Changes in 6.1.34
scsi: megaraid_sas: Add flexible array member for SGLs
net: sfp: fix state loss when updating state_hw_mask
spi: mt65xx: make sure operations completed before unloading
platform/surface: aggregator: Allow completion work-items to be executed in parallel
platform/surface: aggregator_tabletsw: Add support for book mode in KIP subsystem
spi: qup: Request DMA before enabling clocks
afs: Fix setting of mtime when creating a file/dir/symlink
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready()
neighbour: fix unaligned access to pneigh_entry
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
bpf: Fix UAF in task local storage
bpf: Fix elem_size not being set for inner maps
net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net: enetc: correct the statistics of rx bytes
net: enetc: correct rx_bytes statistics of XDP
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
drm/i915: Explain the magic numbers for AUX SYNC/precharge length
drm/i915: Use 18 fast wake AUX sync len
Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
Bluetooth: Fix l2cap_disconnect_req deadlock
Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
Bluetooth: L2CAP: Add missing checks for invalid DCID
wifi: mac80211: use correct iftype HE cap
wifi: cfg80211: reject bad AP MLD address
wifi: mac80211: mlme: fix non-inheritence element
wifi: mac80211: don't translate beacon/presp addrs
qed/qede: Fix scheduling while atomic
wifi: cfg80211: fix locking in sched scan stop work
selftests/bpf: Verify optval=NULL case
selftests/bpf: Fix sockopt_sk selftest
netfilter: nft_bitwise: fix register tracking
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
netfilter: ipset: Add schedule point in call_ad().
netfilter: nf_tables: out-of-bound check in chain blob
ipv6: rpl: Fix Route of Death.
tcp: gso: really support BIG TCP
rfs: annotate lockless accesses to sk->sk_rxhash
rfs: annotate lockless accesses to RFS sock flow table
net: sched: add rcu annotations around qdisc->qdisc_sleeping
drm/i915/selftests: Stop using kthread_stop()
drm/i915/selftests: Add some missing error propagation
net: sched: move rtm_tca_policy declaration to include file
net: sched: act_police: fix sparse errors in tcf_police_dump()
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
bpf: Add extra path pointer check to d_path helper
drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
net: bcmgenet: Fix EEE implementation
bnxt_en: Don't issue AP reset during ethtool's reset operation
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Skip firmware fatal error recovery if chip is not accessible
bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
batman-adv: Broken sync while rescheduling delayed work
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
Input: psmouse - fix OOB access in Elantech protocol
Input: fix open count when closing inhibited device
ALSA: hda: Fix kctl->id initialization
ALSA: ymfpci: Fix kctl->id initialization
ALSA: gus: Fix kctl->id initialization
ALSA: cmipci: Fix kctl->id initialization
ALSA: hda/realtek: Add quirk for Clevo NS50AU
ALSA: ice1712,ice1724: fix the kcontrol->id initialization
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
ALSA: hda/realtek: Add Lenovo P3 Tower platform
ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
drm/i915/gt: Use the correct error value when kernel_context() fails
drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs
drm/amdgpu: fix xclk freq on CHIP_STONEY
drm/amdgpu: change reserved vram info print
drm/amd/pm: Fix power context allocation in SMU13
drm/amd/display: Reduce sdp bw after urgent to 90%
wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
mptcp: only send RM_ADDR in nl_cmd_remove
mptcp: add address into userspace pm list
mptcp: update userspace pm infos
selftests: mptcp: update userspace pm addr tests
selftests: mptcp: update userspace pm subflow tests
ceph: fix use-after-free bug for inodes when flushing capsnaps
s390/dasd: Use correct lock while counting channel queue length
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
Bluetooth: fix debugfs registration
Bluetooth: hci_qca: fix debugfs registration
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
rbd: get snapshot context after exclusive lock is ensured to be held
virtio_net: use control_buf for coalesce params
soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
pinctrl: meson-axg: add missing GPIOA_18 gpio group
usb: usbfs: Enforce page requirements for mmap
usb: usbfs: Use consistent mmap functions
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
mm: page_table_check: Ensure user pages are not slab pages
arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
ARM: at91: pm: fix imbalanced reference counter for ethernet devices
ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
ASoC: codecs: wsa883x: do not set can_multi_write flag
ASoC: codecs: wsa881x: do not set can_multi_write flag
arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback returning void
ASoC: mediatek: mt8195: fix use-after-free in driver remove path
ASoC: simple-card-utils: fix PCM constraint error check
blk-mq: fix blk_mq_hw_ctx active request accounting
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
i2c: mv64xxx: Fix reading invalid status value in atomic mode
firmware: arm_ffa: Set handle field to zero in memory descriptor
gpio: sim: fix memory corruption when adding named lines and unnamed hogs
i2c: sprd: Delete i2c adapter in .remove's error path
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
eeprom: at24: also select REGMAP
soundwire: stream: Add missing clear of alloc_slave_rt
riscv: fix kprobe __user string arg print fault issue
vduse: avoid empty string for dev name
vhost: support PACKED when setting-getting vring_base
vhost_vdpa: support PACKED when setting-getting vring_base
ksmbd: fix out-of-bound read in deassemble_neg_contexts()
ksmbd: fix out-of-bound read in parse_lease_state()
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
ext4: only check dquot_initialize_needed() when debugging
wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
Linux 6.1.34
Note, commit 898c9a0ee7 ("bpf, sockmap: Avoid potential NULL
dereference in sk_psock_verdict_data_ready()") is merged away in this
merge, due to missing dependencies, it will come back in later.
Change-Id: I8e57d0914e6114822a8941a4663525d85377ca8a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit c2251ce048.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: Ie84b5bfe5abc526a6117e5ee320a19ecf04b89bb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.33
RDMA/bnxt_re: Fix the page_size used during the MR creation
phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value
RDMA/efa: Fix unsupported page sizes in device
RDMA/hns: Fix timeout attr in query qp for HIP08
RDMA/hns: Fix base address table allocation
RDMA/hns: Modify the value of long message loopback slice
dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
RDMA/bnxt_re: Fix a possible memory leak
RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
iommu/rockchip: Fix unwind goto issue
iommu/amd: Don't block updates to GATag if guest mode is on
iommu/amd: Handle GALog overflows
iommu/amd: Fix up merge conflict resolution
nfsd: make a copy of struct iattr before calling notify_change
dmaengine: pl330: rename _start to prevent build error
riscv: Fix unused variable warning when BUILTIN_DTB is set
net/mlx5: Drain health before unregistering devlink
net/mlx5: SF, Drain health before removing device
net/mlx5: fw_tracer, Fix event handling
net/mlx5e: Don't attach netdev profile while handling internal error
net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
netrom: fix info-leak in nr_write_internal()
af_packet: Fix data-races of pkt_sk(sk)->num.
tls: improve lockless access safety of tls_err_abort()
amd-xgbe: fix the false linkup in xgbe_phy_status
perf ftrace latency: Remove unnecessary "--" from --use-nsec option
mtd: rawnand: ingenic: fix empty stub helper definitions
RDMA/irdma: Prevent QP use after free
RDMA/irdma: Fix Local Invalidate fencing
af_packet: do not use READ_ONCE() in packet_bind()
tcp: deny tcp_disconnect() when threads are waiting
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
net/smc: Scan from current RMB list when no position specified
net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched: Prohibit regrafting ingress or clsact Qdiscs
net: sched: fix NULL pointer dereference in mq_attach
net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
udp6: Fix race condition in udp6_sendmsg & connect
nfsd: fix double fget() bug in __write_ports_addfd()
nvme: fix the name of Zone Append for verbose logging
net/mlx5e: Fix error handling in mlx5e_refresh_tirs
net/mlx5: Read embedded cpu after init bit cleared
iommu/mediatek: Flush IOTLB completely only if domain has been attached
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
tcp: fix mishandling when the sack compression is deferred.
