mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-05 10:31:46 +09:00
rk35_14.0.0_master
489 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
522ff9a1db |
Merge 6.1.134 into android14-6.1-lts
Changes in 6.1.134
watch_queue: fix pipe accounting mismatch
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
cpufreq: scpi: compare kHz instead of Hz
smack: dont compile ipv6 code unless ipv6 is configured
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
x86/fpu: Fix guest FPU state buffer allocation size
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
x86/platform: Only allow CONFIG_EISA for 32-bit
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
PM: sleep: Adjust check before setting power.must_resume
selinux: Chain up tool resolving errors in install_policy.sh
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
thermal: int340x: Add NULL check for adev
PM: sleep: Fix handling devices with direct_complete set on errors
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
media: verisilicon: HEVC: Initialize start_bit field
media: platform: allgro-dvt: unregister v4l2_device on the error path
ASoC: cs35l41: check the return value from spi_setup()
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
ALSA: hda/realtek: Always honor no_shutup_pins
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
drm/bridge: ti-sn65dsi86: Fix multiple instances
drm/dp_mst: Fix drm RAD print
drm/bridge: it6505: fix HDCP V match check is not performed correctly
drm: xlnx: zynqmp: Fix max dma segment size
drm/vkms: Fix use after free and double free on init error
PCI: Use downstream bridges for distributing resources
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
PCI/ASPM: Fix link state exit during switch upstream function removal
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
PCI/portdrv: Only disable pciehp interrupts early when needed
PCI: Avoid reset when disabled via sysfs
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
PCI: Remove stray put_device() in pci_register_host_bridge()
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
drm/amd/display: avoid NPD when ASIC does not support DMUB
PCI: pciehp: Don't enable HPIE when resuming in poll mode
fbdev: au1100fb: Move a variable assignment behind a null pointer check
mdacon: rework dependency list
fbdev: sm501fb: Add some geometry checks.
clk: amlogic: gxbb: drop incorrect flag on 32k clock
crypto: hisilicon/sec2 - fix for aead authsize alignment
remoteproc: core: Clear table_sz when rproc_shutdown
of: property: Increase NR_FWNODE_REFERENCE_ARGS
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
selftests/bpf: Fix string read in strncmp benchmark
clk: samsung: Fix UBSAN panic in samsung_clk_init()
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
bpf: Use preempt_count() directly in bpf_send_signal_common()
lib: 842: Improve error handling in sw842_compress()
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
RDMA/core: Don't expose hw_counters outside of init net namespace
RDMA/mlx5: Fix calculation of total invalidated pages
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
IB/mad: Check available slots before posting receive WRs
pinctrl: tegra: Set SFIO mode to Mux Register
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
selftests/bpf: Select NUMA_NO_NODE to create map
clk: amlogic: g12a: fix mmc A peripheral clock
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
power: supply: max77693: Fix wrong conversion of charge input threshold value
crypto: nx - Fix uninitialised hv_nxc on error
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
mfd: sm501: Switch to BIT() to mitigate integer overflows
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
crypto: hisilicon/sec2 - fix for aead auth key length
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
soundwire: slave: fix an OF node reference leak in soundwire slave device
coresight: catu: Fix number of pages while using 64k pages
coresight-etm4x: add isb() before reading the TRCSTATR
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
usb: xhci: correct debug message page size calculation
fs/ntfs3: Fix a couple integer overflows on 32bit systems
iio: adc: ad7124: Fix comparison of channel configs
perf evlist: Add success path to evlist__create_syswide_maps
perf units: Fix insufficient array space
kexec: initialize ELF lowest address to ULONG_MAX
ocfs2: validate l_tree_depth to avoid out-of-bounds access
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
fuse: fix dax truncate/punch_hole fault path
um: remove copy_from_kernel_nofault_allowed
i3c: master: svc: Fix missing the IBI rules
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
fs/procfs: fix the comment above proc_pid_wchan()
perf tools: annotate asm_pure_loop.S
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
exfat: fix the infinite loop in exfat_find_last_cluster()
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
rndis_host: Flag RNDIS modems as WWAN devices
ksmbd: use aead_request_free to match aead_request_alloc
ksmbd: fix multichannel connection failure
net/mlx5e: SHAMPO, Make reserved size independent of page size
ring-buffer: Fix bytes_dropped calculation issue
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: iwlwifi: mvm: use the right version of the rate API
nvme-tcp: fix possible UAF in nvme_tcp_poll
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
wifi: brcmfmac: keep power during suspend if board requires it
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
ALSA: hda/realtek: Fix Asus Z13 2025 audio
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
HID: i2c-hid: improve i2c_hid_get_report error message
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
sched/deadline: Use online cpus for validating runtime
locking/semaphore: Use wake_q to wake up processes outside lock critical section
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
drm/amd: Keep display off while going into S4
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
can: statistics: use atomic access in hot path
memory: omap-gpmc: drop no compatible check
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
ntb: intel: Fix using link status DB's
ASoC: imx-card: Add NULL check in imx_card_probe()
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
net_sched: skbprio: Remove overly strict queue assertions
net: mvpp2: Prevent parser TCAM memory corruption
udp: Fix memory accounting leak.
vsock: avoid timeout during connect() if the socket is closing
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
netfilter: nft_tunnel: fix geneve_opt type confusion addition
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
net: fix geneve_opt length integer overflow
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
arcnet: Add NULL check in com20020pci_probe()
io_uring/filetable: ensure node switch is always done, if needed
drm/amdgpu/gfx11: fix num_mec
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
usbnet:fix NPE during rx_complete
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
platform/x86: ISST: Correct command storage data length
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
perf/x86/intel: Apply static call for drain_pebs
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
kunit/overflow: Fix UB in overflow_allocation_test
btrfs: handle errors from btrfs_dec_ref() properly
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
ksmbd: add bounds check for create lease context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: validate zero num_subauth before sub_auth is accessed
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
arm64: Don't call NULL in do_compat_alignment_fixup()
ext4: don't over-report free space or inodes in statvfs
ext4: fix OOB read when checking dotdot dir
jfs: fix slab-out-of-bounds read in ea_get()
jfs: add index corruption check to DT_GETPAGE()
media: streamzap: fix race between device disconnection and urb callback
nfsd: put dl_stid if fail to queue dl_recall
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
tracing: Do not use PERF enums when perf is not defined
Linux 6.1.134
Change-Id: I839a629271fb53021a249cc4f69a668d78f723e3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Feng Yang
|
6fc6fa800e |
ring-buffer: Fix bytes_dropped calculation issue
[ Upstream commit c73f0b69648501978e8b3e8fa7eef7f4197d0481 ]
The calculation of bytes-dropped and bytes_dropped_nested is reversed.
Although it does not affect the final calculation of total_dropped,
it should still be modified.
Link: https://lore.kernel.org/20250223070106.6781-1-yangfeng59949@163.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
a4d90a8f3c |
Merge 6.1.93 into android14-6.1-lts
Changes in 6.1.93
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
ftrace: Fix possible use-after-free issue in ftrace_location()
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
tty: n_gsm: fix missing receive state reset after mode switch
speakup: Fix sizeof() vs ARRAY_SIZE() bug
serial: 8250_bcm7271: use default_mux_rate if possible
serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
io_uring: fail NOP if non-zero op flags is passed in
Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already"
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
ring-buffer: Fix a race between readers and resize checks
tools/latency-collector: Fix -Wformat-security compile warns
tools/nolibc/stdlib: fix memory error in realloc()
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
fs/ntfs3: Remove max link count info display during driver init
fs/ntfs3: Taking DOS names into account during link counting
fs/ntfs3: Fix case when index is reused during tree transformation
fs/ntfs3: Break dir enumeration if directory contents error
ksmbd: avoid to send duplicate oplock break notifications
ksmbd: ignore trailing slashes in share paths
ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11.
ALSA: core: Fix NULL module pointer assignment at card init
ALSA: Fix deadlocks with kctl removals at disconnection
KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
wifi: mac80211: don't use rate mask for scanning
wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
drm/amdgpu: Update BO eviction priorities
drm/amdgpu: Fix the ring buffer size for queue VM flush
drm/amdgpu/mes: fix use-after-free issue
LoongArch: Lately init pmu after smp is online
selftests: sud_test: return correct emulated syscall value on RISC-V
sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too
regulator: irq_helpers: duplicate IRQ name
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: rt715-sdca: volume step modification
KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF
x86/efistub: Omit physical KASLR when memory reservations exist
efi: libstub: only free priv.runtime_map when allocated
KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
softirq: Fix suspicious RCU usage in __do_softirq()
ASoC: da7219-aad: fix usage of device_get_named_child_node()
ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
drm/amd/display: Add dtbclk access to dcn315
drm/amd/display: Add VCO speed parameter for DCN31 FPU
drm/amdkfd: Flush the process wq before creating a kfd_process
x86/mm: Remove broken vsyscall emulation code from the page fault code
nvme: find numa distance only if controller has valid numa id
nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
nvmet-auth: replace pr_debug() with pr_err() to report an error.
nvmet-tcp: fix possible memory leak when tearing down a controller
nvmet: fix nvme status code when namespace is disabled
epoll: be better about file lifetimes
nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
mm/slub, kunit: Use inverted data to corrupt kmem cache
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
crypto: x86/sha512-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of task_work
io_uring: use the right type for work_llist empty check
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
rcu: Fix buffer overflow in print_cpu_stall_info()
ARM: configs: sunxi: Enable DRM_DW_HDMI
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
block: open code __blk_account_io_start()
block: open code __blk_account_io_done()
block: support to account io_ticks precisely
wifi: ath10k: poll service ready message before failing
wifi: brcmfmac: pcie: handle randbuf allocation failure
wifi: ath11k: don't force enable power save on non-running vdevs
bpftool: Fix missing pids during link show
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
sched/fair: Add EAS checks before updating root_domain::overutilized
ACPI: Fix Generic Initiator Affinity _OSC bit
qed: avoid truncating work queue length
net/mlx5e: Fail with messages when params are not valid for XSK
mlx5: stop warning for 64KB pages
bitops: add missing prototype check
wifi: carl9170: re-fix fortified-memset warning
bpf: Pack struct bpf_fib_lookup
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
ACPI: LPSS: Advertise number of chip selects via property
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Don't forget to complete delayed withdraw
gfs2: Fix "ignore unlock failures after withdraw"
x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: exit() callback is optional
x86/pat: Introduce lookup_address_in_pgd_attr()
x86/pat: Restructure _lookup_address_cpa()
x86/pat: Fix W^X violation false-positives when running as Xen PV guest
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
cppc_cpufreq: Fix possible null pointer dereference
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
thermal/drivers/tsens: Fix null pointer dereference
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
selftests/bpf: Fix a fd leak in error paths in open_netns
wifi: ath10k: populate board data for WCN3990
net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers
net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches
tcp: avoid premature drops in tcp_add_backlog()
pwm: sti: Convert to platform remove callback returning void
pwm: sti: Prepare removing pwm_chip from driver data
pwm: sti: Simplify probe function using devm functions
drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
libbpf: Fix error message in attach_kprobe_multi
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
selftests/resctrl: fix clang build failure: use LOCAL_HDRS
selftests: default to host arch for LLVM builds
kunit: Fix kthread reference
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
scsi: qla2xxx: Fix debugfs output for fw_resource_count
kernel/numa.c: Move logging out of numa.h
x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
wifi: mwl8k: initialize cmd->addr[] properly
HID: amd_sfh: Handle "no sensors" in PM operations
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
selftests: net: move amt to socat for better compatibility
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Add a timeout to acquire the command queue semaphore
net/mlx5: Discard command completions in internal error
s390/bpf: Emit a barrier for BPF_FETCH instructions
riscv, bpf: make some atomic operations fully ordered
ax25: Use kernel universal linked list to implement ax25_dev_list
ax25: Fix reference count leak issues of ax25_dev
ax25: Fix reference count leak issue of net_device
mptcp: SO_KEEPALIVE: fix getsockopt support
Bluetooth: Consolidate code around sk_alloc into a helper function
Bluetooth: compute LE flow credits based on recvbuf space
Bluetooth: qca: Fix error code in qca_read_fw_build_info()
drm/bridge: Fix improper bridge init order with pre_enable_prev_first
printk: Let no_printk() use _printk()
dev_printk: Add and use dev_no_printk()
drm/lcdif: Do not disable clocks on already suspended hardware
drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
drm/dp: Don't attempt AUX transfers when eDP panels are not powered
drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: Intel: Disable route checks for Skylake boards
ASoC: Intel: avs: ssm4567: Do not ignore route checks
mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add()
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
ASoC: kirkwood: Fix potential NULL dereference
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
ASoC: Intel: avs: Fix ASRC module initialization
ASoC: Intel: avs: Fix potential integer overflow
media: ngene: Add dvb_ca_en50221_init return value check
media: rcar-vin: work around -Wenum-compare-conditional warning
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
drm/msm/dp: allow voltage swing / pre emphasis of 3
drm/msm/dp: Return IRQ_NONE for unhandled interrupts
drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected
media: ipu3-cio2: Request IRQ earlier
media: dt-bindings: ovti,ov2680: Fix the power supply names
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: anx7625: Don't log an error when DSI host can't be found
drm/bridge: icn6211: Don't log an error when DSI host can't be found
drm/bridge: lt8912b: Don't log an error when DSI host can't be found
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/bridge: dpc3433: Don't log an error when DSI host can't be found
drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
drm/rockchip: vop2: Do not divide height twice for YUV
clk: samsung: exynosautov9: fix wrong pll clock id value
RDMA/mlx5: Adding remote atomic access flag to updatable flags
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Fix deadlock on SRQ async events.
RDMA/hns: Fix UAF for cq async event
RDMA/hns: Fix GMV table pagesize
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: mediatek: mt8365-mm: fix DPI0 parent
clk: rs9: fix wrong default value for clock amplitude
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
RDMA/rxe: Fix incorrect rxe_put in error path
IB/mlx5: Use __iowrite64_copy() for write combining stores
clk: renesas: r8a779a0: Fix CANFD parent clock
clk: renesas: r9a07g043: Add clock and reset entry for PLIC
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
clk: qcom: dispcc-sm8450: fix DisplayPort clocks
clk: qcom: dispcc-sm6350: fix DisplayPort clocks
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS
ext4: avoid excessive credit estimate in ext4_tmpfile()
virt: acrn: stop using follow_pfn
drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: add pskb_may_pull_reason() helper
net: bridge: xmit: make sure we have at least eth header len bytes
selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval
net: bridge: mst: fix vlan use-after-free
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write()
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
perf record: Delete session after stopping sideband thread
perf probe: Add missing libgen.h header needed for using basename()
iio: core: Leave private pointer NULL when no private data supplied
greybus: lights: check return of get_channel_from_mode
f2fs: multidev: fix to recognize valid zero block address
f2fs: fix to wait on page writeback in __clone_blkaddrs()
counter: linux/counter.h: fix Excess kernel-doc description warning
perf annotate: Get rid of duplicate --group option item
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
PCI: tegra194: Fix probe path for Endpoint mode
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
arm64: dts: meson: fix S4 power-controller node
perf test: Add -w/--workload option
perf test: Add 'thloop' test workload
perf test: Add 'leafloop' test workload
perf test: Add 'sqrtloop' test workload
perf test: Add 'brstack' test workload
perf test: Add 'datasym' test workload
perf tests: Make "test data symbol" more robust on Neoverse N1
dt-bindings: PCI: rcar-pci-host: Add optional regulators
dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file()
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: adc: stm32: Fixing err code to not indicate success
coresight: etm4x: Fix unbalanced pm_runtime_enable()
perf docs: Document bpf event modifier
iio: pressure: dps310: support negative temperature values
coresight: etm4x: Do not hardcode IOMEM access for register restore
coresight: etm4x: Do not save/restore Data trace control registers
coresight: etm4x: Safe access for TRCQCLTR
coresight: etm4x: Fix access to resource selector registers
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer)
ovl: remove upper umask handling from ovl_create_upper()
VMCI: Fix an error handling path in vmci_guest_probe_device()
dt-bindings: pinctrl: mediatek: mt7622: fix array properties
watchdog: bd9576: Drop "always-running" property
watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
perf bench internals inject-build-id: Fix trap divide when collecting just one DSO
perf ui browser: Don't save pointer to stack memory
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
perf ui browser: Avoid SEGV on title
perf report: Avoid SEGV in report__setup_sample_type()
f2fs: compress: fix to update i_compr_blocks correctly
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
perf daemon: Fix file leak in daemon_session__control
f2fs: fix to add missing iput() in gc_data_segment()
perf stat: Don't display metric header for non-leader uncore events
LoongArch: Fix callchain parse error with kernel tracepoint events again
s390/vdso: filter out mno-pic-data-is-text-relative cflag
s390/vdso64: filter out munaligned-symbols flag for vdso
s390/vdso: Generate unwind information for C modules
s390/vdso: Use standard stack frame layout
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
s390/boot: Remove alt_stfle_fac_list from decompressor
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk
drm/msm/dpu: Always flush the slave INTF on the CTL
drm/mediatek: dp: Move PHY registration to new function
drm/mediatek: dp: Add support for embedded DisplayPort aux-bus
drm/mediatek: dp: Fix mtk_dp_aux_transfer return value
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
fs/ntfs3: Use variable length array instead of fixed size
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
Input: cyapa - add missing input core locking to suspend/resume functions
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
um: Fix the -Wmissing-prototypes warning for get_thread_reg
um: Fix the declaration of kasan_map_memory
media: sunxi: a83-mips-csi2: also select GENERIC_PHY
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
drm/msm: Enable clamp_to_idle for 7c3
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
ASoC: mediatek: mt8192: fix register configuration for tdm
regulator: bd71828: Don't overwrite runtime voltages
perf/arm-dmc620: Fix lockdep assert in ->event_init()
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
ipv6: sr: fix missing sk_buff release in seg6_input_core
selftests: net: kill smcrouted in the cleanup logic in amt.sh
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
NFSv4: Fixup smatch warning for ambiguous return
nfs: keep server info for remounts
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
ipv6: sr: fix memleak in seg6_hmac_init_algo
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
pNFS/filelayout: fixup pNfs allocation modes
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
rv: Update rv_en(dis)able_monitor doc to match kernel-doc
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
riscv: stacktrace: Make walk_stackframe cross pt_regs frame
riscv: stacktrace: fixed walk_stackframe()
Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
inet: factor out locked section of inet_accept() in a new helper
net: relax socket state check at accept time.
