cpufreq_times_record_transition() is not called when fast switch is
enabled, leading /proc/[pid]/time_in_state to attribute all time on a
cluster to a single frequency. To fix this, add a call to
cpufreq_times_record_transition() in the fast switch path.
Test: /proc/[pid]/time_in_state shows times for more than one freq per
cluster
Bug: 204726690
Signed-off-by: zhengding chen <chenzhengding@oppo.com>
Change-Id: Ief47ffb49fcc7fbf5408eea3056930e8791d2820
Add hooks to gather data of unusual aborts and summarize it with
other information.
Bug: 203187389
Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com>
Change-Id: I37b3047e72f64dc210d3d3bffe5ee207daeba8d6
During the suspend is in process, thermal_zone_device_update bails out
thermal zone re-evaluation for any sensor trip violation without
setting next valid trip to that sensor. It assumes during resume
it will re-evaluate same thermal zone and update trip. But when it is
in suspend temperature goes down and on resume path while updating
thermal zone if temperature is less than previously violated trip,
thermal zone set trip function evaluates the same previous high and
previous low trip as new high and low trip. Since there is no change
in high/low trip, it bails out from thermal zone set trip API without
setting any trip. It leads to a case where sensor high trip or low
trip is disabled forever even though thermal zone has a valid high
or low trip.
During thermal zone device init, reset thermal zone previous high
and low trip. It resolves above mentioned scenario.
Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
Reviewed-by: Thara Gopinath <thara.gopinath@linaro.org>
Bug: 205496325
Link: https://lore.kernel.org/linux-pm/51de966a-9c9e-88a8-5c2c-96773a64d527@linaro.org/T/#u
Change-Id: Ib57ac6164811a566b497964701f23a3c209915e3
Signed-off-by: Manaf Meethalavalappu Pallikunhi <quic_manafm@quicinc.com>
A potential use after free can occur in _vm_unmap_aliases where an already
freed vmap_area could be accessed, Consider the following scenario:
Process 1 Process 2
__vm_unmap_aliases __vm_unmap_aliases
purge_fragmented_blocks_allcpus rcu_read_lock()
rcu_read_lock()
list_del_rcu(&vb->free_list)
list_for_each_entry_rcu(vb .. )
__purge_vmap_area_lazy
kmem_cache_free(va)
va_start = vb->va->va_start
Here Process 1 is in purge path and it does list_del_rcu on vmap_block and
later frees the vmap_area, since Process 2 was holding the rcu lock at
this time vmap_block will still be present in and Process 2 accesse it and
thereby it tries to access vmap_area of that vmap_block which was already
freed by Process 1 and this results in use after free.
Fix this by adding a check for vb->dirty before accessing vmap_area
structure since vb->dirty will be set to VMAP_BBMAP_BITS in purge path
checking for this will prevent the use after free.
Link: https://lkml.kernel.org/r/1616062105-23263-1-git-send-email-vjitta@codeaurora.org
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 205658047
(cherry picked from commit ad216c0316https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git)
Change-Id: I450781b5734570d1b9e8c63ac29ad3635c8e49bb
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
The following deadlock has been observed on a test setup:
* All tags allocated.
* The SCSI error handler calls ufshcd_eh_host_reset_handler()
* ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler()
* ufshcd_err_handler() locks up as follows:
Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt
Call trace:
__switch_to+0x298/0x5d8
__schedule+0x6cc/0xa94
schedule+0x12c/0x298
blk_mq_get_tag+0x210/0x480
__blk_mq_alloc_request+0x1c8/0x284
blk_get_request+0x74/0x134
ufshcd_exec_dev_cmd+0x68/0x640
ufshcd_verify_dev_init+0x68/0x35c
ufshcd_probe_hba+0x12c/0x1cb8
ufshcd_host_reset_and_restore+0x88/0x254
ufshcd_reset_and_restore+0xd0/0x354
ufshcd_err_handler+0x408/0xc58
process_one_work+0x24c/0x66c
worker_thread+0x3e8/0xa4c
kthread+0x150/0x1b4
ret_from_fork+0x10/0x30
Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved
request.