net: dsa: mv88e6xxx: Increase wait after reset deactivation
mtd: rawnand: marvell: ensure timing values are written
mtd: rawnand: marvell: don't set the NAND frequency select
rtnetlink: call validate_linkmsg in rtnl_create_link
mptcp: avoid unneeded __mptcp_nmpc_socket() usage
mptcp: add annotations around msk->subflow accesses
mptcp: avoid unneeded address copy
mptcp: simplify subflow_syn_recv_sock()
mptcp: consolidate passive msk socket initialization
mptcp: fix data race around msk->first access
mptcp: add annotations around sk->sk_shutdown accesses
drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
watchdog: menz069_wdt: fix watchdog initialisation
ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
drm/amdgpu: Use the default reset when loading or reloading the driver
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
drm/ast: Fix ARM compatibility
btrfs: abort transaction when sibling keys check fails for leaves
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
hwmon: (k10temp) Add PCI ID for family 19, model 78h
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
platform/mellanox: fix potential race in mlxbf-tmfifo driver
gfs2: Don't deref jdesc in evict
drm/amdgpu: set gfx9 onwards APU atomics support to be true
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
fbdev: stifb: Fix info entry in sti_struct on error path
nbd: Fix debugfs_create_dir error checking
block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
nvme-pci: add quirk for missing secondary temperature thresholds
ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
ASoC: dwc: limit the number of overrun messages
um: harddog: fix modular build
xfrm: Check if_id in inbound policy/secpath match
ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
ASoC: ssm2602: Add workaround for playback distortions
media: dvb_demux: fix a bug for the continuity counter
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb_ca_en50221: fix a size write bug
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: dvb-core: Fix use-after-free due on race condition at dvb_net
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
ASoC: SOF: pm: save io region state in case of errors in resume
s390/pkey: zeroize key blobs
s390/topology: honour nr_cpu_ids when adding CPUs
ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
ARM: dts: stm32: add pin map for CAN controller on stm32f7
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
arm64: vdso: Pass (void *) to virt_to_page()
wifi: mac80211: simplify chanctx allocation
wifi: mac80211: consider reserved chanctx for mindef
wifi: mac80211: recalc chanctx mindef before assigning
wifi: iwlwifi: mvm: Add locking to the rate read flow
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
wifi: b43: fix incorrect __packed annotation
net: wwan: t7xx: Ensure init is completed before system sleep
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
nvme: do not let the user delete a ctrl before a complete initialization
ALSA: oss: avoid missing-prototype warnings
drm/msm: Be more shouty if per-process pgtables aren't working
atm: hide unused procfs functions
ceph: silence smatch warning in reconnect_caps_cb()
drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
ublk: fix AB-BA lockdep warning
nvme-pci: Add quirk for Teamgroup MP33 SSD
block: Deny writable memory mapping if block is read-only
KVM: arm64: vgic: Fix a circular locking issue
KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
KVM: arm64: vgic: Fix locking comment
media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
media: uvcvideo: Don't expose unsupported formats to userspace
iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method
iio: adc: mxs-lradc: fix the order of two cleanup operations
HID: google: add jewel USB id
HID: wacom: avoid integer overflow in wacom_intuos_inout()
iio: imu: inv_icm42600: fix timestamp reset
dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
iio: light: vcnl4035: fixed chip ID check
iio: adc: stm32-adc: skip adc-channels setup if none is present
iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
iio: dac: mcp4725: Fix i2c_master_send() return value handling
iio: addac: ad74413: fix resistance input processing
iio: adc: ad7192: Change "shorted" channels to differential
iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
iio: dac: build ad5758 driver when AD5758 is selected
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
usb: gadget: f_fs: Add unbind event before functionfs_unbind
md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
misc: fastrpc: return -EPIPE to invocations on device removal
misc: fastrpc: reject new invocations during device removal
scsi: stex: Fix gcc 13 warnings
ata: libata-scsi: Use correct device no in ata_find_dev()
drm/amdgpu: enable tmz by default for GC 11.0.1
drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
drm/amd/pm: resolve reboot exception for si oland
drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
drm/amd/pm: reverse mclk and fclk clocks levels for renoir
x86/mtrr: Revert 90b926e68f ("x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case")
mmc: vub300: fix invalid response handling
mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=array-bounds
phy: qcom-qmp-combo: fix init-count imbalance
phy: qcom-qmp-pcie-msm8996: fix init-count imbalance
block: fix revalidate performance regression
powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
iommu/amd: Fix domain flush size when syncing iotlb
tpm, tpm_tis: correct tpm_tis_flags enumeration values
riscv: perf: Fix callchain parse error with kernel tracepoint events
io_uring: undeprecate epoll_ctl support
selinux: don't use make's grouped targets feature yet
mtdchar: mark bits of ioctl handler noinline
tracing/timerlat: Always wakeup the timerlat thread
tracing/histograms: Allow variables to have some modifiers
tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
selftests: mptcp: connect: skip if MPTCP is not supported
selftests: mptcp: pm nl: skip if MPTCP is not supported
selftests: mptcp: join: skip if MPTCP is not supported
selftests: mptcp: sockopt: skip if MPTCP is not supported
selftests: mptcp: userspace pm: skip if MPTCP is not supported
mptcp: fix connect timeout handling
mptcp: fix active subflow finalization
ext4: add EA_INODE checking to ext4_iget()
ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
ext4: disallow ea_inodes with extended attributes
ext4: add lockdep annotations for i_data_sem for ea_inode's
fbcon: Fix null-ptr-deref in soft_cursor
serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
serial: cpm_uart: Fix a COMPILE_TEST dependency
powerpc/xmon: Use KSYM_NAME_LEN in array size
test_firmware: fix a memory leak with reqs buffer
test_firmware: fix the memory leak of the allocated firmware buffer
KVM: arm64: Populate fault info for watchpoint
KVM: x86: Account fastpath-only VM-Exits in vCPU stats
ksmbd: fix credit count leakage
ksmbd: fix UAF issue from opinfo->conn
ksmbd: fix incorrect AllocationSize set in smb2_get_info
ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
ksmbd: fix multiple out-of-bounds read during context decoding
KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
fs/ntfs3: Validate MFT flags before replaying logs
regmap: Account for register length when chunking
tpm, tpm_tis: Request threaded interrupt handler
iommu/amd/pgtbl_v2: Fix domain max address
drm/amd/display: Have Payload Properly Created After Resume
xfs: verify buffer contents when we skip log replay
tls: rx: strp: don't use GFP_KERNEL in softirq context
arm64: efi: Use SMBIOS processor version to key off Ampere quirk
selftests: mptcp: diag: skip if MPTCP is not supported
selftests: mptcp: simult flows: skip if MPTCP is not supported
selftests: mptcp: join: avoid using 'cmp --bytes'
ext4: enable the lazy init thread when remounting read/write
Linux 6.1.33
Note, the following commits were reverted from this merge, due to
conflicts with other KVM patches. If they are needed later, they can be
brought back in a way that enables them to actually build properly:
bafe94ac99 ("KVM: arm64: vgic: Fix locking comment")
150a5f74a5 ("KVM: arm64: vgic: Wrap vgic_its_create() with config_lock")
4129d71e5b ("KVM: arm64: vgic: Fix a circular locking issue")
Change-Id: I3c4183fbe22b22914ee8985bd6add545abded9d0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This catches the -lts branch up with all of the recent changes that have
gone into the non-lts branch, INCLUDING the ABI update which we want
here to ensure that we do NOT break any newly added dependent symbols
(and to bring back in the reverts that were required before the ABI
break).