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
drivers/xen: Improve the late XenStore init protocol
ice: Interpret .set_channels() input differently
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
dma-mapping: benchmark: fix node id validation
dma-mapping: benchmark: handle NUMA_NO_NODE correctly
nvmet: fix ns enable/disable possible hang
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
net/mlx5: Lag, do bond only if slaves agree on roce state
net/mlx5e: Fix IPsec tunnel mode offload feature check
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
net/mlx5e: Fix UDP GSO for encapsulated packets
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
ALSA: jack: Use guard() for locking
ALSA: core: Remove debugfs at disconnection
ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
enic: Validate length of nl attributes in enic_set_vf_port
af_unix: Read sk->sk_hash under bindlock during bind().
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
ice: fix accounting if a VLAN already exists
netfilter: nft_payload: move struct nft_payload_set definition where it belongs
netfilter: nft_payload: rebuild vlan header when needed
netfilter: nft_payload: rebuild vlan header on h_proto access
netfilter: nft_payload: skbuff vlan metadata mangle support
netfilter: tproxy: bail out if IP has been disabled on the device
netfilter: nft_fib: allow from forward/input without iif selector
kconfig: fix comparison to constant symbols, 'm', 'n'
drm/i915/guc: avoid FIELD_PREP warning
spi: stm32: Don't warn about spurious interrupts
net: dsa: microchip: fix RGMII error in KSZ DSA driver
net: ena: Add dynamic recycling mechanism for rx buffers
net: ena: Reduce lines with longer column width boundary
net: ena: Fix redundant device NUMA node override
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
powerpc/pseries/lparcfg: drop error message from guest name lookup
hwmon: (shtc1) Fix property misspelling
riscv: prevent pt_regs corruption for secondary idle threads
ALSA: timer: Set lower bound of start tick time
net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
Linux 6.1.93
Change-Id: I15fdbacdaee5a6d68347a7fd5218929488d594af
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
af0a15ff84 |
Merge 6.1.87 into android14-6.1-lts
Changes in 6.1.87
smb3: fix Open files on server counter going negative
ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
batman-adv: Avoid infinite loop trying to resize local TT
ring-buffer: Only update pages_touched when a new page is touched
Bluetooth: Fix memory leak in hci_req_sync_complete()
drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
PM: s2idle: Make sure CPUs will wakeup directly on resume
media: cec: core: remove length check of Timer Status
arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order
Revert "drm/qxl: simplify qxl_fence_wait"
nouveau: fix function cast warning
scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
net: openvswitch: fix unwanted error log on timeout policy probing
u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
geneve: fix header validation in geneve[6]_xmit_skb
bnxt_en: Reset PTP tx_avail after possible firmware reset
net: ks8851: Inline ks8851_rx_skb()
net: ks8851: Handle softirqs at the end of IRQ thread to fix hang
af_unix: Clear stale u->oob_skb.
octeontx2-af: Fix NIX SQ mode and BP config
ipv6: fib: hide unused 'pn' variable
ipv4/route: avoid unused-but-set-variable warning
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
Bluetooth: SCO: Fix not validating setsockopt user input
Bluetooth: L2CAP: Fix not validating setsockopt user input
netfilter: complete validation of user input
net/mlx5: Properly link new fs rules into the tree
net/mlx5e: Fix mlx5e_priv_init() cleanup flow
net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
net: sparx5: fix wrong config being used when reconfiguring PCS
net: dsa: mt7530: trap link-local frames regardless of ST Port State
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
af_unix: Fix garbage collector racing against connect()
net: ena: Fix potential sign extension issue
net: ena: Wrong missing IO completions check order
net: ena: Fix incorrect descriptor free behavior
tracing: hide unused ftrace_event_id_fops
iommu/vt-d: Allocate local memory for page request queue
btrfs: qgroup: correctly model root qgroup rsv in convert
btrfs: record delayed inode root in transaction
btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
io_uring/net: restore msg_control on sendzc retry
kprobes: Fix possible use-after-free issue on kprobe registration
drm/i915/vrr: Disable VRR when using bigjoiner
drm/amdkfd: Reset GPU on queue preemption failure
drm/ast: Fix soft lockup
drm/client: Fully protect modes[] with dev->mode_config.mutex
vhost: Add smp_rmb() in vhost_vq_avail_empty()
vhost: Add smp_rmb() in vhost_enable_notify()
perf/x86: Fix out of range data
x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n
selftests: timers: Fix abs() warning in posix_timers test
x86/apic: Force native_apic_mem_read() to use the MOV instruction
irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
x86/bugs: Fix return type of spectre_bhi_state()
x86/bugs: Fix BHI documentation
x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
x86/bugs: Fix BHI handling of RRSBA
x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI
drm/i915/cdclk: Fix CDCLK programming order when pipes are active
drm/i915: Disable port sync when bigjoiner is used
drm/amdgpu: Reset dGPU if suspend got aborted
drm/amdgpu: always force full reset for SOC21
drm/amd/display: fix disable otg wa logic in DCN316
Linux 6.1.87
Change-Id: I58ee851cc95f3b34e037dbfc46490730abcabb84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
faf34a67eb |
Merge 6.1.86 into android14-6.1-lts
Changes in 6.1.86 amdkfd: use calloc instead of kzalloc to avoid integer overflow wifi: ath9k: fix LNA selection in ath_ant_try_scan() bnx2x: Fix firmware version string character counts wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: iwlwifi: pcie: Add the PCI device id for new hardware panic: Flush kernel log buffer at the end cpuidle: Avoid potential overflow in integer multiplication arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node ionic: set adminq irq affinity net: skbuff: add overflow debug check to pull/push helpers firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro pstore/zone: Add a null pointer check to the psz_kmsg_read tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() net: pcs: xpcs: Return EINVAL in the internal methods dma-direct: Leak pages on dma_set_decrypted() failure wifi: ath11k: decrease MHI channel buffer length to 8KB cpufreq: Don't unregister cpufreq cooling on CPU hotplug btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() ice: use relative VSI index for VFs instead of PF VSI number net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Bluetooth: btintel: Fix null ptr deref in btintel_read_version Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 drm/vc4: don't check if plane->state->fb == state->fb Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails drm: panel-orientation-quirks: Add quirk for GPD Win Mini pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs sysv: don't call sb_bread() with pointers_lock held scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() isofs: handle CDs with bad root inode but good Joliet root directory ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops rcu-tasks: Repair RCU Tasks Trace quiescence check Julia Lawall reported this null pointer dereference, this should fix it. media: sta2x11: fix irq handler cast ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter ext4: add a hint for block bitmap corrupt state in mb_groups ext4: forbid commit inconsistent quota data when errors=remount-ro drm/amd/display: Fix nanosec stat overflow drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" libperf evlist: Avoid out-of-bounds access input/touchscreen: imagis: Correct the maximum touch area value block: prevent division by zero in blk_rq_stat_sum() RDMA/cm: add timeout to cm_destroy_id wait Input: imagis - use FIELD_GET where applicable Input: allocate keycode for Display refresh rate toggle platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet perf/x86/amd/lbr: Discard erroneous branch entries ktest: force $buildonly = 1 for 'make_warnings_file' test type ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment tools: iio: replace seekdir() in iio_generic_buffer bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR thunderbolt: Keep the domain powered when USB4 port is in redrive mode usb: typec: tcpci: add generic tcpci fallback compatible usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined thermal/of: Assume polling-delay(-passive) 0 when absent ASoC: soc-core.c: Skip dummy codec when adding platforms fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 io_uring: clear opcode specific data for an early failure drivers/nvme: Add quirks for device 126f:2262 fbmon: prevent division by zero in fb_videomode_from_videomode() netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc gcc-plugins/stackleak: Avoid .head.text section Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Revert "scsi: core: Add struct for args to execution functions" scsi: sd: usb_storage: uas: Access media prior to querying device properties virtio: reenable config if freezing device failed randomize_kstack: Improve entropy diffusion platform/x86: intel-vbtn: Update tablet mode switch at end of probe Bluetooth: btintel: Fixe build regression net: mpls: error out if inner headers are not set VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Linux 6.1.86 Change-Id: I385fd199fb709d2f63ac02f9f9d1c3061fbbf93f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Petr Pavlu
|
54c64967ba |
ring-buffer: Fix a race between readers and resize checks
commit c2274b908db05529980ec056359fae916939fdaa upstream.
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab792705c
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
.. and then run the following commands on the target system:
echo 1 > /sys/kernel/tracing/events/sched/sched_switch/enable
while true; do
echo 16 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
echo 8 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
done &
while true; do
for i in /sys/kernel/tracing/per_cpu/*; do
timeout 0.1 cat $i/trace_pipe; sleep 0.2
done
done
To fix the problem, make sure ring_buffer_resize() doesn't invoke
rb_check_pages() concurrently with a reader operating on the same
ring_buffer_per_cpu by taking its cpu_buffer->reader_lock.
Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-3-petr.pavlu@suse.com
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
2b530e8f5d |
Merge 6.1.84 into android14-6.1-lts
Changes in 6.1.84
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs
KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
KVM: x86: Use a switch statement and macros in __feature_translate()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
arm64: dts: qcom: sc7280: Add additional MSI interrupts
remoteproc: virtio: Fix wdg cannot recovery remote processor
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
pci_iounmap(): Fix MMIO mapping leak
media: xc4000: Fix atomicity violation in xc4000_get_frequency
media: mc: Add local pad to pipeline regardless of the link state
media: mc: Fix flags handling when creating pad links
media: mc: Add num_links flag to media_pad
media: mc: Rename pad variable to clarify intent
media: mc: Expand MUST_CONNECT flag to always require an enabled link
KVM: Always flush async #PF workqueue when vCPU is being destroyed
cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
powerpc/smp: Increase nr_cpu_ids to include the boot CPU
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: Clear zone limits for a non-zoned stacked queue
kasan/test: avoid gcc warning for intentional overflow
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
md/raid5: fix atomicity violation in raid5_cache_count
cpufreq: Limit resolving a frequency to policy min/max
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
usb: xhci: Add error handling in xhci_map_urb_for_dma
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
serial: Lock console when calling into driver before registration
btrfs: qgroup: always free reserved space for extent records
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
dm-raid: fix lockdep waring in "pers->hot_add_disk"
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
mac802154: fix llsec key resources release in mac802154_llsec_key_del
swap: comments get_swap_device() with usage rule
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
landlock: Warn once if a Landlock action is requested while disabled
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/AER: Block runtime suspend when handling errors
io_uring/net: correctly handle multishot recvmsg retry setup
sparc: Explicitly include correct DT includes
sparc32: Fix parport build with sparc32
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP version
PCI: qcom: Enable BDF to SID translation properly
PCI: dwc: endpoint: Fix advertised resizable BAR size
PCI: hv: Fix ring buffer size calculation
vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
vfio/pci: Remove negative check on unsigned vector
vfio/pci: Lock external INTx masking ops
vfio/platform: Disable virqfds on cleanup
ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/probe-helper: warn about negative .get_modes()
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
Revert "block/mq-deadline: use correct way to throttling write requests"
f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
f2fs: truncate page cache before clearing flags when aborting atomic write
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cifs: open_cached_dir(): add FILE_READ_EA to desired access
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
NFSD: Fix nfsd_clid_class use of __string_len() macro
net: hns3: tracing: fix hclgevf trace event strings
LoongArch: Change __my_cpu_offset definition to avoid mis-optimization
LoongArch: Define the __io_aw() hook as mmiowb()
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
x86/pm: Work around false positive kmemleak report in msr_build_context()
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
tls: fix race between tx work scheduling and socket close
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
init/Kconfig: lower GCC version check for -Warray-bounds
KVM: x86: Mark target gfn of emulated atomic instruction as dirty
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
tracing: Use .flush() call to wake up readers
drm/amdgpu/pm: Fix the error of pwm1_enable setting
drm/i915: Check before removing mm notifier
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
tee: optee: Fix kernel panic caused by incorrect error handling
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
iio: accel: adxl367: fix DEVID read after reset
iio: accel: adxl367: fix I2C FIFO data register
i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
drm/amd/display: handle range offsets in VRR ranges
x86/efistub: Call mixed mode boot services on the firmware's stack
net: tls: handle backlogging of crypto requests
ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
iommu: Avoid races around default domain allocations
clocksource/drivers/arm_global_timer: Fix maximum prescaler value
entry: Respect changes to system call number by trace_sys_enter()
minmax: add umin(a, b) and umax(a, b)
swiotlb: Fix alignment checks when both allocation and DMA masks are present
iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
printk: Update @console_may_schedule in console_trylock_spinning()
irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index
irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
efi: fix panic in kdump kernel
pwm: img: fix pwm clock lookup
tty: serial: imx: Fix broken RS485
block: Fix page refcounts for unaligned buffers in __bio_release_pages()
blk-mq: release scheduler resource when request completes
selftests: mptcp: diag: return KSFT_FAIL not test_cnt
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
x86/coco: Export cc_vendor
x86/coco: Get rid of accessor functions
x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
x86/sev: Fix position dependent variable references in startup code
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
x86/efistub: Add missing boot_params for mixed mode compat entry
efi/libstub: Cast away type warning in use of max()
btrfs: zoned: don't skip block groups with 100% zone unusable
btrfs: zoned: use zone aware sb location for scrub
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
wifi: iwlwifi: fw: don't always use FW dump trig
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
block: Do not force full zone append completion in req_bio_endio()
thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
nouveau/dmem: handle kcalloc() allocation failure
net: ll_temac: platform_get_resource replaced by wrong function
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
Revert "usb: phy: generic: Get the vbus supply"
usb: cdc-wdm: close race between read and workqueue
USB: UAS: return ENODEV when submit urbs fail with device not attached
usb: dwc3-am62: Rename private data
usb: dwc3-am62: fix module unload/reload behavior
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
USB: core: Fix deadlock in port "disable" sysfs attribute
scsi: sd: Fix TCG OPAL unlock on system resume
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: Fix exiting from clock gating
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: Return size of buffer if pd_set operation succeeds
usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi_acpi: Refactor and fix DELL quirk
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Prevent command send on chip reset
scsi: qla2xxx: Fix N2N stuck connection
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Update manufacturer detail
scsi: qla2xxx: NVME|FCP prefer flag not being honored
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Fix double free of fcport
scsi: qla2xxx: Change debug message during driver unload
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
tls: fix use-after-free on failed backlog decryption
scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
scsi: lpfc: Correct size for wqe for memset()
scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
scsi: libsas: Fix disk not being scanned in after being removed
x86/sev: Skip ROM range scans and validation for SEV-SNP guests
USB: core: Fix deadlock in usb_deauthorize_interface()
tools/resolve_btfids: fix build with musl libc
Linux 6.1.84
Change-Id: I2aa458588d512ce908a9b087cdc66b345cef83a9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
ff43d92a56 |
Merge 6.1.79 into android14-6.1-lts
