mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-06 10:58:48 +09:00
df1cc768a503310fdea7c8a0d5d4e13f408bad35
1048905 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
David Anderson
|
df1cc768a5 |
Revert "FROMLIST: overlayfs: handle XATTR_NOSECURITY flag for ge..."
Revert submission 1881578 Reason for revert: broken build in CI Reverted Changes: Id2c6fa6ee:FROMLIST: Add flags option to get xattr method pai... Ifa966dabd:FROMLIST: overlayfs: inode_owner_or_capable called... I46e6c74ff:FROMLIST: overlayfs: override_creds=off option byp... I0b8fe9f1f:FROMLIST: overlayfs: handle XATTR_NOSECURITY flag ... Change-Id: Ie59bb4f7ad86f64c320a3e6f328a4e6f4fa1d204 Signed-off-by: David Anderson <dvander@google.com> |
||
|
David Anderson
|
650b7fa416 |
Revert "FROMLIST: overlayfs: override_creds=off option bypass cr..."
Revert submission 1881578 Reason for revert: broken build in CI Reverted Changes: Id2c6fa6ee:FROMLIST: Add flags option to get xattr method pai... Ifa966dabd:FROMLIST: overlayfs: inode_owner_or_capable called... I46e6c74ff:FROMLIST: overlayfs: override_creds=off option byp... I0b8fe9f1f:FROMLIST: overlayfs: handle XATTR_NOSECURITY flag ... Change-Id: Ib78cfc2cfb717a0c4a1997399aaa47d38c6f366d Signed-off-by: David Anderson <dvander@google.com> |
||
|
David Anderson
|
c100cf8c92 |
Revert "FROMLIST: overlayfs: inode_owner_or_capable called durin..."
Revert submission 1881578 Reason for revert: broken build in CI Reverted Changes: Id2c6fa6ee:FROMLIST: Add flags option to get xattr method pai... Ifa966dabd:FROMLIST: overlayfs: inode_owner_or_capable called... I46e6c74ff:FROMLIST: overlayfs: override_creds=off option byp... I0b8fe9f1f:FROMLIST: overlayfs: handle XATTR_NOSECURITY flag ... Change-Id: I7650b493f3b5e796f231280fe626312418190822 Signed-off-by: David Anderson <dvander@google.com> |
||
|
Kalesh Singh
|
90342f7225 |
UPSTREAM: tracing/histogram: Fix UAF in destroy_hist_field()
Calling destroy_hist_field() on an expression will recursively free any operands associated with the expression. If during expression parsing the operands of the expression are already set when an error is encountered, there is no need to explicity free the operands. Doing so will result in destroy_hist_field() being called twice for the operands and lead to a use-after-free (UAF) error. If the operands are associated with the expression, only call destroy_hist_field() on the expression since the operands will be recursively freed. Link: https://lore.kernel.org/all/CAHk-=wgcrEbFgkw9720H3tW-AhHOoEKhYwZinYJw4FpzSaJ6_Q@mail.gmail.com/ Link: https://lkml.kernel.org/r/20211118011542.1420131-1-kaleshsingh@google.com Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Kalesh Singh <kaleshsingh@google.com> Fixes: |
||
|
Greg Kroah-Hartman
|
36de88a855 |
Merge 5.15.3 into android13-5.15
Changes in 5.15.3
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
Input: iforce - fix control-message timeout
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
scsi: scsi_ioctl: Validate command size
scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run
scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd()
scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding
scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
scsi: qla2xxx: Fix crash in NVMe abort path
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
scsi: qla2xxx: Fix use after free in eh_abort path
ce/gf100: fix incorrect CE0 address calculation on some GPUs
char: xillybus: fix msg_ep UAF in xillyusb_probe()
mmc: mtk-sd: Add wait dma stop done flow
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
exfat: fix incorrect loading of i_blocks for large files
io-wq: remove worker to owner tw dependency
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix ptrace check on syscall return
tpm: Check for integer overflow in tpm2_map_response_body()
firmware/psci: fix application of sizeof to pointer
crypto: s5p-sss - Add error handling in s5p_aes_probe()
media: rkvdec: Do not override sizeimage for output format
media: ite-cir: IR receiver stop working after receive overflow
media: rkvdec: Support dynamic resolution changes
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: v4l2-ioctl: Fix check_ext_ctrls
ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
ALSA: hda/realtek: Add quirk for Clevo PC70HS
ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: hda: Free card instance properly at probe errors
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: pci: rme: Fix unaligned buffer addresses
ALSA: PCM: Fix NULL dereference at mmap checks
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
Revert "ext4: enforce buffer head state assertion in ext4_da_map_blocks"
ext4: fix lazy initialization next schedule time computation in more granular unit
ext4: ensure enough credits in ext4_ext_shift_path_extents
ext4: refresh the ext4_ext_path struct after dropping i_data_sem.
fuse: fix page stealing
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/iopl: Fake iopl(3) CLI/STI usage
btrfs: clear MISSING device status bit in btrfs_close_one_device
btrfs: fix lost error handling when replaying directory deletes
btrfs: call btrfs_check_rw_degradable only if there is a missing device
KVM: x86/mmu: Drop a redundant, broken remote TLB flush
KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup
KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
ia64: kprobes: Fix to pass correct trampoline address to the handler
selinux: fix race condition when computing ocontext SIDs
ipmi:watchdog: Set panic count to proper value on a panic
md/raid1: only allocate write behind bio for WriteMostly device
hwmon: (pmbus/lm25066) Add offset coefficients
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
ath10k: fix control-message timeout
ath10k: fix division by zero in send path
PCI: Mark Atheros QCA6174 to avoid bus reset
rtl8187: fix control-message timeouts
evm: mark evm_fixmode as __ro_after_init
ifb: Depend on netfilter alternatively to tc
platform/surface: aggregator_registry: Add support for Surface Laptop Studio
mt76: mt7615: fix skb use-after-free on mac reset
HID: surface-hid: Use correct event registry for managing HID events
HID: surface-hid: Allow driver matching for target ID 1 devices
wcn36xx: Fix HT40 capability for 2Ghz band
wcn36xx: Fix tx_status mechanism
wcn36xx: Fix (QoS) null data frame bitrate/modulation
PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions
mwifiex: Read a PCI register after writing the TX ring write pointer
mwifiex: Try waking the firmware until we get an interrupt
libata: fix checking of DMA state
dma-buf: fix and rework dma_buf_poll v7
wcn36xx: handle connection loss indication
rsi: fix occasional initialisation failure with BT coex
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix rate mask set leading to P2P failure
rsi: Fix module dev_oper_mode parameter description
perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server
perf/x86/intel/uncore: Fix invalid unit check
perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
ASoC: tegra: Set default card name for Trimslice
ASoC: tegra: Restore AC97 support
signal: Remove the bogus sigkill_pending in ptrace_stop
memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed
soc: samsung: exynos-pmu: Fix compilation when nothing selects CONFIG_MFD_CORE
soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id
soc: fsl: dpio: use the combined functions to protect critical zone
mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines
mctp: handle the struct sockaddr_mctp padding fields
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
iio: core: fix double free in iio_device_unregister_sysfs()
iio: core: check return value when calling dev_set_name()
KVM: arm64: Extract ESR_ELx.EC only
KVM: x86: Fix recording of guest steal time / preempted status
KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
KVM: nVMX: Handle dynamic MSR intercept toggling
can: peak_usb: always ask for BERR reporting for PCAN-USB devices
can: mcp251xfd: mcp251xfd_irq(): add missing can_rx_offload_threaded_irq_finish() in case of bus off
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
can: j1939: j1939_can_recv(): ignore messages with invalid source address
can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
iio: adc: tsc2046: fix scan interval warning
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
io_uring: honour zeroes as io-wq worker limits
ring-buffer: Protect ring_buffer_reset() from reentrancy
serial: core: Fix initializing and restoring termios speed
ifb: fix building without CONFIG_NET_CLS_ACT
xen/balloon: add late_initcall_sync() for initial ballooning done
ovl: fix use after free in struct ovl_aio_req
ovl: fix filattr copy-up failure
PCI: pci-bridge-emul: Fix emulation of W1C bits
PCI: cadence: Add cdns_plat_pcie_probe() missing return
cxl/pci: Fix NULL vs ERR_PTR confusion
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Fix configuring Reference clock
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
cifs: To match file servers, make sure the server hostname matches
cifs: set a minimum of 120s for next dns resolution
mfd: simple-mfd-i2c: Select MFD_CORE to fix build error
pinctrl: core: fix possible memory leak in pinctrl_enable()
coresight: cti: Correct the parameter for pm_runtime_put
coresight: trbe: Fix incorrect access of the sink specific data
coresight: trbe: Defer the probe on offline CPUs
iio: buffer: check return value of kstrdup_const()
iio: buffer: Fix memory leak in iio_buffers_alloc_sysfs_and_mask()
iio: buffer: Fix memory leak in __iio_buffer_alloc_sysfs_and_mask()
iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups()
drivers: iio: dac: ad5766: Fix dt property name
iio: dac: ad5446: Fix ad5622_write() return value
iio: ad5770r: make devicetree property reading consistent
Documentation:devicetree:bindings:iio:dac: Fix val
USB: serial: keyspan: fix memleak on probe errors
serial: 8250: fix racy uartclk update
ksmbd: set unique value to volume serial field in FS_VOLUME_INFORMATION
io-wq: serialize hash clear with wakeup
serial: 8250: Fix reporting real baudrate value in c_ospeed field
Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field"
most: fix control-message timeouts
USB: iowarrior: fix control-message timeouts
USB: chipidea: fix interrupt deadlock
power: supply: max17042_battery: Clear status bits in interrupt handler
component: do not leave master devres group open after bind
dma-buf: WARN on dmabuf release with pending attachments
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: call sock_hold earlier in sco_conn_del
drm/panel-orientation-quirks: add Valve Steam Deck
rcutorture: Avoid problematic critical section nesting on PREEMPT_RT
platform/x86: wmi: do not fail if disabling fails
drm/amdgpu: move iommu_resume before ip init/resume
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
locking/lockdep: Avoid RCU-induced noinstr fail
net: sched: update default qdisc visibility after Tx queue cnt changes
ACPI: resources: Add DMI-based legacy IRQ override quirk
rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop
smackfs: Fix use-after-free in netlbl_catmap_walk()
ath11k: Align bss_chan_info structure with firmware
crypto: aesni - check walk.nbytes instead of err
x86/mm/64: Improve stack overflow warnings
x86: Increase exception stack sizes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
mwifiex: Properly initialize private structure on interface type changes
spi: Check we have a spi_device_id for each DT compatible
fscrypt: allow 256-bit master keys with AES-256-XTS
drm/amdgpu: Fix MMIO access page fault
drm/amd/display: Fix null pointer dereference for encoders
selftests: net: fib_nexthops: Wait before checking reported idle time
ath11k: Avoid reg rules update during firmware recovery
ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED
ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets
ath10k: high latency fixes for beacon buffer
octeontx2-pf: Enable promisc/allmulti match MCAM entries.
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: atomisp: Fix error handling in probe
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: uvcvideo: Set capability in s_param
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set unique vdev name based in type
media: vidtv: Fix memory leak in remove
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: videobuf2: rework vb2_mem_ops API
media: imx: set a media_device bus_info string
media: rcar-vin: Use user provided buffers when starting
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
rtw88: fix RX clock gate setting while fifo dump
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ipmi: Disable some operations during a panic
fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
kselftests/sched: cleanup the child processes
ACPICA: Avoid evaluating methods too early during system resume
cpufreq: Make policy min/max hard requirements
ice: Move devlink port to PF/VF struct
media: imx-jpeg: Fix possible null pointer dereference
media: ipu3-imgu: imgu_fmt: Handle properly try
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
net-sysfs: try not to restart the syscall if it will fail eventually
drm/amdkfd: rm BO resv on validation to avoid deadlock
tracefs: Have tracefs directories not set OTH permission bits by default
tracing: Disable "other" permission bits in the tracefs files
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall
mmc: moxart: Fix reference count leaks in moxart_probe
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ACPI: battery: Accept charges over the design capacity as full
ACPI: scan: Release PM resources blocked by unused objects
drm/amd/display: fix null pointer deref when plugging in display
drm/amdkfd: fix resume error when iommu disabled in Picasso
net: phy: micrel: make *-skew-ps check more lenient
leaking_addresses: Always print a trailing newline
thermal/core: Fix null pointer dereference in thermal_release()
drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture()
thermal/drivers/tsens: Add timeout to get_temp_tsens_valid
block: bump max plugged deferred size from 16 to 32
floppy: fix calling platform_device_unregister() on invalid drives
md: update superblock after changing rdev flags in state_store
memstick: r592: Fix a UAF bug when removing the driver
locking/rwsem: Disable preemption for spinning region
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
workqueue: make sysfs of unbound kworker cpumask more clever
tracing/cfi: Fix cmp_entries_* functions signature mismatch
mt76: mt7915: fix an off-by-one bound check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
iwlwifi: change all JnP to NO-160 configuration
block: remove inaccurate requeue check
media: allegro: ignore interrupt if mailbox is not initialized
drm/amdgpu/pm: properly handle sclk for profiling modes on vangogh
nvmet: fix use-after-free when a port is removed
nvmet-rdma: fix use-after-free when a port is removed
nvmet-tcp: fix use-after-free when a port is removed
nvme: drop scan_lock and always kick requeue list when removing namespaces
samples/bpf: Fix application of sizeof to pointer
arm64: vdso32: suppress error message for 'make mrproper'
PM: hibernate: Get block device exclusively in swsusp_check()
selftests: kvm: fix mismatched fclose() after popen()
selftests/bpf: Fix perf_buffer test on system with offline cpus
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
can: bittiming: can_fixup_bittiming(): change type of tseg1 and alltseg to unsigned int
gfs2: Cancel remote delete work asynchronously
gfs2: Fix glock_hash_walk bugs
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
tools/latency-collector: Use correct size when writing queue_full_warning
vrf: run conntrack only in context of lower/physdev for locally generated packets
net: annotate data-race in neigh_output()
ACPI: AC: Quirk GK45 to skip reading _PSR
ACPI: resources: Add one more Medion model in IRQ override quirk
btrfs: reflink: initialize return value to 0 in btrfs_extent_same()
btrfs: do not take the uuid_mutex in btrfs_rm_device
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
wcn36xx: Correct band/freq reporting on RX
wcn36xx: Fix packet drop on resume
Revert "wcn36xx: Enable firmware link monitoring"
ftrace: do CPU checking after preemption disabled
inet: remove races in inet{6}_getname()
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled
selftests/core: fix conflicting types compile error for close_range()
perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings
parisc: fix warning in flush_tlb_all
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
erofs: don't trigger WARN() when decompression fails
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
selftests/bpf: Fix strobemeta selftest regression
fbdev/efifb: Release PCI device's runtime PM ref during FB destroy
drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux()
perf/x86/intel/uncore: Fix Intel SPR CHA event constraints
perf/x86/intel/uncore: Fix Intel SPR IIO event constraints
perf/x86/intel/uncore: Fix Intel SPR M2PCIE event constraints
perf/x86/intel/uncore: Fix Intel SPR M3UPI event constraints
drm/bridge: it66121: Initialize {device,vendor}_ids
drm/bridge: it66121: Wait for next bridge to be probed
Bluetooth: fix init and cleanup of sco_conn.timeout_work
libbpf: Don't crash on object files with no symbol tables
Bluetooth: hci_uart: fix GPF in h5_recv
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
MIPS: lantiq: dma: fix burst length for DEU
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
objtool: Handle __sanitize_cov*() tail calls
net/mlx5: Publish and unpublish all devlink parameters at once
drm/v3d: fix wait for TMU write combiner flush
crypto: sm4 - Do not change section of ck and sbox
virtio-gpu: fix possible memory allocation failure
lockdep: Let lock_is_held_type() detect recursive read as read
net: net_namespace: Fix undefined member in key_remove_domain()
net: phylink: don't call netif_carrier_off() with NULL netdev
drm: bridge: it66121: Fix return value it66121_probe
spi: Fixed division by zero warning
cgroup: Make rebind_subsystems() disable v2 controllers all at once
wcn36xx: Fix Antenna Diversity Switching
wilc1000: fix possible memory leak in cfg_scan_result()
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
drm/amdgpu: Fix crash on device remove/driver unload
drm/amd/display: Pass display_pipe_params_st as const in DML
drm/amdgpu: move amdgpu_virt_release_full_gpu to fini_early stage
crypto: caam - disable pkc for non-E SoCs
crypto: qat - power up 4xxx device
Bluetooth: hci_h5: Fix (runtime)suspend issues on RTL8723BS HCIs
bnxt_en: Check devlink allocation and registration status
qed: Don't ignore devlink allocation failures
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
mptcp: do not shrink snd_nxt when recovering
fortify: Fix dropped strcpy() compile-time write overflow check
mac80211: twt: don't use potentially unaligned pointer
cfg80211: always free wiphy specific regdomain
net/mlx5: Accept devlink user input after driver initialization complete
net: dsa: rtl8366rb: Fix off-by-one bug
net: dsa: rtl8366: Fix a bug in deleting VLANs
bpf/tests: Fix error in tail call limit tests
ath11k: fix some sleeping in atomic bugs
ath11k: Avoid race during regd updates
ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status
ath11k: Fix memory leak in ath11k_qmi_driver_event_work
gve: DQO: avoid unused variable warnings
ath10k: Fix missing frame timestamp for beacon/probe-resp
ath10k: sdio: Add missing BH locking around napi_schdule()
drm/ttm: stop calling tt_swapin in vm_access
arm64: mm: update max_pfn after memory hotplug
drm/amdgpu: fix warning for overflow check
libbpf: Fix skel_internal.h to set errno on loader retval < 0
media: em28xx: add missing em28xx_close_extension
media: meson-ge2d: Fix rotation parameter changes detection in 'ge2d_s_ctrl()'
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: ttusb-dec: avoid release of non-acquired mutex
media: dvb-usb: fix ununit-value in az6027_rc_query
media: imx258: Fix getting clock frequency
media: v4l2-ioctl: S_CTRL output the right value
media: mtk-vcodec: venc: fix return value when start_streaming fails
media: TDA1997x: handle short reads of hdmi info frame.