This includes the following commits:
88959a53f4 ANDROID: 6/16/2023 KMI update
21bc72f339 UPSTREAM: binder: fix UAF of alloc->vma in race with munmap()
62c6dbdccd UPSTREAM: binder: add lockless binder_alloc_(set|get)_vma()
3cac174682 UPSTREAM: Revert "android: binder: stop saving a pointer to the VMA"
dadb40b436 UPSTREAM: Revert "binder_alloc: add missing mmap_lock calls when using the VMA"
fcdbf469c5 UPSTREAM: tipc: check the bearer min mtu properly when setting it by netlink
e48a801737 UPSTREAM: tipc: do not update mtu if msg_max is too small in mtu negotiation
461038ba5c UPSTREAM: tipc: add tipc_bearer_min_mtu to calculate min mtu
d0be9e79ee UPSTREAM: Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
66a5c03404 UPSTREAM: ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
6e721f991f UPSTREAM: platform: Provide a remove callback that returns no value
07a8c09137 UPSTREAM: firmware: arm_sdei: Fix sleep from invalid context BUG
b065972b7b UPSTREAM: uapi/linux/const.h: prefer ISO-friendly __typeof__
aaf6ccb6f3 UPSTREAM: posix-cpu-timers: Implement the missing timer_wait_running callback
f3b712fcb5 ANDROID: GKI: reserve extra arm64 cpucaps for ABI preservation
d1c7974b1f ANDROID: arm64: errata: Add WORKAROUND_NXP_ERR050104 cpucaps
b489c53001 ANDROID: KVM: arm64: Allow setting {P,U}XN in stage-2 PTEs
b7aff5c603 ANDROID: KVM: arm64: Restrict host-to-hyp MMIO donations
f5f8c19f6c ANDROID: KVM: arm64: Allow state changes of MMIO pages
4ddb4ed818 ANDROID: KVM: arm64: Allow MMIO perm changes from modules
5d0225cdf0 ANDROID: KVM: arm64: Don't allocate from handle_host_mem_abort
5136a28ab6 ANDROID: KVM: arm64: Donate IOMMU regions to pKVM
23b62ec342 ANDROID: KVM: arm64: Map MMIO donation as device at EL2
adc78128b3 ANDROID: KVM: arm64: Don't recycle pages from host mem abort
452ef5ae7b ANDROID: KVM: arm64: Pin host stage-2 tables
a8bba661e3 ANDROID: KVM: arm64: Move kvm_pte_follow() to header
04ddc7eec0 ANDROID: KVM: arm64: Pre-populate host stage2
0b6736459a ANDROID: KVM: arm64: Fix the host ownership later
cf2d193d9b ANDROID: KVM: arm64: Don't recycle non-default PTEs
a701418f2f ANDROID: KVM: arm64: Introduce kvm_pgtable_stage2_reclaim_leaves
5224fbb5b8 ANDROID: GKI: enable CONFIG_BLK_CGROUP_IOCOST
fe10954309 BACKPORT: FROMGIT: usb: core: add sysfs entry for usb device state
251efd6587 ANDROID: GKI: Update symbols to symbol list
71761b36c3 ANDROID: HID; Over-ride default maximum buffer size when using UHID
c3f3dc31f9 UPSTREAM: maple_tree: make maple state reusable after mas_empty_area()
d31ddcdbb8 Revert "Revert "mm/mmap: regression fix for unmapped_area{_topdown}""
6852d5ccb9 FROMLIST: scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_RTC quirk
274d5965b8 FROMLIST: scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_INTR quirk
0171df9359 FROMLIST: scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_RTC
27b569b568 FROMLIST: scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_INTR
46554e08b3 ANDROID: GKI: Add symbols and update symbol list for Unisoc
e59544b857 UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
749386a02e UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
9c6866c99b ANDROID: dma-buf: support users to change dma_buf.name
09e0f85096 ANDROID: set CONFIG_IKHEADERS=m for gki_defconfig.
7641ff0a30 ANDROID: mm: Avoid merging cma with others
9b16d612bf ANDROID: cpufreq: times: record fast switch frequency transitions
d645236cfd ANDROID: fix kernelci build failure in vmscan.c
8a609c5eb4 ANDROID: ABI: Update symbol list for Exynos SoC
25058fea51 ANDROID: gki_defconfig: enable NVME
e8f6ddbd4c ANDROID: ABI: Update symbols to unisoc whitelist for the scheduler
82a015300e UPSTREAM: usb: gadget: uvc: queue empty isoc requests if no video buffer is available
855f25e32c ANDROID: GKI: Update symbol list for xiaomi
87f8c82651 ANDROID: vendor_hooks:vendor hook for madvise_cold_or_pageout_pte_range.
f73aafc29b ANDROID: ABI: Update pixel symbol list
a0d46c1dd1 ANDROID: KVM: arm64: iommu: Erase pvmfw from EL1 if possible
Change-Id: I76a89d70290eb13ac671ccfdab80d80dad3030eb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Set KMI_GENERATION=9 for 6/16 KMI update
function symbol 'struct block_device* I_BDEV(struct inode*)' changed
CRC changed from 0xb3d19fd2 to 0xc8597fa
function symbol 'void __ClearPageMovable(struct page*)' changed
CRC changed from 0x66921e4f to 0xb4e74d22
function symbol 'void __SetPageMovable(struct page*, const struct movable_operations*)' changed
CRC changed from 0x2b34667d to 0xe8b6d861
... 4484 omitted; 4487 symbols have only CRC changes
type 'struct request' changed
byte size changed from 312 to 320
member 'u64 alloc_time_ns' was added
19 members ('u64 start_time_ns' .. 'u64 android_kabi_reserved1') changed
offset changed by 64
type 'struct bio' changed
byte size changed from 152 to 160
member 'u64 bi_iocost_cost' was added
12 members ('struct bio_crypt_ctx* bi_crypt_context' .. 'struct bio_vec bi_inline_vecs[0]') changed
offset changed by 64
type 'enum cpuhp_state' changed
enumerator 'CPUHP_AP_ARM_SDEI_STARTING' (116) was removed
enumerator 'CPUHP_AP_ARM_VFP_STARTING' value changed from 117 to 116
enumerator 'CPUHP_AP_ARM64_DEBUG_MONITORS_STARTING' value changed from 118 to 117
enumerator 'CPUHP_AP_PERF_ARM_HW_BREAKPOINT_STARTING' value changed from 119 to 118
enumerator 'CPUHP_AP_PERF_ARM_ACPI_STARTING' value changed from 120 to 119
enumerator 'CPUHP_AP_PERF_ARM_STARTING' value changed from 121 to 120
enumerator 'CPUHP_AP_PERF_RISCV_STARTING' value changed from 122 to 121
enumerator 'CPUHP_AP_ARM_L2X0_STARTING' value changed from 123 to 122
enumerator 'CPUHP_AP_EXYNOS4_MCT_TIMER_STARTING' value changed from 124 to 123
enumerator 'CPUHP_AP_ARM_ARCH_TIMER_STARTING' value changed from 125 to 124
enumerator 'CPUHP_AP_ARM_GLOBAL_TIMER_STARTING' value changed from 126 to 125
enumerator 'CPUHP_AP_JCORE_TIMER_STARTING' value changed from 127 to 126
enumerator 'CPUHP_AP_ARM_TWD_STARTING' value changed from 128 to 127
enumerator 'CPUHP_AP_QCOM_TIMER_STARTING' value changed from 129 to 128
enumerator 'CPUHP_AP_TEGRA_TIMER_STARTING' value changed from 130 to 129
enumerator 'CPUHP_AP_ARMADA_TIMER_STARTING' value changed from 131 to 130
enumerator 'CPUHP_AP_MARCO_TIMER_STARTING' value changed from 132 to 131
enumerator 'CPUHP_AP_MIPS_GIC_TIMER_STARTING' value changed from 133 to 132
enumerator 'CPUHP_AP_ARC_TIMER_STARTING' value changed from 134 to 133
enumerator 'CPUHP_AP_RISCV_TIMER_STARTING' value changed from 135 to 134
enumerator 'CPUHP_AP_CLINT_TIMER_STARTING' value changed from 136 to 135
enumerator 'CPUHP_AP_CSKY_TIMER_STARTING' value changed from 137 to 136