Changes in 6.1.79 work around gcc bugs with 'asm goto' with outputs update workarounds for gcc "asm goto" issue btrfs: add and use helper to check if block group is used btrfs: do not delete unused block group if it may be used soon btrfs: forbid creating subvol qgroups btrfs: do not ASSERT() if the newly created subvolume already got read btrfs: forbid deleting live subvol qgroup btrfs: send: return EOPNOTSUPP on unknown flags btrfs: don't reserve space for checksums when writing to nocow files btrfs: reject encoded write if inode has nodatasum flag set btrfs: don't drop extent_map for free space inode on write error driver core: Fix device_link_flag_is_sync_state_only() of: unittest: Fix compile in the non-dynamic case KVM: selftests: Clear dirty ring states between two modes in dirty_log_test KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test wifi: iwlwifi: Fix some error codes wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() of: property: Improve finding the supplier of a remote-endpoint property net: openvswitch: limit the number of recursions from action sets lan966x: Fix crash when adding interface under a lag tls/sw: Use splice_eof() to flush tls: extract context alloc/initialization out of tls_set_sw_offload net: tls: factor out tls_*crypt_async_wait() tls: fix race between async notify and socket close net: tls: fix use-after-free with partial reads and async decrypt net: tls: fix returned read length with async decrypt spi: ppc4xx: Drop write-only variable ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() net: sysfs: Fix /sys/class/net/<iface> path for statistics nouveau/svm: fix kvcalloc() argument order MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler i40e: Do not allow untrusted VF to remove administratively set MAC i40e: Fix waiting for queues of all VSIs to be disabled scs: add CONFIG_MMU dependency for vfree_atomic() tracing/trigger: Fix to return error if failed to alloc snapshot mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again scsi: storvsc: Fix ring buffer size calculation dm-crypt, dm-verity: disable tasklets ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF parisc: Prevent hung tasks when printing inventory on serial console ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx HID: i2c-hid-of: fix NULL-deref on failed power up HID: wacom: generic: Avoid reporting a serial of '0' to userspace HID: wacom: Do not register input devices until after hid_hw_start iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP usb: ucsi: Add missing ppm_lock usb: ulpi: Fix debugfs directory leak usb: ucsi_acpi: Fix command completion handling USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT usb: f_mass_storage: forbid async queue when shutdown happen usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend interconnect: qcom: sc8180x: Mark CO0 BCM keepalive media: ir_toy: fix a memleak in irtoy_tx driver core: fw_devlink: Improve detection of overlapping cycles powerpc/kasan: Fix addr error caused by page alignment cifs: fix underflow in parse_server_interfaces() i2c: qcom-geni: Correct I2C TRE sequence irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() powerpc/kasan: Limit KASAN thread size increase to 32KB i2c: pasemi: split driver into two separate modules i2c: i801: Fix block process call transactions modpost: trim leading spaces when processing source files list mptcp: get rid of msk->subflow mptcp: fix data re-injection from stale subflow selftests: mptcp: add missing kconfig for NF Filter selftests: mptcp: add missing kconfig for NF Filter in v6 selftests: mptcp: add missing kconfig for NF Mangle selftests: mptcp: increase timeout to 30 min mptcp: drop the push_pending field mptcp: check addrs list in userspace_pm_get_local_id media: Revert "media: rkisp1: Drop IRQF_SHARED" scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Revert "drm/amd: flush any delayed gfxoff on suspend entry" drm/virtio: Set segment size for virtio_gpu device lsm: fix the logic in security_inode_getsecctx() firewire: core: correct documentation of fw_csr_string() kernel API ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads kbuild: Fix changing ELF file type for output of gen_btf for big endian nfc: nci: free rx_data_reassembly skb on NCI device cleanup net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() net: stmmac: do not clear TBS enable bit on link up/down xen-netback: properly sync TX responses modpost: propagate W=1 build option to modpost modpost: Don't let "driver"s reference .exit.* linux/init: remove __memexit* annotations modpost: Include '.text.*' in TEXT_SECTIONS um: Fix adding '-no-pie' for clang modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL ASoC: codecs: wcd938x: handle deferred probe ALSA: hda/cs8409: Suppress vmaster control for Dolphin models ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power binder: signal epoll threads of self-work misc: fastrpc: Mark all sessions as invalid in cb_remove ext4: fix double-free of blocks due to wrong extents moved_len ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() tracing: Fix wasted memory in saved_cmdlines logic staging: iio: ad5933: fix type mismatch regression iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC iio: core: fix memleak in iio_device_register_sysfs iio: commom: st_sensors: ensure proper DMA alignment iio: accel: bma400: Fix a compilation problem iio: adc: ad_sigma_delta: ensure proper DMA alignment iio: imu: adis: ensure proper DMA alignment iio: imu: bno055: serdev requires REGMAP media: rc: bpf attach/detach requires write permission ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails xfrm: Remove inner/outer modes from output path xfrm: Remove inner/outer modes from input path drm/msm: Wire up tlb ops drm/prime: Support page array >= 4GB drm/amd/display: Increase frame-larger-than for all display_mode_vba files drm/amd/display: Preserve original aspect ratio in create stream hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove ring-buffer: Clean ring_buffer_poll_wait() error return nfp: flower: fix hardware offload for the transfer layer port serial: max310x: set default value when reading clock ready bit serial: max310x: improve crystal stable clock detection serial: max310x: fail probe if clock crystal is unstable serial: max310x: prevent infinite while() loop in port startup powerpc/64: Set task pt_regs->link to the LR value on scv entry powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E powerpc/pseries: fix accuracy of stolen time x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 x86/fpu: Stop relying on userspace for info to fault in xsave buffer KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl x86/mm/ident_map: Use gbpages only where full GB page should be mapped. io_uring/net: fix multishot accept overflow handling mmc: slot-gpio: Allow non-sleeping GPIO ro ALSA: hda/realtek: fix mute/micmute LED For HP mt645 ALSA: hda/conexant: Add quirk for SWS JS201D nilfs2: fix data corruption in dsync block recovery for small block sizes nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked nfp: use correct macro for LengthSelect in BAR config nfp: flower: prevent re-adding mac index for bonded port wifi: cfg80211: fix wiphy delayed work queueing wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() irqchip/irq-brcmstb-l2: Add write memory barrier before exit irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update zonefs: Improve error handling mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 tools/rtla: Remove unused sched_getattr() function tools/rtla: Replace setting prio with nice for SCHED_OTHER tools/rtla: Exit with EXIT_SUCCESS when help is invoked tools/rtla: Fix uninitialized bucket/data->bucket_size warning tools/rtla: Fix Makefile compiler options for clang fs: relax mount_setattr() permission checks net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio s390/qeth: Fix potential loss of L3-IP@ in case of network issues net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed ceph: prevent use-after-free in encode_cap_msg() fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE of: property: fix typo in io-channels can: netlink: Fix TDCO calculation using the old data bittiming can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) pmdomain: core: Move the unused cleanup to a _sync initcall fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() tracing: Inform kmemleak of saved_cmdlines allocation xfrm: Use xfrm_state selector for BEET input xfrm: Silence warnings triggerable by bad packets tls: fix NULL deref on tls_sw_splice_eof() with empty record selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag md: bypass block throttle for superblock update ARM: dts: imx6q-apalis: add can power-up delay on ixora board wifi: mwifiex: Support SD8978 chipset wifi: mwifiex: add extra delay for firmware ready bus: moxtet: Add spi device table arm64: dts: qcom: msm8916: Enable blsp_dma by default arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely arm64: dts: qcom: sdm845: fix USB SS wakeup arm64: dts: qcom: sm8150: fix USB SS wakeup wifi: mwifiex: fix uninitialized firmware_stat crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init block: fix partial zone append completion handling in req_bio_endio() netfilter: ipset: fix performance regression in swap operation netfilter: ipset: Missing gc cancellations fixed parisc: Fix random data corruption from exception handler nfsd: fix RELEASE_LOCKOWNER nfsd: don't take fi_lock in nfsd_break_deleg_cb() hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context net: prevent mss overflow in skb_segment() bpf: Add struct for bin_args arg in bpf_bprintf_prepare bpf: Do cleanup in bpf_bprintf_cleanup only when needed bpf: Remove trace_printk_lock userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb dmaengine: ioat: Free up __cleanup() name apparmor: Free up __cleanup() name locking: Introduce __cleanup() based infrastructure kbuild: Drop -Wdeclaration-after-statement sched/membarrier: reduce the ability to hammer on sys_membarrier of: property: Add in-ports/out-ports support to of_graph_get_port_parent() nilfs2: fix potential bug in end_buffer_async_write nilfs2: replace WARN_ONs for invalid DAT metadata block requests dm: limit the number of targets and parameter size area arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata fs/ntfs3: Add null pointer checks mlxsw: spectrum_acl_tcam: Fix stack corruption Linux 6.1.79 Change-Id: I7051a7a0b0aae8ff6503314e4999e561e713769a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Steven Rostedt (Google)
|
2d5f12de4c |
ring-buffer: Only update pages_touched when a new page is touched
commit ffe3986fece696cf65e0ef99e74c75f848be8e30 upstream.
The "buffer_percent" logic that is used by the ring buffer splice code to
only wake up the tasks when there's no data after the buffer is filled to
the percentage of the "buffer_percent" file is dependent on three
variables that determine the amount of data that is in the ring buffer:
1) pages_read - incremented whenever a new sub-buffer is consumed
2) pages_lost - incremented every time a writer overwrites a sub-buffer
3) pages_touched - incremented when a write goes to a new sub-buffer
The percentage is the calculation of:
(pages_touched - (pages_lost + pages_read)) / nr_pages
Basically, the amount of data is the total number of sub-bufs that have been
touched, minus the number of sub-bufs lost and sub-bufs consumed. This is
divided by the total count to give the buffer percentage. When the
percentage is greater than the value in the "buffer_percent" file, it
wakes up splice readers waiting for that amount.
It was observed that over time, the amount read from the splice was
constantly decreasing the longer the trace was running. That is, if one
asked for 60%, it would read over 60% when it first starts tracing, but
then it would be woken up at under 60% and would slowly decrease the
amount of data read after being woken up, where the amount becomes much
less than the buffer percent.
This was due to an accounting of the pages_touched incrementation. This
value is incremented whenever a writer transfers to a new sub-buffer. But
the place where it was incremented was incorrect. If a writer overflowed
the current sub-buffer it would go to the next one. If it gets preempted
by an interrupt at that time, and the interrupt performs a trace, it too
will end up going to the next sub-buffer. But only one should increment
the counter. Unfortunately, that was not the case.
Change the cmpxchg() that does the real switch of the tail-page into a
try_cmpxchg(), and on success, perform the increment of pages_touched. This
will only increment the counter once for when the writer moves to a new
sub-buffer, and not when there's a race and is incremented for when a
writer and its preempting writer both move to the same new sub-buffer.
Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
linke li
|
1e9f5619d9 |
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
[ Upstream commit f1e30cb6369251c03f63c564006f96a54197dcc4 ] In function ring_buffer_iter_empty(), cpu_buffer->commit_page is read while other threads may change it. It may cause the time_stamp that read in the next line come from a different page. Use READ_ONCE() to avoid having to reason about compiler optimizations now and in future. Link: https://lore.kernel.org/linux-trace-kernel/tencent_DFF7D3561A0686B5E8FC079150A02505180A@qq.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: linke li <lilinke99@qq.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
b1cf18e5bd |
ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
[ Upstream commit 7af9ded0c2caac0a95f33df5cb04706b0f502588 ]
Convert ring_buffer_wait() over to wait_event_interruptible(). The default
condition is to execute the wait loop inside __wait_event() just once.
This does not change the ring_buffer_wait() prototype yet, but
restructures the code so that it can take a "cond" and "data" parameter
and will call wait_event_interruptible() with a helper function as the
condition.
The helper function (rb_wait_cond) takes the cond function and data
parameters. It will first check if the buffer hit the watermark defined by
the "full" parameter and then call the passed in condition parameter. If
either are true, it returns true.
If rb_wait_cond() does not return true, it will set the appropriate
"waiters_pending" flag and returns false.
Link: https://lore.kernel.org/linux-trace-kernel/CAHk-=wgsNgewHFxZAJiAQznwPMqEtQmi1waeS2O1v6L4c_Um5A@mail.gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20240312121703.399598519@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes:
|
||
|
Steven Rostedt (Google)
|
6e0f7e6fb1 |
ring-buffer: Fix full_waiters_pending in poll
[ Upstream commit 8145f1c35fa648da662078efab299c4467b85ad5 ]
If a reader of the ring buffer is doing a poll, and waiting for the ring
buffer to hit a specific watermark, there could be a case where it gets
into an infinite ping-pong loop.
The poll code has:
rbwork->full_waiters_pending = true;
if (!cpu_buffer->shortest_full ||
cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
The writer will see full_waiters_pending and check if the ring buffer is
filled over the percentage of the shortest_full value. If it is, it calls
an irq_work to wake up all the waiters.
But the code could get into a circular loop:
CPU 0 CPU 1
----- -----
[ Poll ]
[ shortest_full = 0 ]
rbwork->full_waiters_pending = true;
if (rbwork->full_waiters_pending &&
[ buffer percent ] > shortest_full) {
rbwork->wakeup_full = true;
[ queue_irqwork ]
cpu_buffer->shortest_full = full;
[ IRQ work ]
if (rbwork->wakeup_full) {
cpu_buffer->shortest_full = 0;
wakeup poll waiters;
[woken]
if ([ buffer percent ] > full)
break;
rbwork->full_waiters_pending = true;
if (rbwork->full_waiters_pending &&
[ buffer percent ] > shortest_full) {
rbwork->wakeup_full = true;
[ queue_irqwork ]
cpu_buffer->shortest_full = full;
[ IRQ work ]
if (rbwork->wakeup_full) {
cpu_buffer->shortest_full = 0;
wakeup poll waiters;
[woken]
[ Wash, rinse, repeat! ]
In the poll, the shortest_full needs to be set before the
full_pending_waiters, as once that is set, the writer will compare the
current shortest_full (which is incorrect) to decide to call the irq_work,
which will reset the shortest_full (expecting the readers to update it).
Also move the setting of full_waiters_pending after the check if the ring
buffer has the required percentage filled. There's no reason to tell the
writer to wake up waiters if there are no waiters.
Link: https://lore.kernel.org/linux-trace-kernel/20240312131952.630922155@goodmis.org
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
6c2f0e0550 |
ring-buffer: Fix resetting of shortest_full
[ Upstream commit 68282dd930ea38b068ce2c109d12405f40df3f93 ]
The "shortest_full" variable is used to keep track of the waiter that is
waiting for the smallest amount on the ring buffer before being woken up.
When a tasks waits on the ring buffer, it passes in a "full" value that is
a percentage. 0 means wake up on any data. 1-100 means wake up from 1% to
100% full buffer.
As all waiters are on the same wait queue, the wake up happens for the
waiter with the smallest percentage.
The problem is that the smallest_full on the cpu_buffer that stores the
smallest amount doesn't get reset when all the waiters are woken up. It
does get reset when the ring buffer is reset (echo > /sys/kernel/tracing/trace).
This means that tasks may be woken up more often then when they want to
be. Instead, have the shortest_full field get reset just before waking up
all the tasks. If the tasks wait again, they will update the shortest_full
before sleeping.
Also add locking around setting of shortest_full in the poll logic, and
change "work" to "rbwork" to match the variable name for rb_irq_work
structures that are used in other places.
Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.948914369@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes:
|
||
|
Steven Rostedt (Google)
|
1df7dcfb8a |
ring-buffer: Do not set shortest_full when full target is hit
[ Upstream commit 761d9473e27f0c8782895013a3e7b52a37c8bcfc ]
The rb_watermark_hit() checks if the amount of data in the ring buffer is
above the percentage level passed in by the "full" variable. If it is, it
returns true.
But it also sets the "shortest_full" field of the cpu_buffer that informs
writers that it needs to call the irq_work if the amount of data on the
ring buffer is above the requested amount.
The rb_watermark_hit() always sets the shortest_full even if the amount in
the ring buffer is what it wants. As it is not going to wait, because it
has what it wants, there's no reason to set shortest_full.
Link: https://lore.kernel.org/linux-trace-kernel/20240312115641.6aa8ba08@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
6615ef6e31 |
ring-buffer: Fix waking up ring buffer readers
[ Upstream commit b3594573681b53316ec0365332681a30463edfd6 ]
A task can wait on a ring buffer for when it fills up to a specific
watermark. The writer will check the minimum watermark that waiters are
waiting for and if the ring buffer is past that, it will wake up all the
waiters.
The waiters are in a wait loop, and will first check if a signal is
pending and then check if the ring buffer is at the desired level where it
should break out of the loop.
If a file that uses a ring buffer closes, and there's threads waiting on
the ring buffer, it needs to wake up those threads. To do this, a
"wait_index" was used.
Before entering the wait loop, the waiter will read the wait_index. On
wakeup, it will check if the wait_index is different than when it entered
the loop, and will exit the loop if it is. The waker will only need to
update the wait_index before waking up the waiters.
This had a couple of bugs. One trivial one and one broken by design.
The trivial bug was that the waiter checked the wait_index after the
schedule() call. It had to be checked between the prepare_to_wait() and
the schedule() which it was not.
The main bug is that the first check to set the default wait_index will
always be outside the prepare_to_wait() and the schedule(). That's because
the ring_buffer_wait() doesn't have enough context to know if it should
break out of the loop.
The loop itself is not needed, because all the callers to the
ring_buffer_wait() also has their own loop, as the callers have a better
sense of what the context is to decide whether to break out of the loop
or not.
Just have the ring_buffer_wait() block once, and if it gets woken up, exit
the function and let the callers decide what to do next.
Link: https://lore.kernel.org/all/CAHk-=whs5MdtNjzFkTyaUy=vHi=qwWgPi0JgTe6OYUYMNSRZfg@mail.gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.792933613@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes:
|
||
|
Vincent Donnefort
|
ef3d50e884 |
ring-buffer: Clean ring_buffer_poll_wait() error return
commit 66bbea9ed6446b8471d365a22734dc00556c4785 upstream.
The return type for ring_buffer_poll_wait() is __poll_t. This is behind
the scenes an unsigned where we can set event bits. In case of a
non-allocated CPU, we do return instead -EINVAL (0xffffffea). Lucky us,
this ends up setting few error bits (EPOLLERR | EPOLLHUP | EPOLLNVAL), so
user-space at least is aware something went wrong.
Nonetheless, this is an incorrect code. Replace that -EINVAL with a
proper EPOLLERR to clean that output. As this doesn't change the
behaviour, there's no need to treat this change as a bug fix.
