mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-06 19:08:57 +09:00
3b2e004494de3fa54fffaf220eeb1512cc49dada
1165241 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Simon Arlott
|
f7ab9e14b2 |
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
commit 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 upstream.
The mcp251x_hw_wake() function is called with the mpc_lock mutex held and
disables the interrupt handler so that no interrupts can be processed while
waking the device. If an interrupt has already occurred then waiting for
the interrupt handler to complete will deadlock because it will be trying
to acquire the same mutex.
CPU0 CPU1
---- ----
mcp251x_open()
mutex_lock(&priv->mcp_lock)
request_threaded_irq()
<interrupt>
mcp251x_can_ist()
mutex_lock(&priv->mcp_lock)
mcp251x_hw_wake()
disable_irq() <-- deadlock
Use disable_irq_nosync() instead because the interrupt handler does
everything while holding the mutex so it doesn't matter if it's still
running.
Fixes:
|
||
|
Satya Priya Kakitapalli
|
fbf8b038cb |
clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
commit 4ad1ed6ef27cab94888bb3c740c14042d5c0dff2 upstream.
Correct the pll postdiv shift used in clk_trion_pll_postdiv_set_rate
API. The shift value is not same for different types of plls and
should be taken from the pll's .post_div_shift member.
Fixes:
|
||
|
Satya Priya Kakitapalli
|
68dc9cceb6 |
clk: qcom: clk-alpha-pll: Fix the pll post div mask
commit 2c4553e6c485a96b5d86989eb9654bf20e51e6dd upstream.
The PLL_POST_DIV_MASK should be 0 to (width - 1) bits. Fix it.
Fixes:
|
||
|
Seunghwan Baek
|
ae7b2bd3d4 |
mmc: cqhci: Fix checking of CQHCI_HALT state
commit aea62c744a9ae2a8247c54ec42138405216414da upstream.
To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT
bit. At this time, we need to check with &, not &&.
Fixes:
|
||
|
Jann Horn
|
42cbbd9513 |
fuse: use unsigned type for getxattr/listxattr size truncation
commit b18915248a15eae7d901262f108d6ff0ffb4ffc1 upstream.
The existing code uses min_t(ssize_t, outarg.size, XATTR_LIST_MAX) when
parsing the FUSE daemon's response to a zero-length getxattr/listxattr
request.
On 32-bit kernels, where ssize_t and outarg.size are the same size, this is
wrong: The min_t() will pass through any size values that are negative when
interpreted as signed.
fuse_listxattr() will then return this userspace-supplied negative value,
which callers will treat as an error value.
This kind of bug pattern can lead to fairly bad security bugs because of
how error codes are used in the Linux kernel. If a caller were to convert
the numeric error into an error pointer, like so:
struct foo *func(...) {
int len = fuse_getxattr(..., NULL, 0);
if (len < 0)
return ERR_PTR(len);
...
}
then it would end up returning this userspace-supplied negative value cast
to a pointer - but the caller of this function wouldn't recognize it as an
error pointer (IS_ERR_VALUE() only detects values in the narrow range in
which legitimate errno values are), and so it would just be treated as a
kernel pointer.
I think there is at least one theoretical codepath where this could happen,
but that path would involve virtio-fs with submounts plus some weird
SELinux configuration, so I think it's probably not a concern in practice.
Cc: stable@vger.kernel.org # v4.9
Fixes:
|
||
|
Liao Chen
|
3a5a2a08b8 |
mmc: sdhci-of-aspeed: fix module autoloading
commit 6e540da4c1db7b840e347c4dfe48359b18b7e376 upstream.
Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded
based on the alias from of_device_id table.
Signed-off-by: Liao Chen <liaochen4@huawei.com>
Acked-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Fixes:
|
||
|
Joanne Koong
|
b5123ba74a |
fuse: update stats for pages in dropped aux writeback list
commit f7790d67785302b3116bbbfda62a5a44524601a3 upstream.
In the case where the aux writeback list is dropped (e.g. the pages
have been truncated or the connection is broken), the stats for
its pages and backing device info need to be updated as well.
Fixes:
|
||
|
Sam Protsenko
|
373f8f5b08 |
mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890 upstream.
Commit 616f87661792 ("mmc: pass queue_limits to blk_mq_alloc_disk") [1]
revealed the long living issue in dw_mmc.c driver, existing since the
time when it was first introduced in commit
|
||
|
Jonathan Bell
|
8cb8f89fd5 |
mmc: core: apply SD quirks earlier during probe
commit 469e5e4713989fdd5e3e502b922e7be0da2464b9 upstream.
Applying MMC_QUIRK_BROKEN_SD_CACHE is broken, as the card's SD quirks are
referenced in sd_parse_ext_reg_perf() prior to the quirks being initialized
in mmc_blk_probe().
To fix this problem, let's split out an SD-specific list of quirks and
apply in mmc_sd_init_card() instead. In this way, sd_read_ext_regs() to has
the available information for not assigning the SD_EXT_PERF_CACHE as one of
the (un)supported features, which in turn allows mmc_sd_init_card() to
properly skip execution of sd_enable_cache().
Fixes:
|
||
|
Luiz Augusto von Dentz
|
6e7989e9a0 |
Bluetooth: MGMT: Ignore keys being loaded with invalid type
commit 1e9683c9b6ca88cc9340cdca85edd6134c8cffe3 upstream. Due to 59b047bc98084f8af2c41483e4d68a5adf2fa7f7 there could be keys stored with the wrong address type so this attempt to detect it and ignore them instead of just failing to load all keys. Cc: stable@vger.kernel.org Link: https://github.com/bluez/bluez/issues/875 Fixes: 59b047bc9808 ("Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Luiz Augusto von Dentz
|
547017ba86 |
Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
commit 532f8bcd1c2c4e8112f62e1922fd1703bc0ffce0 upstream.