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: imx-jpeg: Fix the error handling path of 'mxc_jpeg_probe()'
media: i2c: ths8200 needs V4L2_ASYNC
media: sun6i-csi: Allow the video device to be open multiple times
media: radio-wl1273: Avoid card name truncation
media: si470x: Avoid card name truncation
media: tm6000: Avoid card name truncation
media: cx23885: Fix snd_card_free call on null card pointer
media: atmel: fix the ispck initialization
scs: Release kasan vmalloc poison in scs_free process
kprobes: Do not use local variable when creating debugfs file
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
drm: fb_helper: fix CONFIG_FB dependency
cpuidle: Fix kobject memory leaks in error paths
media: em28xx: Don't use ops->suspend if it is NULL
ath10k: Don't always treat modem stop events as crashes
ath9k: Fix potential interrupt storm on queue reset
PM: EM: Fix inefficient states detection
x86/insn: Use get_unaligned() instead of memcpy()
EDAC/amd64: Handle three rank interleaving mode
rcu: Always inline rcu_dynticks_task*_{enter,exit}()
rcu: Fix rcu_dynticks_curr_cpu_in_eqs() vs noinstr
netfilter: nft_dynset: relax superfluous check on set updates
media: venus: fix vpp frequency calculation for decoder
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
crypto: ccree - avoid out-of-range warnings from clang
crypto: qat - detect PFVF collision after ACK
crypto: qat - disregard spurious PFVF interrupts
hwrng: mtk - Force runtime pm ops for sleep ops
ima: fix deadlock when traversing "ima_default_rules".
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
gve: Recover from queue stall due to missed IRQ
gve: Track RX buffer allocation failures
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
mmc: sdhci-omap: Fix context restore
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
hwmon: Fix possible memleak in __hwmon_device_register()
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
ath10k: fix max antenna gain unit
kernel/sched: Fix sched_fork() access an invalid sched_task_group
net: fealnx: fix build for UML
net: intel: igc_ptp: fix build for UML
net: tulip: winbond-840: fix build for UML
tcp: switch orphan_count to bare per-cpu counters
crypto: octeontx2 - set assoclen in aead_do_fallback()
thermal/core: fix a UAF bug in __thermal_cooling_device_register()
drm/msm/dsi: do not enable irq handler before powering up the host
drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init()
drm/msm: potential error pointer dereference in init()
drm/msm: unlock on error in get_sched_entity()
drm/msm: fix potential NULL dereference in cleanup
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
thermal/drivers/qcom/lmh: make QCOM_LMH depends on QCOM_SCM
mailbox: Remove WARN_ON for async_cb.cb in cmdq_exec_done
media: ivtv: fix build for UML
media: ir_toy: assignment to be16 should be of correct type
mmc: mxs-mmc: disable regulator on error and in the remove function
io-wq: Remove duplicate code in io_workqueue_create()
block: ataflop: fix breakage introduced at blk-mq refactoring
blk-wbt: prevent NULL pointer dereference in wb_timer_fn
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mailbox: mtk-cmdq: Validate alias_id on probe
mailbox: mtk-cmdq: Fix local clock ID usage
ACPI: PM: Turn off unused wakeup power resources
ACPI: PM: Fix sharing of wakeup power resources
drm/amdkfd: Fix an inappropriate error handling in allloc memory of gpu
mt76: mt7921: fix endianness in mt7921_mcu_tx_done_event
mt76: mt7915: fix endianness warning in mt7915_mac_add_txs_skb
mt76: mt7921: fix endianness warning in mt7921_update_txs
mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal()
mt76: connac: fix mt76_connac_gtk_rekey_tlv usage
mt76: fix build error implicit enumeration conversion
mt76: mt7921: fix survey-dump reporting
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
mt76: mt7921: Fix out of order process by invalid event pkt
mt76: mt7915: fix potential overflow of eeprom page index
mt76: mt7915: fix bit fields for HT rate idx
mt76: mt7921: fix dma hang in rmmod
mt76: connac: fix GTK rekey offload failure on WPA mixed mode
mt76: overwrite default reg_ops if necessary
mt76: mt7921: report HE MU radiotap
mt76: mt7921: fix firmware usage of RA info using legacy rates
mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate
mt76: mt7921: always wake device if necessary in debugfs
mt76: mt7915: fix hwmon temp sensor mem use-after-free
mt76: mt7615: fix hwmon temp sensor mem use-after-free
mt76: mt7915: fix possible infinite loop release semaphore
mt76: mt7921: fix retrying release semaphore without end
mt76: mt7615: fix monitor mode tear down crash
mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2
mt76: mt7915: fix sta_rec_wtbl tag len
mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
rsi: stop thread firstly in rsi_91x_init() error handling
mwifiex: Send DELBA requests according to spec
iwlwifi: mvm: reset PM state on unsuccessful resume
iwlwifi: pnvm: don't kmemdup() more than we have
iwlwifi: pnvm: read EFI data only if long enough
net: enetc: unmap DMA in enetc_send_cmd()
phy: micrel: ksz8041nl: do not use power down mode
nbd: Fix use-after-free in pid_show
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
PM: hibernate: fix sparse warnings
clocksource/drivers/timer-ti-dm: Select TIMER_OF
x86/sev: Fix stack type check in vc_switch_off_ist()
drm/msm: Fix potential NULL dereference in DPU SSPP
drm/msm/dsi: fix wrong type in msm_dsi_host
crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
KVM: selftests: Fix nested SVM tests when built with clang
libbpf: Fix memory leak in btf__dedup()
bpftool: Avoid leaking the JSON writer prepared for program metadata
libbpf: Fix overflow in BTF sanity checks
libbpf: Fix BTF header parsing checks
mt76: mt7615: mt7622: fix ibss and meshpoint
s390/gmap: validate VMA in __gmap_zap()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
s390/mm: validate VMA in PGSTE manipulation functions
s390/mm: fix VMA and page table handling code in storage key handling functions
s390/uv: fully validate the VMA before calling follow_page()
KVM: s390: pv: avoid double free of sida page
KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
irq: mips: avoid nested irq_enter()
net: dsa: avoid refcount warnings when ->port_{fdb,mdb}_del returns error
ARM: 9142/1: kasan: work around LPAE build warning
ath10k: fix module load regression with iram-recovery feature
block: ataflop: more blk-mq refactoring fixes
blk-cgroup: synchronize blkg creation against policy deactivation
libbpf: Fix off-by-one bug in bpf_core_apply_relo()
tpm: fix Atmel TPM crash caused by too frequent queries
tpm_tis_spi: Add missing SPI ID
libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED()
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
tracing: Fix missing trace_boot_init_histograms kstrdup NULL checks
cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization
spi: spi-rpc-if: Check return value of rpcif_sw_init()
samples/kretprobes: Fix return value if register_kretprobe() failed
KVM: s390: Fix handle_sske page fault handling
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
wcn36xx: add proper DMA memory barriers in rx path
wcn36xx: Fix discarded frames due to wrong sequence number
bpf: Avoid races in __bpf_prog_run() for 32bit arches
bpf: Fixes possible race in update_prog_stats() for 32bit arches
wcn36xx: Channel list update before hardware scan
drm/amdgpu: fix a potential memory leak in amdgpu_device_fini_sw()
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
selftests/bpf: Fix fd cleanup in sk_lookup test
selftests/bpf: Fix memory leak in test_ima
sctp: allow IP fragmentation when PLPMTUD enters Error state
sctp: reset probe_timer in sctp_transport_pl_update
sctp: subtract sctphdr len in sctp_transport_pl_hlen
sctp: return true only for pathmtu update in sctp_transport_pl_toobig
net: amd-xgbe: Toggle PLL settings during rate change
ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()'
nfp: fix NULL pointer access when scheduling dim work
nfp: fix potential deadlock when canceling dim work
net: phylink: avoid mvneta warning when setting pause parameters
net: bridge: fix uninitialized variables when BRIDGE_CFM is disabled
selftests: net: bridge: update IGMP/MLD membership interval value
crypto: pcrypt - Delay write to padata->info
selftests/bpf: Fix fclose/pclose mismatch in test_progs
udp6: allow SO_MARK ctrl msg to affect routing
ibmvnic: don't stop queue in xmit
ibmvnic: Process crqs after enabling interrupts
ibmvnic: delay complete()
selftests: mptcp: fix proto type in link_failure tests
skmsg: Lose offset info in sk_psock_skb_ingress
cgroup: Fix rootcg cpu.stat guest double counting
bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.
bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit.
of: unittest: fix EXPECT text for gpio hog errors
cpufreq: Fix parameter in parse_perf_domain()
staging: r8188eu: fix memory leak in rtw_set_key
arm64: dts: meson: sm1: add Ethernet PHY reset line for ODROID-C4/HC4
iio: st_sensors: disable regulators after device unregistration
RDMA/rxe: Fix wrong port_cap_flags
ARM: dts: BCM5301X: Fix memory nodes names
arm64: dts: broadcom: bcm4908: Fix UART clock name
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
scsi: pm80xx: Fix lockup in outbound queue management
scsi: qla2xxx: edif: Use link event to wake up app
scsi: lpfc: Fix NVMe I/O failover to non-optimized path
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes
arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe
arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id" properties of pcie node
arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number for PCIe
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
arm64: dts: meson-g12b: Fix the pwm regulator supply properties
arm64: dts: meson-sm1: Fix the pwm regulator supply properties
bus: ti-sysc: Fix timekeeping_suspended warning on resume
ARM: dts: at91: tse850: the emac<->phy interface is rmii
arm64: dts: qcom: sc7180: Base dynamic CPU power coefficients in reality
soc: qcom: llcc: Disable MMUHWT retention
arm64: dts: qcom: sc7280: fix display port phy reg property
scsi: dc395: Fix error case unwinding
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
JFS: fix memleak in jfs_mount
pinctrl: renesas: rzg2l: Fix missing port register 21h
ASoC: wcd9335: Use correct version to initialize Class H
arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock
arm64: dts: renesas: beacon: Fix Ethernet PHY mode
iommu/mediatek: Fix out-of-range warning with clang
arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000
iommu/dma: Fix sync_sg with swiotlb
iommu/dma: Fix arch_sync_dma for map
ALSA: hda: Reduce udelay() at SKL+ position reporting
ALSA: hda: Use position buffer for SKL+ again
ALSA: usb-audio: Fix possible race at sync of urb completions
soundwire: debugfs: use controller id and link_id for debugfs
power: reset: at91-reset: check properly the return value of devm_of_iomap
scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition
scsi: ufs: core: Stop clearing UNIT ATTENTIONS
scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt
scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp()
driver core: Fix possible memory leak in device_link_add()
arm: dts: omap3-gta04a4: accelerometer irq fix
ASoC: SOF: topology: do not power down primary core during topology removal
iio: st_pressure_spi: Add missing entries SPI to device ID table
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
clk: at91: check pmc node status before registering syscore ops
powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous prototype for 'create_section_mapping'
video: fbdev: chipsfb: use memset_io() instead of memset()
powerpc: fix unbalanced node refcount in check_kvm_guest()
powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
power: supply: max17040: fix null-ptr-deref in max17040_probe()
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
usb: musb: select GENERIC_PHY instead of depending on it
staging: most: dim2: do not double-register the same device
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
RDMA/core: Set sgtable nents when using ib_dma_virt_map_sg()
dyndbg: make dyndbg a known cli param
powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10
pinctrl: renesas: checker: Fix off-by-one bug in drive register check
ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
ARM: dts: stm32: fix STUSB1600 Type-C irq level on stm32mp15xx-dkx
ARM: dts: stm32: fix SAI sub nodes register range
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
ASoC: cs42l42: Always configure both ASP TX channels
ASoC: cs42l42: Correct some register default values
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
soc: qcom: rpmhpd: Make power_on actually enable the domain
soc: qcom: socinfo: add two missing PMIC IDs
iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask()
usb: typec: STUSB160X should select REGMAP_I2C
iio: adis: do not disabe IRQs in 'adis_init()'
soundwire: bus: stop dereferencing invalid slave pointer
scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset
serial: imx: fix detach/attach of serial console
usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init
usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled
usb: dwc2: drd: reset current session before setting the new one
powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and KFENCE
usb: dwc3: gadget: Skip resizing EP's TX FIFO if already resized
firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()
soc: qcom: rpmhpd: fix sm8350_mxc's peer domain
soc: qcom: apr: Add of_node_put() before return
arm64: dts: qcom: pmi8994: Fix "eternal"->"external" typo in WLED node
arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly
arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock
pinctrl: equilibrium: Fix function addition in multiple groups
ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
phy: qcom-qusb2: Fix a memory leak on probe
phy: ti: gmii-sel: check of_get_address() for failure
phy: qcom-qmp: another fix for the sc8180x PCIe definition
phy: qcom-snps: Correct the FSEL_MASK
phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe()
serial: xilinx_uartps: Fix race condition causing stuck TX
clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL
clk: at91: clk-master: check if div or pres is zero
clk: at91: clk-master: fix prescaler logic
HID: u2fzero: clarify error check and length calculations
HID: u2fzero: properly handle timeouts in usb_submit_urb
powerpc/nohash: Fix __ptep_set_access_flags() and ptep_set_wrprotect()
powerpc/book3e: Fix set_memory_x() and set_memory_nx()
powerpc/44x/fsp2: add missing of_node_put
powerpc/xmon: fix task state output
ALSA: oxfw: fix functional regression for Mackie Onyx 1640i in v5.14 or later
iommu/dma: Fix incorrect error return on iommu deferred attach
powerpc: Don't provide __kernel_map_pages() without ARCH_SUPPORTS_DEBUG_PAGEALLOC
ASoC: cs42l42: Correct configuring of switch inversion from ts-inv
RDMA/hns: Fix initial arm_st of CQ
RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware compatibility
ASoC: rsnd: Fix an error handling path in 'rsnd_node_count()'
serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE
virtio_ring: check desc == NULL when using indirect with packed
vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit
mips: cm: Convert to bitfield API to fix out-of-bounds access
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
RDMA/core: Require the driver to set the IOVA correctly during rereg_mr
apparmor: fix error check
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
mtd: rawnand: intel: Fix potential buffer overflow in probe
nfsd: don't alloc under spinlock in rpc_parse_scope_id
rtc: ds1302: Add SPI ID table
rtc: ds1390: Add SPI ID table
rtc: pcf2123: Add SPI ID table
remoteproc: imx_rproc: Fix TCM io memory type
i2c: i801: Use PCI bus rescan mutex to protect P2SB access
dmaengine: idxd: move out percpu_ref_exit() to ensure it's outside submission
rtc: mcp795: Add SPI ID table
Input: ariel-pwrbutton - add SPI device ID table
i2c: mediatek: fixing the incorrect register offset
NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED
NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA
NFS: Ignore the directory size when marking for revalidation
NFS: Fix dentry verifier races
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
drm/bridge/lontium-lt9611uxc: fix provided connector suport
drm/plane-helper: fix uninitialized variable reference
PCI: aardvark: Don't spam about PIO Response Status
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
opp: Fix return in _opp_add_static_v2()
NFS: Fix deadlocks in nfs_scan_commit_list()
sparc: Add missing "FORCE" target when using if_changed
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
Input: st1232 - increase "wait ready" timeout
drm/bridge: nwl-dsi: Add atomic_get_input_bus_fmts
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation
mtd: rawnand: arasan: Prevent an unsupported configuration
mtd: core: don't remove debugfs directory if device is in use
remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()'
rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
dmaengine: stm32-dma: fix stm32_dma_get_max_width
NFS: Fix up commit deadlocks
NFS: Fix an Oops in pnfs_mark_request_commit()
