mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-05 18:41:58 +09:00
8976ff249f994487842546a6efa545c46b697dce
1153163 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
8976ff249f |
Merge 6.1.42 into android14-6.1-lts
Changes in 6.1.42 io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq ALSA: hda/realtek - remove 3k pull low procedure ALSA: hda/realtek: Add quirk for Clevo NS70AU ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx maple_tree: set the node limit when creating a new root node maple_tree: fix node allocation testing on 32 bit keys: Fix linking a duplicate key to a keyring's assoc_array perf probe: Add test for regression introduced by switch to die_get_decl_file() btrfs: fix warning when putting transaction with qgroups enabled after abort fuse: revalidate: don't invalidate if interrupted fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand btrfs: zoned: fix memory leak after finding block group with super blocks fuse: ioctl: translate ENOSYS in outarg btrfs: fix race between balance and cancel/pause selftests: tc: set timeout to 15 minutes selftests: tc: add 'ct' action kconfig dep regmap: Drop initial version of maximum transfer length fixes of: Preserve "of-display" device name for compatibility regmap: Account for register length in SMBus I/O limits arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout can: bcm: Fix UAF in bcm_proc_show() can: gs_usb: gs_can_open(): improve error handling selftests: tc: add ConnTrack procfs kconfig dma-buf/dma-resv: Stop leaking on krealloc() failure drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel drm/amdgpu/pm: make gfxclock consistent for sienna cichlid drm/amdgpu/pm: make mclk consistent for smu 13.0.7 drm/client: Fix memory leak in drm_client_target_cloned drm/client: Fix memory leak in drm_client_modeset_probe drm/amd/display: only accept async flips for fast updates drm/amd/display: Disable MPC split by default on special asic drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: Keep PHY active for DP displays on DCN31 ASoC: fsl_sai: Disable bit clock with transmitter ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master mode" ASoC: tegra: Fix ADX byte map ASoC: rt5640: Fix sleep in atomic context ASoC: cs42l51: fix driver to properly autoload with automatic module loading ASoC: codecs: wcd938x: fix missing clsh ctrl error handling ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove ASoC: qdsp6: audioreach: fix topology probe deferral ASoC: tegra: Fix AMX byte map ASoC: codecs: wcd938x: fix resource leaks on component remove ASoC: codecs: wcd938x: fix missing mbhc init error handling ASoC: codecs: wcd934x: fix resource leaks on component remove ASoC: codecs: wcd938x: fix codec initialisation race ASoC: codecs: wcd938x: fix soundwire initialisation race ext4: correct inline offset when handling xattrs in inode body drm/radeon: Fix integer overflow in radeon_cs_parser_init ALSA: emu10k1: roll up loops in DSP setup code for Audigy quota: Properly disable quotas when add_dquot_ref() fails quota: fix warning in dqgrab() HID: add quirk for 03f0:464a HP Elite Presenter Mouse ovl: check type and offset of struct vfsmount in ovl_entry udf: Fix uninitialized array access for some pathnames fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev MIPS: dec: prom: Address -Warray-bounds warning FS: JFS: Fix null-ptr-deref Read in txBegin FS: JFS: Check for read-only mounted filesystem in txBegin ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569 rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp sched/fair: Don't balance task to its current running CPU wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range bpf: Print a warning only if writing to unprivileged_bpf_disabled. bpf: Address KCSAN report on bpf_lru_list bpf: tcp: Avoid taking fast sock lock in iterator wifi: ath11k: add support default regdb while searching board-2.bin for WCN6855 wifi: mac80211_hwsim: Fix possible NULL dereference spi: dw: Add compatible for Intel Mount Evans SoC wifi: ath11k: fix memory leak in WMI firmware stats net: ethernet: litex: add support for 64 bit stats devlink: report devlink_port_type_warn source device wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() wifi: iwlwifi: Add support for new PCI Id wifi: iwlwifi: mvm: avoid baid size integer overflow wifi: iwlwifi: pcie: add device id 51F1 for killer 1675 igb: Fix igb_down hung on surprise removal net: hns3: fix strncpy() not using dest-buf length as length issue ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() ASoC: codecs: wcd938x: fix mbhc impedance loglevel ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR ASoC: qcom: q6apm: do not close GPR port before closing graph sched/fair: Use recent_used_cpu to test p->cpus_ptr sched/psi: Fix avgs_work re-arm in psi_avgs_work() sched/psi: Rearrange polling code in preparation sched/psi: Rename existing poll members in preparation sched/psi: Extract update_triggers side effect sched/psi: Allow unprivileged polling of N*2s period sched/psi: use kernfs polling functions for PSI trigger polling pinctrl: renesas: rzv2m: Handle non-unique subnode names pinctrl: renesas: rzg2l: Handle non-unique subnode names spi: bcm63xx: fix max prepend length fbdev: imxfb: warn about invalid left/right margin fbdev: imxfb: Removed unneeded release_mem_region perf build: Fix library not found error when using CSLIBS btrfs: be a bit more careful when setting mirror_num_ret in btrfs_map_block spi: s3c64xx: clear loopback bit after loopback test kallsyms: Improve the performance of kallsyms_lookup_name() kallsyms: Correctly sequence symbols when CONFIG_LTO_CLANG=y kallsyms: strip LTO-only suffixes from promoted global functions dsa: mv88e6xxx: Do a final check before timing out net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() bridge: Add extack warning when enabling STP in netns. net: ethernet: mtk_eth_soc: handle probe deferral cifs: fix mid leak during reconnection after timeout threshold ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() net: sched: cls_matchall: Undo tcf_bind_filter in case of failure after mall_set_parms net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode net: sched: cls_u32: Undo refcount decrement in case update failed net: sched: cls_bpf: Undo tcf_bind_filter in case of an error net: dsa: microchip: ksz8: Separate static MAC table operations for code reuse net: dsa: microchip: ksz8: Make ksz8_r_sta_mac_table() static net: dsa: microchip: ksz8_r_sta_mac_table(): Avoid using error code for empty entries net: dsa: microchip: correct KSZ8795 static MAC table access iavf: Fix use-after-free in free_netdev iavf: Fix out-of-bounds when setting channels on remove iavf: use internal state to free traffic IRQs iavf: Move netdev_update_features() into watchdog task iavf: send VLAN offloading caps once after VFR iavf: make functions static where possible iavf: Wait for reset in callbacks which trigger it iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies iavf: fix reset task race with iavf_remove() security: keys: Modify mismatched function name octeontx2-pf: Dont allocate BPIDs for LBK interfaces bpf: Fix subprog idx logic in check_max_stack_depth bpf: Repeat check_max_stack_depth for async callbacks bpf, arm64: Fix BTI type used for freplace attached functions igc: Avoid transmit queue timeout for XDP igc: Prevent garbled TX queue with XDP ZEROCOPY net: ipv4: use consistent txhash in TIME_WAIT and SYN_RECV tcp: annotate data-races around tcp_rsk(req)->txhash tcp: annotate data-races around tcp_rsk(req)->ts_recent net: ipv4: Use kfree_sensitive instead of kfree net:ipv6: check return value of pskb_trim() Revert "tcp: avoid the lookup process failing to get sk in ehash table" fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe llc: Don't drop packet from non-root netns. ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp netfilter: nf_tables: fix spurious set element insertion failure netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nft_set_pipapo: fix improper element removal netfilter: nf_tables: skip bound chain in netns release path netfilter: nf_tables: skip bound chain on rule flush Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync Bluetooth: hci_event: call disconnect callback before deleting conn Bluetooth: ISO: fix iso_conn related locking and validity issues Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() tcp: annotate data-races around tp->tcp_tx_delay tcp: annotate data-races around tp->tsoffset tcp: annotate data-races around tp->keepalive_time tcp: annotate data-races around tp->keepalive_intvl tcp: annotate data-races around tp->keepalive_probes tcp: annotate data-races around icsk->icsk_syn_retries tcp: annotate data-races around tp->linger2 tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around icsk->icsk_user_timeout tcp: annotate data-races around fastopenq.max_qlen net: phy: prevent stale pointer dereference in phy_init() jbd2: recheck chechpointing non-dirty buffer tracing/histograms: Return an error if we fail to add histogram to hist_vars list drm/ttm: fix bulk_move corruption when adding a entry spi: dw: Remove misleading comment for Mount Evans SoC kallsyms: add kallsyms_seqs_of_names to list of special symbols scripts/kallsyms.c Make the comment up-to-date with current implementation scripts/kallsyms: update the usage in the comment block bpf: allow precision tracking for programs with subprogs bpf: stop setting precise in current state bpf: aggressively forget precise markings during state checkpointing selftests/bpf: make test_align selftest more robust selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code selftests/bpf: Fix sk_assign on s390x drm/amd/display: use max_dsc_bpp in amdgpu_dm drm/amd/display: fix some coding style issues drm/dp_mst: Clear MSG_RDY flag before sending new message drm/amd/display: force connector state when bpc changes during compliance drm/amd/display: Clean up errors & warnings in amdgpu_dm.c drm/amd/display: fix linux dp link lost handled only one time drm/amd/display: Add polling method to handle MST reply packet Revert "drm/amd/display: edp do not add non-edid timings" Linux 6.1.42 Change-Id: I6b7257a16f9a025d0c23dfd3eb43317c1c164a93 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b2d799c4d4 |
Merge 6.1.41 into android14-6.1-lts
Changes in 6.1.41 x86/cpu/amd: Move the errata checking functionality up x86/cpu/amd: Add a Zenbleed fix Linux 6.1.41 Change-Id: I9e234026b3b7435de7aad1dcd6849960b0a88b26 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
f12524c9de |
Revert "Revert "8250: add support for ASIX devices with a FIFO bug""
This reverts commit |
||
|
Greg Kroah-Hartman
|
f1311733c2 |
Merge 6.1.40 into android14-6.1-lts
