mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-06 02:50:49 +09:00
3b2e004494de3fa54fffaf220eeb1512cc49dada
1165241 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
524ae3c9d3 |
Merge 6.1.107 into android14-6.1-lts
Changes in 6.1.107
tty: atmel_serial: use the correct RTS flag.
fuse: Initialize beyond-EOF page contents before setting uptodate
char: xillybus: Don't destroy workqueue from work item running on it
char: xillybus: Refine workqueue handling
char: xillybus: Check USB endpoints when probing device
ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
ALSA: usb-audio: Support Yamaha P-125 quirk entry
xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
thunderbolt: Mark XDomain as unplugged when router is removed
s390/dasd: fix error recovery leading to data corruption on ESE devices
riscv: change XIP's kernel_map.size to be size of the entire kernel
arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE
dm resume: don't return EINVAL when signalled
dm persistent data: fix memory allocation failure
vfs: Don't evict inode under the inode lru traversing context
fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64()
s390/cio: rename bitmap_size() -> idset_bitmap_size()
btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
bitmap: introduce generic optimized bitmap_size()
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
rtla/osnoise: Prevent NULL dereference in error handling
fs/netfs/fscache_cookie: add missing "n_accesses" check
selinux: fix potential counting error in avc_add_xperms_decision()
mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
btrfs: zoned: properly take lock to read/update block group's zoned variables
btrfs: tree-checker: add dev extent item checks
drm/amdgpu: Actually check flags for all context ops.
memcg_write_event_control(): fix a user-triggerable oops
drm/amdgpu/jpeg2: properly set atomics vmid field
s390/uv: Panic for set and remove shared access UVC errors
bpf: Fix updating attached freplace prog in prog_array map
nilfs2: prevent WARNING in nilfs_dat_commit_end()
ext4, jbd2: add an optimized bmap for the journal inode
9P FS: Fix wild-memory-access write in v9fs_get_acl
nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
bpf: Split off basic BPF verifier log into separate file
bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
posix-timers: Ensure timer ID search-loop limit is valid
pid: Replace struct pid 1-element array with flex-array
gfs2: Rename remaining "transaction" glock references
gfs2: Rename the {freeze,thaw}_super callbacks
gfs2: Rename gfs2_freeze_lock{ => _shared }
gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
gfs2: Rework freeze / thaw logic
gfs2: Stop using gfs2_make_fs_ro for withdraw
Bluetooth: Fix hci_link_tx_to RCU lock usage
wifi: mac80211: take wiphy lock for MAC addr change
wifi: mac80211: fix change_address deadlock during unregister
net: sched: Print msecs when transmit queue time out
net: don't dump stack on queue timeout
jfs: fix shift-out-of-bounds in dbJoin
squashfs: squashfs_read_data need to check if the length is 0
Squashfs: fix variable overflow triggered by sysbot
reiserfs: fix uninit-value in comp_keys
erofs: avoid debugging output for (de)compressed data
quota: Detect loops in quota tree
net:rds: Fix possible deadlock in rds_message_put
net: sctp: fix skb leak in sctp_inq_free()
pppoe: Fix memory leak in pppoe_sendmsg()
wifi: mac80211: fix and simplify unencrypted drop check for mesh
wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
wifi: mac80211: remove mesh forwarding congestion check
wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
wifi: cfg80211: check A-MSDU format more carefully
docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
Bluetooth: RFCOMM: Fix not validating setsockopt user input
ext4: check the return value of ext4_xattr_inode_dec_ref()
ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
ext4: do not create EA inode under buffer lock
udf: Fix bogus checksum computation in udf_rename()
bpf, net: Use DEV_STAT_INC()
fou: remove warn in gue_gro_receive on unsupported protocol
jfs: fix null ptr deref in dtInsertEntry
jfs: Fix shift-out-of-bounds in dbDiscardAG
fs/ntfs3: Do copy_to_user out of run_lock
ALSA: usb: Fix UBSAN warning in parse_audio_unit()
igc: Correct the launchtime offset
igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer
net/mlx5e: Take state lock during tx timeout reporter
net/mlx5e: Correctly report errors for ethtool rx flows
atm: idt77252: prevent use after free in dequeue_rx()
net: axienet: Fix register defines comment description
net: dsa: vsc73xx: pass value in phy_write operation
net: dsa: vsc73xx: use read_poll_timeout instead delay loop
net: dsa: vsc73xx: check busy flag in MDIO operations
mlxbf_gige: Remove two unused function declarations
mlxbf_gige: disable RX filters until RX path initialized
mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
netfilter: allow ipv6 fragments to arrive on different devices
netfilter: flowtable: initialise extack before use
netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
netfilter: nf_tables: Audit log dump reset after the fact
netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
netfilter: nf_tables: Unconditionally allocate nft_obj_filter
netfilter: nf_tables: A better name for nft_obj_filter
netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
netfilter: nf_tables: nft_obj_filter fits into cb->ctx
netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
netfilter: nf_tables: Introduce nf_tables_getobj_single
netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
net: hns3: fix wrong use of semaphore up
net: hns3: use the user's cfg after reset
net: hns3: fix a deadlock problem when config TC during resetting
ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored
ssb: Fix division by zero issue in ssb_calc_clock_rate
wifi: cfg80211: check wiphy mutex is held for wdev mutex
wifi: mac80211: fix BA session teardown race
mm: Remove kmem_valid_obj()
rcu: Dump memory object info if callback function is invalid
rcu: Eliminate rcu_gp_slow_unregister() false positive
wifi: cw1200: Avoid processing an invalid TIM IE
cgroup: Avoid extra dereference in css_populate_dir()
i2c: riic: avoid potential division by zero
RDMA/rtrs: Fix the problem of variable not initialized fully
s390/smp,mcck: fix early IPI handling
drm/bridge: tc358768: Attempt to fix DSI horizontal timings
i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out
i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer
drm/amdkfd: Move dma unmapping after TLB flush
media: radio-isa: use dev_name to fill in bus_info
staging: iio: resolver: ad2s1210: fix use before initialization
usb: gadget: uvc: cleanup request when not in correct state
drm/amd/display: Validate hw_points_num before using it
staging: ks7010: disable bh on tx_dev_lock
media: s5p-mfc: Fix potential deadlock on condlock
md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
binfmt_misc: cleanup on filesystem umount
drm/tegra: Zero-initialize iosys_map
media: qcom: venus: fix incorrect return value
scsi: spi: Fix sshdr use
gfs2: setattr_chown: Add missing initialization
wifi: iwlwifi: abort scan when rfkill on but device enabled
wifi: iwlwifi: fw: Fix debugfs command sending
clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider
IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock
hwmon: (ltc2992) Avoid division by zero
kbuild: rust_is_available: normalize version matching
kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
rust: work around `bindgen` 0.69.0 issue
rust: suppress error messages from CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
arm64: Fix KASAN random tag seed initialization
block: Fix lockdep warning in blk_mq_mark_tag_wait
drm/msm: Reduce fallout of fence signaling vs reclaim hangs
memory: tegra: Skip SID programming if SID registers aren't set
powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu
ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
hwmon: (pc87360) Bounds check data->innr usage
drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode
Bluetooth: hci_conn: Check non NULL function before calling for HFP offload
gfs2: Refcounting fix in gfs2_thaw_super
nvmet-trace: avoid dereferencing pointer too early
ext4: do not trim the group with corrupted block bitmap
afs: fix __afs_break_callback() / afs_drop_open_mmap() race
fuse: fix UAF in rcu pathwalks
quota: Remove BUG_ON from dqget()
kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
media: pci: cx23885: check cx23885_vdev_init() return
fs: binfmt_elf_efpic: don't use missing interpreter's properties
scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
media: drivers/media/dvb-core: copy user arrays safely
net/sun3_82586: Avoid reading past buffer in debug output
drm/lima: set gp bus_stop bit before hard reset
hrtimer: Select housekeeping CPU during migration
virtiofs: forbid newlines in tags
clocksource/drivers/arm_global_timer: Guard against division by zero
netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
md: clean up invalid BUG_ON in md_ioctl
x86: Increase brk randomness entropy for 64-bit systems
memory: stm32-fmc2-ebi: check regmap_read return value
parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367
powerpc/boot: Handle allocation failure in simple_realloc()
powerpc/boot: Only free if realloc() succeeds
btrfs: delayed-inode: drop pointless BUG_ON in __btrfs_remove_delayed_item()
btrfs: change BUG_ON to assertion when checking for delayed_node root
btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
btrfs: handle invalid root reference found in may_destroy_subvol()
btrfs: send: handle unexpected data in header buffer in begin_cmd()
btrfs: change BUG_ON to assertion in tree_move_down()
btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent()
f2fs: fix to do sanity check in update_sit_entry
usb: gadget: fsl: Increase size of name buffer for endpoints
nvme: clear caller pointer on identify failure
Bluetooth: bnep: Fix out-of-bound access
firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
rtc: nct3018y: fix possible NULL dereference
net: hns3: add checking for vf id of mailbox
nvmet-tcp: do not continue for invalid icreq
NFS: avoid infinite loop in pnfs_update_layout.