Link: https://lore.kernel.org/linux-trace-kernel/20240131140955.3322792-1-vdonnefort@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
48159eff53 |
Merge 6.1.74 into android14-6.1-lts
Changes in 6.1.74 f2fs: explicitly null-terminate the xattr list pinctrl: lochnagar: Don't build on MIPS ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro mptcp: fix uninit-value in mptcp_incoming_options wifi: cfg80211: lock wiphy mutex for rfkill poll wifi: avoid offset calculation on NULL pointer wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap debugfs: fix automount d_fsdata usage ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format nvme-core: fix a memory leak in nvme_ns_info_from_identify() drm/amd/display: update dcn315 lpddr pstate latency drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer smb: client, common: fix fortify warnings blk-mq: don't count completed flush data request as inflight in case of quiesce nvme-core: check for too small lba shift hwtracing: hisi_ptt: Handle the interrupt in hardirq context hwtracing: hisi_ptt: Don't try to attach a task ASoC: wm8974: Correct boost mixer inputs arm64: dts: rockchip: fix rk356x pcie msg interrupt name ASoC: Intel: Skylake: Fix mem leak in few functions ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: mem leak in skl register function ASoC: cs43130: Fix the position of const qualifier ASoC: cs43130: Fix incorrect frame delay configuration ASoC: rt5650: add mutex to avoid the jack detection failure ASoC: Intel: skl_hda_dsp_generic: Drop HDMI routes when HDMI is not available nouveau/tu102: flush all pdbs on vmm flush ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 ASoC: hdac_hda: Conditionally register dais for HDMI and Analog net/tg3: fix race condition in tg3_reset_task() ASoC: da7219: Support low DC impedance headset ASoC: ops: add correct range check for limiting volume nvme: introduce helper function to get ctrl state nvme: prevent potential spectre v1 gadget arm64: dts: rockchip: Fix PCI node addresses on rk3399-gru drm/amdgpu: Add NULL checks for function pointers drm/exynos: fix a potential error pointer dereference drm/exynos: fix a wrong error checking hwmon: (corsair-psu) Fix probe when built-in LoongArch: Preserve syscall nr across execve() clk: rockchip: rk3568: Add PLL rate for 292.5MHz clk: rockchip: rk3128: Fix HCLK_OTG gate register jbd2: correct the printing of write_flags in jbd2_write_superblock() jbd2: increase the journal IO's priority drm/crtc: Fix uninit-value bug in drm_mode_setcrtc neighbour: Don't let neigh_forced_gc() disable preemption for long platform/x86: intel-vbtn: Fix missing tablet-mode-switch events jbd2: fix soft lockup in journal_finish_inode_data_buffers() tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing tracing: Add size check when printing trace_marker output stmmac: dwmac-loongson: drop useless check for compatible fallback MIPS: dts: loongson: drop incorrect dwmac fallback compatible tracing: Fix uaf issue when open the hist or hist_debug file ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1 reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning Input: atkbd - skip ATKBD_CMD_GETID in translated mode Input: i8042 - add nomux quirk for Acer P459-G2-M s390/scm: fix virtual vs physical address confusion ARC: fix spare error wifi: iwlwifi: pcie: avoid a NULL pointer dereference Input: xpad - add Razer Wolverine V2 support kselftest: alsa: fixed a print formatting warning HID: nintendo: fix initializer element is not constant error platform/x86: thinkpad_acpi: fix for incorrect fan reporting on some ThinkPad systems ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 ASoC: Intel: bytcr_rt5640: Add new swapped-speakers quirk ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models dm audit: fix Kconfig so DM_AUDIT depends on BLK_DEV_DM HID: nintendo: Prevent divide-by-zero on code smb: client: fix potential OOB in smb2_dump_detail() i2c: rk3x: fix potential spinlock recursion on poll drm/amd/display: get dprefclk ss info from integration info table pinctrl: cy8c95x0: Fix typo pinctrl: cy8c95x0: Fix get_pincfg ida: Fix crash in ida_free when the bitmap is empty virtio_blk: fix snprintf truncation compiler warning net: qrtr: ns: Return 0 if server port is not present ARM: sun9i: smp: fix return code check of of_property_match_string drm/crtc: fix uninitialized variable use ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx ACPI: resource: Add another DMI match for the TongFang GMxXGxx ASoC: SOF: Intel: hda-codec: Delay the codec device registration btf, scripts: Exclude Rust CUs with pahole bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 ksmbd: don't allow O_TRUNC open on read-only share ksmbd: free ppace array on error in parse_dacl Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" binder: use EPOLLERR from eventpoll.h binder: fix use-after-free in shinker's callback binder: fix trivial typo of binder_free_buf_locked() binder: fix comment on binder_alloc_new_buf() return value uio: Fix use-after-free in uio_open parport: parport_serial: Add Brainboxes BAR details parport: parport_serial: Add Brainboxes device IDs and geometry leds: ledtrig-tty: Free allocated ttyname buffer on deactivate PCI: Add ACS quirk for more Zhaoxin Root Ports coresight: etm4x: Fix width of CCITMIN field scripts/decode_stacktrace.sh: optionally use LLVM utilities Linux 6.1.74 Change-Id: Icd69871d2272d5c26e253cfe54d2a8b637e616b5 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Steven Rostedt (Google)
|
b0407f68d9 |
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
[ Upstream commit 712292308af2265cd9b126aedfa987f10f452a33 ] As the ring buffer recording requires cmpxchg() to work, if the architecture does not support cmpxchg in NMI, then do not do any recording within an NMI. Link: https://lore.kernel.org/linux-trace-kernel/20231213175403.6fc18540@gandalf.local.home Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
e1b12db2de |
Merge 6.1.72 into android14-6.1-lts
Changes in 6.1.72
keys, dns: Fix missing size check of V1 server-list header
block: Don't invalidate pagecache for invalid falloc modes
ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook
ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6
mptcp: prevent tcp diag from closing listener subflows
Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE
cifs: cifs_chan_is_iface_active should be called with chan_lock held
cifs: do not depend on release_iface for maintaining iface_list
KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL
wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer
netfilter: use skb_ip_totlen and iph_totlen
netfilter: nf_tables: set transport offset from mac header for netdev/egress
nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local
octeontx2-af: Fix marking couple of structure as __packed
drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern
ice: Fix link_down_on_close message
ice: Shut down VSI with "link-down-on-close" enabled
i40e: Fix filter input checks to prevent config with invalid values
igc: Report VLAN EtherType matching back to user
igc: Check VLAN TCI mask
igc: Check VLAN EtherType mask
ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset
mlxbf_gige: fix receive packet race condition
net: sched: em_text: fix possible memory leak in em_text_destroy()
r8169: Fix PCI error on system resume
can: raw: add support for SO_MARK
net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps
net: annotate data-races around sk->sk_tsflags
net: annotate data-races around sk->sk_bind_phc
net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)
selftests: bonding: do not set port down when adding to bond
ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init
sfc: fix a double-free bug in efx_probe_filters
net: bcmgenet: Fix FCS generation for fragmented skbuffs
netfilter: nft_immediate: drop chain reference counter on error
net: Save and restore msg_namelen in sock_sendmsg
i40e: fix use-after-free in i40e_aqc_add_filters()
ASoC: meson: g12a-toacodec: Validate written enum values
ASoC: meson: g12a-tohdmitx: Validate written enum values
ASoC: meson: g12a-toacodec: Fix event generation
ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
i40e: Restore VF MSI-X state during PCI reset
igc: Fix hicredit calculation
net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
net/smc: fix invalid link access in dumping SMC-R connections
octeontx2-af: Always configure NIX TX link credits based on max frame size
octeontx2-af: Re-enable MAC TX in otx2_stop processing
asix: Add check for usbnet_get_endpoints
net: ravb: Wait for operating mode to be applied
bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
net: Implement missing SO_TIMESTAMPING_NEW cmsg support
selftests: secretmem: floor the memory size to the multiple of page_size
cpu/SMT: Create topology_smt_thread_allowed()
cpu/SMT: Make SMT control more robust against enumeration failures
srcu: Fix callbacks acceleration mishandling
bpf, x64: Fix tailcall infinite loop
bpf, x86: Simplify the parsing logic of structure parameters
bpf, x86: save/restore regs with BPF_DW size
net: Declare MSG_SPLICE_PAGES internal sendmsg() flag
udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES
splice, net: Add a splice_eof op to file-ops and socket-ops
ipv4, ipv6: Use splice_eof() to flush
udp: introduce udp->udp_flags
udp: move udp->no_check6_tx to udp->udp_flags
udp: move udp->no_check6_rx to udp->udp_flags
udp: move udp->gro_enabled to udp->udp_flags
udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags
udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO
udp: annotate data-races around udp->encap_type
wifi: iwlwifi: yoyo: swap cdb and jacket bits values
arm64: dts: qcom: sdm845: align RPMh regulator nodes with bindings
arm64: dts: qcom: sdm845: Fix PSCI power domain names
fbdev: imsttfb: Release framebuffer and dealloc cmap on error path
fbdev: imsttfb: fix double free in probe()
bpf: decouple prune and jump points
bpf: remove unnecessary prune and jump points
bpf: Remove unused insn_cnt argument from visit_[func_call_]insn()
bpf: clean up visit_insn()'s instruction processing
bpf: Support new 32bit offset jmp instruction
bpf: handle ldimm64 properly in check_cfg()
bpf: fix precision backtracking instruction iteration
blk-mq: make sure active queue usage is held for bio_integrity_prep()
net/mlx5: Increase size of irq name buffer
s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
s390/cpumf: support user space events for counting
f2fs: clean up i_compress_flag and i_compress_level usage
f2fs: convert to use bitmap API
f2fs: assign default compression level
f2fs: set the default compress_level on ioctl
selftests: mptcp: fix fastclose with csum failure
selftests: mptcp: set FAILING_LINKS in run_tests
media: camss: sm8250: Virtual channels for CSID
media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
ext4: convert move_extent_per_page() to use folios
khugepage: replace try_to_release_page() with filemap_release_folio()
memory-failure: convert truncate_error_page() to use folio
mm: merge folio_has_private()/filemap_release_folio() call pairs
mm, netfs, fscache: stop read optimisation when folio removed from pagecache
filemap: add a per-mapping stable writes flag
block: update the stable_writes flag in bdev_add
smb: client: fix missing mode bits for SMB symlinks
net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
dpaa2-eth: recycle the RX buffer only after all processing done
ethtool: don't propagate EOPNOTSUPP from dumps
bpf, sockmap: af_unix stream sockets need to hold ref for pair sock
firmware: arm_scmi: Fix frequency truncation by promoting multiplier type
ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7
genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks
genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks
genirq/affinity: Don't pass irq_affinity_desc array to irq_build_affinity_masks
genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly
genirq/affinity: Move group_cpus_evenly() into lib/
lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly
mm/memory_hotplug: add missing mem_hotplug_lock
mm/memory_hotplug: fix error handling in add_memory_resource()
net: sched: call tcf_ct_params_free to free params in tcf_ct_init
netfilter: flowtable: allow unidirectional rules
netfilter: flowtable: cache info of last offload
net/sched: act_ct: offload UDP NEW connections
net/sched: act_ct: Fix promotion of offloaded unreplied tuple
netfilter: flowtable: GC pushes back packets to classic path
net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table
octeontx2-af: Fix pause frame configuration
octeontx2-af: Support variable number of lmacs
btrfs: fix qgroup_free_reserved_data int overflow
btrfs: mark the len field in struct btrfs_ordered_sum as unsigned
ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards
x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect
i2c: core: Fix atomic xfer check for non-preempt config
mm: fix unmap_mapping_range high bits shift bug
drm/amdgpu: skip gpu_info fw loading on navi12
drm/amd/display: add nv12 bounding box
mmc: meson-mx-sdhc: Fix initialization frozen issue
mmc: rpmb: fixes pause retune on all RPMB partitions.
mmc: core: Cancel delayed work before releasing host
mmc: sdhci-sprd: Fix eMMC init failure after hw reset
genirq/affinity: Only build SMP-only helper functions on SMP kernels
f2fs: compress: fix to assign compress_level for lz4 correctly
net/sched: act_ct: additional checks for outdated flows
net/sched: act_ct: Always fill offloading tuple iifidx
bpf: Fix a verifier bug due to incorrect branch offset comparison with cpu=v4
bpf: syzkaller found null ptr deref in unix_bpf proto add
media: qcom: camss: Comment CSID dt_id field
smb3: Replace smb2pdu 1-element arrays with flex-arrays
Revert "interconnect: qcom: sm8250: Enable sync_state"
Linux 6.1.72
Change-Id: Id00eb2ae1159d4d5fa0ef914e672c5669cbf5b0a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
8eac30b25e |
Merge 6.1.71 into android14-6.1-lts
Changes in 6.1.71 ksmbd: replace one-element arrays with flexible-array members ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share ksmbd: use F_SETLK when unlocking a file ksmbd: Fix resource leak in smb2_lock() ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs ksmbd: Implements sess->rpc_handle_list as xarray ksmbd: fix typo, syncronous->synchronous ksmbd: Remove duplicated codes ksmbd: update Kconfig to note Kerberos support and fix indentation ksmbd: Fix spelling mistake "excceed" -> "exceeded" ksmbd: Fix parameter name and comment mismatch ksmbd: remove unused is_char_allowed function ksmbd: delete asynchronous work from list ksmbd: set NegotiateContextCount once instead of every inc ksmbd: avoid duplicate negotiate ctx offset increments ksmbd: remove unused compression negotiate ctx packing fs: introduce lock_rename_child() helper ksmbd: fix racy issue from using ->d_parent and ->d_name ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() ksmbd: fix uninitialized pointer read in smb2_create_link() ksmbd: call putname after using the last component ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() ksmbd: add mnt_want_write to ksmbd vfs functions ksmbd: remove unused ksmbd_tree_conn_share function ksmbd: use kzalloc() instead of __GFP_ZERO ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void ksmbd: use kvzalloc instead of kvmalloc ksmbd: Replace the ternary conditional operator with min() ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() ksmbd: Replace one-element array with flexible-array member ksmbd: Fix unsigned expression compared with zero ksmbd: check if a mount point is crossed during path lookup ksmbd: switch to use kmemdup_nul() helper ksmbd: add support for read compound ksmbd: fix wrong interim response on compound ksmbd: fix `force create mode' and `force directory mode' ksmbd: Fix one kernel-doc comment ksmbd: add missing calling smb2_set_err_rsp() on error ksmbd: remove experimental warning ksmbd: remove unneeded mark_inode_dirty in set_info_sec() ksmbd: fix passing freed memory 'aux_payload_buf' ksmbd: return invalid parameter error response if smb2 request is invalid ksmbd: check iov vector index in ksmbd_conn_write() ksmbd: fix race condition with fp ksmbd: fix race condition from parallel smb2 logoff requests ksmbd: fix race condition from parallel smb2 lock requests ksmbd: fix race condition between tree conn lookup and disconnect ksmbd: fix wrong error response status by using set_smb2_rsp_status() ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() ksmbd: fix potential double free on smb2_read_pipe() error path ksmbd: Remove unused field in ksmbd_user struct ksmbd: reorganize ksmbd_iov_pin_rsp() ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() ksmbd: fix recursive locking in vfs helpers ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() ksmbd: add support for surrogate pair conversion ksmbd: no need to wait for binded connection termination at logoff ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() ksmbd: prevent memory leak on error return ksmbd: fix possible deadlock in smb2_open ksmbd: separately allocate ci per dentry ksmbd: move oplock handling after unlock parent dir ksmbd: release interim response after sending status pending response ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error ksmbd: set epoch in create context v2 lease ksmbd: set v2 lease capability ksmbd: downgrade RWH lease caching state to RH for directory ksmbd: send v2 lease break notification for directory ksmbd: lazy v2 lease break on smb2_write() ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() ksmbd: fix wrong allocation size update in smb2_open() ARM: dts: Fix occasional boot hang for am3 usb usb: fotg210-hcd: delete an incorrect bounds test spi: Introduce spi_get_device_match_data() helper iio: imu: adis16475: add spi_device_id table nfsd: separate nfsd_last_thread() from nfsd_put() nfsd: call nfsd_last_thread() before final nfsd_put() linux/export: Ensure natural alignment of kcrctab array spi: Reintroduce spi_set_cs_timing() spi: Add APIs in spi core to set/get spi->chip_select and spi->cs_gpiod spi: atmel: Fix clock issue when using devices with different polarities block: renumber QUEUE_FLAG_HW_WC ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe mm/filemap: avoid buffered read/write race to read inconsistent data mm: migrate high-order folios in swap cache correctly mm/memory-failure: cast index to loff_t before shifting it mm/memory-failure: check the mapcount of the precise page ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() netfilter: nf_tables: skip set commit for deleted/destroyed sets ring-buffer: Fix slowpath of interrupted event NFSD: fix possible oops when nfsd/pool_stats is closed. spi: Constify spi parameters of chip select APIs device property: Allow const parameter to dev_fwnode() kallsyms: Make module_kallsyms_on_each_symbol generally available tracing/kprobes: Fix symbol counting logic by looking at modules as well Revert "platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe" Linux 6.1.71 Change-Id: I7bc16d981b90e8e0b633628438f79fce898ad15a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d3d46ac25c |
Merge 6.1.69 into android14-6.1-lts
Changes in 6.1.69 perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table r8152: add USB device driver for config selection r8152: add vendor/device ID pair for D-Link DUB-E250 r8152: add vendor/device ID pair for ASUS USB-C2500 powerpc/ftrace: Fix stack teardown in ftrace_no_trace ext4: fix warning in ext4_dio_write_end_io() ksmbd: fix memory leak in smb2_lock() afs: Fix refcount underflow from error handling race HID: lenovo: Restrict detection of patched firmware only to USB cptkbd net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX qca_debug: Prevent crash on TX ring changes qca_debug: Fix ethtool -G iface tx behavior qca_spi: Fix reset behavior bnxt_en: Clear resource reservation during resume bnxt_en: Save ring error counters across reset bnxt_en: Fix wrong return value check in bnxt_close_nic() bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic atm: solos-pci: Fix potential deadlock on &cli_queue_lock atm: solos-pci: Fix potential deadlock on &tx_queue_lock net: vlan: introduce skb_vlan_eth_hdr() net: fec: correct queue selection octeontx2-af: fix a use-after-free in rvu_nix_register_reporters octeontx2-pf: Fix promisc mcam entry action octeontx2-af: Update RSS algorithm index atm: Fix Use-After-Free in do_vcc_ioctl net/rose: Fix Use-After-Free in rose_ioctl iavf: Introduce new state machines for flow director iavf: Handle ntuple on/off based on new state machines for flow director qed: Fix a potential use-after-free in qed_cxt_tables_alloc net: Remove acked SYN flag from packet in the transmit queue correctly net: ena: Destroy correct number of xdp queues upon failure net: ena: Fix xdp drops handling due to multibuf packets net: ena: Fix XDP redirection error stmmac: dwmac-loongson: Make sure MDIO is initialized before use sign-file: Fix incorrect return values check vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() dpaa2-switch: fix size of the dma_unmap dpaa2-switch: do not ask for MDB, VLAN and FDB replay net: stmmac: Handle disabled MDIO busses from devicetree appletalk: Fix Use-After-Free in atalk_ioctl net: atlantic: fix double free in ring reinit logic cred: switch to using atomic_long_t fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants ALSA: hda/realtek: Apply mute LED quirk for HP15-db Revert "PCI: acpiphp: Reassign resources on bridge if necessary" PCI: loongson: Limit MRRS to 256 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE drm/mediatek: Add spinlock for setting vblank event in atomic_begin x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM usb: aqc111: check packet for fixup for true limit stmmac: dwmac-loongson: Add architecture dependency blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" blk-cgroup: bypass blkcg_deactivate_policy after destroying bcache: avoid oversize memory allocation by small stripe_size bcache: remove redundant assignment to variable cur_idx bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid NULL checking to c->root in run_cache_set() nbd: fold nbd config initialization into nbd_alloc_config() nvme-auth: set explanation code for failure2 msgs nvme: catch errors from nvme_configure_metadata() selftests/bpf: fix bpf_loop_bench for new callback verification scheme LoongArch: Add dependency between vmlinuz.efi and vmlinux.efi LoongArch: Implement constant timer shutdown interface platform/x86: intel_telemetry: Fix kernel doc descriptions HID: glorious: fix Glorious Model I HID report HID: add ALWAYS_POLL quirk for Apple kb nbd: pass nbd_sock to nbd_read_reply() instead of index HID: hid-asus: reset the backlight brightness level on resume HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation net: usb: qmi_wwan: claim interface 4 for ZTE MF290 arm64: add dependency between vmlinuz.efi and Image HID: hid-asus: add const to read-only outgoing usb buffer perf: Fix perf_event_validate_size() lockdep splat btrfs: do not allow non subvolume root targets for snapshot soundwire: stream: fix NULL pointer dereference for multi_link ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify team: Fix use-after-free when an option instance allocation fails drm/amdgpu/sdma5.2: add begin/end_use ring callbacks dmaengine: stm32-dma: avoid bitfield overflow assertion mm/mglru: fix underprotected page cache mm/shmem: fix race in shmem_undo_range w/THP btrfs: free qgroup reserve when ORDERED_IOERR is set btrfs: don't clear qgroup reserved bit in release_folio drm/amdgpu: fix tear down order in amdgpu_vm_pt_free drm/amd/display: Disable PSR-SU on Parade 0803 TCON again drm/i915: Fix remapped stride with CCS on ADL+ smb: client: fix OOB in receive_encrypted_standard() smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in smb2_query_reparse_point() ring-buffer: Fix memory leak of free page tracing: Update snapshot buffer on resize if it is allocated ring-buffer: Do not update before stamp when switching sub-buffers ring-buffer: Have saved event hold the entire event ring-buffer: Fix writing to the buffer with max_data_size ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs ring-buffer: Do not try to put back write_stamp ring-buffer: Have rb_time_cmpxchg() set the msb counter too net: tls, update curr on splice as well r8152: avoid to change cfg for all devices r8152: remove rtl_vendor_mode function r8152: fix the autosuspend doesn't work Linux 6.1.69 Change-Id: I695d1d50ca8c00ff505505918bdc59ce9d29d479 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mathieu Desnoyers
|
09a44d994b |
ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
[ Upstream commit dec890089bf79a4954b61482715ee2d084364856 ]
The following race can cause rb_time_read() to observe a corrupted time
stamp:
rb_time_cmpxchg()
[...]
if (!rb_time_read_cmpxchg(&t->msb, msb, msb2))
return false;
if (!rb_time_read_cmpxchg(&t->top, top, top2))
return false;
<interrupted before updating bottom>
__rb_time_read()
[...]
do {
c = local_read(&t->cnt);
top = local_read(&t->top);
bottom = local_read(&t->bottom);
msb = local_read(&t->msb);
} while (c != local_read(&t->cnt));
*cnt = rb_time_cnt(top);
/* If top and msb counts don't match, this interrupted a write */
if (*cnt != rb_time_cnt(msb))
return false;
^ this check fails to catch that "bottom" is still not updated.