This reverts commit 59b047bc98084f8af2c41483e4d68a5adf2fa7f7 which
breaks compatibility with commands like:
bluetoothd[46328]: @ MGMT Command: Load.. (0x0013) plen 74 {0x0001} [hci0]
Keys: 2
BR/EDR Address: C0:DC:DA:A5:E5:47 (Samsung Electronics Co.,Ltd)
Key type: Authenticated key from P-256 (0x03)
Central: 0x00
Encryption size: 16
Diversifier[2]: 0000
Randomizer[8]: 0000000000000000
Key[16]: 6ed96089bd9765be2f2c971b0b95f624
LE Address: D7:2A:DE:1E:73:A2 (Static)
Key type: Unauthenticated key from P-256 (0x02)
Central: 0x00
Encryption size: 16
Diversifier[2]: 0000
Randomizer[8]: 0000000000000000
Key[16]: 87dd2546ededda380ffcdc0a8faa4597
@ MGMT Event: Command Status (0x0002) plen 3 {0x0001} [hci0]
Load Long Term Keys (0x0013)
Status: Invalid Parameters (0x0d)
Cc: stable@vger.kernel.org
Link: https://github.com/bluez/bluez/issues/875
Fixes: 59b047bc9808 ("Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Georg Gottleuber
|
7e328cf972 |
nvme-pci: Add sleep quirk for Samsung 990 Evo
commit 61aa894e7a2fda4ee026523b01d07e83ce2abb72 upstream. On some TUXEDO platforms, a Samsung 990 Evo NVMe leads to a high power consumption in s2idle sleep (2-3 watts). This patch applies 'Force No Simple Suspend' quirk to achieve a sleep with a lower power consumption, typically around 0.5 watts. Signed-off-by: Georg Gottleuber <ggo@tuxedocomputers.com> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com> Cc: <stable@vger.kernel.org> Signed-off-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Roland Xu
|
a92d81c9ef |
rtmutex: Drop rt_mutex::wait_lock before scheduling
commit d33d26036a0274b472299d7dcdaa5fb34329f91b upstream.
rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the
good case it returns with the lock held and in the deadlock case it emits a
warning and goes into an endless scheduling loop with the lock held, which
triggers the 'scheduling in atomic' warning.
Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning
and dropping into the schedule for ever loop.
[ tglx: Moved unlock before the WARN(), removed the pointless comment,
massaged changelog, added Fixes tag ]
Fixes:
|
||
|
Thomas Gleixner
|
8d3dc52ff3 |
x86/kaslr: Expose and use the end of the physical memory address space
commit ea72ce5da22806d5713f3ffb39a6d5ae73841f93 upstream.
iounmap() on x86 occasionally fails to unmap because the provided valid
ioremap address is not below high_memory. It turned out that this
happens due to KASLR.
KASLR uses the full address space between PAGE_OFFSET and vaddr_end to
randomize the starting points of the direct map, vmalloc and vmemmap
regions. It thereby limits the size of the direct map by using the
installed memory size plus an extra configurable margin for hot-plug
memory. This limitation is done to gain more randomization space
because otherwise only the holes between the direct map, vmalloc,
vmemmap and vaddr_end would be usable for randomizing.
The limited direct map size is not exposed to the rest of the kernel, so
the memory hot-plug and resource management related code paths still
operate under the assumption that the available address space can be
determined with MAX_PHYSMEM_BITS.
request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1
downwards. That means the first allocation happens past the end of the
direct map and if unlucky this address is in the vmalloc space, which
causes high_memory to become greater than VMALLOC_START and consequently
causes iounmap() to fail for valid ioremap addresses.
MAX_PHYSMEM_BITS cannot be changed for that because the randomization
does not align with address bit boundaries and there are other places
which actually require to know the maximum number of address bits. All
remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found
to be correct.
Cure this by exposing the end of the direct map via PHYSMEM_END and use
that for the memory hot-plug and resource management related places
instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END
maps to a variable which is initialized by the KASLR initialization and
otherwise it is based on MAX_PHYSMEM_BITS as before.
To prevent future hickups add a check into add_pages() to catch callers
trying to add memory above PHYSMEM_END.
Fixes:
|
||
|
Ma Ke
|
edafbf36e2 |
irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
commit c5af2c90ba5629f0424a8d315f75fb8d91713c3c upstream.
gicv2m_of_init() fails to perform an of_node_put() when
of_address_to_resource() fails, leading to a refcount leak.
Address this by moving the error handling path outside of the loop and
making it common to all failure modes.
Fixes:
|
||
|
Kan Liang
|
15210b7c8c |
perf/x86/intel: Limit the period on Haswell
commit 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b upstream.
Running the ltp test cve-2015-3290 concurrently reports the following
warnings.
perfevents: irq loop stuck!
WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174
intel_pmu_handle_irq+0x285/0x370
Call Trace:
<NMI>
? __warn+0xa4/0x220
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? report_bug+0x3e/0xa0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x50
? asm_exc_invalid_op+0x1a/0x20
? irq_work_claim+0x1e/0x40
? intel_pmu_handle_irq+0x285/0x370
perf_event_nmi_handler+0x3d/0x60
nmi_handle+0x104/0x330
Thanks to Thomas Gleixner's analysis, the issue is caused by the low
initial period (1) of the frequency estimation algorithm, which triggers
the defects of the HW, specifically erratum HSW11 and HSW143. (For the
details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)
The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL
event, but the initial period in the freq mode is 1. The erratum is the
same as the BDM11, which has been supported in the kernel. A minimum
period of 128 is enforced as well on HSW.
HSW143 is regarding that the fixed counter 1 may overcount 32 with the
Hyper-Threading is enabled. However, based on the test, the hardware
has more issues than it tells. Besides the fixed counter 1, the message
'interrupt took too long' can be observed on any counter which was armed
with a period < 32 and two events expired in the same NMI. A minimum
period of 32 is enforced for the rest of the events.
The recommended workaround code of the HSW143 is not implemented.
Because it only addresses the issue for the fixed counter. It brings
extra overhead through extra MSR writing. No related overcounting issue
has been reported so far.
Fixes:
|
||
|
Kirill A. Shutemov
|
26c6af49d2 |
x86/tdx: Fix data leak in mmio_read()
commit b6fb565a2d15277896583d471b21bc14a0c99661 upstream.
The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an
address from the VMM.
Sean noticed that mmio_read() unintentionally exposes the value of an
initialized variable (val) on the stack to the VMM.
This variable is only needed as an output value. It did not need to be
passed to the VMM in the first place.
Do not send the original value of *val to the VMM.
[ dhansen: clarify what 'val' is used for. ]
Fixes:
|
||
|
Zheng Qixing
|
e1cbd23d5f |
ata: libata: Fix memory leak for error path in ata_host_alloc()
commit 284b75a3d83c7631586d98f6dede1d90f128f0db upstream.
In ata_host_alloc(), if devres_alloc() fails to allocate the device host
resource data pointer, the already allocated ata_host structure is not
freed before returning from the function. This results in a potential
memory leak.
Call kfree(host) before jumping to the error handling path to ensure
that the ata_host structure is properly freed if devres_alloc() fails.
Fixes:
|
||
|
Dan Carpenter
|
eaebe313e8 |
ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
commit 844436e045ac2ab7895d8b281cb784a24de1d14d upstream.
Unlock before returning an error code if this allocation fails.
Fixes:
|
||
|
Namjae Jeon
|
93d54a4b59 |
ksmbd: unset the binding mark of a reused connection
commit 78c5a6f1f630172b19af4912e755e1da93ef0ab5 upstream.
Steve French reported null pointer dereference error from sha256 lib.
cifs.ko can send session setup requests on reused connection.
