fedef46c6970443406ab44d8414cce8522e8011c
17083 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
fedef46c69 |
Merge 5.10.219 into android12-5.10-lts
Changes in 5.10.219
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
speakup: Fix sizeof() vs ARRAY_SIZE() bug
ring-buffer: Fix a race between readers and resize checks
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
ALSA: core: Fix NULL module pointer assignment at card init
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: da7219-aad: fix usage of device_get_named_child_node()
drm/amdkfd: Flush the process wq before creating a kfd_process
nvme: find numa distance only if controller has valid numa id
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
wifi: ath10k: poll service ready message before failing
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
qed: avoid truncating work queue length
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs-qcom: Fix ufs RST_n spec violation
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Fix "ignore unlock failures after withdraw"
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: Reorganize checks in cpufreq_offline()
cpufreq: Split cpufreq_offline()
cpufreq: Rearrange locking in cpufreq_remove_dev()
cpufreq: exit() callback is optional
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
wifi: ath10k: populate board data for WCN3990
tcp: avoid premature drops in tcp_add_backlog()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
wifi: mwl8k: initialize cmd->addr[] properly
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Discard command completions in internal error
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: soc-acpi: add helper to identify parent driver.
ASoC: Intel: Disable route checks for Skylake boards
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
media: ngene: Add dvb_ca_en50221_init return value check
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
RDMA/hns: Refactor the hns_roce_buf allocation flow
RDMA/hns: Create QP with selected QPN for bank load balance
RDMA/hns: Fix incorrect symbol types
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ext4: avoid excessive credit estimate in ext4_tmpfile()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: Make the test output consistent and clear
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: qrtr: fix null-ptr-deref in qrtr_ns_remove
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
greybus: lights: check return of get_channel_from_mode
f2fs: fix to wait on page writeback in __clone_blkaddrs()
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
f2fs: compress: support chksum
f2fs: add compress_mode mount option
f2fs: compress: clean up parameter of __f2fs_cluster_blocks()
f2fs: compress: remove unneeded preallocation
f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: add cp_error check in f2fs_write_compressed_pages
f2fs: fix to force keeping write barrier for strict fsync mode
f2fs: do not allow partial truncation on pinned file
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: pressure: dps310: support negative temperature values
fpga: region: change FPGA indirect article to an
fpga: region: Rename dev to parent for parent device
docs: driver-api: fpga: avoid using UTF-8 chars
fpga: region: Use standard dev_release for class driver
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dpu: Always flush the slave INTF on the CTL
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
media: flexcop-usb: clean up endpoint sanity checks
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: core headers: fix kernel-doc warnings
media: cec: fix a deadlock situation
media: cec: call enable_adap on s_log_addrs
media: cec: abort if the current transmit was canceled
media: cec: correctly pass on reply results
media: cec: use call_op and check for !unregistered
media: cec-adap.c: drop activate_cnt, use state info instead
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
regulator: bd71828: Don't overwrite runtime voltages
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
ipv6: sr: fix memleak in seg6_hmac_init_algo
params: lift param_set_uint_minmax to common code
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
nvmet: fix ns enable/disable possible hang
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
enic: Validate length of nl attributes in enic_set_vf_port
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
netfilter: tproxy: bail out if IP has been disabled on the device
kconfig: fix comparison to constant symbols, 'm', 'n'
spi: stm32: Don't warn about spurious interrupts
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
hwmon: (shtc1) Fix property misspelling
ALSA: timer: Set lower bound of start tick time
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
media: cec: core: add adap_nb_transmit_canceled() callback
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
binder: fix max_thread type inconsistency
mmc: core: Do not force a retune before RPMB switch
io_uring: fail NOP if non-zero op flags is passed in
afs: Don't cross .backup mountpoint from backup volume
nilfs2: fix use-after-free of timer for log writer thread
vxlan: Fix regression when dropping packets due to invalid src addresses
x86/mm: Remove broken vsyscall emulation code from the page fault code
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
media: lgdt3306a: Add a check against null-pointer-def
drm/amdgpu: add error handle to avoid out-of-bounds
ata: pata_legacy: make legacy_exit() work again
ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
arm64: tegra: Correct Tegra132 I2C alias
arm64: dts: qcom: qcs404: fix bluetooth device address
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
arm64: dts: hi3798cv200: fix the size of GICR
media: mc: mark the media devnode as registered from the, start
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
mmc: core: Add mmc_gpiod_set_cd_config() function
mmc: sdhci-acpi: Sort DMI quirks alphabetically
mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
fbdev: savage: Handle err return when savagefb_check_var failed
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
crypto: ecrdsa - Fix module auto-load on add_key
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
net/ipv6: Fix route deleting failure when metric equals 0
net/9p: fix uninit-value in p9_client_rpc()
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
s390/ap: Fix crash in AP internal function modify_bitmap()
nfs: fix undefined behavior in nfs_block_bits()
NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
f2fs: compress: fix compression chksum
RDMA/hns: Use mutex instead of spinlock for ida allocation
RDMA/hns: Fix CQ and QP cache affinity
Linux 5.10.219
Change-Id: I0e21ff44d28df2a2802a9fb35f0959bb5ab528fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Dongli Zhang
|
6752dfcfff |
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
commit a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32 upstream.
The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of
interrupt affinity reconfiguration via procfs. Instead, the change is
deferred until the next instance of the interrupt being triggered on the
original CPU.
When the interrupt next triggers on the original CPU, the new affinity is
enforced within __irq_move_irq(). A vector is allocated from the new CPU,
but the old vector on the original CPU remains and is not immediately
reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming
process is delayed until the next trigger of the interrupt on the new CPU.
Upon the subsequent triggering of the interrupt on the new CPU,
irq_complete_move() adds a task to the old CPU's vector_cleanup list if it
remains online. Subsequently, the timer on the old CPU iterates over its
vector_cleanup list, reclaiming old vectors.
However, a rare scenario arises if the old CPU is outgoing before the
interrupt triggers again on the new CPU.
In that case irq_force_complete_move() is not invoked on the outgoing CPU
to reclaim the old apicd->prev_vector because the interrupt isn't currently
affine to the outgoing CPU, and irq_needs_fixup() returns false. Even
though __vector_schedule_cleanup() is later called on the new CPU, it
doesn't reclaim apicd->prev_vector; instead, it simply resets both
apicd->move_in_progress and apicd->prev_vector to 0.
As a result, the vector remains unreclaimed in vector_matrix, leading to a
CPU vector leak.
To address this issue, move the invocation of irq_force_complete_move()
before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the
interrupt is currently or used to be affine to the outgoing CPU.
Additionally, reclaim the vector in __vector_schedule_cleanup() as well,
following a warning message, although theoretically it should never see
apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.
Fixes:
|
||
|
Daniel J Blueman
|
03a7939453 |
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
commit 455f9075f14484f358b3c1d6845b4a438de198a7 upstream. When the BIOS configures the architectural TSC-adjust MSRs on secondary sockets to correct a constant inter-chassis offset, after Linux brings the cores online, the TSC sync check later resets the core-local MSR to 0, triggering HPET fallback and leading to performance loss. Fix this by unconditionally using the initial adjust values read from the MSRs. Trusting the initial offsets in this architectural mechanism is a better approach than special-casing workarounds for specific platforms. Signed-off-by: Daniel J Blueman <daniel@quora.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Steffen Persvold <sp@numascale.com> Reviewed-by: James Cleverdon <james.cleverdon.external@eviden.com> Reviewed-by: Dimitri Sivanich <sivanich@hpe.com> Reviewed-by: Prarit Bhargava <prarit@redhat.com> Link: https://lore.kernel.org/r/20240419085146.175665-1-daniel@quora.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
3a2d2273f6 |
Merge 5.10.218 into android12-5.10-lts
Changes in 5.10.218 pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() x86/xen: Drop USERGS_SYSRET64 paravirt call Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access ima: fix deadlock when traversing "ima_default_rules". netlink: annotate lockless accesses to nlk->max_recvmsg_len KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection firmware: arm_scmi: Harden accesses to the reset domains mptcp: ensure snd_nxt is properly initialized on connect btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() usb: typec: ucsi: displayport: Fix potential deadlock serial: kgdboc: Fix NMI-safety problems from keyboard reset code docs: kernel_include.py: Cope with docutils 0.21 Linux 5.10.218 Change-Id: Ic5eed7370c42b3d8637a72edd4f82f5efa706e09 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c15c1199d6 |
Merge 5.10.216 into android12-5.10-lts
Changes in 5.10.216
batman-adv: Avoid infinite loop trying to resize local TT
Bluetooth: Fix memory leak in hci_req_sync_complete()
media: cec: core: remove length check of Timer Status
nouveau: fix function cast warning
net: openvswitch: fix unwanted error log on timeout policy probing
u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
geneve: fix header validation in geneve[6]_xmit_skb
octeontx2-af: Fix NIX SQ mode and BP config
ipv6: fib: hide unused 'pn' variable
ipv4/route: avoid unused-but-set-variable warning
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
Bluetooth: SCO: Fix not validating setsockopt user input
netfilter: complete validation of user input
net/mlx5: Properly link new fs rules into the tree
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
af_unix: Fix garbage collector racing against connect()
net: ena: Fix potential sign extension issue
net: ena: Wrong missing IO completions check order
net: ena: Fix incorrect descriptor free behavior
iommu/vt-d: Allocate local memory for page request queue
mailbox: imx: fix suspend failue
btrfs: qgroup: correctly model root qgroup rsv in convert
drm/client: Fully protect modes[] with dev->mode_config.mutex
vhost: Add smp_rmb() in vhost_vq_avail_empty()
x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n
selftests: timers: Fix abs() warning in posix_timers test
x86/apic: Force native_apic_mem_read() to use the MOV instruction
irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
btrfs: record delayed inode root in transaction
riscv: Enable per-task stack canaries
riscv: process: Fix kernel gp leakage
selftests/ftrace: Limit length in subsystem-enable tests
kprobes: Fix possible use-after-free issue on kprobe registration
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
netfilter: nft_set_pipapo: do not free live element
tun: limit printing rate when illegal packet received by tun dev
RDMA/rxe: Fix the problem "mutex_destroy missing"
RDMA/cm: Print the old state when cm_destroy_id gets timeout
RDMA/mlx5: Fix port number for counter query in multi-port configuration
drm: nv04: Fix out of bounds access
drm/panel: visionox-rm69299: don't unregister DSI device
clk: Remove prepare_lock hold assertion in __clk_release()
clk: Mark 'all_lists' as const
clk: remove extra empty line
clk: Print an info line before disabling unused clocks
clk: Initialize struct clk_core kref earlier
clk: Get runtime PM before walking tree during disable_unused
x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
binder: check offset alignment in binder_get_object()
thunderbolt: Avoid notify PM core about runtime PM resume
thunderbolt: Fix wake configurations after device unplug
comedi: vmk80xx: fix incomplete endpoint checking
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
USB: serial: option: add Fibocom FM135-GL variants
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: add Telit FN920C04 rmnet compositions
Revert "usb: cdc-wdm: close race between read and workqueue"
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
usb: Disable USB3 LPM at shutdown
mei: me: disable RPL-S on SPS and IGN firmwares
speakup: Avoid crash on very long word
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
init/main.c: Fix potential static_command_line memory overflow
drm/amdgpu: validate the parameters of bo mapping operations more clearly
nouveau: fix instmem race condition around ptr stores
nilfs2: fix OOB in nilfs_set_de_type
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts
arm64: dts: mediatek: mt7622: add support for coherent DMA
arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch
arm64: dts: mediatek: mt7622: fix clock controllers
arm64: dts: mediatek: mt7622: fix IR nodename
arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
arm64: dts: mediatek: mt2712: fix validation errors
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
wifi: iwlwifi: mvm: remove old PASN station when adding a new one
vxlan: drop packets from invalid src-address
mlxsw: core: Unregister EMAD trap using FORWARD action
NFC: trf7970a: disable all regulators on removal
ipv4: check for NULL idev in ip_route_use_hint()
net: usb: ax88179_178a: stop lying about skb->truesize
net: gtp: Fix Use-After-Free in gtp_dellink
ipvs: Fix checksumming on GSO of SCTP packets
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
mlxsw: spectrum_acl_tcam: Rate limit error message
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
mlxsw: spectrum_acl_tcam: Fix warning during rehash
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
netfilter: nf_tables: honor table dormant flag from netdev release event path
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
i40e: Report MFS in decimal base instead of hex
iavf: Fix TC config comparison with existing adapter TC config
net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
serial: core: Provide port lock wrappers
serial: mxs-auart: add spinlock around changing cts state
Revert "crypto: api - Disallow identical driver names"
net/mlx5e: Fix a race in command alloc flow
tracing: Show size of requested perf buffer
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
PM / devfreq: Fix buffer overflow in trans_stat_show
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
cpu: Re-enable CPU mitigations by default for !X86 architectures
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
drm/amdgpu: Fix leak when GPU memory allocation fails
irqchip/gic-v3-its: Prevent double free on error
ethernet: Add helper for assigning packet type when dest address does not match device address
net: b44: set pause params only when interface is up
stackdepot: respect __GFP_NOLOCKDEP allocation flag
mtd: diskonchip: work around ubsan link failure
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
dmaengine: owl: fix register access functions
idma64: Don't try to serve interrupts when device is powered off
dma: xilinx_dpdma: Fix locking
riscv: fix VMALLOC_START definition
riscv: Fix TASK_SIZE on 64-bit NOMMU
i2c: smbus: fix NULL function pointer dereference
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
udp: preserve the connected status if only UDP cmsg
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled
Linux 5.10.216
Change-Id: Ia2bf3ba6ed3f36a56f71543442427eb770a2400b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
9100d24dfd |
Merge 5.10.215 into android12-5.10-lts
Changes in 5.10.215
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
printk/console: Split out code that enables default console
serial: Lock console when calling into driver before registration
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI: Cache PCIe Device Capabilities register
PCI: Work around Intel I210 ROM BAR overlap defect
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Use dev_err_probe()
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/ERR: Clear AER status only when we control AER
PCI/AER: Block runtime suspend when handling errors
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: dwc: endpoint: Fix advertised resizable BAR size
vfio/platform: Disable virqfds on cleanup
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
net: hns3: tracing: fix hclgevf trace event strings
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
vxge: remove unnecessary cast in kfree()
x86/stackprotector/32: Make the canary into a regular percpu variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
scripts: kernel-doc: Fix syntax error due to undeclared args variable
comedi: comedi_test: Prevent timers rescheduling during deletion
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
tee: optee: Fix kernel panic caused by incorrect error handling
xen/events: close evtchn after mapping cleanup
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
net: ll_temac: platform_get_resource replaced by wrong function
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
tcp: properly terminate timers for kernel sockets
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
bpf: Protect against int overflow for stack access size
Octeontx2-af: fix pause frame configuration in GMP mode
dm integrity: fix out-of-range warning
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
x86/cpufeatures: Add new word for scattered features
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
io_uring: ensure '0' is returned on file registration success
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
x86/srso: Add SRSO mitigation for Hygon processors
block: add check that partition length needs to be aligned with block size
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: validate user input for expected length
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
erspan: make sure erspan_base_hdr is present in skb->head
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
octeontx2-pf: check negative error code in otx2_open()
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Revert "usb: phy: generic: Get the vbus supply"
udp: do not accept non-tunnel GSO skbs landing in a tunnel
net: ravb: Always process TX descriptor ring
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
s390/entry: align system call table on 8 bytes
riscv: Fix spurious errors from __get/put_kernel_nofault
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
objtool: Add asm version of STACK_FRAME_NON_STANDARD
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
panic: Flush kernel log buffer at the end
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
ionic: set adminq irq affinity
pstore/zone: Add a null pointer check to the psz_kmsg_read
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
ext4: add a hint for block bitmap corrupt state in mb_groups
ext4: forbid commit inconsistent quota data when errors=remount-ro
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
libperf evlist: Avoid out-of-bounds access
block: prevent division by zero in blk_rq_stat_sum()
RDMA/cm: add timeout to cm_destroy_id wait
Input: allocate keycode for Display refresh rate toggle
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
ktest: force $buildonly = 1 for 'make_warnings_file' test type
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
tools: iio: replace seekdir() in iio_generic_buffer
usb: typec: tcpci: add generic tcpci fallback compatible
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
drivers/nvme: Add quirks for device 126f:2262
fbmon: prevent division by zero in fb_videomode_from_videomode()
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
kbuild: dummy-tools: adjust to stricter stackprotector check
scsi: sd: Fix wrong zone_write_granularity value during revalidate
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
x86/head/64: Re-enable stack protection
Linux 5.10.215
Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Juergen Gross
|
1424ab4bb3 |
x86/xen: Drop USERGS_SYSRET64 paravirt call
commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream.