So the old "bottom" value is returned, which is wrong.
Fix this by checking that all three of msb, top, and bottom 2-bit cnt
values match.
The reason to favor checking all three fields over requiring a specific
update order for both rb_time_set() and rb_time_cmpxchg() is because
checking all three fields is more robust to handle partial failures of
rb_time_cmpxchg() when interrupted by nested rb_time_set().
Link: https://lore.kernel.org/lkml/20231211201324.652870-1-mathieu.desnoyers@efficios.com/
Link: https://lore.kernel.org/linux-trace-kernel/20231212193049.680122-1-mathieu.desnoyers@efficios.com
Fixes: f458a1453424e ("ring-buffer: Test last update in 32bit version of __rb_time_read()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Steven Rostedt (Google)
|
899ac41804 |
ring-buffer: Fix slowpath of interrupted event
commit b803d7c664d55705831729d2f2e29c874bcd62ea upstream.
To synchronize the timestamps with the ring buffer reservation, there are
two timestamps that are saved in the buffer meta data.
1. before_stamp
2. write_stamp
When the two are equal, the write_stamp is considered valid, as in, it may
be used to calculate the delta of the next event as the write_stamp is the
timestamp of the previous reserved event on the buffer.
This is done by the following:
/*A*/ w = current position on the ring buffer
before = before_stamp
after = write_stamp
ts = read current timestamp
if (before != after) {
write_stamp is not valid, force adding an absolute
timestamp.
}
/*B*/ before_stamp = ts
/*C*/ write = local_add_return(event length, position on ring buffer)
if (w == write - event length) {
/* Nothing interrupted between A and C */
/*E*/ write_stamp = ts;
delta = ts - after
/*
* If nothing interrupted again,
* before_stamp == write_stamp and write_stamp
* can be used to calculate the delta for
* events that come in after this one.
*/
} else {
/*
* The slow path!
* Was interrupted between A and C.
*/
This is the place that there's a bug. We currently have:
after = write_stamp
ts = read current timestamp
/*F*/ if (write == current position on the ring buffer &&
after < ts && cmpxchg(write_stamp, after, ts)) {
delta = ts - after;
} else {
delta = 0;
}
The assumption is that if the current position on the ring buffer hasn't
moved between C and F, then it also was not interrupted, and that the last
event written has a timestamp that matches the write_stamp. That is the
write_stamp is valid.
But this may not be the case:
If a task context event was interrupted by softirq between B and C.
And the softirq wrote an event that got interrupted by a hard irq between
C and E.
and the hard irq wrote an event (does not need to be interrupted)
We have:
/*B*/ before_stamp = ts of normal context
---> interrupted by softirq
/*B*/ before_stamp = ts of softirq context
---> interrupted by hardirq
/*B*/ before_stamp = ts of hard irq context
/*E*/ write_stamp = ts of hard irq context
/* matches and write_stamp valid */
<----
/*E*/ write_stamp = ts of softirq context
/* No longer matches before_stamp, write_stamp is not valid! */
<---
w != write - length, go to slow path
// Right now the order of events in the ring buffer is:
//
// |-- softirq event --|-- hard irq event --|-- normal context event --|
//
after = write_stamp (this is the ts of softirq)
ts = read current timestamp
if (write == current position on the ring buffer [true] &&
after < ts [true] && cmpxchg(write_stamp, after, ts) [true]) {
delta = ts - after [Wrong!]
The delta is to be between the hard irq event and the normal context
event, but the above logic made the delta between the softirq event and
the normal context event, where the hard irq event is between the two. This
will shift all the remaining event timestamps on the sub-buffer
incorrectly.
The write_stamp is only valid if it matches the before_stamp. The cmpxchg
does nothing to help this.
Instead, the following logic can be done to fix this:
before = before_stamp
ts = read current timestamp
before_stamp = ts
after = write_stamp
if (write == current position on the ring buffer &&
after == before && after < ts) {
delta = ts - after
} else {
delta = 0;
}
The above will only use the write_stamp if it still matches before_stamp
and was tested to not have changed since C.
As a bonus, with this logic we do not need any 64-bit cmpxchg() at all!
This means the 32-bit rb_time_t workaround can finally be removed. But
that's for a later time.
Link: https://lore.kernel.org/linux-trace-kernel/20231218175229.58ec3daf@gandalf.local.home/
Link: https://lore.kernel.org/linux-trace-kernel/20231218230712.3a76b081@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Fixes: dd93942570789 ("ring-buffer: Do not try to put back write_stamp")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Steven Rostedt (Google)
|
4768430d5a |
ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()
commit 083e9f65bd215582bf8f6a920db729fadf16704f upstream. When filtering is enabled, a temporary buffer is created to place the content of the trace event output so that the filter logic can decide from the trace event output if the trace event should be filtered out or not. If it is to be filtered out, the content in the temporary buffer is simply discarded, otherwise it is written into the trace buffer. But if an interrupt were to come in while a previous event was using that temporary buffer, the event written by the interrupt would actually go into the ring buffer itself to prevent corrupting the data on the temporary buffer. If the event is to be filtered out, the event in the ring buffer is discarded, or if it fails to discard because another event were to have already come in, it is turned into padding. The update to the write_stamp in the rb_try_to_discard() happens after a fix was made to force the next event after the discard to use an absolute timestamp by setting the before_stamp to zero so it does not match the write_stamp (which causes an event to use the absolute timestamp). But there's an effort in rb_try_to_discard() to put back the write_stamp to what it was before the event was added. But this is useless and wasteful because nothing is going to be using that write_stamp for calculations as it still will not match the before_stamp. Remove this useless update, and in doing so, we remove another cmpxchg64()! Also update the comments to reflect this change as well as remove some extra white space in another comment. Link: https://lore.kernel.org/linux-trace-kernel/20231215081810.1f4f38fe@rorschach.local.home Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Joel Fernandes <joel@joelfernandes.org> Cc: Vincent Donnefort <vdonnefort@google.com> Fixes: b2dd797543cf ("ring-buffer: Force absolute timestamp on discard of event") Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Steven Rostedt (Google)
|
f33c4e4cab |
tracing: Fix blocked reader of snapshot buffer
commit 39a7dc23a1ed0fe81141792a09449d124c5953bd upstream.
If an application blocks on the snapshot or snapshot_raw files, expecting
to be woken up when a snapshot occurs, it will not happen. Or it may
happen with an unexpected result.
That result is that the application will be reading the main buffer
instead of the snapshot buffer. That is because when the snapshot occurs,
the main and snapshot buffers are swapped. But the reader has a descriptor
still pointing to the buffer that it originally connected to.
This is fine for the main buffer readers, as they may be blocked waiting
for a watermark to be hit, and when a snapshot occurs, the data that the
main readers want is now on the snapshot buffer.
But for waiters of the snapshot buffer, they are waiting for an event to
occur that will trigger the snapshot and they can then consume it quickly
to save the snapshot before the next snapshot occurs. But to do this, they
need to read the new snapshot buffer, not the old one that is now
receiving new data.
Also, it does not make sense to have a watermark "buffer_percent" on the
snapshot buffer, as the snapshot buffer is static and does not receive new
data except all at once.
Link: https://lore.kernel.org/linux-trace-kernel/20231228095149.77f5b45d@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
09640899e6 |
ring-buffer: Fix wake ups when buffer_percent is set to 100
commit 623b1f896fa8a669a277ee5a258307a16c7377a3 upstream.
The tracefs file "buffer_percent" is to allow user space to set a
water-mark on how much of the tracing ring buffer needs to be filled in
order to wake up a blocked reader.
0 - is to wait until any data is in the buffer
1 - is to wait for 1% of the sub buffers to be filled
50 - would be half of the sub buffers are filled with data
100 - is not to wake the waiter until the ring buffer is completely full
Unfortunately the test for being full was:
dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
return (dirty * 100) > (full * nr_pages);
Where "full" is the value for "buffer_percent".
There is two issues with the above when full == 100.
1. dirty * 100 > 100 * nr_pages will never be true
That is, the above is basically saying that if the user sets
buffer_percent to 100, more pages need to be dirty than exist in the
ring buffer!
2. The page that the writer is on is never considered dirty, as dirty
pages are only those that are full. When the writer goes to a new
sub-buffer, it clears the contents of that sub-buffer.
That is, even if the check was ">=" it would still not be equal as the
most pages that can be considered "dirty" is nr_pages - 1.
To fix this, add one to dirty and use ">=" in the compare.
Link: https://lore.kernel.org/linux-trace-kernel/20231226125902.4a057f1d@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes:
|
||
|
Greg Kroah-Hartman
|
c9b484c69d |
Merge 6.1.68 into android14-6.1-lts
Changes in 6.1.68
vdpa/mlx5: preserve CVQ vringh index
hrtimers: Push pending hrtimers away from outgoing CPU earlier
i2c: designware: Fix corrupted memory seen in the ISR
netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
zstd: Fix array-index-out-of-bounds UBSAN warning
tg3: Move the [rt]x_dropped counters to tg3_napi
tg3: Increment tx_dropped in tg3_tso_bug()
kconfig: fix memory leak from range properties
drm/amdgpu: correct chunk_ptr to a pointer to chunk.
x86: Introduce ia32_enabled()
x86/coco: Disable 32-bit emulation by default on TDX and SEV
x86/entry: Convert INT 0x80 emulation to IDTENTRY
x86/entry: Do not allow external 0x80 interrupts
x86/tdx: Allow 32-bit emulation by default
dt: dt-extract-compatibles: Handle cfile arguments in generator function
dt: dt-extract-compatibles: Don't follow symlinks when walking tree
platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
of: dynamic: Fix of_reconfig_get_state_change() return value documentation
platform/x86: wmi: Skip blocks with zero instances
ipv6: fix potential NULL deref in fib6_add()
octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
octeontx2-af: Check return value of nix_get_nixlf before using nixlf
hv_netvsc: rndis_filter needs to select NLS
r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
r8152: Add RTL8152_INACCESSIBLE checks to more loops
r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
mlxbf-bootctl: correctly identify secure boot with development keys
platform/mellanox: Add null pointer checks for devm_kasprintf()
platform/mellanox: Check devm_hwmon_device_register_with_groups() return value
arcnet: restoring support for multiple Sohard Arcnet cards
octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt coalescing
net: stmmac: fix FPE events losing
xsk: Skip polling event check for unbound socket
octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
i40e: Fix unexpected MFS warning message
iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero
net: bnxt: fix a potential use-after-free in bnxt_init_tc
tcp: fix mid stream window clamp.
ionic: fix snprintf format length warning
ionic: Fix dim work handling in split interrupt mode
ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
net: atlantic: Fix NULL dereference of skb pointer in
net: hns: fix wrong head when modify the tx feature when sending packets
net: hns: fix fake link up on xge port
octeontx2-af: Adjust Tx credits when MCS external bypass is disabled
octeontx2-af: Fix mcs sa cam entries size
octeontx2-af: Fix mcs stats register address
octeontx2-af: Add missing mcs flr handler call
octeontx2-af: Update Tx link register range
dt-bindings: interrupt-controller: Allow #power-domain-cells
netfilter: nft_exthdr: add boolean DCCP option matching
netfilter: nf_tables: fix 'exist' matching on bigendian arches
netfilter: nf_tables: bail out on mismatching dynset and set expressions
netfilter: nf_tables: validate family when identifying table via handle
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
tcp: do not accept ACK of bytes we never sent
bpf: sockmap, updating the sg structure should also update curr
psample: Require 'CAP_NET_ADMIN' when joining "packets" group
drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
mm/damon/sysfs: eliminate potential uninitialized variable warning
tee: optee: Fix supplicant based device enumeration
RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm
RDMA/irdma: Do not modify to SQD on error
RDMA/irdma: Add wait for suspend on SQD
arm64: dts: rockchip: Expand reg size of vdec node for RK3328
arm64: dts: rockchip: Expand reg size of vdec node for RK3399
ASoC: fsl_sai: Fix no frame sync clock issue on i.MX8MP
RDMA/rtrs-srv: Do not unconditionally enable irq
RDMA/rtrs-clt: Start hb after path_up
RDMA/rtrs-srv: Check return values while processing info request
RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
RDMA/rtrs-clt: Fix the max_send_wr setting
RDMA/rtrs-clt: Remove the warnings for req in_use check
RDMA/bnxt_re: Correct module description string
RDMA/irdma: Refactor error handling in create CQP
RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info()
hwmon: (acpi_power_meter) Fix 4.29 MW bug
ASoC: codecs: lpass-tx-macro: set active_decimator correct default value
hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
RDMA/irdma: Avoid free the non-cqp_request scratch
drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS
arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb
arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
tracing: Fix a warning when allocating buffered events fails
scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
ARM: dts: imx28-xea: Pass the 'model' property
riscv: fix misaligned access handling of C.SWSP and C.SDSP
md: introduce md_ro_state
md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
iommu: Avoid more races around device probe
rethook: Use __rcu pointer for rethook::handler
kprobes: consistent rcu api usage for kretprobe holder
ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
io_uring/af_unix: disable sending io_uring over sockets
nvme-pci: Add sleep quirk for Kingston drives
io_uring: fix mutex_unlock with unreferenced ctx
ALSA: usb-audio: Add Pioneer DJM-450 mixer controls
ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: hda/realtek: add new Framework laptop to quirks
ALSA: hda/realtek: Add Framework laptop 16 to quirks
ring-buffer: Test last update in 32bit version of __rb_time_read()
nilfs2: fix missing error check for sb_set_blocksize call
nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
cgroup_freezer: cgroup_freezing: Check if not frozen
checkstack: fix printed address
tracing: Always update snapshot buffer size
tracing: Disable snapshot buffer when stopping instance tracers
tracing: Fix incomplete locking when disabling buffered events
tracing: Fix a possible race when disabling buffered events
packet: Move reference count in packet_sock to atomic_long_t
r8169: fix rtl8125b PAUSE frames blasting when suspended
regmap: fix bogus error on regcache_sync success
platform/surface: aggregator: fix recv_buf() return value
hugetlb: fix null-ptr-deref in hugetlb_vma_lock_write
mm: fix oops when filemap_map_pmd() without prealloc_pte
powercap: DTPM: Fix missing cpufreq_cpu_put() calls
md/raid6: use valid sector values to determine if an I/O should wait on the reshape
arm64: dts: mediatek: mt7622: fix memory node warning check
arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells properties
arm64: dts: mediatek: cherry: Fix interrupt cells for MT6360 on I2C7
arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
arm64: dts: mediatek: mt8195: Fix PM suspend/resume with venc clocks
arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory
arm64: dts: mediatek: mt8183: Move thermal-zones to the root node
arm64: dts: mediatek: mt8183-evb: Fix unit_address_vs_reg warning on ntc
binder: fix memory leaks of spam and pending work
coresight: etm4x: Make etm4_remove_dev() return void
coresight: etm4x: Remove bogous __exit annotation for some functions
hwtracing: hisi_ptt: Add dummy callback pmu::read()
misc: mei: client.c: return negative error code in mei_cl_write
misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write
LoongArch: BPF: Don't sign extend memory load operand
LoongArch: BPF: Don't sign extend function return value
ring-buffer: Force absolute timestamp on discard of event
tracing: Set actual size after ring buffer resize
tracing: Stop current tracer when resizing buffer
parisc: Reduce size of the bug_table on 64-bit kernel by half
parisc: Fix asm operand number out of range build error in bug table
arm64: dts: mediatek: add missing space before {
arm64: dts: mt8183: kukui: Fix underscores in node names
perf: Fix perf_event_validate_size()
x86/sev: Fix kernel crash due to late update to read-only ghcb_version
gpiolib: sysfs: Fix error handling on failed export
drm/amdgpu: fix memory overflow in the IB test
drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
drm/amdgpu: correct the amdgpu runtime dereference usage count
drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10
drm/amdgpu: Add EEPROM I2C address support for ip discovery
drm/amdgpu: Remove redundant I2C EEPROM address
drm/amdgpu: Decouple RAS EEPROM addresses from chips
drm/amdgpu: Add support for RAS table at 0x40000
drm/amdgpu: Remove second moot switch to set EEPROM I2C address
drm/amdgpu: Return from switch early for EEPROM I2C address
drm/amdgpu: simplify amdgpu_ras_eeprom.c
drm/amdgpu: Add I2C EEPROM support on smu v13_0_6
drm/amdgpu: Update EEPROM I2C address for smu v13_0_0
usb: gadget: f_hid: fix report descriptor allocation
serial: 8250_dw: Add ACPI ID for Granite Rapids-D UART
parport: Add support for Brainboxes IX/UC/PX parallel cards
cifs: Fix non-availability of dedup breaking generic/304
Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1"
smb: client: fix potential NULL deref in parse_dfs_referrals()
usb: typec: class: fix typec_altmode_put_partner to put plugs
ARM: PL011: Fix DMA support
serial: sc16is7xx: address RX timeout interrupt errata
serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
serial: 8250_omap: Add earlycon support for the AM654 UART controller
devcoredump: Send uevent once devcd is ready
x86/CPU/AMD: Check vendor in the AMD microcode callback
USB: gadget: core: adjust uevent timing on gadget unbind
cifs: Fix flushing, invalidation and file size with copy_file_range()
cifs: Fix flushing, invalidation and file size with FICLONE
MIPS: kernel: Clear FPU states when setting up kernel threads
KVM: s390/mm: Properly reset no-dat
KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
MIPS: Loongson64: Reserve vgabios memory on boot
MIPS: Loongson64: Handle more memory types passed from firmware
MIPS: Loongson64: Enable DMA noncoherent support
netfilter: nft_set_pipapo: skip inactive elements during set walk
riscv: Kconfig: Add select ARM_AMBA to SOC_STARFIVE
drm/i915/display: Drop check for doublescan mode in modevalid
drm/i915/lvds: Use REG_BIT() & co.
drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo
drm/i915: Skip some timing checks on BXT/GLK DSI transcoders
Linux 6.1.68
Change-Id: I0a824071a80b24dc4a2e0077f305b7cac42235b8
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Steven Rostedt (Google)
|
869aee35cf |
ring-buffer: Have rb_time_cmpxchg() set the msb counter too
commit 0aa0e5289cfe984a8a9fdd79ccf46ccf080151f7 upstream.