If reused connection is used for binding session, conn->binding can
still remain true and generate_preauth_hash() will not set
sess->Preauth_HashValue and it will be NULL.
It is used as a material to create an encryption key in
ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer
dereference error from crypto_shash_update().
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 8 PID: 429254 Comm: kworker/8:39
Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )
Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]
<TASK>
? show_regs+0x6d/0x80
? __die+0x24/0x80
? page_fault_oops+0x99/0x1b0
? do_user_addr_fault+0x2ee/0x6b0
? exc_page_fault+0x83/0x1b0
? asm_exc_page_fault+0x27/0x30
? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]
? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
_sha256_update+0x77/0xa0 [sha256_ssse3]
sha256_avx2_update+0x15/0x30 [sha256_ssse3]
crypto_shash_update+0x1e/0x40
hmac_update+0x12/0x20
crypto_shash_update+0x1e/0x40
generate_key+0x234/0x380 [ksmbd]
generate_smb3encryptionkey+0x40/0x1c0 [ksmbd]
ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]
ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]
smb2_sess_setup+0x952/0xaa0 [ksmbd]
__process_request+0xa3/0x1d0 [ksmbd]
__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]
handle_ksmbd_work+0x2d/0xa0 [ksmbd]
process_one_work+0x16c/0x350
worker_thread+0x306/0x440
? __pfx_worker_thread+0x10/0x10
kthread+0xef/0x120
? __pfx_kthread+0x10/0x10
ret_from_fork+0x44/0x70
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
Fixes:
|
||
|
Maximilien Perreault
|
a7e2b07844 |
ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
commit 47a9e8dbb8d4713a9aac7cc6ce3c82dcc94217d8 upstream. The mute LED on this HP laptop uses ALC236 and requires a quirk to function. This patch enables the existing quirk for the device. Signed-off-by: Maximilien Perreault <maximilienperreault@gmail.com> Cc: <stable@vger.kernel.org> Link: https://patch.msgid.link/20240904031013.21220-1-maximilienperreault@gmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Terry Cheong
|
ed2bb2583f |
ALSA: hda/realtek: add patch for internal mic in Lenovo V145
commit ef27e89e7f3015be2b3c124833fbd6d2e4686561 upstream. Lenovo V145 is having phase inverted dmic but simply applying inverted dmic fixups does not work. Chaining up verb fixes for ALC283 enables inverting dmic fixup to work properly. Signed-off-by: Terry Cheong <htcheong@chromium.org> Cc: <stable@vger.kernel.org> Link: https://patch.msgid.link/20240830-lenovo-v145-fixes-v3-1-f7b7265068fa@chromium.org Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Christoffer Sandberg
|
702b2f1ac1 |
ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
commit 4178d78cd7a86510ba68d203f26fc01113c7f126 upstream. The Sirius notebooks have two sets of speakers 0x17 (sides) and 0x1d (top center). The side speakers are active by default but the top speakers aren't. This patch provides a pincfg quirk to activate the top speakers. Signed-off-by: Christoffer Sandberg <cs@tuxedo.de> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20240827102540.9480-1-wse@tuxedocomputers.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Ravi Bangoria
|
6c71e04390 |
KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
commit 54950bfe2b69cdc06ef753872b5225e54eb73506 upstream.
If host supports Bus Lock Detect, KVM advertises it to guests even if
SVM support is absent. Additionally, guest wouldn't be able to use it
despite guest CPUID bit being set. Fix it by unconditionally clearing
the feature bit in KVM cpu capability.
Reported-by: Jim Mattson <jmattson@google.com>
Closes: https://lore.kernel.org/r/CALMp9eRet6+v8Y1Q-i6mqPm4hUow_kJNhmVHfOV8tMfuSS=tVg@mail.gmail.com
Fixes:
|
||
|
Maxim Levitsky
|
11800db8e3 |
KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
commit dad1613e0533b380318281c1519e1a3477c2d0d2 upstream. If these msrs are read by the emulator (e.g due to 'force emulation' prefix), SVM code currently fails to extract the corresponding segment bases, and return them to the emulator. Fix that. Cc: stable@vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Link: https://lore.kernel.org/r/20240802151608.72896-3-mlevitsk@redhat.com Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Sean Christopherson
|
fa297c33fa |
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
commit 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 upstream.
Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly
leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX
reads guest memory.
Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN
via sync_regs(), which already holds SRCU. I.e. trying to precisely use
kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause
problems. Acquiring SRCU isn't all that expensive, so for simplicity,
grab it unconditionally for KVM_SET_VCPU_EVENTS.
=============================
WARNING: suspicious RCU usage
6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted
-----------------------------
include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by repro/1071:
#0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]
stack backtrace:
CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Call Trace:
<TASK>
dump_stack_lvl+0x7f/0x90
lockdep_rcu_suspicious+0x13f/0x1a0
kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]
kvm_vcpu_read_guest+0x3e/0x90 [kvm]
nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]
load_vmcs12_host_state+0x432/0xb40 [kvm_intel]
vmx_leave_nested+0x30/0x40 [kvm_intel]
kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]
kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]
? mark_held_locks+0x49/0x70
? kvm_vcpu_ioctl+0x7d/0x970 [kvm]
? kvm_vcpu_ioctl+0x497/0x970 [kvm]
kvm_vcpu_ioctl+0x497/0x970 [kvm]
? lock_acquire+0xba/0x2d0
? find_held_lock+0x2b/0x80
? do_user_addr_fault+0x40c/0x6f0
? lock_release+0xb7/0x270
__x64_sys_ioctl+0x82/0xb0
do_syscall_64+0x6c/0x170
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7ff11eb1b539
</TASK>
Fixes:
|
||
|
robelin
|
fe5046ca91 |
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
commit b4a90b543d9f62d3ac34ec1ab97fc5334b048565 upstream.
When using kernel with the following extra config,
- CONFIG_KASAN=y
- CONFIG_KASAN_GENERIC=y
- CONFIG_KASAN_INLINE=y
- CONFIG_KASAN_VMALLOC=y
- CONFIG_FRAME_WARN=4096
kernel detects that snd_pcm_suspend_all() access a freed
'snd_soc_pcm_runtime' object when the system is suspended, which
leads to a use-after-free bug:
[ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270
[ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330
[ 52.047785] Call trace:
[ 52.047787] dump_backtrace+0x0/0x3c0
[ 52.047794] show_stack+0x34/0x50
[ 52.047797] dump_stack_lvl+0x68/0x8c
[ 52.047802] print_address_description.constprop.0+0x74/0x2c0
[ 52.047809] kasan_report+0x210/0x230
[ 52.047815] __asan_report_load1_noabort+0x3c/0x50
[ 52.047820] snd_pcm_suspend_all+0x1a8/0x270
[ 52.047824] snd_soc_suspend+0x19c/0x4e0
The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before
making any access. So we need to always set 'substream->runtime' to NULL
everytime we kfree() it.