This patch is closely related to the upstream patch with the same title.
Bug: 205080886
Link: https://lore.kernel.org/linux-scsi/700f0463-23a9-8465-f712-1188cb884dea@acm.org/T/#u
Change-Id: I9e9ba3f45ba23ecf576380aa19701d3437af6cdd
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Before reducing 'can_queue' from 32 to 31, make
ufshcd_change_queue_depth() restrict the queue depth to 'can_queue'
instead of hba->nutrs (32). This is a backport of a subset of the
following patch: "[PATCH 2/2] scsi: ufs: Fix a deadlock in the error
handler".
Bug: 205080886
Link: https://lore.kernel.org/linux-scsi/20211103000529.1549411-3-bvanassche@acm.org/
Change-Id: I6e694a9698f91293fc2987217e3f939726c397dd
Signed-off-by: Bart Van Assche <bvanassche@google.com>
commit df0380b953 upstream.
This is a fix equivalent with the upstream commit df0380b953 ("ALSA:
usb-audio: Add quirk for Audient iD14"), adapted to the earlier
kernels up to 5.14.y. It adds the quirk entry with the old
ignore_ctl_error flag to the usbmix_ctl_maps, instead.
The original commit description says:
Audient iD14 (2708:0002) may get a control message error that
interferes the operation e.g. with alsactl. Add the quirk to ignore
such errors like other devices.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 22390ce786 upstream.
This is a fix equivalent with the upstream commit 22390ce786 ("ALSA:
usb-audio: add Schiit Hel device to quirk table"), adapted to the
earlier kernels up to 5.14.y. It adds the quirk entry with the old
ignore_ctl_error flag to the usbmix_ctl_maps, instead.
The original patch description says:
The Shciit Hel device responds to the ctl message for the mic capture
switch with a timeout of -EPIPE:
usb 7-2.2: cannot get ctl value: req = 0x81, wValue = 0x100, wIndex = 0x1100, type = 1
usb 7-2.2: cannot get ctl value: req = 0x81, wValue = 0x100, wIndex = 0x1100, type = 1
usb 7-2.2: cannot get ctl value: req = 0x81, wValue = 0x100, wIndex = 0x1100, type = 1
usb 7-2.2: cannot get ctl value: req = 0x81, wValue = 0x100, wIndex = 0x1100, type = 1
This seems safe to ignore as the device works properly with the control
message quirk, so add it to the quirk table so all is good.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit eb4f756915 upstream.
After commit 77a7300aba ("of/irq: Get rid of NO_IRQ usage"),
no irq case has been removed, irq_of_parse_and_map() will return
0 in all cases when get error from parse and map an interrupt into
linux virq space.
amba_device_register() is only used on no-DT initialization, see
s3c64xx_pl080_init() arch/arm/mach-s3c/pl080.c
ep93xx_init_devices() arch/arm/mach-ep93xx/core.c
They won't set -1 to irq[0], so no need the warn.
This reverts commit 2eac58d502.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 35d2969ea3 upstream.
The bounds checking in avc_ca_pmt() is not strict enough. It should
be checking "read_pos + 4" because it's reading 5 bytes. If the
"es_info_length" is non-zero then it reads a 6th byte so there needs to
be an additional check for that.
I also added checks for the "write_pos". I don't think these are
required because "read_pos" and "write_pos" are tied together so
checking one ought to be enough. But they make the code easier to
understand for me. The check on write_pos is:
if (write_pos + 4 >= sizeof(c->operand) - 4) {
The first "+ 4" is because we're writing 5 bytes and the last " - 4"
is to leave space for the CRC.
The other problem is that "length" can be invalid. It comes from
"data_length" in fdtv_ca_pmt().
Cc: stable@vger.kernel.org
Reported-by: Luo Likang <luolikang@nsfocus.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e8684db191 upstream.
The driver allocates skb during ndo_open with GFP_ATOMIC which has high chance of failure when there are multiple instances.
GFP_KERNEL is enough while open and use GFP_ATOMIC only from interrupt context.
