Fix config KASAN && DEBUG_VIRTUAL
7211aab288 riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
00fb385f0a riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
336872601c ALSA: intel_hdmi: Fix reference to PCM buffer address
e57dfaf66f tracing: Add ustring operation to filtering string pointers
4a9d2390f3 drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
67e25eb1b4 ata: pata_hpt37x: fix PCI clock detection
335f11ff74 serial: stm32: prevent TDR register overwrite when sending x_char
c999c5927e tracing: Add test for user space strings when filtering on string pointers
db36a94ed6 exfat: fix i_blocks for files truncated over 4 GiB
1b810d5cb6 exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
fdd64084e4 usb: gadget: clear related members when goto fail
c13159a588 usb: gadget: don't release an existing dev->buf
00d5ac05af net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
16f903afba i2c: qup: allow COMPILE_TEST
57c333ad8c i2c: cadence: allow COMPILE_TEST
9d6285e632 dmaengine: shdma: Fix runtime PM imbalance on error
37b06d5ebf selftests/seccomp: Fix seccomp failure by adding missing headers
df9db1a2af cifs: fix double free race when mount fails in cifs_get_root()
e3850e211d tipc: fix a bit overflow in tipc_crypto_key_rcv()
6d4985b8a0 KVM: arm64: vgic: Read HW interrupt pending state from the HW
5d4b00e053 Input: clear BTN_RIGHT/MIDDLE on buttonpads
6e7015d982 regulator: core: fix false positive in regulator_late_cleanup()
467d664e5f ASoC: rt5682: do not block workqueue if card is unbound
0b050b7a0d ASoC: rt5668: do not block workqueue if card is unbound
11956c6eeb i2c: bcm2835: Avoid clock stretching timeouts
13f0ea8d11 mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
46f6d66219 mac80211_hwsim: report NOACK frames in tx_status
d172937367 Merge 5.10.103 into android12-5.10-lts
915a747ac7 Linux 5.10.103
78706b051a memblock: use kfree() to release kmalloced memblock regions
4185b788d3 gpio: tegra186: Fix chip_data type confusion
bb2e0a7723 tty: n_gsm: fix deadlock in gsmtty_open()
e4c8cb95d0 tty: n_gsm: fix wrong tty control line for flow control
1f0641dd0b tty: n_gsm: fix NULL pointer access due to DLCI release
1e35cb9e12 tty: n_gsm: fix proper link termination after failed open
90b47e617f tty: n_gsm: fix encoding of control signal octet bit DV
9e2dbc31e3 riscv: fix oops caused by irqsoff latency tracer
e098933866 thermal: int340x: fix memory leak in int3400_notify()
5b1cef5798 RDMA/cma: Do not change route.addr.src_addr outside state checks
8fe4da5524 driver core: Free DMA range map when device is released
2148247643 xhci: Prevent futile URB re-submissions due to incorrect return value.
