It may happen that zoned writes get reordered and hence that a zoned
device receives these out of order. If that happens, the SCSI error
handler will resubmit the zoned writes in LBA order. Only resubmit
zoned writes if the number of retries has not been exceeded. Otherwise
fail the zoned write.
Bug: 234829282
Change-Id: Ieb0e596df60b05f67d7c54ebd2e700e6c550d6f5
Signed-off-by: Bart Van Assche <bvanassche@google.com>
blk_mq_process_requeue_list() inserts requeued requests in front of other
requests. This is fine for all request types except for sequential zoned
writes. Hence this patch.
Bug: 234829282
Change-Id: If1f1aece17f425104a936b36db33eab5f9ba5c2d
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for supporting I/O priority in the storage stack.
Bug: 186902601
Change-Id: I387ac4792c89d88d131c5146b116a0393c01b096
Signed-off-by: Bart Van Assche <bvanassche@google.com>
memory allocations
We add these hooks to avoid key threads blocked in memory allocation
path.
-android_vh_free_unref_page_bypass ----We create a memory pool for the
key threads. This hook determines whether a page should be free to the
pool or to buddy freelist. It works with a existing hook
`android_vh_alloc_pages_reclaim_bypass`, which takes pages out of the
pool.
-android_vh_kvmalloc_node_use_vmalloc ----For key threads, we perfer
not to run into direct reclaim. So we clear __GFP_DIRECT_RECLAIM flag.
For threads which are not that important, we perfer use vmalloc.
-android_vh_should_alloc_pages_retry ----Before key threads run into
direct reclaim, we want to retry with a lower watermark.
-android_vh_unreserve_highatomic_bypass ----We want to keep more
highatomic pages when unreserve them to avoid highatomic allocation
failures.
-android_vh_rmqueue_bulk_bypass ----We found sometimes when key threads
run into rmqueue_bulk, it took several milliseconds spinning at
zone->lock or filling per-cpu pages. We use this hook to take pages from
the mempool mentioned above, rather than grab zone->lock and fill a
batch of pages to per-cpu.
Bug: 288216516
Bug: 304066882
Change-Id: I1656032d6819ca627723341987b6094775bc345f
Signed-off-by: Oven <liyangouwen1@oppo.com>
Signed-off-by: Qinglin Li <qinglin.li@amlogic.com>
(cherry picked from commit aa47cc7c206a8e159a735e6f1513ece6dac1e0ba)
__kvm_hyp_host_forward_smc() forwards SMCs to EL3, which means we
exit and enter the hypervisor without tracing those.
Add missing hyp events.
Bug: 304445720
Change-Id: I0b66c37f1521702764b12c038324c3fec3e499a6
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Store the hyp address in kvm_arm_hyp_host_fp_state[], to avoid having to
calculate it with kern_hyp_va() on every access.
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I52902c297f9b957a8d035be942e3cbeb32fed0a2
Allocate and map hyp memory to maintain the host's fp/simd state,
which is also used for SVE and SME, later in the initialization
process. The amount of memory needed to track the host's state
varies depending on the number of cpus in the system, whether
there's SVE support, as well as the SVE vector size. Much of the
state needed to extract this information isn't initialized yet at
kvm_hyp_reserve().
Fixes: 6dc9af85f7 ("ANDROID: KVM: arm64: Allocate host fp state at pkvm init rather than per cpu")
Bug: 303684934
Signed-off-by: Fuad Tabba <tabba@google.com>
Change-Id: I744be685a107ddd92c6975bafb0149aebad7bb55
[ Upstream commit f15f29fd47 ]
Chain binding only requires the rule addition/insertion command within
the same transaction. Removal of rules from chain bindings within the
same transaction makes no sense, userspace does not utilize this
feature. Replace nft_chain_is_bound() check to nft_chain_binding() in
rule deletion commands. Replace command implies a rule deletion, reject
this command too.
Rule flush command can also safely rely on this nft_chain_binding()
check because unbound chains are not allowed since 62e1e94b24
("netfilter: nf_tables: reject unbound chain set before commit phase").
Bug: 302085977
Fixes: d0e2c7de92 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9af8bb2afe)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I8b05dc37062824db4c2901000fdf701b38605d32
Commit 44042b4498 ("mm/page_alloc: allow high-order pages to be stored
on the per-cpu lists") adjusts the pcp batch size __rmqueue_pcplist()
allocates from rmqueue_bulk() in proportion to the page order.
