[ Upstream commit 9fe83c43e7 ]
The function close_fd_get_file is explicitly a variant of
__close_fd[1]. Now that __close_fd has been renamed close_fd, rename
close_fd_get_file to be consistent with close_fd.
When __alloc_fd, __close_fd and __fd_install were introduced the
double underscore indicated that the function took a struct
files_struct parameter. The function __close_fd_get_file never has so
the naming has always been inconsistent. This just cleans things up
so there are not any lingering mentions or references __close_fd left
in the code.
[1] 80cd795630 ("binder: fix use-after-free due to ksys_close() during fdget()")
Link: https://lkml.kernel.org/r/20201120231441.29911-23-ebiederm@xmission.com
Change-Id: I1c759a36dfa09259eff5b09127fde4e041777a3e
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57b2053036)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit e886663cfd ]
Pass in the struct filename pointers instead of the user string, and
update the three callers to do the same.
This behaves like do_unlinkat(), which also takes a filename struct and
puts it when it is done. Converting callers is then trivial.
Change-Id: Ie23f87f8c6bb18a61254a0848d861ad6fad14232
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 214f80e251)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5c251e9dc0 ]
This is in preparation for maintaining signal_pending() as the decider of
whether or not a schedule() loop should be broken, or continue sleeping.
This is different than the core signal use cases, which really need to know
whether an actual signal is pending or not. task_sigpending() returns
non-zero if TIF_SIGPENDING is set.
Only core kernel use cases should care about the distinction between
the two, make sure those use the task_sigpending() helper.
Change-Id: I0d8572e173cc4536673da1682c9537db11f68167
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lore.kernel.org/r/20201026203230.386348-2-axboe@kernel.dk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 52cfde6bbf)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 1e61463cfc ]
To pick the changes in:
99668f6180 ("fs: expose LOOKUP_CACHED through openat2() RESOLVE_CACHED")
That don't result in any change in tooling, only silences this perf
build warning:
Warning: Kernel ABI header at 'tools/include/uapi/linux/openat2.h' differs from latest version at 'include/uapi/linux/openat2.h'
diff -u tools/include/uapi/linux/openat2.h include/uapi/linux/openat2.h
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <axboe@kernel.dk>
Change-Id: I990de5703d50cb6aeceea1bcd7bf631b1f9c4484
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 0b8cd5d814)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 99668f6180 ]
Now that we support non-blocking path resolution internally, expose it
via openat2() in the struct open_how ->resolve flags. This allows
applications using openat2() to limit path resolution to the extent that
it is already cached.
If the lookup cannot be satisfied in a non-blocking manner, openat2(2)
will return -1/-EAGAIN.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Change-Id: Iddb58268e0a2b8adfc54e56192da43dda1868d8c
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 5683caa735)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 7d01ef7585 ]
Initialize them in set_nameidata() and make sure that terminate_walk() clears them
once the pointers become potentially invalid (i.e. we leave RCU mode or drop them
in non-RCU one). Currently we have "path_init() always initializes them and nobody
accesses them outside of path_init()/terminate_walk() segments", which is asking
for trouble.
With that change we would have nd->path.{mnt,dentry}
1) always valid - NULL or pointing to currently allocated objects.
2) non-NULL while we are successfully walking
3) NULL when we are not walking at all
4) contributing to refcounts whenever non-NULL outside of RCU mode.
Fixes: 6c6ec2b0a3 ("fs: add support for LOOKUP_CACHED")
Reported-by: syzbot+c88a7030da47945a3cc3@syzkaller.appspotmail.com
Tested-by: Christian Brauner <christian.brauner@ubuntu.com>
Change-Id: I0532db6ea79fb760d50a88f75e2bb0691c24e93c
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 0cf0ce8fb5)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit eacd9aa8ce ]
After switching to non-RCU mode, we want nd->depth to match the number
of entries in nd->stack[] that need eventual path_put().
legitimize_links() takes care of that on failures; unfortunately,
failure exits added for LOOKUP_CACHED do not.
We could add the logics for that into those failure exits, both in
try_to_unlazy() and in try_to_unlazy_next(), but since both checks
are immediately followed by legitimize_links() and there's no calls
of legitimize_links() other than those two... It's easier to
move the check (and required handling of nd->depth on failure) into
legitimize_links() itself.
[caught by Jens: ... and since we are zeroing ->depth here, we need
to do drop_links() first]
Fixes: 6c6ec2b0a3 "fs: add support for LOOKUP_CACHED"
Tested-by: Jens Axboe <axboe@kernel.dk>
Change-Id: I6cf685bfce81acb4d68c3991b2a936968a39c739
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 146fe79fff)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 6c6ec2b0a3 ]
io_uring always punts opens to async context, since there's no control
over whether the lookup blocks or not. Add LOOKUP_CACHED to support
just doing the fast RCU based lookups, which we know will not block. If
we can do a cached path resolution of the filename, then we don't have
to always punt lookups for a worker.
During path resolution, we always do LOOKUP_RCU first. If that fails and
we terminate LOOKUP_RCU, then fail a LOOKUP_CACHED attempt as well.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Change-Id: If3c62e8681cd47bfafaa5a4de05a7e0418c1c718
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c1fe7bd3e1)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit ae66db45fd ]
same as for the previous commit - instead of 0/-ECHILD make
it return true/false, rename to try_to_unlazy_child().
Change-Id: Ie949437504bd8db7f22f78bfbe5d5141e9959cf8
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 36ec31201a)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 8fb0f47a9d ]
In an ideal world, when someone is passed an iov_iter and returns X bytes,
then X bytes would have been consumed/advanced from the iov_iter. But we
have use cases that always consume the entire iterator, a few examples
of that are iomap and bdev O_DIRECT. This means we cannot rely on the
state of the iov_iter once we've called ->read_iter() or ->write_iter().
This would be easier if we didn't always have to deal with truncate of
the iov_iter, as rewinding would be trivial without that. We recently
added a commit to track the truncate state, but that grew the iov_iter
by 8 bytes and wasn't the best solution.
Implement a helper to save enough of the iov_iter state to sanely restore
it after we've called the read/write iterator helpers. This currently
only works for IOVEC/BVEC/KVEC as that's all we need, support for other
iterator types are left as an exercise for the reader.
Link: https://lore.kernel.org/linux-fsdevel/CAHk-=wiacKV4Gh-MYjteU0LwNBSGpWrK-Ov25HdqB1ewinrFPg@mail.gmail.com/
Bug: 268174392
Change-Id: Iab4de49932dea2823db03bcef673f726bcef4a9f
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e86db87191)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit cc440e8738 ]
Provide a generic helper for setting up an io_uring worker. Returns a
task_struct so that the caller can do whatever setup is needed, then call
wake_up_new_task() to kick it into gear.
Add a kernel_clone_args member, io_thread, which tells copy_process() to
mark the task with PF_IO_WORKER.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1500fed008)
Bug: 268174392
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I670f155fc4ac1b93824391292f4822e32671215b
[ Upstream commit 31d929de5a ]
When the name_assign_type attribute was introduced (commit
685343fc3b, "net: add name_assign_type netdev attribute"), the
loopback device was explicitly mentioned as one which would make use
of NET_NAME_PREDICTABLE:
The name_assign_type attribute gives hints where the interface name of a
given net-device comes from. These values are currently defined:
...
NET_NAME_PREDICTABLE:
The ifname has been assigned by the kernel in a predictable way
that is guaranteed to avoid reuse and always be the same for a
given device. Examples include statically created devices like
the loopback device [...]
Switch to that so that reading /sys/class/net/lo/name_assign_type
produces something sensible instead of returning -EINVAL.
Change-Id: I7add5ddb0dccfae0571609dd7cb6358c2b59d2a5
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit eec1c3ade4)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3405a4beaa ]
Commit f7d8e387d9 ("HID: uclogic: Switch to Digitizer usage for
styluses") changed the usage used in UCLogic from "Pen" to "Digitizer".
However, the IS_INPUT_APPLICATION() macro evaluates to false for
HID_DG_DIGITIZER causing issues with the XP-Pen Star G640 tablet.
Add the HID_QUIRK_HIDINPUT_FORCE quirk to bypass the
IS_INPUT_APPLICATION() check.
Reported-by: Torge Matthies <openglfreak@googlemail.com>
Reported-by: Alexander Zhang <alex@alexyzhang.dev>
Tested-by: Alexander Zhang <alex@alexyzhang.dev>
Change-Id: Ie08835706d75b43c9d8b04b81c501f960c60c380
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 7c3a523c9b)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 9ad6645a9d ]
The Acer Aspire Switch V 10 (SW5-017)'s keyboard-dock uses the same
ITE controller setup as other Acer Switch 2-in-1's.
This needs special handling for the wifi on/off toggle hotkey as well as
to properly report touchpad on/off keypresses.
Add the USB-ids for the SW5-017's keyboard-dock with a quirk setting of
QUIRK_TOUCHPAD_ON_OFF_REPORT to fix both issues.