The rb_time_cmpxchg() on 32-bit architectures requires setting three
32-bit words to represent the 64-bit timestamp, with some salt for
synchronization. Those are: msb, top, and bottom
The issue is, the rb_time_cmpxchg() did not properly salt the msb portion,
and the msb that was written was stale.
Link: https://lore.kernel.org/linux-trace-kernel/20231215084114.20899342@rorschach.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
c425a772fc |
ring-buffer: Do not try to put back write_stamp
commit dd939425707898da992e59ab0fcfae4652546910 upstream.
If an update to an event is interrupted by another event between the time
the initial event allocated its buffer and where it wrote to the
write_stamp, the code try to reset the write stamp back to the what it had
just overwritten. It knows that it was overwritten via checking the
before_stamp, and if it didn't match what it wrote to the before_stamp
before it allocated its space, it knows it was overwritten.
To put back the write_stamp, it uses the before_stamp it read. The problem
here is that by writing the before_stamp to the write_stamp it makes the
two equal again, which means that the write_stamp can be considered valid
as the last timestamp written to the ring buffer. But this is not
necessarily true. The event that interrupted the event could have been
interrupted in a way that it was interrupted as well, and can end up
leaving with an invalid write_stamp. But if this happens and returns to
this context that uses the before_stamp to update the write_stamp again,
it can possibly incorrectly make it valid, causing later events to have in
correct time stamps.
As it is OK to leave this function with an invalid write_stamp (one that
doesn't match the before_stamp), there's no reason to try to make it valid
again in this case. If this race happens, then just leave with the invalid
write_stamp and the next event to come along will just add a absolute
timestamp and validate everything again.
Bonus points: This gets rid of another cmpxchg64!
Link: https://lore.kernel.org/linux-trace-kernel/20231214222921.193037a7@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: Vincent Donnefort <vdonnefort@google.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
b15cf14869 |
ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
commit fff88fa0fbc7067ba46dde570912d63da42c59a9 upstream.
Mathieu Desnoyers pointed out an issue in the rb_time_cmpxchg() for 32 bit
architectures. That is:
static bool rb_time_cmpxchg(rb_time_t *t, u64 expect, u64 set)
{
unsigned long cnt, top, bottom, msb;
unsigned long cnt2, top2, bottom2, msb2;
u64 val;
/* The cmpxchg always fails if it interrupted an update */
if (!__rb_time_read(t, &val, &cnt2))
return false;
if (val != expect)
return false;
<<<< interrupted here!
cnt = local_read(&t->cnt);
The problem is that the synchronization counter in the rb_time_t is read
*after* the value of the timestamp is read. That means if an interrupt
were to come in between the value being read and the counter being read,
it can change the value and the counter and the interrupted process would
be clueless about it!
The counter needs to be read first and then the value. That way it is easy
to tell if the value is stale or not. If the counter hasn't been updated,
then the value is still good.
Link: https://lore.kernel.org/linux-trace-kernel/20231211201324.652870-1-mathieu.desnoyers@efficios.com/
Link: https://lore.kernel.org/linux-trace-kernel/20231212115301.7a9c9a64@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
edbc03d671 |
ring-buffer: Fix writing to the buffer with max_data_size
commit b3ae7b67b87fed771fa5bf95389df06b0433603e upstream. The maximum ring buffer data size is the maximum size of data that can be recorded on the ring buffer. Events must be smaller than the sub buffer data size minus any meta data. This size is checked before trying to allocate from the ring buffer because the allocation assumes that the size will fit on the sub buffer. The maximum size was calculated as the size of a sub buffer page (which is currently PAGE_SIZE minus the sub buffer header) minus the size of the meta data of an individual event. But it missed the possible adding of a time stamp for events that are added long enough apart that the event meta data can't hold the time delta. When an event is added that is greater than the current BUF_MAX_DATA_SIZE minus the size of a time stamp, but still less than or equal to BUF_MAX_DATA_SIZE, the ring buffer would go into an infinite loop, looking for a page that can hold the event. Luckily, there's a check for this loop and after 1000 iterations and a warning is emitted and the ring buffer is disabled. But this should never happen. This can happen when a large event is added first, or after a long period where an absolute timestamp is prefixed to the event, increasing its size by 8 bytes. This passes the check and then goes into the algorithm that causes the infinite loop. For events that are the first event on the sub-buffer, it does not need to add a timestamp, because the sub-buffer itself contains an absolute timestamp, and adding one is redundant. The fix is to check if the event is to be the first event on the sub-buffer, and if it is, then do not add a timestamp. This also fixes 32 bit adding a timestamp when a read of before_stamp or write_stamp is interrupted. There's still no need to add that timestamp if the event is going to be the first event on the sub buffer. Also, if the buffer has "time_stamp_abs" set, then also check if the length plus the timestamp is greater than the BUF_MAX_DATA_SIZE. Link: https://lore.kernel.org/all/20231212104549.58863438@gandalf.local.home/ Link: https://lore.kernel.org/linux-trace-kernel/20231212071837.5fdd6c13@gandalf.local.home Link: https://lore.kernel.org/linux-trace-kernel/20231212111617.39e02849@gandalf.local.home Cc: stable@vger.kernel.org Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: |
||
|
Steven Rostedt (Google)
|
6d98d594a5 |
ring-buffer: Have saved event hold the entire event
commit b049525855fdd0024881c9b14b8fbec61c3f53d3 upstream.
For the ring buffer iterator (non-consuming read), the event needs to be
copied into the iterator buffer to make sure that a writer does not
overwrite it while the user is reading it. If a write happens during the
copy, the buffer is simply discarded.
But the temp buffer itself was not big enough. The allocation of the
buffer was only BUF_MAX_DATA_SIZE, which is the maximum data size that can
be passed into the ring buffer and saved. But the temp buffer needs to
hold the meta data as well. That would be BUF_PAGE_SIZE and not
BUF_MAX_DATA_SIZE.
Link: https://lore.kernel.org/linux-trace-kernel/20231212072558.61f76493@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
7888b607a9 |
ring-buffer: Do not update before stamp when switching sub-buffers
commit 9e45e39dc249c970d99d2681f6bcb55736fd725c upstream.
The ring buffer timestamps are synchronized by two timestamp placeholders.
One is the "before_stamp" and the other is the "write_stamp" (sometimes
referred to as the "after stamp" but only in the comments. These two
stamps are key to knowing how to handle nested events coming in with a
lockless system.
When moving across sub-buffers, the before stamp is updated but the write
stamp is not. There's an effort to put back the before stamp to something
that seems logical in case there's nested events. But as the current event
is about to cross sub-buffers, and so will any new nested event that happens,
updating the before stamp is useless, and could even introduce new race
conditions.
The first event on a sub-buffer simply uses the sub-buffer's timestamp
and keeps a "delta" of zero. The "before_stamp" and "write_stamp" are not
used in the algorithm in this case. There's no reason to try to fix the
before_stamp when this happens.
As a bonus, it removes a cmpxchg() when crossing sub-buffers!
Link: https://lore.kernel.org/linux-trace-kernel/20231211114420.36dde01b@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
31785cf817 |
ring-buffer: Fix memory leak of free page
commit 17d801758157bec93f26faaf5ff1a8b9a552d67a upstream.
Reading the ring buffer does a swap of a sub-buffer within the ring buffer
with a empty sub-buffer. This allows the reader to have full access to the
content of the sub-buffer that was swapped out without having to worry
about contention with the writer.
The readers call ring_buffer_alloc_read_page() to allocate a page that
will be used to swap with the ring buffer. When the code is finished with
the reader page, it calls ring_buffer_free_read_page(). Instead of freeing
the page, it stores it as a spare. Then next call to
ring_buffer_alloc_read_page() will return this spare instead of calling
into the memory management system to allocate a new page.
Unfortunately, on freeing of the ring buffer, this spare page is not
freed, and causes a memory leak.
Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@rorschach.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
07ad456e1c |
ring-buffer: Force absolute timestamp on discard of event
[ Upstream commit b2dd797543cfa6580eac8408dd67fa02164d9e56 ]
There's a race where if an event is discarded from the ring buffer and an
interrupt were to happen at that time and insert an event, the time stamp
is still used from the discarded event as an offset. This can screw up the
timings.
If the event is going to be discarded, set the "before_stamp" to zero.
When a new event comes in, it compares the "before_stamp" with the
"write_stamp" and if they are not equal, it will insert an absolute
timestamp. This will prevent the timings from getting out of sync due to
the discarded event.
Link: https://lore.kernel.org/linux-trace-kernel/20231206100244.5130f9b3@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
d2558e726e |
ring-buffer: Test last update in 32bit version of __rb_time_read()
commit f458a1453424e03462b5bb539673c9a3cddda480 upstream.
Since 64 bit cmpxchg() is very expensive on 32bit architectures, the
timestamp used by the ring buffer does some interesting tricks to be able
to still have an atomic 64 bit number. It originally just used 60 bits and
broke it up into two 32 bit words where the extra 2 bits were used for
synchronization. But this was not enough for all use cases, and all 64
bits were required.
The 32bit version of the ring buffer timestamp was then broken up into 3
32bit words using the same counter trick. But one update was not done. The
check to see if the read operation was done without interruption only
checked the first two words and not last one (like it had before this
update). Fix it by making sure all three updates happen without
interruption by comparing the initial counter with the last updated
counter.
Link: https://lore.kernel.org/linux-trace-kernel/20231206100050.3100b7bb@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
c259cc9cb4 |
Merge 6.1.57 into android14-6.1-lts
Changes in 6.1.57
spi: zynqmp-gqspi: fix clock imbalance on probe failure
ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
mptcp: rename timer related helper to less confusing names
mptcp: fix dangling connection hang-up
mptcp: annotate lockless accesses to sk->sk_err
mptcp: move __mptcp_error_report in protocol.c
mptcp: process pending subflow error on close
ata,scsi: do not issue START STOP UNIT on resume
scsi: sd: Differentiate system and runtime start/stop management
scsi: sd: Do not issue commands to suspended disks on shutdown
scsi: core: Improve type safety of scsi_rescan_device()
scsi: Do not attempt to rescan suspended devices
ata: libata-scsi: Fix delayed scsi_rescan_device() execution
NFS: Cleanup unused rpc_clnt variable
NFS: rename nfs_client_kset to nfs_kset
NFSv4: Fix a state manager thread deadlock regression
mm/memory: add vm_normal_folio()
mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified
mm/page_alloc: always remove pages from temporary list
mm/page_alloc: leave IRQs enabled for per-cpu page allocations
mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
ring-buffer: remove obsolete comment for free_buffer_page()
ring-buffer: Fix bytes info in per_cpu buffer stats
btrfs: use struct qstr instead of name and namelen pairs
btrfs: setup qstr from dentrys using fscrypt helper
btrfs: use struct fscrypt_str instead of struct qstr
Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
net: add sysctl accept_ra_min_rtr_lft
net: change accept_ra_min_rtr_lft to affect all RA lifetimes
net: release reference to inet6_dev pointer
arm64: cpufeature: Fix CLRBHB and BC detection
drm/amd/display: Adjust the MST resume flow
iommu/arm-smmu-v3: Set TTL invalidation hint better
iommu/arm-smmu-v3: Avoid constructing invalid range commands
rbd: move rbd_dev_refresh() definition
rbd: decouple header read-in from updating rbd_dev->header
rbd: decouple parent info read-in from updating rbd_dev
rbd: take header_rwsem in rbd_dev_refresh() only when updating
block: fix use-after-free of q->q_usage_counter
hwmon: (nzxt-smart2) Add device id
hwmon: (nzxt-smart2) add another USB ID
i40e: fix the wrong PTP frequency calculation
scsi: zfcp: Fix a double put in zfcp_port_enqueue()
iommu/vt-d: Avoid memory allocation in iommu_suspend()
vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
net: ethernet: mediatek: disable irq before schedule napi
mptcp: userspace pm allow creating id 0 subflow
qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
Bluetooth: hci_codec: Fix leaking content of local_codecs
Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
wifi: mwifiex: Fix tlv_buf_left calculation
md/raid5: release batch_last before waiting for another stripe_head
PCI: qcom: Fix IPQ8074 enumeration
net: replace calls to sock->ops->connect() with kernel_connect()
net: prevent rewrite of msg_name in sock_sendmsg()
drm/amd: Fix detection of _PR3 on the PCIe root port
drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
arm64: Add Cortex-A520 CPU part definition
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
HID: sony: Fix a potential memory leak in sony_probe()
ubi: Refuse attaching if mtd's erasesize is 0
erofs: fix memory leak of LZMA global compressed deduplication
wifi: iwlwifi: dbg_ini: fix structure packing
wifi: iwlwifi: mvm: Fix a memory corruption issue
wifi: cfg80211: hold wiphy lock in auto-disconnect
wifi: cfg80211: move wowlan disable under locks
wifi: cfg80211: add a work abstraction with special semantics
wifi: cfg80211: fix cqm_config access race
wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
bpf: Fix tr dereferencing
regulator: mt6358: Drop *_SSHUB regulators
regulator: mt6358: Use linear voltage helpers for single range regulators
regulator: mt6358: split ops for buck and linear range LDO regulators
Bluetooth: Delete unused hci_req_prepare_suspend() declaration
Bluetooth: ISO: Fix handling of listen for unicast
drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
perf/x86/amd/core: Fix overflow reset on hotplug
regmap: rbtree: Fix wrong register marked as in-cache when creating new node
wifi: mac80211: fix potential key use-after-free
perf/x86/amd: Do not WARN() on every IRQ
iommu/mediatek: Fix share pgtable for iova over 4GB
regulator/core: regulator_register: set device->class earlier
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
scsi: target: core: Fix deadlock due to recursive locking
ima: rework CONFIG_IMA dependency block
NFSv4: Fix a nfs4_state_manager() race
bpf: tcp_read_skb needs to pop skb regardless of seq
bpf, sockmap: Do not inc copied_seq when PEEK flag set
bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
modpost: add missing else to the "of" check
net: fix possible store tearing in neigh_periodic_work()
bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
neighbour: annotate lockless accesses to n->nud_state
neighbour: switch to standard rcu, instead of rcu_bh
neighbour: fix data-races around n->output
ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
ptp: ocp: Fix error handling in ptp_ocp_device_init
net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
net: nfc: llcp: Add lock when modifying device list
net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
ibmveth: Remove condition to recompute TCP header checksum.