Fix user namespace leak
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: ht16k33: Fix frame buffer device blanking
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
dmaengine: tegra210-adma: fix pm runtime unbalance
dmanegine: idxd: fix resource free ordering on driver removal
dmaengine: idxd: reconfig device after device reset command
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
ar7: fix kernel builds for compiler test
scsi: target: core: Remove from tmr_list during LUN unlink
scsi: qla2xxx: Relogin during fabric disturbance
scsi: qla2xxx: Fix gnl list corruption
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: edif: Fix app start fail
scsi: qla2xxx: edif: Fix app start delay
scsi: qla2xxx: edif: Flush stale events and msgs on session down
scsi: qla2xxx: edif: Increase ELS payload
scsi: qla2xxx: edif: Fix EDIF bsg
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
dmaengine: idxd: fix resource leak on dmaengine driver disable
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
gpio: realtek-otto: fix GPIO line IRQ offset
xen-pciback: Fix return in pm_ctrl_init()
nbd: fix max value for 'first_minor'
nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
io-wq: fix max-workers not correctly set on multi-node system
net: davinci_emac: Fix interrupt pacing disable
kselftests/net: add missed icmp.sh test to Makefile
kselftests/net: add missed setup_loopback.sh/setup_veth.sh to Makefile
kselftests/net: add missed SRv6 tests
kselftests/net: add missed vrf_strict_mode_test.sh test to Makefile
kselftests/net: add missed toeplitz.sh/toeplitz_client.sh to Makefile
ethtool: fix ethtool msg len calculation for pause stats
openrisc: fix SMP tlb flush NULL pointer dereference
net: vlan: fix a UAF in vlan_dev_real_dev()
net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge
ice: Fix replacing VF hardware MAC to existing MAC filter
ice: Fix not stopping Tx queues for VFs
kdb: Adopt scheduler's task classification
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
PCI: j721e: Fix j721e_pcie_probe() error path
nvdimm/btt: do not call del_gendisk() if not needed
scsi: bsg: Fix errno when scsi_bsg_register_queue() fails
scsi: ufs: ufshpb: Use proper power management API
scsi: ufs: core: Fix NULL pointer dereference
scsi: ufs: ufshpb: Properly handle max-single-cmd
selftests: net: properly support IPv6 in GSO GRE test
drm/nouveau/svm: Fix refcount leak bug and missing check against null bug
nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet assigned
block/ataflop: use the blk_cleanup_disk() helper
block/ataflop: add registration bool before calling del_gendisk()
block/ataflop: provide a helper for cleanup up an atari disk
ataflop: remove ataflop_probe_lock mutex
PCI: Do not enable AtomicOps on VFs
cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline
net: phy: fix duplex out of sync problem while changing settings
block: fix device_add_disk() kobject_create_and_add() error handling
drm/ttm: remove ttm_bo_vm_insert_huge()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
octeontx2-pf: select CONFIG_NET_DEVLINK
ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer
mfd: core: Add missing of_node_put for loop iteration
mfd: cpcap: Add SPI device ID table
mfd: sprd: Add SPI device ID table
mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion
ACPI: PM: Fix device wakeup power reference counting error
libbpf: Fix lookup_and_delete_elem_flags error reporting
selftests/bpf/xdp_redirect_multi: Put the logs to tmp folder
selftests/bpf/xdp_redirect_multi: Use arping to accurate the arp number
selftests/bpf/xdp_redirect_multi: Give tcpdump a chance to terminate cleanly
selftests/bpf/xdp_redirect_multi: Limit the tests in netns
drm: fb_helper: improve CONFIG_FB dependency
Revert "drm/imx: Annotate dma-fence critical section in commit path"
drm/amdgpu/powerplay: fix sysfs_emit/sysfs_emit_at handling
can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
zram: off by one in read_block_state()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
litex_liteeth: Fix a double free in the remove function
arm64: arm64_ftr_reg->name may not be a human-readable string
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
bpf, sockmap: Remove unhash handler for BPF sockmap usage
bpf, sockmap: Fix race in ingress receive verdict with redirect to self
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg
dmaengine: stm32-dma: fix burst in case of unaligned memory address
dmaengine: stm32-dma: avoid 64-bit division in stm32_dma_get_max_width
gve: Fix off by one in gve_tx_timeout()
drm/i915/fb: Fix rounding error in subsampled plane size calculation
init: make unknown command line param message clearer
seq_file: fix passing wrong private data
drm/amdgpu: fix uvd crash on Polaris12 during driver unloading
net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on ports other than 10
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
net: hns3: fix ROCE base interrupt vector initialization bug
net: hns3: fix pfc packet number incorrect after querying pfc parameters
net: hns3: fix kernel crash when unload VF while it is being reset
net: hns3: allow configure ETS bandwidth of all TCs
net: stmmac: allow a tc-taprio base-time of zero
net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
net: marvell: mvpp2: Fix wrong SerDes reconfiguration order
vsock: prevent unnecessary refcnt inc for nonblocking connect
net/smc: fix sk_refcnt underflow on linkdown and fallback
cxgb4: fix eeprom len when diagnostics not implemented
selftests/net: udpgso_bench_rx: fix port argument
thermal: int340x: fix build on 32-bit targets
smb3: do not error on fsync when readonly
ARM: 9155/1: fix early early_iounmap()
ARM: 9156/1: drop cc-option fallbacks for architecture selection
parisc: Fix backtrace to always include init funtion names
parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page
MIPS: fix duplicated slashes for Platform file path
MIPS: fix *-pkg builds for loongson2ef platform
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
x86/mce: Add errata workaround for Skylake SKX37
PCI/MSI: Move non-mask check back into low level accessors
PCI/MSI: Destroy sysfs before freeing entries
KVM: x86: move guest_pv_has out of user_access section
posix-cpu-timers: Clear task::posix_cputimers_work in copy_process()
irqchip/sifive-plic: Fixup EOI failed when masked
f2fs: should use GFP_NOFS for directory inodes
f2fs: include non-compressed blocks in compr_written_block
f2fs: fix UAF in f2fs_available_free_memory
ceph: fix mdsmap decode when there are MDS's beyond max_mds
erofs: fix unsafe pagevec reuse of hooked pclusters
drm/i915/guc: Fix blocked context accounting
block: Hold invalidate_lock in BLKDISCARD ioctl
block: Hold invalidate_lock in BLKZEROOUT ioctl
block: Hold invalidate_lock in BLKRESETZONE ioctl
ksmbd: Fix buffer length check in fsctl_validate_negotiate_info()
ksmbd: don't need 8byte alignment for request length in ksmbd_check_message
dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail
dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail
dmaengine: bestcomm: fix system boot lockups
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
9p/net: fix missing error check in p9_check_errors
mm/filemap.c: remove bogus VM_BUG_ON
memcg: prohibit unconditional exceeding the limit of dying tasks
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm, oom: do not trigger out_of_memory from the #PF
mm, thp: lock filemap when truncating page cache
mm, thp: fix incorrect unmap behavior for private pages
mfd: dln2: Add cell for initializing DLN2 ADC
video: backlight: Drop maximum brightness override for brightness zero
bcache: fix use-after-free problem in bcache_device_free()
bcache: Revert "bcache: use bvec_virt"
PM: sleep: Avoid calling put_device() under dpm_list_mtx
s390/cpumf: cpum_cf PMU displays invalid value after hotplug remove
s390/cio: check the subchannel validity for dev_busid
s390/tape: fix timer initialization in tape_std_assign()
s390/ap: Fix hanging ioctl caused by orphaned replies
s390/cio: make ccw_device_dma_* more robust
remoteproc: elf_loader: Fix loading segment when is_iomem true
remoteproc: Fix the wrong default value of is_iomem
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Fix rsc-table name
mtd: rawnand: fsmc: Fix use of SM ORDER
mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines
mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines
mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines
mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines
mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines
mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines
mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines
mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
powerpc/vas: Fix potential NULL pointer dereference
powerpc/bpf: Fix write protecting JIT code
powerpc/32e: Ignore ESR in instruction storage interrupt handler
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
powerpc/security: Use a mutex for interrupt exit code patching
powerpc/64s/interrupt: Fix check_return_regs_valid() false positive
powerpc/pseries/mobility: ignore ibm, platform-facilities updates
powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n
drm/sun4i: Fix macros in sun8i_csc.h
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
PCI: aardvark: Fix PCIe Max Payload Size setting
SUNRPC: Partial revert of commit
|
||
|
Quentin Perret
|
a008d05d84 |
UPSTREAM: KVM: arm64: Fix host stage-2 finalization
We currently walk the hypervisor stage-1 page-table towards the end of hyp init in nVHE protected mode and adjust the host page ownership attributes in its stage-2 in order to get a consistent state from both point of views. The walk is done on the entire hyp VA space, and expects to only ever find page-level mappings. While this expectation is reasonable in the half of hyp VA space that maps memory with a fixed offset (see the loop in pkvm_create_mappings_locked()), it can be incorrect in the other half where nothing prevents the usage of block mappings. For instance, on systems where memory is physically aligned at an address that happens to maps to a PMD aligned VA in the hyp_vmemmap, kvm_pgtable_hyp_map() will install block mappings when backing the hyp_vmemmap, which will later cause finalize_host_mappings() to fail. Furthermore, it should be noted that all pages backing the hyp_vmemmap are also mapped in the 'fixed offset range' of the hypervisor, which implies that finalize_host_mappings() will walk both aliases and update the host stage-2 attributes twice. The order in which this happens is unpredictable, though, since the hyp VA layout is highly dependent on the position of the idmap page, hence resulting in a fragile mess at best. In order to fix all of this, let's restrict the finalization walk to only cover memory regions in the 'fixed-offset range' of the hyp VA space and nothing else. This not only fixes a correctness issue, but will also result in a slighlty faster hyp initialization overall. Fixes: |
||
|
YueHaibing
|
3ed022fd1b |
UPSTREAM: KVM: arm64: Change the return type of kvm_vcpu_preferred_target()
kvm_vcpu_preferred_target() always return 0 because kvm_target_cpu()
never returns a negative error code.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211105011500.16280-1-yuehaibing@huawei.com
(cherry picked from commit
|
||
|
Randy Dunlap
|
d9ab1c08c9 |
UPSTREAM: KVM: arm64: nvhe: Fix a non-kernel-doc comment
Do not use kernel-doc "/**" notation when the comment is not in
kernel-doc format.
Fixes this docs build warning:
arch/arm64/kvm/hyp/nvhe/sys_regs.c:478: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
* Handler for protected VM restricted exceptions.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Fuad Tabba <tabba@google.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: kvmarm@lists.cs.columbia.edu
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211106032529.15057-1-rdunlap@infradead.org
(cherry picked from commit
|
||
|
Mark Rutland
|
f4a7c134df |
UPSTREAM: KVM: arm64: Extract ESR_ELx.EC only
Since ARMv8.0 the upper 32 bits of ESR_ELx have been RES0, and recently
some of the upper bits gained a meaning and can be non-zero. For
example, when FEAT_LS64 is implemented, ESR_ELx[36:32] contain ISS2,
which for an ST64BV or ST64BV0 can be non-zero. This can be seen in ARM
DDI 0487G.b, page D13-3145, section D13.2.37.
Generally, we must not rely on RES0 bit remaining zero in future, and
when extracting ESR_ELx.EC we must mask out all other bits.
All C code uses the ESR_ELx_EC() macro, which masks out the irrelevant
bits, and therefore no alterations are required to C code to avoid
consuming irrelevant bits.
In a couple of places the KVM assembly extracts ESR_ELx.EC using LSR on
an X register, and so could in theory consume previously RES0 bits. In
both cases this is for comparison with EC values ESR_ELx_EC_HVC32 and
ESR_ELx_EC_HVC64, for which the upper bits of ESR_ELx must currently be
zero, but this could change in future.
This patch adjusts the KVM vectors to use UBFX rather than LSR to
extract ESR_ELx.EC, ensuring these are robust to future additions to
ESR_ELx.
Cc: stable@vger.kernel.org
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211103110545.4613-1-mark.rutland@arm.com
(cherry picked from commit
|
||
|
Marc Zyngier
|
1f222ed7d1 |
UPSTREAM: KVM: arm64: pkvm: Give priority to standard traps over pvm handling
Checking for pvm handling first means that we cannot handle ptrauth
traps or apply any of the workarounds (GICv3 or TX2 #219).
Flip the order around.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-12-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
29243d4128 |
UPSTREAM: KVM: arm64: pkvm: Pass vpcu instead of kvm to kvm_get_exit_handler_array()
Passing a VM pointer around is odd, and results in extra work on
VHE. Follow the rest of the design that uses the vcpu instead, and
let the nVHE code look into the struct kvm as required.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-11-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
120100bc7a |
UPSTREAM: KVM: arm64: pkvm: Move kvm_handle_pvm_restricted around
Place kvm_handle_pvm_restricted() next to its little friends such
as kvm_handle_pvm_sysreg().
This allows to make inject_undef64() static.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-10-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
8e55be5ce7 |
UPSTREAM: KVM: arm64: pkvm: Consolidate include files
kvm_fixed_config.h is pkvm specific, and would be better placed
near its users. At the same time, include/nvhe/sys_regs.h is now
almost empty.
Merge the two into arch/arm64/kvm/hyp/include/nvhe/fixed_config.h.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-9-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
81030382f3 |
UPSTREAM: KVM: arm64: pkvm: Preserve pending SError on exit from AArch32
Don't drop a potential SError when a guest gets caught red-handed
running AArch32 code.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-8-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
b9220c350c |
UPSTREAM: KVM: arm64: pkvm: Handle GICv3 traps as required
Forward accesses to the ICV_*SGI*_EL1 registers to EL1, and
emulate ICV_SRE_EL1 by returning a fixed value.
This should be enough to support GICv3 in a protected guest.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-7-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
2a586031f7 |
UPSTREAM: KVM: arm64: pkvm: Drop sysregs that should never be routed to the host
A bunch of system registers (most of them MM related) should never
trap to the host under any circumstance. Keep them close to our chest.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-6-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
066e103c51 |
UPSTREAM: KVM: arm64: pkvm: Drop AArch32-specific registers
All the SYS_*32_EL2 registers are AArch32-specific. Since we forbid
AArch32, there is no need to handle those in any way.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-5-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
738dfc430c |
UPSTREAM: KVM: arm64: pkvm: Make the ERR/ERX*_EL1 registers RAZ/WI
The ERR*/ERX* registers should be handled as RAZ/WI, and there
should be no need to involve EL1 for that.
Add a helper that handles such registers, and repaint the sysreg
table to declare these registers as RAZ/WI.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-4-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
6f27c7ee45 |
UPSTREAM: KVM: arm64: pkvm: Use a single function to expose all id-regs
Rather than exposing a whole set of helper functions to retrieve
individual ID registers, use the existing decoding tree and expose
a single helper instead.
This allow a number of functions to be made static, and we now
have a single entry point to maintain.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-3-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
77146fb45c |
UPSTREAM: KVM: arm64: Fix early exit ptrauth handling
The previous rework of the early exit code to provide an EC-based
decoding tree missed the fact that we have two trap paths for
ptrauth: the instructions (EC_PAC) and the sysregs (EC_SYS64).
