31f50e8abc2eec22ba0f78d25f8a69cde6d65ba1
38569 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Steven Rostedt (Google)
|
bc6d4e9d64 |
ring-buffer: Have the shortest_full queue be the shortest not longest
commit 3b19d614b61b93a131f463817e08219c9ce1fee3 upstream.
The logic to know when the shortest waiters on the ring buffer should be
woken up or not has uses a less than instead of a greater than compare,
which causes the shortest_full to actually be the longest.
Link: https://lkml.kernel.org/r/20220927231823.718039222@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
e8d1167385 |
ring-buffer: Allow splice to read previous partially read pages
commit fa8f4a89736b654125fb254b0db753ac68a5fced upstream.
If a page is partially read, and then the splice system call is run
against the ring buffer, it will always fail to read, no matter how much
is in the ring buffer. That's because the code path for a partial read of
the page does will fail if the "full" flag is set.
The splice system call wants full pages, so if the read of the ring buffer
is not yet full, it should return zero, and the splice will block. But if
a previous read was done, where the beginning has been consumed, it should
still be given to the splice caller if the rest of the page has been
written to.
This caused the splice command to never consume data in this scenario, and
let the ring buffer just fill up and lose events.
Link: https://lkml.kernel.org/r/20220927144317.46be6b80@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes:
|
||
Zheng Yejian
|
fb96b7489f |
ftrace: Properly unset FTRACE_HASH_FL_MOD
commit 0ce0638edf5ec83343302b884fa208179580700a upstream.
When executing following commands like what document said, but the log
"#### all functions enabled ####" was not shown as expect:
1. Set a 'mod' filter:
$ echo 'write*:mod:ext3' > /sys/kernel/tracing/set_ftrace_filter
2. Invert above filter:
$ echo '!write*:mod:ext3' >> /sys/kernel/tracing/set_ftrace_filter
3. Read the file:
$ cat /sys/kernel/tracing/set_ftrace_filter
By some debugging, I found that flag FTRACE_HASH_FL_MOD was not unset
after inversion like above step 2 and then result of ftrace_hash_empty()
is incorrect.
Link: https://lkml.kernel.org/r/20220926152008.2239274-1-zhengyejian1@huawei.com
Cc: <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes:
|
||
Rik van Riel
|
31dc1727c1 |
livepatch: fix race between fork and KLP transition
commit 747f7a2901174c9afa805dddfb7b24db6f65e985 upstream.
The KLP transition code depends on the TIF_PATCH_PENDING and
the task->patch_state to stay in sync. On a normal (forward)
transition, TIF_PATCH_PENDING will be set on every task in
the system, while on a reverse transition (after a failed
forward one) first TIF_PATCH_PENDING will be cleared from
every task, followed by it being set on tasks that need to
be transitioned back to the original code.
However, the fork code copies over the TIF_PATCH_PENDING flag
from the parent to the child early on, in dup_task_struct and
setup_thread_stack. Much later, klp_copy_process will set
child->patch_state to match that of the parent.
However, the parent's patch_state may have been changed by KLP loading
or unloading since it was initially copied over into the child.
This results in the KLP code occasionally hitting this warning in
klp_complete_transition:
for_each_process_thread(g, task) {
WARN_ON_ONCE(test_tsk_thread_flag(task, TIF_PATCH_PENDING));
task->patch_state = KLP_UNDEFINED;
}
Set, or clear, the TIF_PATCH_PENDING flag in the child task
depending on whether or not it is needed at the time
klp_copy_process is called, at a point in copy_process where the
tasklist_lock is held exclusively, preventing races with the KLP
code.
The KLP code does have a few places where the state is changed
without the tasklist_lock held, but those should not cause
problems because klp_update_patch_state(current) cannot be
called while the current task is in the middle of fork,
klp_check_and_switch_task() which is called under the pi_lock,
which prevents rescheduling, and manipulation of the patch
state of idle tasks, which do not fork.
This should prevent this warning from triggering again in the
future, and close the race for both normal and reverse transitions.
Signed-off-by: Rik van Riel <riel@surriel.com>
Reported-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Fixes:
|
||
Suren Baghdasaryan
|
f1076051b3 |
FROMLIST: psi: stop relying on timer_pending for poll_work rescheduling
Psi polling mechanism is trying to minimize the number of wakeups to
run psi_poll_work and is currently relying on timer_pending() to detect
when this work is already scheduled. This provides a window of opportunity
for psi_group_change to schedule an immediate psi_poll_work after
poll_timer_fn got called but before psi_poll_work could reschedule itself.
Below is the depiction of this entire window:
poll_timer_fn
wake_up_interruptible(&group->poll_wait);
psi_poll_worker
wait_event_interruptible(group->poll_wait, ...)
psi_poll_work
psi_schedule_poll_work
if (timer_pending(&group->poll_timer)) return;
...