USERGS_SYSRET64 is used to return from a syscall via SYSRET, but
a Xen PV guest will nevertheless use the IRET hypercall, as there
is no sysret PV hypercall defined.
So instead of testing all the prerequisites for doing a sysret and
then mangling the stack for Xen PV again for doing an iret just use
the iret exit from the beginning.
This can easily be done via an ALTERNATIVE like it is done for the
sysenter compat case already.
It should be noted that this drops the optimization in Xen for not
restoring a few registers when returning to user mode, but it seems
as if the saved instructions in the kernel more than compensate for
this drop (a kernel build in a Xen PV guest was slightly faster with
this patch applied).
While at it remove the stale sysret32 remnants.
[ pawan: Brad Spengler and Salvatore Bonaccorso <carnil@debian.org>
reported a problem with the 5.10 backport commit
|
||
|
Greg Kroah-Hartman
|
dd27b89022 |
Merge 5.10.214 into android12-5.10-lts
Changes in 5.10.214
io_uring/unix: drop usage of io_uring socket
io_uring: drop any code related to SCM_RIGHTS
rcu-tasks: Provide rcu_trace_implies_rcu_gp()
bpf: Defer the free of inner map when necessary
selftests: tls: use exact comparison in recv_partial
ASoC: rt5645: Make LattePanda board DMI match more precise
x86/xen: Add some null pointer checking to smp.c
MIPS: Clear Cause.BD in instruction_pointer_set
HID: multitouch: Add required quirk for Synaptics 0xcddc device
gen_compile_commands: fix invalid escape sequence warning
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
RDMA/mlx5: Relax DEVX access upon modify commands
x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
net/iucv: fix the allocation size of iucv_path_table array
parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
block: sed-opal: handle empty atoms when parsing response
dm-verity, dm-crypt: align "struct bvec_iter" correctly
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
firewire: core: use long bus reset on gap count error
ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
Input: gpio_keys_polled - suppress deferred probe error for gpio
ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
x86/paravirt: Fix build due to __text_gen_insn() backport
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
nbd: null check for nla_nest_start
fs/select: rework stack allocation hack for clang
block: add a new set_read_only method
md: implement ->set_read_only to hook into BLKROSET processing
md: Don't clear MD_CLOSING when the raid is about to stop
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
timekeeping: Fix cross-timestamp interpolation on counter wrap
timekeeping: Fix cross-timestamp interpolation corner case decision
timekeeping: Fix cross-timestamp interpolation for non-x86
wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
wifi: b43: Stop correct queue in DMA worker when QoS is disabled
wifi: b43: Disable QoS for bcm4331
wifi: wilc1000: fix declarations ordering
wifi: wilc1000: fix RCU usage in connect path
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
wifi: wilc1000: fix multi-vif management when deleting a vif
wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
sock_diag: annotate data-races around sock_diag_handlers[family]
inet_diag: annotate data-races around inet_diag_table[]
bpftool: Silence build warning about calloc()
af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
wifi: iwlwifi: dbg-tlv: ensure NUL termination
wifi: iwlwifi: fix EWRD table validity check
net: blackhole_dev: fix build warning for ethh set but not used
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
bpf: Factor out bpf_spin_lock into helpers.
bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
wireless: Remove redundant 'flush_workqueue()' calls
wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
bus: tegra-aconnect: Update dependency to ARCH_TEGRA
iommu/amd: Mark interrupt as managed
wifi: brcmsmac: avoid function pointer casts
net: ena: Remove ena_select_queue
ARM: dts: arm: realview: Fix development chip ROM compatible value
ARM: dts: imx6dl-yapp4: Move phy reset into switch node
ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
ACPI: scan: Fix device check notification handling
x86, relocs: Ignore relocations in .notes section
SUNRPC: fix some memleaks in gssx_dec_option_array
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
wifi: rtw88: 8821c: Fix false alarm count
PCI: Make pci_dev_is_disconnected() helper public for other drivers
iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
igb: move PEROUT and EXTTS isr logic to separate functions
igb: Fix missing time sync events
Bluetooth: Remove superfluous call to hci_conn_check_pending()
Bluetooth: hci_core: Fix possible buffer overflow
sr9800: Add check for usbnet_get_endpoints
bpf: Eliminate rlimit-based memory accounting for devmap maps
bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
bpf: Fix stackmap overflow check on 32-bit arches
ipv6: fib6_rules: flush route cache when rule is changed
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
net: phy: fix phy_get_internal_delay accessing an empty array
net: hns3: fix port duplex configure error in IMP reset
net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
net: phy: dp83822: Fix RGMII TX delay configuration
OPP: debugfs: Fix warning around icc_get_name()
tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
net/ipv4: Replace one-element array with flexible-array member
net/ipv4: Revert use of struct_size() helper
net/ipv4/ipv6: Replace one-element arraya with flexible-array members
bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
nfp: flower: handle acti_netdevs allocation failure
dm raid: fix false positive for requeue needed during reshape
dm: call the resume method on internal suspend
drm/tegra: dsi: Add missing check for of_find_device_by_node
drm/tegra: dsi: Make use of the helper function dev_err_probe()
drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe()
drm/rockchip: inno_hdmi: Fix video timing
drm: Don't treat 0 as -1 in drm_fixp2int_ceil
drm/rockchip: lvds: do not overwrite error code
drm/rockchip: lvds: do not print scary message when probing defer
drm/lima: fix a memleak in lima_heap_alloc
dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
media: tc358743: register v4l2 async device only after successful setup
PCI/DPC: Print all TLP Prefixes, not just the first
perf record: Fix possible incorrect free in record__switch_output()
HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
media: em28xx: annotate unchecked call to media_device_register()
media: v4l2-tpg: fix some memleaks in tpg_alloc
media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
media: edia: dvbdev: fix a use-after-free
pinctrl: mediatek: Drop bogus slew rate register range for MT8192
clk: qcom: reset: Commonize the de/assert functions
clk: qcom: reset: Ensure write completion on reset de/assertion
quota: simplify drop_dquot_ref()
quota: Fix potential NULL pointer dereference
quota: Fix rcu annotations of inode dquot pointers
PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
crypto: xilinx - call finalize with bh disabled
perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
ALSA: seq: fix function cast warnings
perf stat: Avoid metric-only segv
ASoC: meson: Use dev_err_probe() helper
ASoC: meson: aiu: fix function pointer type mismatch
ASoC: meson: t9015: fix function pointer type mismatch
media: sun8i-di: Fix coefficient writes
media: sun8i-di: Fix power on/off sequences
media: sun8i-di: Fix chroma difference threshold
media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
media: go7007: add check of return value of go7007_read_addr()
media: pvrusb2: remove redundant NULL check
media: pvrusb2: fix pvr2_stream_callback casts
clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
drm/tegra: put drm_gem_object ref on error in tegra_fb_create
mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref
crypto: arm/sha - fix function cast warnings
drm/tidss: Fix initial plane zpos values
mtd: maps: physmap-core: fix flash size larger than 32-bit
mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
ASoC: meson: axg-tdm-interface: add frame rate constraint
drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
media: pvrusb2: fix uaf in pvr2_context_set_notify
media: dvb-frontends: avoid stack overflow warnings with clang
media: go7007: fix a memleak in go7007_load_encoder
media: ttpci: fix two memleaks in budget_av_attach
media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
drm/msm/dpu: add division of drm_display_mode's hskew parameter
powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
leds: aw2013: Unlock mutex before destroying it
leds: sgm3140: Add missing timer cleanup and flash gpio control
backlight: lm3630a: Initialize backlight_properties on init
backlight: lm3630a: Don't set bl->props.brightness in get_brightness
backlight: da9052: Fully initialize backlight_properties during probe
backlight: lm3639: Fully initialize backlight_properties during probe
backlight: lp8788: Fully initialize backlight_properties during probe
sparc32: Fix section mismatch in leon_pci_grpci
clk: Fix clk_core_get NULL dereference
ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
RDMA/srpt: Do not register event handler until srpt device is fully setup
f2fs: compress: fix to check unreleased compressed cluster
scsi: csiostor: Avoid function pointer casts
RDMA/device: Fix a race between mad_client and cm_client init
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
NFSv4.2: fix listxattr maximum XDR buffer size
watchdog: stm32_iwdg: initialize default timeout
NFS: Fix an off by one in root_nfs_cat()
afs: Revert "afs: Hide silly-rename files from userspace"
remoteproc: stm32: Constify st_rproc_ops
remoteproc: Add new get_loaded_rsc_table() to rproc_ops
remoteproc: stm32: Move resource table setup to rproc_ops
remoteproc: stm32: use correct format strings on 64-bit
remoteproc: stm32: Fix incorrect type in assignment for va
remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef
tty: vt: fix 20 vs 0x20 typo in EScsiignore
serial: max310x: fix syntax error in IRQ error message
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
kconfig: fix infinite loop when expanding a macro at the end of file
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
serial: 8250_exar: Don't remove GPIO device on suspend
staging: greybus: fix get_channel_from_mode() failure path
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
io_uring: don't save/restore iowait state
octeontx2-af: Use matching wake_up API variant in CGX command interface
s390/vtime: fix average steal time calculation
soc: fsl: dpio: fix kcalloc() argument order
hsr: Fix uninit-value access in hsr_get_node()
packet: annotate data-races around ignore_outgoing
net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
wireguard: receive: annotate data-race around receiving_counter.counter
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Handle failures in module init
net/bnx2x: Prevent access to a freed page in page_pool
octeontx2-af: Use separate handlers for interrupts
netfilter: nft_set_pipapo: release elements in clone only from destroy path
scsi: fc: Update formal FPIN descriptor definitions
ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2
netfilter: nf_tables: do not compare internal table flags on updates
rcu: add a helper to report consolidated flavor QS
bpf: report RCU QS in cpumap kthread
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
regmap: Add missing map->bus check
remoteproc: stm32: fix phys_addr_t format string
Linux 5.10.214
Change-Id: Iad0cc6acbf53bac96c0409ce61dc6836d83ed7bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
2e212ae066 |
x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
[ Upstream commit 9543f6e26634537997b6e909c20911b7bf4876de ]
Fix cpuid_deps[] to list the correct dependencies for GFNI, VAES, and
VPCLMULQDQ. These features don't depend on AVX512, and there exist CPUs
that support these features but not AVX512. GFNI actually doesn't even
depend on AVX.
This prevents GFNI from being unnecessarily disabled if AVX is disabled
to mitigate the GDS vulnerability.
This also prevents all three features from being unnecessarily disabled
if AVX512VL (or its dependency AVX512F) were to be disabled, but it
looks like there isn't any case where this happens anyway.