This line was not properly carried forward when porting
commit 37b2d597bb ("ANDROID: mm: add cma pcp list") to android 13-5.15.
Fixes: 37b2d597bb ("ANDROID: mm: add cma pcp list")
Bug: 260129859
Change-Id: I28b7c22c75596176fd951974d1dd682ee1014efb
Signed-off-by: Patrick Daly <quic_pdaly@quicinc.com>
(cherry picked from commit 4931d96eb36e955fe72eee53b1ce834e2894ab5c)
Currently, cma_alloc() checks if the task has fatal signals pending
and simply bail out without updating return type(defaulting to EBUSY).
Update the return type to EINTR when cma allocation fails due to pending
fatal signals.
Bug: 245880180
Change-Id: Ibcef026a3af3417a5a10e0eae51017f477f6ac0f
Signed-off-by: Nikhil V <quic_nprakash@quicinc.com>
Some usb hubs will negotiate DisplayPort Alt mode with the device
but will then negotiate a data role swap after entering the alt
mode. The data role swap causes the device to unregister all alt
modes, however the usb hub will still send Attention messages
even after failing to reregister the Alt Mode. type_altmode_attention
currently does not verify whether or not a device's altmode partner
exists, which results in a NULL pointer error when dereferencing
the typec_altmode and typec_altmode_ops belonging to the altmode
partner.
Verify the presence of a device's altmode partner before sending
the Attention message to the Alt Mode driver.
Fixes: 8a37d87d72 ("usb: typec: Bus type for alternate modes")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230814180559.923475-1-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 288952921
(cherry picked from commit f236433064)
[rd: changed return type of typec_altmode_attention to void to not break
kmi, moved tcpm_log from error return to typec_altmode_attention as
dev_warn]
Change-Id: I054a6ef56b9b2d7c4e8167e8630a8c277910da88
Signed-off-by: RD Babiera <rdbabiera@google.com>
Commit 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
bypasses the pcplist on lock contention and returns the page directly to
the buddy list of the page's migratetype.
For pages that don't have their own pcplist, such as CMA and HIGHATOMIC,
the migratetype is temporarily updated such that the page can hitch a ride
on the MOVABLE pcplist. Their true type is later reassessed when flushing
in free_pcppages_bulk(). However, when lock contention is detected after
the type was already overridden, the bypass will then put the page on the
wrong buddy list.
Once on the MOVABLE buddy list, the page becomes eligible for fallbacks
and even stealing. In the case of HIGHATOMIC, otherwise ineligible
allocations can dip into the highatomic reserves. In the case of CMA, the
page can be lost from the CMA region permanently.
Use a separate pcpmigratetype variable for the pcplist override. Use the
original migratetype when going directly to the buddy. This fixes the bug
and should make the intentions more obvious in the code.
Originally sent here to address the HIGHATOMIC case:
https://lore.kernel.org/lkml/20230821183733.106619-4-hannes@cmpxchg.org/
Changelog updated in response to the CMA-specific bug report.
[mgorman@techsingularity.net: updated changelog]
Link: https://lkml.kernel.org/r/20230911181108.GA104295@cmpxchg.org
Fixes: 4b23a68f95 ("mm/page_alloc: protect PCP lists with a spinlock")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Joe Liu <joe.liu@mediatek.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 302075941
(cherry picked from commit 7b086755fb)
Change-Id: I5e62c941e0a91db551a56f4b8c1ae14f87fd2bc3
Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com>
Since commit 4e57a4ddf6 ("ARM: 9107/1: syscall: always store
thread_info->abi_syscall"), the seccomp selftests "syscall_errno"
and "syscall_faked" have been broken. Both seccomp and PTRACE depend
on using the special value of "-1" for skipping syscalls. This value
wasn't working because it was getting masked by __NR_SYSCALL_MASK in
both PTRACE_SET_SYSCALL and get_syscall_nr().
Explicitly test for -1 in PTRACE_SET_SYSCALL and get_syscall_nr(),
leaving it exposed when present, allowing tracers to skip syscalls
again.
Cc: Russell King <linux@armlinux.org.uk>
Cc: Arnd Bergmann <arnd@kernel.org>
Cc: Lecopzer Chen <lecopzer.chen@mediatek.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: linux-arm-kernel@lists.infradead.org
Fixes: 4e57a4ddf6 ("ARM: 9107/1: syscall: always store thread_info->abi_syscall")
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20230810195422.2304827-2-keescook@chromium.org
Change-Id: I5b13c06a9cca85d13beec809a695198a7696df45
Signed-off-by: Kees Cook <keescook@chromium.org>
(cherry picked from commit 4697b5848b)
Bug: 289991100
Signed-off-by: Edward Liaw <edliaw@google.com>
This patch tries to preload extent_cache given POSIX_FADV_WILLNEED, which is
more useful for generic usecases.