mod_timer(&group->poll_timer, jiffies + delay);
Prior to
|
||
Greg Kroah-Hartman
|
eb07b1080f |
Merge 5.15.72 into android14-5.15
Changes in 5.15.72 ALSA: hda: Do disconnect jacks at codec unbind ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation ALSA: hda: Fix Nvidia dp infoframe ALSA: hda/realtek: fix speakers and micmute on HP 855 G8 cgroup: reduce dependency on cgroup_mutex cgroup: cgroup_get_from_id() must check the looked-up kn is a directory uas: add no-uas quirk for Hiksemi usb_disk usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: ignore UAS for Thinkplus chips usb: typec: ucsi: Remove incorrect warning thunderbolt: Explicitly reset plug events delay back to USB4 spec value net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address can: c_can: don't cache TX messages for C_CAN cores clk: ingenic-tcu: Properly enable registers before accessing timers x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd ARM: dts: integrator: Tag PCI host with device_type ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() mm/damon/dbgfs: fix memory leak when using debugfs_lookup() net: mt7531: only do PLL once after the reset Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" drm/i915/gt: Restrict forced preemption to the active context drm/amdgpu: Add amdgpu suspend-resume code path under SRIOV vduse: prevent uninitialized memory accesses libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 mmc: moxart: fix 4-bit bus width and remove 8-bit bus width mmc: hsq: Fix data stomping during mmc recovery mm/page_alloc: fix race condition between build_all_zonelists and page allocation mm: prevent page_frag_alloc() from corrupting the memory mm: fix dereferencing possible ERR_PTR mm/migrate_device.c: flush TLB while holding PTL mm: fix madivse_pageout mishandling on non-LRU page mm,hwpoison: check mm when killing accessing process media: dvb_vb2: fix possible out of bound access media: rkvdec: Disable H.264 error detection media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() swiotlb: max mapping size takes min align mask into account ARM: dts: am33xx: Fix MMCHS0 dma properties reset: imx7: Fix the iMX8MP PCIe PHY PERST support ARM: dts: am5748: keep usb4_tm disabled soc: sunxi: sram: Actually claim SRAM regions soc: sunxi: sram: Prevent the driver from being unbound soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() soc: sunxi: sram: Fix probe function ordering issues soc: sunxi: sram: Fix debugfs info for A64 SRAM C ASoC: imx-card: Fix refcount issue with of_node_put arm64: dts: qcom: sm8350: fix UFS PHY serdes size ASoC: tas2770: Reinit regcache on reset drm/bridge: lt8912b: add vsync hsync drm/bridge: lt8912b: set hdmi or dvi mode drm/bridge: lt8912b: fix corrupted image output Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" Input: melfas_mip4 - fix return value check in mip4_probe() gpio: mvebu: Fix check for pwm support on non-A8K platforms usbnet: Fix memory leak in usbnet_disconnect() net: sched: act_ct: fix possible refcount leak in tcf_ct_init() cxgb4: fix missing unlock on ETHOFLD desc collect fail path net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices wifi: mac80211: fix regression with non-QoS drivers net: stmmac: power up/down serdes in stmmac_open/release net: phy: Don't WARN for PHY_UP state in mdio_bus_phy_resume() selftests: Fix the if conditions of in test_extra_filter() vdpa/ifcvf: fix the calculation of queuepair fs: split off setxattr_copy and do_setxattr function from setxattr clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks clk: iproc: Do not rely on node name for correct PLL setup KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest x86/alternative: Fix race in try_get_desc() drm/i915/gem: Really move i915_gem_context.link under ref protection Linux 5.15.72 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib8569de2af78d5080b026a46196aad5fc816fd42 |
||
Tianyu Lan
|
bfe5dc2101 |
swiotlb: max mapping size takes min align mask into account
commit 82806744fd7dde603b64c151eeddaa4ee62193fd upstream. swiotlb_find_slots() skips slots according to io tlb aligned mask calculated from min aligned mask and original physical address offset. This affects max mapping size. The mapping size can't achieve the IO_TLB_SEGSIZE * IO_TLB_SIZE when original offset is non-zero. This will cause system boot up failure in Hyper-V Isolation VM where swiotlb force is enabled. Scsi layer use return value of dma_max_mapping_size() to set max segment size and it finally calls swiotlb_max_mapping_size(). Hyper-V storage driver sets min align mask to 4k - 1. Scsi layer may pass 256k length of request buffer with 0~4k offset and Hyper-V storage driver can't get swiotlb bounce buffer via DMA API. Swiotlb_find_slots() can't find 256k length bounce buffer with offset. Make swiotlb_max_mapping _size() take min align mask into account. Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Rishabh Bhatnagar <risbhat@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ming Lei
|
8484a356ce |
cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
[ Upstream commit df02452f3df069a59bc9e69c84435bf115cb6e37 ]
cgroup has to be one kernfs dir, otherwise kernel panic is caused,
especially cgroup id is provide from userspace.