enumerator 'CPUHP_AP_TI_GP_TIMER_STARTING' value changed from 138 to 137
enumerator 'CPUHP_AP_HYPERV_TIMER_STARTING' value changed from 139 to 138
enumerator 'CPUHP_AP_KVM_STARTING' value changed from 140 to 139
enumerator 'CPUHP_AP_KVM_ARM_VGIC_INIT_STARTING' value changed from 141 to 140
enumerator 'CPUHP_AP_KVM_ARM_VGIC_STARTING' value changed from 142 to 141
enumerator 'CPUHP_AP_KVM_ARM_TIMER_STARTING' value changed from 143 to 142
enumerator 'CPUHP_AP_DUMMY_TIMER_STARTING' value changed from 144 to 143
enumerator 'CPUHP_AP_ARM_XEN_STARTING' value changed from 145 to 144
enumerator 'CPUHP_AP_ARM_CORESIGHT_STARTING' value changed from 146 to 145
enumerator 'CPUHP_AP_ARM_CORESIGHT_CTI_STARTING' value changed from 147 to 146
enumerator 'CPUHP_AP_ARM64_ISNDEP_STARTING' value changed from 148 to 147
enumerator 'CPUHP_AP_SMPCFD_DYING' value changed from 149 to 148
enumerator 'CPUHP_AP_X86_TBOOT_DYING' value changed from 150 to 149
enumerator 'CPUHP_AP_ARM_CACHE_B15_RAC_DYING' value changed from 151 to 150
enumerator 'CPUHP_AP_ONLINE' value changed from 152 to 151
enumerator 'CPUHP_TEARDOWN_CPU' value changed from 153 to 152
enumerator 'CPUHP_AP_ONLINE_IDLE' value changed from 154 to 153
enumerator 'CPUHP_AP_SCHED_WAIT_EMPTY' value changed from 155 to 154
enumerator 'CPUHP_AP_SMPBOOT_THREADS' value changed from 156 to 155
enumerator 'CPUHP_AP_X86_VDSO_VMA_ONLINE' value changed from 157 to 156
enumerator 'CPUHP_AP_IRQ_AFFINITY_ONLINE' value changed from 158 to 157
enumerator 'CPUHP_AP_BLK_MQ_ONLINE' value changed from 159 to 158
enumerator 'CPUHP_AP_ARM_MVEBU_SYNC_CLOCKS' value changed from 160 to 159
enumerator 'CPUHP_AP_X86_INTEL_EPB_ONLINE' value changed from 161 to 160
enumerator 'CPUHP_AP_PERF_ONLINE' value changed from 162 to 161
enumerator 'CPUHP_AP_PERF_X86_ONLINE' value changed from 163 to 162
enumerator 'CPUHP_AP_PERF_X86_UNCORE_ONLINE' value changed from 164 to 163
enumerator 'CPUHP_AP_PERF_X86_AMD_UNCORE_ONLINE' value changed from 165 to 164
enumerator 'CPUHP_AP_PERF_X86_AMD_POWER_ONLINE' value changed from 166 to 165
enumerator 'CPUHP_AP_PERF_X86_RAPL_ONLINE' value changed from 167 to 166
enumerator 'CPUHP_AP_PERF_X86_CQM_ONLINE' value changed from 168 to 167
enumerator 'CPUHP_AP_PERF_X86_CSTATE_ONLINE' value changed from 169 to 168
enumerator 'CPUHP_AP_PERF_X86_IDXD_ONLINE' value changed from 170 to 169
enumerator 'CPUHP_AP_PERF_S390_CF_ONLINE' value changed from 171 to 170
enumerator 'CPUHP_AP_PERF_S390_SF_ONLINE' value changed from 172 to 171
enumerator 'CPUHP_AP_PERF_ARM_CCI_ONLINE' value changed from 173 to 172
enumerator 'CPUHP_AP_PERF_ARM_CCN_ONLINE' value changed from 174 to 173
enumerator 'CPUHP_AP_PERF_ARM_HISI_CPA_ONLINE' value changed from 175 to 174
enumerator 'CPUHP_AP_PERF_ARM_HISI_DDRC_ONLINE' value changed from 176 to 175
enumerator 'CPUHP_AP_PERF_ARM_HISI_HHA_ONLINE' value changed from 177 to 176
enumerator 'CPUHP_AP_PERF_ARM_HISI_L3_ONLINE' value changed from 178 to 177
enumerator 'CPUHP_AP_PERF_ARM_HISI_PA_ONLINE' value changed from 179 to 178
enumerator 'CPUHP_AP_PERF_ARM_HISI_SLLC_ONLINE' value changed from 180 to 179
enumerator 'CPUHP_AP_PERF_ARM_HISI_PCIE_PMU_ONLINE' value changed from 181 to 180
enumerator 'CPUHP_AP_PERF_ARM_HNS3_PMU_ONLINE' value changed from 182 to 181
enumerator 'CPUHP_AP_PERF_ARM_L2X0_ONLINE' value changed from 183 to 182
enumerator 'CPUHP_AP_PERF_ARM_QCOM_L2_ONLINE' value changed from 184 to 183
enumerator 'CPUHP_AP_PERF_ARM_QCOM_L3_ONLINE' value changed from 185 to 184
enumerator 'CPUHP_AP_PERF_ARM_APM_XGENE_ONLINE' value changed from 186 to 185
enumerator 'CPUHP_AP_PERF_ARM_CAVIUM_TX2_UNCORE_ONLINE' value changed from 187 to 186
enumerator 'CPUHP_AP_PERF_ARM_MARVELL_CN10K_DDR_ONLINE' value changed from 188 to 187
enumerator 'CPUHP_AP_PERF_POWERPC_NEST_IMC_ONLINE' value changed from 189 to 188
enumerator 'CPUHP_AP_PERF_POWERPC_CORE_IMC_ONLINE' value changed from 190 to 189
enumerator 'CPUHP_AP_PERF_POWERPC_THREAD_IMC_ONLINE' value changed from 191 to 190
enumerator 'CPUHP_AP_PERF_POWERPC_TRACE_IMC_ONLINE' value changed from 192 to 191
enumerator 'CPUHP_AP_PERF_POWERPC_HV_24x7_ONLINE' value changed from 193 to 192
enumerator 'CPUHP_AP_PERF_POWERPC_HV_GPCI_ONLINE' value changed from 194 to 193
enumerator 'CPUHP_AP_PERF_CSKY_ONLINE' value changed from 195 to 194
enumerator 'CPUHP_AP_WATCHDOG_ONLINE' value changed from 196 to 195
enumerator 'CPUHP_AP_WORKQUEUE_ONLINE' value changed from 197 to 196
enumerator 'CPUHP_AP_RANDOM_ONLINE' value changed from 198 to 197
enumerator 'CPUHP_AP_RCUTREE_ONLINE' value changed from 199 to 198
enumerator 'CPUHP_AP_BASE_CACHEINFO_ONLINE' value changed from 200 to 199
enumerator 'CPUHP_AP_ONLINE_DYN' value changed from 201 to 200
enumerator 'CPUHP_AP_ONLINE_DYN_END' value changed from 231 to 230
enumerator 'CPUHP_AP_MM_DEMOTION_ONLINE' value changed from 232 to 231
enumerator 'CPUHP_AP_X86_HPET_ONLINE' value changed from 233 to 232
enumerator 'CPUHP_AP_X86_KVM_CLK_ONLINE' value changed from 234 to 233
enumerator 'CPUHP_AP_ACTIVE' value changed from 235 to 234
enumerator 'CPUHP_ANDROID_RESERVED_1' value changed from 236 to 235
enumerator 'CPUHP_ANDROID_RESERVED_2' value changed from 237 to 236
enumerator 'CPUHP_ANDROID_RESERVED_3' value changed from 238 to 237
enumerator 'CPUHP_ANDROID_RESERVED_4' value changed from 239 to 238
enumerator 'CPUHP_ONLINE' value changed from 240 to 239
type 'struct task_struct' changed
byte size changed from 4736 to 4800
104 members ('const struct cred* ptracer_cred' .. 'struct thread_struct thread') changed
offset changed by 384
type 'struct platform_driver' changed
byte size changed from 240 to 248
member 'void(* remove_new)(struct platform_device*)' was added
8 members ('void(* shutdown)(struct platform_device*)' .. 'u64 android_kabi_reserved1') changed
offset changed by 64
type 'struct tipc_bearer' changed
member 'u16 encap_hlen' was added
type 'struct posix_cputimers_work' changed
byte size changed from 24 to 72
member 'struct mutex mutex' was added
member 'unsigned int scheduled' changed
offset changed by 384
type 'struct binder_alloc' changed
member 'struct vm_area_struct* vma' was added
member 'unsigned long vma_addr' was removed
type 'struct usb_udc' changed
byte size changed from 1000 to 952
member 'struct mutex connect_lock' was removed
type 'enum kvm_pgtable_prot' changed
enumerator 'KVM_PGTABLE_PROT_PXN' (32) was added
enumerator 'KVM_PGTABLE_PROT_UXN' (64) was added
Bug: 287162457
Change-Id: Ic3aad43bd3a6083cf91e71e79ece713bef0e8172
Signed-off-by: Carlos Llamas <cmllamas@google.com>
commit d1d8875c8c upstream.