Fixes:
|
||
|
Greg Kroah-Hartman
|
52795b4903 |
Merge 5.10.212 into android12-5.10-lts
Changes in 5.10.212 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names crypto: virtio/akcipher - Fix stack overflow on memcpy mtd: spinand: gigadevice: Support GD5F1GQ5UExxG mtd: spinand: gigadevice: Fix the get ecc status issue netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter net: ip_tunnel: prevent perpetual headroom growth tun: Fix xdp_rxq_info's queue_index when detaching ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: usb: dm9601: fix wrong return value in dm9601_mdio_read Bluetooth: Avoid potential use-after-free in hci_error_reset Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: Enforce validation on max value of connection interval netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back efi/capsule-loader: fix incorrect allocation size power: supply: bq27xxx-i2c: Do not free non existing IRQ ALSA: Drop leftover snd-rtctimer stuff from Makefile afs: Fix endless loop in directory parsing riscv: Sparse-Memory/vmemmap out-of-bounds fix tomoyo: fix UAF write bug in tomoyo_write_control() gtp: fix use-after-free and null-ptr-deref in gtp_newlink() wifi: nl80211: reject iftype change with mesh ID change btrfs: dev-replace: properly validate device names dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read dmaengine: fsl-qdma: init irq after reg initialization mmc: core: Fix eMMC initialization with 1-bit bus connection mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers mptcp: fix possible deadlock in subflow diag ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() cachefiles: fix memory leak in cachefiles_add_cache() fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super gpio: 74x164: Enable output pins after registers are reset gpiolib: Fix the error path order in gpiochip_add_data_with_key() gpio: fix resource unwinding order in error path mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG mptcp: fix double-free on socket dismantle Linux 5.10.212 Change-Id: I680869be06e0ddfdbd9f63255616ba316f655cb1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
e92b643b4b |
Merge 5.10.211 into android12-5.10-lts
Changes in 5.10.211
net/sched: Retire CBQ qdisc
net/sched: Retire ATM qdisc
net/sched: Retire dsmark qdisc
smb: client: fix OOB in receive_encrypted_standard()
smb: client: fix potential OOBs in smb2_parse_contexts()
smb: client: fix parsing of SMB3.1.1 POSIX create context
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
zonefs: Improve error handling
sched/rt: Fix sysctl_sched_rr_timeslice intial value
sched/rt: Disallow writing invalid values to sched_rt_period_us
scsi: target: core: Add TMF to tmr_list handling
dmaengine: shdma: increase size of 'dev_id'
dmaengine: fsl-qdma: increase size of 'irq_name'
wifi: cfg80211: fix missing interfaces when dumping
wifi: mac80211: fix race condition on enabling fast-xmit
fbdev: savage: Error out if pixclock equals zero
fbdev: sis: Error out if pixclock equals zero
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
ahci: asm1166: correct count of reported ports
ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
dmaengine: ti: edma: Add some null pointer checks to the edma_probe
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
nvmet-tcp: fix nvme tcp ida memory leak
ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
spi: sh-msiof: avoid integer overflow in constants
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
nvme-fc: do not wait in vain when unloading module
nvmet-fcloop: swap the list_add_tail arguments
nvmet-fc: release reference on target port
nvmet-fc: abort command when there is no binding
ext4: correct the hole length returned by ext4_map_blocks()
Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
efi: runtime: Fix potential overflow of soft-reserved region size
efi: Don't add memblocks for soft-reserved memory
hwmon: (coretemp) Enlarge per package core count limit
scsi: lpfc: Use unsigned type for num_sge
firewire: core: send bus reset promptly on gap count error
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
ARM: dts: imx: Set default tuning step for imx6sx usdhc
ASoC: fsl_micfil: register platform component before registering cpu dai
media: av7110: prevent underflow in write_ts_to_decoder()
hvc/xen: prevent concurrent accesses to the shared ring
hsr: Avoid double remove of a node.
x86/uaccess: Implement macros for CMPXCHG on user addresses
seccomp: Invalidate seccomp mode to catch death failures
block: ataflop: fix breakage introduced at blk-mq refactoring
powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions
powerpc/watchpoints: Annotate atomic context in more places
cifs: add a warning when the in-flight count goes negative
mtd: spinand: macronix: Add support for MX35LFxGE4AD
ASoC: Intel: boards: harden codec property handling
ASoC: Intel: boards: get codec device with ACPI instead of bus search
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
task_stack, x86/cea: Force-inline stack helpers
btrfs: tree-checker: check for overlapping extent items
btrfs: introduce btrfs_lookup_match_dir
btrfs: unify lookup return value when dir entry is missing
btrfs: do not pin logs too early during renames
lan743x: fix for potential NULL pointer dereference with bare card
platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC
iwlwifi: mvm: do more useful queue sync accounting
iwlwifi: mvm: write queue_sync_state only for sync
jbd2: remove redundant buffer io error checks
jbd2: recheck chechpointing non-dirty buffer
jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
erofs: fix lz4 inplace decompression
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
s390/cio: fix invalid -EBUSY on ccw_device_start
dm-crypt: don't modify the data when using authenticated encryption
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
PCI/MSI: Prevent MSI hardware interrupt number truncation
l2tp: pass correct message length to ip6_append_data
ARM: ep93xx: Add terminator to gpiod_lookup_table
Revert "x86/ftrace: Use alternative RET encoding"
x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR
x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch()
x86/ftrace: Use alternative RET encoding
x86/returnthunk: Allow different return thunks
Revert "x86/alternative: Make custom return thunk unconditional"
x86/alternative: Make custom return thunk unconditional
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
usb: cdns3: fix memory double free when handle zero packet
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
usb: roles: fix NULL pointer issue when put module's reference
usb: roles: don't get/set_role() when usb_role_switch is unregistered
mptcp: fix lockless access in subflow ULP diag
IB/hfi1: Fix a memleak in init_credit_return
RDMA/bnxt_re: Return error for SRQ resize
RDMA/srpt: Support specifying the srpt_service_guid parameter
RDMA/qedr: Fix qedr_create_user_qp error flow
arm64: dts: rockchip: set num-cs property for spi on px30
RDMA/srpt: fix function pointer cast warnings
bpf, scripts: Correct GPL license name
scsi: jazz_esp: Only build if SCSI core is builtin
nouveau: fix function cast warnings
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
afs: Increase buffer size in afs_update_volume_status()
ipv6: sr: fix possible use-after-free and null-ptr-deref
packet: move from strlcpy with unused retval to strscpy
net: dev: Convert sa_data to flexible array in struct sockaddr
s390: use the correct count for __iowrite64_copy()
tls: rx: jump to a more appropriate label
tls: rx: drop pointless else after goto
tls: stop recv() if initial process_rx_list gave us non-DATA
netfilter: nf_tables: set dormant flag on hook register failure
drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
drm/amd/display: Fix memory leak in dm_sw_fini()
block: ataflop: more blk-mq refactoring fixes
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
arp: Prevent overflow in arp_req_get().
ext4: regenerate buddy after block freeing failed if under fc replay
Linux 5.10.211
Note, this merges away the following commit:
|
||
|
Michael Roth
|
cea750c99d |
x86/head/64: Re-enable stack protection
commit 469693d8f62299709e8ba56d8fb3da9ea990213c upstream.
Due to
|
||
|
Borislav Petkov (AMD)
|
f5e65b782f |
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
commit 3ddf944b32f88741c303f0b21459dbb3872b8bc5 upstream. Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over /sys/devices/system/machinecheck/ ├── machinecheck0 │ ├── bank0 │ ├── bank1 │ ├── bank10 │ ├── bank11 ... sysfs nodes by writing the new bit mask of events to enable. When the write is accepted, the kernel deletes all current timers and reinits all banks. Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already: ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does. Reported by: Yue Sun <samsun1006219@gmail.com> Reported by: xingwei lee <xrivendell7@gmail.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: <stable@kernel.org> Link: https://lore.kernel.org/r/CAEkJfYNiENwQY8yV1LYJ9LjJs%2Bx_-PqMv98gKig55=2vbzffRw@mail.gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pu Wen
|
e7ea043bc3 |
x86/srso: Add SRSO mitigation for Hygon processors
commit a5ef7d68cea1344cf524f04981c2b3f80bedbb0d upstream. Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. Signed-off-by: Pu Wen <puwen@hygon.cn> Signed-off-by: Ingo Molnar <mingo@kernel.org> Acked-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/tencent_4A14812842F104E93AA722EC939483CEFF05@qq.com Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kim Phillips
|
34a81f5259 |
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
commit fd470a8beed88440b160d690344fbae05a0b9b1b upstream. Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not provide protection to processes running at CPL3/user mode, see section "Extended Feature Enable Register (EFER)" in the APM v2 at https://bugzilla.kernel.org/attachment.cgi?id=304652 Explicitly enable STIBP to protect against cross-thread CPL3 branch target injections on systems with Automatic IBRS enabled. Also update the relevant documentation. Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS") Reported-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pawan Gupta
|
66d5260fc7 |
x86/rfds: Mitigate Register File Data Sampling (RFDS)
commit 8076fcde016c9c0e0660543e67bff86cb48a7c9c upstream. RFDS is a CPU vulnerability that may allow userspace to infer kernel stale data previously used in floating point registers, vector registers and integer registers. RFDS only affects certain Intel Atom processors. Intel released a microcode update that uses VERW instruction to clear the affected CPU buffers. Unlike MDS, none of the affected cores support SMT. Add RFDS bug infrastructure and enable the VERW based mitigation by default, that clears the affected buffers just before exiting to userspace. Also add sysfs reporting and cmdline parameter "reg_file_data_sampling" to control the mitigation. For details see: Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst [ pawan: - Resolved conflicts in sysfs reporting. - s/ATOM_GRACEMONT/ALDERLAKE_N/ATOM_GRACEMONT is called ALDERLAKE_N in 6.6. ] Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pawan Gupta
|
6e04cae36b |
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
commit e95df4ec0c0c9791941f112db699fae794b9862a upstream. Currently MMIO Stale Data mitigation for CPUs not affected by MDS/TAA is to only deploy VERW at VMentry by enabling mmio_stale_data_clear static branch. No mitigation is needed for kernel->user transitions. If such CPUs are also affected by RFDS, its mitigation may set X86_FEATURE_CLEAR_CPU_BUF to deploy VERW at kernel->user and VMentry. This could result in duplicate VERW at VMentry. Fix this by disabling mmio_stale_data_clear static branch when X86_FEATURE_CLEAR_CPU_BUF is enabled. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pawan Gupta
|
6192d9ed31 |
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
commit 6613d82e617dd7eb8b0c40b2fe3acea655b1d611 upstream. The VERW mitigation at exit-to-user is enabled via a static branch mds_user_clear. This static branch is never toggled after boot, and can be safely replaced with an ALTERNATIVE() which is convenient to use in asm. Switch to ALTERNATIVE() to use the VERW mitigation late in exit-to-user path. Also remove the now redundant VERW in exc_nmi() and arch_exit_to_user_mode(). Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Link: https://lore.kernel.org/all/20240213-delay-verw-v8-4-a6216d83edb7%40linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andy Lutomirski
|
f594871732 |
x86/stackprotector/32: Make the canary into a regular percpu variable
[ Upstream commit 3fb0fdb3bbe7aed495109b3296b06c2409734023 ] On 32-bit kernels, the stackprotector canary is quite nasty -- it is stored at %gs:(20), which is nasty because 32-bit kernels use %fs for percpu storage. It's even nastier because it means that whether %gs contains userspace state or kernel state while running kernel code depends on whether stackprotector is enabled (this is CONFIG_X86_32_LAZY_GS), and this setting radically changes the way that segment selectors work. Supporting both variants is a maintenance and testing mess. Merely rearranging so that percpu and the stack canary share the same segment would be messy as the 32-bit percpu address layout isn't currently compatible with putting a variable at a fixed offset. Fortunately, GCC 8.1 added options that allow the stack canary to be accessed as %fs:__stack_chk_guard, effectively turning it into an ordinary percpu variable. This lets us get rid of all of the code to manage the stack canary GDT descriptor and the CONFIG_X86_32_LAZY_GS mess. (That name is special. We could use any symbol we want for the %fs-relative mode, but for CONFIG_SMP=n, gcc refuses to let us use any name other than __stack_chk_guard.) Forcibly disable stackprotector on older compilers that don't support the new options and turn the stack canary into a percpu variable. The "lazy GS" approach is now used for all 32-bit configurations. Also makes load_gs_index() work on 32-bit kernels. On 64-bit kernels, it loads the GS selector and updates the user GSBASE accordingly. (This is unchanged.) On 32-bit kernels, it loads the GS selector and updates GSBASE, which is now always the user base. This means that the overall effect is the same on 32-bit and 64-bit, which avoids some ifdeffery. [ bp: Massage commit message. ] Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/c0ff7dba14041c7e5d1cae5d4df052f03759bef3.1613243844.git.luto@kernel.org Stable-dep-of: e3f269ed0acc ("x86/pm: Work around false positive kmemleak report in msr_build_context()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Borislav Petkov (AMD)
|
bce7345ee0 |
x86/CPU/AMD: Update the Zenbleed microcode revisions
[ Upstream commit 5c84b051bd4e777cf37aaff983277e58c99618d5 ]
Update them to the correct revision numbers.
Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix")
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Borislav Petkov
|
6487fb01b7 |
x86/bugs: Use sysfs_emit()
commit 1d30800c0c0ae1d086ffad2bdf0ba4403370f132 upstream. Those mitigations are very talkative; use the printing helper which pays attention to the buffer size. Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20220809153419.10182-1-bp@alien8.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kim Phillips
|
d3084b0309 |
x86/cpu: Support AMD Automatic IBRS
commit e7862eda309ecfccc36bb5558d937ed3ace07f3f upstream. The AMD Zen4 core supports a new feature called Automatic IBRS. It is a "set-and-forget" feature that means that, like Intel's Enhanced IBRS, h/w manages its IBRS mitigation resources automatically across CPL transitions. The feature is advertised by CPUID_Fn80000021_EAX bit 8 and is enabled by setting MSR C000_0080 (EFER) bit 21. Enable Automatic IBRS by default if the CPU feature is present. It typically provides greater performance over the incumbent generic retpolines mitigation. Reuse the SPECTRE_V2_EIBRS spectre_v2_mitigation enum. AMD Automatic IBRS and Intel Enhanced IBRS have similar enablement. Add NO_EIBRS_PBRSB to cpu_vuln_whitelist, since AMD Automatic IBRS isn't affected by PBRSB-eIBRS. The kernel command line option spectre_v2=eibrs is used to select AMD Automatic IBRS, if available. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Acked-by: Sean Christopherson <seanjc@google.com> Acked-by: Dave Hansen <dave.hansen@linux.intel.com> Link: https://lore.kernel.org/r/20230124163319.2277355-8-kim.phillips@amd.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
66e91da883 |
Merge 5.10.210 into android12-5.10-lts
Changes in 5.10.210
usb: cdns3: Fixes for sparse warnings
usb: cdns3: fix uvc failure work since sg support enabled
usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config
usb: cdns3: fix iso transfer error when mult is not zero
usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled
PCI: mediatek: Clear interrupt status before dispatching handler
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
iio: adc: ad7091r: Set alert bit in config register
iio: adc: ad7091r: Allow users to configure device events
iio: adc: ad7091r: Enable internal vref if external vref is not supplied
dmaengine: fix NULL pointer in channel unregistration function
iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
crypto: s390/aes - Fix buffer overread in CTR mode
rpmsg: virtio: Free driver_override when rpmsg_remove()
bus: mhi: host: Drop chan lock before queuing buffers
parisc/firmware: Fix F-extend for PDC addresses
async: Split async_schedule_node_domain()
async: Introduce async_schedule_dev_nocall()
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
lsm: new security_file_ioctl_compat() hook
scripts/get_abi: fix source path leak
mmc: core: Use mrq.sbc in close-ended ffu
mmc: mmc_spi: remove custom DMA mapped buffers
rtc: Adjust failure return code for cmos_set_alarm()
nouveau/vmm: don't set addr on the fail path to avoid warning
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
rename(): fix the locking of subdirectories
block: Remove special-casing of compound pages
stddef: Introduce DECLARE_FLEX_ARRAY() helper
smb3: Replace smb2pdu 1-element arrays with flex-arrays
mm: vmalloc: introduce array allocation functions
KVM: use __vcalloc for very large allocations
net/smc: fix illegal rmb_desc access in SMC-D connection dump
tcp: make sure init the accept_queue's spinlocks once
bnxt_en: Wait for FLR to complete during probe
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
afs: Hide silly-rename files from userspace
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
ipv6: init the accept_queue's spinlocks in inet6_create
net/mlx5: DR, Use the right GVMI number for drop action
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
netfilter: nf_tables: validate NFPROTO_* family
net: mvpp2: clear BM pool before initialization
selftests: netdevsim: fix the udp_tunnel_nic test
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: ref-verify: free ref cache before clearing mount opt
btrfs: tree-checker: fix inline ref size in error messages
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
rbd: don't move requests to the running list on errors
exec: Fix error handling in begin_new_exec()
wifi: iwlwifi: fix a memory corruption
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/tidss: Fix atomic_flush check
drm/bridge: nxp-ptn3460: simplify some error checking
PM: sleep: Use dev_printk() when possible
PM: sleep: Avoid calling put_device() under dpm_list_mtx
PM: core: Remove unnecessary (void *) conversions
PM: sleep: Fix possible deadlocks in core system-wide PM code
fs/pipe: move check to pipe_has_watch_queue()
pipe: wakeup wr_wait after setting max_usage
ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12
arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts
arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
mm: use __pfn_to_section() instead of open coding it
mm/sparsemem: fix race in accessing memory_section->usage
btrfs: remove err variable from btrfs_delete_subvolume
btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted
drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
drm/exynos: fix accidental on-stack copy of exynos_drm_plane
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ionic: pass opcode to devcmd_wait
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: L2CAP: Fix possible multiple reject send
i40e: Fix VF disable behavior to block all traffic
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
usb: hub: Replace hardcoded quirk value with BIT() macro
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
PCI/AER: Decode Requester ID when no error info found
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
scsi: core: Introduce enum scsi_disposition
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
ip6_tunnel: use dev_sw_netstats_rx_add()
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
net-zerocopy: Refactor frag-is-remappable test.