Cc: Rudolf Polzer <rpolzer@google.com>
Change-Id: I2e6a1cc178cfd1a23a856d3c630addff559532a0
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 1d5db0c322)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit b7c20f3815 ]
The Acer Aspire Switch 10E (SW3-016)'s keyboard-dock uses the same USB-ids
as the Acer One S1003 keyboard-dock. Yet they are not entirely the same:
1. The S1003 keyboard-dock has the same report descriptors as the
S1002 keyboard-dock (which has different USB-ids)
2. The Acer Aspire Switch 10E's keyboard-dock has different
report descriptors from the S1002/S1003 keyboard docks and it
sends 0x00880078 / 0x00880079 usage events when the touchpad is
toggled on/off (which is handled internally).
This means that all Acer kbd-docks handled by the hid-ite.c drivers
report their touchpad being toggled on/off through these custom
usage-codes with the exception of the S1003 dock, which likely is
a bug of that dock.
Add a QUIRK_TOUCHPAD_ON_OFF_REPORT quirk for the Aspire Switch 10E / S1003
usb-id so that the touchpad toggling will get reported to userspace on
the Aspire Switch 10E.
Since the Aspire Switch 10E's kbd-dock has different report-descriptors,
this also requires adding support for fixing those to ite_report_fixup().
Setting the quirk will also cause ite_report_fixup() to hit the
S1002/S1003 descriptors path on the S1003. Since the S1003 kbd-dock
never generates any input-reports for the fixed up part of the
descriptors this does not matter; and if there are versions out there
which do actually send input-reports for the touchpad-toggle then the
fixup should actually help to make things work.
This was tested on both an Acer Aspire Switch 10E and on an Acer One S1003.
Change-Id: Ic30f2f4d30225aac0e32d12d9a98091c3dfd8efe
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Stable-dep-of: 9ad6645a9d ("HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 263a1782a6)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit c961facb5b ]
Make the hid-ite driver handle the Acer S1002 keyboard-dock, this
leads to 2 improvements:
1. The non working wifi-toggle hotkey now works.
2. Toggling the touchpad on of with the hotkey will no show OSD
notifications in e.g. GNOME3. The actual toggling is handled inside
the keyboard, this adds support for notifying evdev listeners about this.
Change-Id: Ic18321b9cec3d09102e948af48315c64c0cb784a
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Stable-dep-of: 9ad6645a9d ("HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit a20b5eec07)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 188c9c2e0c upstream.
The driver leaves the line speed unchanged in case a requested speed is
not supported. Make sure to handle the case where the current speed is
B0 (hangup) without dividing by zero when determining the clock source.
Fixes: 3aacac02f3 ("USB: serial: f81534: add high baud rate support")
Cc: stable@vger.kernel.org # 4.16
Cc: Ji-Ze Hong (Peter Hong) <hpeter@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I87d08ff845ec24adae387ce829e56ff34f85ddb6
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c8bf31a00f)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a08ca6ebaf upstream.
The driver leaves the line speed unchanged in case a requested speed is
not supported. Make sure to handle the case where the current speed is
B0 (hangup) without dividing by zero when determining the clock source.
Fixes: 268ddb5e9b ("USB: serial: f81232: add high baud rate support")
Cc: stable@vger.kernel.org # 5.2
Cc: Ji-Ze Hong (Peter Hong) <hpeter@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ic145700e95cd93f23fa8574f695a967f0839b624
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 5b75a00416)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e88906b169 upstream.
The RF sniffers are based on cp210x where the RF frontends
are based on a different USB stack.
RF sniffers can analyze packets meta data including power level
and perform packet injection.
Can be used to perform RF frontend self-test when connected to
a concentrator, ex. arch/arm/boot/dts/imx7d-flex-concentrator.dts
Change-Id: Ie15ef418664bb91bb643297696bd3a1b6213eb95
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9895ce5ea2)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
If the storage gives a corrupted node block due to short power failure and
reset, f2fs stops the entire operations by setting the checkpoint failure flag.
Let's give more chances to live by re-issuing IOs for a while in such critical
path.
Bug: 263464787
Bug: 261682528
Cc: stable@vger.kernel.org
Suggested-by: Randall Huang <huangrandall@google.com>
Suggested-by: Chao Yu <chao@kernel.org>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 0d94ab0aa9d2fbb68d2fe8d116e70293d2884fe1
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev)
Change-Id: I2e05a56fd3488085ddc34a8e01e6351c7a30c7e9
commit fd3d91ab1c upstream.
The dvb-core tries to sync the releases of opened files at
dvb_dmxdev_release() with two refcounts: dvbdev->users and
dvr_dvbdev->users. A problem is present in those two syncs: when yet
another dvb_demux_open() is called during those sync waits,
dvb_demux_open() continues to process even if the device is being
closed. This includes the increment of the former refcount, resulting
in the leftover refcount after the sync of the latter refcount at
dvb_dmxdev_release(). It ends up with use-after-free, since the
function believes that all usages were gone and releases the
resources.
This patch addresses the problem by adding the check of dmxdev->exit
flag at dvb_demux_open(), just like dvb_dvr_open() already does. With
the exit flag check, the second call of dvb_demux_open() fails, hence
the further corruption can be avoided.
Also for avoiding the races of the dmxdev->exit flag reference, this
patch serializes the dmxdev->exit set up and the sync waits with the
dmxdev->mutex lock at dvb_dmxdev_release(). Without the mutex lock,
dvb_demux_open() (or dvb_dvr_open()) may run concurrently with
dvb_dmxdev_release(), which allows to skip the exit flag check and
continue the open process that is being closed.
CVE-2022-41218 is assigned to those bugs above.
Bug: 248356119
Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/20220908132754.30532-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I5a0dd4444ca25d07a050dcb07609c7c7ccf658af
commit 18bba1843f upstream.
Add the missing #include of asm/assembler.h, which is where the ldr_l
macro is defined.
Bug: 260821414
Fixes: ff7a167961 ("arm64: efi: Execute runtime services from a dedicated stack")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I50d1e21277ef64dcb1d58d7f1c062dc913cfee74
commit ff7a167961 upstream.
With the introduction of PRMT in the ACPI subsystem, the EFI rts
workqueue is no longer the only caller of efi_call_virt_pointer() in the
kernel. This means the EFI runtime services lock is no longer sufficient
to manage concurrent calls into firmware, but also that firmware calls
may occur that are not marshalled via the workqueue mechanism, but
originate directly from the caller context.
For added robustness, and to ensure that the runtime services have 8 KiB
of stack space available as per the EFI spec, introduce a spinlock
protected EFI runtime stack of 8 KiB, where the spinlock also ensures
serialization between the EFI rts workqueue (which itself serializes EFI
runtime calls) and other callers of efi_call_virt_pointer().
While at it, use the stack pivot to avoid reloading the shadow call
stack pointer from the ordinary stack, as doing so could produce a
gadget to defeat it.
Bug: 260821414
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie961576ae93cafc315cb37fb84cca0a6402eda59
The patch 0039189a3b ("sched/deadline: Merge
dl_task_can_attach() and dl_cpu_busy()") which is picked from
upstream modifies declaration of function dl_cpu_busy().
But it won't update function usage from android specific code
that introduced with patch 683010f555 ("ANDROID: cpu/hotplug:
add pause/resume_cpus interface").
Bug: 266874695
Fixes: 0039189a3b ("sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()"
Change-Id: I40c12f912b7fe854b1e2e13f75c727c3c9a2435c
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
This is the merge of the upstream LTS release of 5.10.157 into
the android13-5.10 branch.