Rework the handlers to call the ptrauth handling code on both
paths.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211013120346.2926621-2-maz@kernel.org
(cherry picked from commit
|
||
|
Jia He
|
e1fad7c425 |
UPSTREAM: KVM: arm64: Add memcg accounting to KVM allocations
Inspired by commit |
||
|
Jia He
|
da5b0ba023 |
UPSTREAM: KVM: arm64: vgic: Add memcg accounting to vgic allocations
Inspired by commit |
||
|
Marc Zyngier
|
b351a76cf0 |
UPSTREAM: KVM: arm64: vgic-v3: Align emulated cpuif LPI state machine with the pseudocode
Having realised that a virtual LPI does transition through an active
state that does not exist on bare metal, align the CPU interface
emulation with the behaviour specified in the architecture pseudocode.
The LPIs now transition to active on IAR read, and to inactive on
EOI write. Special care is taken not to increment the EOIcount for
an LPI that isn't present in the LRs.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010150910.2911495-6-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
1cb157aaf0 |
UPSTREAM: KVM: arm64: vgic-v3: Don't advertise ICC_CTLR_EL1.SEIS
Since we are trapping all sysreg accesses when ICH_VTR_EL2.SEIS
is set, and that we never deliver an SError when emulating
any of the GICv3 sysregs, don't advertise ICC_CTLR_EL1.SEIS.
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010150910.2911495-5-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
cafc5bbbd3 |
UPSTREAM: KVM: arm64: vgic-v3: Reduce common group trapping to ICV_DIR_EL1 when possible
On systems that advertise ICH_VTR_EL2.SEIS, we trap all GICv3 sysreg
accesses from the guest. From a performance perspective, this is OK
as long as the guest doesn't hammer the GICv3 CPU interface.
In most cases, this is fine, unless the guest actively uses
priorities and switches PMR_EL1 very often. Which is exactly what
happens when a Linux guest runs with irqchip.gicv3_pseudo_nmi=1.
In these condition, the performance plumets as we hit PMR each time
we mask/unmask interrupts. Not good.
There is however an opportunity for improvement. Careful reading
of the architecture specification indicates that the only GICv3
sysreg belonging to the common group (which contains the SGI
registers, PMR, DIR, CTLR and RPR) that is allowed to generate
a SError is DIR. Everything else is safe.
It is thus possible to substitute the trapping of all the common
group with just that of DIR if it supported by the implementation.
Yes, that's yet another optional bit of the architecture.
So let's just do that, as it leads to some impressive result on
the M1:
Without this change:
bash-5.1# /host/home/maz/hackbench 100 process 1000
Running with 100*40 (== 4000) tasks.
Time: 56.596
With this change:
bash-5.1# /host/home/maz/hackbench 100 process 1000
Running with 100*40 (== 4000) tasks.
Time: 8.649
which is a pretty convincing result.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Link: https://lore.kernel.org/r/20211010150910.2911495-4-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
c7734acd77 |
UPSTREAM: KVM: arm64: vgic-v3: Work around GICv3 locally generated SErrors
The infamous M1 has a feature nobody else ever implemented,
in the form of the "GIC locally generated SError interrupts",
also known as SEIS for short.
These SErrors are generated when a guest does something that violates
the GIC state machine. It would have been simpler to just *ignore*
the damned thing, but that's not what this HW does. Oh well.
This part of of the architecture is also amazingly under-specified.
There is a whole 10 lines that describe the feature in a spec that
is 930 pages long, and some of these lines are factually wrong.
Oh, and it is deprecated, so the insentive to clarify it is low.
Now, the spec says that this should be a *virtual* SError when
HCR_EL2.AMO is set. As it turns out, that's not always the case
on this CPU, and the SError sometimes fires on the host as a
physical SError. Goodbye, cruel world. This clearly is a HW bug,
and it means that a guest can easily take the host down, on demand.
Thankfully, we have seen systems that were just as broken in the
past, and we have the perfect vaccine for it.
Apple M1, please meet the Cavium ThunderX workaround. All your
GIC accesses will be trapped, sanitised, and emulated. Only the
signalling aspect of the HW will be used. It won't be super speedy,
but it will at least be safe. You're most welcome.
Given that this has only ever been seen on this single implementation,
that the spec is unclear at best and that we cannot trust it to ever
be implemented correctly, gate the workaround solely on ICH_VTR_EL2.SEIS
being set.
Tested-by: Joey Gouly <joey.gouly@arm.com>
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010150910.2911495-3-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
9994edf143 |
UPSTREAM: KVM: arm64: Force ID_AA64PFR0_EL1.GIC=1 when exposing a virtual GICv3
Until now, we always let ID_AA64PFR0_EL1.GIC reflect the value
visible on the host, even if we were running a GICv2-enabled VM
on a GICv3+compat host.
That's fine, but we also now have the case of a host that does not
expose ID_AA64PFR0_EL1.GIC==1 despite having a vGIC. Yes, this is
confusing. Thank you M1.
Let's go back to first principles and expose ID_AA64PFR0_EL1.GIC=1
when a GICv3 is exposed to the guest. This also hides a GICv4.1
CPU interface from the guest which has no business knowing about
the v4.1 extension.
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010150910.2911495-2-maz@kernel.org
(cherry picked from commit
|
||
|
Marc Zyngier
|
e58bd00b4c |
UPSTREAM: KVM: arm64: Fix reporting of endianess when the access originates at EL0
We currently check SCTLR_EL1.EE when computing the address of
a faulting guest access. However, the fault could have occured at
EL0, in which case the right bit to check would be SCTLR_EL1.E0E.
This is pretty unlikely to cause any issue in practice: You'd have
to have a guest with a LE EL1 and a BE EL0 (or the other way around),
and have mapped a device into the EL0 page tables.
Good luck with that!
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Link: https://lore.kernel.org/r/20211012112312.1247467-1-maz@kernel.org
(cherry picked from commit
|
||
|
Alexandru Elisei
|
54e3c184e4 |
UPSTREAM: Documentation: admin-guide: Document side effects when pKVM is enabled
Recent changes to KVM for arm64 has made it impossible for the host to
hibernate or use kexec when protected mode is enabled via the kernel
command line.
There are people who rely on kexec (for example, developers who use kexec
as a quick way to test a new kernel), let's document this change in
behaviour, so it doesn't catch them by surprise and we have a place to
point people to if it does.
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211011153835.291147-1-alexandru.elisei@arm.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
785107d23e |
UPSTREAM: KVM: arm64: Handle protected guests at 32 bits
Protected KVM does not support protected AArch32 guests. However, it is possible for the guest to force run AArch32, potentially causing problems. Add an extra check so that if the hypervisor catches the guest doing that, it can prevent the guest from running again by resetting vcpu->arch.target and returning ARM_EXCEPTION_IL. If this were to happen, The VMM can try and fix it by re- initializing the vcpu with KVM_ARM_VCPU_INIT, however, this is likely not possible for protected VMs. Adapted from commit |
||
|
Fuad Tabba
|
96d1022552 |
UPSTREAM: KVM: arm64: Trap access to pVM restricted features
Trap accesses to restricted features for VMs running in protected
mode.
Access to feature registers are emulated, and only supported
features are exposed to protected VMs.
Accesses to restricted registers as well as restricted
instructions are trapped, and an undefined exception is injected
into the protected guests, i.e., with EC = 0x0 (unknown reason).
This EC is the one used, according to the Arm Architecture
Reference Manual, for unallocated or undefined system registers
or instructions.
Only affects the functionality of protected VMs. Otherwise,
should not affect non-protected VMs when KVM is running in
protected mode.
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-11-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
a27c55e656 |
UPSTREAM: KVM: arm64: Move sanitized copies of CPU features
Move the sanitized copies of the CPU feature registers to the
recently created sys_regs.c. This consolidates all copies in a
more relevant file.
No functional change intended.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-10-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
c46d0a44ac |
BACKPORT: KVM: arm64: Initialize trap registers for protected VMs
Protected VMs have more restricted features that need to be
trapped. Moreover, the host should not be trusted to set the
appropriate trapping registers and their values.