[ cmllamas: clean forward port from commit 015ac18be7 ("binder: fix
UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed
in mainline after the revert of commit a43cfc87ca ("android: binder:
stop saving a pointer to the VMA") as pointed out by Liam. The commit
log and tags have been tweaked to reflect this. ]
In commit 720c241924 ("ANDROID: binder: change down_write to
down_read") binder assumed the mmap read lock is sufficient to protect
alloc->vma inside binder_update_page_range(). This used to be accurate
until commit dd2283f260 ("mm: mmap: zap pages with read mmap_sem in
munmap"), which now downgrades the mmap_lock after detaching the vma
from the rbtree in munmap(). Then it proceeds to teardown and free the
vma with only the read lock held.
This means that accesses to alloc->vma in binder_update_page_range() now
will race with vm_area_free() in munmap() and can cause a UAF as shown
in the following KASAN trace:
==================================================================
BUG: KASAN: use-after-free in vm_insert_page+0x7c/0x1f0
Read of size 8 at addr ffff16204ad00600 by task server/558
CPU: 3 PID: 558 Comm: server Not tainted 5.10.150-00001-gdc8dcf942daa #1
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x2a0
show_stack+0x18/0x2c
dump_stack+0xf8/0x164
print_address_description.constprop.0+0x9c/0x538
kasan_report+0x120/0x200
__asan_load8+0xa0/0xc4
vm_insert_page+0x7c/0x1f0
binder_update_page_range+0x278/0x50c
binder_alloc_new_buf+0x3f0/0xba0
binder_transaction+0x64c/0x3040
binder_thread_write+0x924/0x2020
binder_ioctl+0x1610/0x2e5c
__arm64_sys_ioctl+0xd4/0x120
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
Allocated by task 559:
kasan_save_stack+0x38/0x6c
__kasan_kmalloc.constprop.0+0xe4/0xf0
kasan_slab_alloc+0x18/0x2c
kmem_cache_alloc+0x1b0/0x2d0
vm_area_alloc+0x28/0x94
mmap_region+0x378/0x920
do_mmap+0x3f0/0x600
vm_mmap_pgoff+0x150/0x17c
ksys_mmap_pgoff+0x284/0x2dc
__arm64_sys_mmap+0x84/0xa4
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
Freed by task 560:
kasan_save_stack+0x38/0x6c
kasan_set_track+0x28/0x40
kasan_set_free_info+0x24/0x4c
__kasan_slab_free+0x100/0x164
kasan_slab_free+0x14/0x20
kmem_cache_free+0xc4/0x34c
vm_area_free+0x1c/0x2c
remove_vma+0x7c/0x94
__do_munmap+0x358/0x710
__vm_munmap+0xbc/0x130
__arm64_sys_munmap+0x4c/0x64
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
[...]
==================================================================
To prevent the race above, revert back to taking the mmap write lock
inside binder_update_page_range(). One might expect an increase of mmap
lock contention. However, binder already serializes these calls via top
level alloc->mutex. Also, there was no performance impact shown when
running the binder benchmark tests.
Fixes: c0fd210178 ("Revert "android: binder: stop saving a pointer to the VMA"")
Fixes: dd2283f260 ("mm: mmap: zap pages with read mmap_sem in munmap")
Reported-by: Jann Horn <jannh@google.com>
Closes: https://lore.kernel.org/all/20230518144052.xkj6vmddccq4v66b@revolver
Cc: <stable@vger.kernel.org>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Yang Shi <yang.shi@linux.alibaba.com>
Cc: Liam Howlett <liam.howlett@oracle.com>
Change-Id: I4215750a81e94bccf5340e4d79f7b26bb039c573
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20230519195950.1775656-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 931ea1ed31)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 0fa53349c3 upstream.
Bring back the original lockless design in binder_alloc to determine
whether the buffer setup has been completed by the ->mmap() handler.
However, this time use smp_load_acquire() and smp_store_release() to
wrap all the ordering in a single macro call.
Also, add comments to make it evident that binder uses alloc->vma to
determine when the binder_alloc has been fully initialized. In these
scenarios acquiring the mmap_lock is not required.
Fixes: a43cfc87ca ("android: binder: stop saving a pointer to the VMA")
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: stable@vger.kernel.org
Change-Id: I2a8040417790b6b82bf44e838146fd68403fdb51
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20230502201220.1756319-3-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit d7cee853bc)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit c0fd210178 upstream.
This reverts commit a43cfc87ca.
This patch fixed an issue reported by syzkaller in [1]. However, this
turned out to be only a band-aid in binder. The root cause, as bisected
by syzkaller, was fixed by commit 5789151e48 ("mm/mmap: undo ->mmap()
when mas_preallocate() fails"). We no longer need the patch for binder.
Reverting such patch allows us to have a lockless access to alloc->vma
in specific cases where the mmap_lock is not required. This approach
avoids the contention that caused a performance regression.
[1] https://lore.kernel.org/all/0000000000004a0dbe05e1d749e0@google.com
[cmllamas: resolved conflicts with rework of alloc->mm and removal of
binder_alloc_set_vma() also fixed comment section]
Fixes: a43cfc87ca ("android: binder: stop saving a pointer to the VMA")
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: stable@vger.kernel.org
Change-Id: I208b4ebf832790eb155d52ec3115e1e6c58f6f80
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20230502201220.1756319-2-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 72a94f8c14)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 35a089b5d7 ]
Checking the bearer min mtu with tipc_udp_mtu_bad() only works for
IPv4 UDP bearer, and IPv6 UDP bearer has a different value for the
min mtu. This patch checks with encap_hlen + TIPC_MIN_BEARER_MTU
for min mtu, which works for both IPv4 and IPv6 UDP bearer.
Note that tipc_udp_mtu_bad() is still used to check media min mtu
in __tipc_nl_media_set(), as m->mtu currently is only used by the
IPv4 UDP bearer as its default mtu value.
Fixes: 682cd3cf94 ("tipc: confgiure and apply UDP bearer MTU on running links")
Change-Id: I384afae6ffa9c43f72c1cda34ad2f1dd611fc675
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit f215b62f59)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 56077b56cd ]
When doing link mtu negotiation, a malicious peer may send Activate msg
with a very small mtu, e.g. 4 in Shuang's testing, without checking for
the minimum mtu, l->mtu will be set to 4 in tipc_link_proto_rcv(), then
n->links[bearer_id].mtu is set to 4294967228, which is a overflow of
'4 - INT_H_SIZE - EMSG_OVERHEAD' in tipc_link_mss().
With tipc_link.mtu = 4, tipc_link_xmit() kept printing the warning:
tipc: Too large msg, purging xmit list 1 5 0 40 4!
tipc: Too large msg, purging xmit list 1 15 0 60 4!