It contains the following commits:
f971863010 UPSTREAM: esp: limit skb_page_frag_refill use to a single page
9cab3b60aa Revert "xfrm: fix "disable_policy" on ipv4 early demux"
9fe530fb8a Merge 5.10.157 into android13-5.10-lts
7364575996 ANDROID: CRC ABI fixups in ip.h and ipv6.h
b4d9c0c610 Merge 5.10.156 into android13-5.10-lts
de5361334a Merge 5.10.155 into android13-5.10-lts
f4245f0538 Linux 5.10.157
4801672fb0 fuse: lock inode unconditionally in fuse_fallocate()
86f0082fb9 drm/i915: fix TLB invalidation for Gen12 video and compute engines
feb97cf45e drm/amdgpu: always register an MMU notifier for userptr
596b7d55d7 drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
c86c1a7037 btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
1581830c0e btrfs: free btrfs_path before copying subvol info to userspace
0bdb8f7ef8 btrfs: free btrfs_path before copying fspath to userspace
24a37ba2cb btrfs: free btrfs_path before copying root refs to userspace
b56d6e5585 genirq: Take the proposed affinity at face value if force==true
9d90a2b98e irqchip/gic-v3: Always trust the managed affinity provided by the core code
e0d2c59ee9 genirq: Always limit the affinity to online CPUs
f8f80d532f genirq/msi: Shutdown managed interrupts with unsatifiable affinities
3eb6b89a4e wifi: wilc1000: validate number of channels
5a068535c0 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
905f886eae wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
7c6535fb4d wifi: wilc1000: validate pairwise and authentication suite offsets
64b7f9a7dd dm integrity: clear the journal on suspend
d306f73079 dm integrity: flush the journal on suspend
79d9a11679 gpu: host1x: Avoid trying to use GART on Tegra20
a7f30b5b8d net: usb: qmi_wwan: add Telit 0x103a composition
7e8eaa939e tcp: configurable source port perturb table size
0acc008cf9 platform/x86: hp-wmi: Ignore Smart Experience App event
0964b77bab zonefs: fix zone report size in __zonefs_io_error()
a5937dae66 platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
52fb7bcea0 platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
4fa717ba2d xen/platform-pci: add missing free_irq() in error path
f45a5a6c9f xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
9bbb587472 Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
4ea4316dff Input: soc_button_array - add use_low_level_irq module parameter
c1620e996d Input: goodix - try resetting the controller when no config is set
f4db050958 serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
7c3e39ccf5 ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
36e0b97619 Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
ae9e0cc973 binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
017de84253 binder: Address corner cases in deferred copy and fixup
2e3c27f241 binder: fix pointer cast warning
c9d3f25a7f binder: defer copies of pre-patched txn data
5204296fc7 binder: read pre-translated fds from sender buffer
23e9d815fa binder: avoid potential data leakage when copying txn
22870431cd x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
3fdeacf087 KVM: x86: remove exit_int_info warning in svm_handle_exit
7e5cb13091 KVM: x86: nSVM: leave nested mode on vCPU free
d925dd3e44 mm: vmscan: fix extreme overreclaim and swap floods
a4a62a23fa gcov: clang: fix the buffer overflow issue
e7f21d10e9 nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
f06b7e6a77 usb: dwc3: gadget: Clear ep descriptor last
cff7523ab8 usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
a32635528d usb: dwc3: gadget: conditionally remove requests
ca3a08e9d9 ceph: fix NULL pointer dereference for req->r_session
00c004c070 ceph: Use kcalloc for allocating multiple elements
69263bf781 ceph: fix possible NULL pointer dereference for req->r_session
8e137ace53 ceph: put the requests/sessions when it fails to alloc memory
38993788f4 ceph: fix off by one bugs in unsafe_request_wait()
8a31ae7f77 ceph: flush the mdlog before waiting on unsafe reqs
78b2f546f7 ceph: flush mdlog before umounting
d94ba7b3b7 ceph: make iterate_sessions a global symbol
9ac038d3c2 ceph: make ceph_create_session_msg a global symbol
8382cdf0ab usb: cdns3: Add support for DRD CDNSP
57112da86b mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
b5d770977b mmc: sdhci-brcmstb: Enable Clock Gating to save power
049194538c mmc: sdhci-brcmstb: Re-organize flags
fbe955be26 nios2: add FORCE for vmlinuz.gz
c0a9c9973d init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
456e895fd0 iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
fa9efcbfbf iio: light: apds9960: fix wrong register for gesture gain
bd1b8041c2 arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
86ba9c8595 ext4: fix use-after-free in ext4_ext_shift_extents
350e98a08a usb: dwc3: exynos: Fix remove() function
d21d26e65b lib/vdso: use "grep -E" instead of "egrep"
c0cf8bc259 net: enetc: preserve TX ring priority across reconfiguration
de4dd4f9b3 net: enetc: cache accesses to &priv->si->hw
1f080b8caa net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
1d840c5d67 s390/crashdump: fix TOD programmable field size
11052f1188 net: thunderx: Fix the ACPI memory leak
b034fe2a08 nfc: st-nci: fix memory leaks in EVT_TRANSACTION
e14583073f nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
9cc863d523 arcnet: fix potential memory leak in com20020_probe()
4d2be0cf27 net: arcnet: Fix RESET flag handling
e61b00374a s390/dasd: fix no record found for raw_track_access
aeebb07499 ipv4: Fix error return code in fib_table_insert()
c0af4d005a dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
b8e494240e netfilter: flowtable_offload: add missing locking
af9de5cdcb dma-buf: fix racing conflict of dma_heap_add()
c40b76dfa7 bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
f81e9c0510 regulator: twl6030: re-add TWL6032_SUBCLASS
32b944b9c4 NFC: nci: fix memory leak in nci_rx_data_packet()
68a7aec3f4 net: sched: allow act_ct to be built without NF_NAT
8e2664e12b sfc: fix potential memleak in __ef100_hard_start_xmit()
6b638a16ea xfrm: Fix ignored return value in xfrm6_init()
c7788361a6 tipc: check skb_linearize() return value in tipc_disc_rcv()
4058e3b74a tipc: add an extra conn_get in tipc_conn_alloc
e87a077d09 tipc: set con sock in tipc_conn_alloc
891daa95b0 net/mlx5: Fix handling of entry refcount when command is not issued to FW
e06ff9f8fe net/mlx5: Fix FW tracer timestamp calculation
5689eba90a netfilter: ipset: regression in ip_set_hash_ip.c
e62e62ea91 netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
8dca384970 Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
909186cf34 Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
f42802e14a macsec: Fix invalid error code set
72be055615 nfp: add port from netdev validation for EEPROM access
ce41e03cac nfp: fill splittable of devlink_port_attrs correctly
0b553ded34 net: pch_gbe: fix pci device refcount leak while module exiting
2c59ef9ab6 net/qla3xxx: fix potential memleak in ql3xxx_send()
a24d5f6c8b net/mlx4: Check retval of mlx4_bitmap_init
da86a63479 net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
756534f7cf ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
290a71ff72 ARM: mxs: fix memory leak in mxs_machine_init()
5c97af75f5 netfilter: conntrack: Fix data-races around ct mark
459332f8db 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
26bb8f6aaa net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
398a860a44 nfc/nci: fix race with opening and closing
3535c632e6 rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
23c03ee0ee rxrpc: Use refcount_t rather than atomic_t
bddde342c6 rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
a2d5dba2fc net: liquidio: simplify if expression
8124a02e17 ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
b547bf71fa tee: optee: fix possible memory leak in optee_register_device()
b76c5a99f4 bus: sunxi-rsb: Support atomic transfers
0c059b7d2a regulator: core: fix UAF in destroy_regulator()
fcb2d28636 spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
0b6441abfa regulator: core: fix kobject release warning and memory leak in regulator_register()
26d3d3ffa8 scsi: storvsc: Fix handling of srb_status and capacity change events
c34db0d6b8 ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
4f6c7344ab ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
164a5b50d1 ASoC: hdac_hda: fix hda pcm buffer overflow issue
7cfb4b8579 ARM: dts: am335x-pcm-953: Define fixed regulators in root node
b7000254c1 af_key: Fix send_acquire race with pfkey_register
51969d679b xfrm: replay: Fix ESN wrap around for GSO
497653f6d2 xfrm: fix "disable_policy" on ipv4 early demux
836bbdfcf8 MIPS: pic32: treat port as signed integer
c0bb600f07 RISC-V: vdso: Do not add missing symbols to version section in linker script
81cc6d8400 arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
fa5f2c72d3 block, bfq: fix null pointer dereference in bfq_bio_bfqg()
d29bde8689 drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
f7ce6fb04e scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
2574903ee2 scsi: ibmvfc: Avoid path failures during live migration
7fc62181c1 platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
f54a11b6bf Revert "net: macsec: report real_dev features when HW offloading is enabled"
f4b8c0710a selftests/bpf: Add verifier test for release_reference()
361a165098 spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
2c1ca23555 wifi: mac80211: Fix ack frame idr leak when mesh has no route
8d39913158 wifi: airo: do not assign -1 to unsigned char
8552e6048e audit: fix undefined behavior in bit shift for AUDIT_BIT
1c9eb641d1 riscv: dts: sifive unleashed: Add PWM controlled LEDs
92ae6facd1 wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
2fcc593b50 wifi: mac80211: fix memory free error when registering wiphy fail
044bc6d3c2 ceph: avoid putting the realm twice when decoding snaps fails
d43219bb33 ceph: do not update snapshot context when there is no new snapshot
49c71b6814 iio: pressure: ms5611: fixed value compensation bug