openrisc: Call setup_memory() earlier in the init sequence
s390/iucv: fix receive buffer virtual vs physical address confusion
irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
clocksource: Make watchdog and suspend-timing multiplication overflow safe
platform/x86: lg-laptop: fix %s null argument warning
usb: dwc3: core: Skip setting event buffers for host only controllers
fbdev: offb: replace of_node_put with __free(device_node)
irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
ext4: set the type of max_zeroout to unsigned int to avoid overflow
nvmet-rdma: fix possible bad dereference when freeing rsps
drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent
hrtimer: Prevent queuing of hrtimer without a function callback
gtp: pull network headers in gtp_dev_xmit()
media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
i2c: tegra: allow DVC support to be compiled out
i2c: tegra: allow VI support to be compiled out
i2c: tegra: Do not mark ACPI devices as irq safe
dm suspend: return -ERESTARTSYS instead of -EINTR
net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings
btrfs: replace sb::s_blocksize by fs_info::sectorsize
btrfs: send: allow cloning non-aligned extent if it ends at i_size
drm/amd/display: Adjust cursor position
platform/surface: aggregator: Fix warning when controller is destroyed in probe
drm/amdkfd: reserve the BO before validating it
Bluetooth: hci_core: Fix LE quote calculation
Bluetooth: SMP: Fix assumption of Central always being Initiator
net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN xmit
net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX
net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection
net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q"
net: mscc: ocelot: serialize access to the injection/extraction groups
tc-testing: don't access non-existent variable on exception
selftests/net: synchronize udpgro tests' tx and rx connection
selftests: udpgro: report error when receive failed
tcp/dccp: bypass empty buckets in inet_twsk_purge()
tcp/dccp: do not care about families in inet_twsk_purge()
tcp: prevent concurrent execution of tcp_sk_exit_batch
net: mctp: test: Use correct skb for route input check
kcm: Serialise kcm_sendmsg() for the same socket.
netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
ip6_tunnel: Fix broken GRO
bonding: fix bond_ipsec_offload_ok return type
bonding: fix null pointer deref in bond_ipsec_offload_ok
bonding: fix xfrm real_dev null pointer dereference
bonding: fix xfrm state handling when clearing active slave
ice: Prepare legacy-rx for upcoming XDP multi-buffer support
ice: Add xdp_buff to ice_rx_ring struct
ice: Store page count inside ice_rx_buf
ice: Pull out next_to_clean bump out of ice_put_rx_buf()
ice: fix page reuse when PAGE_SIZE is over 8k
ice: fix ICE_LAST_OFFSET formula
dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
net: dsa: mv88e6xxx: Fix out-of-bound access
netem: fix return value if duplicate enqueue fails
ipv6: prevent UAF in ip6_send_skb()
ipv6: fix possible UAF in ip6_finish_output2()
ipv6: prevent possible UAF in ip6_xmit()
netfilter: flowtable: validate vlan header
octeontx2-af: Fix CPT AF register offset calculation
net: xilinx: axienet: Always disable promiscuous mode
net: xilinx: axienet: Fix dangling multicast addresses
drm/msm/dpu: don't play tricks with debug macros
drm/msm/dp: fix the max supported bpp logic
drm/msm/dp: reset the link phy params before link training
drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
mmc: mmc_test: Fix NULL dereference on allocation failure
Bluetooth: MGMT: Add error handling to pair_device()
scsi: core: Fix the return value of scsi_logical_block_count()
ksmbd: the buffer of smb2 query dir response has at least 1 byte
drm/amdgpu: Validate TA binary size
MIPS: Loongson64: Set timer mode in cpu-probe
HID: wacom: Defer calculation of resolution until resolution_code is known
HID: microsoft: Add rumble support to latest xbox controllers
Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3
Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination
cxgb4: add forgotten u64 ivlan cast before shift
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
mmc: dw_mmc: allow biu and ciu clocks to defer
pmdomain: imx: wait SSAR when i.MX93 power domain on
mptcp: pm: re-using ID of unused removed ADD_ADDR
mptcp: pm: re-using ID of unused removed subflows
mptcp: pm: re-using ID of unused flushed subflows
mptcp: pm: only decrement add_addr_accepted for MPJ req
Revert "usb: gadget: uvc: cleanup request when not in correct state"
Revert "drm/amd/display: Validate hw_points_num before using it"
tcp: do not export tcp_twsk_purge()
hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
ALSA: timer: Relax start tick time check for slave timer elements
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
mm/numa: no task_numa_fault() call if PMD is changed
mm/numa: no task_numa_fault() call if PTE is changed
nfsd: Simplify code around svc_exit_thread() call in nfsd()
nfsd: separate nfsd_last_thread() from nfsd_put()
NFSD: simplify error paths in nfsd_svc()
nfsd: call nfsd_last_thread() before final nfsd_put()
nfsd: drop the nfsd_put helper
nfsd: don't call locks_release_private() twice concurrently
nfsd: Fix a regression in nfsd_setattr()
Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
drm/amdgpu/vcn: identify unified queue in sw init
drm/amdgpu/vcn: not pause dpg for unified queue
KVM: x86: fire timer when it is migrated and expired, and in oneshot mode
Revert "s390/dasd: Establish DMA alignment"
udp: allow header check for dodgy GSO_UDP_L4 packets.