And with tipc_link_entry.mtu 4294967228, a huge skb was allocated in
named_distribute(), and when purging it in tipc_link_xmit(), a crash
was even caused:
general protection fault, probably for non-canonical address 0x2100001011000dd: 0000 [#1] PREEMPT SMP PTI
CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Not tainted 6.3.0.neta #19
RIP: 0010:kfree_skb_list_reason+0x7e/0x1f0
Call Trace:
<IRQ>
skb_release_data+0xf9/0x1d0
kfree_skb_reason+0x40/0x100
tipc_link_xmit+0x57a/0x740 [tipc]
tipc_node_xmit+0x16c/0x5c0 [tipc]
tipc_named_node_up+0x27f/0x2c0 [tipc]
tipc_node_write_unlock+0x149/0x170 [tipc]
tipc_rcv+0x608/0x740 [tipc]
tipc_udp_recv+0xdc/0x1f0 [tipc]
udp_queue_rcv_one_skb+0x33e/0x620
udp_unicast_rcv_skb.isra.72+0x75/0x90
__udp4_lib_rcv+0x56d/0xc20
ip_protocol_deliver_rcu+0x100/0x2d0
This patch fixes it by checking the new mtu against tipc_bearer_min_mtu(),
and not updating mtu if it is too small.
Fixes: ed193ece26 ("tipc: simplify link mtu negotiation")
Reported-by: Shuang Li <shuali@redhat.com>
Change-Id: I95f28cbfaf6dc4899e0695ba6168c7c58737f06b
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 259683001d)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3ae6d66b60 ]
As different media may requires different min mtu, and even the
same media with different net family requires different min mtu,
add tipc_bearer_min_mtu() to calculate min mtu accordingly.
This API will be used to check the new mtu when doing the link
mtu negotiation in the next patch.
Change-Id: I960cf07506388294eb6028938025e1073a2c4be5
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 56077b56cd ("tipc: do not update mtu if msg_max is too small in mtu negotiation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 735c64ea88)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5c5a7680e6 ]
struct platform_driver::remove returning an integer made driver authors
expect that returning an error code was proper error handling. However
the driver core ignores the error and continues to remove the device
because there is nothing the core could do anyhow and reentering the
remove callback again is only calling for trouble.
So this is an source for errors typically yielding resource leaks in the
error path.
As there are too many platform drivers to neatly convert them all to
return void in a single go, do it in several steps after this patch:
a) Convert all drivers to implement .remove_new() returning void instead
of .remove() returning int;
b) Change struct platform_driver::remove() to return void and so make
it identical to .remove_new();
c) Change all drivers back to .remove() now with the better prototype;
d) drop struct platform_driver::remove_new().
While this touches all drivers eventually twice, steps a) and c) can be
done one driver after another and so reduces coordination efforts
immensely and simplifies review.
Change-Id: I7da6828a301462bad53470cf94db94d55ac51d37
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20221209150914.3557650-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 17955aba78 ("ASoC: fsl_micfil: Fix error handler with pm_runtime_enable")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9d3ac384cb)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit d2c48b2387 ]
Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra
triggers:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0
preempt_count: 0, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by cpuhp/0/24:
#0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248
#1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248
#2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130
irq event stamp: 36
hardirqs last enabled at (35): [<ffffda301e85b7bc>] finish_task_switch+0xb4/0x2b0
hardirqs last disabled at (36): [<ffffda301e812fec>] cpuhp_thread_fun+0x21c/0x248
softirqs last enabled at (0): [<ffffda301e80b184>] copy_process+0x63c/0x1ac0
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...]
Hardware name: WIWYNN Mt.Jade Server [...]
Call trace:
dump_backtrace+0x114/0x120
show_stack+0x20/0x70
dump_stack_lvl+0x9c/0xd8
dump_stack+0x18/0x34
__might_resched+0x188/0x228
rt_spin_lock+0x70/0x120
sdei_cpuhp_up+0x3c/0x130
cpuhp_invoke_callback+0x250/0xf08
cpuhp_thread_fun+0x120/0x248
smpboot_thread_fn+0x280/0x320
kthread+0x130/0x140
ret_from_fork+0x10/0x20
sdei_cpuhp_up() is called in the STARTING hotplug section,
which runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry
instead to execute the cpuhp cb later, with preemption enabled.
SDEI originally got its own cpuhp slot to allow interacting
with perf. It got superseded by pNMI and this early slot is not
relevant anymore. [1]
Some SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the
calling CPU. It is checked that preemption is disabled for them.
_ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'.
Preemption is enabled in those threads, but their cpumask is limited
to 1 CPU.
Move 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb
don't trigger them.
Also add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call
which acts on the calling CPU.
[1]:
https://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/
Suggested-by: James Morse <james.morse@arm.com>
Change-Id: I9f73aadd24096d8298b5ae8f26f955e9f6ee2b9a
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: James Morse <james.morse@arm.com>
Link: https://lore.kernel.org/r/20230216084920.144064-1-pierre.gondois@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit a8267bc8de)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 31088f6f79 ]
typeof is (still) a GNU extension, which means that it cannot be used when
building ISO C (e.g. -std=c99). It should therefore be avoided in uapi
headers in favour of the ISO-friendly __typeof__.
Unfortunately this issue could not be detected by
CONFIG_UAPI_HEADER_TEST=y as the __ALIGN_KERNEL() macro is not expanded in
any uapi header.
This matters from a userspace perspective, not a kernel one. uapi
headers and their contents are expected to be usable in a variety of
situations, and in particular when building ISO C applications (with
-std=c99 or similar).
This particular problem can be reproduced by trying to use the
__ALIGN_KERNEL macro directly in application code, say:
int align(int x, int a)
{
return __KERNEL_ALIGN(x, a);
}
and trying to build that with -std=c99.
Link: https://lkml.kernel.org/r/20230411092747.3759032-1-kevin.brodsky@arm.com
Fixes: a79ff731a1 ("netfilter: xtables: make XT_ALIGN() usable in exported headers by exporting __ALIGN_KERNEL()")
Change-Id: I05462cdee00da59617f3dfb875c233a246f7d2f6
Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
Reported-by: Ruben Ayrapetyan <ruben.ayrapetyan@arm.com>
Tested-by: Ruben Ayrapetyan <ruben.ayrapetyan@arm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit ef9f854103)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f7abf14f00 upstream.
For some unknown reason the introduction of the timer_wait_running callback
missed to fixup posix CPU timers, which went unnoticed for almost four years.
Marco reported recently that the WARN_ON() in timer_wait_running()
triggers with a posix CPU timer test case.
Posix CPU timers have two execution models for expiring timers depending on
CONFIG_POSIX_CPU_TIMERS_TASK_WORK:
1) If not enabled, the expiry happens in hard interrupt context so
spin waiting on the remote CPU is reasonably time bound.
Implement an empty stub function for that case.
2) If enabled, the expiry happens in task work before returning to user
space or guest mode. The expired timers are marked as firing and moved
from the timer queue to a local list head with sighand lock held. Once
the timers are moved, sighand lock is dropped and the expiry happens in
fully preemptible context. That means the expiring task can be scheduled
out, migrated, interrupted etc. So spin waiting on it is more than
suboptimal.
The timer wheel has a timer_wait_running() mechanism for RT, which uses
a per CPU timer-base expiry lock which is held by the expiry code and the
task waiting for the timer function to complete blocks on that lock.
This does not work in the same way for posix CPU timers as there is no
timer base and expiry for process wide timers can run on any task
belonging to that process, but the concept of waiting on an expiry lock
can be used too in a slightly different way:
- Add a mutex to struct posix_cputimers_work. This struct is per task
and used to schedule the expiry task work from the timer interrupt.
- Add a task_struct pointer to struct cpu_timer which is used to store
a the task which runs the expiry. That's filled in when the task
moves the expired timers to the local expiry list. That's not
affecting the size of the k_itimer union as there are bigger union
members already
- Let the task take the expiry mutex around the expiry function
- Let the waiter acquire a task reference with rcu_read_lock() held and
block on the expiry mutex
This avoids spin-waiting on a task which might not even be on a CPU and
works nicely for RT too.