Changes in 6.1.40 HID: amd_sfh: Rename the float32 variable HID: amd_sfh: Fix for shift-out-of-bounds net: lan743x: Don't sleep in atomic context workqueue: clean up WORK_* constant types, clarify masking ksmbd: add missing compound request handing in some commands ksmbd: fix out of bounds read in smb2_sess_setup drm/panel: simple: Add connector_type for innolux_at043tn24 drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime swiotlb: always set the number of areas before allocating the pool swiotlb: reduce the swiotlb buffer size on allocation failure swiotlb: reduce the number of areas to match actual memory pool size drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags ice: Fix max_rate check while configuring TX rate limits igc: Remove delay during TX ring configuration net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create net/mlx5e: fix memory leak in mlx5e_ptp_open net/mlx5e: Check for NOT_READY flag state after locking igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings igc: Handle PPS start time programming for past time values blk-crypto: use dynamic lock class for blk_crypto_profile::lock scsi: qla2xxx: Fix error code in qla2x00_start_sp() scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER bpf: Fix max stack depth check for async callbacks net: mvneta: fix txq_map in case of txq_number==1 net/sched: cls_fw: Fix improper refcount update leads to use-after-free gve: Set default duplex configuration to full octeontx2-af: Promisc enable/disable through mbox octeontx2-af: Move validation of ptp pointer before its usage ionic: remove WARN_ON to prevent panic_on_warn net: bgmac: postpone turning IRQs off to avoid SoC hangs net: prevent skb corruption on frag list segmentation icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). udp6: fix udp6_ehashfn() typo ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: ntb_transport: fix possible memory leak while device_register() fails NTB: ntb_tool: Add check for devm_kcalloc ipv6/addrconf: fix a potential refcount underflow for idev net: dsa: qca8k: Add check for skb_copy platform/x86: wmi: Break possible infinite loop when parsing GUID kernel/trace: Fix cleanup logic of enable_trace_eprobe igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime nvme: fix the NVME_ID_NS_NVM_STS_MASK definition riscv, bpf: Fix inconsistent JIT image generation drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner drm/i915: Fix one wrong caching mode enum usage octeontx2-pf: Add additional check for MCAM rules erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF erofs: fix fsdax unavailability for chunk-based regular files wifi: airo: avoid uninitialized warning in airo_get_rate() bpf: cpumap: Fix memory leak in cpu_map_update_elem net/sched: flower: Ensure both minimum and maximum ports are specified riscv: mm: fix truncation warning on RV32 netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() net/sched: make psched_mtu() RTNL-less safe wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() net/sched: sch_qfq: refactor parsing of netlink parameters net/sched: sch_qfq: account for stab overhead in qfq_enqueue nvme-pci: fix DMA direction of unmapping integrity data fs/ntfs3: Check fields while reading ovl: let helper ovl_i_path_real() return the realinode ovl: fix null pointer dereference in ovl_get_acl_rcu() cifs: fix session state check in smb2_find_smb_ses drm/client: Send hotplug event after registering a client drm/amdgpu/sdma4: set align mask to 255 drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario drm/amdgpu: add the fan abnormal detection feature drm/amdgpu: Fix minmax warning drm/amd/pm: add abnormal fan detection for smu 13.0.0 f2fs: fix the wrong condition to determine atomic context f2fs: fix deadlock in i_xattr_sem and inode page lock pinctrl: amd: Add Z-state wake control bits pinctrl: amd: Adjust debugfs output pinctrl: amd: Add fields for interrupt status and wake status pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Detect and mask spurious interrupts pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Use amd_pinconf_set() for all config options pinctrl: amd: Drop pull up select configuration pinctrl: amd: Unify debounce handling into amd_pinconf_set() tpm: Do not remap from ACPI resources again for Pluton TPM tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms mtd: rawnand: meson: fix unaligned DMA buffers handling net: bcmgenet: Ensure MDIO unregistration has clocks enabled net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver kasan: add kasan_tag_mismatch prototype tracing/user_events: Fix incorrect return value for writing operation when events are disabled powerpc: Fail build if using recordmcount with binutils v2.37 misc: fastrpc: Create fastrpc scalar with correct buffer count powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 powerpc/64s: Fix native_hpte_remove() to be irq-safe MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: KVM: Fix NULL pointer dereference ext4: Fix reusing stale buffer heads from last failed mounting ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks ext4: fix to check return value of freeze_bdev() in ext4_shutdown() ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation fs: dlm: revert check required context while close soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup ext2/dax: Fix ext2_setsize when len is page aligned jfs: jfs_dmap: Validate db_l2nbperpage while mounting hwrng: imx-rngc - fix the timeout for init and self check dm integrity: reduce vmalloc space footprint on 32-bit architectures scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O s390/zcrypt: do not retry administrative requests PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold PCI: Release resource invalidated by coalescing PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: epf-test: Fix DMA transfer completion initialization PCI: epf-test: Fix DMA transfer completion detection PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test mfd: pm8008: Fix module autoloading md/raid0: add discard support for the 'original' layout dm init: add dm-mod.waitfor to wait for asynchronously probed block devices fs: dlm: return positive pid value for F_GETLK fs: dlm: fix cleanup pending ops when interrupted fs: dlm: interrupt posix locks only when process is killed fs: dlm: make F_SETLK use unkillable wait_event fs: dlm: fix mismatch of plock results from userspace scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh drm/amd/display: fix seamless odm transitions drm/amd/display: edp do not add non-edid timings drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 drm/amd/display: disable seamless boot if force_odm_combine is enabled drm/amdgpu: fix clearing mappings for BOs that are always valid in VM drm/amd: Disable PSR-SU on Parade 0803 TCON drm/amd/display: add a NULL pointer check drm/amd/display: Correct `DMUB_FW_VERSION` macro drm/amd/display: Add monitor specific edid quirk drm/amdgpu: avoid restore process run into dead loop. drm/ttm: Don't leak a resource on swapout move error serial: atmel: don't enable IRQs prematurely tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: imx: fix rs485 rx after tx firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() libceph: harden msgr2.1 frame segment length checks ceph: add a dedicated private data for netfs rreq ceph: fix blindly expanding the readahead windows ceph: don't let check_caps skip sending responses for revoke msgs xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly meson saradc: fix clock divider mask length opp: Fix use-after-free in lazy_opp_tables after probe deferral soundwire: qcom: fix storing port config out-of-bounds Revert "8250: add support for ASIX devices with a FIFO bug" bus: ixp4xx: fix IXP4XX_EXP_T1_MASK s390/decompressor: fix misaligned symbol build error dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter tracing/histograms: Add histograms to hist_vars if they have referenced variables tracing: Fix memory leak of iter->temp when reading trace_pipe nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices samples: ftrace: Save required argument registers in sample trampolines perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() regmap-irq: Fix out-of-bounds access when allocating config buffers net: ena: fix shift-out-of-bounds in exponential backoff ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() drm/amd/pm: share the code around SMU13 pcie parameters update drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 cifs: if deferred close is disabled then close files immediately xtensa: ISS: fix call to split_if_spec perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR PM: QoS: Restore support for default value on frequency QoS pwm: meson: modify and simplify calculation in meson_pwm_get_state pwm: meson: fix handling of period/duty if greater than UINT_MAX fprobe: Release rethook after the ftrace_ops is unregistered fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() tracing: Fix null pointer dereference in tracing_err_log_open() selftests: mptcp: connect: fail if nft supposed to work selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: userspace_pm: use correct server port selftests: mptcp: userspace_pm: report errors with 'remove' tests selftests: mptcp: depend on SYN_COOKIES selftests: mptcp: pm_nl_ctl: fix 32-bit support tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it tracing/user_events: Fix struct arg size match check scsi: qla2xxx: Multi-que support for TMF scsi: qla2xxx: Fix task management cmd failure scsi: qla2xxx: Fix task management cmd fail due to unavailable resource scsi: qla2xxx: Fix hang in task management scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix mem access after free scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Fix buffer overrun scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Correct the index of array scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue scsi: qla2xxx: Fix end of loop test MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" swiotlb: mark swiotlb_memblock_alloc() as __init net/sched: sch_qfq: reintroduce lmax bound check for MTU drm/atomic: Fix potential use-after-free in nonblocking commits net/ncsi: make one oem_gma function for all mfr id net/ncsi: change from ndo_set_mac_address to dev_set_mac_address Linux 6.1.40 Change-Id: I5cc6aab178c66d2a23fe2a8d21e71cc4a8b15acf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
bd041b5977 |
ANDROID: GKI: Fix block/genhd.c exports from having their CRC changed
Commit |
||
|
Greg Kroah-Hartman
|
c0e5631df8 |
Revert "blk-mq: fix potential io hang by wrong 'wake_batch'"
This reverts commit |
||
|
Greg Kroah-Hartman
|
c057db2f88 |
Revert "bpf: Remove bpf trampoline selector"
This reverts commit |
||
|
Greg Kroah-Hartman
|
17f0b3c7ee |
Revert "drm/bridge: Introduce pre_enable_prev_first to alter bridge init order"
This reverts commit |
||
|
Greg Kroah-Hartman
|
b3c3fc85c7 |
Revert "drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec"