Fixes: 23f0703c12 ("lan743x: Add main source files for new lan743x driver")
Signed-off-by: Yuiko Oshino <yuiko.oshino@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 55161e67d4 upstream.
This reverts commit 09e856d54b.
When an interface is enslaved in a VRF, prerouting conntrack hook is
called twice: once in the context of the original input interface, and
once in the context of the VRF interface. If no special precausions are
taken, this leads to creation of two conntrack entries instead of one,
and breaks SNAT.
Commit above was intended to avoid creation of extra conntrack entries
when input interface is enslaved in a VRF. It did so by resetting
conntrack related data associated with the skb when it enters VRF context.
However it breaks netfilter operation. Imagine a use case when conntrack
zone must be assigned based on the original input interface, rather than
VRF interface (that would make original interfaces indistinguishable). One
could create netfilter rules similar to these:
chain rawprerouting {
type filter hook prerouting priority raw;
iif realiface1 ct zone set 1 return
iif realiface2 ct zone set 2 return
}
This works before the mentioned commit, but not after: zone assignment
is "forgotten", and any subsequent NAT or filtering that is dependent
on the conntrack zone does not work.
Here is a reproducer script that demonstrates the difference in behaviour.
==========
#!/bin/sh
# This script demonstrates unexpected change of nftables behaviour
# caused by commit 09e856d54b ""vrf: Reset skb conntrack
# connection on VRF rcv"
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09e856d54bda5f288ef8437a90ab2b9b3eab83d1
#
# Before the commit, it was possible to assign conntrack zone to a
# packet (or mark it for `notracking`) in the prerouting chanin, raw
# priority, based on the `iif` (interface from which the packet
# arrived).
# After the change, # if the interface is enslaved in a VRF, such
# assignment is lost. Instead, assignment based on the `iif` matching
# the VRF master interface is honored. Thus it is impossible to
# distinguish packets based on the original interface.
#
# This script demonstrates this change of behaviour: conntrack zone 1
# or 2 is assigned depending on the match with the original interface
# or the vrf master interface. It can be observed that conntrack entry
# appears in different zone in the kernel versions before and after
# the commit.
IPIN=172.30.30.1
IPOUT=172.30.30.2
PFXL=30
ip li sh vein >/dev/null 2>&1 && ip li del vein
ip li sh tvrf >/dev/null 2>&1 && ip li del tvrf
nft list table testct >/dev/null 2>&1 && nft delete table testct
ip li add vein type veth peer veout
ip li add tvrf type vrf table 9876
ip li set veout master tvrf
ip li set vein up
ip li set veout up
ip li set tvrf up
/sbin/sysctl -w net.ipv4.conf.veout.accept_local=1
/sbin/sysctl -w net.ipv4.conf.veout.rp_filter=0
ip addr add $IPIN/$PFXL dev vein
ip addr add $IPOUT/$PFXL dev veout
nft -f - <<__END__
table testct {
chain rawpre {
type filter hook prerouting priority raw;
iif { veout, tvrf } meta nftrace set 1
iif veout ct zone set 1 return
iif tvrf ct zone set 2 return
notrack
}
chain rawout {
type filter hook output priority raw;
notrack
}
}
__END__
uname -rv
conntrack -F
ping -W 1 -c 1 -I vein $IPOUT
conntrack -L
Signed-off-by: Eugene Crosser <crosser@average.org>
Acked-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 041c614882 upstream.
Everything except the first 32 bits was lost when the pause flags were
added. This makes the 50000baseCR2 mode flag (bit 34) not appear.
I have tested this with a 10G card (SFN5122F-R7) by modifying it to
return a non-legacy link mode (10000baseCR).
Signed-off-by: Erik Ekman <erik@kryo.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 4c22227e39 ("cfg80211: fix management registrations locking")
in 5.10.77, which is commit 09b1d5dc6c ("cfg80211: fix management
registrations locking") upstream, moved the mgmt_registrations_lock out
of struct wireless_dev. This did not change the structure size, but
caused a CRC change in the structure pointer, which tripped the abi
checker.