0b0a229da1 xhci: re-initialize the HC during resume if HCE was set
328faee6d4 usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
e57bdee866 usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
99b2425d91 usb: dwc2: drd: fix soft connect when gadget is unconfigured
c786688037 USB: serial: option: add Telit LE910R1 compositions
220ba174f1 USB: serial: option: add support for DW5829e
3a1dd56e56 tracefs: Set the group ownership in apply_options() not parse_options()
bfa8ffbaaa USB: gadget: validate endpoint index for xilinx udc
4ce247af3f usb: gadget: rndis: add spinlock for rndis response list
ddc254fc88 Revert "USB: serial: ch341: add new Product ID for CH341A"
d3fce1b6bd ata: pata_hpt37x: disable primary channel on HPT371
18701d8afa sc16is7xx: Fix for incorrect data being transmitted
d5ddd7343a iio: Fix error handling for PM
eabcc609cb iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
b8d411a962 iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
1aa12ecfdc iio: adc: men_z188_adc: Fix a resource leak in an error handling path
afbeee13be tracing: Have traceon and traceoff trigger honor the instance
99eb8d6941 RDMA/ib_srp: Fix a deadlock
a7ab53d3c2 configfs: fix a race in configfs_{,un}register_subsystem()
0ecd3e35d7 RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
b0ecf9e594 RDMA/rtrs-clt: Kill wait_for_inflight_permits
8260f1800f RDMA/rtrs-clt: Fix possible double free in error case
dc64aa4c7d regmap-irq: Update interrupt clear register for proper reset
2efece1368 spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
67819b983e net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
be55d3e76c net/mlx5: Fix wrong limitation of metadata match on ecpf
8d617110d7 net/mlx5: Fix possible deadlock on rule deletion
1c59128955 udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
a184f4dd9b surface: surface3_power: Fix battery readings on batteries without a serial number
91f56a8527 net/smc: Use a mutex for locking "struct smc_pnettable"
7e9880e81d netfilter: nf_tables: fix memory leak during stateful obj update
af4bc921d3 nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
58a6d5f24f net: Force inlining of checksum functions in net/checksum.h
550d98ab30 net: ll_temac: check the return value of devm_kmalloc()
0fc1847359 net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
bc8f768af3 net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
fd020eaaa2 drm/edid: Always set RGB444
1df9d552fe openvswitch: Fix setting ipv6 fields causing hw csum failure
dac2490d9e gso: do not skip outer ip header in case of ipip and net_failover
b692d5dc6f tipc: Fix end of loop tests for list_for_each_entry()
c5722243d0 net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
4a93c65946 io_uring: add a schedule point in io_add_buffers()
7ef94bfb08 bpf: Add schedule points in batch ops
4f5d47e6b4 selftests: bpf: Check bpf_msg_push_data return value
d0caa7218d bpf: Do not try bpf_msg_push_data with len 0
962b2a3188 hwmon: Handle failure to register sensor with thermal zone correctly
d8b78314c5 bnxt_en: Fix active FEC reporting to ethtool
7e1eae5d1a bnx2x: fix driver load from initrd
51e96061c6 perf data: Fix double free in perf_session__delete()
5419b5be88 ping: remove pr_err from ping_lookup
5da17865c7 optee: use driver internal tee_context for some rpc
eb35461384 tee: export teedev_open() and teedev_close_context()
bae7fc6f0d x86/fpu: Correct pkru/xstate inconsistency
68f19845f5 netfilter: nf_tables_offload: incorrect flow offload action array size
69560efa00 CDC-NCM: avoid overflow in sanity checking
2aeba1ea7c USB: zaurus: support another broken Zaurus
4f5f5411f0 sr9700: sanity check for packet length
55eec5c630 drm/i915: Correctly populate use_sagv_wm for all pipes
ff9134882d drm/amdgpu: disable MMHUB PG for Picasso
72fdfc75d4 KVM: x86/mmu: make apf token non-zero to fix bug
646b532f32 parisc/unaligned: Fix ldw() and stw() unalignment handlers
397b5433f7 parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
698dc7d13c vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
84e303b4d5 clk: jz4725b: fix mmc0 clock gating
72a5b01875 btrfs: tree-checker: check item_size for dev_item
5c967dd073 btrfs: tree-checker: check item_size for inode_item
fcec42dd28 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
e1b86e7f5c Merge branch 'android12-5.10' into `android12-5.10-lts`