This reverts commit |
||
|
Greg Kroah-Hartman
|
b435525822 |
Merge 6.1.39 into android14-6.1-lts
Changes in 6.1.39
drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
fs: pipe: reveal missing function protoypes
block: Fix the type of the second bdev_op_is_zoned_write() argument
erofs: clean up cached I/O strategies
erofs: avoid tagged pointers to mark sync decompression
erofs: remove tagged pointer helpers
erofs: move zdata.h into zdata.c
erofs: kill hooked chains to avoid loops on deduplicated compressed images
x86/resctrl: Only show tasks' pid in current pid namespace
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
x86/sev: Fix calculation of end address based on number of pages
virt: sevguest: Add CONFIG_CRYPTO dependency
blk-mq: fix potential io hang by wrong 'wake_batch'
lockd: drop inappropriate svc_get() from locked_get()
nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap
nvme-auth: rename authentication work elements
nvme-auth: remove symbol export from nvme_auth_reset
nvme-auth: no need to reset chap contexts on re-authentication
nvme-core: fix memory leak in dhchap_secret_store
nvme-core: fix memory leak in dhchap_ctrl_secret
nvme-auth: don't ignore key generation failures when initializing ctrl keys
nvme-core: add missing fault-injection cleanup
nvme-core: fix dev_pm_qos memleak
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
md/raid10: fix io loss while replacement replace rdev
md/raid1-10: factor out a helper to add bio to plug
md/raid1-10: factor out a helper to submit normal write
md/raid1-10: submit write io directly if bitmap is not enabled
block: fix blktrace debugfs entries leakage
irqchip/stm32-exti: Fix warning on initialized field overwritten
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
svcrdma: Prevent page release when nothing was received
erofs: simplify iloc()
erofs: fix compact 4B support for 16k block size
posix-timers: Prevent RT livelock in itimer_delete()
tick/rcu: Fix bogus ratelimit condition
tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
perf/arm-cmn: Fix DTC reset
x86/mm: Allow guest.enc_status_change_prepare() to fail
x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad()
drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
PM: domains: Move the verification of in-params from genpd_add_device()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
cpufreq: intel_pstate: Fix energy_performance_preference for passive
thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
rcu: Make rcu_cpu_starting() rely on interrupts being disabled
rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs
rcutorture: Correct name of use_softirq module parameter
rcuscale: Move shutdown from wait_event() to wait_event_idle()
rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined
perf/ibs: Fix interface via core pmu events
x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
locking/atomic: arm: fix sync ops
evm: Complete description of evm_inode_setattr()
evm: Fix build warnings
ima: Fix build warnings
pstore/ram: Add check for kstrdup
igc: Enable and fix RX hash usage by netstack
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
libbpf: btf_dump_type_data_check_overflow needs to consider BTF_MEMBER_BITFIELD_SIZE
samples/bpf: Fix buffer overflow in tcp_basertt
spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
wifi: wilc1000: fix for absent RSN capabilities WFA testcase
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
sctp: add bpf_bypass_getsockopt proto callback
libbpf: fix offsetof() and container_of() to work with CO-RE
bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
spi: dw: Round of n_bytes to power of 2
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
bpftool: JIT limited misreported as negative value on aarch64
bpf: Remove bpf trampoline selector
bpf: Fix memleak due to fentry attach failure
selftests/bpf: Do not use sign-file as testcase
regulator: core: Fix more error checking for debugfs_create_dir()
regulator: core: Streamline debugfs operations
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60
wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart
wifi: mac80211: recalc min chandef for new STA links
selftests/bpf: Fix check_mtu using wrong variable type
wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
ice: handle extts in the miscellaneous interrupt thread
selftests: cgroup: fix unexpected failure on test_memcg_low
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: mac80211: Fix permissions for valid_links debugfs entry
rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
wifi: ath11k: Add missing check for ioremap
wifi: iwlwifi: pull from TXQs with softirqs disabled
wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler()
wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam
wifi: cfg80211: rewrite merging of inherited elements
wifi: cfg80211: drop incorrect nontransmitted BSS update code
wifi: cfg80211: fix regulatory disconnect with OCB/NAN
wifi: cfg80211/mac80211: Fix ML element common size calculation
wifi: ieee80211: Fix the common size calculation for reconfiguration ML
mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019
wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
wifi: ath9k: convert msecs to jiffies where needed
bpf: Factor out socket lookup functions for the TC hookpoint.
bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
can: length: fix bitstuffing count
can: kvaser_pciefd: Add function to set skb hwtstamps
can: kvaser_pciefd: Set hardware timestamp on transmitted packets
net: stmmac: fix double serdes powerdown
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
bonding: do not assume skb mac_header is set
selftests: rtnetlink: remove netdevsim device after ipsec offload test
gtp: Fix use-after-free in __gtp_encap_destroy().
net: axienet: Move reset before 64-bit DMA detection
ocfs2: Fix use of slab data with sendpage
sfc: fix crash when reading stats while NIC is resetting
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
lib/ts_bm: reset initial match offset for every block of text
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
drm/amd/display: Add logging for display MALL refresh setting
radeon: avoid double free in ci_dpm_init()
drm/amd/display: Explicitly specify update type per plane info change
drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show()
Input: drv260x - sleep between polling GO bit
drm/bridge: ti-sn65dsi83: Fix enable error path
drm/bridge: tc358768: always enable HS video mode
drm/bridge: tc358768: fix PLL parameters computation
drm/bridge: tc358768: fix PLL target frequency
drm/bridge: tc358768: fix TCLK_ZEROCNT computation
drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
drm/bridge: tc358768: fix TCLK_TRAILCNT computation
drm/bridge: tc358768: fix THS_ZEROCNT computation
drm/bridge: tc358768: fix TXTAGOCNT computation
drm/bridge: tc358768: fix THS_TRAILCNT computation
drm/vram-helper: fix function names in vram helper doc
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
ARM: dts: meson8b: correct uart_B and uart_C clock references
mm: call arch_swap_restore() from do_swap_page()
clk: vc5: Use `clamp()` to restrict PLL range
bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
clk: vc5: Fix .driver_data content in i2c_device_id
clk: vc7: Fix .driver_data content in i2c_device_id
clk: rs9: Fix .driver_data content in i2c_device_id
Input: adxl34x - do not hardcode interrupt trigger type
drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
drm/panel: sharp-ls043t1le01: adjust mode settings
driver: soc: xilinx: use _safe loop iterator to avoid a use after free
ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices
drm/vkms: isolate pixel conversion functionality
drm: Add fixed-point helper to get rounded integer values
drm/vkms: Fix RGB565 pixel conversion
ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
bus: ti-sysc: Fix dispc quirk masking bool variables
arm64: dts: microchip: sparx5: do not use PSCI on reference boards
drm/bridge: tc358767: Switch to devm MIPI-DSI helpers
clk: imx: scu: use _safe list iterator to avoid a use after free
hwmon: (f71882fg) prevent possible division by zero
RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
RDMA/bnxt_re: Fix to remove unnecessary return labels
RDMA/bnxt_re: Use unique names while registering interrupts
RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
RDMA/bnxt_re: Fix to remove an unnecessary log
drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
drm/msm/disp/dpu: get timing engine status from intf status register
drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
iommu/virtio: Detach domain on endpoint release
iommu/virtio: Return size mapped for a detached domain
clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write
ARM: dts: gta04: Move model property out of pinctrl node
drm/bridge: anx7625: Convert to i2c's .probe_new()
drm/bridge: anx7625: Prevent endless probe loop
ARM: dts: qcom: msm8974: do not use underscore in node name (again)
arm64: dts: qcom: msm8916: correct camss unit address
arm64: dts: qcom: msm8916: correct MMC unit address
arm64: dts: qcom: msm8994: correct SPMI unit address
arm64: dts: qcom: msm8996: correct camss unit address
arm64: dts: qcom: sdm630: correct camss unit address
arm64: dts: qcom: sdm845: correct camss unit address
arm64: dts: qcom: sm8350: Add GPI DMA compatible fallback
arm64: dts: qcom: sm8350: correct DMA controller unit address
arm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg
arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
drm/bridge: Introduce pre_enable_prev_first to alter bridge init order
drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ARM: omap2: fix missing tick_broadcast() prototype
arm64: dts: qcom: pm7250b: add missing spmi-vadc include
arm64: dts: qcom: apq8096: fix fixed regulator name property
arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
ARM: dts: stm32: Shorten the AV96 HDMI sound card name
memory: brcmstb_dpfe: fix testing array offset after use
ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ASoC: es8316: Do not set rate constraints for unsupported MCLKs
ARM: dts: meson8: correct uart_B and uart_C clock references
soc/fsl/qe: fix usb.c build errors
RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
RDMA/hns: Fix hns_roce_table_get return value
ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: ti: k3-j7200: Fix physical address of pin
Input: pm8941-powerkey - fix debounce on gen2+ PMICs
ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
hwmon: (gsc-hwmon) fix fan pwm temperature scaling
hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
ARM: dts: BCM5301X: fix duplex-full => full-duplex
clk: Export clk_hw_forward_rate_request()
drm/amd/display: Fix a test CalculatePrefetchSchedule()
drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
drm/amdkfd: Fix potential deallocation of previously deallocated memory.