879139bc7a iio: ms5611: Simplify IO callback parameters
80c825e1e3 nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
f4066fb910 nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
4f0cea018e drm/display: Don't assume dual mode adaptors support i2c sub-addressing
347f1793b5 bridge: switchdev: Fix memory leaks when changing VLAN protocol
89a7f155e6 bridge: switchdev: Notify about VLAN protocol changes
f5cbd86ebf ata: libata-core: do not issue non-internal commands once EH is pending
4034d06a4d ata: libata-scsi: simplify __ata_scsi_queuecmd()
03aabcb88a scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
6d46ef50b1 Linux 5.10.156
7be134eb69 Revert "net: broadcom: Fix BCMGENET Kconfig"
957732a09c ntfs: check overflow when iterating ATTR_RECORDs
6322dda483 ntfs: fix out-of-bounds read in ntfs_attr_find()
b825bfbbaa ntfs: fix use-after-free in ntfs_attr_find()
294ef12dcc mm: fs: initialize fsdata passed to write_begin/write_end interface
a8e2fc8f7b 9p/trans_fd: always use O_NONBLOCK read/write
a5da76df46 gfs2: Switch from strlcpy to strscpy
5fa30be7ba gfs2: Check sb_bsize_shift after reading superblock
f14858bc77 9p: trans_fd/p9_conn_cancel: drop client lock earlier
4154b6afa2 kcm: close race conditions on sk_receive_queue
7deb7a9d33 kcm: avoid potential race in kcm_tx_work
35309be06b tcp: cdg: allow tcp_cdg_release() to be called multiple times
e929ec98c0 macvlan: enforce a consistent minimal mtu
95ebea5a15 uapi/linux/stddef.h: Add include guards
3f25add5ec Input: i8042 - fix leaking of platform device on module removal
7d606ae1ab kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
89ece5ff7d scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
75205f1b47 scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
6e9334436d net: use struct_group to copy ip/ipv6 header addresses
9fd7bdaffe stddef: Introduce struct_group() helper macro
47c3bdd955 usbnet: smsc95xx: Fix deadlock on runtime resume
8208c266fe ring-buffer: Include dropped pages in counting dirty patches
36b5095b07 net: fix a concurrency bug in l2tp_tunnel_register()
023435a095 nvme: ensure subsystem reset is single threaded
b9a5ecf241 nvme: restrict management ioctls to admin
5e2f14d772 perf/x86/intel/pt: Fix sampling using single range output
62634b43d3 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
c1eb46a65b docs: update mediator contact information in CoC doc
4423866d31 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
440653a180 mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
8e70b14131 mmc: core: properly select voltage range without power cycle
05b0f6624d firmware: coreboot: Register bus in module init
deda86a0d8 iommu/vt-d: Set SRE bit only when hardware has SRS cap
d2c7d8f58e scsi: zfcp: Fix double free of FSF request when qdio send fails
db744288af maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
24cc679abb Input: iforce - invert valid length check when fetching device IDs
5f4611fe01 serial: 8250_lpss: Configure DMA also w/o DMA filter
8679087e93 serial: 8250: Flush DMA Rx on RLSI
a5eaad87bf serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
f59f5a269c dm ioctl: fix misbehavior if list_versions races with module loading
67a75a9480 iio: pressure: ms5611: changed hardcoded SPI speed to value limited
d95b85c508 iio: adc: mp2629: fix potential array out of bound access
46b8bc62c5 iio: adc: mp2629: fix wrong comparison of channel
8dddf2699d iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
85d2a8b287 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
85cc1a2fd8 usb: typec: mux: Enter safe mode only when pins need to be reconfigured
efaab05520 usb: chipidea: fix deadlock in ci_otg_del_timer
143ba5c2d2 usb: add NO_LPM quirk for Realforce 87U Keyboard
249cef723f USB: serial: option: add Fibocom FM160 0x0111 composition
5c44c60358 USB: serial: option: add u-blox LARA-L6 modem
0e88a3cfa6 USB: serial: option: add u-blox LARA-R6 00B modem
de707957d9 USB: serial: option: remove old LARA-R6 PID
878227a3dd USB: serial: option: add Sierra Wireless EM9191
25c652811d USB: bcma: Make GPIO explicitly optional
eb3af3ea5b speakup: fix a segfault caused by switching consoles
8cbaf4ed53 slimbus: stream: correct presence rate frequencies
15155f7c0e Revert "usb: dwc3: disable USB core PHY management"
100d1e53bb ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
c7dcc89482 ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
a80369c8ca ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
28a54854a9 tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
bb70fcae41 tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
315b149f08 tracing: Fix wild-memory-access in register_synth_event()
65ba7e7c24 tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
5d4cc7bc1a tracing/ring-buffer: Have polling block on watermark
5fdebbeca5 ring_buffer: Do not deactivate non-existant pages
6a14828cad ftrace: Fix null pointer dereference in ftrace_add_mod()
6ed60c60ec ftrace: Optimize the allocation for mcount entries
9569eed79b ftrace: Fix the possible incorrect kernel message
5fc19c8313 cifs: add check for returning value of SMB2_set_info_init
0aeb0de528 net: thunderbolt: Fix error handling in tbnet_init()
e13ef43813 cifs: Fix wrong return value checking when GETFLAGS
9f00da9c86 net/x25: Fix skb leak in x25_lapb_receive_frame()
94822d2331 net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open()
3aeb13bc3d cifs: add check for returning value of SMB2_close_init
c24013273e platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
9ed51414ae drbd: use after free in drbd_create_device()
6b23a4b252 net: ena: Fix error handling in ena_init()
2d5a495501 net: ionic: Fix error handling in ionic_init_module()
bb9924a6ed xen/pcpu: fix possible memory leak in register_pcpu()
d6a561bd4c bnxt_en: Remove debugfs when pci_register_driver failed
389738f5db net: caif: fix double disconnect client in chnl_net_open()
fb5ee1560b net: macvlan: Use built-in RCU list checking
709aa1f73d mISDN: fix misuse of put_device() in mISDN_register_device()
417f2d2edf net: liquidio: release resources when liquidio driver open failed
4cba73f2d6 net: hinic: Fix error handling in hinic_module_init()
083a2c9ef8 mISDN: fix possible memory leak in mISDN_dsp_element_register()
6b23993d5b net: bgmac: Drop free_netdev() from bgmac_enet_remove()
1f6a73b25d bpf: Initialize same number of free nodes for each pcpu_freelist
ef2ac07ab8 ata: libata-transport: fix error handling in ata_tdev_add()
7377a14598 ata: libata-transport: fix error handling in ata_tlink_add()
b5362dc163 ata: libata-transport: fix error handling in ata_tport_add()
ac471468f7 ata: libata-transport: fix double ata_host_put() in ata_tport_add()
ac4f404c25 arm64: dts: imx8mn: Fix NAND controller size-cells
30ece7dbee arm64: dts: imx8mm: Fix NAND controller size-cells
f68a9efd78 ARM: dts: imx7: Fix NAND controller size-cells
1d160dfb3f drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
c47a823ea1 drm/drv: Fix potential memory leak in drm_dev_init()
c776a49d09 drm/panel: simple: set bpc field for logic technologies displays
777430aa4d pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
bce3e6fe8b parport_pc: Avoid FIFO port location truncation
a4b5423f88 siox: fix possible memory leak in siox_device_add()
0679f571d3 arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
58636b5ff3 block: sed-opal: kmalloc the cmd/resp buffers
e27458b18b sctp: clear out_curr if all frag chunks of current msg are pruned
0b4c259b63 sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
7360e7c29d ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
e60f37a1d3 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
b8fe1a5aa7 tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
0a3160f4ff serial: imx: Add missing .thaw_noirq hook
7e1f908e65 serial: 8250: omap: Flush PM QOS work on remove
d833cba201 serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
b0b6ea651e serial: 8250_omap: remove wait loop from Errata i202 workaround
f14c312c21 serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
85cdbf04b4 serial: 8250: Remove serial_rs485 sanitization from em485
f5dedad405 ASoC: tas2764: Fix set_tdm_slot in case of single slot
9e82d78fbe ASoC: tas2770: Fix set_tdm_slot in case of single slot
8d21554ec7 ASoC: core: Fix use-after-free in snd_soc_exit()
38ca9bd336 spi: stm32: Print summary 'callbacks suppressed' message
a180da5564 drm/amdgpu: disable BACO on special BEIGE_GOBY card
f3adf0adf3 drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
b0faeff69a drm/amd/pm: Read BIF STRAP also for BACO check
6958556285 drm/amd/pm: support power source switch on Sienna Cichlid
7daab001a6 mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
65ac4d1807 spi: intel: Use correct mask for flash and protected regions
23793518a7 mtd: spi-nor: intel-spi: Disable write protection only if asked
a326fffdc7 ALSA: hda/realtek: fix speakers and micmute on HP 855 G8
24839d027c ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
bd48793240 Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
ce75e90859 btrfs: remove pointless and double ulist frees in error paths of qgroup tests
16743c4bf3 drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
df2747f295 i2c: i801: add lis3lv02d's I2C address for Vostro 5568
959cb0fd69 i2c: tegra: Allocate DMA memory for DMA engine
6cb657722e NFSv4: Retry LOCK on OLD_STATEID during delegation return
f0187227e2 drm/amd/display: Remove wrong pipe control lock
bb3edbd092 ASoC: rt1308-sdw: add the default value of some registers
b1619f0307 selftests/intel_pstate: fix build for ARCH=x86_64
fdf6807606 selftests/futex: fix build for clang
c1f0defecb ASoC: codecs: jz4725b: fix capture selector naming
aeb7e8bc0d ASoC: codecs: jz4725b: use right control for Capture Volume
c87945c173 ASoC: codecs: jz4725b: fix reported volume for Master ctl
9aae00961a ASoC: codecs: jz4725b: add missed Line In power control bit
0b4d650f90 spi: intel: Fix the offset to get the 64K erase opcode
6910e7279f ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