Fixes:
|
||
|
Stephen Hemminger
|
db2c235682 |
sch/netem: fix use after free in netem_dequeue
commit 3b3a2a9c6349e25a025d2330f479bc33a6ccb54a upstream.
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMIT_STOLEN. The packet is dropped but
qdisc_tree_reduce_backlog() is not called to update the parent's
q.qlen, leading to the similar use-after-free as Commit
e04991a48dbaf382 ("netem: fix return value if duplicate enqueue
fails")
Commands to trigger KASAN UaF:
ip link add type dummy
ip link set lo up
ip link set dummy0 up
tc qdisc add dev lo parent root handle 1: drr
tc filter add dev lo parent 1: basic classid 1:1
tc class add dev lo classid 1:1 drr
tc qdisc add dev lo parent 1:1 handle 2: netem
tc qdisc add dev lo parent 2: handle 3: drr
tc filter add dev lo parent 3: basic classid 3:1 action mirred egress
redirect dev dummy0
tc class add dev lo classid 3:1 drr
ping -c1 -W0.01 localhost # Trigger bug
tc class del dev lo classid 1:1
tc class add dev lo classid 1:1 drr
ping -c1 -W0.01 localhost # UaF
Fixes:
|
||
|
Greg Kroah-Hartman
|
00364d577d |
Revert "perf: Fix event leak upon exec and file release"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
e3e84f6205 |
Revert "sbitmap: fix io hung due to race on sbitmap_word::cleared"
This reverts commit
|
||
|
Pierre Couillaud
|
b18f8bbc04 |
ANDROID: GKI: Update symbol list for BCMSTB
Remove symbols obsoleted since including CONFIG_SERIAL_8250_BCM7271 Bug: 365149220 Change-Id: Id35a1c68e27359fa5e8a2d90cfa7be5346875ebf Signed-off-by: Pierre Couillaud <pierre@broadcom.com> |
||
|
Mukesh Ojha
|
ff74052448 |
BACKPORT: binder_alloc: Fix sleeping function called from invalid context
36c55ce8703c ("binder_alloc: Replace kcalloc with kvcalloc to
mitigate OOM issues") introduced schedule while atomic issue.
[ 2689.152635][ T4275] BUG: sleeping function called from invalid context at mm/vmalloc.c:2847
[ 2689.161291][ T4275] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4275, name: kworker/1:140
[ 2689.170708][ T4275] preempt_count: 1, expected: 0
[ 2689.175572][ T4275] RCU nest depth: 0, expected: 0
[ 2689.180521][ T4275] INFO: lockdep is turned off.
[ 2689.180523][ T4275] Preemption disabled at:
[ 2689.180525][ T4275] [<ffffffe031f2a2dc>] binder_alloc_deferred_release+0x2c/0x388
..
..
[ 2689.213419][ T4275] __might_resched+0x174/0x178
[ 2689.213423][ T4275] __might_sleep+0x48/0x7c
[ 2689.213426][ T4275] vfree+0x4c/0x15c
[ 2689.213430][ T4275] kvfree+0x24/0x44
[ 2689.213433][ T4275] binder_alloc_deferred_release+0x2c0/0x388
[ 2689.213436][ T4275] binder_proc_dec_tmpref+0x15c/0x2a8
[ 2689.213440][ T4275] binder_deferred_func+0xa8/0x8ec
[ 2689.213442][ T4275] process_one_work+0x254/0x59c
[ 2689.213447][ T4275] worker_thread+0x274/0x3ec
[ 2689.213450][ T4275] kthread+0x110/0x134
[ 2689.213453][ T4275] ret_from_fork+0x10/0x20
Fix it by moving the place of kvfree outside of spinlock context.
Fixes: 36c55ce8703c ("binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues")
Acked-by: Carlos Llamas <cmllamas@google.com>
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Link: https://lore.kernel.org/r/20240725062510.2856662-1-quic_mojha@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 356093827
Change-Id: Ic1e342ba8eb843dc49a6c4a91c7ba0f99d5e54fd
(cherry picked from commit 2c10a20f5e84ab777d29ed921d4c78d66de6d0fb)
[cmllamas: fix merge issues due to missing 36c55ce8703c]
Signed-off-by: Carlos Llamas <cmllamas@google.com>
|
||
|
Greg Kroah-Hartman
|
38dfa1feed |
Revert "sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks"
This reverts commit
|
||
|
Daniel Borkmann
|
75c9b1955b |
UPSTREAM: bpf: Fix overrunning reservations in ringbuf
[ Upstream commit cfa1a2329a691ffd991fcf7248a57d752e712881 ]
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
Bug: 349976340
Fixes:
|
||
|
Greg Kroah-Hartman
|
fd3054898d |
Merge 6.1.103 into android14-6.1-lts
Changes in 6.1.103
powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
spi: spi-microchip-core: Fix the number of chip selects supported
spi: atmel-quadspi: Add missing check for clk_prepare
EDAC, i10nm: make skx_common.o a separate module
rcu/tasks: Fix stale task snaphot for Tasks Trace
md: fix deadlock between mddev_suspend and flush bio
platform/chrome: cros_ec_debugfs: fix wrong EC message version
ubd: refactor the interrupt handler
ubd: untagle discard vs write zeroes not support handling
block: refactor to use helper
block: cleanup bio_integrity_prep
block: initialize integrity buffer to zero before writing it to media
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
kernfs: fix all kernel-doc warnings and multiple typos
kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
nvmet-auth: fix nvmet_auth hash error handling
drm/meson: fix canvas release in bind function
pwm: atmel-tcb: Put per-channel data into driver data
pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller
pwm: atmel-tcb: Don't track polarity in driver data
pwm: atmel-tcb: Fix race condition and convert to guards
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: qcom: sdm845: add power-domain to UFS PHY
arm64: dts: qcom: sm6350: add power-domain to UFS PHY
arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings
arm64: dts: qcom: sm8250: add power-domain to UFS PHY
arm64: dts: qcom: sm8450: add power-domain to UFS PHY
arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
arm64: dts: qcom: msm8998: enable adreno_smmu by default
soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
soc: xilinx: rename cpu_number1 to dummy_cpu_number
cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
OPP: ti: Fix ti_opp_supply_probe wrong return values
memory: fsl_ifc: Make FSL_IFC config visible and selectable
soc: qcom: pdr: protect locator_addr with the main mutex
soc: qcom: pdr: fix parsing of domains lists
arm64: dts: rockchip: Increase VOP clk rate on RK3328
arm64: dts: amlogic: sm1: fix spdif compatibles
ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
ARM: dts: imx6qdl-kontron-samx6i: fix board reset
ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
arm64: dts: amlogic: gx: correct hdmi clocks
arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
arm64: dts: renesas: r8a779g0: Add L3 cache controller
arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores
arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems
arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu
arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
ARM: spitz: fix GPIO assignment for backlight