Reported-by: Marco Patalano <mpatalan@redhat.com>
Fixes:
|
||
Shakeel Butt
|
ae04dd5ef1 |
cgroup: reduce dependency on cgroup_mutex
[ Upstream commit be288169712f3dea0bc6b50c00b3ab53d85f1435 ] Currently cgroup_get_from_path() and cgroup_get_from_id() grab cgroup_mutex before traversing the default hierarchy to find the kernfs_node corresponding to the path/id and then extract the linked cgroup. Since cgroup_mutex is still held, it is guaranteed that the cgroup will be alive and the reference can be taken on it. However similar guarantee can be provided without depending on the cgroup_mutex and potentially reducing avenues of cgroup_mutex contentions. The kernfs_node's priv pointer is RCU protected pointer and with just rcu read lock we can grab the reference on the cgroup without cgroup_mutex. So, remove cgroup_mutex from them. Signed-off-by: Shakeel Butt <shakeelb@google.com> Signed-off-by: Tejun Heo <tj@kernel.org> Stable-dep-of: df02452f3df0 ("cgroup: cgroup_get_from_id() must check the looked-up kn is a directory") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Ramji Jiyani
|
e7451150cb |
ANDROID: GKI: Add module load time symbol protection
Add CONFIG_MODULE_SIG_PROTECT to enable lookup for the unprotected symbols from the build time generated list of symbols. Module loading behavior will change as follows: - Allows Android GKI Modules signed using MODULE_SIG_ALL during build. - Allows other modules to load if they don't violate the access to Android GKI protected symbols. Loading will fail and return -EACCES (Permission denied) if these modules access the symbol which is not allowlisted via symbol list or exported by a GKI module. Bug: 232430739 Test: TH Signed-off-by: Ramji Jiyani <ramjiyani@google.com> Change-Id: I751b1951241b45712c20ac0e3878abd2152dd002 |
||
|
Ramji Jiyani
|
734319f979 |
Revert "ANDROID: GKI: Add module load time protected symbol lookup"
This reverts commit
|
||
|
Ramji Jiyani
|
c09f10c778 |
Revert "ANDROID: GKI: Disable security lockdown for unsigned modules"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
20c4f16769 |
Merge 5.15.71 into android14-5.15
Changes in 5.15.71
drm/amdgpu: Separate vf2pf work item init from virt data exchange
drm/amdgpu: make sure to init common IP before gmc
staging: r8188eu: Remove support for devices with 8188FU chipset (0bda:f179)
staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
usb: dwc3: Issue core soft reset before enabling run/stop
usb: dwc3: gadget: Prevent repeat pullup()
usb: dwc3: gadget: Refactor pullup()
usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
usb: add quirks for Lenovo OneLink+ Dock
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
Revert "usb: add quirks for Lenovo OneLink+ Dock"
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
USB: core: Fix RST error in hub.c
USB: serial: option: add Quectel BG95 0x0203 composition
USB: serial: option: add Quectel RM520N
Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare"
ALSA: core: Fix double-free at snd_card_new()
ALSA: hda/tegra: set depop delay for tegra
ALSA: hda: add Intel 5 Series / 3400 PCI DID
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
ALSA: hda/realtek: Re-arrange quirk table entries
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
iommu/vt-d: Check correct capability for sagaw determination
btrfs: fix hang during unmount when stopping block group reclaim worker
btrfs: fix hang during unmount when stopping a space reclaim worker
media: flexcop-usb: fix endpoint type check
usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA
thunderbolt: Add support for Intel Maple Ridge single port controller
efi: x86: Wipe setup_data on pure EFI boot
efi: libstub: check Shim mode using MokSBStateRT
wifi: mt76: fix reading current per-tid starting sequence number for aggregation
gpio: mockup: fix NULL pointer dereference when removing debugfs
gpio: mockup: Fix potential resource leakage when register a chip
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
riscv: fix a nasty sigreturn bug...
kasan: call kasan_malloc() from __kmalloc_*track_caller()
can: flexcan: flexcan_mailbox_read() fix return value for drop = true
net: mana: Add rmb after checking owner bits
mm/slub: fix to return errno if kmalloc() fails
mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
arm64: topology: fix possible overflow in amu_fie_setup()
vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment
xfs: reorder iunlink remove operation in xfs_ifree
xfs: fix xfs_ifree() error handling to not leak perag ref
xfs: validate inode fork size against fork format
firmware: arm_scmi: Harden accesses to the reset domains
firmware: arm_scmi: Fix the asynchronous reset requests
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
arm64: dts: rockchip: Fix typo in lisense text for PX30.Core
drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
netfilter: nf_conntrack_irc: Tighten matching on DCC message
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
ice: Don't double unplug aux on peer initiated reset
iavf: Fix cached head and tail value for iavf_get_tx_pending
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
net: core: fix flow symmetric hash
net: phy: aquantia: wait for the suspend/resume operations to finish
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
scsi: mpt3sas: Fix return value check of dma_get_required_mask()
net: bonding: Share lacpdu_mcast_addr definition
net: bonding: Unsync device addresses on ndo_stop
net: team: Unsync device addresses on ndo_stop
drm/panel: simple: Fix innolux_g121i1_l01 bus_format
MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
MIPS: Loongson32: Fix PHY-mode being left unspecified
um: fix default console kernel parameter
iavf: Fix bad page state
mlxbf_gige: clear MDIO gateway lock after read
iavf: Fix set max MTU size with port VLAN and jumbo frames
i40e: Fix VF set max MTU size
i40e: Fix set max_tx_rate when it is lower than 1 Mbps
sfc: fix TX channel offset when using legacy interrupts
sfc: fix null pointer dereference in efx_hard_start_xmit
drm/hisilicon/hibmc: Allow to be built if COMPILE_TEST is enabled
drm/hisilicon: Add depends on MMU