c7432616f6 ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe
a47606064c ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
f8f254c8b5 ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
c73aa2cc41 ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
41217963b1 Linux 5.10.155
0f544353fe io_uring: kill goto error handling in io_sqpoll_wait_sq()
154d744fbe x86/cpu: Restore AMD's DE_CFG MSR after resume
e7294b01de mmc: sdhci-esdhc-imx: Convert the driver to DT-only
534762e261 net: tun: call napi_schedule_prep() to ensure we own a napi
367bc0fa98 dmaengine: at_hdmac: Check return code of dma_async_device_register
85f97c97ef dmaengine: at_hdmac: Fix impossible condition
f53a233eaa dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
f451285522 dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
6be4ab08c8 dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
a35dd5dd98 dmaengine: at_hdmac: Fix concurrency over the active list
0f603bf553 dmaengine: at_hdmac: Free the memset buf without holding the chan lock
7f07cecc74 dmaengine: at_hdmac: Fix concurrency over descriptor
1582cc3b48 dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
9b69060a72 dmaengine: at_hdmac: Protect atchan->status with the channel lock
ee35682261 dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
7078e935b4 dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
ad4cbe8e9c dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
24f9e93e50 dmaengine: at_hdmac: Don't start transactions at tx_submit level
4b51cce72a dmaengine: at_hdmac: Fix at_lli struct definition
d37dfb9357 cert host tools: Stop complaining about deprecated OpenSSL functions
f8e0edeaa0 can: j1939: j1939_send_one(): fix missing CAN header initialization
0b692d41ee mm/memremap.c: map FS_DAX device memory as decrypted
03f9582a6a udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
4ea3aa3b98 mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
9c0accfa5a btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
8fa0c22ef8 platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
b5ee579fcb drm/i915/dmabuf: fix sg_table handling in map_dma_buf
4feedde548 nilfs2: fix use-after-free bug of ns_writer on remount
1d4ff73062 nilfs2: fix deadlock in nilfs_count_free_blocks()
344ddbd688 ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
516f9f2300 vmlinux.lds.h: Fix placement of '.data..decrypted' section
f6896fb69d ALSA: usb-audio: Add DSD support for Accuphase DAC-60
2032c2d32b ALSA: usb-audio: Add quirk entry for M-Audio Micro
a414a6d6ef ALSA: hda/realtek: Add Positivo C6300 model quirk
3a79f9568d ALSA: hda: fix potential memleak in 'add_widget_node'
380d64168d ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
181cfff57b ALSA: hda/hdmi - enable runtime pm for more AMD display audio
ea6787e482 mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
0a8d4531a0 mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
3f558930ad mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
b55e64d0a3 mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
4631cb0406 MIPS: jump_label: Fix compat branch range check
475fd3991a arm64: efi: Fix handling of misaligned runtime regions and drop warning
94ab8f88fe riscv: fix reserved memory setup
0cf9cb0614 riscv: Separate memory init from paging init
d7716240bc riscv: Enable CMA support
ecf78af514 riscv: vdso: fix build with llvm
e56d18a976 riscv: process: fix kernel info leakage
956e0216a1 net: macvlan: fix memory leaks of macvlan_common_newlink
59ec132386 ethernet: tundra: free irq when alloc ring failed in tsi108_open()
dd7beaec8b net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
56d3b5531b ethernet: s2io: disable napi when start nic failed in s2io_card_up()
05b2228434 net: atlantic: macsec: clear encryption keys from the stack
1a4e495edf net: phy: mscc: macsec: clear encryption keys when freeing a flow
4ad684ba02 cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
38aa7ed8c2 net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
fd52dd2d6e net: cpsw: disable napi in cpsw_ndo_open()
3b27e20601 net/mlx5e: E-Switch, Fix comparing termination table instance
eb6fa0ac2a net/mlx5: Allow async trigger completion execution on single CPU systems
bdd282bba7 net: nixge: disable napi when enable interrupts failed in nixge_open()
5333cf1b7f net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
cf4853880e perf stat: Fix printing os->prefix in CSV metrics output
3a4a3c3b1f drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
0b7ee3d50f dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
6e2ffae69d dmaengine: pxa_dma: use platform_get_irq_optional
f31dd15858 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
fbb4e8e6dc net: broadcom: Fix BCMGENET Kconfig
cb6d639bb1 net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
d68fa77ee3 can: af_can: fix NULL pointer dereference in can_rx_register()
a033b86c7f ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
02f8dfee75 tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
f3aa8a7d95 drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
bcb3bb1069 hamradio: fix issue of dev reference count leakage in bpq_device_event()
bc4591a86b net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
2bf8b1c111 KVM: s390: pv: don't allow userspace to set the clock under PV
a60cc64db7 KVM: s390x: fix SCK locking
fcbd2b3368 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
8aae24b0ed net: fman: Unregister ethernet device on removal
e2c5ee3b62 bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
38147073c9 bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
3401f96402 net: tun: Fix memory leaks of napi_get_frags
adaa0f180d macsec: clear encryption keys from the stack after setting up offload
9dc7503bae macsec: fix detection of RXSCs when toggling offloading
7f4456f011 macsec: fix secy->n_rx_sc accounting
3b05d9073a macsec: delete new rxsc when offload fails
50868de7dc net: gso: fix panic on frag_list with mixed head alloc types
cedd4f01f6 bpf: Fix wrong reg type conversion in release_reference()
9069db2579 bpf: Add helper macro bpf_for_each_reg_in_vstate
95b6ec7337 bpf: Support for pointers beyond pkt_end.
8597b59e3d HID: hyperv: fix possible memory leak in mousevsc_probe()
8c80b2fca4 bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
cc21dc48a7 bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
e1e1218032 wifi: cfg80211: fix memory leak in query_regdb_file()
914cb94e73 wifi: cfg80211: silence a sparse RCU warning
72ea2fc299 phy: stm32: fix an error code in probe
925bf1ba76 hwspinlock: qcom: correct MMIO max register for newer SoCs
76eba54f0d fuse: fix readdir cache race
And update the .xml file due to changes that came in commit 7364575996
("ANDROID: CRC ABI fixups in ip.h and ipv6.h") which required the CRC to
be preserved for some structures:
type 'struct iphdr' changed
member changed from '__be32 saddr' to 'union { struct { __be32 saddr; __be32 daddr; }; struct { __be32 saddr; __be32 daddr; } addrs; }'
type changed from '__be32' = '__u32' = 'unsigned int' to 'union { struct { __be32 saddr; __be32 daddr; }; struct { __be32 saddr; __be32 daddr; } addrs; }'
resolved type changed from 'unsigned int' to 'union { struct { __be32 saddr; __be32 daddr; }; struct { __be32 saddr; __be32 daddr; } addrs; }'
member '__be32 daddr' was removed
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id1e348424ecbaa9cc0015cee5e2150fe742dcce7
This is the merge of the upstream LTS release of 5.10.154 into the
android13-5.10 branch.
It contains the following commits:
319eb6144e ANDROID: abi preservation for fscrypt change in 5.10.154
c007a0aa82 Revert "serial: 8250: Let drivers request full 16550A feature probing"
ae6c45a1de Merge 5.10.154 into android13-5.10-lts
f5b40c0eb9 Linux 5.10.154
bf506e366d ipc: remove memcg accounting for sops objects in do_semtimedop()
c6678c8f4f wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
a6c57adec5 drm/i915/sdvo: Setup DDC fully before output init
b86830cc95 drm/i915/sdvo: Filter out invalid outputs more sensibly
9f3b867808 drm/rockchip: dsi: Force synchronous probe
23f1fc7ce5 ext4,f2fs: fix readahead of verity data
e5cef906cb KVM: x86: emulator: update the emulation mode after CR0 write
ce9261accc KVM: x86: emulator: introduce emulator_recalc_and_set_mode
c8a2fd7a71 KVM: x86: emulator: em_sysexit should update ctxt->mode
e0c7410378 KVM: x86: Mask off reserved bits in CPUID.80000001H
9302ebc1c2 KVM: x86: Mask off reserved bits in CPUID.80000008H
cc40c5f3e9 KVM: x86: Mask off reserved bits in CPUID.8000001AH
bd64a88f36 KVM: x86: Mask off reserved bits in CPUID.80000006H
156451a67b ext4: fix BUG_ON() when directory entry has invalid rec_len
5370b965b7 ext4: fix warning in 'ext4_da_release_space'
c9598cf629 parisc: Avoid printing the hardware path twice
98f836e80d parisc: Export iosapic_serial_irq() symbol for serial port driver
814af9a32b parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
29d106d086 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
98f6e7c337 perf/x86/intel: Fix pebs event constraints for ICL
3be2d66822 efi: random: Use 'ACPI reclaim' memory for random seed
83294f7c77 efi: random: reduce seed size to 32 bytes
f8e8cda869 fuse: add file_modified() to fallocate
cdf01c807e capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
ff32d8a099 tracing/histogram: Update document for KEYS_MAX size
533bfacbac tools/nolibc/string: Fix memcmp() implementation
f100a02748 kprobe: reverse kp->flags when arm_kprobe failed
bef08acbe5 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
2bf33b5ea4 tcp/udp: Make early_demux back namespacified.
ea5f2fd464 ftrace: Fix use-after-free for dynamic ftrace_ops
06de93a47c btrfs: fix type of parameter generation in btrfs_get_dentry
e33ce54cef coresight: cti: Fix hang in cti_disable_hw()
015ac18be7 binder: fix UAF of alloc->vma in race with munmap()
836686e1a0 memcg: enable accounting of ipc resources
e4e4b24b42 mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
818c36b988 tcp/udp: Fix memory leak in ipv6_renew_options().