vmlinux.lds.h: catch .bss..L* sections into BSS")
firmware: turris-mox-rwtm: Do not complete if there are no waiters
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Initialize completion before mailbox
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
selftests/bpf: Fix prog numbers in test_sockmap
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
tcp: annotate lockless accesses to sk->sk_err_soft
tcp: annotate lockless access to sk->sk_err
tcp: add tcp_done_with_error() helper
tcp: fix race in tcp_write_err()
tcp: fix races in tcp_v[46]_err()
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
lib: objagg: Fix general protection fault
mlxsw: spectrum_acl_erp: Fix object nesting warning
mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
perf/x86: Serialize set_attr_rdpmc()
jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked()
jump_label: Prevent key->enabled int overflow
jump_label: Fix concurrency issues in static_key_slow_dec()
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
libbpf: Checking the btf_type kind when fixing variable offsets
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
netfilter: nf_tables: rise cap on SELinux secmark context
bpftool: Mount bpffs when pinmaps path not under the bpffs
perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
perf: Fix default aux_watermark calculation
perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
wifi: virt_wifi: avoid reporting connection success with wrong SSID
gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
wifi: virt_wifi: don't use strlen() in const context
locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers
selftests/bpf: Close fd in error path in drop_on_reuseport
selftests/bpf: Close obj in error path in xdp_adjust_tail
bpf: annotate BTF show functions with __printf
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
selftests: forwarding: devlink_lib: Wait for udev events after reloading
xdp: fix invalid wait context of page_pool_destroy()
net: bridge: mst: Check vlan state for egress decision
drm/rockchip: vop2: Fix the port mux of VP2
drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format
drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
drm/amd/pm: Fix aldebaran pcie speed reporting
drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
media: pci: ivtv: Add check for DMA map result
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
media: imon: Fix race getting ictx->lock
media: i2c: Fix imx412 exposure control
media: v4l: async: Fix NULL pointer dereference in adding ancillary links
s390/mm: Convert make_page_secure to use a folio
s390/mm: Convert gmap_make_secure to use a folio
s390/uv: Don't call folio_wait_writeback() without a folio reference
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Override default flags
media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2
media: rcar-csi2: Disable runtime_pm in probe error
media: rcar-csi2: Cleanup subdevice in remove()
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
drm/mediatek: Add missing plane settings when async update
drm/mediatek: Add OVL compatible name for MT8195
leds: trigger: Unregister sysfs attributes before calling deactivate()
drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
perf test: Replace arm callgraph fp test workload with leafloop
perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression
perf tests: Fix test_arm_callgraph_fp variable expansion
perf test: Make test_arm_callgraph_fp.sh more robust
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
drm/qxl: Add check for drm_cvt_mode
Revert "leds: led-core: Fix refcount leak in of_led_get()"
ext4: fix infinite loop when replaying fast_commit
media: venus: flush all buffers in output plane streamoff
perf intel-pt: Fix aux_watermark calculation for 64-bit size
perf intel-pt: Fix exclude_guest setting
mfd: rsmu: Split core code into separate module
mfd: omap-usb-tll: Use struct_size to allocate tll
xprtrdma: Fix rpcrdma_reqs_reset()
SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
ext4: don't track ranges in fast_commit if inode has inlined data
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
SUNRPC: Fixup gss_status tracepoint error output
PCI: Fix resource double counting on remove & rescan
PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
PCI: keystone: Don't enable BAR 0 for AM654x
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
clk: qcom: branch: Add helper functions for setting retain bits
clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
iio: frequency: adrf6780: rm clk provider include
coresight: Fix ref leak when of_coresight_parse_endpoint() fails
RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
powerpc/pseries: Fix alignment of PLPKS structures and buffers
powerpc/pseries: Move plpks.h to include directory
powerpc/pseries: Expose PLPKS config values, support additional fields
powerpc/pseries: Add helper to get PLPKS password length
powerpc/kexec: make the update_cpus_node() function public
powerpc/kexec_file: fix cpus node update to FDT
RDMA/cache: Release GID table even if leak is detected
clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
Input: qt1050 - handle CHIP_ID reading error
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe()
powerpc/prom: Add CPU info to hardware description string later
ASoC: max98088: Check for clk_prepare_enable() error
mtd: make mtd_test.c a separate module
RDMA/device: Return error earlier if port in not valid
Input: elan_i2c - do not leave interrupt disabled on suspend failure
ASoC: amd: Adjust error handling in case of absent codec device
PCI: endpoint: Clean up error handling in vpci_scan_bus()
PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
vhost/vsock: always initialize seqpacket_allow
net: missing check virtio
crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
clk: qcom: Park shared RCGs upon registration
clk: en7523: fix rate divider for slic and spi clocks
MIPS: Octeron: remove source file executable bit
PCI: qcom-ep: Disable resources unconditionally during PERST# assert
PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
RDMA/hns: Check atomic wr length
RDMA/hns: Fix unmatch exception handling when init eq table fails
RDMA/hns: Fix missing pagesize and alignment check in FRMR
RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
RDMA/hns: Fix undifined behavior caused by invalid max_sge
RDMA/hns: Fix insufficient extend DB for VFs.