soc: mediatek: SVS: Fix MT8192 GPU node name
drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode
drm/radeon: fix possible division-by-zero errors
HID: uclogic: Modular KUnit tests should not depend on KUNIT=y
RDMA/rxe: Add ibdev_dbg macros for rxe
RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_mw.c
RDMA/rxe: Fix access checks in rxe_check_bind_mw
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
drm/msm/a5xx: really check for A510 in a5xx_gpu_init
RDMA/bnxt_re: wraparound mbox producer index
RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe
clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
arm64: dts: qcom: sdm845: Flush RSC sleep & wake votes
arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks()
clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
clk: tegra: tegra124-emc: Fix potential memory leak
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/msm/dpu: do not enable color-management if DSPPs are not available
drm/msm/dpu: Fix slice_last_group_size calculation
drm/msm/dsi: Use DSC slice(s) packet size to compute word count
drm/msm/dsi: Flip greater-than check for slice_count and slice_per_intf
drm/msm/dsi: Remove incorrect references to slice_count
drm/msm/dp: Free resources after unregistering them
arm64: dts: mediatek: Add cpufreq nodes for MT8192
arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function.
drm/amdgpu: Fix usage of UMC fill record in RAS
drm/msm/dpu: correct MERGE_3D length
clk: vc5: check memory returned by kasprintf()
clk: cdce925: check return value of kasprintf()
clk: si5341: return error if one synth clock registration fails
clk: si5341: check return value of {devm_}kasprintf()
clk: si5341: free unused memory on probe failure
clk: keystone: sci-clk: check return value of kasprintf()
clk: ti: clkctrl: check return value of kasprintf()
drivers: meson: secure-pwrc: always enable DMA domain
ovl: update of dentry revalidate flags after copy up
ASoC: imx-audmix: check return value of devm_kasprintf()
clk: Fix memory leak in devm_clk_notifier_register()
ARM: dts: lan966x: kontron-d10: fix board reset
ARM: dts: lan966x: kontron-d10: fix SPI CS
ASoC: amd: acp: clear pdm dma interrupt mask
PCI: cadence: Fix Gen2 Link Retraining process
PCI: vmd: Reset VMD config register between soft reboots
scsi: qedf: Fix NULL dereference in error handling
pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
platform/x86: lenovo-yogabook: Fix work race on remove()
platform/x86: lenovo-yogabook: Reprobe devices on remove()
platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on probe()
PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: pciehp: Cancel bringup sequence if card is not present
PCI: ftpci100: Release the clock resources
pinctrl: sunplus: Add check for kmalloc
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state
perf bench: Add missing setlocale() call to allow usage of %'d style formatting
pinctrl: cherryview: Return correct value if pin in push-pull mode
platform/x86: think-lmi: mutex protection around multiple WMI calls
platform/x86: think-lmi: Correct System password interface
platform/x86: think-lmi: Correct NVME password handling
pinctrl:sunplus: Add check for kmalloc
pinctrl: npcm7xx: Add missing check for ioremap
kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
powerpc/signal32: Force inlining of __unsafe_save_user_regs() and save_tm_user_regs_unsafe()
perf script: Fix allocation of evsel->priv related to per-event dump files
platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles
perf dwarf-aux: Fix off-by-one in die_get_varname()
platform/x86/dell/dell-rbtn: Fix resources leaking on error path
perf tool x86: Consolidate is_amd check into single function
perf tool x86: Fix perf_env memory leak
powerpc/64s: Fix VAS mm use after free
pinctrl: microchip-sgpio: check return value of devm_kasprintf()
pinctrl: at91-pio4: check return value of devm_kasprintf()
powerpc/powernv/sriov: perform null check on iov before dereferencing iov
powerpc: simplify ppc_save_regs
powerpc: update ppc_save_regs to save current r1 in pt_regs
PCI: qcom: Remove PCIE20_ prefix from register definitions
PCI: qcom: Sort and group registers and bitfield definitions
PCI: qcom: Use lower case for hex
PCI: qcom: Use DWC helpers for modifying the read-only DBI registers
PCI: qcom: Disable write access to read only registers for IP v2.9.0
riscv: uprobes: Restore thread.bad_cause
powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
PCI: endpoint: Fix Kconfig indent style
PCI: endpoint: Fix a Kconfig prompt of vNTB driver
PCI: endpoint: functions/pci-epf-test: Fix dma_chan direction
PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain()
vfio/mdev: Move the compat_class initialization to module init
hwrng: virtio - Fix race on data_avail and actual data
modpost: remove broken calculation of exception_table_entry size
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
crypto: marvell/cesa - Fix type mismatch warning
crypto: jitter - correct health test during initialization
modpost: fix off by one in is_executable_section()
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
crypto: kpp - Add helper to set reqsize
crypto: qat - Use helper to set reqsize
crypto: qat - unmap buffer before free for DH
crypto: qat - unmap buffers before free for RSA
NFSv4.2: fix wrong shrinker_id
NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
SMB3: Do not send lease break acknowledgment if all file handles have been closed
dax: Fix dax_mapping_release() use after free
dax: Introduce alloc_dev_dax_id()
dax/kmem: Pass valid argument to memory_group_register_static
hwrng: st - keep clock enabled while hwrng is registered
kbuild: Disable GCOV for *.mod.o
efi/libstub: Disable PCI DMA before grabbing the EFI memory map
cifs: prevent use-after-free by freeing the cfile later
cifs: do all necessary checks for credits within or before locking
smb: client: fix broken file attrs with nodfs mounts
ksmbd: avoid field overflow warning
arm64: sme: Use STR P to clear FFR context field in streaming SVE mode
x86/efi: Make efi_set_virtual_address_map IBT safe
md/raid1-10: fix casting from randomized structure in raid1_submit_write()
USB: serial: option: add LARA-R6 01B PIDs
usb: dwc3: gadget: Propagate core init errors to UDC during pullup
phy: tegra: xusb: Clear the driver reference in usb-phy dev
iio: adc: ad7192: Fix null ad7192_state pointer access
iio: adc: ad7192: Fix internal/external clock selection
iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
iio: accel: fxls8962af: fixup buffer scan element type
Revert "drm/amd/display: edp do not add non-edid timings"
mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap()
ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
ALSA: jack: Fix mutex call in snd_jack_report()
ALSA: pcm: Fix potential data race at PCM memory allocation helpers
block: fix signed int overflow in Amiga partition support
block: add overflow checks for Amiga partition support
block: change all __u32 annotations to __be32 in affs_hardblocks.h
block: increment diskseq on all media change events
btrfs: fix race when deleting free space root from the dirty cow roots list
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
w1: w1_therm: fix locking behavior in convert_t
w1: fix loop in w1_fini()
dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350
f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED
sh: j2: Use ioremap() to translate device tree address into kernel memory
usb: dwc2: platform: Improve error reporting for problems during .remove()
usb: dwc2: Fix some error handling paths
serial: 8250: omap: Fix freeing of resources on failed register
clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk
clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable
media: usb: Check az6007_read() return value
media: amphion: drop repeated codec data for vc1l format
media: amphion: drop repeated codec data for vc1g format
media: amphion: initiate a drain of the capture queue in dynamic resolution change
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
media: i2c: Correct format propagation for st-mipid02
media: hi846: fix usage of pm_runtime_get_if_in_use()
media: mediatek: vcodec: using decoder status instead of core work count
clk: qcom: reset: support resetting multiple bits
clk: qcom: ipq6018: fix networking resets
clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling
clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling
clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock
staging: vchiq_arm: mark vchiq_platform_init() static
usb: dwc3: qcom: Fix potential memory leak
usb: gadget: u_serial: Add null pointer check in gserial_suspend
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
usb: hide unused usbfs_notify_suspend/resume functions
usb: misc: eud: Fix eud sysfs path (use 'qcom_eud')
serial: core: lock port for stop_rx() in uart_suspend_port()
serial: 8250: lock port for stop_rx() in omap8250_irq()
serial: core: lock port for start_rx() in uart_resume_port()
serial: 8250: lock port for UART_IER access in omap8250_irq()
kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
lkdtm: replace ll_rw_block with submit_bh
i3c: master: svc: fix cpu schedule in spin lock
coresight: Fix loss of connection info when a module is unloaded
mfd: rt5033: Drop rt5033-battery sub-device
media: venus: helpers: Fix ALIGN() of non power of two
media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
sh: Avoid using IRQ0 on SH3 and SH4
gfs2: Fix duplicate should_fault_in_pages() call
f2fs: fix potential deadlock due to unpaired node_write lock use
f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
usb: common: usb-conn-gpio: Set last role to unknown before initial detection
usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe()
mfd: intel-lpss: Add missing check for platform_get_resource
Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection"
serial: 8250_omap: Use force_suspend and resume for system suspend
device property: Fix documentation for fwnode_get_next_parent()
device property: Clarify description of returned value in some functions
drivers: fwnode: fix fwnode_irq_get[_byname]()
nvmem: sunplus-ocotp: release otp->clk before return
nvmem: rmem: Use NVMEM_DEVID_AUTO
bus: fsl-mc: don't assume child devices are all fsl-mc devices
mfd: stmfx: Fix error path in stmfx_chip_init
mfd: stmfx: Nullify stmfx->vdd in case of error
KVM: s390: vsie: fix the length of APCB bitmap
KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
cpufreq: mediatek: correct voltages for MT7622 and MT7623
misc: fastrpc: check return value of devm_kasprintf()
clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags
hwtracing: hisi_ptt: Fix potential sleep in atomic context
mfd: stmpe: Only disable the regulators if they are enabled
phy: tegra: xusb: check return value of devm_kzalloc()
lib/bitmap: drop optimization of bitmap_{from,to}_arr64
pwm: imx-tpm: force 'real_period' to be zero in suspend
pwm: sysfs: Do not apply state to already disabled PWMs
pwm: ab8500: Fix error code in probe()
pwm: mtk_disp: Fix the disable flow of disp_pwm
md/raid10: fix the condition to call bio_end_io_acct()
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
drm/i915/guc/slpc: Apply min softlimit correctly
f2fs: check return value of freeze_super()
media: cec: i2c: ch7322: also select REGMAP
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
net/sched: act_ipt: add sanity checks on table name and hook locations
net: add a couple of helpers for iph tot_len
net/sched: act_ipt: add sanity checks on skb before calling target
spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode
net: mscc: ocelot: don't report that RX timestamping is enabled by default
net: mscc: ocelot: don't keep PTP configuration of all ports in single structure
net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping is disabled
net: dsa: sja1105: always enable the INCL_SRCPT option
net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
Bluetooth: fix invalid-bdaddr quirk for non-persistent setup
Bluetooth: ISO: use hci_sync for setting CIG parameters
Bluetooth: MGMT: add CIS feature bits to controller information
Bluetooth: MGMT: Use BIT macro when defining bitfields
Bluetooth: MGMT: Fix marking SCAN_RSP as not connectable
ibmvnic: Do not reset dql stats on NON_FATAL err
net: dsa: vsc73xx: fix MTU configuration
mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
drm/amdgpu: fix number of fence calculations
drm/amd: Don't try to enable secure display TA multiple times
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
octeontx2-af: Fix mapping for NIX block from CGX connection
octeontx2-af: Add validation before accessing cgx and lmac
ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge mode
net: fix net_dev_start_xmit trace event vs skb_transport_offset()
tcp: annotate data races in __tcp_oow_rate_limited()
bpf, btf: Warn but return no error for NULL btf from __register_btf_kfunc_id_set()
xsk: Honor SO_BINDTODEVICE on bind
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
fanotify: disallow mount/sb marks on kernel internal pseudo fs
riscv: move memblock_allow_resize() after linear mapping is ready
pptp: Fix fib lookup calls.