So restore the variable, and comment that this is not used anymore. No
driver should ever be touching this so it is safe.
Note, using a __GENKSYMS__ hack would work, as the overall structure
size remains the same when this variable is removed, BUT the warning
that the field is gone is reported by libabigail correctly, which would
require a .xml update, so it's not worth it.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibcfe743833860e6f75611d7ebed1036a77be0a69
The management registrations locking was broken, the list was
locked for each wdev, but cfg80211_mgmt_registrations_update()
iterated it without holding all the correct spinlocks, causing
list corruption.
Rather than trying to fix it with fine-grained locking, just
move the lock to the wiphy/rdev (still need the list on each
wdev), we already need to hold the wdev lock to change it, so
there's no contention on the lock in any case. This trivially
fixes the bug since we hold one wdev's lock already, and now
will hold the lock that protects all lists.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Fixes: 6cd536fe62 ("cfg80211: change internal management frame registration API")
Link: https://lore.kernel.org/r/20211025133111.5cf733eab0f4.I7b0abb0494ab712f74e2efcd24bb31ac33f7eee9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 204384349
(cherry picked from commit 09b1d5dc6c)
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id1bca68277be3a5f7c7329a8195018946f686bdb
When receiving a disconnect event from the UDC, the mass storage
function driver currently runs the handle_exception() routine
asynchronously. For UDCs that support runtime PM, there is a
possibility the UDC is already suspended by the time the
do_set_interface() is executed. This can lead to HW register access
while the UDC is already suspended.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Bug: 204343836
(cherry picked from commit 9fff139aebhttps://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing)
Change-Id: I6c8011baddf02d6b0eadb5934416bc24b8a93f4a
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
The usb_ep_disable() and usb_ep_enable() routines are being widely
used in atomic/interrupt context by function drivers. Hence, the
statement about it being able to only run in process context may
not be true. Add an explicit comment mentioning that it can be used
in atomic context.
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Bug: 204343836
(cherry picked from commit b0d5d2a716https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing)
Change-Id: I1adb5d074fe2f9e33ebfdb30d335283c56bc7b39
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
If CONFIG_CFI_CLANG=y, attempting to read an event histogram will cause
the kernel to panic due to failed CFI check.
1. echo 'hist:keys=common_pid' >> events/sched/sched_switch/trigger
2. cat events/sched/sched_switch/hist
3. kernel panics on attempting to read hist
This happens because the sort() function expects a generic
int (*)(const void *, const void *) pointer for the compare function.
To prevent this CFI failure, change tracing map cmp_entries_* function
signatures to match this.
Also, fix the build error reported by the kernel test robot [1].
[1] https://lore.kernel.org/r/202110141140.zzi4dRh4-lkp@intel.com/
Link: https://lkml.kernel.org/r/20211014045217.3265162-1-kaleshsingh@google.com
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Bug: 204946901
(cherry picked from commit 7ce1bb83a1)
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Change-Id: I4a1a39b086b5e306ddecabd9a6076e2fb14c3f70
In host control mode, eviction is precieved as an extreme measure.
There are several conditions that both the entering and exiting regions
should meet, so that eviction will take place.
The common case however, is that those conditions are rarely met, so it
is normal that the act of eviction fails. Therefore, Do not report an
error in host control mode if eviction fails.
Link: https://lore.kernel.org/r/20210808090024.21721-5-avri.altman@wdc.com
Fixes: 6c59cb501b (scsi: ufs: ufshpb: Make eviction depend on region's reads)
(cherry picked from commit 10163cee1f
git: //git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Change-Id: Id6aa444ea5e2efd15c507bbd586c421018c75998
num_inflight_map_req should not be negative. It is incremented and
decremented without any protection, allowing it theoretically to be
negative, should some weird unbalanced count occur.
Verify that the those calls are properly serielized.