iommu/vt-d: Fix to convert mm pfn to dma pfn
iommu/vt-d: Fix identity map bounds in si_domain_init()
bnxt_re: Fix imm_data endianness
netfilter: ctnetlink: use helper function to calculate expect ID
netfilter: nft_set_pipapo: constify lookup fn args where possible
netfilter: nf_set_pipapo: fix initial map fill
net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
ipv4: Fix incorrect TOS in route get reply
ipv4: Fix incorrect TOS in fibmatch route get reply
net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
fs/ntfs3: Use ALIGN kernel macro
fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT
fs/ntfs3: Fix transform resident to nonresident for compressed files
fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting
fs/ntfs3: Fix getting file type
fs/ntfs3: Add missing .dirty_folio in address_space_operations
pinctrl: rockchip: update rk3308 iomux routes
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/ntfs3: Replace inode_trylock with inode_lock
fs/ntfs3: Fix field-spanning write in INDEX_HDR
pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
pinctrl: renesas: r8a779g0: Fix IRQ suffixes
pinctrl: renesas: r8a779g0: FIX PWM suffixes
pinctrl: renesas: r8a779g0: Fix TCLK suffixes
pinctrl: renesas: r8a779g0: Fix TPU suffixes
fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
rtc: interface: Add RTC offset to alarm after fix-up
fs/ntfs3: Missed error return
fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP
s390/dasd: fix error checks in dasd_copy_pair_store()
sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow
sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code
sbitmap: use READ_ONCE to access map->word
sbitmap: fix io hung due to race on sbitmap_word::cleared
landlock: Don't lose track of restrictions on cred_transfer
mm/hugetlb: fix possible recursive locking detected warning
mm/mglru: fix div-by-zero in vmpressure_calc_level()
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
x86/efistub: Avoid returning EFI_SUCCESS on error
x86/efistub: Revert to heap allocated boot_params for PE entrypoint
dt-bindings: thermal: correct thermal zone node name limit
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
kernel: rerun task_work while freezing in get_signal()
ipv4: fix source address selection with route leak
ipv6: take care of scope when choosing the src addr
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
fuse: verify {g,u}id mount options correctly
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
ext2: Verify bitmap and itable block numbers before using them
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
scsi: qla2xxx: Fix optrom version displayed in FDMI
drm/amd/display: Check for NULL pointer
sched/fair: Use all little CPUs for CPU-bound workloads
apparmor: use kvfree_sensitive to free data->data
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
cifs: fix reconnect with SMB1 UNIX Extensions
cifs: mount with "unix" mount option for SMB1 incorrectly handled
task_work: s/task_work_cancel()/task_work_cancel_func()/
task_work: Introduce task_work_cancel() again
udf: Avoid using corrupted block bitmap buffer
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
io_uring: tighten task exit cancellations
trace/pid_list: Change gfp flags in pid_list_fill_irq()
selftests/landlock: Add cred_transfer test
wifi: mwifiex: Fix interface type change
drivers: soc: xilinx: check return status of get_api_version()
leds: ss4200: Convert PCIBIOS_* return codes to errnos
leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
jbd2: make jbd2_journal_get_max_txn_bufs() internal
media: uvcvideo: Fix integer overflow calculating timestamp
KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
KVM: nVMX: Request immediate exit iff pending nested event needs injection
ALSA: usb-audio: Fix microphone sound on HD webcam.
ALSA: usb-audio: Move HD Webcam quirk to the right place
ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
parisc: Fix warning at drivers/pci/msi/msi.h:121
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
PCI: dw-rockchip: Fix initial PERST# GPIO value
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
PCI: loongson: Enable MSI in LS7A Root Complex
binder: fix hang of unregistered readers
dev/parport: fix the array out-of-bounds risk
fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to force buffered IO on inline_data inode
f2fs: fix to don't dirty inode for readonly filesystem
f2fs: fix return value of f2fs_convert_inline_inode()
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kbuild: Fix '-S -c' in x86 stack protector scripts
ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
kobject_uevent: Fix OOB access within zap_modalias_env()
gve: Fix an edge case for TSO skb validity check
ice: Add a per-VF limit on number of FDIR filters
devres: Fix devm_krealloc() wasting memory
devres: Fix memory leakage caused by driver API devm_free_percpu()
irqchip/imx-irqsteer: Handle runtime power management correctly
mm/numa_balancing: teach mpol_to_str about the balancing mode
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: Unable to act on RSCN for port online
scsi: qla2xxx: Fix for possible memory corruption
scsi: qla2xxx: Use QP lock to search for bsg
scsi: qla2xxx: Fix flash read failure
scsi: qla2xxx: Complete command early within lock
scsi: qla2xxx: validate nvme_local_port correctly
perf: Fix event leak upon exit
perf: Fix event leak upon exec and file release
perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR
perf/x86/intel/pt: Fix topa_entry base length
perf/x86/intel/pt: Fix a topa_entry base address calculation
drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8
drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
drm/i915/dp: Reset intel_dp->link_trained before retraining the link
rtc: isl1208: Fix return value of nvmem callbacks
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
dm-verity: fix dm_is_verity_target() when dm-verity is builtin
rbd: don't assume rbd_is_lock_owner() for exclusive mappings
remoteproc: stm32_rproc: Fix mailbox interrupts queuing
remoteproc: imx_rproc: Skip over memory region when node value is NULL
remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
MIPS: dts: loongson: Add ISA node
MIPS: ip30: ip30-console: Add missing include
MIPS: dts: loongson: Fix GMAC phy node
MIPS: Loongson64: env: Hook up Loongsson-2K
MIPS: Loongson64: Remove memory node for builtin-dtb
MIPS: Loongson64: reset: Prioritise firmware service
MIPS: Loongson64: Test register availability before use
drm/etnaviv: don't block scheduler when GPU is still active
drm/panfrost: Mark simple_ondemand governor as softdep
rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func
Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
PCI: Introduce cleanup helpers for device reference counts and locks
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
io_uring/io-wq: limit retrying worker initialisation
wifi: mac80211: Allow NSS change only up to capability
wifi: mac80211: track capability/opmode NSS separately
wifi: mac80211: check basic rates validity
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
phy: cadence-torrent: Check return value on register read
um: time-travel: fix time-travel-start option
um: time-travel: fix signal blocking race/hang
f2fs: fix start segno of large section
watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
f2fs: fix to update user block counts in block_operations()
kbuild: avoid build error when single DTB is turned into composite DTB
libbpf: Fix no-args func prototype BTF dumping syntax
af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
dma: fix call order in dmam_free_coherent
bpf, events: Use prog to emit ksymbol event for main program
tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
netfilter: nft_set_pipapo_avx2: disable softinterrupts
tipc: Return non-zero value from tipc_udp_addr2str() on error
net: stmmac: Correct byte order of perfect_match
net: nexthop: Initialize all fields in dumped nexthops
bpf: Fix a segment issue when downgrading gso_size
mISDN: Fix a use after free in hfcmulti_tx()
apparmor: Fix null pointer deref when receiving skb during sock creation
powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
lirc: rc_dev_get_from_fd(): fix file leak
auxdisplay: ht16k33: Drop reference after LED registration
ASoC: SOF: imx8m: Fix DSP control regmap retrieval
spi: microchip-core: fix the issues in the isr
spi: microchip-core: only disable SPI controller when register value change requires it
spi: microchip-core: switch to use modern name
spi: microchip-core: fix init function not setting the master and motorola modes
nvme-pci: Fix the instructions for disabling power management
spidev: Add Silicon Labs EM3581 device compatible
spi: spidev: order compatibles alphabetically
spi: spidev: add correct compatible for Rohm BH2228FV
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
ceph: fix incorrect kmalloc size of pagevec mempool
s390/pci: Refactor arch_setup_msi_irqs()
s390/pci: Allow allocation of more than 1 MSI interrupt
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
io_uring: fix io_match_task must_hold
nvme-pci: add missing condition check for existence of mapped data
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
powerpc/pseries: Avoid hcall in plpks_is_available() on non-pseries
Linux 6.1.103
Change-Id: Ic2520396d4b27c298d5bf5a42a5b099228f9bbee
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
4267216b80 |
Merge 6.1.102 into android14-6.1-lts
Changes in 6.1.102 drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() f2fs: avoid dead loop in f2fs_issue_checkpoint() ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused filelock: Fix fcntl/close race recovery compat path btrfs: do not BUG_ON on failure to get dir index for new snapshot tun: add missing verification for short frame tap: add missing verification for short frame Linux 6.1.102 Change-Id: I04d415693004d988ad48f793a36a8bfd01c4f8b3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Suren Baghdasaryan
|
fdec2610bf |
ANDROID: gki_config: Disable CONFIG_DEBUG_STACK_USAGE
This config option was not requested by any partner and has non-zero overhead on process creation. Disable it. Bug: 191150949 Bug: 365466166 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: Ia9547c989c22246c46ed9624a0707c6369ee4de0 |
||
|
Pierre Couillaud
|
d02968a023 |
ANDROID: gki_defconfig: Enable CONFIG_SERIAL_8250_BCM7271
Enable BCM UART driver for Broadcom Set Top Box SoCs. Bug: 365149220 Change-Id: I8784b1f5820dcdcecca8f71fc7d378dc0407f6a0 Signed-off-by: Pierre Couillaud <pierre@broadcom.com> Signed-off-by: Danesh Petigara <danesh.petigara@broadcom.com> |
||
|
Justin Chen
|
a752cdd96f |
BACKPORT: serial: 8250_bcm7271: improve bcm7271 8250 port
The 8250 BCM7271 UART is not a direct match to PORT_16550A and other
generic ports do not match its hardware capabilities. PORT_ALTR matches
the rx trigger levels, but its vendor configurations are not compatible.