29997a6fa6 fscrypt: fix keyring memory leak on mount failure
391cceee6d fscrypt: stop using keyrings subsystem for fscrypt_master_key
092401142b fscrypt: simplify master key locking
54c13d3520 ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
a0e2577cf3 block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
26ca2ac091 Bluetooth: L2CAP: Fix attempting to access uninitialized memory
6b6f94fb9a Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
bfd5e62f9a i2c: piix4: Fix adapter not be removed in piix4_remove()
fc3e2fa0a5 arm64: dts: juno: Add thermal critical trip points
b743ecf29c firmware: arm_scmi: Make Rx chan_setup fail on memory errors
29e8e9bfc2 firmware: arm_scmi: Suppress the driver's bind attributes
d7b1e2cbe0 ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
160d8904b2 efi/tpm: Pass correct address to memblock_reserve
c40b4d604b i2c: xiic: Add platform module alias
5bf8c7798b drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
496eb203d0 HID: saitek: add madcatz variant of MMO7 mouse device ID
ff06067b70 scsi: core: Restrict legal sdev_state transitions via sysfs
9edf20e5a1 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
be6e22f546 media: meson: vdec: fix possible refcount leak in vdec_probe()
c5fd54a65c media: dvb-frontends/drxk: initialize err to 0
7fdc58d8c2 media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
1609231f86 media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
c46759e370 media: rkisp1: Zero v4l2_subdev_format fields in when validating links
3144ce5574 media: rkisp1: Initialize color space on resizer sink and source pads
6b24d9c2ac s390/boot: add secure boot trailer
efc6420d65 xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
37bb57908d mtd: parsers: bcm47xxpart: Fix halfblock reads
85e458369c mtd: parsers: bcm47xxpart: print correct offset on read error
ec54104feb fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
f8c86d7829 video/fbdev/stifb: Implement the stifb_fillrect() function
e975d7aeca mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
afeae13b8a mmc: sdhci-pci: Avoid comma separated statements
a06721767c mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
59400c9b0d drm/msm/hdmi: fix IRQ lifetime
8225bdaec5 drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
5dbb47ee89 ipv6: fix WARNING in ip6_route_net_exit_late()
1c89642e7f net, neigh: Fix null-ptr-deref in neigh_table_clear()
634f066d02 net: mdio: fix undefined behavior in bit shift for __mdiobus_register
d9ec6e2fbd Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
cb1c012099 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
0a0dead4ad btrfs: fix ulist leaks in error paths of qgroup self tests
61e0612811 btrfs: fix inode list leak during backref walking at find_parent_nodes()
a52e24c7fc btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
81204283ea isdn: mISDN: netjet: fix wrong check of device registration
e77d213843 mISDN: fix possible memory leak in mISDN_register_device()
f06186e527 rose: Fix NULL pointer dereference in rose_send_frame()
2c8d81bdb2 ipvs: fix WARNING in ip_vs_app_net_cleanup()
931f56d59c ipvs: fix WARNING in __ip_vs_cleanup_batch()
d69328cdb9 ipvs: use explicitly signed chars
b2d7a92aff netfilter: nf_tables: release flow rule object from commit path
3583826b44 net: tun: fix bugs for oversize packet when napi frags enabled
5960b9081b net: sched: Fix use after free in red_enqueue()
24f9c41435 ata: pata_legacy: fix pdc20230_set_piomode()
c85ee1c3cb net: fec: fix improper use of NETDEV_TX_BUSY
52438e734c nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
0acfcd2aed nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
9ae2c9a91f nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
eecea068bf NFC: nxp-nci: remove unnecessary labels
e8c11ee2d0 nfc: fdp: Fix potential memory leak in fdp_nci_send()
31b83d6990 nfc: fdp: drop ftrace-like debugging messages
4e1e4485b2 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
d360e875c0 RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
37a098fc9b net: dsa: Fix possible memory leaks in dsa_loop_init()
45aea4fbf6 nfs4: Fix kmemleak when allocate slot failed
f0f1c74fa6 NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
10c554d722 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
4813dd737d NFSv4: Fix a potential state reclaim deadlock
7c4260f8f1 IB/hfi1: Correctly move list in sc_disable()
87ac93c8dd RDMA/cma: Use output interface for net_dev check
4dbb739eb2 KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
bb584caee8 KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
9faacf442d KVM: x86: Protect the unused bits in MSR exiting flags
5bdbccc79c x86/topology: Fix duplicated core ID within a package
6c31fc028a x86/topology: Fix multiple packages shown on a single-package system
f5ad52da14 x86/topology: Set cpu_die_id only if DIE_TYPE found
570fa3bcd2 KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
e5d7c6786b KVM: x86: Trace re-injected exceptions
8364786152 KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
523e1dd9f8 KVM: nVMX: Pull KVM L0's desired controls directly from vmcs01
028fcabd8a serial: ar933x: Deassert Transmit Enable on ->rs485_config()
e6da7808c9 serial: 8250: Let drivers request full 16550A feature probing
And the following needed .xml update that came from the -lts branch:
type 'struct super_block' changed
member changed from 'struct key * s_master_keys' to 'struct fscrypt_keyring * s_master_keys'
type changed from 'struct key *' to 'struct fscrypt_keyring *'
pointed-to type changed from 'struct key' to 'struct fscrypt_keyring'
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ife5a25b768426b97f62f37af2306dbe4a0280017
This is the merge of the upstream LTS release of 5.10.153 into the
android13-5.10 branch.