Initialize the trapping registers, i.e., hcr_el2, mdcr_el2, and
cptr_el2 at EL2 for protected guests, based on the values of the
guest's feature id registers.
No functional change intended as trap handlers introduced in the
previous patch are still not hooked in to the guest exit
handlers.
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-9-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
77cc37c709 |
UPSTREAM: KVM: arm64: Add handlers for protected VM System Registers
Add system register handlers for protected VMs. These cover Sys64
registers (including feature id registers), and debug.
No functional change intended as these are not hooked in yet to
the guest exit handlers introduced earlier. So when trapping is
triggered, the exit handlers let the host handle it, as before.
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-8-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
ced18464a8 |
UPSTREAM: KVM: arm64: Simplify masking out MTE in feature id reg
Simplify code for hiding MTE support in feature id register when
MTE is not enabled/supported by KVM.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-7-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
4a31d4f906 |
UPSTREAM: KVM: arm64: Add missing field descriptor for MDCR_EL2
It's not currently used. Added for completeness.
No functional change intended.
Suggested-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-6-tabba@google.com
(cherry picked from commit
|
||
|
Fuad Tabba
|
8ad0f67319 |
UPSTREAM: KVM: arm64: Pass struct kvm to per-EC handlers
We need struct kvm to check for protected VMs to be able to pick
the right handlers for them in subsequent patches.
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211010145636.1950948-5-tabba@google.com
(cherry picked from commit
|
||
|
Marc Zyngier
|
06801e6c69 |
UPSTREAM: KVM: arm64: Move early handlers to per-EC handlers
Simplify the early exception handling by slicing the gigantic decoding
tree into a more manageable set of functions, similar to what we have
in handle_exit.c.
This will also make the structure reusable for pKVM's own early exit
handling.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211010145636.1950948-4-tabba@google.com
(cherry picked from commit
|
||
|
Marc Zyngier
|
562c61deb4 |
UPSTREAM: KVM: arm64: Don't include switch.h into nvhe/kvm-main.c
hyp-main.c includes switch.h while it only requires adjust-pc.h.
Fix it to remove an unnecessary dependency.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211010145636.1950948-3-tabba@google.com
(cherry picked from commit
|
||
|
Marc Zyngier
|
5e6725db6f |
UPSTREAM: KVM: arm64: Move __get_fault_info() and co into their own include file
In order to avoid including the whole of the switching helpers
in unrelated files, move the __get_fault_info() and related helpers
into their own include file.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20211010145636.1950948-2-tabba@google.com
(cherry picked from commit
|
||
|
Alexandru Elisei
|
f81bc95f27 |
UPSTREAM: KVM: arm64: Replace get_raz_id_reg() with get_raz_reg()
Reading a RAZ ID register isn't different from reading any other RAZ
register, so get rid of get_raz_id_reg() and replace it with get_raz_reg(),
which does the same thing, but does it without going through two layers of
indirection.
No functional change.
Suggested-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211011105840.155815-4-alexandru.elisei@arm.com
(cherry picked from commit
|
||
|
Alexandru Elisei
|
c0b53ae7d3 |
UPSTREAM: KVM: arm64: Use get_raz_reg() for userspace reads of PMSWINC_EL0
PMSWINC_EL0 is a write-only register and was initially part of the VCPU register state, but was later removed in commit |
||
|
Alexandru Elisei
|
367a7bc97a |
UPSTREAM: KVM: arm64: Return early from read_id_reg() if register is RAZ
If read_id_reg() is called for an ID register which is Read-As-Zero (RAZ), it initializes the return value to zero, then goes through a list of registers which require special handling before returning the final value. By not returning as soon as it checks that the register should be RAZ, the function creates the opportunity for bugs, if, for example, a patch changes a register to RAZ (like has happened with PMSWINC_EL0 in commit |
||
|
Sean Christopherson
|
13bb7faff2 |
UPSTREAM: KVM: arm64: Depend on HAVE_KVM instead of OF
Select HAVE_KVM at all times on arm64, as the OF requirement is
always there (even in the case of an ACPI system, we still depend
on some of the OF infrastructure), and won't fo away.
No functional change intended.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Acked-by: Will Deacon <will@kernel.org>
[maz: Drop the "HAVE_KVM if OF" dependency, as OF is always there on arm64,
new commit message]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210921222231.518092-3-seanjc@google.com
(cherry picked from commit
|
||
|
Sean Christopherson
|
7f5b8f586c |
UPSTREAM: KVM: arm64: Unconditionally include generic KVM's Kconfig
Unconditionally "source" the generic KVM Kconfig instead of wrapping it
with KVM=y. A future patch will select HAVE_KVM so that referencing
HAVE_KVM in common kernel code doesn't break, and because KVM=y and
HAVE_KVM=n is weird. Source the generic KVM Kconfig unconditionally so
that HAVE_KVM and KVM don't end up with a circular dependency.
Note, all but one of generic KVM's "configs" are of the HAVE_XYZ nature,
and the one outlier correctly takes a dependency on CONFIG_KVM, i.e. the
generic Kconfig is intended to be included unconditionally.
No functional change intended.
Signed-off-by: Sean Christopherson <seanjc@google.com>
[maz: made NVHE_EL2_DEBUG depend on KVM]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210921222231.518092-2-seanjc@google.com
(cherry picked from commit
|
||
|
Marc Zyngier
|
03b391fd33 |
UPSTREAM: KVM: arm64: Allow KVM to be disabled from the command line
Although KVM can be compiled out of the kernel, it cannot be disabled
at runtime. Allow this possibility by introducing a new mode that
will prevent KVM from initialising.
This is useful in the (limited) circumstances where you don't want
KVM to be available (what is wrong with you?), or when you want
to install another hypervisor instead (good luck with that).
Reviewed-by: David Brazdil <dbrazdil@google.com>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Scull <ascull@google.com>
Link: https://lore.kernel.org/r/20211001170553.3062988-1-maz@kernel.org
(cherry picked from commit
|
||
|
Ricardo Koller
|
ed0f76e844 |
UPSTREAM: KVM: arm64: vgic: Drop vgic_check_ioaddr()
There are no more users of vgic_check_ioaddr(). Move its checks to
vgic_check_iorange() and then remove it.
Signed-off-by: Ricardo Koller <ricarkol@google.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005011921.437353-6-ricarkol@google.com
(cherry picked from commit
|
||
|
Ricardo Koller
|
3f1fe7fc1e |
UPSTREAM: KVM: arm64: vgic-v3: Check ITS region is not above the VM IPA size
Verify that the ITS region does not extend beyond the VM-specified IPA
range (phys_size).
base + size > phys_size AND base < phys_size
Add the missing check into vgic_its_set_attr() which is called when
setting the region.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005011921.437353-5-ricarkol@google.com
(cherry picked from commit
|
||
|
Ricardo Koller
|
b75f76a88d |
UPSTREAM: KVM: arm64: vgic-v2: Check cpu interface region is not above the VM IPA size
Verify that the GICv2 CPU interface does not extend beyond the
VM-specified IPA range (phys_size).
base + size > phys_size AND base < phys_size
Add the missing check into kvm_vgic_addr() which is called when setting
the region. This patch also enables some superfluous checks for the
distributor (vgic_check_ioaddr was enough as alignment == size for the
distributors).
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005011921.437353-4-ricarkol@google.com
(cherry picked from commit
|
||
|
Ricardo Koller
|
23718d50ba |
UPSTREAM: KVM: arm64: vgic-v3: Check redist region is not above the VM IPA size
Verify that the redistributor regions do not extend beyond the
VM-specified IPA range (phys_size). This can happen when using
KVM_VGIC_V3_ADDR_TYPE_REDIST or KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS
with:
base + size > phys_size AND base < phys_size
Add the missing check into vgic_v3_alloc_redist_region() which is called
when setting the regions, and into vgic_v3_check_base() which is called
when attempting the first vcpu-run. The vcpu-run check does not apply to
KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS because the regions size is known
before the first vcpu-run. Note that using the REDIST_REGIONS API
results in a different check, which already exists, at first vcpu run:
that the number of redist regions is enough for all vcpus.
Finally, this patch also enables some extra tests in
vgic_v3_alloc_redist_region() by calculating "size" early for the legacy
redist api: like checking that the REDIST region can fit all the already
created vcpus.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005011921.437353-3-ricarkol@google.com
(cherry picked from commit
|