of: mdio: Add of_node_put() when breaking out of for_each_xx
net: ipa: properly limit modem routing table use
wireguard: ratelimiter: disable timings test by default
wireguard: netlink: avoid variable-sized memcpy on sockaddr
net: enetc: move enetc_set_psfp() out of the common enetc_set_features()
net: enetc: deny offload of tc-based TSN features on VF interfaces
net/sched: taprio: avoid disabling offload when it was never enabled
net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
netfilter: ebtables: fix memory leak when blob is malformed
net: ravb: Fix PHY state warning splat during system resume
net: sh_eth: Fix PHY state warning splat during system resume
can: gs_usb: gs_can_open(): fix race dev->can.state condition
perf stat: Fix BPF program section name
perf jit: Include program header in ELF files
perf kcore_copy: Do not check /proc/modules is unchanged
perf tools: Honor namespace when synthesizing build-ids
drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
net/smc: Stop the CLC flow if no link to map buffers on
bonding: fix NULL deref in bond_rr_gen_slave_id
net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
net: sched: fix possible refcount leak in tc_new_tfilter()
bnxt: prevent skb UAF after handing over to PTP worker
selftests: forwarding: add shebang for sch_red.sh
KVM: x86/mmu: Fold rmap_recycle into rmap_add
serial: fsl_lpuart: Reset prior to registration
serial: Create uart_xmit_advance()
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
drm/gma500: Fix BUG: sleeping function called from invalid context errors
drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
drm/amdgpu: use dirty framebuffer helper
drm/amd/display: Limit user regamma to a valid value
drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport()
drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule()
drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
fsdax: Fix infinite loop in dax_iomap_rw()
workqueue: don't skip lockdep work dependency in cancel_work_sync()
i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
i2c: mlxbf: incorrect base address passed during io write
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
i2c: mlxbf: Fix frequency calculation
drm/amdgpu: don't register a dirty callback for non-atomic
NFSv4: Fixes for nfs4_inode_return_delegation()
devdax: Fix soft-reservation memory description
ext4: make directory inode spreading reflect flexbg size
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
ext4: limit the number of retries after discarding preallocations blocks
ext4: make mballoc try target group first even with mb_optimize_scan
ext4: avoid unnecessary spreading of allocations among groups
ext4: use locality group preallocation for small closed files
Linux 5.15.71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie66ba67f788b7ce6ffd766544f9ec0286bec5d9f
|
||
Tetsuo Handa
|
c71ec39be4 |
workqueue: don't skip lockdep work dependency in cancel_work_sync()
[ Upstream commit c0feea594e058223973db94c1c32a830c9807c86 ]
Like Hillf Danton mentioned
syzbot should have been able to catch cancel_work_sync() in work context
by checking lockdep_map in __flush_work() for both flush and cancel.
in [1], being unable to report an obvious deadlock scenario shown below is
broken. From locking dependency perspective, sync version of cancel request
should behave as if flush request, for it waits for completion of work if
that work has already started execution.
----------
#include <linux/module.h>
#include <linux/sched.h>
static DEFINE_MUTEX(mutex);
static void work_fn(struct work_struct *work)
{
schedule_timeout_uninterruptible(HZ / 5);
mutex_lock(&mutex);
mutex_unlock(&mutex);
}
static DECLARE_WORK(work, work_fn);
static int __init test_init(void)
{
schedule_work(&work);
schedule_timeout_uninterruptible(HZ / 10);
mutex_lock(&mutex);
cancel_work_sync(&work);
mutex_unlock(&mutex);
return -EINVAL;
}
module_init(test_init);
MODULE_LICENSE("GPL");
----------
The check this patch restores was added by commit
|
||
|
Greg Kroah-Hartman
|
74ca15c523 |
Merge 5.15.70 into android14-5.15
Changes in 5.15.70 drm/tegra: vic: Fix build warning when CONFIG_PM=n serial: atmel: remove redundant assignment in rs485_config tty: serial: atmel: Preserve previous USART mode if RS485 disabled of: fdt: fix off-by-one error in unflatten_dt_nodes() pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map pinctrl: qcom: sc8180x: Fix wrong pin numbers pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH pinctrl: sunxi: Fix name for A100 R_PIO NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx drm/meson: Correct OSD1 global alpha value drm/meson: Fix OSD1 RGB to YCbCr coefficient block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() of/device: Fix up of_dma_configure_id() stub cifs: revalidate mapping when doing direct writes cifs: don't send down the destination address to sendmsg for a SOCK_STREAM cifs: always initialize struct msghdr smb_msg completely parisc: Allow CONFIG_64BIT with ARCH=parisc tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa drm/amdgpu: Don't enable LTR if not supported drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega binder: remove inaccurate mmap_assert_locked() video: fbdev: i740fb: Error out if 'pixclock' equals zero arm64: dts: juno: Add missing MHU secure-irq ASoC: nau8824: Fix semaphore unbalance at error paths regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE rxrpc: Fix local destruction being repeated rxrpc: Fix calc of resend age wifi: mac80211_hwsim: check length for virtio packets ALSA: hda/sigmatel: Keep power up while beep is enabled ALSA: hda/tegra: Align BDL entry to 4KB boundary net: usb: qmi_wwan: add Quectel RM520N afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() drm/panfrost: devfreq: set opp to the recommended one to configure regulator mksysmap: Fix the mismatch of 'L0' symbols in System.map video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write net: Find dst with sk's xfrm policy not ctl_sk KVM: SEV: add cache flush to solve SEV cache incoherency issues cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() ALSA: hda/sigmatel: Fix unused variable warning for beep power change Linux 5.15.70 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iea16cee2475ff8bca607e57fc8b0c4b71b0a6f56 |