It contains the following commits:
8f15578281 Merge 5.10.153 into android13-5.10-lts
24b99d0dbd Merge 5.10.152 into android13-5.10-lts
acb6a01994 Merge 5.10.151 into android13-5.10-lts
95aa34f721 Linux 5.10.153
26a2b9c468 serial: Deassert Transmit Enable on probe in driver-specific way
4a230f65d6 serial: core: move RS485 configuration tasks from drivers into core
eb69c07eca can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
d5924531dd arm64/kexec: Test page size support with new TGRAN range values
c911f03f8d arm64/mm: Fix __enable_mmu() for new TGRAN range values
d523384766 scsi: sd: Revert "scsi: sd: Remove a local variable"
52a43b8200 arm64: Add AMPERE1 to the Spectre-BHB affected list
9889ca7efa net: enetc: survive memory pressure without crashing
fdba224ab0 net/mlx5: Fix crash during sync firmware reset
bbcc06933f net/mlx5: Fix possible use-after-free in async command interface
16376ba5cf net/mlx5e: Do not increment ESN when updating IPsec ESN state
0d88359092 nh: fix scope used to find saddr when adding non gw nh
3519b5ddac net: ehea: fix possible memory leak in ehea_register_port()
79631daa5a openvswitch: switch from WARN to pr_warn
00d6f33f67 ALSA: aoa: Fix I2S device accounting
ce6fd1c382 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
97262705c0 net: fec: limit register access on i.MX6UL
df67a8e625 PM: domains: Fix handling of unavailable/disabled idle states
1f262d8088 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
6170b4579f i40e: Fix flow-type by setting GL_HASH_INSET registers
9abae363af i40e: Fix VF hang when reset is triggered on another VF
23d5599058 i40e: Fix ethtool rx-flow-hash setting for X722
44affe7ede ipv6: ensure sane device mtu in tunnels
905f05c0ab media: vivid: set num_in/outputs to 0 if not supported
b6c7446d0a media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
683015ae16 media: v4l2-dv-timings: add sanity checks for blanking values
147b8f1892 media: vivid: dev->bitmap_cap wasn't freed in all cases
1cf51d5158 media: vivid: s_fbuf: add more sanity checks
3221c2701d PM: hibernate: Allow hybrid sleep to work with s2idle
0eb19ecbd0 can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path
6b2d07fc0b can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
1634d5d39c tcp: fix indefinite deferral of RTO with SACK reneging
4f23cb2be5 tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
49713d7c38 tcp: minor optimization in tcp_add_backlog()
aab883bd60 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
c3edc6e808 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
e2a28807b1 kcm: annotate data-races around kcm->rx_wait
c325f92d8d kcm: annotate data-races around kcm->rx_psock
af7879529e atlantic: fix deadlock at aq_nic_stop
d7ccd49c4d amd-xgbe: add the bit rate quirk for Molex cables
17350734fd amd-xgbe: fix the SFP compliance codes check for DAC cables
b55d6ea965 x86/unwind/orc: Fix unreliable stack dump with gcov
0ce1ef3353 net: hinic: fix the issue of double release MBOX callback of VF
6603843c80 net: hinic: fix the issue of CMDQ memory leaks
bb01910763 net: hinic: fix memory leak when reading function table
ce605b68db net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
62f0a08e82 net: netsec: fix error handling in netsec_register_mdio()
32a3d4660b tipc: fix a null-ptr-deref in tipc_topsrv_accept
fb94152aae perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
bfce730886 ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
2663b16c76 ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
a527557299 arc: iounmap() arg is volatile
648ac633e7 ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
6571f6ca8a drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
4953a989b7 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
9d00384270 net: ieee802154: fix error return code in dgram_bind()
568e3812b1 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
935a8b6202 mm/memory: add non-anonymous page check in the copy_present_page()
49db6cb814 xen/gntdev: Prevent leaking grants
a3f2cc11d6 Xen/gntdev: don't ignore kernel unmapping error
467230b9ef s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
fe187c801a s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
449070996c perf auxtrace: Fix address filter symbol name match for modules
6f72a3977b kernfs: fix use-after-free in __kernfs_remove
0bcd1ab3e8 counter: microchip-tcb-capture: Handle Signal1 read and Synapse
8bf037279b mmc: core: Fix kernel panic when remove non-standard SDIO card
5684808b26 mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
b686ffc0ac drm/msm/dp: fix IRQ lifetime
08c7375fa2 drm/msm/hdmi: fix memory corruption with too many bridges
21c4679af0 drm/msm/dsi: fix memory corruption with too many bridges
44a86d96fa scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
c368f751da mac802154: Fix LQI recording
9ba2990f4e exec: Copy oldsighand->action under spin-lock
7062153004 fs/binfmt_elf: Fix memory leak in load_elf_binary()
d9ddfeb01f fbdev: smscufx: Fix several use-after-free bugs
f19f1a75d3 iio: temperature: ltc2983: allocate iio channels once
af236da855 iio: light: tsl2583: Fix module unloading
90ff5bef2b tools: iio: iio_utils: fix digit calculation
678d2cc204 xhci: Remove device endpoints from bandwidth list when freeing the device
3b250824b6 xhci: Add quirk to reset host back to default state at shutdown
63c7df3c81 mtd: rawnand: marvell: Use correct logic for nand-keep-config
228101fc83 usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
2bc4f99ee2 usb: bdc: change state when port disconnected
e440957f9c usb: dwc3: gadget: Don't set IMI for no_interrupt
fb074d622c usb: dwc3: gadget: Stop processing more requests on IMI
c29fcef579 USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
4cc7a360ec ALSA: rme9652: use explicitly signed char
8959092300 ALSA: au88x0: use explicitly signed char
2bf5b16315 ALSA: Use del_timer_sync() before freeing timer
ca1034bff8 can: kvaser_usb: Fix possible completions during init_completion
370be31cde can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
7d51b4c67c Linux 5.10.152
43d5109296 udp: Update reuse->has_conns under reuseport_lock.
a50ed2d287 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
31b1570677 blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
e2f9b62ead mmc: core: Add SD card quirk for broken discard
3a260e9844 Makefile.debug: re-enable debug info for .S files
6ab2287b26 x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
67dafece56 ACPI: video: Force backlight native for more TongFang devices
dcaf631320 hv_netvsc: Fix race between VF offering and VF association message from host
da54c5f4b5 perf/x86/intel/pt: Relax address filter validation
79c3482fbe riscv: topology: fix default topology reporting
a6e770733d arm64: topology: move store_cpu_topology() to shared code
cb1024d8a4 arm64: dts: qcom: sc7180-trogdor: Fixup modem memory region
f687e2111b fcntl: fix potential deadlocks for &fown_struct.lock
b1efc19644 fcntl: make F_GETOWN(EX) return 0 on dead owner task
ca4c498382 perf: Skip and warn on unknown format 'configN' attrs
dea47fefa6 perf pmu: Validate raw event with sysfs exported format bits
86e995f964 riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
0e4c06ae7c riscv: Add machine name to kernel boot log and stack dump output
7fba4a389d mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
3c6a888e35 xen/gntdev: Accommodate VMA splitting
5232411f37 xen: assume XENFEAT_gnttab_map_avail_bits being set for pv guests
ea82edad0a tracing: Do not free snapshot if tracer is on cmdline
bd6af07e79 tracing: Simplify conditional compilation code in tracing_set_tracer()
4e3a15ca24 dmaengine: mxs: use platform_driver_register
1da5d24970 dmaengine: mxs-dma: Remove the unused .id_table
1414e9bf3c drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
d74196bb27 iommu/vt-d: Clean up si_domain in the init_dmars() error path
ef11e8ec00 iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
35c92435be net: phy: dp83822: disable MDI crossover status change interrupt
7aa3d623c1 net: sched: fix race condition in qdisc_graft()
2974f3b330 net: hns: fix possible memory leak in hnae_ae_register()
3032e316e0 sfc: include vport_id in filter spec hash and equal()
ded86c4191 net: sched: sfb: fix null pointer access issue when sfb_init() fails
305aa36b62 net: sched: delete duplicate cleanup of backlog and qlen
ae48bee283 net: sched: cake: fix null pointer access issue when cake_init() fails
2008ad08a2 nvme-hwmon: kmalloc the NVME SMART log buffer
770b7e3a2c nvme-hwmon: consistently ignore errors from nvme_hwmon_init
67106ac272 nvme-hwmon: Return error code when registration fails
bc17f727b0 nvme-hwmon: rework to avoid devm allocation
191d71c635 ionic: catch NULL pointer issue on reconfig
ff7ba76675 net: hsr: avoid possible NULL deref in skb_clone()
7286f87551 cifs: Fix xid leak in cifs_ses_add_channel()
2d08311aa3 cifs: Fix xid leak in cifs_flock()
bf49d4fe4a cifs: Fix xid leak in cifs_copy_file_range()
05cc22c008 net: phy: dp83867: Extend RX strap quirk for SGMII mode
118f412bed net/atm: fix proc_mpc_write incorrect return value
c8310a99e7 sfc: Change VF mac via PF as first preference if available.
39d10f0dfb HID: magicmouse: Do not set BTN_MOUSE on double report
ed5baf3d0a i40e: Fix DMA mappings leak
e558e14893 tipc: fix an information leak in tipc_topsrv_kern_subscr
1f4ed95ce6 tipc: Fix recognition of trial period
fc8c6b8bb2 ACPI: extlog: Handle multiple records
57e157749a btrfs: fix processing of delayed tree block refs during backref walking
590929ef69 btrfs: fix processing of delayed data refs during backref walking
cc841a8a70 r8152: add PID for the Lenovo OneLink+ Dock
51b96ecaed arm64: errata: Remove AES hwcap for COMPAT tasks
910ba49b33 blk-wbt: call rq_qos_add() after wb_normal is initialized
392536023d block: wbt: Remove unnecessary invoking of wbt_update_limits in wbt_init
ab6aaa8210 media: venus: dec: Handle the case where find_format fails
bce5808fc9 media: mceusb: set timeout to at least timeout provided
6d725672ce KVM: arm64: vgic: Fix exit condition in scan_its_table()
34db701dc6 kvm: Add support for arch compat vm ioctls
e55feb31df cpufreq: qcom: fix memory leak in error path
303d0f7614 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
6a2aadcb01 ata: ahci-imx: Fix MODULE_ALIAS
d9f0159da0 hwmon/coretemp: Handle large core ID value
0fb04676c4 x86/microcode/AMD: Apply the patch early on every logical thread
6dcf1f0802 i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
794ded0bc4 cpufreq: qcom: fix writes in read-only memory region
2723875e9d selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
0d65f040fd ocfs2: fix BUG when iput after ocfs2_mknod fails
b838dcfda1 ocfs2: clear dinode links count in case of error
c34d1b22fe Linux 5.10.151
ecad331211 kbuild: Add skip_encoding_btf_enum64 option to pahole
c5006abb80 kbuild: Unify options for BTF generation for vmlinux and modules
f5f413cb3e kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
06481cd9f7 kbuild: Quote OBJCOPY var to avoid a pahole call break the build
bbaea0f1cd bpf: Generate BTF_KIND_FLOAT when linking vmlinux
Change-Id: I3e82ce16041bfb3aab890871e526950a425f0f8d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In the 5.10.150 merge, struct sk_buff was fixed up to preserve the ABI.