tcp: add sanity checks to rx zerocopy
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
PM: sleep: Fix error handling in dpm_prepare()
dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
dmaengine: ti: k3-udma: Report short packet errors
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
selftests: net: avoid just another constant wait
tunnels: fix out of bounds access when building IPv6 PMTU error
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_ct: reject direction for ct id
netfilter: nft_set_pipapo: store index in scratch maps
netfilter: nft_set_pipapo: add helper to release pcpu scratch area
netfilter: nft_set_pipapo: remove scratch_aligned pointer
scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
blk-iocost: Fix an UBSAN shift-out-of-bounds warning
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
hrtimer: Report offline hrtimer enqueue
Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
clocksource: Skip watchdog check for large watchdog intervals
net: stmmac: xgmac: use #define for string constants
net: stmmac: xgmac: fix a typo of register name in DPP safety handling
netfilter: nft_set_rbtree: skip end interval element from gc
btrfs: forbid creating subvol qgroups
btrfs: do not ASSERT() if the newly created subvolume already got read
btrfs: forbid deleting live subvol qgroup
btrfs: send: return EOPNOTSUPP on unknown flags
of: unittest: Fix compile in the non-dynamic case
net: openvswitch: limit the number of recursions from action sets
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
usb: ucsi_acpi: Fix command completion handling
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
media: ir_toy: fix a memleak in irtoy_tx
powerpc/kasan: Fix addr error caused by page alignment
i2c: i801: Remove i801_set_block_buffer_mode
i2c: i801: Fix block process call transactions
modpost: trim leading spaces when processing source files list
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
lsm: fix the logic in security_inode_getsecctx()
firewire: core: correct documentation of fw_csr_string() kernel API
kbuild: Fix changing ELF file type for output of gen_btf for big endian
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
xen-netback: properly sync TX responses
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
binder: signal epoll threads of self-work
misc: fastrpc: Mark all sessions as invalid in cb_remove
ext4: fix double-free of blocks due to wrong extents moved_len
tracing: Fix wasted memory in saved_cmdlines logic
staging: iio: ad5933: fix type mismatch regression
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
iio: accel: bma400: Fix a compilation problem
media: rc: bpf attach/detach requires write permission
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
mmc: slot-gpio: Allow non-sleeping GPIO ro
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
nfp: use correct macro for LengthSelect in BAR config
nfp: flower: prevent re-adding mac index for bonded port
wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
ceph: prevent use-after-free in encode_cap_msg()
of: property: fix typo in io-channels
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
pmdomain: core: Move the unused cleanup to a _sync initcall
tracing: Inform kmemleak of saved_cmdlines allocation
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
bus: moxtet: Add spi device table
PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support
mips: Fix max_mapnr being uninitialized on early stages
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
serial: Add rs485_supported to uart_port
serial: 8250_exar: Fill in rs485_supported
serial: 8250_exar: Set missing rs485_supported flag
scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm
scripts/decode_stacktrace.sh: support old bash version
scripts: decode_stacktrace: demangle Rust symbols
scripts/decode_stacktrace.sh: optionally use LLVM utilities
netfilter: ipset: fix performance regression in swap operation
netfilter: ipset: Missing gc cancellations fixed
hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"
net: prevent mss overflow in skb_segment()
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
dm: limit the number of targets and parameter size area
PM: runtime: add devm_pm_runtime_enable helper
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend()
drm/msm/dsi: Enable runtime PM
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
net: bcmgenet: Fix EEE implementation
PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
Linux 5.10.210
Change-Id: I5e7327f58dd6abd26ac2b1e328a81c1010d1147c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Borislav Petkov (AMD)
|
cc6ddd6fa9 |
x86/paravirt: Fix build due to __text_gen_insn() backport
The Link tag has all the details but basically due to missing upstream
commits, the header which contains __text_gen_insn() is not in the
includes in paravirt.c, leading to:
arch/x86/kernel/paravirt.c: In function 'paravirt_patch_call':
arch/x86/kernel/paravirt.c:65:9: error: implicit declaration of function '__text_gen_insn' \
[-Werror=implicit-function-declaration]
65 | __text_gen_insn(insn_buff, CALL_INSN_OPCODE,
| ^~~~~~~~~~~~~~~
Add the missing include.
Reported-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/ZeYXvd1-rVkPGvvW@telecaster
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Paolo Bonzini
|
36103f8cb9 |
x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
commit 6890cb1ace350b4386c8aee1343dc3b3ddd214da upstream. MKTME repurposes the high bit of physical address to key id for encryption key and, even though MAXPHYADDR in CPUID[0x80000008] remains the same, the valid bits in the MTRR mask register are based on the reduced number of physical address bits. detect_tme() in arch/x86/kernel/cpu/intel.c detects TME and subtracts it from the total usable physical bits, but it is called too late. Move the call to early_init_intel() so that it is called in setup_arch(), before MTRRs are setup. This fixes boot on TDX-enabled systems, which until now only worked with "disable_mtrr_cleanup". Without the patch, the values written to the MTRRs mask registers were 52-bit wide (e.g. 0x000fffff_80000800) and the writes failed; with the patch, the values are 46-bit wide, which matches the reduced MAXPHYADDR that is shown in /proc/cpuinfo. Reported-by: Zixi Chen <zixchen@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240131230902.1867092-3-pbonzini%40redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Peter Zijlstra
|
1dfe6393d1 |
x86/alternative: Make custom return thunk unconditional
Upstream commit: 095b8303f3835c68ac4a8b6d754ca1c3b6230711
There is infrastructure to rewrite return thunks to point to any
random thunk one desires, unwrap that from CALL_THUNKS, which up to
now was the sole user of that.
[ bp: Make the thunks visible on 32-bit and add ifdeffery for the
32-bit builds. ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230814121148.775293785@infradead.org
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Borislav Petkov (AMD)
|
dd1a169b44 |
Revert "x86/alternative: Make custom return thunk unconditional"
This reverts commit 08f7cfd44f77b2796582bc26164fdef44dd33b6c.
Revert the backport of upstream commit:
095b8303f383 ("x86/alternative: Make custom return thunk unconditional")
in order to backport the full version now that
770ae1b70952 ("x86/returnthunk: Allow different return thunks")
has been backported.
Revert it here so that the build breakage is kept at minimum.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Peter Zijlstra
|
e8e9d1f6cf |
x86/returnthunk: Allow different return thunks
Upstream commit: 770ae1b709528a6a173b5c7b183818ee9b45e376 In preparation for call depth tracking on Intel SKL CPUs, make it possible to patch in a SKL specific return thunk. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lore.kernel.org/r/20220915111147.680469665@infradead.org Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Peter Zijlstra
|
4eb421fa71 |
x86/ftrace: Use alternative RET encoding
Upstream commit: 1f001e9da6bbf482311e45e48f53c2bd2179e59c Use the return thunk in ftrace trampolines, if needed. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Peter Zijlstra
|
b253061d4b |
x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch()
Upstream commit: ba27d1a80871eb8dbeddf34ec7d396c149cbb8d7 Less duplication is more better. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154317.697253958@infradead.org [ Keep struct branch. ] Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Borislav Petkov (AMD)
|
c13d426040 |
Revert "x86/ftrace: Use alternative RET encoding"
This reverts commit 3eb602ad6a94a76941f93173131a71ad36fa1324.
Revert the backport of upstream commit
1f001e9da6bb ("x86/ftrace: Use alternative RET encoding")
in favor of a proper backport after backporting the commit which adds
__text_gen_insn().
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Zhiquan Li
|
5224b9db24 |
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
[ Upstream commit 9f3b130048bfa2e44a8cfb1b616f826d9d5d8188 ] Memory errors don't happen very often, especially fatal ones. However, in large-scale scenarios such as data centers, that probability increases with the amount of machines present. When a fatal machine check happens, mce_panic() is called based on the severity grading of that error. The page containing the error is not marked as poison. However, when kexec is enabled, tools like makedumpfile understand when pages are marked as poison and do not touch them so as not to cause a fatal machine check exception again while dumping the previous kernel's memory. Therefore, mark the page containing the error as poisoned so that the kexec'ed kernel can avoid accessing the page. [ bp: Rewrite commit message and comment. ] Co-developed-by: Youquan Song <youquan.song@intel.com> Signed-off-by: Youquan Song <youquan.song@intel.com> Signed-off-by: Zhiquan Li <zhiquan1.li@intel.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Link: https://lore.kernel.org/r/20231014051754.3759099-1-zhiquan1.li@intel.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
7e6944b050 |
Merge 5.10.209 into android12-5.10-lts
Changes in 5.10.209
f2fs: explicitly null-terminate the xattr list
pinctrl: lochnagar: Don't build on MIPS
ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
mptcp: fix uninit-value in mptcp_incoming_options
debugfs: fix automount d_fsdata usage
drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
nvme-core: check for too small lba shift
ASoC: wm8974: Correct boost mixer inputs
ASoC: Intel: Skylake: Fix mem leak in few functions
ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16
ASoC: Intel: Skylake: mem leak in skl register function
ASoC: cs43130: Fix the position of const qualifier
ASoC: cs43130: Fix incorrect frame delay configuration
ASoC: rt5650: add mutex to avoid the jack detection failure
nouveau/tu102: flush all pdbs on vmm flush
net/tg3: fix race condition in tg3_reset_task()
ASoC: da7219: Support low DC impedance headset
nvme: introduce helper function to get ctrl state
drm/exynos: fix a potential error pointer dereference
drm/exynos: fix a wrong error checking
clk: rockchip: rk3128: Fix HCLK_OTG gate register
jbd2: correct the printing of write_flags in jbd2_write_superblock()
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
neighbour: Don't let neigh_forced_gc() disable preemption for long
jbd2: fix soft lockup in journal_finish_inode_data_buffers()
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
tracing: Add size check when printing trace_marker output
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
Input: atkbd - skip ATKBD_CMD_GETID in translated mode
Input: i8042 - add nomux quirk for Acer P459-G2-M
s390/scm: fix virtual vs physical address confusion
ARC: fix spare error
Input: xpad - add Razer Wolverine V2 support
i2c: rk3x: fix potential spinlock recursion on poll
ida: Fix crash in ida_free when the bitmap is empty
net: qrtr: ns: Return 0 if server port is not present
ARM: sun9i: smp: fix return code check of of_property_match_string
drm/crtc: fix uninitialized variable use
ACPI: resource: Add another DMI match for the TongFang GMxXGxx
binder: use EPOLLERR from eventpoll.h
binder: fix trivial typo of binder_free_buf_locked()
binder: fix comment on binder_alloc_new_buf() return value
uio: Fix use-after-free in uio_open
parport: parport_serial: Add Brainboxes BAR details
parport: parport_serial: Add Brainboxes device IDs and geometry
PCI: Add ACS quirk for more Zhaoxin Root Ports
coresight: etm4x: Fix width of CCITMIN field
x86/lib: Fix overflow when counting digits
EDAC/thunderx: Fix possible out-of-bounds string access
powerpc: add crtsavres.o to always-y instead of extra-y
powerpc: Remove in_kernel_text()
powerpc/44x: select I2C for CURRITUCK
powerpc/pseries/memhotplug: Quieten some DLPAR operations
powerpc/pseries/memhp: Fix access beyond end of drmem array
selftests/powerpc: Fix error handling in FPU/VMX preemption tests
powerpc/powernv: Add a null pointer check to scom_debug_init_one()
powerpc/powernv: Add a null pointer check in opal_event_init()
powerpc/powernv: Add a null pointer check in opal_powercap_init()
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
ACPI: video: check for error while searching for backlight device parent
ACPI: LPIT: Avoid u32 multiplication overflow
of: property: define of_property_read_u{8,16,32,64}_array() unconditionally
of: Add of_property_present() helper
cpufreq: Use of_property_present() for testing DT property presence
cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()
net: netlabel: Fix kerneldoc warnings
netlabel: remove unused parameter in netlbl_netlink_auditinfo()
calipso: fix memory leak in netlbl_calipso_add_pass()
efivarfs: force RO when remounting if SetVariable is not supported
spi: sh-msiof: Enforce fixed DTDL for R-Car H3
ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
virtio-crypto: implement RSA algorithm
virtio-crypto: change code style
virtio-crypto: use private buffer for control request
virtio-crypto: wait ctrl queue instead of busy polling
crypto: virtio - Handle dataq logic with tasklet
crypto: sa2ul - Return crypto_aead_setkey to transfer the error
crypto: ccp - fix memleak in ccp_init_dm_workarea
crypto: af_alg - Disallow multiple in-flight AIO requests
crypto: sahara - remove FLAGS_NEW_KEY logic
crypto: sahara - fix cbc selftest failure
crypto: sahara - fix ahash selftest failure
crypto: sahara - fix processing requests with cryptlen < sg->length
crypto: sahara - fix error handling in sahara_hw_descriptor_create()
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
