mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-09 12:17:12 +09:00
45caefa378d055c5a89eb4f3fd457ae1fb89cd1e
5715 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
ef60b4555d |
Merge 6.1.141 into android14-6.1-lts
Changes in 6.1.141 gpio: pca953x: Add missing header(s) gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() gpio: pca953x: Simplify code with cleanup helpers gpio: pca953x: fix IRQ storm on system wake up phy: renesas: rcar-gen3-usb2: Add support to initialize the bus phy: renesas: rcar-gen3-usb2: Move IRQ request in probe phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off scsi: target: iscsi: Fix timeout on deleted connection virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN dma-mapping: avoid potential unused data compilation warning cgroup: Fix compilation issue due to cgroup_mutex not being exported scsi: mpi3mr: Add level check to control event logging net: enetc: refactor bulk flipping of RX buffers to separate function drm/amdgpu: Allow P2P access through XGMI selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure bpf: fix possible endless loop in BPF map iteration samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora kconfig: merge_config: use an empty file as initfile s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES cifs: Fix querying and creating MF symlinks over SMB1 cifs: Fix negotiate retry functionality fuse: Return EPERM rather than ENOSYS from link() NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() NFS: Don't allow waiting for exiting tasks SUNRPC: Don't allow waiting for exiting tasks arm64: Add support for HIP09 Spectre-BHB mitigation tracing: Mark binary printing functions with __printf() attribute mailbox: use error ret code of of_parse_phandle_with_args() fbdev: fsl-diu-fb: add missing device_remove_file() fbcon: Use correct erase colour for clearing in fbcon fbdev: core: tileblit: Implement missing margin clearing for tileblit cifs: Fix establishing NetBIOS session for SMB2+ connection NFSv4: Treat ENETUNREACH errors as fatal for state recovery SUNRPC: rpc_clnt_set_transport() must not change the autobind setting SUNRPC: rpcbind should never reset the port to the value '0' thermal/drivers/qoriq: Power down TMU on system suspend dql: Fix dql->limit value when reset. lockdep: Fix wait context check on softirq for PREEMPT_RT objtool: Properly disable uaccess validation PCI: dwc: ep: Ensure proper iteration over outbound map windows tools/build: Don't pass test log files to linker pNFS/flexfiles: Report ENETDOWN as a connection error PCI: vmd: Disable MSI remapping bypass under Xen libnvdimm/labels: Fix divide error in nd_label_data_init() mmc: host: Wait for Vdd to settle on card power off x86/mm: Check return value from memblock_phys_alloc_range() i2c: qup: Vote for interconnect bandwidth to DRAM i2c: pxa: fix call balance of i2c->clk handling routines btrfs: make btrfs_discard_workfn() block_group ref explicit btrfs: avoid linker error in btrfs_find_create_tree_block() btrfs: run btrfs_error_commit_super() early btrfs: fix non-empty delayed iputs list on unmount due to async workers btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() btrfs: send: return -ENAMETOOLONG when attempting a path that is too long drm/amd/display: Guard against setting dispclk low for dcn31x i3c: master: svc: Fix missing STOP for master request dlm: make tcp still work in multi-link env um: Store full CSGSFS and SS register from mcontext um: Update min_low_pfn to match changes in uml_reserved ext4: reorder capability check last scsi: st: Tighten the page format heuristics with MODE SELECT scsi: st: ERASE does not change tape location vfio/pci: Handle INTx IRQ_NOTCONNECTED bpf: Return prog btf_id without capable check tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() rtc: rv3032: fix EERD location thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect kbuild: fix argument parsing in scripts/config crypto: octeontx2 - suppress auth failure screaming due to negative tests dm: restrict dm device size to 2^63-512 bytes net/smc: use the correct ndev to find pnetid by pnetid table xen: Add support for XenServer 6.1 platform device pinctrl-tegra: Restore SFSEL bit when freeing pins ASoC: sun4i-codec: support hp-det-gpios property ext4: reject the 'data_err=abort' option in nojournal mode RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() posix-timers: Add cond_resched() to posix_timer_add() search loop timer_list: Don't use %pK through printk() netfilter: conntrack: Bound nf_conntrack sysctl writes arm64/mm: Check PUD_TYPE_TABLE in pud_bad() mmc: dw_mmc: add exynos7870 DW MMC support mmc: sdhci: Disable SD card clock before changing parameters hwmon: (dell-smm) Increment the number of fans ipv6: save dontfrag in cork drm/amd/display: calculate the remain segments for all pipes gfs2: Check for empty queue in run_queue auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() iommu/amd/pgtbl_v2: Improve error handling cpufreq: tegra186: Share policy per cluster crypto: lzo - Fix compression buffer overrun arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 ALSA: seq: Improve data consistency at polling tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() rtc: ds1307: stop disabling alarms on probe ieee802154: ca8210: Use proper setters and getters for bitwise types ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() dm cache: prevent BUG_ON by blocking retries on failed device resumes orangefs: Do not truncate file size net: phylink: use pl->link_interface in phylink_expects_phy() remoteproc: qcom_wcnss: Handle platforms with only single power domain drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c media: cx231xx: set device_caps for 417 pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" net: ethernet: ti: cpsw_new: populate netdev of_node net: pktgen: fix mpls maximum labels list parsing perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). drm/rockchip: vop2: Add uv swap for cluster window media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map clk: imx8mp: inform CCF of maximum frequency of clocks x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 hwmon: (gpio-fan) Add missing mutex locks ARM: at91: pm: fix at91_suspend_finish for ZQ calibration drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence fpga: altera-cvp: Increase credit timeout soc: apple: rtkit: Use high prio work queue soc: apple: rtkit: Implement OSLog buffers properly PCI: brcmstb: Expand inbound window size up to 64GB PCI: brcmstb: Add a softdep to MIP MSI-X driver firmware: arm_ffa: Set dma_mask for ffa devices net/mlx5: Avoid report two health errors on same syndrome selftests/net: have `gro.sh -t` return a correct exit code drm/amdkfd: KFD release_work possible circular locking leds: pwm-multicolor: Add check for fwnode_property_read_u32 net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only net: xgene-v2: remove incorrect ACPI_PTR annotation bonding: report duplicate MAC address in all situations soc: ti: k3-socinfo: Do not use syscon helper to build regmap x86/build: Fix broken copy command in genimage.sh when making isoimage drm/amd/display: handle max_downscale_src_width fail check x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() cpuidle: menu: Avoid discarding useful information media: adv7180: Disable test-pattern control on adv7180 libbpf: Fix out-of-bound read dm: fix unconditional IO throttle caused by REQ_PREFLUSH x86/kaslr: Reduce KASLR entropy on most x86 systems MIPS: Use arch specific syscall name match function genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core clocksource: mips-gic-timer: Enable counter when CPUs start scsi: mpt3sas: Send a diag reset if target reset fails wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() net: pktgen: fix access outside of user given buffer in pktgen_thread_write() EDAC/ie31200: work around false positive build warning i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) serial: mctrl_gpio: split disable_ms into sync and no_sync APIs RDMA/core: Fix best page size finding when it can cross SG entries pmdomain: imx: gpcv2: use proper helper for property detection can: c_can: Use of_property_present() to test existence of DT property eth: mlx4: don't try to complete XDP frames in netpoll PCI: Fix old_size lower bound in calculate_iosize() too ACPI: HED: Always initialize before evged vxlan: Join / leave MC group after remote changes media: test-drivers: vivid: don't call schedule in loop net/mlx5: Modify LSB bitmask in temperature event to include only the first bit net/mlx5: Apply rate-limiting to high temperature warning ASoC: ops: Enforce platform maximum on initial value ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG ASoC: tas2764: Mark SW_RESET as volatile ASoC: tas2764: Power up/down amp on mute ops ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map smack: recognize ipv4 CIPSO w/o categories kunit: tool: Use qboot on QEMU x86_64 net/mlx4_core: Avoid impossible mlx4_db_alloc() order value clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate serial: sh-sci: Update the suspend/resume support phy: core: don't require set_mode() callback for phy_get_mode() to work drm/amdgpu: reset psp->cmd to NULL after releasing the buffer drm/amd/display: Initial psr_version with correct setting drm/amdgpu: enlarge the VBIOS binary size limit drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB net/mlx5e: set the tx_queue_len for pfifo_fast net/mlx5e: reduce rep rxq depth to 256 for ECPF wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() wifi: mac80211: remove misplaced drv_mgd_complete_tx() call arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). r8152: add vendor/device ID pair for Dell Alienware AW1022z wifi: rtw88: Fix download_firmware_validate() for RTL8814AU clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs hwmon: (xgene-hwmon) use appropriate type for the latency value media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available vxlan: Annotate FDB data races r8169: don't scan PHY addresses > 0 rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y rcu: handle unstable rdp in rcu_read_unlock_strict() rcu: fix header guard for rcu_all_qs() perf: Avoid the read if the count is already updated ice: count combined queues using Rx/Tx count net/mana: fix warning in the writer of client oob scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails scsi: st: Restore some drive settings after reset HID: usbkbd: Fix the bit shift number for LED_KANA ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode drm/ast: Find VBIOS mode from regular display size bpftool: Fix readlink usage in get_fd_type perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt wifi: rtl8xxxu: retry firmware download on error wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet spi: zynqmp-gqspi: Always acknowledge interrupts regulator: ad5398: Add device tree support wifi: ath9k: return by of_get_mac_address drm/atomic: clarify the rules around drm_atomic_state->allow_modeset drm/panel-edp: Add Starry 116KHD024006 drm: Add valid clones check ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() pinctrl: meson: define the pull up/down resistor value as 60 kOhm ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx nvmet-tcp: don't restore null sk_state_change io_uring/fdinfo: annotate racy sq/cq head/tail reads btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref wifi: iwlwifi: add support for Killer on MTL xenbus: Allow PVH dom0 a non-local xenstore __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock espintcp: remove encap socket caching to avoid reference leak dmaengine: idxd: add per DSA wq workqueue for processing cr faults dmaengine: idxd: add idxd_copy_cr() to copy user completion record during page fault handling dmaengine: idxd: Fix allowing write() from different address spaces remoteproc: qcom_wcnss: Fix on platforms without fallback regulators clk: sunxi-ng: d1: Add missing divider for MMC mod clocks xfrm: Sanitize marks before insert dmaengine: idxd: Fix ->poll() return value Bluetooth: L2CAP: Fix not checking l2cap_chan security level bridge: netfilter: Fix forwarding of fragmented packets ice: fix vf->num_mac count with port representors net: dwmac-sun8i: Use parsed internal PHY address instead of 1 net: lan743x: Restore SGMII CTRL register on resume io_uring: fix overflow resched cqe reordering sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() octeontx2-pf: Add support for page pool octeontx2-pf: Add AF_XDP non-zero copy support net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done octeontx2-af: Set LMT_ENA bit for APR table entries octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG crypto: algif_hash - fix double free in hash_accept padata: do not leak refcount in reorder_work can: slcan: allow reception of short error messages can: bcm: add locking for bcm_op runtime updates can: bcm: add missing rcu read protection for procfs content ALSA: pcm: Fix race of buffer access at PCM OSS layer ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 llc: fix data loss when reading from a socket in llc_ui_recvmsg() platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() drm/edid: fixed the bug that hdr metadata was not reset smb: client: Fix use-after-free in cifs_fill_dirent smb: client: Reset all search buffer pointers when releasing buffer Revert "drm/amd: Keep display off while going into S4" memcg: always call cond_resched() after fn() mm/page_alloc.c: avoid infinite retries caused by cpuset race Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" ksmbd: fix stream write failure spi: spi-fsl-dspi: restrict register range for regmap access spi: spi-fsl-dspi: Halt the module after a new message transfer spi: spi-fsl-dspi: Reset SR flags before sending a new message kbuild: Disable -Wdefault-const-init-unsafe serial: sh-sci: Save and restore more registers pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers bounce buffers dmaengine: idxd: Fix passing freed memory in idxd_cdev_open() octeontx2-pf: fix page_pool creation fail for rings > 32k octeontx2-pf: Fix page pool cache index corruption. octeontx2-pf: Fix page pool frag allocation warning hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING btrfs: check folio mapping after unlock in relocate_one_folio() af_unix: Kconfig: make CONFIG_UNIX bool af_unix: Return struct unix_sock from unix_get_socket(). af_unix: Run GC on only one CPU. af_unix: Try to run GC async. af_unix: Replace BUG_ON() with WARN_ON_ONCE(). af_unix: Remove io_uring code for GC. af_unix: Remove CONFIG_UNIX_SCM. af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd. af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd. af_unix: Link struct unix_edge when queuing skb. af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb. af_unix: Iterate all vertices by DFS. af_unix: Detect Strongly Connected Components. af_unix: Save listener for embryo socket. af_unix: Fix up unix_edge.successor for embryo socket. af_unix: Save O(n) setup of Tarjan's algo. af_unix: Skip GC if no cycle exists. af_unix: Avoid Tarjan's algorithm if unnecessary. af_unix: Assign a unique index to SCC. af_unix: Detect dead SCC. af_unix: Replace garbage collection algorithm. af_unix: Remove lock dance in unix_peek_fds(). af_unix: Try not to hold unix_gc_lock during accept(). af_unix: Don't access successor in unix_del_edges() during GC. af_unix: Add dead flag to struct scm_fp_list. af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS af_unix: Fix uninit-value in __unix_walk_scc() arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node net_sched: hfsc: Address reentrant enqueue adding class to eltree twice perf/arm-cmn: Fix REQ2/SNP2 mixup perf/arm-cmn: Initialise cmn->cpu earlier coredump: fix error handling for replace_fd() pid: add pidfd_prepare() fork: use pidfd_prepare() coredump: hand a pidfd to the usermode coredump helper HID: quirks: Add ADATA XPG alpha wireless mouse support nfs: don't share pNFS DS connections between net namespaces platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS um: let 'make clean' properly clean underlying SUBARCH as well spi: spi-sun4i: fix early activation nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro NFS: Avoid flushing data while holding directory locks in nfs_rename() platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys platform/x86: thinkpad_acpi: Ignore battery threshold change event notification net: ethernet: ti: am65-cpsw: Lower random mac address error print to info Linux 6.1.141 Change-Id: I4b93f8e69385f2087bf71545f58ae6f5cee1c5ba Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Konstantin Andreev
|
5d08c89c2a |
smack: recognize ipv4 CIPSO w/o categories
[ Upstream commit a158a937d864d0034fea14913c1f09c6d5f574b8 ]
If SMACK label has CIPSO representation w/o categories, e.g.:
| # cat /smack/cipso2
| foo 10
| @ 250/2
| ...
then SMACK does not recognize such CIPSO in input ipv4 packets
and substitues '*' label instead. Audit records may look like
| lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied
| subject="*" object="_" requested=w pid=0 comm="swapper/1" ...
This happens in two steps:
1) security/smack/smackfs.c`smk_set_cipso
does not clear NETLBL_SECATTR_MLS_CAT
from (struct smack_known *)skp->smk_netlabel.flags
on assigning CIPSO w/o categories:
| rcu_assign_pointer(skp->smk_netlabel.attr.mls.cat, ncats.attr.mls.cat);
| skp->smk_netlabel.attr.mls.lvl = ncats.attr.mls.lvl;
2) security/smack/smack_lsm.c`smack_from_secattr
can not match skp->smk_netlabel with input packet's
struct netlbl_lsm_secattr *sap
because sap->flags have not NETLBL_SECATTR_MLS_CAT (what is correct)
but skp->smk_netlabel.flags have (what is incorrect):
| if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
| if ((skp->smk_netlabel.flags &
| NETLBL_SECATTR_MLS_CAT) == 0)
| found = 1;
| break;
| }
This commit sets/clears NETLBL_SECATTR_MLS_CAT in
skp->smk_netlabel.flags according to the presense of CIPSO categories.