Fixes: ec8f954a40 ("posix-timers: Use a callback for cancel synchronization on PREEMPT_RT")
Reported-by: Marco Elver <elver@google.com>
Change-Id: Ic069585c15bc968dec3c2b99cc70256f56a70b32
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marco Elver <elver@google.com>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/87zg764ojw.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit bccf9fe296)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Over the lifetime of the kernel, new arm64 cpucaps need to be added to
handle errata and other fun stuff. So reserve 20 spots for us to use in
the future as this is an ABI-stable structure that we can not increase
over time without major problems.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I37bdac374e2570f61ab54919712fd62c7e541e67
This is a placeholder to workaround NXP iMX8QM A53 Cache coherency issue.
The full patch is still under review upstream.
Considering the patch adds a new cpucap, which breaks KMI, and
the KMI freeze date is coming, so use a placeholder
here to update KMI before the freeze.
According to NXP errata document[1] i.MX8QuadMax SoC suffers from
serious cache coherence issue. It was also mentioned in initial
support[2] for imx8qm mek machine.
Following is excerpt from NXP IMX8_1N94W "Mask Set Errata" document
Rev. 5, 3/2023. Just in case it gets lost somehow.
"ERR050104: Arm/A53: Cache coherency issue"
Description
Some maintenance operations exchanged between the A53 and A72
core clusters, involving some Translation Look-aside Buffer
Invalidate (TLBI) and Instruction Cache (IC) instructions can
be corrupted. The upper bits, above bit-35, of ARADDR and ACADDR
buses within in Arm A53 sub-system have been incorrectly connected.
Therefore ARADDR and ACADDR address bits above bit-35 should not
be used.
Workaround
The following software instructions are required to be downgraded
to TLBI VMALLE1IS: TLBI ASIDE1, TLBI ASIDE1IS, TLBI VAAE1,
TLBI VAAE1IS, TLBI VAALE1, TLBI VAALE1IS, TLBI VAE1, TLBI VAE1IS,
TLBI VALE1, TLBI VALE1IS
The following software instructions are required to be downgraded
to TLBI VMALLS12E1IS: TLBI IPAS2E1IS, TLBI IPAS2LE1IS
The following software instructions are required to be downgraded
to TLBI ALLE2IS: TLBI VAE2IS, TLBI VALE2IS.
The following software instructions are required to be downgraded
to TLBI ALLE3IS: TLBI VAE3IS, TLBI VALE3IS.
The following software instructions are required to be downgraded
to TLBI VMALLE1IS when the Force Broadcast (FB) bit [9] of the
Hypervisor Configuration Register (HCR_EL2) is set:
TLBI ASIDE1, TLBI VAAE1, TLBI VAALE1, TLBI VAE1, TLBI VALE1
The following software instruction is required to be downgraded
to IC IALLUIS: IC IVAU, Xt
Specifically for the IC IVAU, Xt downgrade, setting SCTLR_EL1.UCI
to 0 will disable EL0 access to this instruction. Any attempt to
execute from EL0 will generate an EL1 trap, where the downgrade to
IC ALLUIS can be implemented.
[1] https://www.nxp.com/docs/en/errata/IMX8_1N94W.pdf
[2] commit 307fd14d4b ("arm64: dts: imx: add imx8qm mek support")
Bug: 284762900
Link: https://lore.kernel.org/linux-arm-kernel/20230420112952.28340-1-iivanov@suse.de/
Signed-off-by: Jindong Yue <jindong.yue@nxp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8dd50b369412de73b608805d1b5bb8424ea23280
FEAT_XNX allows to specify PXN and UXN attributes on stage-2 entries.
Make this usable from pKVM by exposing two new kvm_pgtable_prot entries
for each of them.
No functional changes intended.
Bug: 264070847
Change-Id: I47d861fa64ba511370b182f4609fe1c27695a949
Signed-off-by: Quentin Perret <qperret@google.com>
Nothing currently prevents the donation of an MMIO region to the
hypervisor for backing e.g. guest stage-2 page-tables, tracing buffers,
hyp vm and vcpu metadata, or any other donation to EL2. However, the
only confirmed use-case for MMIO donations are for protecting the IOMMU
registers as well as for vendor module usage.
Restrict the donation of MMIO regions to these two paths only by
introducing a new helper function.
Bug: 264070847
Change-Id: I914508fb3e3547fcfabca8557bdf7948cb796099
Signed-off-by: Quentin Perret <qperret@google.com>
We've historically disallowed state changes for MMIO pages -- the host
had sole ownership of all of them. However, changing the state of those
pages has clearly become a goal both to support vendor extensions to
the hypervisor, as well as to support device assignment in the longer
term. To pave the way towards this support, let's allow certain state
transitions for MMIO pages.
Bug: 264070847
Change-Id: I9803b572c90d8a694c3d43a0ee0d7b4f4124fe4a
Signed-off-by: Quentin Perret <qperret@google.com>
We now allow donations of MMIO ranges, let's also allow modules to
change host stage-2 permissions.
Bug: 264070847
Change-Id: Ia72678bb27559d9a7963dbc5ffb5a101efcbbad2
Signed-off-by: Quentin Perret <qperret@google.com>
There shouldn't be any reason to ever need allocating from the host
stage-2 pool during mem aborts now that the base page-table structure
is pinned. To prevent future regressions in this area, introduce a new
sanity check that will warn when hyp_page_alloc() is used from the mem
wrong paths.
Bug: 264070847
Change-Id: I7a7c606fe01558790e4ffcd3534f8976caf48bd0
Signed-off-by: Quentin Perret <qperret@google.com>
The MMIO register space for IOMMUs controlled by the hypervisor is
currently unmapped from the host stage-2, and we rely on the host abort
path to not accidentally map them. However, this approach becomes
increasingly difficult to maintain as we introduce support for donating
MMIO regions and not just memory -- nothing prevents the host from
donating a protected MMIO register to another entity for example.
Now that MMIO donations are possible, let's use the proper
host-donate-hyp machinery to implement this. As a nice side effect, this
guarantees the host stage-2 page-table is annotated with hyp ownership
for those IOMMU regions, which guarantees the core range alignment
feature in the host mem abort parth will do the right thing without
requiring a second pass in the IOMMU code. This also turns the host
stage-2 PTEs into "non-default" entries, hence avoiding issues with the
coallescing code looking forward.
Bug: 264070847
Change-Id: I1fad1b1be36f3b654190a912617e780141945a8f
Signed-off-by: Quentin Perret <qperret@google.com>
We now support donations of MMIO ranges to the hypervisor. Make sure to
update the donation logic to correctly map these pages with device
mappings.
Bug: 264070847
Change-Id: I36558f05ed47d1e3dc06e4e24151241474b4ff77
Signed-off-by: Quentin Perret <qperret@google.com>
We're now guaranteed by construction to not require structural changes
to the host stage-2 page-table from the host memory abort path, so let's
use the low-level __host_stage2_idmap() function directly instead of the
higher-level wrapper that attempts page recycling when running out of
memory.
Bug: 264070847
Change-Id: I2db34777386931bfb3f93ea3b3e51e1e2a10ea79
Signed-off-by: Quentin Perret <qperret@google.com>
Now that the host stage-2 page-table is entirely pre-populated in
__pkvm_init_finalize(), we know that by the end of this function, the
structure of the page-table will remain stable until the host calls in
the hypervisor to require e.g. a page-table changes (by e.g. running a
guest). This does not necessarily mean that no host mem aborts will
occur -- there may be null PTEs in the host stage-2 due to collapsed
block mappings from fix_host_ownership() for example -- but all those
aborts should be trivially handled without requiring structural changes
to the page-table. This has the nice side effect of guaranteeing that
host_mem_abort() will not allocate from the host stage-2 pool. In order
to ensure this desirable property is retained for the lifetime of the
system even in the presence of the coalescing feature, let's 'pin' the
structure of the page-table as-is by taking an additional reference
from each table entry.