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
selftests: netfilter: Test nf_tables audit logging
selftests: netfilter: Extend nft_audit.sh
netfilter: nf_tables: Deduplicate nft_register_obj audit logs
netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
ipv4: Set offload_failed flag in fibmatch results
net: stmmac: dwmac-stm32: fix resume on STM32 MCU
tipc: fix a potential deadlock on &tx->lock
tcp: fix quick-ack counting to count actual ACKs of new data
tcp: fix delayed ACKs for MSS boundary condition
sctp: update transport state when processing a dupcook packet
sctp: update hb timer immediately after users change hb_interval
netlink: split up copies in the ack construction
netlink: Fix potential skb memleak in netlink_ack
netlink: annotate data-races around sk->sk_err
HID: sony: remove duplicate NULL check before calling usb_free_urb()
HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
intel_idle: add Emerald Rapids Xeon support
smb: use kernel_connect() and kernel_bind()
parisc: Fix crash with nr_cpus=1 option
dm zoned: free dmz->ddev array in dmz_put_zoned_devices
RDMA/core: Require admin capabilities to set system parameters
of: dynamic: Fix potential memory leak in of_changeset_action()
IB/mlx4: Fix the size of a buffer in add_port_entries()
gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
gpio: pxa: disable pinctrl calls for MMP_GPIO
RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
RDMA/cma: Fix truncation compilation warning in make_cma_ports
RDMA/uverbs: Fix typo of sizeof argument
RDMA/srp: Do not call scsi_done() from srp_abort()
RDMA/siw: Fix connection failure handling
RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
RDMA/mlx5: Fix NULL string error
x86/sev: Use the GHCB protocol when available for SNP CPUID requests
ksmbd: fix race condition between session lookup and expire
ksmbd: fix uaf in smb20_oplock_break_ack
parisc: Restore __ldcw_align for PA-RISC 2.0 processors
ipv6: remove nexthop_fib6_nh_bh()
vrf: Fix lockdep splat in output path
btrfs: fix an error handling path in btrfs_rename()
btrfs: fix fscrypt name leak after failure to join log transaction
netlink: remove the flex array from struct nlmsghdr
btrfs: file_remove_privs needs an exclusive lock in direct io write
ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh()
xen/events: replace evtchn_rwlock with RCU
Linux 6.1.57
Change-Id: I2c200264df72a9043d91d31479c91b0d7f94863e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
2950de8b2d |
Merge 6.1.56 into android14-6.1-lts
Changes in 6.1.56 NFS: Fix error handling for O_DIRECT write scheduling NFS: Fix O_DIRECT locking issues NFS: More O_DIRECT accounting fixes for error paths NFS: Use the correct commit info in nfs_join_page_group() NFS: More fixes for nfs_direct_write_reschedule_io() NFS/pNFS: Report EINVAL errors from connect() to the server SUNRPC: Mark the cred for revalidation if the server rejects it NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server NFSv4.1: fix pnfs MDS=DS session trunking media: v4l: Use correct dependency for camera sensor drivers media: via: Use correct dependency for camera sensor drivers netfs: Only call folio_start_fscache() one time for each folio dm: fix a race condition in retrieve_deps btrfs: improve error message after failure to add delayed dir index item btrfs: remove BUG() after failure to insert delayed dir index item ext4: replace the traditional ternary conditional operator with with max()/min() ext4: move setting of trimmed bit into ext4_try_to_trim_range() ext4: do not let fstrim block system suspend netfilter: nf_tables: don't skip expired elements during walk netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: don't fail inserts if duplicate has expired netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nf_tables: fix memleak when more than 255 elements expired ASoC: meson: spdifin: start hw on dai probe netfilter: nf_tables: disallow element removal on anonymous sets bpf: Avoid deadlock when using queue and stack maps from NMI ASoC: rt5640: Revert "Fix sleep in atomic context" ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode ALSA: hda/realtek: Splitting the UX3402 into two separate models netfilter: conntrack: fix extension size table selftests: tls: swap the TX and RX sockets in some tests net/core: Fix ETH_P_1588 flow dissector ASoC: hdaudio.c: Add missing check for devm_kstrdup ASoC: imx-audmix: Fix return error with devm_clk_get() octeon_ep: fix tx dma unmap len values in SG iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful iavf: add iavf_schedule_aq_request() helper iavf: schedule a request immediately after add/delete vlan i40e: Fix VF VLAN offloading when port VLAN is configured netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() ionic: fix 16bit math issue when PAGE_SIZE >= 64KB igc: Fix infinite initialization loop with early XDP redirect ipv4: fix null-deref in ipv4_link_failure scsi: iscsi_tcp: restrict to TCP sockets powerpc/perf/hv-24x7: Update domain value check dccp: fix dccp_v4_err()/dccp_v6_err() again x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() net: hsr: Properly parse HSRv1 supervisor frames. platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command() platform/x86: intel_scu_ipc: Fail IPC send if still busy x86/srso: Fix srso_show_state() side effect x86/srso: Fix SBPB enablement for spec_rstack_overflow=off net: hns3: add cmdq check for vf periodic service task net: hns3: fix GRE checksum offload issue net: hns3: only enable unicast promisc when mac table full net: hns3: fix fail to delete tc flower rules during reset issue net: hns3: add 5ms delay before clear firmware reset irq source net: bridge: use DEV_STATS_INC() team: fix null-ptr-deref when team device type is changed net: rds: Fix possible NULL-pointer dereference netfilter: nf_tables: disable toggling dormant table state more than once netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP i915/pmu: Move execlist stats initialization to execlist specific setup locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested() net: ena: Flush XDP packets on error. bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI octeontx2-pf: Do xdp_do_flush() after redirects. igc: Expose tx-usecs coalesce setting to user proc: nommu: /proc/<pid>/maps: release mmap read lock proc: nommu: fix empty /proc/<pid>/maps cifs: Fix UAF in cifs_demultiplex_thread() gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() i2c: mux: gpio: Add missing fwnode_handle_put() i2c: xiic: Correct return value check for xiic_reinit() ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode f2fs: optimize iteration over sparse directories f2fs: get out of a repeat loop when getting a locked data page s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved wifi: ath11k: fix tx status reporting in encap offload mode wifi: ath11k: Cleanup mac80211 references on failure during tx_complete scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 drm/amdkfd: Insert missing TLB flush on GFX10 and later btrfs: reset destination buffer when read_extent_buffer() gets invalid range vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled spi: spi-gxp: BUG: Correct spi write return value drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() bus: ti-sysc: Fix missing AM35xx SoC matching firmware: arm_scmi: Harden perf domain info access firmware: arm_scmi: Fixup perf power-cost/microwatt support power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo() clk: sprd: Fix thm_parents incorrect configuration clk: tegra: fix error return case for recalc_rate ARM: dts: omap: correct indentation ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4 ARM: dts: Unify pwm-omap-dmtimer node names ARM: dts: Unify pinctrl-single pin group nodes for omap4 ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up power: supply: ucs1002: fix error code in ucs1002_get_property() firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() xtensa: add default definition for XCHAL_HAVE_DIV32 xtensa: iss/network: make functions static xtensa: boot: don't add include-dirs xtensa: umulsidi3: fix conditional expression xtensa: boot/lib: fix function prototypes power: supply: rk817: Fix node refcount leak selftests/powerpc: Use CLEAN macro to fix make warning selftests/powerpc: Pass make context to children selftests/powerpc: Fix emit_tests to work with run_kselftest.sh soc: imx8m: Enable OCOTP clock for imx8mm before reading registers arm64: dts: imx: Add imx8mm-prt8mm.dtb to build firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip i2c: npcm7xx: Fix callback completion ordering x86/reboot: VMCLEAR active VMCSes before emergency reboot ceph: drop messages from MDS when unmounting dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock bpf: Annotate bpf_long_memcpy with data_race spi: sun6i: reduce DMA RX transfer width to single byte spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() parisc: sba: Fix compile warning wrt list of SBA devices parisc: iosapic.c: Fix sparse warnings parisc: drivers: Fix sparse warning parisc: irq: Make irq_stack_union static to avoid sparse warning scsi: qedf: Add synchronization between I/O completions and abort scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command selftests/ftrace: Correctly enable event in instance-event.tc ring-buffer: Avoid softlockup in ring_buffer_resize() btrfs: assert delayed node locked when removing delayed item selftests: fix dependency checker script ring-buffer: Do not attempt to read past "commit" net/smc: bugfix for smcr v2 server connect success statistic ata: sata_mv: Fix incorrect string length computation in mv_dump_mem() platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode thermal/of: add missing of_node_put() drm/amd/display: Don't check registers, if using AUX BL control drm/amdgpu/soc21: don't remap HDP registers for SR-IOV drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV drm/amdgpu: Handle null atom context in VBIOS info ioctl riscv: errata: fix T-Head dcache.cva encoding scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() spi: nxp-fspi: reset the FLSHxCR1 registers spi: stm32: add a delay before SPI disable ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag spi: intel-pci: Add support for Granite Rapids SPI serial flash bpf: Clarify error expectations from bpf_clone_redirect ALSA: hda: intel-sdw-acpi: Use u8 type for link index ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width. ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low firmware: cirrus: cs_dsp: Only log list of algorithms in debug build memblock tests: fix warning: "__ALIGN_KERNEL" redefined memblock tests: fix warning ‘struct seq_file’ declared inside parameter list ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link media: vb2: frame_vector.c: replace WARN_ONCE with a comment NFSv4.1: fix zero value filehandle in post open getattr ASoC: SOF: Intel: MTL: Reduce the DSP init timeout powerpc/watchpoints: Disable preemption in thread_change_pc() powerpc/watchpoint: Disable pagefaults when getting user instruction powerpc/watchpoints: Annotate atomic context in more places ncsi: Propagate carrier gain/loss events to the NCSI controller net: hsr: Add __packed to struct hsr_sup_tlv. tsnep: Fix NAPI scheduling tsnep: Fix NAPI polling with budget 0 LoongArch: Set all reserved memblocks on Node#0 at initialization fbdev/sh7760fb: Depend on FB=y perf build: Define YYNOMEM as YYNOABORT for bison < 3.81 nvme-pci: factor the iod mempool creation into a helper nvme-pci: factor out a nvme_pci_alloc_dev helper nvme-pci: do not set the NUMA node of device if it has none wifi: ath11k: Don't drop tx_status when peer cannot be found scsi: qla2xxx: Fix NULL pointer dereference in target mode nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev smack: Record transmuting in smk_transmuted smack: Retrieve transmuting information in smack_inode_getsecurity() iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race x86/srso: Add SRSO mitigation for Hygon processors KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway KVM: SVM: Fix TSC_AUX virtualization setup KVM: x86/mmu: Open code leaf invalidation from mmu_notifier KVM: x86/mmu: Do not filter address spaces in for_each_tdp_mmu_root_yield_safe() mptcp: fix bogus receive window shrinkage with multiple subflows misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" serial: 8250_port: Check IRQ data before use nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() netfilter: nf_tables: disallow rule removal from chain binding ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q LoongArch: Define relocation types for ABI v2.10 LoongArch: numa: Fix high_memory calculation ata: libata-scsi: link ata port and scsi device ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES io_uring/fs: remove sqe->rw_flags checking from LINKAT i2c: i801: unregister tco_pdev in i801_probe() error path ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG kernel/sched: Modify initial boot task idle setup sched/rt: Fix live lock between select_fallback_rq() and RT push netfilter: nf_tables: fix kdoc warnings after gc rework Revert "SUNRPC dont update timeout value on connection reset" timers: Tag (hr)timer softirq as hotplug safe drm/tests: Fix incorrect argument in drm_test_mm_insert_range arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement ring-buffer: Update "shortest_full" in polling btrfs: properly report 0 avail for very full file systems media: uvcvideo: Fix OOB read bpf: Add override check to kprobe multi link attach bpf: Fix BTF_ID symbol generation collision bpf: Fix BTF_ID symbol generation collision in tools/ net: thunderbolt: Fix TCPv6 GSO checksum calculation fs/smb/client: Reset password pointer to NULL ata: libata-core: Fix ata_port_request_pm() locking ata: libata-core: Fix port and device removal ata: libata-core: Do not register PM operations for SAS ports ata: libata-sata: increase PMP SRST timeout to 10s drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top power: supply: rk817: Add missing module alias power: supply: ab8500: Set typing and props fs: binfmt_elf_efpic: fix personality for ELF-FDPIC drm/amdkfd: Use gpu_offset for user queue's wptr drm/meson: fix memory leak on ->hpd_notify callback memcg: drop kmem.limit_in_bytes mm, memcg: reconsider kmem.limit_in_bytes deprecation ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL Linux 6.1.56 Change-Id: Id110614d91d6d60fb6c7622c5af82f219a84a30f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Zheng Yejian
|
87efd87d36 |
ring-buffer: Fix bytes info in per_cpu buffer stats
[ Upstream commit |
||
|
Vlastimil Babka
|
62eed43e03 |
ring-buffer: remove obsolete comment for free_buffer_page()
[ Upstream commit |
||
|
Steven Rostedt (Google)
|
f3ad887454 |
ring-buffer: Update "shortest_full" in polling
commit |
||
|
Steven Rostedt (Google)
|
b08a493822 |
ring-buffer: Do not attempt to read past "commit"
[ Upstream commit
|
||
|
Zheng Yejian
|
11054f0b88 |
ring-buffer: Avoid softlockup in ring_buffer_resize()
[ Upstream commit
|
||
|
Greg Kroah-Hartman
|
50874c58d8 |
Merge 6.1.47 into android14-6.1-lts
Changes in 6.1.47 mmc: sdhci-f-sdh30: Replace with sdhci_pltfm cpuidle: psci: Extend information in log about OSI/PC mode cpuidle: psci: Move enabling OSI mode after power domains creation zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks zsmalloc: fix races between modifications of fullness and isolated selftests: forwarding: tc_actions: cleanup temporary files when test is aborted selftests: forwarding: tc_actions: Use ncat instead of nc net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore net/smc: Fix setsockopt and sysctl to specify same buffer size again net: phy: at803x: Use devm_regulator_get_enable_optional() net: phy: at803x: fix the wol setting functions drm/amdgpu: fix calltrace warning in amddrm_buddy_fini drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 drm/amdgpu: fix memory leak in mes self test ASoC: Intel: sof_sdw: add quirk for MTL RVP ASoC: Intel: sof_sdw: add quirk for LNL RVP PCI: tegra194: Fix possible array out of bounds access ASoC: SOF: amd: Add pci revision id check drm/stm: ltdc: fix late dereference check drm: rcar-du: remove R-Car H3 ES1.* workarounds ASoC: amd: vangogh: Add check for acp config flags in vangogh platform ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit ASoC: Intel: sof_sdw: Add support for Rex soundwire iopoll: Call cpu_relax() in busy loops ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion dma-remap: use kvmalloc_array/kvfree for larger dma memory remap accel/habanalabs: add pci health check during heartbeat HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard iommu/amd: Introduce Disable IRTE Caching Support drm/amdgpu: install stub fence into potential unused fence pointers drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz RDMA/mlx5: Return the firmware result upon destroying QP/RQ drm/amd/display: Skip DPP DTO update if root clock is gated drm/amd/display: Enable dcn314 DPP RCO ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown() HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio smb: client: fix warning in cifs_smb3_do_mount() cifs: fix session state check in reconnect to avoid use-after-free issue serial: stm32: Ignore return value of uart_remove_one_port() in .remove() led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops media: v4l2-mem2mem: add lock to protect parameter num_rdy media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250 usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push usb: gadget: uvc: queue empty isoc requests if no video buffer is available media: platform: mediatek: vpu: fix NULL ptr dereference thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() usb: chipidea: imx: don't request QoS for imx8ulp usb: chipidea: imx: add missing USB PHY DPDM wakeup setting gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() thunderbolt: Add Intel Barlow Ridge PCI ID thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth firewire: net: fix use after free in fwnet_finish_incoming_packet() watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) Bluetooth: L2CAP: Fix use-after-free Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally ceph: try to dump the msgs when decoding fails drm/amdgpu: Fix potential fence use-after-free v2 fs/ntfs3: Enhance sanity check while generating attr_list fs: ntfs3: Fix possible null-pointer dereferences in mi_read() fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() ALSA: hda/realtek: Add quirk for ASUS ROG GX650P ALSA: hda/realtek: Add quirk for ASUS ROG GA402X ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V powerpc/kasan: Disable KCOV in KASAN code Bluetooth: MGMT: Use correct address for memcpy() ring-buffer: Do not swap cpu_buffer during resize process igc: read before write to SRRCTL register drm/amd/display: save restore hdcp state when display is unplugged from mst hub drm/amd/display: phase3 mst hdcp for multiple displays drm/amd/display: fix access hdcp_workqueue assert KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node fbdev/hyperv-fb: Do not set struct fb_info.apertures video/aperture: Only remove sysfb on the default vga pci device btrfs: move out now unused BG from the reclaim list btrfs: convert btrfs_block_group::needs_free_space to runtime flag btrfs: convert btrfs_block_group::seq_zone to runtime flag btrfs: fix use-after-free of new block group that became unused virtio-mmio: don't break lifecycle of vm_dev vduse: Use proper spinlock for IRQ injection vdpa/mlx5: Fix mr->initialized semantics vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary cifs: fix potential oops in cifs_oplock_break i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue i2c: hisi: Only handle the interrupt of the driver's transfer i2c: tegra: Fix i2c-tegra DMA config option processing fbdev: mmp: fix value check in mmphw_probe() powerpc/rtas_flash: allow user copy to flash block cache objects vdpa: Add features attr to vdpa_nl_policy for nlattr length check vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check vdpa: Enable strict validation for netlinks ops tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms btrfs: fix incorrect splitting in btrfs_drop_extent_map_range btrfs: fix BUG_ON condition in btrfs_cancel_balance i2c: designware: Correct length byte validation logic i2c: designware: Handle invalid SMBus block data response length value net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure xfrm: fix slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH virtio_net: notify MAC address change on device initialization virtio-net: set queues after driver_ok net: pcs: Add missing put_device call in miic_create net: phy: fix IRQ-based wake-on-lan over hibernate / power off selftests: mirror_gre_changes: Tighten up the TTL test match drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source octeon_ep: cancel tx_timeout_task later in remove sequence netfilter: nf_tables: fix false-positive lockdep splat netfilter: nf_tables: deactivate catchall elements in next generation ipvs: fix racy memcpy in proc_do_sync_threshold netfilter: nft_dynset: disallow object maps net: phy: broadcom: stub c45 read/write for 54810 team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net: openvswitch: reject negative ifindex iavf: fix FDIR rule fields masks validation i40e: fix misleading debug logs net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset sfc: don't unregister flow_indr if it was never registered sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS qede: fix firmware halt over suspend and resume ice: Block switchdev mode when ADQ is active and vice versa bus: ti-sysc: Flush posted write on enable before reset arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+ ARM: dts: imx: align LED node names with dtschema ARM: dts: imx6: phytec: fix RTC interrupt level arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration ARM: dts: imx: Set default tuning step for imx6sx usdhc arm64: dts: imx93: Fix anatop node size ASoC: rt5665: add missed regulator_bulk_disable ASoC: meson: axg-tdm-formatter: fix channel slot allocation ALSA: hda/realtek: Add quirks for HP G11 Laptops soc: aspeed: uart-routing: Use __sysfs_match_string soc: aspeed: socinfo: Add kfree for kstrdup ALSA: hda/realtek - Remodified 3k pull low procedure riscv: uaccess: Return the number of bytes effectively not copied serial: 8250: Fix oops for port->pm on uart_change_pm() ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards blk-crypto: dynamically allocate fallback profile mmc: wbsd: fix double mmc_free_host() in wbsd_init() mmc: block: Fix in_flight[issue_type] value error drm/qxl: fix UAF on handle creation drm/i915/sdvo: fix panel_type initialization drm/amd: flush any delayed gfxoff on suspend entry drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG drm/amd/display: disable RCO for DCN314 zsmalloc: allow only one active pool compaction context sched/fair: unlink misfit task from cpu overutilized sched/fair: Remove capacity inversion detection drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register hugetlb: do not clear hugetlb dtor until allocating vmemmap netfilter: set default timeout to 3 secs for sctp shutdown send and recv state arm64/ptrace: Ensure that SME is set up for target when writing SSVE state drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 drm/amdgpu: keep irq count in amdgpu_irq_disable_all af_unix: Fix null-ptr-deref in unix_stream_sendpage(). drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove Linux 6.1.47 Change-Id: I7c55c71f43f88a1d44d39c835e3f6e58d4c86279 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
38b64945f1 |
Revert "ring-buffer: Fix wrong stat of cpu_buffer->read"
This reverts commit |
||
|
Greg Kroah-Hartman
|
7f81705800 |
Merge 6.1.43 into android14-6.1-lts
Changes in 6.1.43
netfilter: nf_tables: fix underflow in object reference counter
netfilter: nf_tables: fix underflow in chain reference counter
platform/x86/amd/pmf: Notify OS power slider update
platform/x86/amd/pmf: reduce verbosity of apmf_get_system_params
drm/amd/display: Keep PHY active for dp config
ovl: fix null pointer dereference in ovl_permission()
drm/amd: Move helper for dynamic speed switch check out of smu13
drm/amd: Align SMU11 SMU_MSG_OverridePcieParameters implementation with SMU13
jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
blk-mq: Fix stall due to recursive flush plug
powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
KVM: s390: pv: fix index value of replaced ASCE
io_uring: don't audit the capability check in io_uring_create()
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
pwm: Add a stub for devm_pwmchip_add()
gpio: mvebu: Make use of devm_pwmchip_add
gpio: mvebu: fix irq domain leak
btrfs: fix race between quota disable and relocation
i2c: Delete error messages for failed memory allocations
i2c: Improve size determinations
i2c: nomadik: Remove unnecessary goto label
i2c: nomadik: Use devm_clk_get_enabled()
i2c: nomadik: Remove a useless call in the remove function
MIPS: Loongson: Move arch cflags to MIPS top level Makefile
MIPS: Loongson: Fix build error when make modules_install
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Avoid link retraining race
PCI: rockchip: Remove writes to unused registers
PCI: rockchip: Fix window mapping and address translation for endpoint
PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
drm/amd/display: add FB_DAMAGE_CLIPS support
drm/amd/display: Check if link state is valid
drm/amd/display: Rework context change check
drm/amd/display: Enable new commit sequence only for DCN32x
drm/amd/display: Copy DC context in the commit streams
drm/amd/display: Include surface of unaffected streams
drm/amd/display: Use min transition for all SubVP plane add/remove
drm/amd/display: add ODM case when looking for first split pipe
drm/amd/display: use low clocks for no plane configs
drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315
drm/amd/display: add pixel rate based CRB allocation support
drm/amd/display: fix dcn315 single stream crb allocation
drm/amd/display: Update correct DCN314 register header
drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt
drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix
drm/ttm: Don't print error message if eviction was interrupted
drm/ttm: Don't leak a resource on eviction error
n_tty: Rename tail to old_tail in n_tty_read()
tty: fix hang on tty device with no_room set
drm/ttm: never consider pinned BOs for eviction&swap
KVM: arm64: Condition HW AF updates on config option
arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2
mptcp: introduce 'sk' to replace 'sock->sk' in mptcp_listen()
mptcp: do not rely on implicit state check in mptcp_listen()
tracing/probes: Add symstr type for dynamic events
tracing/probes: Fix to avoid double count of the string length on the array
tracing: Allow synthetic events to pass around stacktraces
Revert "tracing: Add "(fault)" name injection to kernel probes"
tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails
test_maple_tree: test modifications while iterating
maple_tree: add __init and __exit to test module
maple_tree: fix 32 bit mas_next testing
drm/amd/display: Rework comments on dc file
drm/amd/display: fix dc/core/dc.c kernel-doc
drm/amd/display: Add FAMS validation before trying to use it
drm/amd/display: update extended blank for dcn314 onwards
drm/amd/display: Fix possible underflow for displays with large vblank
drm/amd/display: Prevent vtotal from being set to 0
phy: phy-mtk-dp: Fix an error code in probe()
phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
phy: qcom-snps-femto-v2: properly enable ref clock
soundwire: qcom: update status correctly with mask
media: staging: atomisp: select V4L2_FWNODE
media: amphion: Fix firmware path to match linux-firmware
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
iavf: fix potential deadlock on allocation failure
iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
net: phy: marvell10g: fix 88x3310 power up
net: hns3: fix the imp capability bit cannot exceed 32 bits issue
net: hns3: fix wrong tc bandwidth weight data issue
net: hns3: fix wrong bw weight of disabled tc issue
vxlan: calculate correct header length for GPE
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
vxlan: fix GRO with VXLAN-GPE
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
atheros: fix return value check in atl1_tso()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
ice: Fix memory management in ice_ethtool_fdir.c
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
octeontx2-af: Removed unnecessary debug messages.