||
|
Greg Kroah-Hartman
|
a449b299e8 |
Merge 5.15.69 into android14-5.15
Changes in 5.15.69
NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests
ACPI: resource: skip IRQ override on AMD Zen platforms
ARM: dts: imx: align SPI NOR node name with dtschema
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
ARM: dts: at91: fix low limit for CPU regulator
ARM: dts: at91: sama7g5ek: specify proper regulator output ranges
lockdep: Fix -Wunused-parameter for _THIS_IP_
x86/mm: Force-inline __phys_addr_nodebug()
task_stack, x86/cea: Force-inline stack helpers
tracing: hold caller_addr to hardirq_{enable,disable}_ip
tracefs: Only clobber mode/uid/gid on remount if asked
iommu/vt-d: Fix kdump kernels boot failure with scalable mode
Input: goodix - add support for GT1158
platform/surface: aggregator_registry: Add support for Surface Laptop Go 2
drm/msm/rd: Fix FIFO-full deadlock
dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
tg3: Disable tg3 device on system reboot to avoid triggering AER
gpio: mockup: remove gpio debugfs when remove device
ieee802154: cc2520: add rc code in cc2520_tx()
Input: iforce - add support for Boeder Force Feedback Wheel
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
net: dsa: hellcreek: Print warning only once
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
soc: fsl: select FSL_GUTS driver for DPIO
usb: gadget: f_uac2: clean up some inconsistent indenting
usb: gadget: f_uac2: fix superspeed transfer
RDMA/irdma: Use s/g array in post send only when its valid
Input: goodix - add compatible string for GT1158
Linux 5.15.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifcadf79f34eb6093489fb3faf5e42c9739e56522
|
||
|
Greg Kroah-Hartman
|
5a1075de9c |
Merge 5.15.68 into android14-5.15
Changes in 5.15.68 net: wwan: iosm: remove pointless null check efi: libstub: Disable struct randomization efi: capsule-loader: Fix use-after-free in efi_capsule_write wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() fs: only do a memory barrier for the first set_buffer_uptodate() Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX scsi: megaraid_sas: Fix double kfree() drm/gem: Fix GEM handle release errors drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/radeon: add a force flush to delay work when radeon scsi: ufs: core: Reduce the power mode change timeout Revert "parisc: Show error if wrong 32/64-bit compiler is being used" parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level netfilter: conntrack: work around exceeded receive window cpufreq: check only freq_table in __resolve_freq() net/core/skbuff: Check the return value of skb_copy_bits() md: Flush workqueue md_rdev_misc_wq in md_alloc() fbdev: fbcon: Destroy mutex on freeing struct fb_info fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: usb-audio: Split endpoint setups for hw_params and prepare ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() tracing: Fix to check event_mutex is held while accessing trigger list btrfs: zoned: set pseudo max append zone limit in zone emulation mode vfio/type1: Unpin zero pages kprobes: Prohibit probes in gate area debugfs: add debugfs_lookup_and_remove() sched/debug: fix dentry leak in update_sched_domain_debugfs drm/amd/display: fix memory leak when using debugfs_lookup() nvmet: fix a use-after-free drm/i915: Implement WaEdpLinkRateDataReload scsi: mpt3sas: Fix use-after-free warning scsi: lpfc: Add missing destroy_workqueue() in error path NFS: Further optimisations for 'ls -l' NFS: Save some space in the inode NFS: Fix another fsync() issue after a server reboot cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock ASoC: qcom: sm8250: add missing module owner RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node soc: imx: gpcv2: Assert reset before ungating clock regulator: core: Clean up on enable failure tee: fix compiler warning in tee_shm_register() RDMA/cma: Fix arguments order in net device validation soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/hns: Fix supported page size RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift wifi: wilc1000: fix DMA on stack objects ARM: at91: pm: fix self-refresh for sama7g5 ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time netfilter: br_netfilter: Drop dst references before setting. netfilter: nf_tables: clean up hook list when offload flags check fails netfilter: nf_conntrack_irc: Fix forged IP logic RDMA/srp: Set scmnd->result only when scmnd is not NULL ALSA: usb-audio: Inform the delayed registration more properly ALSA: usb-audio: Register card again for iface over delayed_register option rxrpc: Fix ICMP/ICMP6 error handling rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() afs: Use the operation issue time instead of the reply time for callbacks Revert "net: phy: meson-gxl: improve link-up behavior" sch_sfb: Don't assume the skb is still around after enqueueing to child tipc: fix shift wrapping bug in map_get() net: introduce __skb_fill_page_desc_noacc tcp: TX zerocopy should not sense pfmemalloc status ice: use bitmap_free instead of devm_kfree i40e: Fix kernel crash during module removal iavf: Detach device during reset task xen-netback: only remove 'hotplug-status' when the vif is actually destroyed RDMA/siw: Pass a pointer to virt_to_page() ipv6: sr: fix out-of-bounds read when setting HMAC data. IB/core: Fix a nested dead lock as part of ODP flow RDMA/mlx5: Set local port to one when accessing counters erofs: fix pcluster use-after-free on UP platforms nvme-tcp: fix UAF when detecting digest errors nvme-tcp: fix regression that causes sporadic requests to time out tcp: fix early ETIMEDOUT after spurious non-SACK RTO nvmet: fix mar and mor off-by-one errors RDMA/irdma: Report the correct max cqes from query device RDMA/irdma: Return correct WC error for bind operation failure RDMA/irdma: Report RNR NAK generation in device caps sch_sfb: Also store skb len before calling child enqueue perf script: Fix Cannot print 'iregs' field for hybrid systems hwmon: (tps23861) fix byte order in resistance register ASoC: mchp-spdiftx: remove references to mchp_i2s_caps ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion MIPS: loongson32: ls1c: Fix hang during startup kbuild: disable header exports for UML in a straightforward way i40e: Refactor tc mqprio checks i40e: Fix ADQ rate limiting for PF swiotlb: avoid potential left shift overflow iommu/amd: use full 64-bit value in build_completion_wait() s390/boot: fix absolute zero lowcore corruption on boot hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors hwmon: (mr75203) fix voltage equation for negative source input hwmon: (mr75203) fix multi-channel voltage reading hwmon: (mr75203) enable polling for all VM channels Revert "arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"" arm64/bti: Disable in kernel BTI when cross section thunks are broken iommu/vt-d: Correctly calculate sagaw value of IOMMU arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly drm/bridge: display-connector: implement bus fmts callbacks perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency Linux 5.15.68 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3e23c18230fda5af55fc5b73db9ac288835c8c23 |
||
|
Greg Kroah-Hartman
|
4204bfff97 |
Merge 5.15.66 into android14-5.15
Changes in 5.15.66 drm/msm/dsi: fix the inconsistent indenting drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: Fix number of regulators for SDM660 platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask iio: adc: mcp3911: make use of the sign bit skmsg: Fix wrong last sg check in sk_msg_recvmsg() bpf: Restrict bpf_sys_bpf to CAP_PERFMON bpf, cgroup: Fix kernel BUG in purge_effective_progs ieee802154/adf7242: defer destroy_workqueue call drm/i915/backlight: extract backlight code to a separate file drm/i915/display: avoid warnings when registering dual panel backlight ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Revert "xhci: turn off port power in shutdown" net: sparx5: fix handling uneven length packets in manual extraction net: smsc911x: Stop and start PHY during suspend and resume openvswitch: fix memory leak at failed datapath creation net: dsa: xrs700x: Use irqsave variant for u64 stats update net: sched: tbf: don't call qdisc_put() while holding tree lock net/sched: fix netdevice reference leaks in attach_default_qdiscs() ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler mlxbf_gige: compute MDIO period based on i1clk kcm: fix strp_init() order and cleanup sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb tcp: annotate data-race around challenge_timestamp Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" net/smc: Remove redundant refcount increase soundwire: qcom: fix device status array range serial: fsl_lpuart: RS485 RTS polariy is inverse staging: rtl8712: fix use after free bugs staging: r8188eu: add firmware dependency powerpc: align syscall table for ppc32 vt: Clear selection before changing the font musb: fix USB_MUSB_TUSB6010 dependency tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag iio: ad7292: Prevent regulator double disable iio: adc: mcp3911: use correct formula for AD conversion misc: fastrpc: fix memory corruption on probe misc: fastrpc: fix memory corruption on open USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id mmc: core: Fix UHS-I SD 1.8V workaround branch mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure binder: fix UAF of ref->proc caused by race condition binder: fix alloc->vma_vm_mm null-ptr dereference cifs: fix small mempool leak in SMB2_negotiate() KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Fix runtime PM sequence in clk_core_unprepare() Input: rk805-pwrkey - fix module autoloading clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() clk: bcm: rpi: Prevent out-of-bounds access clk: bcm: rpi: Add missing newline hwmon: (gpio-fan) Fix array out of bounds access gpio: pca953x: Add mutex_lock for regcache sync in PM KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() mm: pagewalk: Fix race between unmap and page walker xen-blkback: Advertise feature-persistent as user requested xen-blkfront: Advertise feature-persistent as user requested xen-blkfront: Cache feature_persistent value before advertisement thunderbolt: Use the actual buffer in tb_async_error() usb: dwc3: pci: Add support for Intel Raptor Lake media: mceusb: Use new usb_control_msg_*() routines xhci: Add grace period after xHC start to prevent premature runtime suspend. USB: serial: cp210x: add Decagon UCA device id USB: serial: option: add support for OPPO R11 diag port USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device usb: typec: tcpm: Return ENOTSUPP for power supply prop writes usb: dwc2: fix wrong order of phy_power_on and phy_init usb: cdns3: fix issue with rearming ISO OUT endpoint usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb-storage: Add ignore-residue quirk for NXP PN7462AU s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages s390: fix nospec table alignments USB: core: Prevent nested device-reset calls usb: xhci-mtk: relax TT periodic bandwidth allocation usb: xhci-mtk: fix bandwidth release issue usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS driver core: Don't probe devices after bus_type.match() probe deferral wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected wifi: mac80211: Fix UAF in ieee80211_scan_rx() ip: fix triggering of 'icmp redirect' net: Use u64_stats_fetch_begin_irq() for stats fetch. net: mac802154: Fix a condition in the receive path ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 ALSA: seq: oss: Fix data-race for max_midi_devs access ALSA: seq: Fix data-race at module auto-loading drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk drm/i915: Skip wm/ddb readout for disabled pipes tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() kbuild: Unify options for BTF generation for vmlinux and modules kbuild: Add skip_encoding_btf_enum64 option to pahole usb: dwc3: fix PHY disable sequence usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup usb: dwc3: disable USB core PHY management USB: serial: ch341: fix lost character on LCR updates USB: serial: ch341: fix disabled rx timer on older devices Linux 5.15.66 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I309eed59f20bde6cdb0b4debdb6a9c5909f620ee |