cbfab5c59c Revert "ipv6: per-netns exclusive flowlabel checks"
79553fad5c Merge 5.10.102 into android12-5.10-lts
47667effb7 Linux 5.10.102
6062d1267f lockdep: Correct lock_classes index mapping
f333c1916f i2c: brcmstb: fix support for DSL and CM variants
9fee985f9a copy_process(): Move fd_install() out of sighand->siglock critical section
e3fdbc40b7 i2c: qcom-cci: don't put a device tree node before i2c_add_adapter()
b5b2a92117 i2c: qcom-cci: don't delete an unregistered adapter
3b6d25d1b6 dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
2c35c95d36 dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe
4f907b6eb7 dmaengine: sh: rcar-dmac: Check for error num after setting mask
797b380f07 net: sched: limit TC_ACT_REPEAT loops
595c259f75 EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
f6ce4e3289 scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
3680b2b810 kconfig: fix failing to generate auto.conf
b6787e284d net: macb: Align the dma and coherent dma masks
439171a291 net: usb: qmi_wwan: Add support for Dell DW5829e
15616ba17d tracing: Fix tp_printk option related with tp_printk_stop_on_boot
5a253a23d9 drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
1e7433fb95 xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
a21f472fb5 soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
fecb05b1ce ata: libata-core: Disable TRIM on M88V29
b19ec7afa9 lib/iov_iter: initialize "flags" in new pipe_buffer
3045532278 kconfig: let 'shell' return enough output for deep path names
e05dde47f5 selftests: fixup build warnings in pidfd / clone3 tests
531a56c2e0 pidfd: fix test failure due to stack overflow on some arches
429ef36c4f arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
1415f22ee5 arm64: dts: meson-g12: add ATF BL32 reserved-memory region
605080f19e arm64: dts: meson-gx: add ATF BL32 reserved-memory region
eefb68794f netfilter: conntrack: don't refresh sctp entries in closed state
1ab4824857 irqchip/sifive-plic: Add missing thead,c900-plic match string
98bc06c46d phy: usb: Leave some clocks running during suspend
717f2fa858 ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
6932353af7 ARM: OMAP2+: hwmod: Add of_node_put() before break
521dcc107e NFS: Don't set NFS_INO_INVALID_XATTR if there is no xattr cache
fb00319afb KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
0ee4bb8ce8 KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event
99cd2a0437 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
91d8866ca5 Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
a176d559e8 mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
1a49b1b0b0 mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
8c848744c1 tty: n_tty: do not look ahead for EOL character past the end of the buffer
8daa0436ce NFS: Do not report writeback errors in nfs_getattr()
f9b7385c0f NFS: LOOKUP_DIRECTORY is also ok with symlinks
598dbaf74b block/wbt: fix negative inflight counter when remove scsi device
dc6faa0ede ASoC: tas2770: Insert post reset delay
9dcedbe943 KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
a4eeeaca50 mtd: rawnand: gpmi: don't leak PM reference in error path
fb26219b40 powerpc/lib/sstep: fix 'ptesync' build error
54f76366cd ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
0df1badfdf ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
1ef76832fe ALSA: hda: Fix missing codec probe on Shenker Dock 15
c72c3b597a ALSA: hda: Fix regression on forced probe mask option
63b1602c2f ALSA: hda/realtek: Fix deadlock by COEF mutex
b6a5e8f45f ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
67de71b943 selftests/exec: Add non-regular to TEST_GEN_PROGS
d3018a1962 perf bpf: Defer freeing string after possible strlen() on it
016e3ca9c5 dpaa2-eth: Initialize mutex used in one step timestamping path
50f3b00d4c libsubcmd: Fix use-after-free for realloc(..., 0)
ffa8df4f0e bonding: fix data-races around agg_select_timer
d9bd9d4c60 net_sched: add __rcu annotation to netdev->qdisc
877a05672f drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
a0e004e620 bonding: force carrier update when releasing slave
8dec3c4e73 ping: fix the dif and sdif check in ping_lookup
6793a9b028 net: ieee802154: ca8210: Fix lifs/sifs periods
f48bd34137 net: dsa: lantiq_gswip: fix use after free in gswip_remove()
d9b2203e5a net: dsa: lan9303: fix reset on probe
4f523f15e5 ipv6: per-netns exclusive flowlabel checks