octeontx2-af: Fix hash extraction enable configuration
net: stmmac: Apply redundant write work around on 4.xx too
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory
igc: Fix Kernel Panic during ndo_tx_timeout callback
netfilter: nft_set_rbtree: fix overlap expiration walk
netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
mm: suppress mm fault logging if fatal signal already pending
net/sched: mqprio: refactor nlattr parsing to a separate function
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
benet: fix return value check in be_lancer_xmit_workarounds()
tipc: check return value of pskb_trim()
tipc: stop tipc crypto on failure in tipc_node_create
RDMA/mlx4: Make check for invalid flags stricter
drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
drm/msm/adreno: Fix snapshot BINDLESS_DATA size
RDMA/irdma: Add missing read barriers
RDMA/irdma: Fix data race on CQP completion stats
RDMA/irdma: Fix data race on CQP request done
RDMA/mthca: Fix crash when polling CQ for shared QPs
RDMA/bnxt_re: Prevent handling any completions after qp destroy
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
cxl/acpi: Fix a use-after-free in cxl_parse_cfmws()
cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
drm/i915: Fix an error handling path in igt_write_huge()
xenbus: check xen_domain in xenbus_probe_initcall
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
dm raid: clean up four equivalent goto tags in raid_ctr()
dm raid: protect md_stop() with 'reconfig_mutex'
drm/amd: Fix an error handling mistake in psp_sw_init()
drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event()
RDMA/irdma: Fix op_type reporting in CQEs
RDMA/irdma: Report correct WC error
drm/msm: Switch idr_lock to spinlock
drm/msm: Disallow submit with fence id 0
ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd
ublk: fail to start device if queue setup is interrupted
ublk: fail to recover device if queue setup is interrupted
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
Revert "usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()"
usb: gadget: call usb_gadget_check_config() to verify UDC capability
USB: gadget: Fix the memory leak in raw_gadget driver
usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
serial: qcom-geni: drop bogus runtime pm state update
serial: 8250_dw: Preserve original value of DLF register
serial: sifive: Fix sifive_serial_console_setup() section
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
usb: typec: Set port->pd before adding device for typec_port
usb: typec: Iterate pds array when showing the pd list
usb: typec: Use sysfs_emit_at when concatenating the string
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: misc: ehset: fix wrong if condition
usb: ohci-at91: Fix the unhandle interrupt when resume
USB: quirks: add quirk for Focusrite Scarlett
usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config
usb: xhci-mtk: set the dma max_seg_size
Revert "usb: xhci: tegra: Fix error check"
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
Documentation: security-bugs.rst: clarify CVE handling
staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
tty: n_gsm: fix UAF in gsm_cleanup_mux
Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
ALSA: hda/realtek: Support ASUS G713PV laptop
ALSA: hda/relatek: Enable Mute LED on HP 250 G8
hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
btrfs: account block group tree when calculating global reserve size
btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
btrfs: check for commit error at btrfs_attach_transaction_barrier()
x86/MCE/AMD: Decrement threshold_bank refcount when removing threshold blocks
file: always lock position for FMODE_ATOMIC_POS
nfsd: Remove incorrect check in nfsd4_validate_stateid
ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info()
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
locking/rtmutex: Fix task->pi_waiters integrity
proc/vmcore: fix signedness bug in read_from_oldmem()
xen: speed up grant-table reclaim
virtio-net: fix race between set queues and probe
net: dsa: qca8k: fix search_and_insert wrong handling of new rule
net: dsa: qca8k: fix broken search_and_del
net: dsa: qca8k: fix mdb add/del case with 0 VID
selftests: mptcp: join: only check for ip6tables if needed
soundwire: fix enumeration completion
Revert "um: Use swap() to make code cleaner"
LoongArch: BPF: Fix check condition to call lu32id in move_imm()
LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArch
s390/dasd: fix hanging device after quiesce/resume
s390/dasd: print copy pair message only for the correct error
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
arm64/sme: Set new vector length before reallocating
PM: sleep: wakeirq: fix wake irq arming
ceph: never send metrics if disable_send_metrics is set
drm/i915/dpt: Use shmem for dpt objects
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
rbd: make get_lock_owner_info() return a single locker or NULL
rbd: harden get_lock_owner_info() a bit
rbd: retrieve and check lock owner twice before blocklisting
drm/amd/display: set per pipe dppclk to 0 when dpp is off
tracing: Fix trace_event_raw_event_synth() if else statement
drm/amd/display: perform a bounds check before filling dirty rectangles
drm/amd/display: Write to correct dirty_rect
ACPI: processor: perflib: Use the "no limit" frequency QoS
ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
cpufreq: intel_pstate: Drop ACPI _PSS states table patching
mptcp: ensure subflow is unhashed before cleaning the backlog
selftests: mptcp: sockopt: use 'iptables-legacy' if available
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
dma-buf: keep the signaling time of merged fences v3
dma-buf: fix an error pointer vs NULL bug
Linux 6.1.43
Change-Id: Id1d61f2351c51edad33ab654f1f3d911b9a75830
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
f1311733c2 |
Merge 6.1.40 into android14-6.1-lts
Changes in 6.1.40 HID: amd_sfh: Rename the float32 variable HID: amd_sfh: Fix for shift-out-of-bounds net: lan743x: Don't sleep in atomic context workqueue: clean up WORK_* constant types, clarify masking ksmbd: add missing compound request handing in some commands ksmbd: fix out of bounds read in smb2_sess_setup drm/panel: simple: Add connector_type for innolux_at043tn24 drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime swiotlb: always set the number of areas before allocating the pool swiotlb: reduce the swiotlb buffer size on allocation failure swiotlb: reduce the number of areas to match actual memory pool size drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags ice: Fix max_rate check while configuring TX rate limits igc: Remove delay during TX ring configuration net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create net/mlx5e: fix memory leak in mlx5e_ptp_open net/mlx5e: Check for NOT_READY flag state after locking igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings igc: Handle PPS start time programming for past time values blk-crypto: use dynamic lock class for blk_crypto_profile::lock scsi: qla2xxx: Fix error code in qla2x00_start_sp() scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER bpf: Fix max stack depth check for async callbacks net: mvneta: fix txq_map in case of txq_number==1 net/sched: cls_fw: Fix improper refcount update leads to use-after-free gve: Set default duplex configuration to full octeontx2-af: Promisc enable/disable through mbox octeontx2-af: Move validation of ptp pointer before its usage ionic: remove WARN_ON to prevent panic_on_warn net: bgmac: postpone turning IRQs off to avoid SoC hangs net: prevent skb corruption on frag list segmentation icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). udp6: fix udp6_ehashfn() typo ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: ntb_transport: fix possible memory leak while device_register() fails NTB: ntb_tool: Add check for devm_kcalloc ipv6/addrconf: fix a potential refcount underflow for idev net: dsa: qca8k: Add check for skb_copy platform/x86: wmi: Break possible infinite loop when parsing GUID kernel/trace: Fix cleanup logic of enable_trace_eprobe igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime nvme: fix the NVME_ID_NS_NVM_STS_MASK definition riscv, bpf: Fix inconsistent JIT image generation drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner drm/i915: Fix one wrong caching mode enum usage octeontx2-pf: Add additional check for MCAM rules erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF erofs: fix fsdax unavailability for chunk-based regular files wifi: airo: avoid uninitialized warning in airo_get_rate() bpf: cpumap: Fix memory leak in cpu_map_update_elem net/sched: flower: Ensure both minimum and maximum ports are specified riscv: mm: fix truncation warning on RV32 netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() net/sched: make psched_mtu() RTNL-less safe wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() net/sched: sch_qfq: refactor parsing of netlink parameters net/sched: sch_qfq: account for stab overhead in qfq_enqueue nvme-pci: fix DMA direction of unmapping integrity data fs/ntfs3: Check fields while reading ovl: let helper ovl_i_path_real() return the realinode ovl: fix null pointer dereference in ovl_get_acl_rcu() cifs: fix session state check in smb2_find_smb_ses drm/client: Send hotplug event after registering a client drm/amdgpu/sdma4: set align mask to 255 drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario drm/amdgpu: add the fan abnormal detection feature drm/amdgpu: Fix minmax warning drm/amd/pm: add abnormal fan detection for smu 13.0.0 f2fs: fix the wrong condition to determine atomic context f2fs: fix deadlock in i_xattr_sem and inode page lock pinctrl: amd: Add Z-state wake control bits pinctrl: amd: Adjust debugfs output pinctrl: amd: Add fields for interrupt status and wake status pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Detect and mask spurious interrupts pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Use amd_pinconf_set() for all config options pinctrl: amd: Drop pull up select configuration pinctrl: amd: Unify debounce handling into amd_pinconf_set() tpm: Do not remap from ACPI resources again for Pluton TPM tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms mtd: rawnand: meson: fix unaligned DMA buffers handling net: bcmgenet: Ensure MDIO unregistration has clocks enabled net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver kasan: add kasan_tag_mismatch prototype tracing/user_events: Fix incorrect return value for writing operation when events are disabled powerpc: Fail build if using recordmcount with binutils v2.37 misc: fastrpc: Create fastrpc scalar with correct buffer count powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 powerpc/64s: Fix native_hpte_remove() to be irq-safe MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: KVM: Fix NULL pointer dereference ext4: Fix reusing stale buffer heads from last failed mounting ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks ext4: fix to check return value of freeze_bdev() in ext4_shutdown() ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation fs: dlm: revert check required context while close soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup ext2/dax: Fix ext2_setsize when len is page aligned jfs: jfs_dmap: Validate db_l2nbperpage while mounting hwrng: imx-rngc - fix the timeout for init and self check dm integrity: reduce vmalloc space footprint on 32-bit architectures scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O s390/zcrypt: do not retry administrative requests PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold PCI: Release resource invalidated by coalescing PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: epf-test: Fix DMA transfer completion initialization PCI: epf-test: Fix DMA transfer completion detection PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test mfd: pm8008: Fix module autoloading md/raid0: add discard support for the 'original' layout dm init: add dm-mod.waitfor to wait for asynchronously probed block devices fs: dlm: return positive pid value for F_GETLK fs: dlm: fix cleanup pending ops when interrupted fs: dlm: interrupt posix locks only when process is killed fs: dlm: make F_SETLK use unkillable wait_event fs: dlm: fix mismatch of plock results from userspace scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh drm/amd/display: fix seamless odm transitions drm/amd/display: edp do not add non-edid timings drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 drm/amd/display: disable seamless boot if force_odm_combine is enabled drm/amdgpu: fix clearing mappings for BOs that are always valid in VM drm/amd: Disable PSR-SU on Parade 0803 TCON drm/amd/display: add a NULL pointer check drm/amd/display: Correct `DMUB_FW_VERSION` macro drm/amd/display: Add monitor specific edid quirk drm/amdgpu: avoid restore process run into dead loop. drm/ttm: Don't leak a resource on swapout move error serial: atmel: don't enable IRQs prematurely tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: imx: fix rs485 rx after tx firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() libceph: harden msgr2.1 frame segment length checks ceph: add a dedicated private data for netfs rreq ceph: fix blindly expanding the readahead windows ceph: don't let check_caps skip sending responses for revoke msgs xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly meson saradc: fix clock divider mask length opp: Fix use-after-free in lazy_opp_tables after probe deferral soundwire: qcom: fix storing port config out-of-bounds Revert "8250: add support for ASIX devices with a FIFO bug" bus: ixp4xx: fix IXP4XX_EXP_T1_MASK s390/decompressor: fix misaligned symbol build error dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter tracing/histograms: Add histograms to hist_vars if they have referenced variables tracing: Fix memory leak of iter->temp when reading trace_pipe nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices samples: ftrace: Save required argument registers in sample trampolines perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() regmap-irq: Fix out-of-bounds access when allocating config buffers net: ena: fix shift-out-of-bounds in exponential backoff ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() drm/amd/pm: share the code around SMU13 pcie parameters update drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 cifs: if deferred close is disabled then close files immediately xtensa: ISS: fix call to split_if_spec perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR PM: QoS: Restore support for default value on frequency QoS pwm: meson: modify and simplify calculation in meson_pwm_get_state pwm: meson: fix handling of period/duty if greater than UINT_MAX fprobe: Release rethook after the ftrace_ops is unregistered fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() tracing: Fix null pointer dereference in tracing_err_log_open() selftests: mptcp: connect: fail if nft supposed to work selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: userspace_pm: use correct server port selftests: mptcp: userspace_pm: report errors with 'remove' tests selftests: mptcp: depend on SYN_COOKIES selftests: mptcp: pm_nl_ctl: fix 32-bit support tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it tracing/user_events: Fix struct arg size match check scsi: qla2xxx: Multi-que support for TMF scsi: qla2xxx: Fix task management cmd failure scsi: qla2xxx: Fix task management cmd fail due to unavailable resource scsi: qla2xxx: Fix hang in task management scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix mem access after free scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Fix buffer overrun scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Correct the index of array scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue scsi: qla2xxx: Fix end of loop test MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" swiotlb: mark swiotlb_memblock_alloc() as __init net/sched: sch_qfq: reintroduce lmax bound check for MTU drm/atomic: Fix potential use-after-free in nonblocking commits net/ncsi: make one oem_gma function for all mfr id net/ncsi: change from ndo_set_mac_address to dev_set_mac_address Linux 6.1.40 Change-Id: I5cc6aab178c66d2a23fe2a8d21e71cc4a8b15acf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Chen Lin
|
128c06a34c |
ring-buffer: Do not swap cpu_buffer during resize process
[ Upstream commit
|
||
|
Zheng Yejian
|
77996fa5c6 |
ring-buffer: Fix wrong stat of cpu_buffer->read
[ Upstream commit |
||
|
Zheng Yejian
|
8b0b63fdac |
ring-buffer: Fix deadloop issue on reading trace_pipe
commit |