net: dsa: tag_sja1105: fix MAC DA patching from meta frames
net: dsa: sja1105: always enable the send_meta options
octeontx-af: fix hardware timestamp configuration
afs: Fix accidental truncation when storing data
s390/qeth: Fix vipa deletion
sh: dma: Fix DMA channel offset calculation
apparmor: fix missing error check for rhashtable_insert_fast
i2c: xiic: Don't try to handle more interrupt events after error
dm: fix undue/missing spaces
dm: avoid split of quoted strings where possible
dm ioctl: have constant on the right side of the test
dm ioctl: Avoid double-fetch of version
extcon: usbc-tusb320: Convert to i2c's .probe_new()
extcon: usbc-tusb320: Unregister typec port on driver removal
btrfs: do not BUG_ON() on tree mod log failure at balance_level()
i2c: qup: Add missing unwind goto in qup_i2c_probe()
irqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment
NFSD: add encoding of op_recall flag for write delegation
irqchip/loongson-pch-pic: Fix initialization of HT vector register
io_uring: wait interruptibly for request completions on exit
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
wifi: cfg80211: fix regulatory disconnect for non-MLO
wifi: ath10k: Serialize wake_tx_queue ops
wifi: mt76: mt7921e: fix init command fail with enabled device
bcache: fixup btree_cache_wait list damage
bcache: Remove unnecessary NULL point check in node allocations
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
watch_queue: prevent dangling pipe pointer
um: Use HOST_DIR for mrproper
integrity: Fix possible multiple allocation in integrity_inode_get()
autofs: use flexible array in ioctl structure
mm/damon/ops-common: atomically test and clear young on ptes and pmds
shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
fs: avoid empty option when generating legacy mount string
ext4: Remove ext4 locking of moved directory
Revert "f2fs: fix potential corruption when moving a directory"
fs: Establish locking order for unrelated directories
fs: Lock moved directories
i2c: nvidia-gpu: Add ACPI property to align with device-tree
i2c: nvidia-gpu: Remove ccgx,firmware-build property
usb: typec: ucsi: Mark dGPUs as DEVICE scope
ipvs: increase ip_vs_conn_tab_bits range for 64BIT
btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
btrfs: delete unused BGs while reclaiming BGs
btrfs: bail out reclaim process if filesystem is read-only
btrfs: add block-group tree to lockdep classes
btrfs: reinsert BGs failed to reclaim
btrfs: fix race when deleting quota root from the dirty cow roots list
btrfs: fix extent buffer leak after tree mod log failure at split_node()
btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
ASoC: mediatek: mt8173: Fix irq error path
ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
regulator: tps65219: Fix matching interrupts for their regulators
ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
ARM: orion5x: fix d2net gpio initialization
leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
blktrace: use inline function for blk_trace_remove() while blktrace is disabled
fs: no need to check source
xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately
xfs: check that per-cpu inodegc workers actually run on that cpu
xfs: disable reaping in fscounters scrub
xfs: fix xfs_inodegc_stop racing with mod_delayed_work
mm/mmap: Fix extra maple tree write
drm/i915: Fix TypeC mode initialization during system resume
drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
mtd: parsers: refer to ARCH_BCMBCA instead of ARCH_BCM4908
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: do not ignore genmask when looking up chain by id
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
wireguard: queueing: use saner cpu selection wrapping
wireguard: netlink: send staged packets when setting initial private key
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
block/partition: fix signedness issue for Amiga partitions
sh: mach-r2d: Handle virq offset in cascaded IRL demux
sh: mach-highlander: Handle virq offset in cascaded IRL demux
sh: mach-dreamcast: Handle virq offset in cascaded IRQ demux
sh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ
io_uring: Use io_schedule* in cqring wait
Linux 6.1.39
Change-Id: I5867c943c99c157fa599ecd08da961c632e58302
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
79ad050bdd |
Merge 6.1.38 into android14-6.1-lts
Changes in 6.1.38 xtensa: fix lock_mm_and_find_vma in case VMA not found drm/amd/display: Remove optimization for VRR updates drm/amd/display: Do not update DRR while BW optimizations pending PCI/ACPI: Validate acpi_pci_set_power_state() parameter PCI/ACPI: Call _REG when transitioning D-states execve: always mark stack as growing down during early stack setup nubus: Partially revert proc_create_single_data() conversion perf symbols: Symbol lookup with kcore can fail if multiple segments match stext scripts/tags.sh: Resolve gtags empty index generation docs: Set minimal gtags / GNU GLOBAL version to 6.6.5 drm/amdgpu: Validate VM ioctl flags. drm/amd/display: Ensure vmin and vmax adjust for DCE Linux 6.1.38 Change-Id: I17bf08393a16d6b23541c445d7395f3e966d99b4 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
8dc085b841 |
Merge 6.1.37 into android14-6.1-lts
Changes in 6.1.37 mm/mmap: Fix error path in do_vmi_align_munmap() mm/mmap: Fix error return in do_vmi_align_munmap() mptcp: ensure listener is unhashed before updating the sk status mm, hwpoison: try to recover from copy-on write faults mm, hwpoison: when copy-on-write hits poison, take page offline x86/microcode/AMD: Load late on both threads too x86/smp: Make stop_other_cpus() more robust x86/smp: Dont access non-existing CPUID leaf x86/smp: Remove pointless wmb()s from native_stop_other_cpus() x86/smp: Use dedicated cache-line for mwait_play_dead() x86/smp: Cure kexec() vs. mwait_play_dead() breakage can: isotp: isotp_sendmsg(): fix return error fix on TX path maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() mm: introduce new 'lock_mm_and_find_vma()' page fault helper mm: make the page fault mmap locking killable arm64/mm: Convert to using lock_mm_and_find_vma() powerpc/mm: Convert to using lock_mm_and_find_vma() mips/mm: Convert to using lock_mm_and_find_vma() riscv/mm: Convert to using lock_mm_and_find_vma() arm/mm: Convert to using lock_mm_and_find_vma() mm/fault: convert remaining simple cases to lock_mm_and_find_vma() powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma() mm: make find_extend_vma() fail if write lock not held execve: expand new process stack manually ahead of time mm: always expand the stack with the mmap write lock held fbdev: fix potential OOB read in fast_imageblit() HID: hidraw: fix data race on device refcount HID: wacom: Use ktime_t rather than int when dealing with timestamps HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651. Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe" sparc32: fix lock_mm_and_find_vma() conversion parisc: fix expand_stack() conversion csky: fix up lock_mm_and_find_vma() conversion xtensa: fix NOMMU build with lock_mm_and_find_vma() conversion Linux 6.1.37 Change-Id: If9feca8bddd17174e6b36421286049c7a5a60487 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
8b02e8901d |
Merge branch 'android14-6.1' into 'android14-6.1-lts'
Catches the android14-6.1-lts branch up with the android14-6.1 branch which has had a lot of changes that are needed here to resolve future LTS merges and to ensure that the ABI is kept stable. It contains the following commits: * |
||
|
Yifan Hong
|
9fd41ac172 |
ANDROID: Delete build.config.gki.aarch64.16k.
This is now implemented with defconfig fragments. define_common_kernels use the regular build.config.gki.aarch64 and apply 16k_defconfig on it. Bug: 286589887 Test: TH Signed-off-by: Yifan Hong <elsk@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:03d155e488ab9e5192cb344419e219203b82ea54) Merged-In: I71d9abd8faa19a2e517b1c9cb82f9b1a0c9b9197 Change-Id: I71d9abd8faa19a2e517b1c9cb82f9b1a0c9b9197 |
||
|
Kyle Tso
|
073df44c36 |
FROMGIT: usb: typec: tcpm: Refactor the PPS APDO selection
In current design of the PPS APDO selection, TCPM power supply only
accepts the requested voltage which is inside the range of the selected
PPS profile. To extend the flexibility and usability, remove the checks
about the voltage range in current profile. And try to search all PPS
APDOs of the Source that fit the requested voltage.