100344200a netfilter: nft_synproxy: unregister hooks on init error path
26931971db selftests: netfilter: fix exit value for nft_concat_range
b26ea3f6b7 iwlwifi: pcie: gen2: fix locking when "HW not ready"
8867f99379 iwlwifi: pcie: fix locking when "HW not ready"
f3c1910257 drm/i915/gvt: Make DRM_I915_GVT depend on X86
87cd1bbd66 vsock: remove vsock from connected table when connect is interrupted by a signal
eb7bf11e8e drm/i915/opregion: check port number bounds for SWSCI display power state
5564d83ebc drm/radeon: Fix backlight control on iMac 12,1
008508c16a iwlwifi: fix use-after-free
44b81136e8 kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled
8b53e5f737 kbuild: lto: merge module sections
45102b538a random: wake up /dev/random writers after zap
143aaf79ba gcc-plugins/stackleak: Use noinstr in favor of notrace
de55891e16 Revert "module, async: async_synchronize_full() on module init iff async is used"
3c958dbcba x86/Xen: streamline (and fix) PV CPU enumeration
e76d0a9692 drm/amdgpu: fix logic inversion in check
324f5bdc52 nvme-rdma: fix possible use-after-free in transport error_recovery work
e192184cf8 nvme-tcp: fix possible use-after-free in transport error_recovery work
0ead57ceb2 nvme: fix a possible use-after-free in controller reset during load
fe9ac3eaa2 scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
d872e7b5fe scsi: pm8001: Fix use-after-free for aborted TMF sas_task
1e73f5cfc1 quota: make dquot_quota_sync return errors from ->sync_fs
c405640aad vfs: make freeze_super abort when sync_filesystem returns error
b9a229fd48 ax25: improve the incomplete fix to avoid UAF and NPD bugs
139fce2992 selftests: skip mincore.check_file_mmap when fs lacks needed support
204a2390da selftests: openat2: Skip testcases that fail with EOPNOTSUPP
2be48bfac7 selftests: openat2: Add missing dependency in Makefile
74a30666b4 selftests: openat2: Print also errno in failure messages
bfc84cfd90 selftests/zram: Adapt the situation that /dev/zram0 is being used
f0eba714c1 selftests/zram01.sh: Fix compression ratio calculation
7bb704b69f selftests/zram: Skip max_comp_streams interface on newer kernel
0fd484644c net: ieee802154: at86rf230: Stop leaking skb's
0c18a75193 kselftest: signal all child processes
1136141f19 selftests: rtc: Increase test timeout so that all tests run
79175b6ee6 platform/x86: ISST: Fix possible circular locking dependency detected
066c905ed0 platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1
0b17d4b51c btrfs: send: in case of IO error log it
78a68bbebd parisc: Add ioread64_lo_hi() and iowrite64_lo_hi()
ade1077c7f PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology
254090925e mm: don't try to NUMA-migrate COW pages that have other uses
ab2b4e65a1 mmc: block: fix read single on recovery logic
7756716872 parisc: Fix sglist access in ccio-dma.c
f8f519d7df parisc: Fix data TLB miss in sba_unmap_sg
4d569b959e parisc: Drop __init from map_pages declaration
8e3f9a098e serial: parisc: GSC: fix build when IOSAPIC is not set
fe383750d4 Revert "svm: Add warning message for AVIC IPI invalid target"
126382b556 HID:Add support for UGTABLET WP5540
f100e758ce scsi: lpfc: Fix mailbox command failure during driver initialization
4578b979ef can: isotp: add SF_BROADCAST support for functional addressing
5d42865fc3 can: isotp: prevent race between isotp_bind() and isotp_setsockopt()
db3f3636e4 fs/proc: task_mmu.c: don't read mapcount for migration entry
0849f83e47 fget: clarify and improve __fget_files() implementation
657991fb06 rcu: Do not report strict GPs for outgoing CPUs
8c8385972e mm: memcg: synchronize objcg lists with a dedicated spinlock
d0f4aa2d97 drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
add227a8d8 Merge branch 'android12-5.10' into `android12-5.10-lts`
The .xml abi file was also updated due to changes required from the -lts
branch that were merged there:
Leaf changes summary: 1 artifact changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct snd_pcm_runtime at pcm.h:344:1' changed:
type size changed from 6144 to 6592 (in bits)
2 data member insertions:
'mutex buffer_mutex', at offset 6144 (in bits) at pcm.h:432:1
'atomic_t buffer_accessing', at offset 6528 (in bits) at pcm.h:433:1
114 impacted interfaces
Change-Id: Ie9262400472eda3e30d1ef26738df1d5dd4c319d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 055f23b74b20f2824ce33047b4cf2e2aa856bf3b upstream.