Bug: 301585673
Bug: 296299682
Fixes: f43b021e14 ("FROMGIT: f2fs: preload extent_cache for POSIX_FADV_WILLNEED")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 3e729e50d01e6a336132d1739866a6463f82faa9
https://git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev)
Change-Id: I11702b172270b143209407d06aa0338f19f19b43
By this vh, so that we can reimplement the function xhci_urb_suitable_for_idt()
Bug: 301055890
Change-Id: I5e4eabf1155eceb650eee6a42b0e00e8d55281dc
Signed-off-by: Wanwei Jiang <wanwei.jiang@amlogic.com>
Update_io_stats_uid_locked would take a long lock-time of uid_lock due to
call do_each_thread to compute uid_entry->io, which would cause to lock
competition sometime.
Using uid_entry_tmp to get the result of update_io_stats_uid, so that we
can unlock_uid during update_io_stats_uid, in order to avoid the
unnecessary lock-time of uid_lock.
Bug: 278138377
Signed-off-by: Peifeng Li <lipeifeng@oppo.com>
(cherry picked from https://android-review.googlesource.com/q/commit:c1fa53f3cf85c0a1c23f0e0a944986b4aa049073)
Merged-In: I5be62105e57e2a896a95d906e3c14e17c7f8077d
Change-Id: I5be62105e57e2a896a95d906e3c14e17c7f8077d
locks for each hlist in hash_table.
1.Hash_table in uid_sys_stat is protected by a global lock named id_lock,
which causes some lock competition issue. Actually, uid_lock can be split to
several file-grained locks for each hlist in hash_table, which avoid
the unnecessary lock competition when get different-uid process info.
2. Switching rt-mutex to spinlock, in order to operate with read_rcu_lock.
Bug: 278138377
Signed-off-by: Peifeng Li <lipeifeng@oppo.com>
(cherry picked from https://android-review.googlesource.com/q/commit:c949fbdce0bc792dea206c709d909094be579c3a)
Merged-In: Ib252b65e9aebe3a594e6edf075f7aa01f8e6105d
Change-Id: Ib252b65e9aebe3a594e6edf075f7aa01f8e6105d
Some IOMMU devices might be deferred after the driver being
loaded early, so we need to flush the deferred probe list,
this will work if all dependencies already exist.
Bug: 290582379
Change-Id: I5fb3af9b0f7d1b4dbf57078707112dfdb8a3dc23
Signed-off-by: Saravana Kannan <saravanak@google.com>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Commit d096d35445 ("ANDROID: KVM: arm64: Have different callbacks for
PTE manipulation") accidentally forces the use of pte-level mappings for
the guest stage-2 page-table when not using pKVM.
This confuses user_mem_abort() when the guest takes a permission fault
trying to execute from a huge page. Since the fault is reported at the
pte-level, we end up handling it as a translation fault by calling
kvm_pgtable_stage2_map() which dutifully returns -EAGAIN when it finds
the RW PTE. Consequently, the guest appears to hang randomly during boot.
Fix the issue by inverting stage2_force_pte_cb() so that the host is in
complete control of the mapping granularity of the guest when pKVM is
not being used.
Cc: Fuad Tabba <tabba@google.com>
Cc: Mostafa Saleh <smostafa@google.com>
Fixes: d096d35445 ("ANDROID: KVM: arm64: Have different callbacks for PTE manipulation")
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 222044487
Change-Id: Ideab281ae6d1d5c0fd29fba03ad8ed1cae521a1e
When building using kleaf on an host distribution with glibc 2.38 or later,
there is a linkage failure when building resolve_btfids:
ld.lld: error: undefined symbol: __isoc23_strtol
>>> referenced by stdlib.h:483 (/usr/include/stdlib.h:483)
>>> libsubcmd-in.o:(pretty_print_string_list) in archive .../libsubcmd.a
>>> referenced by stdlib.h:483 (/usr/include/stdlib.h:483)
>>> libsubcmd-in.o:(pretty_print_string_list) in archive .../libsubcmd.a
>>> referenced by stdlib.h:483 (/usr/include/stdlib.h:483)
>>> libsubcmd-in.o:(pager_get_columns) in archive .../libsubcmd.a
>>> referenced 2 more times
ld.lld: error: undefined symbol: __isoc23_strtoul
>>> referenced by parse-options.c:314 (.../tools/lib/subcmd/parse-options.c:314)
>>> libsubcmd-in.o:(get_value) in archive .../libsubcmd.a
ld.lld: error: undefined symbol: __isoc23_strtoull
>>> referenced by parse-options.c:332 (.../tools/lib/subcmd/parse-options.c:332)
>>> libsubcmd-in.o:(get_value) in archive .../libsubcmd.a
clang-17: error: linker command failed with exit code 1 (use -v to see invocation)
These errors imply that the files were build against glibc 2.38 headers
but attempted to be linked with an older glibc version.