gso: fix dodgy bit handling for GSO_UDP_L4
net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
net: drop bad gso csum_start and offset in virtio_net_hdr
wifi: mac80211: add documentation for amsdu_mesh_control
wifi: mac80211: fix mesh path discovery based on unicast packets
wifi: mac80211: fix mesh forwarding
wifi: mac80211: fix flow dissection for forwarded packets
wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
wifi: mac80211: drop bogus static keywords in A-MSDU rx
wifi: mac80211: fix potential null pointer dereference
wifi: cfg80211: fix receiving mesh packets without RFC1042 header
gfs2: Fix another freeze/thaw hang
gfs2: don't withdraw if init_threads() got interrupted
gfs2: Remove LM_FLAG_PRIORITY flag
gfs2: Remove freeze_go_demote_ok
udp: fix receiving fraglist GSO packets
ice: fix W=1 headers mismatch
Revert "jfs: fix shift-out-of-bounds in dbJoin"
net: change maximum number of UDP segments to 128
selftests: net: more strict check in net_helper
Input: MT - limit max slots
tools: move alignment-related macros to new <linux/align.h>
Linux 6.1.107
Change-Id: I11d18ae169b1e55f18f0dc2953df2dd3a1f25624
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Snehal Koukuntla
|
bd3cc5c733 |
UPSTREAM: KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer
When we share memory through FF-A and the description of the buffers
exceeds the size of the mapped buffer, the fragmentation API is used.
The fragmentation API allows specifying chunks of descriptors in subsequent
FF-A fragment calls and no upper limit has been established for this.
The entire memory region transferred is identified by a handle which can be
used to reclaim the transferred memory.
To be able to reclaim the memory, the description of the buffers has to fit
in the ffa_desc_buf.
Add a bounds check on the FF-A sharing path to prevent the memory reclaim
from failing.
Also do_ffa_mem_xfer() does not need __always_inline, except for the
BUILD_BUG_ON() aspect, which gets moved to a macro.
[maz: fixed the BUILD_BUG_ON() breakage with LLVM, thanks to Wei-Lin Chang
for the timely report]
Fixes:
|
||
|
Pierre Couillaud
|
a43e7c2c12 |
ANDROID: GKI: Update symbol list for BCMSTB
INFO: 6 function symbol(s) added 'void __read_overflow2_field(size_t, size_t)' 'int iommu_fwspec_init(struct device*, struct fwnode_handle*, const struct iommu_ops*)' 'struct pci_host_bridge* pci_find_host_bridge(struct pci_bus*)' 'long strnlen_user(const char*, long)' 'int tty_buffer_request_room(struct tty_port*, size_t)' 'int tty_buffer_set_limit(struct tty_port*, int)' Bug: 369085303 Change-Id: Ia56882467e3f523ad476db0d237f69ffc4e80084 Signed-off-by: Pierre Couillaud <pierre@broadcom.com> |
||
|
Besar Wicaksono
|
5162f9a67b |
UPSTREAM: arm64: Add Neoverse-V2 part
[ Upstream commit f4d9d9dcc70b96b5e5d7801bd5fbf8491b07b13d ] Add the part number and MIDR for Neoverse-V2 Bug: 342491759 Signed-off-by: Besar Wicaksono <bwicaksono@nvidia.com> Reviewed-by: James Clark <james.clark@arm.com> Link: https://lore.kernel.org/r/20240109192310.16234-2-bwicaksono@nvidia.com Signed-off-by: Will Deacon <will@kernel.org> [ Mark: trivial backport ] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Chunhui Li <chunhui.li@mediatek.com> Change-Id: I2811f794a836d7c8f868b4f069e5d1e05ed69741 |
||
|
Greg Kroah-Hartman
|
8f2e4ac396 |
Revert "cgroup: Make operations on the cgroup root_list RCU safe"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
b4c085bbdb |
Revert "cgroup: Move rcu_head up near the top of cgroup_root"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
aa4cd140bb |
Linux 6.1.112
Link: https://lore.kernel.org/r/20240927121719.897851549@linuxfoundation.org Tested-by: Peter Schneider <pschneider1968@googlemail.com> Tested-by: Allen Pais <apais@linux.microsoft.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: Salvatore Bonaccorso <carnil@debian.org> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Ron Economos <re@w6rz.net> Tested-by: kernelci.org bot <bot@kernelci.org> Tested-by: Pavel Machek (CIP) <pavel@denx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Edward Adam Davis
|
ba6269e187 |
USB: usbtmc: prevent kernel-usb-infoleak
commit 625fa77151f00c1bd00d34d60d6f2e710b3f9aad upstream.