Also remove some redundant checks in tcpm_pd_build_pps_request.
Signed-off-by: Kyle Tso <kyletso@google.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230731162159.19483-1-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 273608315
(cherry picked from commit
|
||
|
Badhri Jagan Sridharan
|
078410e73f |
UPSTREAM: usb: typec: tcpm: Fix response to vsafe0V event
commit |
||
|
Lee Jones
|
722f6cc09c |
ANDROID: Revert "ANDROID: allmodconfig: disable WERROR"
This reverts commit |
||
|
zhengjiacheng
|
c2611a04b9 |
ANDROID: GKI: update symbol list file for xiaomi
INFO: ABI DIFFERENCES HAVE BEEN DETECTED!
INFO: 2 function symbol(s) added
'void __iomem *pci_ioremap_bar(struct pci_dev *pdev, int bar)'
'int pci_disable_pcie_error_reporting(struct pci_dev *dev)'
Bug: 296484741
Change-Id: I8e4b871947929f3ba55f1cad5a922b9c377044d1
Signed-off-by: zhengjiacheng <zhengjiacheng@xiaomi.corp-partner.google.com>
|
||
|
Xu Yang
|
34fde9ec08 |
FROMGIT: usb: typec: tcpm: not sink vbus if operational current is 0mA
PD3.0 Spec 6.4.1.3.1 said:
For a Sink requiring no power from the Source, the Voltage (B19-10)
shall be set to 5V and the Operational Current Shall be set to 0mA.
Therefore, we can keep sink path closed if the operational current of
the first fixed PDO is 0mA.
Bug: 295046582
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20230801070110.1653394-1-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
|
Matthew Wilcox (Oracle)
|
3ebafb7b46 |
BACKPORT: FROMGIT: mm: handle faults that merely update the accessed bit under the VMA lock
Move FAULT_FLAG_VMA_LOCK check out of handle_pte_fault(). This should have a significant performance improvement for mmaped files. Write faults (on read-only shared pages) still take the mmap lock as we do not want to audit all the implementations of ->pfn_mkwrite() and ->page_mkwrite(). However write-faults on private mappings are handled under the VMA lock. Link: https://lkml.kernel.org/r/20230724185410.1124082-11-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 88e2667632d43928d3ed50d0163ecd73aaa2d455 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: replaced folio_put() with put_page() in wp_page_shared()] Bug: 293665307 Change-Id: I27ac40bb0f7347083f641e0cfc8ab33e182c4c5b Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
9e066d4b35 |
FROMLIST: mm: Allow fault_dirty_shared_page() to be called under the VMA lock
By making maybe_unlock_mmap_for_io() handle the VMA lock correctly, we make fault_dirty_shared_page() safe to be called without the mmap lock held. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reported-by: David Hildenbrand <david@redhat.com> Tested-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230812002033.1002367-1-willy@infradead.org/ Bug: 293665307 Change-Id: Ifed050cc4d194c538765ab403de09199b94c7b1b Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
83ab986324 |
FROMGIT: mm: handle swap and NUMA PTE faults under the VMA lock
Move the FAULT_FLAG_VMA_LOCK check down in handle_pte_fault(). This is probably not a huge win in its own right, but is a nicely separable bit from the next patch. Link: https://lkml.kernel.org/r/20230724185410.1124082-10-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 51c4fdc72be2287960ab5c1f5beae84f3039fd01 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I6cf9cb1d40c23287ce179a8c435427c3d88d2528 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
ffcebdef16 |
FROMGIT: mm: run the fault-around code under the VMA lock
The map_pages fs method should be safe to run under the VMA lock instead of the mmap lock. This should have a measurable reduction in contention on the mmap lock. Link: https://lkml.kernel.org/r/20230724185410.1124082-9-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 7456c15600264d635293c91df1e0c0b5a1e73578 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: Iaa1b0c2deeade361b34118f41b5deb591268a269 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
072c35fb69 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down from do_fault()
Perform the check at the start of do_read_fault(), do_cow_fault() and do_shared_fault() instead. Should be no performance change from the last commit. Link: https://lkml.kernel.org/r/20230724185410.1124082-8-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 4e105ec567c874c166a8e5a9b2dd849c8ec2055e https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I37be370a0378afd094d880bb8e538e4e7874499e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
fa9a8adff0 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down in handle_pte_fault()
Call do_pte_missing() under the VMA lock ... then immediately retry in do_fault(). Link: https://lkml.kernel.org/r/20230724185410.1124082-7-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 4c753b25481499cd1cb6a8ddba18bc5585f34296 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I8c8f2feaade7c40daf37b63e43111d22ec147e5f Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
dd621869c1 |
BACKPORT: FROMGIT: mm: handle some PMD faults under the VMA lock
Push the VMA_LOCK check down from __handle_mm_fault() to handle_pte_fault(). Once again, we refuse to call ->huge_fault() with the VMA lock held, but we will wait for a PMD migration entry with the VMA lock held, handle NUMA migration and set the accessed bit. We were already doing this for anonymous VMAs, so it should be safe. Link: https://lkml.kernel.org/r/20230724185410.1124082-6-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b7b8f56db92f56ce812e305f84aef0404287b534 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved merge conflicts in create_huge_pmd() and wp_huge_pmd()] Bug: 293665307 Change-Id: I3ec9042b2e39a5caf6b6f3a478bf9ba337012aa4 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
8594d6a30f |
BACKPORT: FROMGIT: mm: handle PUD faults under the VMA lock
Postpone checking the VMA_LOCK flag until we've attempted to handle faults on PUDs. There's a mild upside to this patch in that we'll allocate the page tables while under the VMA lock rather than the mmap lock, reducing the hold time on the mmap lock, since the retry will find the page tables already populated. The real purpose here is to make a commit that shows we don't call ->huge_fault under the VMA lock. We do now handle setting the accessed bit on a PUD fault under the VMA lock, but that doesn't seem likely to be a measurable difference. Link: https://lkml.kernel.org/r/20230724185410.1124082-5-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 3c04dd18ba57c6753a7ddc6e6c902550a7ac54d9 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved merge conflicts in wp_huge_pud()] Bug: 293665307 Change-Id: Ife20ed7de6444c0e424e12f9fdcdc8f8ecaed2aa Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
66cbbe6b31 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check from handle_mm_fault()
Handle a little more of the page fault path outside the mmap sem. The hugetlb path doesn't need to check whether the VMA is anonymous; the VM_HUGETLB flag is only set on hugetlbfs VMAs. There should be no performance change from the previous commit; this is simply a step to ease bisection of any problems. Link: https://lkml.kernel.org/r/20230724185410.1124082-4-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 51db5e8974cafee10b2252efa78f89af7d60cd11 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I300c7105fa3530e8eb05862cb3f66b7adac99420 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
e26044769f |
BACKPORT: FROMGIT: mm: allow per-VMA locks on file-backed VMAs
Remove the TCP layering violation by allowing per-VMA locks on all VMAs. The fault path will immediately fail in handle_mm_fault(). There may be a small performance reduction from this patch as a little unnecessary work will be done on each page fault. See later patches for the improvement. Link: https://lkml.kernel.org/r/20230724185410.1124082-3-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 698dcd77360a3ce15dfc6fe55f9b5572ad4c4291 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: skip tcp-related changes] Bug: 293665307 Change-Id: I73d9d1e4f96419d4723a920fc5960e806749c368 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
4cb518a06f |
FROMGIT: mm: remove CONFIG_PER_VMA_LOCK ifdefs
Patch series "Handle most file-backed faults under the VMA lock", v3. This patchset adds the ability to handle page faults on parts of files which are already in the page cache without taking the mmap lock. This patch (of 10): Provide lock_vma_under_rcu() when CONFIG_PER_VMA_LOCK is not defined to eliminate ifdefs in the users. Link: https://lkml.kernel.org/r/20230724185410.1124082-1-willy@infradead.org Link: https://lkml.kernel.org/r/20230724185410.1124082-2-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit a457f3e92ccba03be36e8c04c77992d87004806c https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I8cb7d9536b8c54925d04945566b75d4ea2ff042c Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
f4b32b7f15 |
FROMGIT: mm: fix a lockdep issue in vma_assert_write_locked
__is_vma_write_locked() can be used only when mmap_lock is write-locked to guarantee vm_lock_seq and mm_lock_seq stability during the check. Therefore it asserts this condition before further checks. Because of that it can't be used unless the user expects the mmap_lock to be write-locked. vma_assert_locked() can't assume this before ensuring that VMA is not read-locked. Change the order of the checks in vma_assert_locked() to check if the VMA is read-locked first and only then assert if it's not write-locked. Link: https://lkml.kernel.org/r/20230712195652.969194-1-surenb@google.com Fixes: 50b88b63e3e4 ("mm: handle userfaults under VMA lock") Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reported-by: Liam R. Howlett <liam.howlett@oracle.com> Closes: https://lore.kernel.org/all/20230712022620.3yytbdh24b7i4zrn@revolver/ Reported-by: syzbot+339b02f826caafd5f7a8@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/0000000000002db68f05ffb791bc@google.com/ Cc: Christian Brauner <brauner@kernel.org> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 781537884e9905f2df812c8b754165dd606ae300 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: Ida7831576918000bb73850e639aae0d82f0c9fca Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
250f19771f |
FROMGIT: mm: handle userfaults under VMA lock