Building with '--debug_make_verbosity=D' reveals that the libsubcmd
object files are not built with the additional HOSTCFLAGS the Android
build system provides for a hermetic build (namely '-I' for .c files),
so they build against the system's headers but link against Android's
glibc 2.17, resulting in the error above.
This is not an issue upstream after
commit 13e07691a1 ("tools/resolve_btfids: Alter how HOSTCC is
forced"), as HOST_OVERRIDES (which contains HOSTCFLAGS via EXTRA_CFLAGS)
is passed along to libsubcmd. That change is quite invasive as a
backport for 5.15 and earlier. As a miminal fix, pass CFLAGS (which
contains HOSTCFLAGS via KBUILD_HOSTCFLAGS) to the libsubcmd build via
EXTRA_CFLAGS, which really should have been done upstream in
commit 0e3a1c902f ("tools/resolve_btfids: Build with host flags"),
which is present in this branch as commit 9e332a14f3 ("FROMGIT:
tools/resolve_btfids: Build with host flags").
Bug: 301145081
Change-Id: I91c1c9a8fb8f83118a6b8ec4da6cc33a773f2124
Fixes: 368cd63174 ("FROMGIT: tools/resolve_btfids: Build with host flags")
Link: https://github.com/ClangBuiltLinux/linux/issues/1929
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
When applying HOSTCFLAGS to the libsubcmd build to resolve a separate
issue, which contain '-std=gnu89' prior to commit 1e24078113 ("Kbuild:
use -std=gnu11 for KBUILD_USERCFLAGS"), the following warning/error
occurs:
parse-options.c:643:8: error: GCC does not allow variable declarations in for loop initializers before C99 [-Werror,-Wgcc-compat]
for (int i = 0; subcommands[i]; i++) {
^
parse-options.c:669:9: error: GCC does not allow variable declarations in for loop initializers before C99 [-Werror,-Wgcc-compat]
for (int i = 0; subcommands[i]; i++)
^
This issue was never visible upstream, as commit 1e24078113 ("Kbuild:
use -std=gnu11 for KBUILD_USERCFLAGS") was applied before
commit 13e07691a1 ("tools/resolve_btfids: Alter how HOSTCC is
forced"). Prior to the latter change, there was no '-std=' flag passed
to the libsubcmd build, so the default standard value was used, which
may be newer than C99.
To resolve this issue to unblock applying HOSTCFLAGS to libsubcmd, just
hoist the declarations out of the for loops.
Bug: 301145081
Change-Id: I41f17964f3d0822b026f6ae8f06a4d49bc7f15a9
Link: https://github.com/ClangBuiltLinux/linux/issues/1929
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Revert commit 9102217567 ("ANDROID: block: Send requeued requests to
the I/O scheduler") because these changes are not needed for any use
case.
Bug: 298142254
Change-Id: I0a0e51a46d56c2c433ae5900d69e69ee2abad7a0
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Revert commit 5d90f7cbaf ("ANDROID: block: Preserve the order of
requeued requests") because it is no longer needed. A mechanism has
been added in the SCSI core for sorting zoned writes by LBA. This
patch includes changes to compensate for the move of the requeue_work
member from struct request_queue into struct internal_request_queue.
Bug: 298142254
Change-Id: I35161cfff058d518c3ac5835c6bfcedb8fb567c7
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Restore the struct request_queue requeue_work member without modifying
the KMI. The approach of this patch works because blk_dev_init() is the
only function that needs to know the size of a request queue structure.
This patch prepares for reverting "Preserve the order of requeued
requests".
See also commit 619ba336c3 ("ANDROID: block: Remove
request_queue.requeue_work").