The syzbot reported a kernel-usb-infoleak in usbtmc_write,
we need to clear the structure before filling fields.
Fixes:
|
||
|
Junhao Xie
|
c74796ff4f |
USB: serial: pl2303: add device id for Macrosilicon MS3020
commit 7d47d22444bb7dc1b6d768904a22070ef35e1fc0 upstream. Add the device id for the Macrosilicon MS3020 which is a PL2303HXN based device. Signed-off-by: Junhao Xie <bigfoot@classfun.cn> Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Tony Luck
|
a20eea14a6 |
x86/mm: Switch to new Intel CPU model defines
commit 2eda374e883ad297bd9fe575a16c1dc850346075 upstream. New CPU #defines encode vendor and family as well as model. [ dhansen: vertically align 0's in invlpg_miss_ids[] ] Signed-off-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/all/20240424181518.41946-1-tony.luck%40intel.com [ Ricardo: I used the old match macro X86_MATCH_INTEL_FAM6_MODEL() instead of X86_MATCH_VFM() as in the upstream commit. I also kept the ALDERLAKE_N name instead of ATOM_GRACEMONT. Both refer to the same CPU model. ] Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Sumeet Pawnikar
|
ee8adcb4c0 |
powercap: RAPL: fix invalid initialization for pl4_supported field
commit |
||
|
Filipe Manana
|
563df8b411 |
btrfs: calculate the right space for delayed refs when updating global reserve
commit |
||
|
Matthieu Baerts (NGI0)
|
2626cbee1f |
selftests: mptcp: join: restrict fullmesh endp on 1st sf
commit 49ac6f05ace5bb0070c68a0193aa05d3c25d4c83 upstream. A new endpoint using the IP of the initial subflow has been recently added to increase the code coverage. But it breaks the test when using old kernels not having commit |
||
|
Marc Kleine-Budde
|
0ba8b599c3 |
can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop()
commit a7801540f325d104de5065850a003f1d9bdc6ad3 upstream. The mcp251xfd wakes up from Low Power or Sleep Mode when SPI activity is detected. To avoid this, make sure that the timestamp worker is stopped before shutting down the chip. Split the starting of the timestamp worker out of mcp251xfd_timestamp_init() into the separate function mcp251xfd_timestamp_start(). Call mcp251xfd_timestamp_init() before mcp251xfd_chip_start(), move mcp251xfd_timestamp_start() to mcp251xfd_chip_start(). In this way, mcp251xfd_timestamp_stop() can be called unconditionally by mcp251xfd_chip_stop(). Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Marc Kleine-Budde
|
88047c4b2d |
can: mcp251xfd: properly indent labels
commit 51b2a721612236335ddec4f3fb5f59e72a204f3a upstream. To fix the coding style, remove the whitespace in front of labels. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Hagar Hemdan
|
672c19165f |
gpio: prevent potential speculation leaks in gpio_device_get_desc()
commit d795848ecce24a75dfd46481aee066ae6fe39775 upstream. Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Hagar Hemdan <hagarhem@amazon.com> Link: https://lore.kernel.org/r/20240523085332.1801-1-hagarhem@amazon.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kent Gibson
|
5c3a421c1f |
gpiolib: cdev: Ignore reconfiguration without direction
commit b440396387418fe2feaacd41ca16080e7a8bc9ad upstream.
linereq_set_config() behaves badly when direction is not set.