Unfortunately this means we need to create another port to fully capture
the hardware capabilities of the BCM7271 UART.
To alleviate some latency pressures, we default the rx trigger level to 8.
Bug: 365149220
Change-Id: I41005a210439a3a54a9af16a96583662dc8d786d
Signed-off-by: Justin Chen <justin.chen@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Acked-by: Doug Berger <opendmb@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/1692643978-16570-1-git-send-email-justin.chen@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
|
Greg Kroah-Hartman
|
5e0a4639af |
Merge 6.1.101 into android14-6.1-lts
Changes in 6.1.101
minmax: sanity check constant bounds when clamping
minmax: clamp more efficiently by avoiding extra comparison
minmax: fix header inclusions
minmax: allow min()/max()/clamp() if the arguments have the same signedness.
minmax: allow comparisons of 'int' against 'unsigned char/short'
minmax: relax check to allow comparison between unsigned arguments and signed constants
mm/damon/core: merge regions aggressively when max_nr_regions is unmet
gcc-plugins: Rename last_stmt() for GCC 14+
filelock: Remove locks reliably when fcntl/close race is detected
scsi: core: alua: I/O errors for ALUA state transitions
scsi: qedf: Don't process stag work during unload and recovery
scsi: qedf: Wait for stag work during unload
scsi: qedf: Set qed_slowpath_params to zero before use
efi/libstub: zboot.lds: Discard .discard sections
ACPI: EC: Abort address space access upon error
ACPI: EC: Avoid returning AE_OK on errors in address space handler
tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs
wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
wifi: mac80211: apply mcast rate only if interface is up
wifi: mac80211: handle tasklet frames before stopping
wifi: cfg80211: fix 6 GHz scan request building
wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option
wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill
wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
selftests/openat2: Fix build warnings on ppc64
selftests/futex: pass _GNU_SOURCE without a value to the compiler
of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw()
Input: silead - Always support 10 fingers
net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
ila: block BH in ila_output()
null_blk: fix validation of block size
kconfig: gconf: give a proper initial state to the Save button
kconfig: remove wrong expr_trans_bool()
HID: Ignore battery for ELAN touchscreens 2F2C and 4116
NFSv4: Fix memory leak in nfs4_set_security_label
nfs: propagate readlink errors in nfs_symlink_filler
nfs: don't invalidate dentries on transient errors
cachefiles: add consistency check for copen/cread
cachefiles: Set object to close if ondemand_id < 0 in copen
cachefiles: make on-demand read killable
fs/file: fix the check in find_next_fd()
mei: demote client disconnect warning on suspend to debug
iomap: Fix iomap_adjust_read_range for plen calculation
drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
nvme: avoid double free special payload
nvmet: always initialize cqe.result
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
ALSA: hda/realtek: Add more codec ID to no shutup pins list
mips: fix compat_sys_lseek syscall
Input: elantech - fix touchpad state on resume for Lenovo N24
Input: i8042 - add Ayaneo Kun to i8042 quirk table
ASoC: topology: Fix references to freed memory
ASoC: topology: Do not assign fields that are already set
bytcr_rt5640 : inverse jack detect for Archos 101 cesium
ALSA: dmaengine: Synchronize dma channel after drop()
ASoC: ti: davinci-mcasp: Set min period size using FIFO config
ASoC: ti: omap-hdmi: Fix too long driver name
ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback
can: kvaser_usb: fix return value for hif_usb_send_regout
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
s390/sclp: Fix sclp_init() cleanup on failure
platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources
platform/x86: wireless-hotkey: Add support for LG Airplane Button
platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
platform/x86: lg-laptop: Change ACPI device id
platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB
btrfs: qgroup: fix quota root leak after quota disable failure
ibmvnic: Add tx check to prevent skb leak
ALSA: PCM: Allow resume only for suspended streams
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
ALSA: dmaengine_pcm: terminate dmaengine before synchronize
ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA
net: usb: qmi_wwan: add Telit FN912 compositions
net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()
powerpc/pseries: Whitelist dtl slub object for copying to userspace
powerpc/eeh: avoid possible crash when edev->pdev changes
scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed
tee: optee: ffa: Fix missing-field-initializers warning
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
bluetooth/l2cap: sync sock recv cb and release
erofs: ensure m_llen is reset to 0 if metadata is invalid
drm/amd/display: Account for cursor prefetch BW in DML1 mode support
drm/radeon: check bo_va->bo is non-NULL before using it
fs: better handle deep ancestor chains in is_subdir()
wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK
drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus
riscv: stacktrace: fix usage of ftrace_graph_ret_addr()
spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
ksmbd: return FILE_DEVICE_DISK instead of super magic
selftests/vDSO: fix clang build errors and warnings
hfsplus: fix uninit-value in copy_name
spi: mux: set ctlr->bits_per_word_mask
cifs: fix noisy message on copy_file_range
ARM: 9324/1: fix get_user() broken with veneer
Bluetooth: L2CAP: Fix deadlock
of/irq: Disable "interrupt-map" parsing for PASEMI Nemo
wifi: cfg80211: wext: set ssids=NULL for passive scans
wifi: mac80211: disable softirqs for queued frame handling
netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume()
cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
Linux 6.1.101
Change-Id: I6526fc29c0cfb314b6d36952d38fb781a82f4aa9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
d62f061809 |
Revert "sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
879c789a5f |
Merge 6.1.100 into android14-6.1-lts
Commits that modify files used by the GKI arm64 build: |
||
|
Greg Kroah-Hartman
|
12f9bcc034 |
Merge 6.1.99 into android14-6.1-lts
Changes in 6.1.99 Revert "usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB" Linux 6.1.99 Change-Id: I330d0af3322ee885eea719688b8d260cd7cec39c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
e6e7b1084c |
Merge 6.1.98 into android14-6.1-lts