Enable handle_userfault to operate under VMA lock by releasing VMA lock instead of mmap_lock and retrying. Note that FAULT_FLAG_RETRY_NOWAIT should never be used when handling faults under per-VMA lock protection because that would break the assumption that lock is dropped on retry. Link: https://lkml.kernel.org/r/20230630211957.1341547-7-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c3c986f59c814edecc096a049d67e5791083388b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I9df667dae39024e5473252d7347ec7929f7f999e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
e704d0e4f9 |
FROMGIT: mm: handle swap page faults under per-VMA lock
When page fault is handled under per-VMA lock protection, all swap page faults are retried with mmap_lock because folio_lock_or_retry has to drop and reacquire mmap_lock if folio could not be immediately locked. Follow the same pattern as mmap_lock to drop per-VMA lock when waiting for folio and retrying once folio is available. With this obstacle removed, enable do_swap_page to operate under per-VMA lock protection. Drivers implementing ops->migrate_to_ram might still rely on mmap_lock, therefore we have to fall back to mmap_lock in that particular case. Note that the only time do_swap_page calls synchronous swap_readpage is when SWP_SYNCHRONOUS_IO is set, which is only set for QUEUE_FLAG_SYNCHRONOUS devices: brd, zram and nvdimms (both btt and pmem). Therefore we don't sleep in this path, and there's no need to drop the mmap or per-VMA lock. Link: https://lkml.kernel.org/r/20230630211957.1341547-6-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Tested-by: Alistair Popple <apopple@nvidia.com> Reviewed-by: Alistair Popple <apopple@nvidia.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit cc989adb5544594d8c12893eda3c6df8682de11b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I5d80f435b2dbdc3f3d02be056e893f6fedbc7a98 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
f8a65b694b |
FROMGIT: mm: change folio_lock_or_retry to use vm_fault directly
Change folio_lock_or_retry to accept vm_fault struct and return the vm_fault_t directly. Link: https://lkml.kernel.org/r/20230630211957.1341547-5-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Matthew Wilcox <willy@infradead.org> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit af27bb856a0a29a0673aabe163e4774df67a8bcd https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I9d203e801f0d5517fba8430f9ab82d4063b517f3 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
693d905ec0 |
BACKPORT: FROMGIT: mm: drop per-VMA lock when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED
handle_mm_fault returning VM_FAULT_RETRY or VM_FAULT_COMPLETED means mmap_lock has been released. However with per-VMA locks behavior is different and the caller should still release it. To make the rules consistent for the caller, drop the per-VMA lock when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED. Currently the only path returning VM_FAULT_RETRY under per-VMA locks is do_swap_page and no path returns VM_FAULT_COMPLETED for now. Link: https://lkml.kernel.org/r/20230630211957.1341547-4-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 5197d920745dd42eae023986dbf053107ac238db https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: add the code from missing sanitize_fault_flags directly into handle_mm_fault, add the fix for riscv] Bug: 161210518 Change-Id: Iefd4e49bda940c457a70ecf40d074ad532959759 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
939d4b1ccc |
BACKPORT: FROMGIT: mm: move vma locking out of vma_prepare and dup_anon_vma
vma_prepare() is currently the central place where vmas are being locked before vma_complete() applies changes to them. While this is convenient, it also obscures vma locking and makes it harder to follow the locking rules. Move vma locking out of vma_prepare() and take vma locks explicitly at the locations where vmas are being modified. Move vma locking and replace it with an assertion inside dup_anon_vma() to further clarify the locking pattern inside vma_merge(). Link: https://lkml.kernel.org/r/20230804152724.3090321-7-surenb@google.com Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Suggested-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b1985ca5e7e6464d205a98a78cca229224346c21 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: skip changes in vma_prepare() which does not exist, skip changes in vma_merge() since required locks are already in __vma_adjust(), skip change in dup_anon_vma() since required locks are already in place, skip unnecessary lock in do_brk_flags()] Bug: 293665307 Change-Id: I99261aa1db3bec73795e63c333768bc68da8045c Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
0f0b09c02c |
BACKPORT: FROMGIT: mm: always lock new vma before inserting into vma tree
While it's not strictly necessary to lock a newly created vma before adding it into the vma tree (as long as no further changes are performed to it), it seems like a good policy to lock it and prevent accidental changes after it becomes visible to the page faults. Lock the vma before adding it into the vma tree. Link: https://lkml.kernel.org/r/20230804152724.3090321-6-surenb@google.com Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c3249c06c48dda30f93e62b57773d5ed409d4f77 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved conflicts due to changes in vma_merge() and __vma_adjust()] Bug: 293665307 Change-Id: I4ee0d2abcc8a3f45545f470f1bf7f0be728d6f44 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
a8a479ed96 |
FROMGIT: mm: lock vma explicitly before doing vm_flags_reset and vm_flags_reset_once
Implicit vma locking inside vm_flags_reset() and vm_flags_reset_once() is not obvious and makes it hard to understand where vma locking is happening. Also in some cases (like in dup_userfaultfd()) vma should be locked earlier than vma_flags modification. To make locking more visible, change these functions to assert that the vma write lock is taken and explicitly lock the vma beforehand. Fix userfaultfd functions which should lock the vma earlier. Link: https://lkml.kernel.org/r/20230804152724.3090321-5-surenb@google.com Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: Jann Horn <jannh@google.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit f26ee2701ab3ecd771084b44f262bd010accab72 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I62f0f25c883588c3ba7a322b3a4929df01413591 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
ad18923856 |
FROMGIT: mm: replace mmap with vma write lock assertions when operating on a vma
Vma write lock assertion always includes mmap write lock assertion and additional vma lock checks when per-VMA locks are enabled. Replace weaker mmap_assert_write_locked() assertions with stronger vma_assert_write_locked() ones when we are operating on a vma which is expected to be locked. Link: https://lkml.kernel.org/r/20230804152724.3090321-4-surenb@google.com Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 928a31b91cf64aa99a8999dcd66bec0ad02f64ef https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I861db0510612f571f2ca44e0a9d7e01274d4eb36 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
5f0ca924aa |
FROMGIT: mm: for !CONFIG_PER_VMA_LOCK equate write lock assertion for vma and mmap
When CONFIG_PER_VMA_LOCK=n, vma_assert_write_locked() should be equivalent to mmap_assert_write_locked(). Link: https://lkml.kernel.org/r/20230804152724.3090321-3-surenb@google.com Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit f0cdd55d6dd8c7a1b333049e4f83eb25fef312ad https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: Ie20ff6c35fb2f561f2061c5d0135238b7b03afa5 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Jann Horn
|
abb0f2767e |
FROMGIT: mm: don't drop VMA locks in mm_drop_all_locks()
Despite its name, mm_drop_all_locks() does not drop _all_ locks; the mmap
lock is held write-locked by the caller, and the caller is responsible for
dropping the mmap lock at a later point (which will also release the VMA
locks).
Calling vma_end_write_all() here is dangerous because the caller might
have write-locked a VMA with the expectation that it will stay
write-locked until the mmap_lock is released, as usual.
This _almost_ becomes a problem in the following scenario:
An anonymous VMA A and an SGX VMA B are mapped adjacent to each other.
Userspace calls munmap() on a range starting at the start address of A and
ending in the middle of B.
Hypothetical call graph with additional notes in brackets:
do_vmi_align_munmap
[begin first for_each_vma_range loop]
vma_start_write [on VMA A]
vma_mark_detached [on VMA A]
__split_vma [on VMA B]
sgx_vma_open [== new->vm_ops->open]
sgx_encl_mm_add
__mmu_notifier_register [luckily THIS CAN'T ACTUALLY HAPPEN]
mm_take_all_locks
mm_drop_all_locks
vma_end_write_all [drops VMA lock taken on VMA A before]
vma_start_write [on VMA B]
vma_mark_detached [on VMA B]
[end first for_each_vma_range loop]
vma_iter_clear_gfp [removes VMAs from maple tree]
mmap_write_downgrade
unmap_region
mmap_read_unlock
In this hypothetical scenario, while do_vmi_align_munmap() thinks it still
holds a VMA write lock on VMA A, the VMA write lock has actually been
invalidated inside __split_vma().
The call from sgx_encl_mm_add() to __mmu_notifier_register() can't
actually happen here, as far as I understand, because we are duplicating
an existing SGX VMA, but sgx_encl_mm_add() only calls
__mmu_notifier_register() for the first SGX VMA created in a given
process. So this could only happen in fork(), not on munmap(). But in my
view it is just pure luck that this can't happen.
Also, we wouldn't actually have any bad consequences from this in
do_vmi_align_munmap(), because by the time the bug drops the lock on VMA
A, we've already marked VMA A as detached, which makes it completely
ineligible for any VMA-locked page faults. But again, that's just pure
luck.
So remove the vma_end_write_all(), so that VMA write locks are only ever
released on mmap_write_unlock() or mmap_write_downgrade().
Also add comments to document the locking rules established by this patch.
Link: https://lkml.kernel.org/r/20230720193436.454247-1-jannh@google.com
Fixes:
|
||
|
Jisheng Zhang
|
365af746f5 |
BACKPORT: riscv: mm: try VMA lock-based page fault handling first
Attempt VMA lock-based page fault handling first, and fall back to the
existing mmap_lock-based handling if that fails.