The configuration validation is borrowed from linereq_create(), where,
to verify the intent of the user, the direction must be set to in order to
effect a change to the electrical configuration of a line. But, when
applied to reconfiguration, that validation does not allow for the unset
direction case, making it possible to clear flags set previously without
specifying the line direction.
Adding to the inconsistency, those changes are not immediately applied by
linereq_set_config(), but will take effect when the line value is next get
or set.
For example, by requesting a configuration with no flags set, an output
line with GPIO_V2_LINE_FLAG_ACTIVE_LOW and GPIO_V2_LINE_FLAG_OPEN_DRAIN
set could have those flags cleared, inverting the sense of the line and
changing the line drive to push-pull on the next line value set.
Skip the reconfiguration of lines for which the direction is not set, and
only reconfigure the lines for which direction is set.
Fixes:
|
||
|
Ping-Ke Shih
|
e388656a85 |
Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
This reverts commit
|
||
|
Pablo Neira Ayuso
|
ddeead4761 |
netfilter: nf_tables: missing iterator type in lookup walk
commit efefd4f00c967d00ad7abe092554ffbb70c1a793 upstream.
Add missing decorator type to lookup expression and tighten WARN_ON_ONCE
check in pipapo to spot earlier that this is unset.
Fixes: 29b359cf6d95 ("netfilter: nft_set_pipapo: walk over current view on netlink dump")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pablo Neira Ayuso
|
52735a010f |
netfilter: nft_set_pipapo: walk over current view on netlink dump
commit 29b359cf6d95fd60730533f7f10464e95bd17c73 upstream.
The generation mask can be updated while netlink dump is in progress.
The pipapo set backend walk iterator cannot rely on it to infer what
view of the datastructure is to be used. Add notation to specify if user
wants to read/update the set.
Based on patch from Florian Westphal.
Fixes:
|
||
|
Dan Carpenter
|
8a64f87e74 |
netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()
commit 7052622fccb1efb850c6b55de477f65d03525a30 upstream.
The cgroup_get_from_path() function never returns NULL, it returns error
pointers. Update the error handling to match.
Fixes: 7f3287db6543 ("netfilter: nft_socket: make cgroupsv2 matching work with namespaces")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://patch.msgid.link/bbc0c4e0-05cc-4f44-8797-2f4b3920a820@stanley.mountain
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Florian Westphal
|
ace0db36b4 |
netfilter: nft_socket: make cgroupsv2 matching work with namespaces
commit 7f3287db654395f9c5ddd246325ff7889f550286 upstream.
When running in container environmment, /sys/fs/cgroup/ might not be
the real root node of the sk-attached cgroup.
Example:
In container:
% stat /sys//fs/cgroup/
Device: 0,21 Inode: 2214 ..
% stat /sys/fs/cgroup/foo
Device: 0,21 Inode: 2264 ..
The expectation would be for:
nft add rule .. socket cgroupv2 level 1 "foo" counter
to match traffic from a process that got added to "foo" via
"echo $pid > /sys/fs/cgroup/foo/cgroup.procs".
However, 'level 3' is needed to make this work.
Seen from initial namespace, the complete hierarchy is:
% stat /sys/fs/cgroup/system.slice/docker-.../foo
Device: 0,21 Inode: 2264 ..
i.e. hierarchy is
0 1 2 3
/ -> system.slice -> docker-1... -> foo
... but the container doesn't know that its "/" is the "docker-1.."
cgroup. Current code will retrieve the 'system.slice' cgroup node
and store its kn->id in the destination register, so compare with
2264 ("foo" cgroup id) will not match.
Fetch "/" cgroup from ->init() and add its level to the level we try to
extract. cgroup root-level is 0 for the init-namespace or the level
of the ancestor that is exposed as the cgroup root inside the container.
In the above case, cgrp->level of "/" resolved in the container is 2
(docker-1...scope/) and request for 'level 1' will get adjusted
to fetch the actual level (3).
v2: use CONFIG_SOCK_CGROUP_DATA, eval function depends on it.