Bug: 264070847
Change-Id: If870d7485cc38f6ad714901e710287911f111897
Signed-off-by: Quentin Perret <qperret@google.com>
We will soon need to use kvm_pte_follow() from outside pgtable.c, so
move it to the header file as static inline.
Bug: 264070847
Change-Id: I319dff1b352a4acd8d9a5cc74acb5f1758be358f
Signed-off-by: Quentin Perret <qperret@google.com>
We will soon attempt to avoid any memory allocations from the host mem
abort path. In order to pave the way towards supporting this, let's
pre-populate the host stage-2 for the entire address space using as many
block mappings as possible. Some of these mappings may need to be
collapsed shortly after from fix_host_ownership() for example, so this
doesn't guarantee the absence of memory aborts altogether, but helps
getting the structure of the page-table in the right shape early on.
Bug: 264070847
Change-Id: Ib3ce25c893f779437ce473d64e08e8876870556c
Signed-off-by: Quentin Perret <qperret@google.com>
The fix_host_ownership() path walks the hypervisor's stage-1 page-table
to adjust the host's stage-2 accordingly. However, this is done before
the hyp stage-1 refcount has been fixed up, and before the hyp percpu
fixmap has been created. This all works right now as we start off with
an empty host stage-2, so none of the changes require the usage of the
fixmap for e.g. CMOs.
To prepare the ground for doing fix_host_ownership() with a non-empty
page-table, finalize the hyp stage-1 upfront.
Bug: 264070847
Change-Id: I6aff3ac2f835be3fb3fba7660540c0a9b99c097d
Signed-off-by: Quentin Perret <qperret@google.com>
When recycling host stage-2 page-table pages, we currenly blindly
unmap all 'non-moveable' regions. To prepare the ground for allowing the
mapping of those regions with non-default attributes, let's switch to
using the recently introduced kvm_pgtable_stage2_reclaim_leaf() helper
which will only reclaim pages containing PTEs with default attributes.
Bug: 264070847
Change-Id: I4a441a20abe84d2405efcfa403908078c10be841
Signed-off-by: Quentin Perret <qperret@google.com>
We will soon improve the mechanism by which the host's stage-2
page-table pages are recycled whenever its pool runs out of pages. To
prepare thecground for this, introduce a new helper function in the
page-table code allowing to reclaim leaf pages that don't hold counted
PTEs.
Bug: 264070847
Change-Id: Ie172bf11f2980e45bc908002368759f74f42d195
Signed-off-by: Quentin Perret <qperret@google.com>
Enable CONFIG_BLK_CGROUP_IOCOST to help control IO resources.
Bug: 188749221
Bug: 285074916
Change-Id: I611b3ff5929d0a998fa6241967887803636b7588
(cherry picked from commit 19316b4889)
Signed-off-by: Yang Yang <yang.yang@vivo.com>
This reverts commit 4ae2af3e59.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: I86bb2f6a68328744a796648dd8ec907580dd2c0b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 9f4d7efb33.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: Ic3e8a533b0958aea3b2f58af8aa8292377e78ace
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 1e4e379ccd.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: I046885f1246a0def7ee238f833ee78ba8a4cecb0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ba4fec5bd6.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: I95c2e59a4854c4e178d11b890e8401bc3cb64b68
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 3a2129ebae.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: Ib4d8c98270484b4d2c63e838bbe0d24c00642f87
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ab90b68f65.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: If61ba37db2a3ea1642c9e5c9295e2d7d4a94207b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit dd628fc697.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: Iceb2053c9440a9b52e1d1d331bdd4fb9f8d649c9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit fe735073a5.
It breaks the Android KABI and will be brought back at a later time when
it is safe to do so.
Bug: 161946584
Change-Id: Iff834f7a4fde71e5c43d477cb9e2adbebd92d389
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Expose usb device state to userland as the information is useful in
detecting non-compliant setups and diagnosing enumeration failures.
For example:
- End-to-end signal integrity issues: the device would fail port reset
repeatedly and thus be stuck in POWERED state.
- Charge-only cables (missing D+/D- lines): the device would never enter
POWERED state as the HC would not see any pullup.
What's the status quo?
We do have error logs such as "Cannot enable. Maybe the USB cable is bad?"
to flag potential setup issues, but there's no good way to expose them to
userspace.
Why add a sysfs entry in struct usb_port instead of struct usb_device?
The struct usb_device is not device_add() to the system until it's in
ADDRESS state hence we would miss the first two states. The struct
usb_port is a better place to keep the information because its life
cycle is longer than the struct usb_device that is attached to the port.
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202306042228.e532af6e-oliver.sang@intel.com
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Change-Id: Ib78d4c7b4b1db402828c92dc792838a1015f0f2c
Signed-off-by: Roy Luo <royluo@google.com>
Message-ID: <20230608015913.1679984-1-royluo@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(Backport conflicts: the adjacent sysfs entry is different in
ABI documentation)
Bug: 285199434
(cherry picked from commit 83cb2604f6
https: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-testing)
Change-Id: I1a0da6686e57be05ef10ae98892599eb37074014
Signed-off-by: Roy Luo <royluo@google.com>
Add symbol list for oplus in android/abi_gki_aarch64_oplus
1 function symbol(s) added
'int public_key_verify_signature(const struct public_key*, const struct public_key_signature*)'
Bug: 286993971
Change-Id: I748437d61b46b6ee3736b3c7df36ab7249b187f6
Signed-off-by: zuoyonghua <zuoyonghua@oppo.com>
commit 3918dd0177 upstream.
This driver relies on IEEE80211_CONF_PS of hw->conf.flags to turn off PS or
turn on dynamic PS controlled by driver and firmware. Though this would be
incorrect, it did work before because the flag is always recalculated until
the commit 28977e790b ("wifi: mac80211: skip powersave recalc if driver SUPPORTS_DYNAMIC_PS")
is introduced by kernel 5.20 to skip to recalculate IEEE80211_CONF_PS
of hw->conf.flags if driver sets SUPPORTS_DYNAMIC_PS.
Correct this by doing recalculation while BSS_CHANGED_PS is changed and
interface is added or removed. It is allowed to enter PS only if single
one station vif is working. Without this fix, driver doesn't enter PS
anymore that causes higher power consumption.
Fixes: bcde60e599 ("rtw88: remove misleading module parameter rtw_fw_support_lps")
Cc: stable@vger.kernel.org # 6.1+
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230527082939.11206-2-pkshih@realtek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 26a125f550 upstream.
This driver relies on IEEE80211_CONF_PS of hw->conf.flags to turn off PS or
turn on dynamic PS controlled by driver and firmware. Though this would be
incorrect, it did work before because the flag is always recalculated until
the commit 28977e790b ("wifi: mac80211: skip powersave recalc if driver SUPPORTS_DYNAMIC_PS")
is introduced by kernel 5.20 to skip to recalculate IEEE80211_CONF_PS
of hw->conf.flags if driver sets SUPPORTS_DYNAMIC_PS.
Correct this by doing recalculation while BSS_CHANGED_PS is changed and
interface is added or removed. For now, it is allowed to enter PS only if
single one station vif is working, and it could possible to have PS per
vif after firmware can support it. Without this fix, driver doesn't
enter PS anymore that causes higher power consumption.
Fixes: e3ec7017f6 ("rtw89: add Realtek 802.11ax driver")
Cc: stable@vger.kernel.org # 6.1+
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230527082939.11206-3-pkshih@realtek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dea9d8f764 upstream.
ext4_xattr_block_set() relies on its caller to call dquot_initialize()
on the inode. To assure that this has happened there are WARN_ON
checks. Unfortunately, this is subject to false positives if there is
an antagonist thread which is flipping the file system at high rates
between r/o and rw. So only do the check if EXT4_XATTR_DEBUG is
enabled.
Link: https://lore.kernel.org/r/20230608044056.GA1418535@mit.edu
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