Changes in 6.1.98 locking/mutex: Introduce devm_mutex_init() crypto: hisilicon/debugfs - Fix debugfs uninit process issue drm/lima: fix shared irq handling on driver remove powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() IB/core: Implement a limit on UMAD receive List scsi: qedf: Make qedf_execute_tmf() non-preemptible crypto: aead,cipher - zeroize key buffer after use drm/amdgpu: Fix uninitialized variable warnings drm/amdgpu: Initialize timestamp for some legacy SOCs drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id drm/amdgpu: fix uninitialized scalar variable warning media: dw2102: Don't translate i2c read into write sctp: prefer struct_size over open coded arithmetic firmware: dmi: Stop decoding on broken entry Input: ff-core - prefer struct_size over open coded arithmetic usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB wifi: mt76: replace skb_put with skb_put_zero net: dsa: mv88e6xxx: Correct check for empty list media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow i2c: i801: Annotate apanel_addr as __ro_after_init powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n orangefs: fix out-of-bounds fsid access kunit: Fix timeout message powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" igc: fix a log entry using uninitialized netdev bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD f2fs: check validation of fault attrs in f2fs_build_fault_attr() scsi: mpi3mr: Sanitise num_phys serial: imx: Raise TX trigger level to 8 jffs2: Fix potential illegal address access in jffs2_free_inode s390/pkey: Wipe sensitive data on failure btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning cdrom: rearrange last_media_change check to avoid unintentional overflow tools/power turbostat: Remember global max_die_id mac802154: fix time calculation in ieee802154_configure_durations() UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() net/mlx5: E-switch, Create ingress ACL when needed net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() tcp_metrics: validate source addr length KVM: s390: fix LPSWEY handling e1000e: Fix S0ix residency on corporate systems net: allow skb_datagram_iter to be called from any context net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() wifi: wilc1000: fix ies_len type in connect path riscv: kexec: Avoid deadlock in kexec crash path netfilter: nf_tables: unconditionally flush pending work before notifier bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest inet_diag: Initialize pad field in struct inet_diag_req_v2 mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file platform/x86: toshiba_acpi: Fix quickstart quirk handling Revert "igc: fix a log entry using uninitialized netdev" nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries mm: optimize the redundant loop of mm_update_owner_next() mm: avoid overflows in dirty throttling logic btrfs: fix adding block group to a reclaim list and the unused list during reclaim f2fs: Add inline to f2fs_build_fault_attr() stub scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/amdgpu/atomfirmware: silence UBSAN warning drm: panel-orientation-quirks: Add quirk for Valve Galileo powerpc/pseries: Fix scv instruction crash with kexec mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Bypass a couple of sanity checks during NAND identification mtd: rawnand: rockchip: ensure NVDDR timings are rejected bnx2x: Fix multiple UBSAN array-index-out-of-bounds arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B ima: Avoid blocking in RCU read-side critical section media: dw2102: fix a potential buffer overflow clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe() clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr fs/ntfs3: Mark volume as dirty if xattr is broken ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 nvme-multipath: find NUMA path only for online numa-node dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset regmap-i2c: Subtract reg size from max_write platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro nvmet: fix a possible leak when destroy a ctrl during qp establishment kbuild: fix short log for AS in link-vmlinux.sh nfc/nci: Add the inconsistency check between the input data length and count spi: cadence: Ensure data lines set to low during dummy-cycle period null_blk: Do not allow runt zone with zone capacity smaller then zone size nilfs2: fix incorrect inode allocation from reserved inodes Linux 6.1.98 Change-Id: Ief3f201b2322bc9c300d53d11006c446c7f209d6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
e44db5756e |
ANDROID: db845c symbol list additions
In commit |
||
|
jiangxinpei
|
04212acc42 |
ANDROID: GKI: Add initial symbol list for honor
Add symbol list for unisoc in android/abi_gki_aarch64_honor Bug: 332656187 Change-Id: Idaac6034d436d888d1cd61adc926f7eaca2eb51e Signed-off-by: jiangxinpei <jiangxinpei@honor.corp-partner.google.com> (cherry picked from commit 8d957bd1cdfc8e9de23e15b0ba3ef4d431e99aeb) |
||
|
Greg Kroah-Hartman
|
ab63f81b3a |
Revert "mm/page_alloc: Separate THP PCP into movable and non-movable categories"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
5ca5b389fd |
Linux 6.1.109
Link: https://lore.kernel.org/r/20240905093716.075835938@linuxfoundation.org Tested-by: Pavel Machek (CIP) <pavel@denx.de> Tested-by: Mark Brown <broonie@kernel.org> Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Salvatore Bonaccorso <carnil@debian.org> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Peter Schneider <pschneider1968@googlemail.com> Tested-by: Ron Economos <re@w6rz.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Richard Fitzgerald
|
27b3111f45 |
i2c: Use IS_REACHABLE() for substituting empty ACPI functions
commit 71833e79a42178d8a50b5081c98c78ace9325628 upstream.
Replace IS_ENABLED() with IS_REACHABLE() to substitute empty stubs for:
i2c_acpi_get_i2c_resource()
i2c_acpi_client_count()
i2c_acpi_find_bus_speed()
i2c_acpi_new_device_by_fwnode()
i2c_adapter *i2c_acpi_find_adapter_by_handle()
i2c_acpi_waive_d0_probe()
commit f17c06c6608a ("i2c: Fix conditional for substituting empty ACPI
functions") partially fixed this conditional to depend on CONFIG_I2C,
but used IS_ENABLED(), which is wrong since CONFIG_I2C is tristate.
CONFIG_ACPI is boolean but let's also change it to use IS_REACHABLE()
to future-proof it against becoming tristate.
Somehow despite testing various combinations of CONFIG_I2C and CONFIG_ACPI
we missed the combination CONFIG_I2C=m, CONFIG_ACPI=y.
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: f17c06c6608a ("i2c: Fix conditional for substituting empty ACPI functions")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202408141333.gYnaitcV-lkp@intel.com/
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jan Kara
|
541de96789 |
ext4: handle redirtying in ext4_bio_write_page()
commit
|