In order for that change to work here, we have to update our version of
the .xml file as well because it contains many more symbols than the
-lts branch had.
type 'struct sk_buff' changed
member 'union { struct { __u8 scm_io_uring; __u8 android_kabi_reserved1_padding1; __u16 android_kabi_reserved1_padding2; __u32 android_kabi_reserved1_padding3; }; struct { u64 android_kabi_reserved1; }; union { }; }' was added
member 'u64 android_kabi_reserved1' was removed
Fixes: ee97a71cac ("ANDROID: fix up struct sk_buf ABI breakage")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I74ba2401063de272cbf82906ad99c1b8cb5ff2f2
In commit 96a3ddb870 ("tcp: fix tcp_cwnd_validate() to not forget
is_cwnd_limited"), the field max_packets_seq in struct tcm_sock was
renamed to cwnd_usage_seq, which broke the ABI. Keep the same logic in
the bugfix, but rename the field back to preserve the ABI.
Bug: 161946584
Fixes: 96a3ddb870 ("tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9ffb10be63a22c36d5864feea794dde390ef69a1
This reverts commit 572fb97fce which is
commit 039d492637 upstream.
It breaks the kernel abi and is not needed for any supported Android
devices at this point in time, so it can be safely reverted.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I07e784e722762dab69f031063317350379e59b76
Building the bpmp-debugfs driver for Arm results in a warning for stack usage:
drivers/firmware/tegra/bpmp-debugfs.c:321:16: error: stack frame size of 1224 bytes in function 'bpmp_debug_store' [-Werror,-Wframe-larger-than=]
static ssize_t bpmp_debug_store(struct file *file, const char __user *buf,
It should be possible to rearrange the code to not require two separate
buffers for the file name, but the easiest workaround is to use dynamic
allocation.
Bug: 261962742
Fixes: 5e37b9c137 ("firmware: tegra: Add support for in-band debug")
Link: https://lore.kernel.org/all/20201204193714.3134651-1-arnd@kernel.org/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[treding@nvidia.com: consistently return NULL on failure]
Signed-off-by: Thierry Reding <treding@nvidia.com>
(cherry picked from commit 06c2d9a078)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic147141781cc5fd4250a6d09e283c23ba45cbd9a
This reverts commit eb57c31115.
This branch looks clean of WERROR warnings. Let's try to re-enable it.
Fixes: eb57c31115 ("ANDROID: allmodconfig: disable WERROR")
(cherry picked from commit d19f8758ae)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0106dcd43d7e4b4e20ac768f3faac40285bc837b
[ Note: this is a fix that works around the bug equivalently as the
two upstream commits:
1fa4445f9a ("ALSA: control - introduce snd_ctl_notify_one() helper")
56b88b5056 ("ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF")
but in a simpler way to fit with older stable trees -- tiwai ]
Add missing locking in ctl_elem_read_user/ctl_elem_write_user which can be
easily triggered and turned into an use-after-free.
Example code paths with SNDRV_CTL_IOCTL_ELEM_READ:
64-bits:
snd_ctl_ioctl
snd_ctl_elem_read_user
[takes controls_rwsem]
snd_ctl_elem_read [lock properly held, all good]
[drops controls_rwsem]
32-bits (compat):
snd_ctl_ioctl_compat
snd_ctl_elem_write_read_compat
ctl_elem_write_read
snd_ctl_elem_read [missing lock, not good]
CVE-2023-0266 was assigned for this issue.
Bug: 265303544
Signed-off-by: Clement Lecigne <clecigne@google.com>
Cc: stable@kernel.org # 5.12 and older
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit df02234e6b87d2a9a82acd3198e44bdeff8488c7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ibe891cdcb9eaf0dfc7bd771689c85c32b5c0d1f7
commit 09bf649a74 upstream.
vm_open() is not allowed to fail. Fortunately we are guaranteed that
the pages are already pinned, thanks to the initial mmap which is now
being cloned into a forked process, and only need to increment the
refcnt. So just increment it directly. Previously if a signal was
delivered at the wrong time to the forking process, the
mutex_lock_interruptible() could fail resulting in the pages_use_count
not being incremented.
Bug: 260569666
Fixes: 2194a63a81 ("drm: Add library for shmem backed GEM objects")
Cc: stable@vger.kernel.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221130185748.357410-3-robdclark@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I1f6d481c677e0ee4747352f7949570bccf39815c
commit 02e1a114fd upstream.
area_cache_get() is used to distribute cache->area and set cache->id,
and if cache->id is not 0 and cache->area->kref refcount is 0, it will
release the cache->area by nfp_cpp_area_release(). area_cache_get()
set cache->id before cpp->op->area_init() and nfp_cpp_area_acquire().
But if area_init() or nfp_cpp_area_acquire() fails, the cache->id is
is already set but the refcount is not increased as expected. At this
time, calling the nfp_cpp_area_release() will cause use-after-free.
To avoid the use-after-free, set cache->id after area_init() and
nfp_cpp_area_acquire() complete successfully.
Note: This vulnerability is triggerable by providing emulated device
equipped with specified configuration.
BUG: KASAN: use-after-free in nfp6000_area_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:760)
Write of size 4 at addr ffff888005b7f4a0 by task swapper/0/1
Call Trace:
<TASK>
nfp6000_area_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:760)
area_cache_get.constprop.8 (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:884)
Allocated by task 1:
nfp_cpp_area_alloc_with_name (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:303)
nfp_cpp_area_cache_add (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:802)
nfp6000_init (drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c:1230)
nfp_cpp_from_operations (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:1215)
nfp_pci_probe (drivers/net/ethernet/netronome/nfp/nfp_main.c:744)
Freed by task 1:
kfree (mm/slub.c:4562)
area_cache_get.constprop.8 (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:873)
nfp_cpp_read (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:924 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c:973)
nfp_cpp_readl (drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cpplib.c:48)
Bug: 254471126
Signed-off-by: Jialiang Wang <wangjialiang0806@163.com>
Reviewed-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Acked-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20220810073057.4032-1-wangjialiang0806@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Iad626deee45edc6bdf7a095d3de1defc5c6ad996
Signed-off-by: Lee Jones <joneslee@google.com>
When communicating with accessory devices via USBFS, the initialisation
call-stack looks like:
ConfigFS > Gadget ConfigFS > UDC > Gadget ConfigFS > Composite
Eventually ending up in composite_dev_prepare() where memory for the
data buffer is allocated and initialised. The default size used for the
allocation is USB_COMP_EP0_BUFSIZ (4k). When handling bulk transfers,
acc_ctrlrequest() needs to be able to handle buffers up to
BULK_BUFFER_SIZE (16k). Instead of adding new generic attributes to
'struct usb_request' to track the size of the allocated buffer, we can
simply split off the affected thread of execution to travel via a
knowledgeable abstracted function acc_ctrlrequest_composite() where we
can complete the necessary specific checks.
Bug: 264029575
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ia1280f85499621d3fa57f7262b4a2c80f4be7773
Signed-off-by: Lee Jones <joneslee@google.com>
commit e6cfaf34be upstream.
proc_get_long() is passed a size_t, but then assigns it to an 'int'
variable for the length. Let's not do that, even if our IO paths are
limited to MAX_RW_COUNT (exactly because of these kinds of type errors).
So do the proper test in the rigth type.
Bug: 261488859
Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Icb7df4e5d9061d8a2c854b3f7cccaa753d6ea540
Signed-off-by: Lee Jones <joneslee@google.com>
commit bce9332220 upstream.
proc_skip_spaces() seems to think it is working on C strings, and ends
up being just a wrapper around skip_spaces() with a really odd calling
convention.
Instead of basing it on skip_spaces(), it should have looked more like
proc_skip_char(), which really is the exact same function (except it
skips a particular character, rather than whitespace). So use that as
inspiration, odd coding and all.
Now the calling convention actually makes sense and works for the
intended purpose.
Bug: 261488859
Reported-and-tested-by: Kyle Zeng <zengyhkyle@gmail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Idda5e84344778ff8794bc21c981ba3da01e6a63b
Signed-off-by: Lee Jones <joneslee@google.com>
[ Upstream commit 89ff3dfac6 ]
The embedded struct cdev does not have its lifetime correctly tied to
the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
is held open while the gadget is deleted.
This can readily be replicated with libusbgx's example programs (for
conciseness - operating directly via configfs is equivalent):
gadget-hid
exec 3<> /dev/hidg0
gadget-vid-pid-remove
exec 3<&-
Pull the existing device up in to struct f_hidg and make use of the
cdev_device_{add,del}() helpers. This changes the lifetime of the
device object to match struct f_hidg, but note that it is still added
and deleted at the same time.
Bug: 176850153
Fixes: 71adf11894 ("USB: gadget: add HID gadget driver")
Tested-by: Lee Jones <lee@kernel.org>
Reviewed-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Lee Jones <lee@kernel.org>
Signed-off-by: John Keeping <john@metanate.com>
Link: https://lore.kernel.org/r/20221122123523.3068034-2-john@metanate.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I5d37ca47c5f087d5b1b303b4e8a1614ea3f50159
Eric W. Biederman