A simple running the ebizzy benchmark on Lichee Pi 4A shows that
PER_VMA_LOCK can improve the ebizzy benchmark by about 32.68%. In
theory, the more CPUs, the bigger improvement, but I don't have any
HW platform which has more than 4 CPUs.
This is the riscv variant of "x86/mm: try VMA lock-based page fault
handling first".
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Reviewed-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Link: https://lore.kernel.org/r/20230523165942.2630-1-jszhang@kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
(cherry picked from commit
|
||
|
Suren Baghdasaryan
|
3c187b4a12 |
BACKPORT: FROMGIT: mm: enable page walking API to lock vmas during the walk
walk_page_range() and friends often operate under write-locked mmap_lock. With introduction of vma locks, the vmas have to be locked as well during such walks to prevent concurrent page faults in these areas. Add an additional member to mm_walk_ops to indicate locking requirements for the walk. The change ensures that page walks which prevent concurrent page faults by write-locking mmap_lock, operate correctly after introduction of per-vma locks. With per-vma locks page faults can be handled under vma lock without taking mmap_lock at all, so write locking mmap_lock would not stop them. The change ensures vmas are properly locked during such walks. A sample issue this solves is do_mbind() performing queue_pages_range() to queue pages for migration. Without this change a concurrent page can be faulted into the area and be left out of migration. Link: https://lkml.kernel.org/r/20230804152724.3090321-2-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Suggested-by: Jann Horn <jannh@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hugh Dickins <hughd@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam Howlett <liam.howlett@oracle.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Peter Xu <peterx@redhat.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 2ebc368f59eedcef0de7c832fe1d62935cd3a7ff https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: changed locking in break_ksm since it's done differently, skipped the change in the missing __ksm_del_vma(), skipped the change in the missing walk_page_range_vma(), removed unused local variables] Bug: 293665307 Change-Id: Iede9eaa950ea59a268a2e74a8d3022162f0bbd80 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Jann Horn
|
b6093c47fe |
BACKPORT: mm: lock VMA in dup_anon_vma() before setting ->anon_vma
When VMAs are merged, dup_anon_vma() is called with `dst` pointing to the VMA that is being expanded to cover the area previously occupied by another VMA. This currently happens while `dst` is not write-locked. This means that, in the `src->anon_vma && !dst->anon_vma` case, as soon as the assignment `dst->anon_vma = src->anon_vma` has happened, concurrent page faults can happen on `dst` under the per-VMA lock. This is already icky in itself, since such page faults can now install pages into `dst` that are attached to an `anon_vma` that is not yet tied back to the `anon_vma` with an `anon_vma_chain`. But if `anon_vma_clone()` fails due to an out-of-memory error, things get much worse: `anon_vma_clone()` then reverts `dst->anon_vma` back to NULL, and `dst` remains completely unconnected to the `anon_vma`, even though we can have pages in the area covered by `dst` that point to the `anon_vma`. This means the `anon_vma` of such pages can be freed while the pages are still mapped into userspace, which leads to UAF when a helper like folio_lock_anon_vma_read() tries to look up the anon_vma of such a page. This theoretically is a security bug, but I believe it is really hard to actually trigger as an unprivileged user because it requires that you can make an order-0 GFP_KERNEL allocation fail, and the page allocator tries pretty hard to prevent that. I think doing the vma_start_write() call inside dup_anon_vma() is the most straightforward fix for now. For a kernel-assisted reproducer, see the notes section of the patch mail. Link: https://lkml.kernel.org/r/20230721034643.616851-1-jannh@google.com Fixes: |
||
|
Jann Horn
|
0ee0062c94 |
UPSTREAM: mm: fix memory ordering for mm_lock_seq and vm_lock_seq
mm->mm_lock_seq effectively functions as a read/write lock; therefore it
must be used with acquire/release semantics.
A specific example is the interaction between userfaultfd_register() and
lock_vma_under_rcu().
userfaultfd_register() does the following from the point where it changes
a VMA's flags to the point where concurrent readers are permitted again
(in a simple scenario where only a single private VMA is accessed and no
merging/splitting is involved):
userfaultfd_register
userfaultfd_set_vm_flags
vm_flags_reset
vma_start_write
down_write(&vma->vm_lock->lock)
vma->vm_lock_seq = mm_lock_seq [marks VMA as busy]
up_write(&vma->vm_lock->lock)
vm_flags_init
[sets VM_UFFD_* in __vm_flags]
vma->vm_userfaultfd_ctx.ctx = ctx
mmap_write_unlock
vma_end_write_all
WRITE_ONCE(mm->mm_lock_seq, mm->mm_lock_seq + 1) [unlocks VMA]
There are no memory barriers in between the __vm_flags update and the
mm->mm_lock_seq update that unlocks the VMA, so the unlock can be
reordered to above the `vm_flags_init()` call, which means from the
perspective of a concurrent reader, a VMA can be marked as a userfaultfd
VMA while it is not VMA-locked. That's bad, we definitely need a
store-release for the unlock operation.
The non-atomic write to vma->vm_lock_seq in vma_start_write() is mostly
fine because all accesses to vma->vm_lock_seq that matter are always
protected by the VMA lock. There is a racy read in vma_start_read()
though that can tolerate false-positives, so we should be using
WRITE_ONCE() to keep things tidy and data-race-free (including for KCSAN).
On the other side, lock_vma_under_rcu() works as follows in the relevant
region for locking and userfaultfd check:
lock_vma_under_rcu
vma_start_read
vma->vm_lock_seq == READ_ONCE(vma->vm_mm->mm_lock_seq) [early bailout]
down_read_trylock(&vma->vm_lock->lock)
vma->vm_lock_seq == READ_ONCE(vma->vm_mm->mm_lock_seq) [main check]
userfaultfd_armed
checks vma->vm_flags & __VM_UFFD_FLAGS
Here, the interesting aspect is how far down the mm->mm_lock_seq read can
be reordered - if this read is reordered down below the vma->vm_flags
access, this could cause lock_vma_under_rcu() to partly operate on
information that was read while the VMA was supposed to be locked. To
prevent this kind of downwards bleeding of the mm->mm_lock_seq read, we
need to read it with a load-acquire.
Some of the comment wording is based on suggestions by Suren.
BACKPORT WARNING: One of the functions changed by this patch (which I've
written against Linus' tree) is vma_try_start_write(), but this function
no longer exists in mm/mm-everything. I don't know whether the merged
version of this patch will be ordered before or after the patch that
removes vma_try_start_write(). If you're backporting this patch to a tree
with vma_try_start_write(), make sure this patch changes that function.
Link: https://lkml.kernel.org/r/20230721225107.942336-1-jannh@google.com
Fixes:
|
||
|
Xu Yang
|
3378cbd264 |
FROMGIT: usb: host: ehci-sched: try to turn on io watchdog as long as periodic_count > 0
If initially isoc_count = 0, periodic_count > 0 and the io watchdog is
not started (e.g. just timed out), then the io watchdog may not run after
submitting isoc urbs and enable_periodic(). The isoc urbs may not complete
forever if the controller had already stopped periodic schedule.
This will try to call turn_on_io_watchdog() for each enable_periodic() to
ensure the io watchdog functions properly.
Bug: 295046582
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20230809065327.952368-1-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
|
Xu Yang
|
2d3351bd5e |
FROMGIT: BACKPORT: usb: ehci: add workaround for chipidea PORTSC.PEC bug
Some NXP processor using chipidea IP has a bug when frame babble is
detected.
As per 4.15.1.1.1 Serial Bus Babble:
A babble condition also exists if IN transaction is in progress at
High-speed SOF2 point. This is called frame babble. The host controller
must disable the port to which the frame babble is detected.
The USB controller has disabled the port (PE cleared) and has asserted
USBERRINT when frame babble is detected, but PEC is not asserted.
Therefore, the SW isn't aware that port has been disabled. Then the
SW keeps sending packets to this port, but all of the transfers will
fail.
This workaround will firstly assert PCD by SW when USBERRINT is detected
and then judge whether port change has really occurred or not by polling
roothub status. Because the PEC doesn't get asserted in our case, this
patch will also assert it by SW when specific conditions are satisfied.
Bug: 295046582
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20230809024432.535160-1-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
|
Chaoyuan Peng
|
7fa8861130 |
UPSTREAM: tty: n_gsm: fix UAF in gsm_cleanup_mux
commit |
||
|
Liam R. Howlett
|
683966ac69 |
UPSTREAM: mm/mmap: Fix extra maple tree write
based on commit |
||
|
Charan Teja Kalla
|
f86c79eb86 |
FROMGIT: Multi-gen LRU: skip CMA pages when they are not eligible
This patch is based on the commit 5da226dbfce3("mm: skip CMA pages when
they are not available") which skips cma pages reclaim when they are not
eligible for the current allocation context. In mglru, such pages are
added to the tail of the immediate generation to maintain better LRU
order, which is unlike the case of conventional LRU where such pages are
directly added to the head of the LRU list(akin to adding to head of the
youngest generation in mglru).
No observable issue without this patch on MGLRU, but logically it make
sense to skip the CMA page reclaim when those pages can't be satisfied for
the current allocation context.
Link: https://lkml.kernel.org/r/1691568344-13475-1-git-send-email-quic_charante@quicinc.com
Change-Id: I586415b3e3a92da23f3e79b9d63802a2ced03432
Signed-off-by: Charan Teja Kalla <quic_charante@quicinc.com>
Reviewed-by: Kalesh Singh <kaleshsingh@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 75d52d9304ef5b268eb798b0c679815290a0fc83 https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable)
Bug: 288383787
Bug: 291719697
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
|