Link: https://lore.kernel.org/r/20210808090024.21721-4-avri.altman@wdc.com
Fixes: 33845a2d84 (scsi: ufs: ufshpb: Limit the number of in-flight map requests)
(cherry picked from commit 22aede9f48
git: //git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Change-Id: I8a8252c919e6678752b60bcd950cb08e765e6aed
In HPB2.0, if pre_req_min_tr_len < transfer_len < pre_req_max_tr_len
the driver is expected to send a HPB-WRITE-BUFFER companion to HPB-READ.
The upper bound should fit into a single byte, regardless of
bMAX_ DATA_SIZE_FOR_HPB_SINGLE_CMD which being an attribute (u32) can
be significantly larger.
To further illustrate the issue let us consider the following scenario:
- SCSI_DEFAULT_MAX_SECTORS is 1024 limiting the IO chunks to 512KB
- The OEM changes scsi_host_template .max_sectors to be 2048, which
allows a 1M requests: transfer_len = 256
- pre_req_max_tr_len = HPB_MULTI_CHUNK_HIGH = 256
- ufshpb_is_supported_chunk returns true (256 <= 256)
- WARN_ON_ONCE(transfer_len > HPB_MULTI_CHUNK_HIGH) doesn't warn
- ufshpb_set_hpb_read_to_upiu cast transfer_len to u8: transfer_len = 0
- the command is failing with illegal request
Link: https://lore.kernel.org/r/20210808090024.21721-3-avri.altman@wdc.com
Fixes: 41d8a9333c (scsi: ufs: ufshpb: Add HPB 2.0 support)
(cherry picked from commit 07106f86ae
git: //git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Change-Id: I0dc568020a0fe6c4ddf6952f89ad5230770fd7f3
The "cold"-timer purpose is not to hang-on to active regions with no
reads. Therefore the read-timeout should be re-wind on every read, and
not just when the region is activated.
Link: https://lore.kernel.org/r/20210808090024.21721-2-avri.altman@wdc.com
Fixes: 13c044e916 (scsi: ufs: ufshpb: Add "cold" regions timer)
(cherry picked from commit 283e61c5a9
git: //git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next)
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Change-Id: If174a161028cf2382538d69e30181cda979a12de
Add vendor hooks to monitor more update load-avg point
where tasks on the run-queue will go through.
Bug: 204857484
Signed-off-by: JianMin Liu <jian-min.liu@mediatek.com>
Change-Id: I440d7b9686a37508bd7568454472ab014ba0d0c9
This is needed to meet a FIPS 140-3 requirement that modules provide a
service that retrieves their name and versioning information.
Bug: 188620248
Change-Id: I36049c839c4217e3616daab52ec536b46479c12a
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 2888f960d0)
To satisfy the FIPS 140-3 "service indicators" requirement, add a
function which checks whether the given algorithm is "approved" or not.
Note that this function is a bit different from the module's other APIs
in that it is an exported symbol rather than a registration-based API.
This avoids needing to make kernel/KMI changes, so I think we should do
it this way if possible, given that it's unlikely this function will be
used in practice outside of the lab test. Built-in code can still call
this function via symbol_get() if it really wants to.
Bug: 188620248
Change-Id: I26c976258fa9446b34eb189bba7154142d85da16
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit fe4b8d3c68)
Commit 4c22227e39 ("cfg80211: fix management registrations locking")
in 5.10.77, which is commit 09b1d5dc6c ("cfg80211: fix management
registrations locking") upstream, moved the mgmt_registrations_lock out
of struct wireless_dev. This did not change the structure size, but
caused a CRC change in the structure pointer, which tripped the abi
checker.
So restore the variable, and comment that this is not used anymore. No
driver should ever be touching this so it is safe.