(kernel test robot)
Cc: cgroups@vger.kernel.org
Fixes:
|
||
|
Dave Chinner
|
5899daf1d8 |
xfs: journal geometry is not properly bounds checked
[ Upstream commit
|
||
|
Darrick J. Wong
|
68e6efe0d4 |
xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
[ Upstream commit |
||
|
Darrick J. Wong
|
af871df651 |
xfs: fix reloading entire unlinked bucket lists
[ Upstream commit |
||
|
Darrick J. Wong
|
62ca591045 |
xfs: make inode unlinked bucket recovery work with quotacheck
[ Upstream commit
|
||
|
Darrick J. Wong
|
e9d1551f80 |
xfs: reload entire unlinked bucket lists
[ Upstream commit
|
||
|
Darrick J. Wong
|
8ffd3ae7a0 |
xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list
[ Upstream commit
|
||
|
Shiyang Ruan
|
8e2147f37f |
xfs: correct calculation for agend and blockcount
[ Upstream commit |
||
|
Dave Chinner
|
d931b6c6a9 |
xfs: fix unlink vs cluster buffer instantiation race
[ Upstream commit 348a1983cf4cf5099fc398438a968443af4c9f65 ]
Luis has been reporting an assert failure when freeing an inode
cluster during inode inactivation for a while. The assert looks
like:
XFS: Assertion failed: bp->b_flags & XBF_DONE, file: fs/xfs/xfs_trans_buf.c, line: 241
------------[ cut here ]------------
kernel BUG at fs/xfs/xfs_message.c:102!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 4 PID: 73 Comm: kworker/4:1 Not tainted 6.10.0-rc1 #4
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: xfs-inodegc/loop5 xfs_inodegc_worker [xfs]
RIP: 0010:assfail (fs/xfs/xfs_message.c:102) xfs
RSP: 0018:ffff88810188f7f0 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88816e748250 RCX: 1ffffffff844b0e7
RDX: 0000000000000004 RSI: ffff88810188f558 RDI: ffffffffc2431fa0
RBP: 1ffff11020311f01 R08: 0000000042431f9f R09: ffffed1020311e9b
R10: ffff88810188f4df R11: ffffffffac725d70 R12: ffff88817a3f4000
R13: ffff88812182f000 R14: ffff88810188f998 R15: ffffffffc2423f80
FS: 0000000000000000(0000) GS:ffff8881c8400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fe9d0f109c CR3: 000000014426c002 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
xfs_trans_read_buf_map (fs/xfs/xfs_trans_buf.c:241 (discriminator 1)) xfs
xfs_imap_to_bp (fs/xfs/xfs_trans.h:210 fs/xfs/libxfs/xfs_inode_buf.c:138) xfs
xfs_inode_item_precommit (fs/xfs/xfs_inode_item.c:145) xfs
xfs_trans_run_precommits (fs/xfs/xfs_trans.c:931) xfs
__xfs_trans_commit (fs/xfs/xfs_trans.c:966) xfs
xfs_inactive_ifree (fs/xfs/xfs_inode.c:1811) xfs
xfs_inactive (fs/xfs/xfs_inode.c:2013) xfs
xfs_inodegc_worker (fs/xfs/xfs_icache.c:1841 fs/xfs/xfs_icache.c:1886) xfs
process_one_work (kernel/workqueue.c:3231)
worker_thread (kernel/workqueue.c:3306 (discriminator 2) kernel/workqueue.c:3393 (discriminator 2))
kthread (kernel/kthread.c:389)
ret_from_fork (arch/x86/kernel/process.c:147)
ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
</TASK>
And occurs when the the inode precommit handlers is attempt to look
up the inode cluster buffer to attach the inode for writeback.
The trail of logic that I can reconstruct is as follows.
1. the inode is clean when inodegc runs, so it is not
attached to a cluster buffer when precommit runs.
2. #1 implies the inode cluster buffer may be clean and not
pinned by dirty inodes when inodegc runs.
3. #2 implies that the inode cluster buffer can be reclaimed
by memory pressure at any time.
4. The assert failure implies that the cluster buffer was
attached to the transaction, but not marked done. It had
been accessed earlier in the transaction, but not marked
done.
5. #4 implies the cluster buffer has been invalidated (i.e.
marked stale).
6. #5 implies that the inode cluster buffer was instantiated
uninitialised in the transaction in xfs_ifree_cluster(),
which only instantiates the buffers to invalidate them
and never marks them as done.
Given factors 1-3, this issue is highly dependent on timing and
environmental factors. Hence the issue can be very difficult to
reproduce in some situations, but highly reliable in others. Luis
has an environment where it can be reproduced easily by g/531 but,
OTOH, I've reproduced it only once in ~2000 cycles of g/531.
I think the fix is to have xfs_ifree_cluster() set the XBF_DONE flag
on the cluster buffers, even though they may not be initialised. The
reasons why I think this is safe are:
1. A buffer cache lookup hit on a XBF_STALE buffer will
clear the XBF_DONE flag. Hence all future users of the
buffer know they have to re-initialise the contents
before use and mark it done themselves.