Previously, when CONFIG_MODULE_UNLOAD=n, the module loader just does not
attempt to load exit sections since it never expects that any code in those
sections will ever execute. However, dynamic code patching (alternatives,
jump_label and static_call) can have sites in __exit code, even if __exit is
never executed. Therefore __exit must be present at runtime, at least for as
long as __init code is.
Commit 33121347fb1c ("module: treat exit sections the same as init
sections when !CONFIG_MODULE_UNLOAD") solves the requirements of
jump_labels and static_calls by putting the exit sections in the init
region of the module so that they are at least present at init, and
discarded afterwards. It does this by including a check for exit
sections in module_init_section(), so that it also returns true for exit
sections, and the module loader will automatically sort them in the init
region of the module.
However, the solution there was not completely arch-independent. ARM is
a special case where it supplies its own module_{init, exit}_section()
functions. Instead of pushing the exit section checks into
module_init_section(), just implement the exit section check in
layout_sections(), so that we don't have to touch arch-dependent code.
Fixes: 33121347fb1c ("module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD")
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 33121347fb1c359bd6e3e680b9f2c6ced5734a81 upstream.
Dynamic code patching (alternatives, jump_label and static_call) can
have sites in __exit code, even it __exit is never executed. Therefore
__exit must be present at runtime, at least for as long as __init code
is.
Additionally, for jump_label and static_call, the __exit sites must also
identify as within_module_init(), such that the infrastructure is aware
to never touch them after module init -- alternatives are only ran once
at init and hence don't have this particular constraint.
By making __exit identify as __init for MODULE_UNLOAD, the above is
satisfied.
So, when !CONFIG_MODULE_UNLOAD, the section ordering should look like the
following, with the .exit sections moved to the init region of the module.
Core section allocation order:
.text
.rodata
__ksymtab_gpl
__ksymtab_strings
.note.* sections
.bss
.data
.gnu.linkonce.this_module
Init section allocation order:
.init.text
.exit.text
.symtab
.strtab
[jeyu: thanks to Peter Zijlstra for most of changelog]
Link: https://lore.kernel.org/lkml/YFiuphGw0RKehWsQ@gunter/
Link: https://lore.kernel.org/r/20210323142756.11443-1-jeyu@kernel.org
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Cc: Joerg Vehlow <lkml@jv-coder.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3ac6487e584a1eb54071dbe1212e05b884136704 upstream.
Norbert reported that it's possible to race sys_perf_event_open() such
that the looser ends up in another context from the group leader,
triggering many WARNs.
The move_group case checks for races against itself, but the
!move_group case doesn't, seemingly relying on the previous
group_leader->ctx == ctx check. However, that check is racy due to not
holding any locks at that time.
Therefore, re-check the result after acquiring locks and bailing
if they no longer match.
Additionally, clarify the not_move_group case from the
move_group-vs-move_group race.
Fixes: f63a8daa58 ("perf: Fix event->ctx locking")
Reported-by: Norbert Slusarek <nslusarek@gmx.net>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kuniyuki Iwashima