The update of smk_netlabel is not atomic, so input packets processing
still may be incorrect during short time while update proceeds.
Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
92d048684a |
Merge 16c54d6a49 ("mm: fix apply_to_existing_page_range()") into android14-6.1-lts
Steps on the way to 6.1.135 Change-Id: I789088e35ba0c1f8c14466c6440828e3249159df Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mickaël Salaün
|
b66bc16f4c |
landlock: Add the errata interface
commit 15383a0d63dbcd63dc7e8d9ec1bf3a0f7ebf64ac upstream.
Some fixes may require user space to check if they are applied on the
running kernel before using a specific feature. For instance, this
applies when a restriction was previously too restrictive and is now
getting relaxed (e.g. for compatibility reasons). However, non-visible
changes for legitimate use (e.g. security fixes) do not require an
erratum.
Because fixes are backported down to a specific Landlock ABI, we need a
way to avoid cherry-pick conflicts. The solution is to only update a
file related to the lower ABI impacted by this issue. All the ABI files
are then used to create a bitmask of fixes.
The new errata interface is similar to the one used to get the supported
Landlock ABI version, but it returns a bitmask instead because the order
of fixes may not match the order of versions, and not all fixes may
apply to all versions.
The actual errata will come with dedicated commits. The description is
not actually used in the code but serves as documentation.
Create the landlock_abi_version symbol and use its value to check errata
consistency.
Update test_base's create_ruleset_checks_ordering tests and add errata
tests.
This commit is backportable down to the first version of Landlock.
Fixes:
|
||
|
Greg Kroah-Hartman
|
522ff9a1db |
Merge 6.1.134 into android14-6.1-lts
Changes in 6.1.134
watch_queue: fix pipe accounting mismatch
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
cpufreq: scpi: compare kHz instead of Hz
smack: dont compile ipv6 code unless ipv6 is configured
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
x86/fpu: Fix guest FPU state buffer allocation size
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
x86/platform: Only allow CONFIG_EISA for 32-bit
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
PM: sleep: Adjust check before setting power.must_resume
selinux: Chain up tool resolving errors in install_policy.sh
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
thermal: int340x: Add NULL check for adev
PM: sleep: Fix handling devices with direct_complete set on errors
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
media: verisilicon: HEVC: Initialize start_bit field
media: platform: allgro-dvt: unregister v4l2_device on the error path
ASoC: cs35l41: check the return value from spi_setup()
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
ALSA: hda/realtek: Always honor no_shutup_pins
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
drm/bridge: ti-sn65dsi86: Fix multiple instances
drm/dp_mst: Fix drm RAD print
drm/bridge: it6505: fix HDCP V match check is not performed correctly
drm: xlnx: zynqmp: Fix max dma segment size
drm/vkms: Fix use after free and double free on init error
PCI: Use downstream bridges for distributing resources
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
PCI/ASPM: Fix link state exit during switch upstream function removal
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
PCI/portdrv: Only disable pciehp interrupts early when needed
PCI: Avoid reset when disabled via sysfs
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
PCI: Remove stray put_device() in pci_register_host_bridge()
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
drm/amd/display: avoid NPD when ASIC does not support DMUB
PCI: pciehp: Don't enable HPIE when resuming in poll mode
fbdev: au1100fb: Move a variable assignment behind a null pointer check
mdacon: rework dependency list
fbdev: sm501fb: Add some geometry checks.
clk: amlogic: gxbb: drop incorrect flag on 32k clock
crypto: hisilicon/sec2 - fix for aead authsize alignment
remoteproc: core: Clear table_sz when rproc_shutdown
of: property: Increase NR_FWNODE_REFERENCE_ARGS
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
selftests/bpf: Fix string read in strncmp benchmark
clk: samsung: Fix UBSAN panic in samsung_clk_init()
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
bpf: Use preempt_count() directly in bpf_send_signal_common()
lib: 842: Improve error handling in sw842_compress()
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
RDMA/core: Don't expose hw_counters outside of init net namespace
RDMA/mlx5: Fix calculation of total invalidated pages
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
IB/mad: Check available slots before posting receive WRs
pinctrl: tegra: Set SFIO mode to Mux Register
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
selftests/bpf: Select NUMA_NO_NODE to create map
clk: amlogic: g12a: fix mmc A peripheral clock
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
power: supply: max77693: Fix wrong conversion of charge input threshold value
crypto: nx - Fix uninitialised hv_nxc on error
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
mfd: sm501: Switch to BIT() to mitigate integer overflows
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
crypto: hisilicon/sec2 - fix for aead auth key length
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
soundwire: slave: fix an OF node reference leak in soundwire slave device
coresight: catu: Fix number of pages while using 64k pages
coresight-etm4x: add isb() before reading the TRCSTATR
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
usb: xhci: correct debug message page size calculation
fs/ntfs3: Fix a couple integer overflows on 32bit systems
iio: adc: ad7124: Fix comparison of channel configs
perf evlist: Add success path to evlist__create_syswide_maps
perf units: Fix insufficient array space
kexec: initialize ELF lowest address to ULONG_MAX
ocfs2: validate l_tree_depth to avoid out-of-bounds access
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
fuse: fix dax truncate/punch_hole fault path
um: remove copy_from_kernel_nofault_allowed
i3c: master: svc: Fix missing the IBI rules
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
fs/procfs: fix the comment above proc_pid_wchan()
perf tools: annotate asm_pure_loop.S
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
exfat: fix the infinite loop in exfat_find_last_cluster()
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
rndis_host: Flag RNDIS modems as WWAN devices
ksmbd: use aead_request_free to match aead_request_alloc
ksmbd: fix multichannel connection failure
net/mlx5e: SHAMPO, Make reserved size independent of page size
ring-buffer: Fix bytes_dropped calculation issue
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: iwlwifi: mvm: use the right version of the rate API
nvme-tcp: fix possible UAF in nvme_tcp_poll
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
wifi: brcmfmac: keep power during suspend if board requires it
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
ALSA: hda/realtek: Fix Asus Z13 2025 audio
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
HID: i2c-hid: improve i2c_hid_get_report error message
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
sched/deadline: Use online cpus for validating runtime
locking/semaphore: Use wake_q to wake up processes outside lock critical section
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
drm/amd: Keep display off while going into S4
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
can: statistics: use atomic access in hot path
memory: omap-gpmc: drop no compatible check
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
ntb: intel: Fix using link status DB's
ASoC: imx-card: Add NULL check in imx_card_probe()
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
net_sched: skbprio: Remove overly strict queue assertions
net: mvpp2: Prevent parser TCAM memory corruption
udp: Fix memory accounting leak.
vsock: avoid timeout during connect() if the socket is closing
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
netfilter: nft_tunnel: fix geneve_opt type confusion addition
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
net: fix geneve_opt length integer overflow
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
arcnet: Add NULL check in com20020pci_probe()
io_uring/filetable: ensure node switch is always done, if needed
drm/amdgpu/gfx11: fix num_mec
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
usbnet:fix NPE during rx_complete
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
platform/x86: ISST: Correct command storage data length
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
perf/x86/intel: Apply static call for drain_pebs
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
kunit/overflow: Fix UB in overflow_allocation_test
btrfs: handle errors from btrfs_dec_ref() properly
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
ksmbd: add bounds check for create lease context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: validate zero num_subauth before sub_auth is accessed
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
arm64: Don't call NULL in do_compat_alignment_fixup()
ext4: don't over-report free space or inodes in statvfs
ext4: fix OOB read when checking dotdot dir
jfs: fix slab-out-of-bounds read in ea_get()
jfs: add index corruption check to DT_GETPAGE()
media: streamzap: fix race between device disconnection and urb callback
nfsd: put dl_stid if fail to queue dl_recall
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
tracing: Do not use PERF enums when perf is not defined
Linux 6.1.134
Change-Id: I839a629271fb53021a249cc4f69a668d78f723e3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Konstantin Andreev
|
d6937b1b4a |
smack: dont compile ipv6 code unless ipv6 is configured
[ Upstream commit bfcf4004bcbce2cb674b4e8dbd31ce0891766bac ]
I want to be sure that ipv6-specific code
is not compiled in kernel binaries
if ipv6 is not configured.
[1] was getting rid of "unused variable" warning, but,
with that, it also mandated compilation of a handful ipv6-
specific functions in ipv4-only kernel configurations:
smk_ipv6_localhost, smack_ipv6host_label, smk_ipv6_check.
Their compiled bodies are likely to be removed by compiler
from the resulting binary, but, to be on the safe side,
I remove them from the compiler view.
[1]
Fixes:
|
||
|
Greg Kroah-Hartman
|
ac6e319e7c |
Merge b3847b6622 ("iommu/arm-smmu-v3: Clean up more on probe failure") into android14-6.1-lts
Steps on the way to 6.1.129 Change-Id: Ibfe96f79401fb2bf536c39c9a473a784e0543ea2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
0d704e39b1 |
Merge e397ad3f16 ("ASoC: Intel: avs: Fix theoretical infinite loop") into android14-6.1-lts
Steps on the way to 6.1.129 Change-Id: I1dccc0094c873f1be70ee97b941f74b5ace58e1e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Tetsuo Handa
|
a01c200fa7 |
tomoyo: don't emit warning in tomoyo_write_control()
[ Upstream commit 3df7546fc03b8f004eee0b9e3256369f7d096685 ] syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line that is longer than 32KB, but such request will likely fail with -ENOMEM. Therefore, I feel that separately returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant. There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE. Reported-by: syzbot+7536f77535e5210a5c76@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7536f77535e5210a5c76 Reported-by: Leo Stone <leocstone@gmail.com> Closes: https://lkml.kernel.org/r/20241216021459.178759-2-leocstone@gmail.com Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Leo Stone
|
a0dec65f88 |
safesetid: check size of policy writes
[ Upstream commit f09ff307c7299392f1c88f763299e24bc99811c7 ] syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. Reported-by: syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a Signed-off-by: Leo Stone <leocstone@gmail.com> [PM: subject tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Mickaël Salaün
|
7d61212289 |
landlock: Handle weird files
[ Upstream commit 49440290a0935f428a1e43a5ac8dc275a647ff80 ]
A corrupted filesystem (e.g. bcachefs) might return weird files.
Instead of throwing a warning and allowing access to such file, treat
them as regular files.
Cc: Dave Chinner <david@fromorbit.com>
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Paul Moore <paul@paul-moore.com>
Reported-by: syzbot+34b68f850391452207df@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/000000000000a65b35061cffca61@google.com
Reported-by: syzbot+360866a59e3c80510a62@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/67379b3f.050a0220.85a0.0001.GAE@google.com
Reported-by: Ubisectech Sirius <bugreport@ubisectech.com>
Closes: https://lore.kernel.org/r/c426821d-8380-46c4-a494-7008bbd7dd13.bugreport@ubisectech.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
4ff68760c1 |
Merge 6.1.124 into android14-6.1-lts
Changes in 6.1.124 x86/hyperv: Fix hv tsc page based sched_clock for hibernation selinux: ignore unknown extended permissions btrfs: fix use-after-free in btrfs_encoded_read_endio() tracing: Have process_string() also allow arrays thunderbolt: Add support for Intel Lunar Lake thunderbolt: Add support for Intel Panther Lake-M/P thunderbolt: Don't display nvm_version unless upgrade supported xhci: retry Stop Endpoint on buggy NEC controllers usb: xhci: Limit Stop Endpoint retries xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic net: mctp: handle skb cleanup on sock_queue failures RDMA/mlx5: Enforce same type port association for multiport RoCE RDMA/bnxt_re: Add check for path mtu in modify_qp RDMA/bnxt_re: Fix reporting hw_ver in query_device RDMA/bnxt_re: Fix max_qp_wrs reported RDMA/bnxt_re: Fix the locking while accessing the QP table drm/bridge: adv7511_audio: Update Audio InfoFrame properly net: dsa: microchip: Fix KSZ9477 set_ageing_time function net: dsa: microchip: add ksz_rmw8() function net: dsa: microchip: Fix LAN937X set_ageing_time function RDMA/hns: Refactor mtr find RDMA/hns: Remove unused parameters and variables RDMA/hns: Fix mapping error of zero-hop WQE buffer RDMA/hns: Fix warning storm caused by invalid input in IO path RDMA/hns: Fix missing flush CQE for DWQE net: stmmac: platform: provide devm_stmmac_probe_config_dt() net: stmmac: don't create a MDIO bus if unnecessary net: stmmac: restructure the error path of stmmac_probe_config_dt() net: fix memory leak in tcp_conn_request() ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices ip_tunnel: annotate data-races around t->parms.link ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() net: Fix netns for ip_tunnel_init_flow() netrom: check buffer length before accessing it drm/i915/dg1: Fix power gate sequence. netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext net: llc: reset skb->transport_header ALSA: usb-audio: US16x08: Initialize array before use eth: bcmsysport: fix call balance of priv->clk handling routines net: mv643xx_eth: fix an OF node reference leak net: wwan: t7xx: Fix FSM command timeout issue RDMA/rtrs: Ensure 'ib_sge list' is accessible net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets net: restrict SO_REUSEPORT to inet sockets net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() af_packet: fix vlan_get_tci() vs MSG_PEEK af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK ila: serialize calls to nf_register_net_hooks() btrfs: rename and export __btrfs_cow_block() btrfs: fix use-after-free when COWing tree bock and tracing is enabled wifi: mac80211: wake the queues in case of failure in resume drm/amdkfd: Correct the migration DMA map direction btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model sound: usb: enable DSD output for ddHiFi TC44C sound: usb: format: don't warn that raw DSD is unsupported bpf: fix potential error return ksmbd: retry iterate_dir in smb2_query_dir net: usb: qmi_wwan: add Telit FE910C04 compositions Bluetooth: hci_core: Fix sleeping function called from invalid context irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base ARC: build: Try to guess GCC variant of cross compiler usb: xhci: Avoid queuing redundant Stop Endpoint commands modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host modpost: fix the missed iteration for the max bit in do_input() ALSA hda/realtek: Add quirk for Framework F111:000C ALSA: seq: oss: Fix races at processing SysEx messages kcov: mark in_softirq_really() as __always_inline RDMA/uverbs: Prevent integer overflow issue pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking sky2: Add device ID 11ab:4373 for Marvell 88E8075 net/sctp: Prevent autoclose integer overflow in sctp_association_init() drm: adv7511: Drop dsi single lane support dt-bindings: display: adi,adv7533: Drop single lane support mm/readahead: fix large folio support in async readahead mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() mptcp: fix TCP options overflow. mptcp: fix recvbuffer adjust on sleeping rcvmsg mptcp: don't always assume copied data in mptcp_cleanup_rbuf() zram: check comp is non-NULL before calling comp_destroy Linux 6.1.124 Change-Id: I43da72a5fa6821c2f14540a42f7f3866982a95b5 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thiébaud Weksteen
|
c79324d42f |
selinux: ignore unknown extended permissions
commit 900f83cf376bdaf798b6f5dcb2eae0c822e908b6 upstream.
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
daaf475999 |
Merge 749a916a9c ("usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED") into android14-6.1-lts
Steps on the way to 6.1.121
Resolves merge conflicts in:
fs/f2fs/file.c
fs/f2fs/segment.c
Change-Id: Ib221190cc792a39283e1aac50f5038484f2ef1a2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jinjie Ruan
|
89265f8870 |
apparmor: test: Fix memory leak for aa_unpack_strdup()
commit 7290f59231910ccba427d441a6e8b8c6f6112448 upstream.
The string allocated by kmemdup() in aa_unpack_strdup() is not
freed and cause following memory leaks, free them to fix it.
unreferenced object 0xffffff80c6af8a50 (size 8):
comm "kunit_try_catch", pid 225, jiffies 4294894407
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80c2a29090 (size 8):
comm "kunit_try_catch", pid 227, jiffies 4294894409
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
Cc: stable@vger.kernel.org
Fixes:
|
||
|
chao liu
|
3ae27e61d1 |
apparmor: fix 'Do simple duplicate message elimination'
[ Upstream commit 9b897132424fe76bf6c61f22f9cf12af7f1d1e6a ]
Multiple profiles shared 'ent->caps', so some logs missed.
Fixes:
|
||
|
Greg Kroah-Hartman
|
58f9413785 |
Merge 6.1.119 into android14-6.1-lts
Changes in 6.1.119 netlink: terminate outstanding dump on socket close net: vertexcom: mse102x: Fix tx_bytes calculation drm/rockchip: vop: Fix a dereferenced before check warning mptcp: error out earlier on disconnect net/mlx5: fs, lock FTE when checking if active net/mlx5e: kTLS, Fix incorrect page refcounting net/mlx5e: CT: Fix null-ptr-deref in add rule err flow virtio/vsock: Fix accept_queue memory leak Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Bluetooth: hci_core: Fix calling mgmt_device_connected net/sched: cls_u32: replace int refcounts with proper refcounts net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. samples: pktgen: correct dev to DEV bonding: add ns target multicast address to slave device ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y mm: fix NULL pointer dereference in alloc_pages_bulk_noprof ocfs2: uncache inode which has failed entering the group vdpa/mlx5: Fix PA offset with unaligned starting iotlb map vp_vdpa: fix id_table array not null terminated error ima: fix buffer overrun in ima_eventdigest_init_common KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled KVM: x86: Unconditionally set irr_pending when updating APICv state KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint ALSA: hda/realtek - Fixed Clevo platform headset Mic issue ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 ocfs2: fix UBSAN warning in ocfs2_verify_volume() nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" mmc: sunxi-mmc: Fix A100 compatible description drm/bridge: tc358768: Fix DSI command tx drm/amd: Fix initialization mistake for NBIO 7.7.0 staging: vchiq_arm: Get the rid off struct vchiq_2835_state staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation fs/ntfs3: Additional check in ntfs_file_release Bluetooth: ISO: Fix not validating setsockopt user input lib/buildid: Fix build ID parsing logic cxl/pci: fix error code in __cxl_hdm_decode_init() media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations NFSD: Initialize struct nfsd4_copy earlier NFSD: Never decrement pending_async_copies on error mptcp: cope racing subflow creation in mptcp_rcv_space_adjust mptcp: define more local variables sk mptcp: add userspace_pm_lookup_addr_by_id helper mptcp: update local address flags when setting it mptcp: hold pm lock when deleting entry mptcp: drop lookup_by_id in lookup_addr mptcp: pm: use _rcu variant under rcu_read_lock ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid net: add copy_safe_from_sockptr() helper nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies fs/9p: fix uninitialized values during inode evict ipvs: properly dereference pe in ip_vs_add_service net/sched: taprio: extend minimum interval restriction to entire cycle too net: fec: remove .ndo_poll_controller to avoid deadlocks mm: revert "mm: shmem: fix data-race in shmem_getattr()" mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour drm/amd: check num of link levels when update pcie param char: xillybus: Prevent use-after-free due to race condition null_blk: Remove usage of the deprecated ida_simple_xx() API null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' null_blk: Fix return value of nullb_device_power_store() parisc: fix a possible DMA corruption char: xillybus: Fix trivial bug with mutex net: Make copy_safe_from_sockptr() match documentation Linux 6.1.119 Change-Id: I78ed17c7b6c7de4338ca1a9a5764a4b5b9cdc493 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
bb58b1f9bf |
Merge 6.1.117 into android14-6.1-lts
Changes in 6.1.117
arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator
arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node
arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
arm64: dts: imx8qm: Fix VPU core alias name
arm64: dts: imx8qxp: Add VPU subsystem file
arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
arm64: dts: imx8mp: correct sdhc ipg clk
ARM: dts: rockchip: fix rk3036 acodec node
ARM: dts: rockchip: drop grf reference from rk3036 hdmi
ARM: dts: rockchip: Fix the spi controller on rk3036
ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
HID: core: zero-initialize the report buffer
platform/x86/amd/pmc: Detect when STB is not available
sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
NFSv3: only use NFS timeout for MOUNT when protocols are compatible
NFSv3: handle out-of-order write replies.
nfs: avoid i_lock contention in nfs_clear_invalid_mapping
security/keys: fix slab-out-of-bounds in key_task_permission
net: enetc: set MAC address to the VF net_device
sctp: properly validate chunk size in sctp_sf_ootb()
can: c_can: fix {rx,tx}_errors statistics
ice: change q_index variable type to s16 to store -1 value
i40e: fix race condition by adding filter's intermediate sync state
net: hns3: fix kernel crash when uninstalling driver
net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
virtio_net: Add hash_key_length check
net: arc: fix the device for dma_map_single/dma_unmap_single
net: arc: rockchip: fix emac mdio node support
Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
media: stb0899_algo: initialize cfr before using it
media: dvbdev: prevent the risk of out of memory access
media: dvb_frontend: don't play tricks with underflow values
media: adv7604: prevent underflow condition when reporting colorspace
scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
tools/lib/thermal: Fix sampling handler context ptr
thermal/of: support thermal zones w/o trips subnode
ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
media: ar0521: don't overflow when checking PLL values
media: s5p-jpeg: prevent buffer overflows
media: cx24116: prevent overflows on SNR calculus
media: pulse8-cec: fix data timestamp at pulse8_setup()
media: v4l2-tpg: prevent the risk of a division by zero
media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes
ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
ksmbd: Fix the missing xa_store error check
ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
pwm: imx-tpm: Use correct MODULO value for EPWM mode
drm/amdgpu: Adjust debugfs eviction and IB access permissions
drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
thermal/drivers/qcom/lmh: Remove false lockdep backtrace
dm cache: correct the number of origin blocks to match the target length
dm cache: fix flushing uninitialized delayed_work on cache_ctr error
dm cache: fix out-of-bounds access to the dirty bitset when resizing
dm cache: optimize dirty bit checking with find_next_bit when resizing
dm cache: fix potential out-of-bounds access on the first resume
dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow
ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
nfs: Fix KMSAN warning in decode_getfattr_attrs()
net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
net: vertexcom: mse102x: Fix possible double free of TX skb
mptcp: use sock_kfree_s instead of kfree
arm64: Kconfig: Make SME depend on BROKEN for now
btrfs: reinitialize delayed ref list after deleting it from the list
riscv/purgatory: align riscv_kernel_entry
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Revert "wifi: mac80211: fix RCU list iterations"
net: do not delay dst_entries_add() in dst_release()
kselftest/arm64: Initialise current at build time in signal tests
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
filemap: Fix bounds checking in filemap_read()
fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
signal: restore the override_rlimit logic
usb: musb: sunxi: Fix accessing an released usb phy
usb: dwc3: fix fault at system suspend if device was already runtime suspended
usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
USB: serial: io_edgeport: fix use after free in debug printk
USB: serial: qcserial: add support for Sierra Wireless EM86xx
USB: serial: option: add Fibocom FG132 0x0112 composition
USB: serial: option: add Quectel RG650V
irqchip/gic-v3: Force propagation of the active state with a read-back
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
ucounts: fix counter leak in inc_rlimit_get_ucounts()
ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
net: sched: use RCU read-side critical section in taprio_dump()
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
media: amphion: Fix VPU core alias name
Linux 6.1.117
Change-Id: Ib8a7f11f5567a9ab25f77bdf672338f1ac116853
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Samasth Norway Ananda
|
e01aae58e8 |
ima: fix buffer overrun in ima_eventdigest_init_common
commit 923168a0631bc42fffd55087b337b1b6c54dcff5 upstream.
Function ima_eventdigest_init() calls ima_eventdigest_init_common()
with HASH_ALGO__LAST which is then used to access the array
hash_digest_size[] leading to buffer overrun. Have a conditional
statement to handle this.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a332a3d23d |
Merge 6.1.115 into android14-6.1-lts
Changes in 6.1.115
bpf: Use raw_spinlock_t in ringbuf
iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
bpf: devmap: provide rxq after redirect
bpf: Fix memory leak in bpf_core_apply
RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
RDMA/bnxt_re: Add a check for memory allocation
x86/resctrl: Avoid overflow in MB settings in bw_validate()
ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
s390/pci: Handle PCI error codes other than 0x3a
bpf: fix kfunc btf caching for modules
iio: frequency: {admv4420,adrf6780}: format Kconfig entries
iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig
drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
selftests/bpf: Fix cross-compiling urandom_read
ALSA: hda/cs8409: Fix possible NULL dereference
RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
RDMA/irdma: Fix misspelling of "accept*"
RDMA/srpt: Make slab cache names unique
ipv4: give an IPv4 dev to blackhole_netdev
RDMA/bnxt_re: Return more meaningful error
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
drm/msm/dpu: make sure phys resources are properly initialized
drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
drm/msm: Allocate memory for disp snapshot with kvzalloc()
net: usb: usbnet: fix race in probe failure
octeontx2-af: Fix potential integer overflows on integer shifts
drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
macsec: don't increment counters for an unrelated SA
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
net: systemport: fix potential memory leak in bcm_sysport_xmit()
irqchip/renesas-rzg2l: Align struct member names to tabs
irqchip/renesas-rzg2l: Document structure members
irqchip/renesas-rzg2l: Add support for suspend to RAM
irqchip/renesas-rzg2l: Fix missing put_device
drm/msm/dpu: Wire up DSC mask for active CTL configuration
drm/msm/dpu: don't always program merge_3d block
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
genetlink: hold RCU in genlmsg_mcast()
ravb: Remove setting of RX software timestamp
net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
scsi: target: core: Fix null-ptr-deref in target_alloc_device()
smb: client: fix OOBs when building SMB2_IOCTL request
usb: typec: altmode should keep reference to parent
s390: Initialize psw mask in perf_arch_fetch_caller_regs()
Bluetooth: bnep: fix wild-memory-access in proto_unregister
net/mlx5: Remove redundant cmdif revision check
net/mlx5: split mlx5_cmd_init() to probe and reload routines
net/mlx5: Fix command bitmask initialization
net/mlx5: Unregister notifier on eswitch init failure
riscv, bpf: Make BPF_CMPXCHG fully ordered
bpf: Fix iter/task tid filtering
arm64:uprobe fix the uprobe SWBP_INSN in big-endian
arm64: probes: Fix uprobes for big-endian kernels
xhci: dbgtty: remove kfifo_out() wrapper
xhci: dbgtty: use kfifo from tty_port struct
xhci: dbc: honor usb transfer size boundaries.
usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
usb: gadget: f_uac2: fix non-newline-terminated function name
usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
usb: gadget: Add function wakeup support
XHCI: Separate PORT and CAPs macros into dedicated file
usb: dwc3: core: Fix system suspend on TI AM62 platforms
tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool active
serial: Make uart_handle_cts_change() status param bool active
serial: imx: Update mctrl old_status on RTSD interrupt
block, bfq: fix procress reference leakage for bfqq in merge chain
exec: don't WARN for racy path_noexec check
fs/ntfs3: Add more attributes checks in mi_enum_attr()
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values
ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
arm64: Force position-independent veneers
udf: refactor udf_current_aext() to handle error
udf: fix uninit-value use in udf_get_fileshortad
ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
platform/x86: dell-sysman: add support for alienware products
LoongArch: Add support to clone a time namespace
LoongArch: Don't crash in stack_top() for tasks without vDSO
jfs: Fix sanity check in dbMount
tracing: Consider the NULL character when validating the event length
xfrm: extract dst lookup parameters into a struct
xfrm: respect ip protocols rules criteria when performing dst lookups
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
be2net: fix potential memory leak in be_xmit()
net: plip: fix break; causing plip to never transmit
octeon_ep: Implement helper for iterating packets in Rx queue
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
netfilter: xtables: fix typo causing some targets not to load on IPv6
net: wwan: fix global oob in wwan_rtnl_policy
docs: net: reformat driver.rst from a list to sections
net: provide macros for commonly copied lockless queue stop/wake code
net/sched: adjust device watchdog timer to detect stopped queue at right time
net: fix races in netdev_tx_sent_queue()/dev_watchdog()
net: usb: usbnet: fix name regression
net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers
net: sched: fix use-after-free in taprio_change()
r8169: avoid unsolicited interrupts
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
Bluetooth: SCO: Fix UAF on sco_sock_timeout
Bluetooth: ISO: Fix UAF on iso_sock_timeout
bpf,perf: Fix perf_event_detach_bpf_prog error handling
ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
ALSA: hda/realtek: Update default depop procedure
cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
btrfs: zoned: fix zone unusable accounting for freed reserved extent
drm/amd: Guard against bad data for ATIF ACPI method
ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
KVM: arm64: Don't eagerly teardown the vgic on init error
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
LoongArch: Get correct cores_per_package for SMT systems
xfrm: fix one more kernel-infoleak in algo dumping
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
selinux: improve error checking in sel_write_load()
serial: protect uart_port_dtr_rts() in uart_shutdown() too
net: phy: dp83822: Fix reset pin definitions
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
platform/x86: dell-wmi: Ignore suspend notifications
ACPI: PRM: Clean up guid type in struct prm_handler_info
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
Linux 6.1.115
Change-Id: I3348b13afe931340f904062b8a22d8d6c4a46d5c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Chen Ridong
|
bbad2d5b6c |
security/keys: fix slab-out-of-bounds in key_task_permission
[ Upstream commit 4a74da044ec9ec8679e6beccc4306b936b62873f ]
KASAN reports an out of bounds read:
BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36
BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]
BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410
security/keys/permission.c:54
Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362
CPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15
Call Trace:
__dump_stack lib/dump_stack.c:82 [inline]
dump_stack+0x107/0x167 lib/dump_stack.c:123
print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400
__kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560
kasan_report+0x3a/0x50 mm/kasan/report.c:585
__kuid_val include/linux/uidgid.h:36 [inline]
uid_eq include/linux/uidgid.h:63 [inline]
key_task_permission+0x394/0x410 security/keys/permission.c:54
search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793
This issue was also reported by syzbot.
It can be reproduced by following these steps(more details [1]):
1. Obtain more than 32 inputs that have similar hashes, which ends with the
pattern '0xxxxxxxe6'.
2. Reboot and add the keys obtained in step 1.
The reproducer demonstrates how this issue happened:
1. In the search_nested_keyrings function, when it iterates through the
slots in a node(below tag ascend_to_node), if the slot pointer is meta
and node->back_pointer != NULL(it means a root), it will proceed to
descend_to_node. However, there is an exception. If node is the root,
and one of the slots points to a shortcut, it will be treated as a
keyring.
2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.
However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as
ASSOC_ARRAY_PTR_SUBTYPE_MASK.
3. When 32 keys with the similar hashes are added to the tree, the ROOT
has keys with hashes that are not similar (e.g. slot 0) and it splits
NODE A without using a shortcut. When NODE A is filled with keys that
all hashes are xxe6, the keys are similar, NODE A will split with a
shortcut. Finally, it forms the tree as shown below, where slot 6 points
to a shortcut.
NODE A
+------>+---+
ROOT | | 0 | xxe6
+---+ | +---+
xxxx | 0 | shortcut : : xxe6
+---+ | +---+
xxe6 : : | | | xxe6
+---+ | +---+
| 6 |---+ : : xxe6
+---+ +---+
xxe6 : : | f | xxe6
+---+ +---+
xxe6 | f |
+---+
4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,
it may be mistakenly transferred to a key*, leading to a read
out-of-bounds read.
To fix this issue, one should jump to descend_to_node if the ptr is a
shortcut, regardless of whether the node is root or not.
[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/
[jarkko: tweaked the commit message a bit to have an appropriate closes
tag.]
Fixes:
|
||
|
Greg Kroah-Hartman
|
ff83a68a27 |
Merge beff507e9e ("s390/cpum_sf: Remove WARN_ON_ONCE statements") into android14-6.1-lts
Steps on the way to 6.1.113 Resolves merge conflicts in: fs/erofs/fscache.c fs/erofs/inode.c fs/erofs/zdata.c kernel/sched/psi.c Change-Id: Icbb83e1d8d4b65f380f36046a6e98e341c53d77d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d181caa76b |
Merge dffe86df26 ("wifi: mt76: do not run mt76_unregister_device() on unregistered hw") into android14-6.1-lts
Steps on the way to 6.1.113 Change-Id: I0d5bfdc8d4e5fe6d4c6e82cb762ce3818286e411 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Paul Moore
|
8251093971 |
selinux: improve error checking in sel_write_load()
[ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ] Move our existing input sanity checking to the top of sel_write_load() and add a check to ensure the buffer size is non-zero. Move a local variable initialization from the declaration to before it is used. Minor style adjustments. Reported-by: Sam Sun <samsun1006219@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> [cascardo: keep fsi initialization at its declaration point as it is used earlier] Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
6c5b621ff4 |
Merge bdefb8ce7c ("tty: rp2: Fix reset with non forgiving PCIe host bridges") into android14-6.1-lts
Steps on the way to 6.1.113 Resolves merge conflicts: fs/f2fs/file.c include/linux/sbitmap.h include/linux/usb/usbnet.h lib/sbitmap.c Change-Id: Idb91c8878c10a6dbde9e27b0ad8194a2b1625ec2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
086571e490 |
Merge 5ac73f8191 ("RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds") into android14-6.1
Steps on the way to 6.1.113 Change-Id: I338cf59b70c299c2b01d9e3d192b6db4bbb349aa Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Tetsuo Handa
|
5153497611 |
tomoyo: fallback to realpath if symlink's pathname does not exist
commit ada1986d07976d60bed5017aa38b7f7cf27883f7 upstream. Alfred Agrell found that TOMOYO cannot handle execveat(AT_EMPTY_PATH) inside chroot environment where /dev and /proc are not mounted, for commit |
||
|
Adrian Ratiu
|
ca5ef2759d |
proc: add config & param to block forcing mem writes
[ Upstream commit 41e8149c8892ed1962bd15350b3c3e6e90cba7f4 ] This adds a Kconfig option and boot param to allow removing the FOLL_FORCE flag from /proc/pid/mem write calls because it can be abused. The traditional forcing behavior is kept as default because it can break GDB and some other use cases. Previously we tried a more sophisticated approach allowing distributions to fine-tune /proc/pid/mem behavior, however that got NAK-ed by Linus [1], who prefers this simpler approach with semantics also easier to understand for users. Link: https://lore.kernel.org/lkml/CAHk-=wiGWLChxYmUA5HrT5aopZrB7_2VTa0NLZcxORgkUe5tEQ@mail.gmail.com/ [1] Cc: Doug Anderson <dianders@chromium.org> Cc: Jeff Xu <jeffxu@google.com> Cc: Jann Horn <jannh@google.com> Cc: Kees Cook <kees@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Christian Brauner <brauner@kernel.org> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Link: https://lore.kernel.org/r/20240802080225.89408-1-adrian.ratiu@collabora.com Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Song Liu
|
f6633a3e1e |
bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
commit 300a90b2cb5d442879e6398920c49aebbd5c8e40 upstream.
bpf task local storage is now using task_struct->bpf_storage, so
bpf_lsm_blob_sizes.lbs_task is no longer needed. Remove it to save some
memory.
Fixes:
|
||
|
Scott Mayhew
|
eebec98791 |
selinux,smack: don't bypass permissions check in inode_setsecctx hook
commit 76a0e79bc84f466999fa501fce5bf7a07641b8a7 upstream. Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. Cc: stable@kernel.org Reported-by: Marek Gresko <marek.gresko@protonmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 Signed-off-by: Scott Mayhew <smayhew@redhat.com> Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> [Shivani: Modified to apply on v5.15.y-v6.1.y] Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jiawei Ye
|
c328bf681e |
smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
[ Upstream commit 2749749afa071f8a0e405605de9da615e771a7ce ]
In the `smk_set_cipso` function, the `skp->smk_netlabel.attr.mls.cat`
field is directly assigned to a new value without using the appropriate
RCU pointer assignment functions. According to RCU usage rules, this is
illegal and can lead to unpredictable behavior, including data
inconsistencies and impossible-to-diagnose memory corruption issues.
This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.
To address this, the assignment is now done using rcu_assign_pointer(),
which ensures that the pointer assignment is done safely, with the
necessary memory barriers and synchronization. This change prevents
potential RCU dereference issues by ensuring that the `cat` field is
safely updated while still adhering to RCU's requirements.
Fixes:
|
||
|
Greg Kroah-Hartman
|
ad793062e0 |
Merge 9dc7ad2b67 ("perf/aux: Fix AUX buffer serialization") into android14-6.1-lts
Steps on the way to 6.1.110 Resolves merge conflicts in: io_uring/sqpoll.c Change-Id: Ic3cb865b98eb20277b5d566683e5c1f53a0d5e76 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d0af2ae8d5 |
Merge 6.1.109 into android14-6.1-lts
Changes in 6.1.109 drm: panel-orientation-quirks: Add quirk for OrangePi Neo scsi: ufs: core: Bypass quick recovery if force reset is needed ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown i2c: Fix conditional for substituting empty ACPI functions dma-debug: avoid deadlock between dma debug vs printk and netconsole net: usb: qmi_wwan: add MeiG Smart SRM825L ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 mptcp: make pm_remove_addrs_and_subflows static mptcp: pm: fix RM_ADDR ID for the initial subflow PCI/MSI: Fix UAF in msi_capability_init f2fs: fix to truncate preallocated blocks in f2fs_file_open() mptcp: pm: fullmesh: select the right ID later mptcp: pm: avoid possible UaF when selecting endp mptcp: pm: reuse ID 0 after delete and re-add mptcp: pm: fix ID 0 endp usage after multiple re-creations selftests: mptcp: join: validate fullmesh endp on 1st sf selftests: mptcp: join: check re-using ID of closed subflow selftests: mptcp: add explicit test case for remove/readd selftests: mptcp: join: test for flush/re-add endpoints selftests: mptcp: join: check re-using ID of unused ADD_ADDR selftests: mptcp: join: check re-adding init endp with != id mptcp: pr_debug: add missing \n at the end mptcp: avoid duplicated SUB_CLOSED events selftests: mptcp: join: check removing ID 0 endpoint selftests: mptcp: join: no extra msg if no counter selftests: mptcp: join: check re-re-adding ID 0 endp selftests: mptcp: join: cannot rm sf if closed drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amd/display: Assign linear_pitch_alignment even for VM drm/amdgpu: fix overflowed array index read warning drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc drm/amd/pm: fix uninitialized variable warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: Fix negative array index read drm/amd/pm: fix the Out-of-bounds read warning drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amdgpu: avoid reading vf2pf info size from FB drm/amd/display: Check gpio_id before used as array index drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create drm/amd/display: Spinlock before reading event drm/amd/display: Ensure index calculation will not overflow drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration drm/amd/amdgpu: Check tbo resource pointer drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt drm/amdgpu/pm: Fix uninitialized variable warning for smu10 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device apparmor: fix possible NULL pointer dereference wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs drm/amdgpu: fix dereference after null check drm/amdgpu: fix the waring dereferencing hive drm/amd/pm: check specific index for aldebaran drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries wifi: rtw89: ser: avoid multiple deinit on same CAM drm/amdgpu: update type of buf size to u32 for eeprom functions wifi: iwlwifi: remove fw_running op cpufreq: scmi: Avoid overflow of target_freq in fast switch PCI: al: Check IORESOURCE_BUS existence during probe hwspinlock: Introduce hwspin_lock_bust() RDMA/efa: Properly handle unexpected AQ completions ionic: fix potential irq name truncation pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. rcu/nocb: Remove buggy bypass lock contention mitigation usbip: Don't submit special requests twice usb: typec: ucsi: Fix null pointer dereference in trace fsnotify: clear PARENT_WATCHED flags lazily regmap: spi: Fix potential off-by-one when calculating reserved size smack: tcp: ipv4, fix incorrect labeling net/mlx5e: SHAMPO, Fix incorrect page release drm/meson: plane: Add error handling drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor hwmon: (k10temp) Check return value of amd_smn_read() wifi: cfg80211: make hash table duplicates more survivable driver: iio: add missing checks on iio_info's callback access block: remove the blk_flush_integrity call in blk_integrity_unregister drm/amd/display: added NULL check at start of dc_validate_stream drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX drm/amd/display: Skip wbscl_set_scaler_filter if filter is null media: uvcvideo: Enforce alignment of frame and interval virtio_net: Fix napi_skb_cache_put warning Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm Bluetooth: SCO: fix sco_conn related locking and validity issues ext4: fix inode tree inconsistency caused by ENOMEM udf: Limit file size to 4TB ext4: reject casefold inode flag without casefold feature ext4: handle redirtying in ext4_bio_write_page() i2c: Use IS_REACHABLE() for substituting empty ACPI functions Linux 6.1.109 Change-Id: If689bfd671fb92d4092b9221d742121d3f3d669e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c59cc7f298 |
Merge 6.1.108 into android14-6.1-lts
Changes in 6.1.108 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc LoongArch: Remove the unused dma-direct.h btrfs: run delayed iputs when flushing delalloc smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins pinctrl: single: fix potential NULL dereference in pcs_get_function() of: Add cleanup.h based auto release via __free(device_node) markings wifi: wfx: repair open network AP mode wifi: mwifiex: duplicate static structs used in driver instances net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response mptcp: close subflow when receiving TCP+FIN mptcp: sched: check both backup in retrans mptcp: pm: skip connecting to already established sf mptcp: pm: reset MPC endp ID when re-added mptcp: pm: send ACK on an active subflow mptcp: pm: do not remove already closed subflows mptcp: pm: ADD_ADDR 0 is not a new address drm/amdgpu: align pp_power_profile_mode with kernel docs drm/amdgpu/swsmu: always force a state reprogram on init ata: libata-core: Fix null pointer dereference on error usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" mmc: Avoid open coding by using mmc_op_tuning() mmc: mtk-sd: receive cmd8 data when hs400 tuning fail mptcp: unify pm get_local_id interfaces mptcp: pm: remove mptcp_pm_remove_subflow() mptcp: pm: only mark 'subflow' endp as available mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling thermal: of: Fix OF node leak in thermal_of_trips_init() error path thermal: of: Fix OF node leak in of_thermal_zone_find() error paths ASoC: amd: acp: fix module autoloading ASoC: SOF: amd: Fix for acp init sequence pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE mm: Fix missing folio invalidation calls during truncation btrfs: fix extent map use-after-free when adding pages to compressed bio soundwire: stream: fix programming slave ports for non-continous port maps phy: xilinx: add runtime PM support phy: xilinx: phy-zynqmp: dynamic clock support for power-save phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Bluetooth: hci_core: Fix not handling hibernation actions iommu: Do not return 0 from map_pages if it doesn't do anything netfilter: nf_tables: restore IP sanity checks for netdev/egress wifi: iwlwifi: fw: fix wgds rev 3 exact size ethtool: check device is present when getting link settings netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation selftests: forwarding: no_forwarding: Down ports on cleanup selftests: forwarding: local_termination: Down ports on cleanup bonding: implement xdo_dev_state_free and call it after deletion gtp: fix a potential NULL pointer dereference sctp: fix association labeling in the duplicate COOKIE-ECHO case drm/amd/display: avoid using null object of framebuffer net: busy-poll: use ktime_get_ns() instead of local_clock() nfc: pn533: Add poll mod list filling check soc: qcom: cmd-db: Map shared memory as WC, not WB cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function usb: cdnsp: fix for Link TRB with TC phy: zynqmp: Enable reference clock correctly igc: Fix reset adapter logics when tx mode change igc: Fix qbv tx latency by setting gtxoffset scsi: aacraid: Fix double-free on probe failure apparmor: fix policy_unpack_test on big endian systems fbdev: offb: fix up missing cleanup.h Linux 6.1.108 Change-Id: I8ef0e85c12e4e2ecccaf467f40d86c559db7d007 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
524ae3c9d3 |
Merge 6.1.107 into android14-6.1-lts
Changes in 6.1.107
tty: atmel_serial: use the correct RTS flag.
fuse: Initialize beyond-EOF page contents before setting uptodate
char: xillybus: Don't destroy workqueue from work item running on it
char: xillybus: Refine workqueue handling
char: xillybus: Check USB endpoints when probing device
ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
ALSA: usb-audio: Support Yamaha P-125 quirk entry
xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
thunderbolt: Mark XDomain as unplugged when router is removed
s390/dasd: fix error recovery leading to data corruption on ESE devices
riscv: change XIP's kernel_map.size to be size of the entire kernel
arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE
dm resume: don't return EINVAL when signalled
dm persistent data: fix memory allocation failure
vfs: Don't evict inode under the inode lru traversing context
fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64()
s390/cio: rename bitmap_size() -> idset_bitmap_size()
btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
bitmap: introduce generic optimized bitmap_size()
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
rtla/osnoise: Prevent NULL dereference in error handling
fs/netfs/fscache_cookie: add missing "n_accesses" check
selinux: fix potential counting error in avc_add_xperms_decision()
mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
btrfs: zoned: properly take lock to read/update block group's zoned variables
btrfs: tree-checker: add dev extent item checks
drm/amdgpu: Actually check flags for all context ops.
memcg_write_event_control(): fix a user-triggerable oops
drm/amdgpu/jpeg2: properly set atomics vmid field
s390/uv: Panic for set and remove shared access UVC errors
bpf: Fix updating attached freplace prog in prog_array map
nilfs2: prevent WARNING in nilfs_dat_commit_end()
ext4, jbd2: add an optimized bmap for the journal inode
9P FS: Fix wild-memory-access write in v9fs_get_acl
nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
bpf: Split off basic BPF verifier log into separate file
bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
posix-timers: Ensure timer ID search-loop limit is valid
pid: Replace struct pid 1-element array with flex-array
gfs2: Rename remaining "transaction" glock references
gfs2: Rename the {freeze,thaw}_super callbacks
gfs2: Rename gfs2_freeze_lock{ => _shared }
gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
gfs2: Rework freeze / thaw logic
gfs2: Stop using gfs2_make_fs_ro for withdraw
Bluetooth: Fix hci_link_tx_to RCU lock usage
wifi: mac80211: take wiphy lock for MAC addr change
wifi: mac80211: fix change_address deadlock during unregister
net: sched: Print msecs when transmit queue time out
net: don't dump stack on queue timeout
jfs: fix shift-out-of-bounds in dbJoin
squashfs: squashfs_read_data need to check if the length is 0
Squashfs: fix variable overflow triggered by sysbot
reiserfs: fix uninit-value in comp_keys
erofs: avoid debugging output for (de)compressed data
quota: Detect loops in quota tree
net:rds: Fix possible deadlock in rds_message_put
net: sctp: fix skb leak in sctp_inq_free()
pppoe: Fix memory leak in pppoe_sendmsg()
wifi: mac80211: fix and simplify unencrypted drop check for mesh
wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
wifi: mac80211: remove mesh forwarding congestion check
wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
wifi: cfg80211: check A-MSDU format more carefully
docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
Bluetooth: RFCOMM: Fix not validating setsockopt user input
ext4: check the return value of ext4_xattr_inode_dec_ref()
ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
ext4: do not create EA inode under buffer lock
udf: Fix bogus checksum computation in udf_rename()
bpf, net: Use DEV_STAT_INC()
fou: remove warn in gue_gro_receive on unsupported protocol
jfs: fix null ptr deref in dtInsertEntry
jfs: Fix shift-out-of-bounds in dbDiscardAG
fs/ntfs3: Do copy_to_user out of run_lock
ALSA: usb: Fix UBSAN warning in parse_audio_unit()
igc: Correct the launchtime offset
igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer
net/mlx5e: Take state lock during tx timeout reporter
net/mlx5e: Correctly report errors for ethtool rx flows
atm: idt77252: prevent use after free in dequeue_rx()
net: axienet: Fix register defines comment description
net: dsa: vsc73xx: pass value in phy_write operation
net: dsa: vsc73xx: use read_poll_timeout instead delay loop
net: dsa: vsc73xx: check busy flag in MDIO operations
mlxbf_gige: Remove two unused function declarations
mlxbf_gige: disable RX filters until RX path initialized
mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
netfilter: allow ipv6 fragments to arrive on different devices
netfilter: flowtable: initialise extack before use
netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
netfilter: nf_tables: Audit log dump reset after the fact
netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
netfilter: nf_tables: Unconditionally allocate nft_obj_filter
netfilter: nf_tables: A better name for nft_obj_filter
netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
netfilter: nf_tables: nft_obj_filter fits into cb->ctx
netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
netfilter: nf_tables: Introduce nf_tables_getobj_single
netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
net: hns3: fix wrong use of semaphore up
net: hns3: use the user's cfg after reset
net: hns3: fix a deadlock problem when config TC during resetting
ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored
ssb: Fix division by zero issue in ssb_calc_clock_rate
wifi: cfg80211: check wiphy mutex is held for wdev mutex
wifi: mac80211: fix BA session teardown race
mm: Remove kmem_valid_obj()
rcu: Dump memory object info if callback function is invalid
rcu: Eliminate rcu_gp_slow_unregister() false positive
wifi: cw1200: Avoid processing an invalid TIM IE
cgroup: Avoid extra dereference in css_populate_dir()
i2c: riic: avoid potential division by zero
RDMA/rtrs: Fix the problem of variable not initialized fully
s390/smp,mcck: fix early IPI handling
drm/bridge: tc358768: Attempt to fix DSI horizontal timings
i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out
i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer
drm/amdkfd: Move dma unmapping after TLB flush
media: radio-isa: use dev_name to fill in bus_info
staging: iio: resolver: ad2s1210: fix use before initialization
usb: gadget: uvc: cleanup request when not in correct state
drm/amd/display: Validate hw_points_num before using it
staging: ks7010: disable bh on tx_dev_lock
media: s5p-mfc: Fix potential deadlock on condlock
md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
binfmt_misc: cleanup on filesystem umount
drm/tegra: Zero-initialize iosys_map
media: qcom: venus: fix incorrect return value
scsi: spi: Fix sshdr use
gfs2: setattr_chown: Add missing initialization
wifi: iwlwifi: abort scan when rfkill on but device enabled
wifi: iwlwifi: fw: Fix debugfs command sending
clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider
IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock
hwmon: (ltc2992) Avoid division by zero
kbuild: rust_is_available: normalize version matching
kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
rust: work around `bindgen` 0.69.0 issue
rust: suppress error messages from CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
arm64: Fix KASAN random tag seed initialization
block: Fix lockdep warning in blk_mq_mark_tag_wait
drm/msm: Reduce fallout of fence signaling vs reclaim hangs
memory: tegra: Skip SID programming if SID registers aren't set
powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu
ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
hwmon: (pc87360) Bounds check data->innr usage
drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode
Bluetooth: hci_conn: Check non NULL function before calling for HFP offload
gfs2: Refcounting fix in gfs2_thaw_super
nvmet-trace: avoid dereferencing pointer too early
ext4: do not trim the group with corrupted block bitmap
afs: fix __afs_break_callback() / afs_drop_open_mmap() race
fuse: fix UAF in rcu pathwalks
quota: Remove BUG_ON from dqget()
kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
media: pci: cx23885: check cx23885_vdev_init() return
fs: binfmt_elf_efpic: don't use missing interpreter's properties
scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
media: drivers/media/dvb-core: copy user arrays safely
net/sun3_82586: Avoid reading past buffer in debug output
drm/lima: set gp bus_stop bit before hard reset
hrtimer: Select housekeeping CPU during migration
virtiofs: forbid newlines in tags
clocksource/drivers/arm_global_timer: Guard against division by zero
netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
md: clean up invalid BUG_ON in md_ioctl
x86: Increase brk randomness entropy for 64-bit systems
memory: stm32-fmc2-ebi: check regmap_read return value
parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367
powerpc/boot: Handle allocation failure in simple_realloc()
powerpc/boot: Only free if realloc() succeeds
btrfs: delayed-inode: drop pointless BUG_ON in __btrfs_remove_delayed_item()
btrfs: change BUG_ON to assertion when checking for delayed_node root
btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
btrfs: handle invalid root reference found in may_destroy_subvol()
btrfs: send: handle unexpected data in header buffer in begin_cmd()
btrfs: change BUG_ON to assertion in tree_move_down()
btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent()
f2fs: fix to do sanity check in update_sit_entry
usb: gadget: fsl: Increase size of name buffer for endpoints
nvme: clear caller pointer on identify failure
Bluetooth: bnep: Fix out-of-bound access
firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
rtc: nct3018y: fix possible NULL dereference
net: hns3: add checking for vf id of mailbox
nvmet-tcp: do not continue for invalid icreq
NFS: avoid infinite loop in pnfs_update_layout.
openrisc: Call setup_memory() earlier in the init sequence
s390/iucv: fix receive buffer virtual vs physical address confusion
irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
clocksource: Make watchdog and suspend-timing multiplication overflow safe
platform/x86: lg-laptop: fix %s null argument warning
usb: dwc3: core: Skip setting event buffers for host only controllers
fbdev: offb: replace of_node_put with __free(device_node)
irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
ext4: set the type of max_zeroout to unsigned int to avoid overflow
nvmet-rdma: fix possible bad dereference when freeing rsps
drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent
hrtimer: Prevent queuing of hrtimer without a function callback
gtp: pull network headers in gtp_dev_xmit()
media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
i2c: tegra: allow DVC support to be compiled out
i2c: tegra: allow VI support to be compiled out
i2c: tegra: Do not mark ACPI devices as irq safe
dm suspend: return -ERESTARTSYS instead of -EINTR
net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings
btrfs: replace sb::s_blocksize by fs_info::sectorsize
btrfs: send: allow cloning non-aligned extent if it ends at i_size
drm/amd/display: Adjust cursor position
platform/surface: aggregator: Fix warning when controller is destroyed in probe
drm/amdkfd: reserve the BO before validating it
Bluetooth: hci_core: Fix LE quote calculation
Bluetooth: SMP: Fix assumption of Central always being Initiator
net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN xmit
net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX
net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection
net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q"
net: mscc: ocelot: serialize access to the injection/extraction groups
tc-testing: don't access non-existent variable on exception
selftests/net: synchronize udpgro tests' tx and rx connection
selftests: udpgro: report error when receive failed
tcp/dccp: bypass empty buckets in inet_twsk_purge()
tcp/dccp: do not care about families in inet_twsk_purge()
tcp: prevent concurrent execution of tcp_sk_exit_batch
net: mctp: test: Use correct skb for route input check
kcm: Serialise kcm_sendmsg() for the same socket.
netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
ip6_tunnel: Fix broken GRO
bonding: fix bond_ipsec_offload_ok return type
bonding: fix null pointer deref in bond_ipsec_offload_ok
bonding: fix xfrm real_dev null pointer dereference
bonding: fix xfrm state handling when clearing active slave
ice: Prepare legacy-rx for upcoming XDP multi-buffer support
ice: Add xdp_buff to ice_rx_ring struct
ice: Store page count inside ice_rx_buf
ice: Pull out next_to_clean bump out of ice_put_rx_buf()
ice: fix page reuse when PAGE_SIZE is over 8k
ice: fix ICE_LAST_OFFSET formula
dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
net: dsa: mv88e6xxx: Fix out-of-bound access
netem: fix return value if duplicate enqueue fails
ipv6: prevent UAF in ip6_send_skb()
ipv6: fix possible UAF in ip6_finish_output2()
ipv6: prevent possible UAF in ip6_xmit()
netfilter: flowtable: validate vlan header
octeontx2-af: Fix CPT AF register offset calculation
net: xilinx: axienet: Always disable promiscuous mode
net: xilinx: axienet: Fix dangling multicast addresses
drm/msm/dpu: don't play tricks with debug macros
drm/msm/dp: fix the max supported bpp logic
drm/msm/dp: reset the link phy params before link training
drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
mmc: mmc_test: Fix NULL dereference on allocation failure
Bluetooth: MGMT: Add error handling to pair_device()
scsi: core: Fix the return value of scsi_logical_block_count()
ksmbd: the buffer of smb2 query dir response has at least 1 byte
drm/amdgpu: Validate TA binary size
MIPS: Loongson64: Set timer mode in cpu-probe
HID: wacom: Defer calculation of resolution until resolution_code is known
HID: microsoft: Add rumble support to latest xbox controllers
Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3
Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination
cxgb4: add forgotten u64 ivlan cast before shift
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
mmc: dw_mmc: allow biu and ciu clocks to defer
pmdomain: imx: wait SSAR when i.MX93 power domain on
mptcp: pm: re-using ID of unused removed ADD_ADDR
mptcp: pm: re-using ID of unused removed subflows
mptcp: pm: re-using ID of unused flushed subflows
mptcp: pm: only decrement add_addr_accepted for MPJ req
Revert "usb: gadget: uvc: cleanup request when not in correct state"
Revert "drm/amd/display: Validate hw_points_num before using it"
tcp: do not export tcp_twsk_purge()
hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
ALSA: timer: Relax start tick time check for slave timer elements
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
mm/numa: no task_numa_fault() call if PMD is changed
mm/numa: no task_numa_fault() call if PTE is changed
nfsd: Simplify code around svc_exit_thread() call in nfsd()
nfsd: separate nfsd_last_thread() from nfsd_put()
NFSD: simplify error paths in nfsd_svc()
nfsd: call nfsd_last_thread() before final nfsd_put()
nfsd: drop the nfsd_put helper
nfsd: don't call locks_release_private() twice concurrently
nfsd: Fix a regression in nfsd_setattr()
Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
drm/amdgpu/vcn: identify unified queue in sw init
drm/amdgpu/vcn: not pause dpg for unified queue
KVM: x86: fire timer when it is migrated and expired, and in oneshot mode
Revert "s390/dasd: Establish DMA alignment"
udp: allow header check for dodgy GSO_UDP_L4 packets.
gso: fix dodgy bit handling for GSO_UDP_L4
net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
net: drop bad gso csum_start and offset in virtio_net_hdr
wifi: mac80211: add documentation for amsdu_mesh_control
wifi: mac80211: fix mesh path discovery based on unicast packets
wifi: mac80211: fix mesh forwarding
wifi: mac80211: fix flow dissection for forwarded packets
wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
wifi: mac80211: drop bogus static keywords in A-MSDU rx
wifi: mac80211: fix potential null pointer dereference
wifi: cfg80211: fix receiving mesh packets without RFC1042 header
gfs2: Fix another freeze/thaw hang
gfs2: don't withdraw if init_threads() got interrupted
gfs2: Remove LM_FLAG_PRIORITY flag
gfs2: Remove freeze_go_demote_ok
udp: fix receiving fraglist GSO packets
ice: fix W=1 headers mismatch
Revert "jfs: fix shift-out-of-bounds in dbJoin"
net: change maximum number of UDP segments to 128
selftests: net: more strict check in net_helper
Input: MT - limit max slots
tools: move alignment-related macros to new <linux/align.h>
Linux 6.1.107
Change-Id: I11d18ae169b1e55f18f0dc2953df2dd3a1f25624
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Konstantin Andreev
|
4effd08844 |
smack: unix sockets: fix accept()ed socket label
[ Upstream commit e86cac0acdb1a74f608bacefe702f2034133a047 ] When a process accept()s connection from a unix socket (either stream or seqpacket) it gets the socket with the label of the connecting process. For example, if a connecting process has a label 'foo', the accept()ed socket will also have 'in' and 'out' labels 'foo', regardless of the label of the listener process. This is because kernel creates unix child sockets in the context of the connecting process. I do not see any obvious way for the listener to abuse alien labels coming with the new socket, but, to be on the safe side, it's better fix new socket labels. Signed-off-by: Konstantin Andreev <andreev@swemel.ru> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
fd3054898d |
Merge 6.1.103 into android14-6.1-lts
Changes in 6.1.103
powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
spi: spi-microchip-core: Fix the number of chip selects supported
spi: atmel-quadspi: Add missing check for clk_prepare
EDAC, i10nm: make skx_common.o a separate module
rcu/tasks: Fix stale task snaphot for Tasks Trace
md: fix deadlock between mddev_suspend and flush bio
platform/chrome: cros_ec_debugfs: fix wrong EC message version
ubd: refactor the interrupt handler
ubd: untagle discard vs write zeroes not support handling
block: refactor to use helper
block: cleanup bio_integrity_prep
block: initialize integrity buffer to zero before writing it to media
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
kernfs: fix all kernel-doc warnings and multiple typos
kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
nvmet-auth: fix nvmet_auth hash error handling
drm/meson: fix canvas release in bind function
pwm: atmel-tcb: Put per-channel data into driver data
pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller
pwm: atmel-tcb: Don't track polarity in driver data
pwm: atmel-tcb: Fix race condition and convert to guards
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: qcom: sdm845: add power-domain to UFS PHY
arm64: dts: qcom: sm6350: add power-domain to UFS PHY
arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings
arm64: dts: qcom: sm8250: add power-domain to UFS PHY
arm64: dts: qcom: sm8450: add power-domain to UFS PHY
arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
arm64: dts: qcom: msm8998: enable adreno_smmu by default
soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
soc: xilinx: rename cpu_number1 to dummy_cpu_number
cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
OPP: ti: Fix ti_opp_supply_probe wrong return values
memory: fsl_ifc: Make FSL_IFC config visible and selectable
soc: qcom: pdr: protect locator_addr with the main mutex
soc: qcom: pdr: fix parsing of domains lists
arm64: dts: rockchip: Increase VOP clk rate on RK3328
arm64: dts: amlogic: sm1: fix spdif compatibles
ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
ARM: dts: imx6qdl-kontron-samx6i: fix board reset
ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
arm64: dts: amlogic: gx: correct hdmi clocks
arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
arm64: dts: renesas: r8a779g0: Add L3 cache controller
arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores
arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems
arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu
arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
ARM: spitz: fix GPIO assignment for backlight
vmlinux.lds.h: catch .bss..L* sections into BSS")
firmware: turris-mox-rwtm: Do not complete if there are no waiters
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Initialize completion before mailbox
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
selftests/bpf: Fix prog numbers in test_sockmap
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
tcp: annotate lockless accesses to sk->sk_err_soft
tcp: annotate lockless access to sk->sk_err
tcp: add tcp_done_with_error() helper
tcp: fix race in tcp_write_err()
tcp: fix races in tcp_v[46]_err()
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
lib: objagg: Fix general protection fault
mlxsw: spectrum_acl_erp: Fix object nesting warning
mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
perf/x86: Serialize set_attr_rdpmc()
jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked()
jump_label: Prevent key->enabled int overflow
jump_label: Fix concurrency issues in static_key_slow_dec()
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
libbpf: Checking the btf_type kind when fixing variable offsets
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
netfilter: nf_tables: rise cap on SELinux secmark context
bpftool: Mount bpffs when pinmaps path not under the bpffs
perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
perf: Fix default aux_watermark calculation
perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
wifi: virt_wifi: avoid reporting connection success with wrong SSID
gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
wifi: virt_wifi: don't use strlen() in const context
locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers
selftests/bpf: Close fd in error path in drop_on_reuseport
selftests/bpf: Close obj in error path in xdp_adjust_tail
bpf: annotate BTF show functions with __printf
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
selftests: forwarding: devlink_lib: Wait for udev events after reloading
xdp: fix invalid wait context of page_pool_destroy()
net: bridge: mst: Check vlan state for egress decision
drm/rockchip: vop2: Fix the port mux of VP2
drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format
drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
drm/amd/pm: Fix aldebaran pcie speed reporting
drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
media: pci: ivtv: Add check for DMA map result
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
media: imon: Fix race getting ictx->lock
media: i2c: Fix imx412 exposure control
media: v4l: async: Fix NULL pointer dereference in adding ancillary links
s390/mm: Convert make_page_secure to use a folio
s390/mm: Convert gmap_make_secure to use a folio
s390/uv: Don't call folio_wait_writeback() without a folio reference
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Override default flags
media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2
media: rcar-csi2: Disable runtime_pm in probe error
media: rcar-csi2: Cleanup subdevice in remove()
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
drm/mediatek: Add missing plane settings when async update
drm/mediatek: Add OVL compatible name for MT8195
leds: trigger: Unregister sysfs attributes before calling deactivate()
drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
perf test: Replace arm callgraph fp test workload with leafloop
perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression
perf tests: Fix test_arm_callgraph_fp variable expansion
perf test: Make test_arm_callgraph_fp.sh more robust
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
drm/qxl: Add check for drm_cvt_mode
Revert "leds: led-core: Fix refcount leak in of_led_get()"
ext4: fix infinite loop when replaying fast_commit
media: venus: flush all buffers in output plane streamoff
perf intel-pt: Fix aux_watermark calculation for 64-bit size
perf intel-pt: Fix exclude_guest setting
mfd: rsmu: Split core code into separate module
mfd: omap-usb-tll: Use struct_size to allocate tll
xprtrdma: Fix rpcrdma_reqs_reset()
SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
ext4: don't track ranges in fast_commit if inode has inlined data
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
SUNRPC: Fixup gss_status tracepoint error output
PCI: Fix resource double counting on remove & rescan
PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
PCI: keystone: Don't enable BAR 0 for AM654x
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
clk: qcom: branch: Add helper functions for setting retain bits
clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
iio: frequency: adrf6780: rm clk provider include
coresight: Fix ref leak when of_coresight_parse_endpoint() fails
RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
powerpc/pseries: Fix alignment of PLPKS structures and buffers
powerpc/pseries: Move plpks.h to include directory
powerpc/pseries: Expose PLPKS config values, support additional fields
powerpc/pseries: Add helper to get PLPKS password length
powerpc/kexec: make the update_cpus_node() function public
powerpc/kexec_file: fix cpus node update to FDT
RDMA/cache: Release GID table even if leak is detected
clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
Input: qt1050 - handle CHIP_ID reading error
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe()
powerpc/prom: Add CPU info to hardware description string later
ASoC: max98088: Check for clk_prepare_enable() error
mtd: make mtd_test.c a separate module
RDMA/device: Return error earlier if port in not valid
Input: elan_i2c - do not leave interrupt disabled on suspend failure
ASoC: amd: Adjust error handling in case of absent codec device
PCI: endpoint: Clean up error handling in vpci_scan_bus()
PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
vhost/vsock: always initialize seqpacket_allow
net: missing check virtio
crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
clk: qcom: Park shared RCGs upon registration
clk: en7523: fix rate divider for slic and spi clocks
MIPS: Octeron: remove source file executable bit
PCI: qcom-ep: Disable resources unconditionally during PERST# assert
PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
RDMA/hns: Check atomic wr length
RDMA/hns: Fix unmatch exception handling when init eq table fails
RDMA/hns: Fix missing pagesize and alignment check in FRMR
RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
RDMA/hns: Fix undifined behavior caused by invalid max_sge
RDMA/hns: Fix insufficient extend DB for VFs.
iommu/vt-d: Fix to convert mm pfn to dma pfn
iommu/vt-d: Fix identity map bounds in si_domain_init()
bnxt_re: Fix imm_data endianness
netfilter: ctnetlink: use helper function to calculate expect ID
netfilter: nft_set_pipapo: constify lookup fn args where possible
netfilter: nf_set_pipapo: fix initial map fill
net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
ipv4: Fix incorrect TOS in route get reply
ipv4: Fix incorrect TOS in fibmatch route get reply
net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
fs/ntfs3: Use ALIGN kernel macro
fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT
fs/ntfs3: Fix transform resident to nonresident for compressed files
fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting
fs/ntfs3: Fix getting file type
fs/ntfs3: Add missing .dirty_folio in address_space_operations
pinctrl: rockchip: update rk3308 iomux routes
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/ntfs3: Replace inode_trylock with inode_lock
fs/ntfs3: Fix field-spanning write in INDEX_HDR
pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
pinctrl: renesas: r8a779g0: Fix IRQ suffixes
pinctrl: renesas: r8a779g0: FIX PWM suffixes
pinctrl: renesas: r8a779g0: Fix TCLK suffixes
pinctrl: renesas: r8a779g0: Fix TPU suffixes
fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
rtc: interface: Add RTC offset to alarm after fix-up
fs/ntfs3: Missed error return
fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP
s390/dasd: fix error checks in dasd_copy_pair_store()
sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow
sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code
sbitmap: use READ_ONCE to access map->word
sbitmap: fix io hung due to race on sbitmap_word::cleared
landlock: Don't lose track of restrictions on cred_transfer
mm/hugetlb: fix possible recursive locking detected warning
mm/mglru: fix div-by-zero in vmpressure_calc_level()
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
x86/efistub: Avoid returning EFI_SUCCESS on error
x86/efistub: Revert to heap allocated boot_params for PE entrypoint
dt-bindings: thermal: correct thermal zone node name limit
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
kernel: rerun task_work while freezing in get_signal()
ipv4: fix source address selection with route leak
ipv6: take care of scope when choosing the src addr
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
fuse: verify {g,u}id mount options correctly
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
ext2: Verify bitmap and itable block numbers before using them
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
scsi: qla2xxx: Fix optrom version displayed in FDMI
drm/amd/display: Check for NULL pointer
sched/fair: Use all little CPUs for CPU-bound workloads
apparmor: use kvfree_sensitive to free data->data
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
cifs: fix reconnect with SMB1 UNIX Extensions
cifs: mount with "unix" mount option for SMB1 incorrectly handled
task_work: s/task_work_cancel()/task_work_cancel_func()/
task_work: Introduce task_work_cancel() again
udf: Avoid using corrupted block bitmap buffer
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
io_uring: tighten task exit cancellations
trace/pid_list: Change gfp flags in pid_list_fill_irq()
selftests/landlock: Add cred_transfer test
wifi: mwifiex: Fix interface type change
drivers: soc: xilinx: check return status of get_api_version()
leds: ss4200: Convert PCIBIOS_* return codes to errnos
leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
jbd2: make jbd2_journal_get_max_txn_bufs() internal
media: uvcvideo: Fix integer overflow calculating timestamp
KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
KVM: nVMX: Request immediate exit iff pending nested event needs injection
ALSA: usb-audio: Fix microphone sound on HD webcam.
ALSA: usb-audio: Move HD Webcam quirk to the right place
ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
parisc: Fix warning at drivers/pci/msi/msi.h:121
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
PCI: dw-rockchip: Fix initial PERST# GPIO value
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
PCI: loongson: Enable MSI in LS7A Root Complex
binder: fix hang of unregistered readers
dev/parport: fix the array out-of-bounds risk
fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to force buffered IO on inline_data inode
f2fs: fix to don't dirty inode for readonly filesystem
f2fs: fix return value of f2fs_convert_inline_inode()
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kbuild: Fix '-S -c' in x86 stack protector scripts
ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
kobject_uevent: Fix OOB access within zap_modalias_env()
gve: Fix an edge case for TSO skb validity check
ice: Add a per-VF limit on number of FDIR filters
devres: Fix devm_krealloc() wasting memory
devres: Fix memory leakage caused by driver API devm_free_percpu()
irqchip/imx-irqsteer: Handle runtime power management correctly
mm/numa_balancing: teach mpol_to_str about the balancing mode
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: Unable to act on RSCN for port online
scsi: qla2xxx: Fix for possible memory corruption
scsi: qla2xxx: Use QP lock to search for bsg
scsi: qla2xxx: Fix flash read failure
scsi: qla2xxx: Complete command early within lock
scsi: qla2xxx: validate nvme_local_port correctly
perf: Fix event leak upon exit
perf: Fix event leak upon exec and file release
perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR
perf/x86/intel/pt: Fix topa_entry base length
perf/x86/intel/pt: Fix a topa_entry base address calculation
drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8
drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
drm/i915/dp: Reset intel_dp->link_trained before retraining the link
rtc: isl1208: Fix return value of nvmem callbacks
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
dm-verity: fix dm_is_verity_target() when dm-verity is builtin
rbd: don't assume rbd_is_lock_owner() for exclusive mappings
remoteproc: stm32_rproc: Fix mailbox interrupts queuing
remoteproc: imx_rproc: Skip over memory region when node value is NULL
remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
MIPS: dts: loongson: Add ISA node
MIPS: ip30: ip30-console: Add missing include
MIPS: dts: loongson: Fix GMAC phy node
MIPS: Loongson64: env: Hook up Loongsson-2K
MIPS: Loongson64: Remove memory node for builtin-dtb
MIPS: Loongson64: reset: Prioritise firmware service
MIPS: Loongson64: Test register availability before use
drm/etnaviv: don't block scheduler when GPU is still active
drm/panfrost: Mark simple_ondemand governor as softdep
rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func
Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
PCI: Introduce cleanup helpers for device reference counts and locks
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
io_uring/io-wq: limit retrying worker initialisation
wifi: mac80211: Allow NSS change only up to capability
wifi: mac80211: track capability/opmode NSS separately
wifi: mac80211: check basic rates validity
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
phy: cadence-torrent: Check return value on register read
um: time-travel: fix time-travel-start option
um: time-travel: fix signal blocking race/hang
f2fs: fix start segno of large section
watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
f2fs: fix to update user block counts in block_operations()
kbuild: avoid build error when single DTB is turned into composite DTB
libbpf: Fix no-args func prototype BTF dumping syntax
af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
dma: fix call order in dmam_free_coherent
bpf, events: Use prog to emit ksymbol event for main program
tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
netfilter: nft_set_pipapo_avx2: disable softinterrupts
tipc: Return non-zero value from tipc_udp_addr2str() on error
net: stmmac: Correct byte order of perfect_match
net: nexthop: Initialize all fields in dumped nexthops
bpf: Fix a segment issue when downgrading gso_size
mISDN: Fix a use after free in hfcmulti_tx()
apparmor: Fix null pointer deref when receiving skb during sock creation
powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
lirc: rc_dev_get_from_fd(): fix file leak
auxdisplay: ht16k33: Drop reference after LED registration
ASoC: SOF: imx8m: Fix DSP control regmap retrieval
spi: microchip-core: fix the issues in the isr
spi: microchip-core: only disable SPI controller when register value change requires it
spi: microchip-core: switch to use modern name
spi: microchip-core: fix init function not setting the master and motorola modes
nvme-pci: Fix the instructions for disabling power management
spidev: Add Silicon Labs EM3581 device compatible
spi: spidev: order compatibles alphabetically
spi: spidev: add correct compatible for Rohm BH2228FV
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
ceph: fix incorrect kmalloc size of pagevec mempool
s390/pci: Refactor arch_setup_msi_irqs()
s390/pci: Allow allocation of more than 1 MSI interrupt
iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
io_uring: fix io_match_task must_hold
nvme-pci: add missing condition check for existence of mapped data
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
powerpc/pseries: Avoid hcall in plpks_is_available() on non-pseries
Linux 6.1.103
Change-Id: Ic2520396d4b27c298d5bf5a42a5b099228f9bbee
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
e6e7b1084c |
Merge 6.1.98 into android14-6.1-lts
Changes in 6.1.98 locking/mutex: Introduce devm_mutex_init() crypto: hisilicon/debugfs - Fix debugfs uninit process issue drm/lima: fix shared irq handling on driver remove powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() IB/core: Implement a limit on UMAD receive List scsi: qedf: Make qedf_execute_tmf() non-preemptible crypto: aead,cipher - zeroize key buffer after use drm/amdgpu: Fix uninitialized variable warnings drm/amdgpu: Initialize timestamp for some legacy SOCs drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id drm/amdgpu: fix uninitialized scalar variable warning media: dw2102: Don't translate i2c read into write sctp: prefer struct_size over open coded arithmetic firmware: dmi: Stop decoding on broken entry Input: ff-core - prefer struct_size over open coded arithmetic usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB wifi: mt76: replace skb_put with skb_put_zero net: dsa: mv88e6xxx: Correct check for empty list media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow i2c: i801: Annotate apanel_addr as __ro_after_init powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n orangefs: fix out-of-bounds fsid access kunit: Fix timeout message powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" igc: fix a log entry using uninitialized netdev bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD f2fs: check validation of fault attrs in f2fs_build_fault_attr() scsi: mpi3mr: Sanitise num_phys serial: imx: Raise TX trigger level to 8 jffs2: Fix potential illegal address access in jffs2_free_inode s390/pkey: Wipe sensitive data on failure btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning cdrom: rearrange last_media_change check to avoid unintentional overflow tools/power turbostat: Remember global max_die_id mac802154: fix time calculation in ieee802154_configure_durations() UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() net/mlx5: E-switch, Create ingress ACL when needed net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() tcp_metrics: validate source addr length KVM: s390: fix LPSWEY handling e1000e: Fix S0ix residency on corporate systems net: allow skb_datagram_iter to be called from any context net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() wifi: wilc1000: fix ies_len type in connect path riscv: kexec: Avoid deadlock in kexec crash path netfilter: nf_tables: unconditionally flush pending work before notifier bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest inet_diag: Initialize pad field in struct inet_diag_req_v2 mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file platform/x86: toshiba_acpi: Fix quickstart quirk handling Revert "igc: fix a log entry using uninitialized netdev" nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries mm: optimize the redundant loop of mm_update_owner_next() mm: avoid overflows in dirty throttling logic btrfs: fix adding block group to a reclaim list and the unused list during reclaim f2fs: Add inline to f2fs_build_fault_attr() stub scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/amdgpu/atomfirmware: silence UBSAN warning drm: panel-orientation-quirks: Add quirk for Valve Galileo powerpc/pseries: Fix scv instruction crash with kexec mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Bypass a couple of sanity checks during NAND identification mtd: rawnand: rockchip: ensure NVDDR timings are rejected bnx2x: Fix multiple UBSAN array-index-out-of-bounds arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B ima: Avoid blocking in RCU read-side critical section media: dw2102: fix a potential buffer overflow clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe() clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr fs/ntfs3: Mark volume as dirty if xattr is broken ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 nvme-multipath: find NUMA path only for online numa-node dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset regmap-i2c: Subtract reg size from max_write platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro nvmet: fix a possible leak when destroy a ctrl during qp establishment kbuild: fix short log for AS in link-vmlinux.sh nfc/nci: Add the inconsistency check between the input data length and count spi: cadence: Ensure data lines set to low during dummy-cycle period null_blk: Do not allow runt zone with zone capacity smaller then zone size nilfs2: fix incorrect inode allocation from reserved inodes Linux 6.1.98 Change-Id: Ief3f201b2322bc9c300d53d11006c446c7f209d6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Casey Schaufler
|
0776bcf9cb |
smack: tcp: ipv4, fix incorrect labeling
[ Upstream commit 2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550 ]
Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
when a label 'foo' connects to a label 'bar' with tcp/ipv4,
'foo' always gets 'foo' in returned ipv4 packets. So,
1) returned packets are incorrectly labeled ('foo' instead of 'bar')
2) 'bar' can write to 'foo' without being authorized to write.
Here is a scenario how to see this:
* Take two machines, let's call them C and S,
with active Smack in the default state
(no settings, no rules, no labeled hosts, only builtin labels)
* At S, add Smack rule 'foo bar w'
(labels 'foo' and 'bar' are instantiated at S at this moment)
* At S, at label 'bar', launch a program
that listens for incoming tcp/ipv4 connections
* From C, at label 'foo', connect to the listener at S.
(label 'foo' is instantiated at C at this moment)
Connection succeedes and works.
* Send some data in both directions.
* Collect network traffic of this connection.
All packets in both directions are labeled with the CIPSO
of the label 'foo'. Hence, label 'bar' writes to 'foo' without
being authorized, and even without ever being known at C.
If anybody cares: exactly the same happens with DCCP.
This behavior 1st manifested in release 2.6.29.4 (see Fixes below)
and it looks unintentional. At least, no explanation was provided.
I changed returned packes label into the 'bar',
to bring it into line with the Smack documentation claims.
Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Leesoo Ahn
|
09b2d107fe |
apparmor: fix possible NULL pointer dereference
[ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn@ooseel.net> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
9a2454ec58 |
Merge 6.1.97 into android14-6.1-lts
Changes in 6.1.97 usb: typec: ucsi: Never send a lone connector change ack usb: typec: ucsi: Ack also failed Get Error commands ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Input: ili210x - fix ili251x_read_touch_data() return value pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set MIPS: pci: lantiq: restore reset gpio polarity dt-bindings: i2c: Drop unneeded quotes dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema netfilter: nf_tables: use timestamp to check for set element timeout ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk s390/pci: Add missing virt_to_phys() for directed DIBV ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() ASoC: fsl-asoc-card: set priv->pdev before using it net: dsa: microchip: fix initial port flush problem mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems bpf: Fix overrunning reservations in ringbuf ibmvnic: Free any outstanding tx skbs during scrq reset net: phy: micrel: add Microchip KSZ 9477 to the device table net: dsa: microchip: use collision based back pressure mode xdp: Remove WARN() from __xdp_reg_mem_model() Fix race for duplicate reqsk on identical SYN net: dsa: microchip: fix wrong register write when masking interrupt sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls powerpc: restore some missing spu syscalls tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep vduse: validate block features only with block devices vduse: Temporarily fail if control queue feature requested x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup mtd: partitions: redboot: Added conversion of operands to a larger type wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() bpf: Add a check for struct bpf_fib_lookup size bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode RDMA/restrack: Fix potential invalid address access net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack crypto: ecdh - explicitly zeroize private_key ALSA: emux: improve patch ioctl data validation media: dvbdev: Initialize sbuf soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message drm/radeon/radeon_display: Decrease the size of allocated memory nvme: fixup comment for nvme RDMA Provider Type drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA gpio: davinci: Validate the obtained number of IRQs drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c drm/amdgpu: Fix pci state save during mode-1 reset riscv: stacktrace: convert arch_stack_walk() to noinstr gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) randomize_kstack: Remove non-functional per-arch entropy filtering ima: Fix use-after-free on a dentry's dname.name x86: stop playing stack games in profile_pc() parisc: use generic sys_fanotify_mark implementation Revert "MIPS: pci: lantiq: restore reset gpio polarity" pinctrl: qcom: spmi-gpio: drop broken pm8008 support ocfs2: fix DIO failure due to insufficient transaction credits nfs: drop the incorrect assertion in nfs_swap_rw() mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask counter: ti-eqep: enable clock at probe i2c: testunit: don't erase registers after STOP i2c: testunit: discard write requests while old command is running iio: adc: ad7266: Fix variable checking bug iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation net: usb: ax88179_178a: improve link status logs usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable usb: musb: da8xx: fix a resource leak in probe() usb: atm: cxacru: fix endpoint checking in cxacru_bind() usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock usb: gadget: aspeed_udc: fix device address configuration usb: ucsi: stm32: fix command completion handling serial: 8250_omap: Implementation of Errata i2310 serial: imx: set receiver level before starting uart ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. tty: mcf: MCF54418 has 10 UARTS net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() irqchip/loongson-liointc: Set different ISRs for different cores kbuild: Install dtb files as 0644 in Makefile.dtbinst sh: rework sync_file_range ABI btrfs: zoned: fix initial free space detection csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/amdgpu: avoid using null object of framebuffer drm/i915/gt: Fix potential UAF by revoke of fence registers drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes drm/amdgpu/atomfirmware: fix parsing of vram_info batman-adv: Don't accept TT entries for out-of-spec VIDs can: mcp251xfd: fix infinite loop when xmit fails ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage syscalls: fix sys_fanotify_mark prototype pwm: stm32: Refuse too small period requests Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units" mm/page_alloc: Separate THP PCP into movable and non-movable categories gfs2: Fix slab-use-after-free in gfs2_qd_dealloc efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E arm64: dts: rockchip: Add sound-dai-cells for RK3368 serial: imx: only set receiver level if it is zero serial: 8250_omap: Fix Errata i2310 with RX FIFO level check tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Linux 6.1.97 Change-Id: I8ae3429d5ddec709f2ef8e96895fa111ee31d004 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Guenter Roeck
|
d03099a2cc |
apparmor: fix policy_unpack_test on big endian systems
[ Upstream commit 98c0cc48e27e9d269a3e4db2acd72b486c88ec77 ]
policy_unpack_test fails on big endian systems because data byte order
is expected to be little endian but is generated in host byte order.
This results in test failures such as:
# policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150
Expected array_size == (u16)16, but
array_size == 4096 (0x1000)
(u16)16 == 16 (0x10)
# policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1
not ok 3 policy_unpack_test_unpack_array_with_null_name
# policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164
Expected array_size == (u16)16, but
array_size == 4096 (0x1000)
(u16)16 == 16 (0x10)
# policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1
Add the missing endianness conversions when generating test data.
Fixes:
|
||
|
Zhen Lei
|
d6d68531f8 |
selinux: fix potential counting error in avc_add_xperms_decision()
commit 379d9af3f3da2da1bbfa67baf1820c72a080d1f1 upstream.
The count increases only when a node is successfully added to
the linked list.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
ced5058778 |
Merge 6.1.95 into android14-6.1-lts
Changes in 6.1.95 wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: fully move wiphy work to unbound workqueue wifi: cfg80211: Lock wiphy in cfg80211_get_station wifi: cfg80211: pmsr: use correct nla_get_uX functions wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef wifi: iwlwifi: mvm: check n_ssids before accessing the ssids wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: mac80211: correctly parse Spatial Reuse Parameter Set element ax25: Fix refcount imbalance on inbound connections ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() net/ncsi: Simplify Kconfig/dts control flow net/ncsi: Fix the multi thread manner of NCSI driver ipv6: ioam: block BH from ioam6_output() ipv6: sr: block BH in seg6_output_core() and seg6_input_core() bpf: Set run context for rawtp test_run callback octeontx2-af: Always allocate PF entries from low prioriy zone net/smc: avoid overwriting when adjusting sock bufsizes net: sched: sch_multiq: fix possible OOB write in multiq_tune() vxlan: Fix regression when dropping packets due to invalid src addresses tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB net/mlx5: Stop waiting for PCI up if teardown was triggered net/mlx5: Stop waiting for PCI if pci channel is offline net/mlx5: Split function_setup() to enable and open functions net/mlx5: Always stop health timer during driver removal net/mlx5: Fix tainted pointer delete is case of flow rules creation fail net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ptp: Fix error message on failed pin verification ice: fix iteration of TLVs in Preserved Fields Area ice: Introduce new parameters in ice_sched_node ice: remove null checks before devm_kfree() calls ice: remove af_xdp_zc_qps bitmap net: wwan: iosm: Fix tainted pointer delete is case of region creation fail af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. af_unix: Annodate data-races around sk->sk_state for writers. af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: annotate lockless accesses to sk->sk_err af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: fix possible race in __fib6_drop_pcpu_from() Bluetooth: qca: fix invalid device address check btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() usb: gadget: f_fs: use io_data->status consistently usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete iio: accel: mxc4005: allow module autoloading via OF compatible iio: accel: mxc4005: Reset chip on probe() and resume() xtensa: stacktrace: include <asm/ftrace.h> for prototype xtensa: fix MAKE_PC_FROM_RA second argument drm/amd/display: drop unnecessary NULL checks in debugfs drm/amd/display: Fix incorrect DSC instance for MST arm64: dts: qcom: sm8150: align TLMM pin configuration with DT schema arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration misc/pvpanic: deduplicate common code misc/pvpanic-pci: register attributes via pci_driver serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler mmc: davinci: Don't strip remove function when driver is builtin firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails HID: i2c-hid: elan: Add ili9882t timing HID: i2c-hid: elan: fix reset suspend current leakage i2c: add fwnode APIs i2c: acpi: Unbind mux adapters before delete mm, vmalloc: fix high order __GFP_NOFAIL allocations mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: conform test to TAP format output selftests/mm: log a consistent test name for check_compaction selftests/mm: compaction_test: fix bogus test success on Aarch64 wifi: ath10k: fix QCOM_RPROC_COMMON dependency btrfs: remove unnecessary prototype declarations at disk-io.c btrfs: make btrfs_destroy_delayed_refs() return void btrfs: fix leak of qgroup extent records after transaction abort nilfs2: return the mapped address from nilfs_get_page() nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors io_uring: check for non-NULL file pointer in io_file_can_poll() USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state mei: me: release irq in mei_me_pci_resume error path tty: n_tty: Fix buffer offsets when lookahead is used landlock: Fix d_parent walk jfs: xattr: fix buffer overflow for invalid xattr xhci: Set correct transferred length for cancelled bulk transfers xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Handle TD clearing for multiple streams case xhci: Apply broken streams quirk to Etron EJ188 xHCI host thunderbolt: debugfs: Fix margin debugfs node creation condition scsi: mpi3mr: Fix ATA NCQ priority support scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory scsi: sd: Use READ(16) when reading block zero on large capacity disks gve: Clear napi->skb before dev_kfree_skb_any() powerpc/uaccess: Fix build errors seen with GCC 13/14 Input: try trimming too long modalias strings cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd cachefiles: remove requests from xarray during flushing requests cachefiles: introduce object ondemand state cachefiles: extract ondemand info field from cachefiles_object cachefiles: resend an open request if the read request's object is closed cachefiles: add spin_lock for cachefiles_ondemand_info cachefiles: add restore command to recover inflight ondemand read requests cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() cachefiles: never get a new anonymous fd if ondemand_id is valid cachefiles: defer exposing anon_fd until after copy_to_user() succeeds cachefiles: flush all requests after setting CACHEFILES_DEAD selftests/ftrace: Fix to check required event file clk: sifive: Do not register clkdevs for PRCI clocks NFSv4.1 enforce rootpath check in fs_location query SUNRPC: return proper error from gss_wrap_req_priv NFS: add barriers when testing for NFS_FSDATA_BLOCKED platform/x86: dell-smbios: Fix wrong token data in sysfs gpio: tqmx86: fix typo in Kconfig label gpio: tqmx86: remove unneeded call to platform_set_drvdata() gpio: tqmx86: introduce shadow register for GPIO output value gpio: tqmx86: Convert to immutable irq_chip gpio: tqmx86: store IRQ trigger type and unmask status separately gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type HID: core: remove unnecessary WARN_ON() in implement() iommu/amd: Fix sysfs leak in iommu init HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() drm/vmwgfx: Port the framebuffer code to drm fb helpers drm/vmwgfx: Refactor drm connector probing for display modes drm/vmwgfx: Filter modes which exceed graphics memory drm/vmwgfx: 3D disabled should not effect STDU memory limits drm/vmwgfx: Remove STDU logic from generic mode_valid function net: sfp: Always call `sfp_sm_mod_remove()` on remove net: hns3: fix kernel crash problem in concurrent scenario net: hns3: add cond_resched() to hns3 ring buffer init process liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet drm/komeda: check for error-valued pointer drm/bridge/panel: Fix runtime warning on panel bridge release tcp: fix race in tcp_v6_syn_recv_sock() geneve: Fix incorrect inner network header offset when innerprotoinherit is set net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP gve: ignore nonrelevant GSO type bits when processing TSO headers net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters nvmet-passthru: propagate status from id override functions net/ipv6: Fix the RT cache flush via sysctl using a previous delay net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state net: bridge: mst: fix suspicious rcu usage in br_mst_set_state ionic: fix use after netif_napi_del() af_unix: Read with MSG_PEEK loops if the first unread byte is OOB bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() x86/boot: Don't add the EFI stub to targets, again iio: adc: ad9467: fix scan type sign iio: dac: ad5592r: fix temperature channel scaling value iio: imu: inv_icm42600: delete unneeded update watermark call drivers: core: synchronize really_probe() and dev_uevent() drm/exynos/vidi: fix memory leak in .get_modes() drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found mptcp: ensure snd_una is properly initialized on connect mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() x86/amd_nb: Check for invalid SMN reads perf/core: Fix missing wakeup when waiting for context reference riscv: fix overlap of allocated page and PTR_ERR tracing/selftests: Fix kprobe event name test for .isra. functions null_blk: Print correct max open zones limit in null_init_zoned_dev() sock_map: avoid race between sock_map_close and sk_psock_put vmci: prevent speculation leaks by sanitizing event in event_deliver() spmi: hisi-spmi-controller: Do not override device identifier knfsd: LOOKUP can return an illegal error value fs/proc: fix softlockup in __read_vmcore ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id dmaengine: axi-dmac: fix possible race in remove() remoteproc: k3-r5: Wait for core0 power-up before powering up core1 remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context drm/i915/gt: Disarm breadcrumbs if engines are already idle drm/i915/dpt: Make DPT object unshrinkable intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support btrfs: zoned: introduce a zone_info struct in btrfs_load_block_group_zone_info btrfs: zoned: factor out per-zone logic from btrfs_load_block_group_zone_info btrfs: zoned: factor out single bg handling from btrfs_load_block_group_zone_info btrfs: zoned: factor out DUP bg handling from btrfs_load_block_group_zone_info btrfs: zoned: fix use-after-free due to race with dev replace nilfs2: fix potential kernel bug due to lack of writeback flag waiting tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() mm/huge_memory: don't unpoison huge_zero_folio mm/memory-failure: fix handling of dissolved but not taken off from buddy pages serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level mptcp: pm: update add_addr counters after connect Revert "fork: defer linking file vma until vma is fully initialized" remoteproc: k3-r5: Jump to error handling labels in start/stop errors cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: generalise device address check greybus: Fix use-after-free bug in gb_interface_release due to race condition. serial: 8250_dw: fall back to poll if there's no interrupt serial: core: Add UPIO_UNKNOWN constant for unknown port type usb-storage: alauda: Check whether the media is initialized misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Linux 6.1.95 Change-Id: I73161b2d10f7fd687ca753f1780ccdf53eeccb0e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Xiao Liang
|
ead2ad1d9f |
apparmor: Fix null pointer deref when receiving skb during sock creation
[ Upstream commit fce09ea314505a52f2436397608fa0a5d0934fb1 ]
The panic below is observed when receiving ICMP packets with secmark set
while an ICMP raw socket is being created. SK_CTX(sk)->label is updated
in apparmor_socket_post_create(), but the packet is delivered to the
socket before that, causing the null pointer dereference.
Drop the packet if label context is not set.
BUG: kernel NULL pointer dereference, address: 000000000000004c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020
RIP: 0010:aa_label_next_confined+0xb/0x40
Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2
RSP: 0018:ffffa92940003b08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e
RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002
R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0
PKRU: 55555554
Call Trace:
<IRQ>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? aa_label_next_confined+0xb/0x40
apparmor_secmark_check+0xec/0x330
security_sock_rcv_skb+0x35/0x50
sk_filter_trim_cap+0x47/0x250
sock_queue_rcv_skb_reason+0x20/0x60
raw_rcv+0x13c/0x210
raw_local_deliver+0x1f3/0x250
ip_protocol_deliver_rcu+0x4f/0x2f0
ip_local_deliver_finish+0x76/0xa0
__netif_receive_skb_one_core+0x89/0xa0
netif_receive_skb+0x119/0x170
? __netdev_alloc_skb+0x3d/0x140
vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
__napi_poll+0x28/0x1b0
net_rx_action+0x2a4/0x380
__do_softirq+0xd1/0x2c8
__irq_exit_rcu+0xbb/0xf0
common_interrupt+0x86/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x26/0x40
RIP: 0010:apparmor_socket_post_create+0xb/0x200
Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48
RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286
RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003
R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748
? __pfx_apparmor_socket_post_create+0x10/0x10
security_socket_post_create+0x4b/0x80
__sock_create+0x176/0x1f0
__sys_socket+0x89/0x100
__x64_sys_socket+0x17/0x20
do_syscall_64+0x5d/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Fixes:
|
||
|
Frederic Weisbecker
|
a5a1788a49 |
task_work: s/task_work_cancel()/task_work_cancel_func()/
commit 68cbd415dd4b9c5b9df69f0f091879e56bf5907a upstream. A proper task_work_cancel() API that actually cancels a callback and not *any* callback pointing to a given function is going to be needed for perf events event freeing. Do the appropriate rename to prepare for that. Signed-off-by: Frederic Weisbecker <frederic@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-2-frederic@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Fedor Pchelkin
|
74b91a689b |
apparmor: use kvfree_sensitive to free data->data
commit 2bc73505a5cd2a18a7a542022722f136c19e3b87 upstream.
Inside unpack_profile() data->data is allocated using kvmemdup() so it
should be freed with the corresponding kvfree_sensitive().
Also add missing data->data release for rhashtable insertion failure path
in unpack_profile().
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
|
Jann Horn
|
0d74fd54db |
landlock: Don't lose track of restrictions on cred_transfer
commit 39705a6c29f8a2b93cf5b99528a55366c50014d1 upstream.
When a process' cred struct is replaced, this _almost_ always invokes
the cred_prepare LSM hook; but in one special case (when
KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the
cred_transfer LSM hook is used instead. Landlock only implements the
cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes
all information on Landlock restrictions to be lost.
This basically means that a process with the ability to use the fork()
and keyctl() syscalls can get rid of all Landlock restrictions on
itself.
Fix it by adding a cred_transfer hook that does the same thing as the
existing cred_prepare hook. (Implemented by having hook_cred_prepare()
call hook_cred_transfer() so that the two functions are less likely to
accidentally diverge in the future.)
Cc: stable@kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
e4ceb55393 |
Merge 6.1.92 into android14-6.1-lts
Changes in 6.1.92 drm/amd/display: Fix division by zero in setup_dsc_config net: ks8851: Fix another TX stall caused by wrong ISR flag handling ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() mfd: stpmic1: Fix swapped mask/unmask in irq chip nfsd: don't allow nfsd threads to be signalled. KEYS: trusted: Fix memory leak in tpm2_key_encode() mmc: core: Add HS400 tuning in HS400es initialization xfs: write page faults in iomap are not buffered writes xfs: punching delalloc extents on write failure is racy xfs: use byte ranges for write cleanup ranges xfs,iomap: move delalloc punching to iomap iomap: buffered write failure should not truncate the page cache xfs: xfs_bmap_punch_delalloc_range() should take a byte range iomap: write iomap validity checks xfs: use iomap_valid method to detect stale cached iomaps xfs: drop write error injection is unfixable, remove it xfs: fix off-by-one-block in xfs_discard_folio() xfs: fix incorrect error-out in xfs_remove xfs: fix sb write verify for lazysbcount xfs: fix incorrect i_nlink caused by inode racing xfs: invalidate block device page cache during unmount xfs: attach dquots to inode before reading data/cow fork mappings xfs: wait iclog complete before tearing down AIL xfs: fix super block buf log item UAF during force shutdown xfs: hoist refcount record merge predicates xfs: estimate post-merge refcounts correctly xfs: invalidate xfs_bufs when allocating cow extents xfs: allow inode inactivation during a ro mount log recovery xfs: fix log recovery when unknown rocompat bits are set xfs: get root inode correctly at bulkstat xfs: short circuit xfs_growfs_data_private() if delta is zero arm64: atomics: lse: remove stale dependency on JUMP_LABEL drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() binder: fix max_thread type inconsistency usb: dwc3: Wait unconditionally after issuing EndXfer command net: usb: ax88179_178a: fix link status when link is set to down/up usb: typec: ucsi: displayport: Fix potential deadlock usb: typec: tipd: fix event checking for tps6598x serial: kgdboc: Fix NMI-safety problems from keyboard reset code remoteproc: mediatek: Make sure IPI buffer fits in L2TCM KEYS: trusted: Do not use WARN when encode fails admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET docs: kernel_include.py: Cope with docutils 0.21 Linux 6.1.92 Change-Id: Ic0ec20e6a15c862852794fb4189d370adc5f278a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
0010b838db |
Merge 6.1.91 into android14-6.1-lts
Changes in 6.1.91
dmaengine: pl330: issue_pending waits until WFP state
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
wifi: nl80211: don't free NULL coalescing rule
rust: kernel: require `Send` for `Module` implementations
eeprom: at24: Use dev_err_probe for nvmem register failure
eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
eeprom: at24: fix memory corruption race condition
Bluetooth: qca: add support for QCA2066
mm/hugetlb: add folio support to hugetlb specific flag macros
mm: add private field of first tail to struct page and struct folio
mm/hugetlb: add hugetlb_folio_subpool() helpers
mm/hugetlb: add folio_hstate()
mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios
mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios
mm/hugetlb: convert free_huge_page to folios
mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
kbuild: refactor host*_flags
kbuild: specify output names separately for each emission type from rustc
cifs: use the least loaded channel for sending requests
smb3: missing lock when picking channel
pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
pinctrl/meson: fix typo in PDM's pin name
pinctrl: core: delete incorrect free in pinctrl_enable()
pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
sunrpc: add a struct rpc_stats arg to rpc_create_args
nfs: expose /proc/net/sunrpc/nfs in net namespaces
nfs: make the rpc_stat per net namespace
nfs: Handle error of rpc_proc_register() in nfs_net_init().
pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro
pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION()
pinctrl: baytrail: Fix selecting gpio pinctrl state
power: rt9455: hide unused rt9455_boost_voltage_values
power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
regulator: mt6360: De-capitalize devicetree regulator subnodes
regulator: change stubbed devm_regulator_get_enable to return Ok
regulator: change devm_regulator_get_enable_optional() stub to return Ok
bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH
bpf: Fix a verifier verbose message
spi: introduce new helpers with using modern naming
spi: axi-spi-engine: Convert to platform remove callback returning void
spi: spi-axi-spi-engine: switch to use modern name
spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled()
spi: axi-spi-engine: simplify driver data allocation
spi: axi-spi-engine: use devm_spi_alloc_host()
spi: axi-spi-engine: move msg state to new struct
spi: axi-spi-engine: use common AXI macros
spi: axi-spi-engine: fix version format string
spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
bpf, arm64: Fix incorrect runtime stats
s390/mm: Fix storage key clearing for guest huge pages
s390/mm: Fix clearing storage keys for huge pages
xdp: use flags field to disambiguate broadcast redirect
bna: ensure the copied buf is NUL terminated
octeontx2-af: avoid off-by-one read from userspace
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
net l2tp: drop flow hash on forward
s390/vdso: Add CFI for RA register to asm macro vdso_func
net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
net: qede: use return from qede_parse_flow_attr() for flower
net: qede: use return from qede_parse_flow_attr() for flow_spec
net: qede: use return from qede_parse_actions()
ASoC: meson: axg-fifo: use FIELD helpers
ASoC: meson: axg-fifo: use threaded irq to check periods
ASoC: meson: axg-card: make links nonatomic
ASoC: meson: axg-tdm-interface: manage formatters in trigger
ASoC: meson: cards: select SND_DYNAMIC_MINORS
ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
s390/cio: Ensure the copied buf is NUL terminated
cxgb4: Properly lock TX queue for the selftest.
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
spi: fix null pointer dereference within spi_sync
net: bridge: fix multicast-to-unicast with fraglist GSO
net: core: reject skb_copy(_expand) for fraglist GSO skbs
tipc: fix a possible memleak in tipc_buf_append
vxlan: Pull inner IP header in vxlan_rcv().
s390/qeth: Fix kernel panic after setting hsuid
drm/panel: ili9341: Respect deferred probe
drm/panel: ili9341: Use predefined error codes
net: gro: add flush check in udp_gro_receive_segment
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver
powerpc/pseries: Move PLPKS constants to header file
powerpc/pseries: make max polling consistent for longer H_CALLs
powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
gfs2: Fix invalid metadata access in punch_hole
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
wifi: cfg80211: fix rdev_dump_mpp() arguments order
net: mark racy access on sk->sk_rcvbuf
scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
btrfs: return accurate error code on open failure in open_fs_devices()
bpf: Check bloom filter map value size
kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
scsi: ufs: core: WLUN suspend dev/link state error recovery
ALSA: line6: Zero-initialize message buffers
block: fix overflow in blk_ioctl_discard()
net: bcmgenet: Reset RBUF on first open
ata: sata_gemini: Check clk_enable() result
firewire: ohci: mask bus reset interrupts between ISR and bottom half
tools/power turbostat: Fix added raw MSR output
tools/power turbostat: Increase the limit for fd opened
tools/power turbostat: Fix Bzy_MHz documentation typo
btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
btrfs: always clear PERTRANS metadata during commit
memblock tests: fix undefined reference to `early_pfn_to_nid'
memblock tests: fix undefined reference to `panic'
memblock tests: fix undefined reference to `BIT'
scsi: target: Fix SELinux error when systemd-modules loads the target module
blk-iocost: avoid out of bounds shift
gpu: host1x: Do not setup DMA for virtual devices
MIPS: scall: Save thread_info.syscall unconditionally on entry
tools/power/turbostat: Fix uncore frequency file string
drm/amdgpu: Refine IB schedule error logging
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
uio_hv_generic: Don't free decrypted memory
Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
iommu: mtk: fix module autoloading
fs/9p: only translate RWX permissions for plain 9P2000
fs/9p: translate O_TRUNC into OTRUNC
9p: explicitly deny setlease attempts
gpio: wcove: Use -ENOTSUPP consistently
gpio: crystalcove: Use -ENOTSUPP consistently
clk: Don't hold prepare_lock when calling kref_put()
fs/9p: drop inodes immediately on non-.L too
drm/nouveau/dp: Don't probe eDP ports twice harder
net:usb:qmi_wwan: support Rolling modules
kbuild: rust: avoid creating temporary files
spi: Merge spi_controller.{slave,target}_abort()
perf unwind-libunwind: Fix base address for .eh_frame
perf unwind-libdw: Handle JIT-generated DSOs properly
qibfs: fix dentry leak
xfrm: Preserve vlan tags for transport mode software GRO
ARM: 9381/1: kasan: clear stale stack poison
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
hwmon: (corsair-cpro) Use a separate buffer for sending commands
hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event()
hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
phonet: fix rtm_phonet_notify() skb allocation
net: bridge: fix corrupted ethernet header on multicast-to-unicast
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
timers: Get rid of del_singleshot_timer_sync()
timers: Rename del_timer() to timer_delete()
net-sysfs: convert dev->operstate reads to lockless ones
hsr: Simplify code for announcing HSR nodes timer setup
ipv6: annotate data-races around cnf.disable_ipv6
ipv6: prevent NULL dereference in ip6_output()
net/smc: fix neighbour and rtable leak in smc_ib_find_route()
net: hns3: using user configure after hardware reset
net: hns3: direct return when receive a unknown mailbox message
net: hns3: change type of numa_node_mask as nodemask_t
net: hns3: release PTP resources if pf initialization failed
net: hns3: use appropriate barrier function after setting a bit value
net: hns3: fix port vlan filter not disabled issue
net: hns3: fix kernel crash when devlink reload during initialization
drm/meson: dw-hdmi: power up phy on device init
drm/meson: dw-hdmi: add bandgap setting for g12
drm/connector: Add \n to message about demoting connector force-probes
dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users
gpiolib: cdev: Add missing header(s)
gpiolib: cdev: relocate debounce_period_us from struct gpio_desc
gpiolib: cdev: fix uninitialised kfifo
drm/amd/display: Atom Integrated System Info v2_2 for DCN35
MAINTAINERS: add leah to 6.1 MAINTAINERS file
drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
firewire: nosy: ensure user_length is taken into account when fetching packet contents
Reapply "drm/qxl: simplify qxl_fence_wait"
rust: error: Rename to_kernel_errno() -> to_errno()
rust: fix regexp in scripts/is_rust_module.sh
btf, scripts: rust: drop is_rust_module.sh
rust: module: place generated init_module() function in .init.text
rust: macros: fix soundness issue in `module!` macro
usb: typec: ucsi: Check for notifications after init
usb: typec: ucsi: Fix connector check on init
usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device
usb: ohci: Prevent missed ohci interrupts
USB: core: Fix access violation during port device removal
usb: gadget: composite: fix OS descriptors w_value logic
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: xhci-plat: Don't include xhci.h
usb: dwc3: core: Prevent phy suspend during init
usb: typec: tcpm: unregister existing source caps before re-registration
usb: typec: tcpm: Check for port partner validity before consuming it
ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
mm/slab: make __free(kfree) accept error pointers
mptcp: ensure snd_nxt is properly initialized on connect
dt-bindings: iio: health: maxim,max30102: fix compatible check
iio:imu: adis16475: Fix sync mode setting
iio: accel: mxc4005: Interrupt handling fixes
kmsan: compiler_types: declare __no_sanitize_or_inline
tipc: fix UAF in error path
ASoC: tegra: Fix DSPK 16-bit playback
ASoC: ti: davinci-mcasp: Fix race condition during probe
dyndbg: fix old BUG_ON in >control parser
slimbus: qcom-ngd-ctrl: Add timeout for wait operation
mei: me: add lunar lake point M DID
drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
drm/vmwgfx: Fix invalid reads in fence signaled events
drm/i915/bios: Fix parsing backlight BDB data
drm/amd/display: Handle Y carry-over in VCP X.Y calculation
net: fix out-of-bounds access in ops_init
hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
mm: use memalloc_nofs_save() in page_cache_ra_order()
regulator: core: fix debugfs creation regression
spi: microchip-core-qspi: fix setting spi bus clock rate
ksmbd: off ipv6only for both ipv4/ipv6 binding
ksmbd: avoid to send duplicate lease break notifications
ksmbd: do not grant v2 lease if parent lease key and epoch are not set
Bluetooth: qca: add missing firmware sanity checks
Bluetooth: qca: fix NVM configuration parsing
Bluetooth: qca: fix info leak when fetching board id
Bluetooth: qca: fix info leak when fetching fw build id
Bluetooth: qca: fix firmware check error path
VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
dmaengine: idxd: add a new security check to deal with a hardware erratum
dmaengine: idxd: add a write() method for applications to submit work
keys: Fix overwrite of key expiration on instantiation
btrfs: do not wait for short bulk allocation
mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
md: fix kmemleak of rdev->serial
net: bcmgenet: Clear RGMII_LINK upon link down
net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
net: bcmgenet: synchronize UMAC_CMD access
Linux 6.1.91
Change-Id: I71c08414d3580e6d9b869a8f0fc3e27f02752997
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|