Note, using a __GENKSYMS__ hack would work, as the overall structure
size remains the same when this variable is removed, BUT the warning
that the field is gone is reported by libabigail correctly, which would
require a .xml update, so it's not worth it.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibcfe743833860e6f75611d7ebed1036a77be0a69
Changes in 5.10.77
ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9138/1: fix link warning with XIP + frame-pointer
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9141/1: only warn about XIP address when not compile testing
io_uring: don't take uring_lock during iowq cancel
powerpc/bpf: Fix BPF_MOD when imm == 1
arm64: Avoid premature usercopy failure
ext4: fix possible UAF when remounting r/o a mmp-protected file system
usbnet: sanity check for maxpacket
usbnet: fix error return code in usbnet_probe()
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
pinctrl: amd: disable and mask interrupts on probe
ata: sata_mv: Fix the error handling of mv_chip_id()
tipc: fix size validations for the MSG_CRYPTO type
nfc: port100: fix using -ERRNO as command type mask
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
net/tls: Fix flipped sign in tls_err_abort() calls
mmc: vub300: fix control-message timeouts
mmc: cqhci: clear HALT state after CQE enable
mmc: mediatek: Move cqhci init behind ungate clock
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
ocfs2: fix race between searching chunks and release journal_head from buffer_head
nvme-tcp: fix H2CData PDU send accounting (again)
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
cfg80211: fix management registrations locking
net: lan78xx: fix division by zero in send path
mm, thp: bail out early in collapse_file for writeback page
drm/ttm: fix memleak in ttm_transfered_destroy
drm/amdgpu: fix out of bounds write
cgroup: Fix memory leak caused by missing cgroup_bpf_offline
riscv, bpf: Fix potential NULL dereference
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
bpf: Fix potential race in tail call compatibility check
bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch()
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/hfi1: Fix abba locking issue with sc_disable()
nvmet-tcp: fix data digest pointer calculation
nvme-tcp: fix data digest pointer calculation
nvme-tcp: fix possible req->offset corruption
octeontx2-af: Display all enabled PF VF rsrc_alloc entries.
RDMA/mlx5: Set user priority for DCT
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
reset: brcmstb-rescal: fix incorrect polarity of status bit
regmap: Fix possible double-free in regcache_rbtree_exit()
net: batman-adv: fix error handling
net-sysfs: initialize uid and gid before calling net_ns_get_ownership
cfg80211: correct bridge/4addr mode check
net: Prevent infinite while loop in skb_tx_hash()
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
gpio: xgs-iproc: fix parsing of ngpios property
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
mlxsw: pci: Recycle received packet upon allocation failure
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
net: nxp: lpc_eth.c: avoid hang when bringing interface down
net/tls: Fix flipped sign in async_wait.err assignment
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
phy: phy_ethtool_ksettings_set: Move after phy_start_aneg
phy: phy_start_aneg: Add an unlocked version
phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings
sctp: use init_tag from inithdr for ABORT chunk
sctp: fix the processing for INIT_ACK chunk
sctp: fix the processing for COOKIE_ECHO chunk
sctp: add vtag check in sctp_sf_violation
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
sctp: add vtag check in sctp_sf_ootb
lan743x: fix endianness when accessing descriptors
KVM: s390: clear kicked_mask before sleeping again
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
scsi: ufs: ufs-exynos: Correct timeout value setting registers
riscv: fix misalgned trap vector base address
riscv: Fix asan-stack clang build
perf script: Check session->header.env.arch before using it
Linux 5.10.77
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4cd89af4d20b7a8a1a6d9906233d1aaf026659a8
commit 29c77550ee upstream.
When perf.data is not written cleanly, we would like to process existing
data as much as possible (please see f_header.data.size == 0 condition
in perf_session__read_header). However, perf.data with partial data may
crash perf. Specifically, we see crash in 'perf script' for NULL
session->header.env.arch.
Fix this by checking session->header.env.arch before using it to determine
native_arch. Also split the if condition so it is easier to read.
Committer notes:
If it is a pipe, we already assume is a native arch, so no need to check
session->header.env.arch.
Signed-off-by: Song Liu <songliubraving@fb.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: kernel-team@fb.com
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/20211004053238.514936-1-songliubraving@fb.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 54c5639d8f upstream.
Nathan reported that because KASAN_SHADOW_OFFSET was not defined in
Kconfig, it prevents asan-stack from getting disabled with clang even
when CONFIG_KASAN_STACK is disabled: fix this by defining the
corresponding config.
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Fixes: 8ad8b72721 ("riscv: Add KASAN support")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