fs: indicate request originates from old mount API
Revert "gfs2: Don't reject a supposedly full bitmap if we have blocks reserved"
gfs2: Also reflect single-block allocations in rgd->rd_extfail_pt
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
crypto: virtio - Wait for tasklet to complete on device remove
crypto: sahara - avoid skcipher fallback code duplication
crypto: sahara - handle zero-length aes requests
crypto: sahara - fix ahash reqsize
crypto: sahara - fix wait_for_completion_timeout() error handling
crypto: sahara - improve error handling in sahara_sha_process()
crypto: sahara - fix processing hash requests with req->nbytes < sg->length
crypto: sahara - do not resize req->src when doing hash operations
crypto: scomp - fix req->dst buffer overflow
blocklayoutdriver: Fix reference leak of pnfs_device_node
NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
bpf, lpm: Fix check prefixlen before walking trie
bpf: Add crosstask check to __bpf_get_stack
wifi: ath11k: Defer on rproc_get failure
wifi: libertas: stop selecting wext
ARM: dts: qcom: apq8064: correct XOADC register address
ncsi: internal.h: Fix a spello
net/ncsi: Fix netlink major/minor version numbers
firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
firmware: meson_sm: populate platform devices from sm device tree data
wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type
bpf: fix check for attempt to corrupt spilled pointer
scsi: fnic: Return error if vmalloc() failed
arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator
arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
bpf: Fix verification of indirect var-off stack access
scsi: hisi_sas: Replace with standard error code return value
selftests/net: fix grep checking for fib_nexthop_multiprefix
virtio/vsock: fix logic which reduces credit update messages
dma-mapping: Add dma_release_coherent_memory to DMA API
dma-mapping: clear dev->dma_mem to NULL after freeing it
wifi: rtlwifi: add calculate_bit_shift()
wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
rtlwifi: rtl8192de: make arrays static const, makes object smaller
wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
netfilter: nf_tables: mark newset as dead on transaction abort
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
Bluetooth: btmtkuart: fix recv_buf() return value
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
ARM: davinci: always select CONFIG_CPU_ARM926T
RDMA/usnic: Silence uninitialized symbol smatch warnings
drm/panel-elida-kd35t133: hold panel in reset for unprepare
rcu: Create an unrcu_pointer() to remove __rcu from a pointer
drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer
drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
media: pvrusb2: fix use after free on context disconnection
drm/bridge: Fix typo in post_disable() description
f2fs: fix to avoid dirent corruption
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
drm/radeon: check return value of radeon_ring_lock()
ASoC: cs35l33: Fix GPIO name and drop legacy include
ASoC: cs35l34: Fix GPIO name and drop legacy include
drm/msm/mdp4: flush vblank event on disable
drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
drm/drv: propagate errors from drm_modeset_register_all()
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
drm/bridge: tc358767: Fix return value on error case
media: cx231xx: fix a memleak in cx231xx_init_isoc
clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
media: rkisp1: Disable runtime PM in probe error path
f2fs: fix to check compress file in f2fs_move_file_range()
f2fs: fix to update iostat correctly in f2fs_filemap_fault()
media: dvbdev: drop refcount on error path in dvb_device_open()
media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe()
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
drm/amd/pm: fix a double-free in si_dpm_init
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
gpu/drm/radeon: fix two memleaks in radeon_vm_init
dt-bindings: clock: Update the videocc resets for sm8150
clk: qcom: videocc-sm8150: Update the videocc resets
clk: qcom: videocc-sm8150: Add missing PLL config property
drivers: clk: zynqmp: calculate closest mux rate
clk: zynqmp: make bestdiv unsigned
clk: zynqmp: Add a check for NULL pointer
drivers: clk: zynqmp: update divider round rate logic
watchdog: set cdev owner before adding
watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
clk: si5341: fix an error code problem in si5341_output_clk_set_rate
clk: fixed-rate: add devm_clk_hw_register_fixed_rate
clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw
pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable
pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
pwm: stm32: Fix enable count for clk in .probe()
mmc: sdhci_am654: Fix TI SoC dependencies
mmc: sdhci_omap: Fix TI SoC dependencies
IB/iser: Prevent invalidating wrong MR
of: Fix double free in of_parse_phandle_with_args_map
of: unittest: Fix of_count_phandle_with_args() expected value message
keys, dns: Fix size check of V1 server-list header
binder: fix async space check for 0-sized buffers
binder: fix unused alloc->free_async_space
binder: fix use-after-free in shinker's callback
Input: atkbd - use ab83 as id when skipping the getid command
dma-mapping: Fix build error unused-value
virtio-crypto: fix memory-leak
virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek"
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
net: ethernet: mtk_eth_soc: remove duplicate if statements
xen-netback: don't produce zero-size SKB frags
binder: fix race between mmput() and do_exit()
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
Revert "usb: dwc3: Soft reset phy on probe for host"
Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only"
usb: chipidea: wait controller resume finished for wakeup irq
Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
usb: typec: class: fix typec_altmode_put_partner to put plugs
usb: mon: Fix atomicity violation in mon_bin_vma_fault
serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock
ALSA: oxygen: Fix right channel of capture volume mixer
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
fbdev: flush deferred work in fb_deferred_io_fsync()
pwm: jz4740: Don't use dev_err_probe() in .request()
io_uring/rw: ensure io->bytes_done is always initialized
rootfs: Fix support for rootfstype= when root= is given
Bluetooth: Fix atomicity violation in {min,max}_key_size_set
iommu/arm-smmu-qcom: Add missing GMU entry to match table
wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
wifi: mwifiex: configure BSSID consistently when starting AP
x86/kvm: Do not try to disable kvmclock if it was not enabled
KVM: arm64: vgic-v4: Restore pending state on host userspace write
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
iio: adc: ad7091r: Pass iio_dev to event handler
HID: wacom: Correct behavior when processing some confidence == false touches
mfd: syscon: Fix null pointer dereference in of_syscon_register()
leds: aw2013: Select missing dependency REGMAP_I2C
mips: dmi: Fix early remap on MIPS32
mips: Fix incorrect max_low_pfn adjustment
MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
power: supply: cw2015: correct time_to_empty units in sysfs
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
libapi: Add missing linux/types.h header to get the __u64 type on io.h
acpi: property: Let args be NULL in __acpi_node_get_property_reference
software node: Let args be NULL in software_node_get_reference_args
serial: imx: fix tx statemachine deadlock
iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify
iio: adc: ad9467: fix reset gpio handling
iio: adc: ad9467: don't ignore error codes
iio: adc: ad9467: fix scale setting
perf genelf: Set ELF program header addresses properly
tty: change tty_write_lock()'s ndelay parameter to bool
tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK
tty: don't check for signal_pending() in send_break()
tty: use 'if' in send_break() instead of 'goto'
usb: cdc-acm: return correct error code on unsupported break
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
nvmet-tcp: fix a crash in nvmet_req_complete()
perf env: Avoid recursively taking env->bpf_progs.lock
apparmor: avoid crash when parsed profile name is empty
serial: imx: Correct clock error message in function probe()
nvmet-tcp: Fix the H2C expected PDU len calculation
PCI: keystone: Fix race condition when initializing PHYs
s390/pci: fix max size calculation in zpci_memcpy_toio()
net: qualcomm: rmnet: fix global oob in rmnet_policy
net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames
net: phy: micrel: populate .soft_reset for KSZ9131
net: ravb: Fix dma_addr_t truncation in error case
net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
netfilter: nf_tables: do not allow mismatch field size and set key length
netfilter: nf_tables: skip dead set elements in netlink dump
netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
ipvs: avoid stat macros calls from preemptible context
kdb: Fix a potential buffer overflow in kdb_local()
ethtool: netlink: Add missing ethnl_ops_begin/complete
mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()
mlxsw: spectrum_acl_tcam: Make fini symmetric to init
mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations
mlxsw: spectrum_acl_tcam: Fix stack corruption
selftests: mlxsw: qos_pfc: Convert to iproute2 dcb
selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
i2c: s3c24xx: fix read transfers in polling mode
i2c: s3c24xx: fix transferring more than one message in polling mode
arm64: dts: armada-3720-turris-mox: set irq type for RTC
Linux 5.10.209
Change-Id: I86438e299a811ccb08c5a27b2259c33cd482ff00
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kirill A. Shutemov
|
7521ea8f62 |
x86/kvm: Do not try to disable kvmclock if it was not enabled
commit 1c6d984f523f67ecfad1083bb04c55d91977bb15 upstream. kvm_guest_cpu_offline() tries to disable kvmclock regardless if it is present in the VM. It leads to write to a MSR that doesn't exist on some configurations, namely in TDX guest: unchecked MSR access error: WRMSR to 0x12 (tried to write 0x0000000000000000) at rIP: 0xffffffff8110687c (kvmclock_disable+0x1c/0x30) kvmclock enabling is gated by CLOCKSOURCE and CLOCKSOURCE2 KVM paravirt features. Do not disable kvmclock if it was not enabled. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Fixes: c02027b5742b ("x86/kvm: Disable kvmclock on all CPUs on shutdown") Reviewed-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Wanpeng Li <wanpengli@tencent.com> Cc: stable@vger.kernel.org Message-Id: <20231205004510.27164-6-kirill.shutemov@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
680475ab46 |
Merge 5.10.208 into android12-5.10-lts
Changes in 5.10.208 keys, dns: Fix missing size check of V1 server-list header block: Don't invalidate pagecache for invalid falloc modes ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local octeontx2-af: Fix marking couple of structure as __packed drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern i40e: Fix filter input checks to prevent config with invalid values net: sched: em_text: fix possible memory leak in em_text_destroy() ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init sfc: fix a double-free bug in efx_probe_filters net: bcmgenet: Fix FCS generation for fragmented skbuffs netfilter: nftables: add loop check helper function netfilter: nft_immediate: drop chain reference counter on error net: Save and restore msg_namelen in sock_sendmsg i40e: fix use-after-free in i40e_aqc_add_filters() ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux i40e: Restore VF MSI-X state during PCI reset net/qla3xxx: switch from 'pci_' to 'dma_' API net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues asix: Add check for usbnet_get_endpoints bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() net: Implement missing SO_TIMESTAMPING_NEW cmsg support mm/memory-failure: check the mapcount of the precise page firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect i2c: core: Fix atomic xfer check for non-preempt config mm: fix unmap_mapping_range high bits shift bug mmc: meson-mx-sdhc: Fix initialization frozen issue mmc: rpmb: fixes pause retune on all RPMB partitions. mmc: core: Cancel delayed work before releasing host mmc: sdhci-sprd: Fix eMMC init failure after hw reset powerpc: update ppc_save_regs to save current r1 in pt_regs net: tls, update curr on splice as well ipv6: remove max_size check inline with ipv4 drm/qxl: fix UAF on handle creation netfilter: nf_tables: Reject tables of unsupported family PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()" Linux 5.10.208 Change-Id: I85f7791b6a3e06127bfd2e52a23ce90abb80ed8f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jinghao Jia
|
0ba8c7ef19 |
x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect
commit f5d03da48d062966c94f0199d20be0b3a37a7982 upstream. kprobe_emulate_call_indirect currently uses int3_emulate_call to emulate indirect calls. However, int3_emulate_call always assumes the size of the call to be 5 bytes when calculating the return address. This is incorrect for register-based indirect calls in x86, which can be either 2 or 3 bytes depending on whether REX prefix is used. At kprobe runtime, the incorrect return address causes control flow to land onto the wrong place after return -- possibly not a valid instruction boundary. This can lead to a panic like the following: [ 7.308204][ C1] BUG: unable to handle page fault for address: 000000000002b4d8 [ 7.308883][ C1] #PF: supervisor read access in kernel mode [ 7.309168][ C1] #PF: error_code(0x0000) - not-present page [ 7.309461][ C1] PGD 0 P4D 0 [ 7.309652][ C1] Oops: 0000 [#1] SMP [ 7.309929][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.7.0-rc5-trace-for-next #6 [ 7.310397][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 [ 7.311068][ C1] RIP: 0010:__common_interrupt+0x52/0xc0 [ 7.311349][ C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3 [ 7.312512][ C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046 [ 7.312899][ C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001 [ 7.313334][ C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4 [ 7.313702][ C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482 [ 7.314146][ C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023 [ 7.314509][ C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000 [ 7.314951][ C1] FS: 0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 [ 7.315396][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.315691][ C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0 [ 7.316153][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.316508][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.316948][ C1] Call Trace: [ 7.317123][ C1] <IRQ> [ 7.317279][ C1] ? __die_body+0x64/0xb0 [ 7.317482][ C1] ? page_fault_oops+0x248/0x370 [ 7.317712][ C1] ? __wake_up+0x96/0xb0 [ 7.317964][ C1] ? exc_page_fault+0x62/0x130 [ 7.318211][ C1] ? asm_exc_page_fault+0x22/0x30 [ 7.318444][ C1] ? __cfi_native_send_call_func_single_ipi+0x10/0x10 [ 7.318860][ C1] ? default_idle+0xb/0x10 [ 7.319063][ C1] ? __common_interrupt+0x52/0xc0 [ 7.319330][ C1] common_interrupt+0x78/0x90 [ 7.319546][ C1] </IRQ> [ 7.319679][ C1] <TASK> [ 7.319854][ C1] asm_common_interrupt+0x22/0x40 [ 7.320082][ C1] RIP: 0010:default_idle+0xb/0x10 [ 7.320309][ C1] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 66 90 0f 00 2d 09 b9 3b 00 fb f4 <fa> c3 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 e9 [ 7.321449][ C1] RSP: 0018:ffffc9000009bee8 EFLAGS: 00000256 [ 7.321808][ C1] RAX: ffff88813bca8b68 RBX: 0000000000000001 RCX: 000000000001ef0c [ 7.322227][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000001ef0c [ 7.322656][ C1] RBP: ffffc9000009bef8 R08: 8000000000000000 R09: 00000000000008c2 [ 7.323083][ C1] R10: 0000000000000000 R11: ffffffff81058e70 R12: 0000000000000000 [ 7.323530][ C1] R13: ffff8881002b30c0 R14: 0000000000000000 R15: 0000000000000000 [ 7.323948][ C1] ? __cfi_lapic_next_deadline+0x10/0x10 [ 7.324239][ C1] default_idle_call+0x31/0x50 [ 7.324464][ C1] do_idle+0xd3/0x240 [ 7.324690][ C1] cpu_startup_entry+0x25/0x30 [ 7.324983][ C1] start_secondary+0xb4/0xc0 [ 7.325217][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 7.325498][ C1] </TASK> [ 7.325641][ C1] Modules linked in: [ 7.325906][ C1] CR2: 000000000002b4d8 [ 7.326104][ C1] ---[ end trace 0000000000000000 ]--- [ 7.326354][ C1] RIP: 0010:__common_interrupt+0x52/0xc0 [ 7.326614][ C1] Code: 01 00 4d 85 f6 74 39 49 81 fe 00 f0 ff ff 77 30 4c 89 f7 4d 8b 5e 68 41 ba 91 76 d8 42 45 03 53 fc 74 02 0f 0b cc ff d3 65 48 <8b> 05 30 c7 ff 7e 65 4c 89 3d 28 c7 ff 7e 5b 41 5c 41 5e 41 5f c3 [ 7.327570][ C1] RSP: 0018:ffffc900000e0fd0 EFLAGS: 00010046 [ 7.327910][ C1] RAX: 0000000000000001 RBX: 0000000000000023 RCX: 0000000000000001 [ 7.328273][ C1] RDX: 00000000000003cd RSI: 0000000000000001 RDI: ffff888100d302a4 [ 7.328632][ C1] RBP: 0000000000000001 R08: 0ef439818636191f R09: b1621ff338a3b482 [ 7.329223][ C1] R10: ffffffff81e5127b R11: ffffffff81059810 R12: 0000000000000023 [ 7.329780][ C1] R13: 0000000000000000 R14: ffff888100d30200 R15: 0000000000000000 [ 7.330193][ C1] FS: 0000000000000000(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 [ 7.330632][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.331050][ C1] CR2: 000000000002b4d8 CR3: 0000000003028003 CR4: 0000000000370ef0 [ 7.331454][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.331854][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.332236][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 7.332730][ C1] Kernel Offset: disabled [ 7.333044][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- The relevant assembly code is (from objdump, faulting address highlighted): ffffffff8102ed9d: 41 ff d3 call *%r11 ffffffff8102eda0: 65 48 <8b> 05 30 c7 ff mov %gs:0x7effc730(%rip),%rax The emulation incorrectly sets the return address to be ffffffff8102ed9d + 0x5 = ffffffff8102eda2, which is the 8b byte in the middle of the next mov. This in turn causes incorrect subsequent instruction decoding and eventually triggers the page fault above. Instead of invoking int3_emulate_call, perform push and jmp emulation directly in kprobe_emulate_call_indirect. At this point we can obtain the instruction size from p->ainsn.size so that we can calculate the correct return address. Link: https://lore.kernel.org/all/20240102233345.385475-1-jinghao7@illinois.edu/ Fixes: 6256e668b7af ("x86/kprobes: Use int3 instead of debug trap for single-step") Cc: stable@vger.kernel.org Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
8a9d593fd6 |
Merge 5.10.206 into android12-5.10-lts
Changes in 5.10.206 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE smb: client: fix OOB in smb2_query_reparse_point() ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init reset: Fix crash when freeing non-existent optional resets s390/vx: fix save/restore of fpu kernel context wifi: mac80211: mesh_plink: fix matches_local logic Revert "net/mlx5e: fix double free of encap_header" net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() net/mlx5: Fix fw tracer first block check net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net: sched: ife: fix potential use-after-free ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net/rose: fix races in rose_kill_by_device() net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check net: warn if gso_type isn't set for a GSO SKB net: check dev->gso_max_size in gso_features_check() keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry afs: Fix overwriting of result of DNS query i2c: aspeed: Handle the coalesced stop conditions with the start conditions. pinctrl: at91-pio4: use dedicated lock class for IRQ ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB smb: client: fix NULL deref in asn1_ber_decoder() btrfs: do not allow non subvolume root targets for snapshot interconnect: Treat xlate() returning NULL node as an error iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Input: ipaq-micro-keys - add error handling for devm_kmemdup scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() wifi: cfg80211: Add my certificate wifi: cfg80211: fix certs build to not depend on file order USB: serial: ftdi_sio: update Actisense PIDs constant names USB: serial: option: add Quectel EG912Y module support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel RM500Q R13 firmware support Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Bluetooth: L2CAP: Send reject on command corrupted request Input: soc_button_array - add mapping for airplane mode button net: 9p: avoid freeing uninit memory in p9pdu_vreadf net: rfkill: gpio: set GPIO direction net: ks8851: Fix TX stall caused by TX buffer overrun dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp tracing / synthetic: Disable events after testing in synth_event_gen_test_init() bus: ti-sysc: Flush posted write only after srst_udelay lib/vsprintf: Fix %pfwf when current node refcount == 0 x86/alternatives: Sync core before enabling interrupts 9p/net: fix possible memory leak in p9_check_errors() ARM: dts: Fix occasional boot hang for am3 usb Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg Bluetooth: use inclusive language in SMP Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE usb: fotg210-hcd: delete an incorrect bounds test smb: client: fix OOB in SMB2_query_info_init() smb: client: fix OOB in smbCalcSize() Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg spi: atmel: Switch to transfer_one transfer method spi: atmel: Fix CS and initialization bug scsi: core: Add scsi_prot_ref_tag() helper scsi: core: Introduce scsi_get_sector() scsi: core: Make scsi_get_lba() return the LBA scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Use a structure member to track the SCSI command submitter scsi: core: Always send batch on reset or error handling command ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer netfilter: nf_tables: skip set commit for deleted/destroyed sets dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Revert "MIPS: Loongson64: Enable DMA noncoherent support" Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled spi: atmel: Fix PDC transfer setup bug Linux 5.10.206 Change-Id: Ifc248e166849f9102cb1d3e32c33080236de2332 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thomas Gleixner
|
c4a22227f7 |
x86/alternatives: Sync core before enabling interrupts
commit 3ea1704a92967834bf0e64ca1205db4680d04048 upstream.
text_poke_early() does:
local_irq_save(flags);
memcpy(addr, opcode, len);
local_irq_restore(flags);
sync_core();
That's not really correct because the synchronization should happen before
interrupts are re-enabled to ensure that a pending interrupt observes the
complete update of the opcodes.
It's not entirely clear whether the interrupt entry provides enough
serialization already, but moving the sync_core() invocation into interrupt
disabled region does no harm and is obviously correct.
Fixes:
|
||
|
Greg Kroah-Hartman
|
001d2105f6 |
Merge 5.10.204 into android12-5.10-lts
Changes in 5.10.204 hrtimers: Push pending hrtimers away from outgoing CPU earlier i2c: designware: Fix corrupted memory seen in the ISR netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test tg3: Move the [rt]x_dropped counters to tg3_napi tg3: Increment tx_dropped in tg3_tso_bug() kconfig: fix memory leak from range properties drm/amdgpu: correct chunk_ptr to a pointer to chunk. platform/x86: asus-wmi: Add support for SW_TABLET_MODE on UX360 platform/x86: asus-nb-wmi: Allow configuring SW_TABLET_MODE method with a module option platform/x86: asus-nb-wmi: Add tablet_mode_sw=lid-flip quirk for the TP200s asus-wmi: Add dgpu disable method platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum platform/x86: asus-wmi: Add support for ROG X13 tablet mode platform/x86: asus-wmi: Simplify tablet-mode-switch probing platform/x86: asus-wmi: Simplify tablet-mode-switch handling platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code of: base: Fix some formatting issues and provide missing descriptions of: Fix kerneldoc output formatting of: Add missing 'Return' section in kerneldoc comments of: dynamic: Fix of_reconfig_get_state_change() return value documentation ipv6: fix potential NULL deref in fib6_add() octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam hv_netvsc: rndis_filter needs to select NLS mlxbf-bootctl: correctly identify secure boot with development keys net: arcnet: com20020 fix error handling arcnet: restoring support for multiple Sohard Arcnet cards i40e: Fix unexpected MFS warning message net: bnxt: fix a potential use-after-free in bnxt_init_tc ionic: fix snprintf format length warning ionic: Fix dim work handling in split interrupt mode ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() net: hns: fix fake link up on xge port netfilter: xt_owner: Fix for unsafe access of sk->sk_socket tcp: do not accept ACK of bytes we never sent bpf: sockmap, updating the sg structure should also update curr tee: optee: Fix supplicant based device enumeration arm64: dts: rockchip: Expand reg size of vdec node for RK3399 RDMA/rtrs-clt: Remove the warnings for req in_use check RDMA/bnxt_re: Correct module description string hwmon: (acpi_power_meter) Fix 4.29 MW bug ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate tracing: Fix a warning when allocating buffered events fails scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt riscv: fix misaligned access handling of C.SWSP and C.SDSP ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 nilfs2: fix missing error check for sb_set_blocksize call nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() checkstack: fix printed address tracing: Always update snapshot buffer size tracing: Disable snapshot buffer when stopping instance tracers tracing: Fix incomplete locking when disabling buffered events tracing: Fix a possible race when disabling buffered events packet: Move reference count in packet_sock to atomic_long_t arm64: dts: mediatek: mt7622: fix memory node warning check arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory misc: mei: client.c: return negative error code in mei_cl_write misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write ring-buffer: Force absolute timestamp on discard of event tracing: Set actual size after ring buffer resize tracing: Stop current tracer when resizing buffer perf/core: Add a new read format to get a number of lost samples perf: Fix perf_event_validate_size() gpiolib: sysfs: Fix error handling on failed export drm/amdgpu: correct the amdgpu runtime dereference usage count usb: gadget: f_hid: fix report descriptor allocation parport: Add support for Brainboxes IX/UC/PX parallel cards Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" usb: typec: class: fix typec_altmode_put_partner to put plugs ARM: PL011: Fix DMA support serial: sc16is7xx: address RX timeout interrupt errata serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt serial: 8250_omap: Add earlycon support for the AM654 UART controller x86/CPU/AMD: Check vendor in the AMD microcode callback KVM: s390/mm: Properly reset no-dat MIPS: Loongson64: Reserve vgabios memory on boot MIPS: Loongson64: Enable DMA noncoherent support io_uring/af_unix: disable sending io_uring over sockets netlink: don't call ->netlink_bind with table lock held genetlink: add CAP_NET_ADMIN test for multicast bind psample: Require 'CAP_NET_ADMIN' when joining "packets" group drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group netfilter: nft_set_pipapo: skip inactive elements during set walk platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting tools headers UAPI: Sync linux/perf_event.h with the kernel sources platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute mmc: block: Be sure to wait while busy in CQE error recovery Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" cifs: Fix non-availability of dedup breaking generic/304 smb: client: fix potential NULL deref in parse_dfs_referrals() devcoredump : Serialize devcd_del work devcoredump: Send uevent once devcd is ready r8169: fix rtl8125b PAUSE frames blasting when suspended Linux 5.10.204 Change-Id: Ic65cbf2bdbf57c9cea815a17fcec35c0b72168a2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Borislav Petkov (AMD)
|
ab8816a7c2 |
x86/CPU/AMD: Check vendor in the AMD microcode callback
commit 9b8493dc43044376716d789d07699f17d538a7c4 upstream.
Commit in Fixes added an AMD-specific microcode callback. However, it
didn't check the CPU vendor the kernel runs on explicitly.
The only reason the Zenbleed check in it didn't run on other x86 vendors
hardware was pure coincidental luck:
if (!cpu_has_amd_erratum(c, amd_zenbleed))
return;
gives true on other vendors because they don't have those families and
models.
However, with the removal of the cpu_has_amd_erratum() in
05f5f73936fa ("x86/CPU/AMD: Drop now unused CPU erratum checking function")
that coincidental condition is gone, leading to the zenbleed check
getting executed on other vendors too.
Add the explicit vendor check for the whole callback as it should've
been done in the first place.
Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix")
Cc: <stable@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20231201184226.16749-1-bp@alien8.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
7999a9a70d |
Merge 5.10.202 into android12-5.10-lts
Changes in 5.10.202 locking/ww_mutex/test: Fix potential workqueue corruption perf/core: Bail out early if the request AUX area is out of bound clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211_hwsim: fix clang-specific fortify warning wifi: mac80211: don't return unset power in ieee80211_get_tx_power() bpf: Detect IP == ksym.end as part of BPF program wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm wifi: ath10k: Don't touch the CE interrupt registers after power up Bluetooth: btusb: Add date->evt_skb is NULL check Bluetooth: Fix double free in hci_conn_cleanup platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/komeda: drop all currently held locks if deadlock happens drm/msm/dp: skip validity check for DP CTS EDID checksum drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix potential null pointer derefernce drm/panel: fix a possible null pointer dereference drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference drm/panel: st7703: Pick different reset sequence drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL selftests/efivarfs: create-read: fix a resource leak ASoC: soc-card: Add storage for PCI SSID crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W exfat: support handle zero-size directory tty: vcc: Add check for kstrdup() in vcc_probe() usb: gadget: f_ncm: Always set current gadget in ncm_bind() 9p/trans_fd: Annotate data-racy writes to file::f_flags i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes gfs2: fix an oops in gfs2_permission media: cobalt: Use FIELD_GET() to extract Link Width media: imon: fix access to invalid resource for the second interface drm/amd/display: Avoid NULL dereference of timing generator kgdb: Flush console before entering kgdb on panic ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings drm/amdgpu: fix software pci_unplug on some chips pwm: Fix double shift bug wifi: iwlwifi: Use FW rate for non-data frames xhci: turn cancelled td cleanup to its own function SUNRPC: ECONNRESET might require a rebind SUNRPC: Add an IS_ERR() check back to where it was NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO SUNRPC: Fix RPC client cleaned up the freed pipefs dentries gfs2: Silence "suspicious RCU usage in gfs2_permission" warning ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() net: hns3: fix VF reset fail issue tipc: Fix kernel-infoleak due to uninitialized TLV value ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail bonding: stop the device in bond_setup_by_slave() net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting netfilter: nf_conntrack_bridge: initialize err to 0 net: stmmac: fix rx budget limit check net/mlx5e: fix double free of encap_header net/mlx5_core: Clean driver version and name net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors macvlan: Don't propagate promisc change to lower dev in passthru tools/power/turbostat: Fix a knl bug cifs: spnego: add ';' in HOST_KEY_LEN cifs: fix check of rc in function generate_smb3signingkey media: venus: hfi: add checks to perform sanity on queue pointers powerpc/perf: Fix disabling BHRB and instruction sampling randstruct: Fix gcc-plugin performance mode to stay in group bpf: Fix check_stack_write_fixed_off() to correctly spill imm bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END scsi: mpt3sas: Fix loop logic scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers x86/cpu/hygon: Fix the CPU topology evaluation for real KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() tty/sysrq: replace smp_processor_id() with get_cpu() hvc/xen: fix console unplug hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space watchdog: move softlockup_panic back to early_param ACPI: resource: Do IRQ override on TongFang GMxXGxx arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer parisc/pdc: Add width field to struct pdc_model clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks mmc: vub300: fix an error code mmc: sdhci_am654: fix start loop index for TAP value parsing PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects btrfs: don't arbitrarily slow down delalloc if we're committing firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit ima: detect changes to the backing overlay file wifi: ath11k: fix temperature event locking wifi: ath11k: fix dfs radar event locking wifi: ath11k: fix htt pktlog locking mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted kernel/reboot: emergency_restart: Set correct system_state i2c: core: Run atomic i2c xfer when !preemptible mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running mm/cma: use nth_page() in place of direct struct page manipulation mm/memory_hotplug: use pfn math in place of direct struct page manipulation mtd: cfi_cmdset_0001: Byte swap OTP info i3c: master: cdns: Fix reading status register parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address xhci: Enable RPM on controllers that support low-power states ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek - Add Dell ALC295 to pin fall back table ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC serial: meson: remove redundant initialization of variable id tty: serial: meson: retrieve port FIFO size from DT serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: fix hard LOCKUP on crtscts mode cpufreq: stats: Fix buffer overflow detection in trans_stats() Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 bluetooth: Add device 0bda:887b to device tables bluetooth: Add device 13d3:3571 to device tables Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE PCI: exynos: Don't discard .remove() callback arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Revert ncsi: Propagate carrier gain/loss events to the NCSI controller lsm: fix default return value for vm_enough_memory lsm: fix default return value for inode_getsecctx i2c: designware: Disable TX_EMPTY irq while waiting for block length byte net: dsa: lan9303: consequently nested-lock physical MDIO net: phylink: initialize carrier state at creation i2c: i801: fix potential race in i801_block_transaction_byte_by_byte f2fs: avoid format-overflow warning media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware nfsd: fix file memleak on client_opens_release mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors media: qcom: camss: Fix vfe_get() error jump Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: correct the start block of counting reserved clusters ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks drm/amd/pm: Handle non-terminated overdrive commands. drm/amdgpu: fix error handling in amdgpu_bo_list_get() drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid tracing: Have trace_event_file have ref counters netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: fix table flag updates netfilter: nf_tables: disable toggling dormant table state more than once interconnect: qcom: Add support for mask-based BCMs Linux 5.10.202 Change-Id: I762bcd4848d9b87cbb4efe4104fe1685999dc0f7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
cf3a19d56e |
Merge 5.10.201 into android12-5.10-lts
Changes in 5.10.201 iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0 vfs: fix readahead(2) on block devices x86/srso: Fix SBPB enablement for (possible) future fixed HW futex: Don't include process MM in futex key on no-MMU x86/boot: Fix incorrect startup_gdt_descr.size pstore/platform: Add check for kstrdup genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() i40e: fix potential memory leaks in i40e_remove() udp: add missing WRITE_ONCE() around up->encap_rcv tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed overflow: Implement size_t saturating arithmetic helpers gve: Use size_add() in call to struct_size() mlxsw: Use size_mul() in call to struct_size() tipc: Use size_add() in calls to struct_size() net: spider_net: Use size_add() in call to struct_size() wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() wifi: mt76: mt7603: rework/fix rx pse hang check tcp_metrics: add missing barriers on delete tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: do not create an entry from tcp_init_metrics() wifi: rtlwifi: fix EDCA limit set by BT coexistence can: dev: can_restart(): don't crash kernel if carrier is OK can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() PM / devfreq: rockchip-dfi: Make pmu regmap mandatory thermal: core: prevent potential string overflow r8169: use tp_to_dev instead of open code r8169: fix rare issue with broken rx after link-down on RTL8125 chtls: fix tp->rcv_tstamp initialization tcp: fix cookie_init_timestamp() overflows ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() ipv6: avoid atomic fragment on GSO packets net: add DEV_STATS_READ() helper ipvlan: properly track tx_errors regmap: debugfs: Fix a erroneous check after snprintf() clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies clk: qcom: mmcc-msm8998: Add hardware clockgating registers to some clks clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks clk: qcom: mmcc-msm8998: Set bimc_smmu_gdsc always on clk: qcom: mmcc-msm8998: Fix the SMMU GDSC clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src clk: imx: Select MXC_CLK for CLK_IMX8QXP clk: imx: imx8mq: correct error handling path clk: asm9260: use parent index to link the reference clock clk: linux/clk-provider.h: fix kernel-doc warnings and typos spi: nxp-fspi: use the correct ioremap function clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: ti: Add ti_dt_clk_name() helper to use clock-output-names clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() clk: ti: Update component clocks to use ti_dt_clk_name() clk: ti: change ti_clk_register[_omap_hw]() API clk: ti: fix double free in of_ti_divider_clk_setup() clk: npcm7xx: Fix incorrect kfree clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM platform/x86: wmi: Fix probe failure when failing to register WMI devices platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix opening of char device hwmon: (axi-fan-control) Support temperature vs pwm points hwmon: (axi-fan-control) Fix possible NULL pointer dereference hwmon: (coretemp) Fix potentially truncated sysfs attribute name drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs drm/rockchip: vop: Fix call to crtc reset helper drm/radeon: possible buffer overflow drm/bridge: tc358768: Fix use of uninitialized variable drm/bridge: tc358768: Disable non-continuous clock mode drm/bridge: tc358768: Fix bit updates drm/mediatek: Fix iommu fault during crtc enabling drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() arm64/arm: xen: enlighten: Fix KPTI checks drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled arm64: dts: qcom: msm8916: Fix iommu local address range arm64: dts: qcom: sdm845-mtp: fix WiFi configuration ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator soc: qcom: llcc: Handle a second device without data corruption firmware: ti_sci: Mark driver as non removable clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped selftests/pidfd: Fix ksft print formats selftests/resctrl: Ensure the benchmark commands fits to its array crypto: hisilicon/hpre - Fix a erroneous check after snprintf() hwrng: geode - fix accessing registers libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value nd_btt: Make BTT lanes preemptible crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure crypto: caam/jr - fix Chacha20 + Poly1305 self test failure crypto: qat - mask device capabilities with soft straps crypto: qat - increase size of buffers hid: cp2112: Fix duplicate workqueue initialization ARM: 9321/1: memset: cast the constant byte to unsigned char ext4: move 'ix' sanity check to corrent position ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described IB/mlx5: Fix rdma counter binding for RAW QP RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() RDMA/hns: Fix signed-unsigned mixed comparisons ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe scsi: ufs: core: Leave space for '\0' in utf8 desc string RDMA/hfi1: Workaround truncation compilation error hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip sh: bios: Revive earlyprintk support Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only HID: logitech-hidpp: Revert "Don't restart communication if not necessary" HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails padata: Convert from atomic_t to refcount_t on parallel_data->refcnt padata: Fix refcnt handling in padata_free_shell() ASoC: ams-delta.c: use component after check mfd: core: Un-constify mfd_cell.of_reg mfd: core: Ensure disabled devices are skipped without aborting mfd: dln2: Fix double put in dln2_probe leds: pwm: Don't disable the PWM when the LED should be off leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' tty: tty_jobctrl: fix pid memleak in disassociate_ctty() livepatch: Fix missing newline character in klp_resolve_symbols() usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency dmaengine: ti: edma: handle irq_of_parse_and_map() errors misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() tools: iio: privatize globals and functions in iio_generic_buffer.c file tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: iio_generic_buffer ensure alignment USB: usbip: fix stub_dev hub disconnect dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() interconnect: qcom: sc7180: Retire DEFINE_QBCM interconnect: qcom: sc7180: Set ACV enable_mask modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro powerpc/xive: Fix endian conversion size powerpc/imc-pmu: Use the correct spinlock initializer. powerpc/pseries: fix potential memory leak in init_cpu_associativity() xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 usb: host: xhci-plat: fix possible kernel oops while resuming perf machine: Avoid out of bounds LBR memory read perf hist: Add missing puts to hist__account_cycles i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call pcmcia: cs: fix possible hung task and memory leak pccardd() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() media: i2c: max9286: Fix some redundant of_node_put() calls media: bttv: fix use after free error due to btv->timeout timer media: s3c-camif: Avoid inappropriate kfree() media: vidtv: psi: Add check for kstrdup media: vidtv: mux: Add check and kfree for kstrdup media: cedrus: Fix clock/reset sequence media: dvb-usb-v2: af9035: fix missing unlock regmap: prevent noinc writes from clobbering cache pwm: sti: Avoid conditional gotos pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() llc: verify mac len before reading mac header hsr: Prevent use after free in prp_create_tagged_frame() tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING inet: shrink struct flowi_common dccp: Call security_inet_conn_request() after setting IPv4 addresses. dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. net: r8169: Disable multicast filter for RTL8168H and RTL8107E Fix termination state for idr_for_each_entry_ul() net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc net/smc: put sk reference if close work was canceled tg3: power down device only on SYSTEM_POWER_OFF r8169: respect userspace disabling IFF_MULTICAST netfilter: xt_recent: fix (increase) ipv6 literal buffer length netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses x86: Share definition of __is_canonical_address() x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies fbdev: imsttfb: Fix error path of imsttfb_probe() fbdev: imsttfb: fix a resource leak in probe fbdev: fsl-diu-fb: mark wr_reg_wa() static tracing/kprobes: Fix the order of argument descriptions Revert "mmc: core: Capture correct oemid-bits for eMMC cards" btrfs: use u64 for buffer sizes in the tree search ioctls Linux 5.10.201 Change-Id: I0ce874e25eb6aeebf5826d6ef843fdbbf55d7c7d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Pu Wen
|
8cf6b66585 |
x86/cpu/hygon: Fix the CPU topology evaluation for real
commit ee545b94d39a00c93dc98b1dbcbcf731d2eadeb4 upstream.
Hygon processors with a model ID > 3 have CPUID leaf 0xB correctly
populated and don't need the fixed package ID shift workaround. The fixup
is also incorrect when running in a guest.
Fixes:
|
||
|
Greg Kroah-Hartman
|
9cba6b5683 |
Merge 5.10.200 into android12-5.10-lts
Changes in 5.10.200 selftests/ftrace: Add new test case which checks non unique symbol mcb: Return actual parsed size when reading chameleon table mcb-lpc: Reallocate memory region to avoid memory overlapping virtio_balloon: Fix endless deflation and inflation on arm64 virtio-mmio: fix memory leak of vm_dev mm/page_alloc: correct start page when guard page debug is enabled mmc: renesas_sdhi: use custom mask for TMIO_MASK_ALL drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 treewide: Spelling fix in comment igb: Fix potential memory leak in igb_add_ethtool_nfc_entry neighbour: fix various data-races igc: Fix ambiguity in the ethtool advertising net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg r8152: Increase USB control msg timeout to 5000ms as per spec r8152: Run the unload routine if we have errors during probe r8152: Cancel hw_phy_work if we have an error in probe r8152: Release firmware if we have an error in probe tcp: fix wrong RTO timeout when received SACK reneging gtp: uapi: fix GTPA_MAX gtp: fix fragmentation needed check with gso i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR kasan: print the original fault addr when access invalid shadow iio: exynos-adc: request second interupt only when touchscreen mode is used i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: aspeed: Fix i2c bus hang in slave read tracing/kprobes: Fix the description of variable length arguments misc: fastrpc: Clean buffers on remote invocation failures nvmem: imx: correct nregs for i.MX6ULL nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6UL perf/core: Fix potential NULL deref sparc32: fix a braino in fault handling in csum_and_copy_..._user() clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name iio: adc: xilinx: use helper variable for &pdev->dev iio: adc: xilinx: use devm_krealloc() instead of kfree() + kcalloc() iio: adc: xilinx: use more devres helpers and remove remove() iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility kobject: Fix slab-out-of-bounds in fill_kobj_path() smbdirect: missing rc checks while waiting for rdma events f2fs: fix to do sanity check on inode type during garbage collection x86/mm: Simplify RESERVE_BRK() x86/mm: Fix RESERVE_BRK() for older binutils ext4: add two helper functions extent_logical_end() and pa_logical_end() ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow ext4: avoid overlapping preallocations due to overflow objtool/x86: add missing embedded_insn check driver: platform: Add helper for safer setting of driver_override rpmsg: Constify local variable in field store macro rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: glink: Release driver_override rpmsg: Fix possible refcount leak in rpmsg_register_device_override() x86: Fix .brk attribute in linker script net: sched: cls_u32: Fix allocation size in u32_init() irqchip/stm32-exti: add missing DT IRQ flag translation dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport fbdev: atyfb: only use ioremap_uc() on i386 and ia64 spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 netfilter: nfnetlink_log: silence bogus compiler warning ASoC: rt5650: fix the wrong result of key button fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() scsi: mpt3sas: Fix in error path platform/mellanox: mlxbf-tmfifo: Fix a warning message net: chelsio: cxgb4: add an error code check in t4_load_phy_fw powerpc/mm: Fix boot crash with FLATMEM can: isotp: change error format from decimal to symbolic error names can: isotp: add symbolic error message to isotp_module_init() can: isotp: Add error message if txqueuelen is too small can: isotp: set max PDU size to 64 kByte can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting can: isotp: check CAN address family in isotp_bind() can: isotp: handle wait_event_interruptible() return values can: isotp: add local echo tx processing and tx without FC can: isotp: isotp_bind(): do not validate unused address information can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility usb: raw-gadget: properly handle interrupted requests tty: 8250: Remove UC-257 and UC-431 tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for Intashield IS-100 ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection Linux 5.10.200 Change-Id: I064cfd04d19db1e81d073b02c00258d3ebac2aa3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Yuntao Wang
|
66f9969141 |
x86/boot: Fix incorrect startup_gdt_descr.size
[ Upstream commit 001470fed5959d01faecbd57fcf2f60294da0de1 ]
Since the size value is added to the base address to yield the last valid
byte address of the GDT, the current size value of startup_gdt_descr is
incorrect (too large by one), fix it.