2. xfs_trans_binval() sets the XFS_BLI_STALE flag, which
means the buffer remains locked until the journal commit
completes and the buffer is unpinned. Hence once marked
XBF_STALE/XFS_BLI_STALE by xfs_ifree_cluster(), the only
context that can access the freed buffer is the currently
running transaction.
3. #2 implies that future buffer lookups in the currently
running transaction will hit the transaction match code
and not the buffer cache. Hence XBF_STALE and
XFS_BLI_STALE will not be cleared unless the transaction
initialises and logs the buffer with valid contents
again. At which point, the buffer will be marked marked
XBF_DONE again, so having XBF_DONE already set on the
stale buffer is a moot point.
4. #2 also implies that any concurrent access to that
cluster buffer will block waiting on the buffer lock
until the inode cluster has been fully freed and is no
longer an active inode cluster buffer.
5. #4 + #1 means that any future user of the disk range of
that buffer will always see the range of disk blocks
covered by the cluster buffer as not done, and hence must
initialise the contents themselves.
6. Setting XBF_DONE in xfs_ifree_cluster() then means the
unlinked inode precommit code will see a XBF_DONE buffer
from the transaction match as it expects. It can then
attach the stale but newly dirtied inode to the stale
but newly dirtied cluster buffer without unexpected
failures. The stale buffer will then sail through the
journal and do the right thing with the attached stale
inode during unpin.
Hence the fix is just one line of extra code. The explanation of
why we have to set XBF_DONE in xfs_ifree_cluster, OTOH, is long and
complex....
Fixes:
|
||
|
Darrick J. Wong
|
1486aeb788 |
xfs: fix negative array access in xfs_getbmap
[ Upstream commit |
||
|
Darrick J. Wong
|
4790c167cc |
xfs: load uncached unlinked inodes into memory on demand
[ Upstream commit
|
||
|
Shiyang Ruan
|
0cc1922687 |
xfs: fix the calculation for "end" and "length"
[ Upstream commit
|
||
|
Dave Chinner
|
4427e3d362 |
xfs: remove WARN when dquot cache insertion fails
[ Upstream commit
|
||
|
Long Li
|
e8c6533404 |
xfs: fix ag count overflow during growfs
[ Upstream commit
|
||
|
Dave Chinner
|
02f44e7ff6 |
xfs: collect errors from inodegc for unlinked inode recovery
[ Upstream commit
|
||
|
Dave Chinner
|
65fc94fc87 |
xfs: fix AGF vs inode cluster buffer deadlock
[ Upstream commit |
||
|
Dave Chinner
|
b4aea9f9e0 |
xfs: defered work could create precommits
[ Upstream commit
|
||
|
Dave Chinner
|
8127489103 |
xfs: buffer pins need to hold a buffer reference
[ Upstream commit
|
||
|
Ye Bin
|
cbf91ddb88 |
xfs: fix BUG_ON in xfs_getbmap()
[ Upstream commit
|
||
|
Dave Chinner
|
fcd6ff906d |
xfs: quotacheck failure can race with background inode inactivation
[ Upstream commit
|
||
|
Darrick J. Wong
|
120108df92 |
xfs: fix uninitialized variable access
[ Upstream commit
|
||
|
Dave Chinner
|
ce563912b0 |
xfs: block reservation too large for minleft allocation
[ Upstream commit
|
||
|
Dave Chinner
|
0e3c9d6950 |
xfs: prefer free inodes at ENOSPC over chunk allocation
[ Upstream commit
|
||
|
Dave Chinner
|
bb798c9128 |
xfs: fix low space alloc deadlock
[ Upstream commit
|
||
|
Dave Chinner
|
cdbc02da9f |
xfs: don't use BMBT btree split workers for IO completion
[ Upstream commit
|
||
|
Wengang Wang
|
98b8fd60b3 |
xfs: fix extent busy updating
[ Upstream commit
|
||
|
Wu Guanghao
|
b36c2ae02a |
xfs: Fix deadlock on xfs_inodegc_worker
[ Upstream commit
|
||
|
Dave Chinner
|
d2b4752119 |
xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
[ Upstream commit
|
||
|
Ferry Meng
|
cfb926051f |
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
[ Upstream commit af77c4fc1871847b528d58b7fdafb4aa1f6a9262 ] xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.com Signed-off-by: Ferry Meng <mengferry@linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reported-by: lei lu <llfamsec@gmail.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jun Piao <piaojun@huawei.com> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |