mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-05 10:31:46 +09:00
7a5094aac54ba61568dbdda44994fbbdb9e71c85
1074992 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
7a5094aac5 |
Revert "xhci: cleanup xhci_hub_control port references"
This reverts commit |
||
|
Greg Kroah-Hartman
|
14d24110f6 |
Revert "xhci: move port specific items such as state completions to port structure"
This reverts commit |
||
|
Greg Kroah-Hartman
|
f7f70f0d86 |
Revert "xhci: rename resume_done to resume_timestamp"
This reverts commit |
||
|
Greg Kroah-Hartman
|
4e98a48adc |
Revert "xhci: clear usb2 resume related variables in one place."
This reverts commit |
||
|
Greg Kroah-Hartman
|
09b0a696c5 |
Revert "xhci: decouple usb2 port resume and get_port_status request handling"
This reverts commit |
||
|
Greg Kroah-Hartman
|
d6a30b0b4e |
Revert "xhci: track port suspend state correctly in unsuccessful resume cases"
This reverts commit |
||
|
Greg Kroah-Hartman
|
792aa870d5 |
Revert "posix-timers: Ensure timer ID search-loop limit is valid"
This reverts commit |
||
|
Greg Kroah-Hartman
|
05c0bbb7b1 |
Merge 5.15.150 into android14-5.15-lts
Changes in 5.15.150 net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() bpf: Merge printk and seq_printf VARARG max macros bpf: Add struct for bin_args arg in bpf_bprintf_prepare bpf: Do cleanup in bpf_bprintf_cleanup only when needed bpf: Remove trace_printk_lock userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb zonefs: Improve error handling x86/fpu: Stop relying on userspace for info to fault in xsave buffer sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us scsi: target: core: Add TMF to tmr_list handling dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' wifi: cfg80211: fix missing interfaces when dumping wifi: mac80211: fix race condition on enabling fast-xmit fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected ahci: asm1166: correct count of reported ports ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers MIPS: reserve exception vector space ONLY ONCE platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() dmaengine: ti: edma: Add some null pointer checks to the edma_probe regulator: pwm-regulator: Add validity checks in continuous .get_voltage nvmet-tcp: fix nvme tcp ida memory leak ALSA: usb-audio: Check presence of valid altsetting control ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 spi: sh-msiof: avoid integer overflow in constants Input: xpad - add Lenovo Legion Go controllers netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new ALSA: usb-audio: Ignore clock selector errors for single connection nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc ext4: correct the hole length returned by ext4_map_blocks() Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file fs/ntfs3: Fix oob in ntfs_listxattr wifi: mac80211: adding missing drv_mgd_complete_tx() call efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory hwmon: (coretemp) Enlarge per package core count limit scsi: lpfc: Use unsigned type for num_sge firewire: core: send bus reset promptly on gap count error drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case virtio-blk: Ensure no requests in virtqueues before deleting vqs. pmdomain: mediatek: fix race conditions with genpd ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails pmdomain: renesas: r8a77980-sysc: CR7 must be always on erofs: fix lz4 inplace decompression IB/hfi1: Fix sdma.h tx->num_descs off-by-one error drm/ttm: Fix an invalid freeing on already freed page in error path dm-crypt: don't modify the data when using authenticated encryption platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() PCI/MSI: Prevent MSI hardware interrupt number truncation l2tp: pass correct message length to ip6_append_data ARM: ep93xx: Add terminator to gpiod_lookup_table Revert "x86/ftrace: Use alternative RET encoding" x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks Revert "x86/alternative: Make custom return thunk unconditional" x86/alternative: Make custom return thunk unconditional serial: amba-pl011: Fix DMA transmission in RS485 mode usb: dwc3: gadget: Don't disconnect if not started usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered mptcp: fix lockless access in subflow ULP diag clk: imx: imx8mp: add shared clk gate for usb suspend clk clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents mtd: rawnand: sunxi: Fix the size of the last OOB region RISC-V: fix funct4 definition for c.jalr in parse_asm.h Input: iqs269a - drop unused device node references Input: iqs269a - configure device with a single block write Input: iqs269a - increase interrupt handler return delay clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Input: ads7846 - don't report pressure for ads7845 clk: renesas: cpg-mssr: Remove superfluous check in resume code clk: imx: avoid memory leak Input: ads7846 - always set last command to PWRDOWN Input: ads7846 - don't check penirq immediately for 7845 powerpc/powernv/ioda: Skip unallocated resources when mapping to PE clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/pseries/lparcfg: add missing RTAS retry status handling powerpc/perf/hv-24x7: add missing RTAS retry status handling powerpc/pseries/lpar: add missing RTAS retry status handling MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set MIPS: vpe-mt: drop physical_memsize vdpa/mlx5: Don't clear mr struct on destroy MR selftests: net: vrf-xfrm-tests: change authentication and encryption algos ARM: dts: BCM53573: Drop nonexistent #usb-cells RDMA/siw: Balance the reference of cep->kref in the error path RDMA/siw: Correct wrong debug message clk: linux/clk-provider.h: fix kernel-doc warnings and typos platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute acpi: property: Let args be NULL in __acpi_node_get_property_reference ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger tools headers UAPI: Sync linux/fscrypt.h with the kernel sources perf beauty: Update copy of linux/socket.h with the kernel sources tools/virtio: fix build drm/amdgpu: init iommu after amdkfd device init f2fs: don't set GC_FAILURE_PIN for background GC f2fs: write checkpoint during FG_GC drm/i915/dg1: Update DMC_DEBUG3 register kernel/sched: Remove dl_boosted flag comment cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() serial: 8250: Remove serial_rs485 sanitization from em485 clk: imx8mp: Add DISP2 pixel clock clk: imx8mp: add clkout1/2 support dt-bindings: clocks: imx8mp: Add ID for usb suspend clock net: ethernet: ti: add missing of_node_put before return powerpc/rtas: make all exports GPL powerpc/rtas: ensure 4KB alignment for rtas_data_buf powerpc/eeh: Small refactor of eeh_handle_normal_event() powerpc/eeh: Set channel state after notifying the drivers PM: core: Redefine pm_ptr() macro PM: core: Add new *_PM_OPS macros, deprecate old ones mmc: jz4740: Use the new PM macros mmc: mxc: Use the new PM macros PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Input: iqs269a - do not poll during suspend or resume Input: iqs269a - do not poll during ATI net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs netfilter: nf_tables: add rescheduling points during loop detection walks debugobjects: Recheck debug_objects_enabled before reporting nbd: Add the maximum limit of allocated index in nbd_dev_add md: fix data corruption for raid456 when reshape restart while grow up md/raid10: prevent soft lockup while flush writes posix-timers: Ensure timer ID search-loop limit is valid btrfs: add xxhash to fast checksum implementations ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) arm64: set __exception_irq_entry with __irq_entry as a default arm64: mm: fix VA-range sanity check sched/fair: Don't balance task to its current running CPU wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range bpf: Address KCSAN report on bpf_lru_list devlink: report devlink_port_type_warn source device wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() igb: Fix igb_down hung on surprise removal wifi: iwlwifi: mvm: avoid baid size integer overflow exfat: support dynamic allocate bh for exfat_entry_set_cache arm64: dts: rockchip: fix regulator name on rk3399-rock-4 arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 ACPI: resource: Add ASUS model S5402ZA to quirks ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA xhci: cleanup xhci_hub_control port references xhci: move port specific items such as state completions to port structure xhci: rename resume_done to resume_timestamp xhci: clear usb2 resume related variables in one place. xhci: decouple usb2 port resume and get_port_status request handling xhci: track port suspend state correctly in unsuccessful resume cases cifs: add a warning when the in-flight count goes negative IB/hfi1: Fix a memleak in init_credit_return RDMA/bnxt_re: Return error for SRQ resize RDMA/irdma: Fix KASAN issue with tasklet RDMA/irdma: Validate max_send_wr and max_recv_wr RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/qedr: Fix qedr_create_user_qp error flow arm64: dts: rockchip: set num-cs property for spi on px30 RDMA/srpt: fix function pointer cast warnings bpf, scripts: Correct GPL license name scsi: jazz_esp: Only build if SCSI core is builtin nouveau: fix function cast warnings net: stmmac: Fix incorrect dereference in interrupt handlers ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid ata: libahci_platform: Convert to using devm bulk clocks API ata: libahci_platform: Introduce reset assertion/deassertion methods ata: ahci_ceva: fix error handling for Xilinx GT PHY support bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel afs: Increase buffer size in afs_update_volume_status() ipv6: sr: fix possible use-after-free and null-ptr-deref packet: move from strlcpy with unused retval to strscpy net: dev: Convert sa_data to flexible array in struct sockaddr drm/nouveau/instmem: fix uninitialized_var.cocci warning octeontx2-af: Consider the action set by PF s390: use the correct count for __iowrite64_copy() tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto tls: stop recv() if initial process_rx_list gave us non-DATA netfilter: nf_tables: set dormant flag on hook register failure netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/amd/display: Fix memory leak in dm_sw_fini() i2c: imx: Add timer for handling the stop condition i2c: imx: when being a target, mark the last read as processed cifs: fix mid leak during reconnection after timeout threshold fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio arp: Prevent overflow in arp_req_get(). netfilter: nf_tables: fix scheduling-while-atomic splat ext4: regenerate buddy after block freeing failed if under fc replay ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() netfilter: nf_tables: can't schedule in nft_chain_validate r8169: use new PM macros Linux 5.15.150 Change-Id: I06c2e83ba84b59d0a35cf9fcaad15d0ab5276832 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
8e3ef77857 |
Revert "hrtimer: Report offline hrtimer enqueue"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
1683a2f9a5 |
Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
216d25b4d4 |
Revert "drm/mipi-dsi: Fix detach call without attach"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
59ddf652b8 |
Revert "bpf: Add map and need_defer parameters to .map_fd_put_ptr()"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
88ef7f6580 |
Merge 5.15.149 into android14-5.15-lts
Changes in 5.15.149
ksmbd: free ppace array on error in parse_dacl
ksmbd: don't allow O_TRUNC open on read-only share
ksmbd: validate mech token in session setup
ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
ksmbd: only v2 leases handle the directory
iio: adc: ad7091r: Set alert bit in config register
iio: adc: ad7091r: Allow users to configure device events
iio: adc: ad7091r: Enable internal vref if external vref is not supplied
dmaengine: fix NULL pointer in channel unregistration function
scsi: ufs: core: Simplify power management during async scan
scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
ext4: allow for the last group to be marked as trimmed
btrfs: sysfs: validate scrub_speed_max value
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
crypto: s390/aes - Fix buffer overread in CTR mode
media: imx355: Enable runtime PM before registering async sub-device
rpmsg: virtio: Free driver_override when rpmsg_remove()
media: ov9734: Enable runtime PM before registering async sub-device
mips: Fix max_mapnr being uninitialized on early stages
bus: mhi: host: Drop chan lock before queuing buffers
bus: mhi: host: Add spinlock to protect WP access when queueing TREs
parisc/firmware: Fix F-extend for PDC addresses
async: Split async_schedule_node_domain()
async: Introduce async_schedule_dev_nocall()
arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
lsm: new security_file_ioctl_compat() hook
scripts/get_abi: fix source path leak
mmc: core: Use mrq.sbc in close-ended ffu
mmc: mmc_spi: remove custom DMA mapped buffers
rtc: Adjust failure return code for cmos_set_alarm()
nouveau/vmm: don't set addr on the fail path to avoid warning
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
rename(): fix the locking of subdirectories
ksmbd: set v2 lease version on lease upgrade
ksmbd: fix potential circular locking issue in smb2_set_ea()
ksmbd: don't increment epoch if current state and request state are same
ksmbd: send lease break notification on FILE_RENAME_INFORMATION
ksmbd: Add missing set_freezable() for freezable kthread
net/smc: fix illegal rmb_desc access in SMC-D connection dump
tcp: make sure init the accept_queue's spinlocks once
bnxt_en: Wait for FLR to complete during probe
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
afs: Hide silly-rename files from userspace
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
ipv6: init the accept_queue's spinlocks in inet6_create
net/mlx5: DR, Use the right GVMI number for drop action
net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK
net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
net/mlx5: DR, Can't go to uplink vport on RX rule
net/mlx5e: fix a double-free in arfs_create_groups
net/mlx5e: fix a potential double-free in fs_any_create_groups
overflow: Allow mixed type arguments
netfilter: nft_limit: reject configurations that cause integer overflow
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
netfilter: nf_tables: validate NFPROTO_* family
net: stmmac: Wait a bit for the reset to take effect
net: mvpp2: clear BM pool before initialization
selftests: netdevsim: fix the udp_tunnel_nic test
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: fix infinite directory reads
btrfs: set last dir index to the current last index when opening dir
btrfs: refresh dir last index during a rewinddir(3) call
btrfs: fix race between reading a directory and adding entries to it
btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted
btrfs: ref-verify: free ref cache before clearing mount opt
btrfs: tree-checker: fix inline ref size in error messages
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
rbd: don't move requests to the running list on errors
exec: Fix error handling in begin_new_exec()
wifi: iwlwifi: fix a memory corruption
hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
firmware: arm_scmi: Check mailbox/SMT channel for consistency
xfs: read only mounts with fsopen mount API are busted
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/tidss: Fix atomic_flush check
drm/bridge: nxp-ptn3460: simplify some error checking
PM: core: Remove unnecessary (void *) conversions
PM: sleep: Fix possible deadlocks in core system-wide PM code
bus: mhi: host: Rename "struct mhi_tre" to "struct mhi_ring_element"
bus: mhi: host: Add alignment check for event ring read pointer
fs/pipe: move check to pipe_has_watch_queue()
pipe: wakeup wr_wait after setting max_usage
ARM: dts: qcom: sdx55: fix USB wakeup interrupt types
ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12
ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells'
ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts
ARM: dts: qcom: sdx55: fix USB SS wakeup
media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
mm: use __pfn_to_section() instead of open coding it
mm/sparsemem: fix race in accessing memory_section->usage
PM / devfreq: Fix buffer overflow in trans_stat_show
btrfs: add definition for EXTENT_TREE_V2
ksmbd: fix global oob in ksmbd_nl_policy
cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call
cpufreq: intel_pstate: Refine computation of P-state for given frequency
drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
drm/exynos: fix accidental on-stack copy of exynos_drm_plane
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
arm64: irq: set the correct node for VMAP stack
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: octeontx2 - Fix cptvf driver cleanup
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
arch: consolidate arch_irq_work_raise prototypes
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
selftests/bpf: Fix issues in setup_classid_environment()
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ionic: pass opcode to devcmd_wait
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: L2CAP: Fix possible multiple reject send
bridge: cfm: fix enum typo in br_cc_ccm_tx_parse
i40e: Fix VF disable behavior to block all traffic
octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
media: rkisp1: Drop IRQF_SHARED
f2fs: fix to tag gcing flag on page during block migration
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
media: i2c: imx335: Fix hblank min/max values
drm/msm/dpu: Ratelimit framedone timeout msgs
drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu()
clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
um: time-travel: fix time corruption
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
usb: hub: Replace hardcoded quirk value with BIT() macro
selftests/sgx: Fix linker script asserts
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
PCI: Fix 64GT/s effective data rate calculation
PCI/AER: Decode Requester ID when no error info found
libsubcmd: Fix memory leak in uniq()
drm/amdkfd: Fix lock dependency warning
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
selftests: net: give more time for GRO aggregation
ip6_tunnel: use dev_sw_netstats_rx_add()
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
tcp: add sanity checks to rx zerocopy
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
bridge: mcast: fix disabled snooping after long uptime
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
selftests: net: fix available tunnels detection
net: sysfs: Fix /sys/class/net/<iface> path
arm64: irq: set the correct node for shadow call stack
gve: Fix use-after-free vulnerability
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
ASoC: codecs: lpass-wsa-macro: fix compander volume hack
dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
dmaengine: ti: k3-udma: Report short packet errors
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
selftests: net: cut more slack for gro fwd tests.
selftests: net: avoid just another constant wait
tunnels: fix out of bounds access when building IPv6 PMTU error
atm: idt77252: fix a memleak in open_card_ubr0
octeontx2-pf: Fix a memleak otx2_sq_init
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
drm/amd/display: Fix multiple memory leaks reported by coverity
drm/amd/display: Implement bounds check for stream encoder creation in DCN301
netfilter: nft_ct: reject direction for ct id
netfilter: nft_set_pipapo: store index in scratch maps
netfilter: nft_set_pipapo: add helper to release pcpu scratch area
netfilter: nft_set_pipapo: remove scratch_aligned pointer
fs/ntfs3: Fix an NULL dereference bug
scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
blk-iocost: Fix an UBSAN shift-out-of-bounds warning
drivers: lkdtm: fix clang -Wformat warning
ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
hrtimer: Report offline hrtimer enqueue
Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
clocksource: Skip watchdog check for large watchdog intervals
net: stmmac: xgmac: use #define for string constants
net: stmmac: xgmac: fix a typo of register name in DPP safety handling
netfilter: nft_set_rbtree: skip end interval element from gc
btrfs: forbid creating subvol qgroups
btrfs: do not ASSERT() if the newly created subvolume already got read
btrfs: forbid deleting live subvol qgroup
btrfs: send: return EOPNOTSUPP on unknown flags
of: unittest: Fix compile in the non-dynamic case
wifi: iwlwifi: Fix some error codes
net: openvswitch: limit the number of recursions from action sets
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
scs: add CONFIG_MMU dependency for vfree_atomic()
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
scsi: storvsc: Fix ring buffer size calculation
ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
HID: i2c-hid-of: fix NULL-deref on failed power up
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
usb: ucsi_acpi: Fix command completion handling
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
media: ir_toy: fix a memleak in irtoy_tx
powerpc/kasan: Fix addr error caused by page alignment
i2c: i801: Remove i801_set_block_buffer_mode
i2c: i801: Fix block process call transactions
modpost: trim leading spaces when processing source files list
mptcp: fix data re-injection from stale subflow
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
Revert "drm/amd: flush any delayed gfxoff on suspend entry"
lsm: fix the logic in security_inode_getsecctx()
firewire: core: correct documentation of fw_csr_string() kernel API
kbuild: Fix changing ELF file type for output of gen_btf for big endian
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
xen-netback: properly sync TX responses
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
ASoC: codecs: wcd938x: handle deferred probe
ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
binder: signal epoll threads of self-work
misc: fastrpc: Mark all sessions as invalid in cb_remove
ext4: fix double-free of blocks due to wrong extents moved_len
tracing: Fix wasted memory in saved_cmdlines logic
staging: iio: ad5933: fix type mismatch regression
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
iio: core: fix memleak in iio_device_register_sysfs
iio: accel: bma400: Fix a compilation problem
media: rc: bpf attach/detach requires write permission
drm/prime: Support page array >= 4GB
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
serial: max310x: fail probe if clock crystal is unstable
powerpc/64: Set task pt_regs->link to the LR value on scv entry
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
mmc: slot-gpio: Allow non-sleeping GPIO ro
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
nfp: use correct macro for LengthSelect in BAR config
nfp: flower: prevent re-adding mac index for bonded port
wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
ceph: prevent use-after-free in encode_cap_msg()
mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
of: property: fix typo in io-channels
can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
pmdomain: core: Move the unused cleanup to a _sync initcall
tracing: Inform kmemleak of saved_cmdlines allocation
af_unix: Fix task hung while purging oob_skb in GC.
dma-buf: add dma_fence_timestamp helper
bus: moxtet: Add spi device table
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue
usb: dwc3: ep0: Don't prepare beyond Setup stage
usb: dwc3: gadget: Only End Transfer for ep0 data phase
usb: dwc3: gadget: Delay issuing End Transfer
usb: dwc3: Fix ep0 handling when getting reset while doing control transfer
usb: dwc3: gadget: Force sending delayed status during soft disconnect
usb: dwc3: gadget: Submit endxfer command if delayed during disconnect
usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API
usb: dwc3: gadget: Handle EP0 request dequeuing properly
usb: dwc3: gadget: Queue PM runtime idle on disconnect event
serial: 8250_exar: Fill in rs485_supported
serial: 8250_exar: Set missing rs485_supported flag
fbdev/defio: Early-out if page is already enlisted
fbdev: Don't sort deferred-I/O pages by default
fbdev: defio: fix the pagelist corruption
fbdev: Track deferred-I/O pages in pageref struct
fbdev: Rename pagelist to pagereflist for deferred I/O
fbdev: Fix invalid page access after closing deferred I/O devices
fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
fbdev: flush deferred IO before closing
scripts/decode_stacktrace.sh: support old bash version
scripts: decode_stacktrace: demangle Rust symbols
scripts/decode_stacktrace.sh: optionally use LLVM utilities
netfilter: ipset: fix performance regression in swap operation
hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
net: prevent mss overflow in skb_segment()
netfilter: ipset: Missing gc cancellations fixed
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
dm: limit the number of targets and parameter size area
arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend()
drm/msm/dsi: Enable runtime PM
Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack"
net: bcmgenet: Fix EEE implementation
fs/ntfs3: Add null pointer checks
smb3: Replace smb2pdu 1-element arrays with flex-arrays
staging: fbtft: core: set smem_len before fb_deferred_io_init call
usb: dwc3: gadget: Don't delay End Transfer on delayed_status
usb: dwc3: gadget: Execute gadget stop after halting the controller
media: Revert "media: rkisp1: Drop IRQF_SHARED"
usb: dwc3: gadget: Ignore End Transfer delay on teardown
Linux 5.15.149
Change-Id: I571d6d3c8689846d6ba3778f1f43024c15bd8b1a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
80efc62652 |
Linux 5.15.150
Link: https://lore.kernel.org/r/20240227131615.098467438@linuxfoundation.org Tested-by: SeongJae Park <sj@kernel.org> Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: kernelci.org bot <bot@kernelci.org> Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Allen Pais <apais@linux.microsoft.com> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Heiner Kallweit
|
da6cabc198 |
r8169: use new PM macros
commit
|
||
|
Florian Westphal
|
b7f3fac6d3 |
netfilter: nf_tables: can't schedule in nft_chain_validate
commit |
||
|
Baokun Li
|
a4efc62cd1 |
ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
commit 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 upstream.
After updating bb_free in mb_free_blocks, it is possible to return without
updating bb_fragments because the block being freed is found to have
already been freed, which leads to inconsistency between bb_free and
bb_fragments.
Since the group may be unlocked in ext4_grp_locked_error(), this can lead
to problems such as dividing by zero when calculating the average fragment
length. Hence move the update of bb_free to after the block double-free
check guarantees that the corresponding statistics are updated only after
the core block bitmap is modified.
Fixes:
|
||
|
Baokun Li
|
c1317822e2 |
ext4: regenerate buddy after block freeing failed if under fc replay
commit c9b528c35795b711331ed36dc3dbee90d5812d4e upstream. This mostly reverts commit |
||
|
Florian Westphal
|
d82ec7529c |
netfilter: nf_tables: fix scheduling-while-atomic splat
commit |
||
|
Kuniyuki Iwashima
|
97eaa2955d |
arp: Prevent overflow in arp_req_get().
commit a7d6027790acea24446ddd6632d394096c0f4667 upstream. syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit |
||
|
Bart Van Assche
|
d7b6fa97ec |
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
commit b820de741ae48ccf50dd95e297889c286ff4f760 upstream. If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio. Suggested-by: Jens Axboe <axboe@kernel.dk> Cc: Christoph Hellwig <hch@lst.de> Cc: Avi Kivity <avi@scylladb.com> Cc: Sandeep Dhavale <dhavale@google.com> Cc: Jens Axboe <axboe@kernel.dk> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: stable@vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20240215204739.2677806-2-bvanassche@acm.org Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Shyam Prasad N
|
df31d05f06 |
cifs: fix mid leak during reconnection after timeout threshold
commit |
||
|
Corey Minyard
|
aade859419 |
i2c: imx: when being a target, mark the last read as processed
[ Upstream commit 87aec499368d488c20292952d6d4be7cb9e49c5e ]
When being a target, NAK from the controller means that all bytes have
been transferred. So, the last byte needs also to be marked as
'processed'. Otherwise index registers of backends may not increase.
Fixes:
|
||
|
Corey Minyard
|
cb21407f0b |
i2c: imx: Add timer for handling the stop condition
[ Upstream commit
|
||
|
Armin Wolf
|
33f649f1b1 |
drm/amd/display: Fix memory leak in dm_sw_fini()
[ Upstream commit bae67893578d608e35691dcdfa90c4957debf1d3 ]
After destroying dmub_srv, the memory associated with it is
not freed, causing a memory leak:
unreferenced object 0xffff896302b45800 (size 1024):
comm "(udev-worker)", pid 222, jiffies 4294894636
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 6265fd77):
[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340
[<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu]
[<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu]
[<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu]
[<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]
[<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]
[<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90
[<ffffffff996918a3>] pci_device_probe+0xc3/0x230
[<ffffffff99805872>] really_probe+0xe2/0x480
[<ffffffff99805c98>] __driver_probe_device+0x78/0x160
[<ffffffff99805daf>] driver_probe_device+0x1f/0x90
[<ffffffff9980601e>] __driver_attach+0xce/0x1c0
[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0
[<ffffffff99804822>] bus_add_driver+0x112/0x210
[<ffffffff99807245>] driver_register+0x55/0x100
[<ffffffff990012d1>] do_one_initcall+0x41/0x300
Fix this by freeing dmub_srv after destroying it.
Fixes:
|
||
|
Erik Kurzinger
|
9a03126588 |
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
[ Upstream commit 3c43177ffb54ea5be97505eb8e2690e99ac96bc9 ]
When waiting for a syncobj timeline point whose fence has not yet been
submitted with the WAIT_FOR_SUBMIT flag, a callback is registered using
drm_syncobj_fence_add_wait and the thread is put to sleep until the
timeout expires. If the fence is submitted before then,
drm_syncobj_add_point will wake up the sleeping thread immediately which
will proceed to wait for the fence to be signaled.
However, if the WAIT_AVAILABLE flag is used instead,
drm_syncobj_fence_add_wait won't get called, meaning the waiting thread
will always sleep for the full timeout duration, even if the fence gets
submitted earlier. If it turns out that the fence *has* been submitted
by the time it eventually wakes up, it will still indicate to userspace
that the wait completed successfully (it won't return -ETIME), but it
will have taken much longer than it should have.
To fix this, we must call drm_syncobj_fence_add_wait if *either* the
WAIT_FOR_SUBMIT flag or the WAIT_AVAILABLE flag is set. The only
difference being that with WAIT_FOR_SUBMIT we will also wait for the
fence to be signaled after it has been submitted while with
WAIT_AVAILABLE we will return immediately.
IGT test patch: https://lists.freedesktop.org/archives/igt-dev/2024-January/067537.html
v1 -> v2: adjust lockdep_assert_none_held_once condition
(cherry picked from commit 8c44ea81634a4a337df70a32621a5f3791be23df)
Fixes:
|
||
|
Pablo Neira Ayuso
|
13b57b5cd5 |
netfilter: nft_flow_offload: release dst in case direct xmit path is used
[ Upstream commit 8762785f459be1cfe6fcf7285c123aad6a3703f0 ]
Direct xmit does not use it since it calls dev_queue_xmit() to send
packets, hence it calls dst_release().
kmemleak reports:
unreferenced object 0xffff88814f440900 (size 184):
comm "softirq", pid 0, jiffies 4294951896
hex dump (first 32 bytes):
00 60 5b 04 81 88 ff ff 00 e6 e8 82 ff ff ff ff .`[.............
21 0b 50 82 ff ff ff ff 00 00 00 00 00 00 00 00 !.P.............
backtrace (crc cb2bf5d6):
[<000000003ee17107>] kmem_cache_alloc+0x286/0x340
[<0000000021a5de2c>] dst_alloc+0x43/0xb0
[<00000000f0671159>] rt_dst_alloc+0x2e/0x190
[<00000000fe5092c9>] __mkroute_output+0x244/0x980
[<000000005fb96fb0>] ip_route_output_flow+0xc0/0x160
[<0000000045367433>] nf_ip_route+0xf/0x30
[<0000000085da1d8e>] nf_route+0x2d/0x60
[<00000000d1ecd1cb>] nft_flow_route+0x171/0x6a0 [nft_flow_offload]
[<00000000d9b2fb60>] nft_flow_offload_eval+0x4e8/0x700 [nft_flow_offload]
[<000000009f447dbb>] expr_call_ops_eval+0x53/0x330 [nf_tables]
[<00000000072e1be6>] nft_do_chain+0x17c/0x840 [nf_tables]
[<00000000d0551029>] nft_do_chain_inet+0xa1/0x210 [nf_tables]
[<0000000097c9d5c6>] nf_hook_slow+0x5b/0x160
[<0000000005eccab1>] ip_forward+0x8b6/0x9b0
[<00000000553a269b>] ip_rcv+0x221/0x230
[<00000000412872e5>] __netif_receive_skb_one_core+0xfe/0x110
Fixes:
|
||
|
Pablo Neira Ayuso
|
4c167af9f6 |
netfilter: nft_flow_offload: reset dst in route object after setting up flow
[ Upstream commit 9e0f0430389be7696396c62f037be4bf72cf93e3 ]
dst is transferred to the flow object, route object does not own it
anymore. Reset dst in route object, otherwise if flow_offload_add()
fails, error path releases dst twice, leading to a refcount underflow.
Fixes:
|
||
|
Pablo Neira Ayuso
|
7c71b83122 |
netfilter: flowtable: simplify route logic
[ Upstream commit
|
||
|
Florian Westphal
|
664264a5c5 |
netfilter: nf_tables: set dormant flag on hook register failure
[ Upstream commit bccebf64701735533c8db37773eeacc6566cc8ec ]
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
Reported-and-tested-by: syzbot+de4025c006ec68ac56fc@syzkaller.appspotmail.com
Fixes:
|
||
|
Sabrina Dubroca
|
4338032aa9 |
tls: stop recv() if initial process_rx_list gave us non-DATA
[ Upstream commit fdfbaec5923d9359698cbb286bc0deadbb717504 ]
If we have a non-DATA record on the rx_list and another record of the
same type still on the queue, we will end up merging them:
- process_rx_list copies the non-DATA record
- we start the loop and process the first available record since it's
of the same type
- we break out of the loop since the record was not DATA
Just check the record type and jump to the end in case process_rx_list
did some work.
Fixes:
|
||
|
Jakub Kicinski
|
ea845237a3 |
tls: rx: drop pointless else after goto
[ Upstream commit
|
||
|
Jakub Kicinski
|
8b32e43a80 |
tls: rx: jump to a more appropriate label
[ Upstream commit
|
||
|
Jason Gunthorpe
|
39603a6d4e |
s390: use the correct count for __iowrite64_copy()
[ Upstream commit 723a2cc8d69d4342b47dfddbfe6c19f1b135f09b ]
The signature for __iowrite64_copy() requires the number of 64 bit
quantities, not bytes. Multiple by 8 to get to a byte length before
invoking zpci_memcpy_toio()
Fixes:
|
||
|
Subbaraya Sundeep
|
8cae520f21 |
octeontx2-af: Consider the action set by PF
[ Upstream commit 3b1ae9b71c2a97f848b00fb085a2bd29bddbe8d9 ]
AF reserves MCAM entries for each PF, VF present in the
system and populates the entry with DMAC and action with
default RSS so that basic packet I/O works. Since PF/VF is
not aware of the RSS action installed by AF, AF only fixup
the actions of the rules installed by PF/VF with corresponding
default RSS action. This worked well for rules installed by
PF/VF for features like RX VLAN offload and DMAC filters but
rules involving action like drop/forward to queue are also
getting modified by AF. Hence fix it by setting the default
RSS action only if requested by PF/VF.
Fixes:
|
||
|
Guo Zhengkui
|
6dae096960 |
drm/nouveau/instmem: fix uninitialized_var.cocci warning
[ Upstream commit
|
||
|
Kees Cook
|
4d3b2bd995 |
net: dev: Convert sa_data to flexible array in struct sockaddr
[ Upstream commit
|
||
|
Wolfram Sang
|
d65ec3e48f |
packet: move from strlcpy with unused retval to strscpy
[ Upstream commit
|
||
|
Vasiliy Kovalev
|
91b020aaa1 |
ipv6: sr: fix possible use-after-free and null-ptr-deref
[ Upstream commit 5559cea2d5aa3018a5f00dd2aca3427ba09b386b ]
The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
Fixes:
|
||
|
Daniil Dulov
|
e56662160f |
afs: Increase buffer size in afs_update_volume_status()
[ Upstream commit 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d ]
The max length of volume->vid value is 20 characters.
So increase idbuf[] size up to 24 to avoid overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]
Fixes:
|
||
|
Martin KaFai Lau
|
5268bb0210 |
bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
[ Upstream commit 0281b919e175bb9c3128bd3872ac2903e9436e3f ]
The following race is possible between bpf_timer_cancel_and_free
and bpf_timer_cancel. It will lead a UAF on the timer->timer.
bpf_timer_cancel();
spin_lock();
t = timer->time;
spin_unlock();
bpf_timer_cancel_and_free();
spin_lock();
t = timer->timer;
timer->timer = NULL;
spin_unlock();
hrtimer_cancel(&t->timer);
kfree(t);
/* UAF on t */
hrtimer_cancel(&t->timer);
In bpf_timer_cancel_and_free, this patch frees the timer->timer
after a rcu grace period. This requires a rcu_head addition
to the "struct bpf_hrtimer". Another kfree(t) happens in bpf_timer_init,
this does not need a kfree_rcu because it is still under the
spin_lock and timer->timer has not been visible by others yet.
In bpf_timer_cancel, rcu_read_lock() is added because this helper
can be used in a non rcu critical section context (e.g. from
a sleepable bpf prog). Other timer->timer usages in helpers.c
have been audited, bpf_timer_cancel() is the only place where
timer->timer is used outside of the spin_lock.
Another solution considered is to mark a t->flag in bpf_timer_cancel
and clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free,
it busy waits for the flag to be cleared before kfree(t). This patch
goes with a straight forward solution and frees timer->timer after
a rcu grace period.
Fixes:
|
||
|
Radhey Shyam Pandey
|
6800ad7417 |
ata: ahci_ceva: fix error handling for Xilinx GT PHY support
[ Upstream commit 26c8404e162b43dddcb037ba2d0cb58c0ed60aab ]
Platform clock and phy error resources are not cleaned up in Xilinx GT PHY
error path.
To fix introduce the function ceva_ahci_platform_enable_resources() which
is a customized version of ahci_platform_enable_resources() and inline with
SATA IP programming sequence it does:
- Assert SATA reset
- Program PS GTR phy
- Bring SATA by de-asserting the reset
- Wait for GT lane PLL to be locked
ceva_ahci_platform_enable_resources() is also used in the resume path
as the same SATA programming sequence (as in probe) should be followed.
Also cleanup the mixed usage of ahci_platform_enable_resources() and custom
implementation in the probe function as both are not required.
Fixes:
|
||
|
Serge Semin
|
7fcc31a3a7 |
ata: libahci_platform: Introduce reset assertion/deassertion methods
[ Upstream commit
|
||
|
Serge Semin
|
ddac2e0e65 |
ata: libahci_platform: Convert to using devm bulk clocks API
[ Upstream commit
|
||
|
Eric Dumazet
|
302b92b373 |
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
[ Upstream commit e898e4cd1aab271ca414f9ac6e08e4c761f6913c ]
net->dev_base_seq and ipv6.dev_addr_genid are monotonically increasing.
If we XOR their values, we could miss to detect if both values
were changed with the same amount.
Fixes:
|
||
|
Eric Dumazet
|
a75b495478 |
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
[ Upstream commit 081a0e3b0d4c061419d3f4679dec9f68725b17e4 ]
net->dev_base_seq and ipv4.dev_addr_genid are monotonically increasing.
If we XOR their values, we could miss to detect if both values
were changed with the same amount.
Fixes:
|
||
|
Pavel Sakharov
|
2a7b878a7d |
net: stmmac: Fix incorrect dereference in interrupt handlers
[ Upstream commit 97dde84026339e4b4af9a6301f825d1828d7874b ]
If 'dev' or 'data' is NULL, the 'priv' variable has an incorrect address
when dereferencing calling netdev_err().
Since we get as 'dev_id' or 'data' what was passed as the 'dev' argument
to request_irq() during interrupt initialization (that is, the net_device
and rx/tx queue pointers initialized at the time of the call) and since
there are usually no checks for the 'dev_id' argument in such handlers
in other drivers, remove these checks from the handlers in stmmac driver.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes:
|
||
|
Arnd Bergmann
|
a41d9142d2 |
nouveau: fix function cast warnings
[ Upstream commit 0affdba22aca5573f9d989bcb1d71d32a6a03efe ]
clang-16 warns about casting between incompatible function types:
drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c:161:10: error: cast from 'void (*)(const struct firmware *)' to 'void (*)(void *)' converts to incompatible function type [-Werror,-Wcast-function-type-strict]
161 | .fini = (void(*)(void *))release_firmware,
This one was done to use the generic shadow_fw_release() function as a
callback for struct nvbios_source. Change it to use the same prototype
as the other five instances, with a trivial helper function that actually
calls release_firmware.
Fixes:
|
||
|
Randy Dunlap
|
1087c284fd |
scsi: jazz_esp: Only build if SCSI core is builtin
[ Upstream commit 9ddf190a7df77b77817f955fdb9c2ae9d1c9c9a3 ]
JAZZ_ESP is a bool kconfig symbol that selects SCSI_SPI_ATTRS. When
CONFIG_SCSI=m, this results in SCSI_SPI_ATTRS=m while JAZZ_ESP=y, which
causes many undefined symbol linker errors.
Fix this by only offering to build this driver when CONFIG_SCSI=y.
[mkp: JAZZ_ESP is unique in that it does not support being compiled as a
module unlike the remaining SPI SCSI HBA drivers]
Fixes:
|
||
|
Gianmarco Lusvardi
|
4e395fb89e |
bpf, scripts: Correct GPL license name
[ Upstream commit e37243b65d528a8a9f8b9a57a43885f8e8dfc15c ]
The bpf_doc script refers to the GPL as the "GNU Privacy License".
I strongly suspect that the author wanted to refer to the GNU General
Public License, under which the Linux kernel is released, as, to the
best of my knowledge, there is no license named "GNU Privacy License".
This patch corrects the license name in the script accordingly.
Fixes:
|