Bug: 298142254
Change-Id: I108ceb9f58cec521f81fd8cf82f38185376a7a6b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The logical unit information is missing from the UFS command tracing
output. Although the device name is logged, e.g. 13200000.ufs, this
name does not include logical unit information. Hence this patch that
replaces the device name with the SCSI ID in the tracing output. An
example of tracing output with this patch applied:
kworker/8:0H-80 [008] ..... 89.106063: ufshcd_command: send_req: 0:0:0:4: tag: 10, DB: 0x7ffffbff, size: 524288, IS: 0, LBA: 1085538, opcode: 0x8a (WRITE_16), group_id: 0x0
dd-4225 [000] d.h.. 89.106219: ufshcd_command: complete_rsp: 0:0:0:4: tag: 11, DB: 0x7ffff7ff, size: 524288, IS: 0, LBA: 1081728, opcode: 0x8a (WRITE_16), group_id: 0x0
Bug: 299493745
Change-Id: I140a5b0bfea25d17d0c0e46038cb016d8f6ca589
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
(cherry picked from commit ccc3e1363069c5955045824bb0e63c51d8873e25 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Advanced Dot product is a feature present in AArch32 state for Armv8 and
is represented by ISAR6 identification register.
This feature denotes the presence of UDOT and SDOT instructions and hence adding a hwcap will enable the userspace to check it before trying to use those instructions.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Bug: 282663915
(cherry picked from commit 62ea0d873a)
Change-Id: I27cd1e060ec48ec3302c23b566ef9f50f7dc384e
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Floating point half-precision (FPHP) and Advanced SIMD half-precision
(ASIMDHP) are VFP features (FEAT_FP16) represented by MVFR1 identification register. These capabilities can optionally exist with VFPv3 and mandatory with VFPv4. Both these new features exist for Armv8 architecture in AArch32 state.
These hwcaps may be useful for the userspace to add conditional check
before trying to use FEAT_FP16 feature specific instructions.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Bug: 282663915
(cherry picked from commit c00a19c8b1)
Change-Id: I46af49d39168b0d35db05cdd1499f9b7df030f09
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
AArch32 Instruction Set Attribute Register 6 (ID_ISAR6_EL1) and AArch32
Processor Feature Register 2 (ID_PFR2_EL1) identifies some new features
for the Armv8 architecture. This registers will be utilized to add
hwcaps for those cpu features.
These registers are marked as reserved for Armv7 and should be a RAZ.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Bug: 282663915
(cherry picked from commit 74c344e6f1)
Change-Id: I5545dbb3d22424ef130c0f95e92ee31a9e7de9be
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
While porting [1] from 5.10 kernel there was a bug introduced which
results in CMA pages ending up in MIGRATE_MOVABLE pcp list. Remove
the extra line.
[1] https://android-review.googlesource.com/c/kernel/common/+/2059993
Fixes: 98f3cc7ecd ("ANDROID: mm: freeing MIGRATE_ISOLATE page instantly")
Bug: 299241869
Change-Id: Ia63bca17e455460eb9f22a1190c991159c44acaa
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
commit 3c4f8333b5 upstream.
In commit 9b9c8195f3 ("tty: n_gsm: fix UAF in gsm_cleanup_mux"), the UAF
problem is not completely fixed. There is a race condition in
gsm_cleanup_mux(), which caused this UAF.
The UAF problem is triggered by the following race:
task[5046] task[5054]
----------------------- -----------------------
gsm_cleanup_mux();
dlci = gsm->dlci[0];
mutex_lock(&gsm->mutex);
gsm_cleanup_mux();
dlci = gsm->dlci[0]; //Didn't take the lock
gsm_dlci_release(gsm->dlci[i]);
gsm->dlci[i] = NULL;
mutex_unlock(&gsm->mutex);
mutex_lock(&gsm->mutex);
dlci->dead = true; //UAF
Fix it by assigning values after mutex_lock().
Bug: 291178675
Link: https://syzkaller.appspot.com/text?tag=CrashReport&x=176188b5a80000
Cc: stable <stable@kernel.org>
Fixes: 9b9c8195f3 ("tty: n_gsm: fix UAF in gsm_cleanup_mux")
Fixes: aa371e96f0 ("tty: n_gsm: fix restart handling via CLD command")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Co-developed-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Link: https://lore.kernel.org/r/20230811031121.153237-1-yiyang13@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 31311a9a4b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I460a0f21f4121531d7732e09643a451382dfa2da