[ mingo: This probably never mattered, because startup_gdt[] is only used
in a very controlled fashion - but make it consistent nevertheless. ]
Fixes:
|
||
|
Josh Poimboeuf
|
f525870516 |
x86/srso: Fix SBPB enablement for (possible) future fixed HW
[ Upstream commit 1d1142ac51307145dbb256ac3535a1d43a1c9800 ]
Make the SBPB check more robust against the (possible) case where future
HW has SRSO fixed but doesn't have the SRSO_NO bit set.
Fixes: 1b5277c0ea0b ("x86/srso: Add SRSO_NO support")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/cee5050db750b391c9f35f5334f8ff40e66c01b9.1693889988.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Juergen Gross
|
9ade01b294 |
x86: Fix .brk attribute in linker script
commit 7e09ac27f43b382f5fe9bb7c7f4c465ece1f8a23 upstream.
Commit in Fixes added the "NOLOAD" attribute to the .brk section as a
"failsafe" measure.
Unfortunately, this leads to the linker no longer covering the .brk
section in a program header, resulting in the kernel loader not knowing
that the memory for the .brk section must be reserved.
This has led to crashes when loading the kernel as PV dom0 under Xen,
but other scenarios could be hit by the same problem (e.g. in case an
uncompressed kernel is used and the initrd is placed directly behind
it).
So drop the "NOLOAD" attribute. This has been verified to correctly
cover the .brk section by a program header of the resulting ELF file.
Fixes: e32683c6f7d2 ("x86/mm: Fix RESERVE_BRK() for older binutils")
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20220630071441.28576-4-jgross@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Josh Poimboeuf
|
c761d34a7e |
x86/mm: Fix RESERVE_BRK() for older binutils
commit e32683c6f7d22ba624e0bfc58b02cf3348bdca63 upstream.
With binutils 2.26, RESERVE_BRK() causes a build failure:
/tmp/ccnGOKZ5.s: Assembler messages:
/tmp/ccnGOKZ5.s:98: Error: missing ')'
/tmp/ccnGOKZ5.s:98: Error: missing ')'
/tmp/ccnGOKZ5.s:98: Error: missing ')'
/tmp/ccnGOKZ5.s:98: Error: junk at end of line, first unrecognized
character is `U'
The problem is this line:
RESERVE_BRK(early_pgt_alloc, INIT_PGT_BUF_SIZE)
Specifically, the INIT_PGT_BUF_SIZE macro which (via PAGE_SIZE's use
_AC()) has a "1UL", which makes older versions of the assembler unhappy.
Unfortunately the _AC() macro doesn't work for inline asm.
Inline asm was only needed here to convince the toolchain to add the
STT_NOBITS flag. However, if a C variable is placed in a section whose
name is prefixed with ".bss", GCC and Clang automatically set
STT_NOBITS. In fact, ".bss..page_aligned" already relies on this trick.
So fix the build failure (and simplify the macro) by allocating the
variable in C.
Also, add NOLOAD to the ".brk" output section clause in the linker
script. This is a failsafe in case the ".bss" prefix magic trick ever
stops working somehow. If there's a section type mismatch, the GNU
linker will force the ".brk" output section to be STT_NOBITS. The LLVM
linker will fail with a "section type mismatch" error.
Note this also changes the name of the variable from .brk.##name to
__brk_##name. The variable names aren't actually used anywhere, so it's
harmless.
Fixes: a1e2c031ec39 ("x86/mm: Simplify RESERVE_BRK()")
Reported-by: Joe Damato <jdamato@fastly.com>
Reported-by: Byungchul Park <byungchul.park@lge.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Joe Damato <jdamato@fastly.com>
Link: https://lore.kernel.org/r/22d07a44c80d8e8e1e82b9a806ddc8c6bbb2606e.1654759036.git.jpoimboe@kernel.org
[nathan: Fix trivial conflict due to lack of 81519f778830]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Thomas Gleixner
|
b9b197f659 |
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
commit 128b0c9781c9f2651bea163cb85e52a6c7be0f9e upstream.
David and a few others reported that on certain newer systems some legacy
interrupts fail to work correctly.
Debugging revealed that the BIOS of these systems leaves the legacy PIC in
uninitialized state which makes the PIC detection fail and the kernel
switches to a dummy implementation.
Unfortunately this fallback causes quite some code to fail as it depends on
checks for the number of legacy PIC interrupts or the availability of the
real PIC.
In theory there is no reason to use the PIC on any modern system when
IO/APIC is available, but the dependencies on the related checks cannot be
resolved trivially and on short notice. This needs lots of analysis and
rework.
The PIC detection has been added to avoid quirky checks and force selection
of the dummy implementation all over the place, especially in VM guest
scenarios. So it's not an option to revert the relevant commit as that
would break a lot of other scenarios.
One solution would be to try to initialize the PIC on detection fail and
retry the detection, but that puts the burden on everything which does not
have a PIC.
Fortunately the ACPI/MADT table header has a flag field, which advertises
in bit 0 that the system is PCAT compatible, which means it has a legacy
8259 PIC.
Evaluate that bit and if set avoid the detection routine and keep the real
PIC installed, which then gets initialized (for nothing) and makes the rest
of the code with all the dependencies work again.
Fixes:
|
||
|
Greg Kroah-Hartman
|
e04ba5f57f |
Merge 5.10.199 into android12-5.10-lts
Changes in 5.10.199
RDMA/srp: Make struct scsi_cmnd and struct srp_request adjacent
RDMA/srp: Do not call scsi_done() from srp_abort()
RDMA/cxgb4: Check skb value for failure to allocate
perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
lib/test_meminit: fix off-by-one error in test_pages()
HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
quota: Fix slow quotaoff
net: prevent address rewrite in kernel_bind()
drm/msm/dp: do not reinitialize phy unless retry during link training
drm/msm/dsi: skip the wait for video mode done if not applicable
drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
ravb: Fix up dma_free_coherent() call in ravb_remove()
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
xen-netback: use default TX queue size for vifs
riscv, bpf: Factor out emit_call for kernel and bpf context
riscv, bpf: Sign-extend return values
drm/vmwgfx: fix typo of sizeof argument
net: macsec: indicate next pn update when offloading
net: phy: mscc: macsec: reject PN update requests
ixgbe: fix crash with empty VF macvlan list
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
pinctrl: renesas: rzn1: Enable missing PINMUX
nfc: nci: assert requested protocol is valid
workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
Revert "spi: zynqmp-gqspi: fix clock imbalance on probe failure"
Revert "spi: spi-zynqmp-gqspi: Fix runtime PM imbalance in zynqmp_qspi_probe"
net: add sysctl accept_ra_min_rtr_lft
net: change accept_ra_min_rtr_lft to affect all RA lifetimes
net: release reference to inet6_dev pointer
media: mtk-jpeg: Fix use after free bug due to uncanceled work
dmaengine: stm32-mdma: abort resume if no ongoing transfer
usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
usb: dwc3: Soft reset phy on probe for host
usb: musb: Get the musb_qh poniter after musb_giveback
usb: musb: Modify the "HWVers" register address
iio: pressure: bmp280: Fix NULL pointer exception
iio: pressure: dps310: Adjust Timeout Settings
iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
mcb: remove is_added flag from mcb_device struct
thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
libceph: use kernel_connect()
ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
ceph: fix type promotion bug on 32bit systems
Input: powermate - fix use-after-free in powermate_config_complete
Input: psmouse - fix fast_reconnect function for PS/2 mode
Input: xpad - add PXN V900 support
Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case
tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
cgroup: Remove duplicates in cgroup v1 tasks file
pinctrl: avoid unsafe code pattern in find_pinctrl()
counter: microchip-tcb-capture: Fix the use of internal GCLK logic
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
x86/alternatives: Disable KASAN in apply_alternatives()
arm64: report EL1 UNDEFs better
arm64: die(): pass 'err' as long
arm64: consistently pass ESR_ELx to die()
arm64: rework FPAC exception handling
arm64: rework BTI exception handling
arm64: allow kprobes on EL0 handlers
arm64: split EL0/EL1 UNDEF handlers
arm64: factor out EL1 SSBS emulation hook
arm64: factor insn read out of call_undef_hook()
arm64: rework EL0 MRS emulation
arm64: armv8_deprecated: fold ops into insn_emulation
arm64: armv8_deprecated move emulation functions
arm64: armv8_deprecated: move aarch32 helper earlier
arm64: armv8_deprecated: rework deprected instruction handling
arm64: armv8_deprecated: fix unused-function error
RDMA/srp: Set scmnd->result only when scmnd is not NULL
RDMA/srp: Fix srp_abort()
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
dev_forward_skb: do not scrub skb mark within the same name space
lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default
mm/memory_hotplug: rate limit page migration warnings
Documentation: sysctl: align cells in second content column
usb: hub: Guard against accesses to uninitialized BOS descriptors
Bluetooth: hci_event: Ignore NULL link key
Bluetooth: Reject connection with the device which has same BD_ADDR
Bluetooth: Fix a refcnt underflow problem for hci_conn
Bluetooth: vhci: Fix race when opening vhci device
Bluetooth: hci_event: Fix coding style
Bluetooth: avoid memcmp() out of bounds warning
ice: fix over-shifted variable
ice: reset first in crash dump kernels
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
regmap: fix NULL deref on lookup
KVM: x86: Mask LVTPC when handling a PMI
x86/sev: Disable MMIO emulation from user mode
x86/sev: Check IOBM for IOIO exceptions from user-space
x86/sev: Check for user-space IOIO pointing to kernel space
tcp: check mptcp-level constraints for backlog coalescing
netfilter: nft_payload: fix wrong mac header matching
nvmet-tcp: Fix a possible UAF in queue intialization setup
drm/i915: Retry gtt fault when out of fence registers
qed: fix LL2 RX buffer allocation
xfrm: fix a data-race in xfrm_gen_index()
xfrm: interface: use DEV_STATS_INC()
net: ipv4: fix return value check in esp_remove_trailer
net: ipv6: fix return value check in esp_remove_trailer
net: rfkill: gpio: prevent value glitch during probe
tcp: fix excessive TLP and RACK timeouts from HZ rounding
tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
tun: prevent negative ifindex
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
i40e: prevent crash on probe if hw registers have invalid values
net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
netfilter: nft_set_rbtree: .deactivate fails if element has expired
net: pktgen: Fix interface flags printing
thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge
resource: Add irqresource_disabled()
ACPI: Drop acpi_dev_irqresource_disabled()
ACPI: resources: Add DMI-based legacy IRQ override quirk
ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
ACPI: resource: Add ASUS model S5402ZA to quirks
ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting
selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error
usb: core: Track SuperSpeed Plus GenXxY
xhci: cleanup xhci_hub_control port references
xhci: move port specific items such as state completions to port structure
xhci: rename resume_done to resume_timestamp
xhci: clear usb2 resume related variables in one place.
xhci: decouple usb2 port resume and get_port_status request handling
xhci: track port suspend state correctly in unsuccessful resume cases
serial: 8250: omap: Fix imprecise external abort for omap_8250_pm()
serial: 8250_omap: Fix errors with no_console_suspend
drm/amd/display: only check available pipe to disable vbios mode.
drm/amd/display: Don't set dpms_off for seamless boot
drm/connector: Give connector sysfs devices there own device_type
drm/connector: Add a fwnode pointer to drm_connector and register with ACPI (v2)
drm/connector: Add drm_connector_find_by_fwnode() function (v3)
drm/connector: Add support for out-of-band hotplug notification (v3)
usb: typec: altmodes/displayport: Notify drm subsys of hotplug events
usb: typec: altmodes/displayport: Signal hpd low when exiting mode
ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
btrfs: initialize start_slot in btrfs_log_prealloc_extents
i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
overlayfs: set ctime when setting mtime and atime
gpio: timberdale: Fix potential deadlock on &tgpio->lock
ata: libata-eh: Fix compilation warning in ata_eh_link_report()
tracing: relax trace_event_eval_update() execution with cond_resched()
HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
Bluetooth: Avoid redundant authentication
Bluetooth: hci_core: Fix build warnings
wifi: cfg80211: Fix 6GHz scan configuration
wifi: mac80211: allow transmitting EAPOL frames with tainted key
wifi: cfg80211: avoid leaking stack data into trace
regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()"
sky2: Make sure there is at least one frag_addr available
ipv4/fib: send notify when delete source address routes
drm: panel-orientation-quirks: Add quirk for One Mix 2S
btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
HID: multitouch: Add required quirk for Synaptics 0xcd7e device
platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
net/mlx5: Handle fw tracer change ownership event based on MTRC
Bluetooth: hci_event: Fix using memcmp when comparing keys
mtd: rawnand: qcom: Unmap the right resource upon probe failure
mtd: rawnand: marvell: Ensure program page operations are successful
mtd: rawnand: arasan: Ensure program page operations are successful
mtd: spinand: micron: correct bitmask for ecc status
mtd: physmap-core: Restore map_rom fallback
mmc: core: sdio: hold retuning if sdio in 1-bit mode
mmc: core: Capture correct oemid-bits for eMMC cards
Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
pNFS: Fix a hang in nfs4_evict_inode()
ACPI: irq: Fix incorrect return value in acpi_register_gsi()
nvme-pci: add BOGUS_NID for Intel 0a54 device
nvme-rdma: do not try to stop unallocated queues
USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
USB: serial: option: add entry for Sierra EM9191 with new firmware
USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
perf: Disallow mis-matched inherited group reads
s390/pci: fix iommu bitmap allocation
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
gpio: vf610: set value before the direction to avoid a glitch
ASoC: pxa: fix a memory leak in probe()
phy: mapphone-mdm6600: Fix runtime disable on probe
phy: mapphone-mdm6600: Fix runtime PM for remove
phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
xfrm6: fix inet6_dev refcount underflow problem
Linux 5.10.199
NOTE, this reverts the following commits in order to apply things
cleanly and avoid ABI breakage. Due to the complexity involved,
individual reverts would not work properly:
|