||
|
Greg Kroah-Hartman
|
923f8ffad3 |
Merge 5.15.65 into android14-5.15
Changes in 5.15.65
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
drm/bridge: Add stubs for devm_drm_of_get_bridge when OF is disabled
ACPI: thermal: drop an always true check
drm/vc4: hdmi: Rework power up
drm/vc4: hdmi: Depends on CONFIG_PM
firmware: tegra: bpmp: Do only aligned access to IPC memory area
crypto: lib - remove unneeded selection of XOR_BLOCKS
Drivers: hv: balloon: Support status report for larger page sizes
mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
arm64: errata: Add Cortex-A510 to the repeat tlbi list
io_uring: correct fill events helpers types
io_uring: clean cqe filling functions
io_uring: refactor poll update
io_uring: move common poll bits
io_uring: kill poll linking optimisation
io_uring: inline io_poll_complete
io_uring: poll rework
io_uring: Remove unused function req_ref_put
io_uring: remove poll entry from list when canceling all
io_uring: bump poll refs to full 31-bits
io_uring: fail links when poll fails
io_uring: fix wrong arm_poll error handling
io_uring: fix UAF due to missing POLLFREE handling
kbuild: Fix include path in scripts/Makefile.modpost
Bluetooth: L2CAP: Fix build errors in some archs
Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
udmabuf: Set the DMA mask for the udmabuf device (v2)
media: pvrusb2: fix memory leak in pvr_probe
HID: hidraw: fix memory leak in hidraw_release()
net: fix refcount bug in sk_psock_get (2)
fbdev: fb_pm2fb: Avoid potential divide by zero error
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
bpf: Don't redirect packets with invalid pkt_len
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5
HID: add Lenovo Yoga C630 battery quirk
HID: AMD_SFH: Add a DMI quirk entry for Chromebooks
HID: asus: ROG NKey: Ignore portion of 0x5a report
HID: thrustmaster: Add sparco wheel and fix array length
drm/i915/gt: Skip TLB invalidations once wedged
mmc: mtk-sd: Clear interrupts when cqe off/disable
mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs
mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx
mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC
btrfs: remove root argument from btrfs_unlink_inode()
btrfs: remove no longer needed logic for replaying directory deletes
btrfs: add and use helper for unlinking inode during log replay
btrfs: fix warning during log replay when bumping inode link count
fs/ntfs3: Fix work with fragmented xattr
ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path
drm/amd/display: Avoid MPC infinite loop
drm/amd/display: Fix HDMI VSIF V3 incorrect issue
drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
drm/amd/display: clear optc underflow before turn off odm clock
ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured
neigh: fix possible DoS due to net iface start/stop loop
s390/hypfs: avoid error message under KVM
ksmbd: don't remove dos attribute xattr on O_TRUNC open
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
drm/amd/display: Fix pixel clock programming
drm/amdgpu: Increase tlb flush timeout for sriov
drm/amd/display: avoid doing vm_init multiple time
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
testing: selftests: nft_flowtable.sh: use random netns names
btrfs: move lockdep class helpers to locking.c
btrfs: fix lockdep splat with reloc root extent buffers
btrfs: tree-checker: check for overlapping extent items
kprobes: don't call disarm_kprobe() for disabled kprobes
btrfs: fix space cache corruption and potential double allocations
android: binder: fix lockdep check on clearing vma
net/af_packet: check len when min_header_len equals to 0
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Linux 5.15.65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5d29db64b8de0e14dbe991c50430c20bb36ecf59
|
||
|
Greg Kroah-Hartman
|
d32ea5d2c0 |
Merge 5.15.64 into android14-5.15
Changes in 5.15.64 wifi: rtlwifi: remove always-true condition pointed out by GCC 12 eth: sun: cassini: remove dead code audit: fix potential double free on error path from fsnotify_add_inode_mark cgroup: Fix race condition at rebind_subsystems() parisc: Make CONFIG_64BIT available for ARCH=parisc64 only parisc: Fix exception handler for fldw and fstw instructions kernel/sys_ni: add compat entry for fadvise64_64 x86/entry: Move CLD to the start of the idtentry macro block: add a bdev_max_zone_append_sectors helper block: add bdev_max_segments() helper btrfs: zoned: revive max_zone_append_bytes btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size btrfs: convert count_max_extents() to use fs_info->max_extent_size Input: i8042 - move __initconst to fix code styling warning Input: i8042 - merge quirk tables Input: i8042 - add TUXEDO devices to i8042 quirk tables Input: i8042 - add additional TUXEDO devices to i8042 quirk tables drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist scsi: qla2xxx: Fix response queue handler reading stale packets scsi: qla2xxx: edif: Fix dropped IKE message btrfs: put initial index value of a directory in a constant btrfs: pass the dentry to btrfs_log_new_name() instead of the inode btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc() riscv: lib: uaccess: fold fixups into body riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit xfrm: fix refcount leak in __xfrm_policy_check() xfrm: clone missing x->lastused in xfrm_do_migrate af_key: Do not call xfrm_probe_algs in parallel xfrm: policy: fix metadata dst->dev xmit null pointer dereference fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts net: use eth_hw_addr_set() instead of ether_addr_copy() Revert "net: macsec: update SCI upon MAC address change." NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() NFSv4.2 fix problems with __nfs42_ssc_open SUNRPC: RPC level errors should set task->tk_rpc_status mm/smaps: don't access young/dirty bit if pte unpresent ntfs: fix acl handling rose: check NULL rose_loopback_neigh->loopback r8152: fix the units of some registers for RTL8156A r8152: fix the RX FIFO settings when suspending nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout ice: xsk: Force rings to be sized to power of 2 ice: xsk: prohibit usage of non-balanced queue id net/mlx5e: Properly disable vlan strip on non-UL reps net/mlx5: Avoid false positive lockdep warning by adding lock_class_key net/mlx5e: Fix wrong application of the LRO state net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off net: ipa: don't assume SMEM is page-aligned net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() net: moxa: get rid of asymmetry in DMA mapping/unmapping bonding: 802.3ad: fix no transmission of LACPDUs net: ipvtap - add __init/__exit annotations to module init/exit funcs netfilter: ebtables: reject blobs that don't provide all entry points bnxt_en: fix NQ resource accounting during vf creation on 57500 chips netfilter: nf_tables: disallow updates of implicit chain netfilter: nf_tables: make table handle allocation per-netns friendly netfilter: nft_payload: report ERANGE for too long offset and length netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nf_tables: do not leave chain stats enabled on error netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_tunnel: restrict it to netdev family netfilter: nf_tables: consolidate rule verdict trace call netfilter: nft_cmp: optimize comparison for 16-bytes netfilter: bitwise: improve error goto labels netfilter: nf_tables: upfront validation of data via nft_data_init() netfilter: nf_tables: disallow jump to implicit chain from set element netfilter: nf_tables: disallow binding to already bound chain netfilter: flowtable: add function to invoke garbage collection immediately netfilter: flowtable: fix stuck flows on cleanup due to pending work net: Fix data-races around sysctl_[rw]mem_(max|default). net: Fix data-races around weight_p and dev_weight_[rt]x_bias. net: Fix data-races around netdev_max_backlog. net: Fix data-races around netdev_tstamp_prequeue. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around sysctl_optmem_max. net: Fix a data-race around sysctl_tstamp_allow_data. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around netdev_budget. tcp: expose the tcp_mark_push() and tcp_skb_entail() helpers mptcp: stop relying on tcp_tx_skb_cache net: Fix data-races around sysctl_max_skb_frags. net: Fix a data-race around netdev_budget_usecs. net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. net: Fix data-races around sysctl_devconf_inherit_init_net. net: Fix a data-race around sysctl_somaxconn. ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter i40e: Fix incorrect address type for IPv6 flow rules rxrpc: Fix locking in rxrpc's sendmsg ionic: widen queue_lock use around lif init and deinit ionic: clear broken state on generation change ionic: fix up issues with handling EAGAIN on FW cmds ionic: VF initial random MAC address if no assigned mac net: stmmac: work around sporadic tx issue on link-up btrfs: fix silent failure when deleting root reference btrfs: replace: drop assert for suspended replace btrfs: add info when mount fails due to stale replace target btrfs: check if root is readonly while setting security xattr btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() perf/x86/lbr: Enable the branch type for the Arch LBR by default x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry x86/bugs: Add "unknown" reporting for MMIO Stale Data x86/nospec: Unwreck the RSB stuffing loop: Check for overflow while configuring loop writeback: avoid use-after-free after removing device asm-generic: sections: refactor memory_intersects mm/damon/dbgfs: avoid duplicate context directory creation s390/mm: do not trigger write fault when vma does not allow VM_WRITE bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem s390: fix double free of GS and RI CBs on fork() failure fbdev: fbcon: Properly revert changes when vc_resize() failed Revert "memcg: cleanup racy sum avoidance code" ACPI: processor: Remove freq Qos request for all CPUs nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf smb3: missing inode locks in punch hole xen/privcmd: fix error exit of privcmd_ioctl_dm_op() riscv: traps: add missing prototype io_uring: fix issue with io_write() not always undoing sb_start_write() Revert "usbnet: smsc95xx: Fix deadlock on runtime resume" Revert "usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling" mm/hugetlb: fix hugetlb not supporting softdirty tracking Revert "md-raid: destroy the bitmap after destroying the thread" md: call __md_stop_writes in md_stop mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 binder_alloc: add missing mmap_lock calls when using the VMA x86/nospec: Fix i386 RSB stuffing Documentation/ABI: Mention retbleed vulnerability info file for sysfs blk-mq: fix io hung due to missing commit_rqs perf python: Fix build when PYTHON_CONFIG is user supplied perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU perf/x86/intel/ds: Fix precise store latency handling perf stat: Clear evsel->reset_group for each stat run scsi: ufs: core: Enable link lost interrupt scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq bpf: Don't use tnum_range on array range checking for poke descriptors Linux 5.15.64 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8e4d8a8ed90e22487e249b9635b210935febda6e |
||
|
Greg Kroah-Hartman
|
239044beef |
Merge 5.15.63 into android14-5.15
Changes in 5.15.63
ALSA: info: Fix llseek return value when using callback
ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
KVM: Unconditionally get a ref to /dev/kvm module when creating a VM
x86/mm: Use proper mask when setting PUD mapping
rds: add missing barrier to release_refill
locking/atomic: Make test_and_*_bit() ordered on failure
drm/nouveau: recognise GA103
drm/ttm: Fix dummy res NULL ptr deref bug
drm/amd/display: Check correct bounds for stream encoder instances for DCN303
ata: libata-eh: Add missing command name
mmc: pxamci: Fix another error handling path in pxamci_probe()
mmc: pxamci: Fix an error handling path in pxamci_probe()
mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: reset RO counter on block group if we fail to relocate
btrfs: fix lost error handling when looking up extended ref on log replay
cifs: Fix memory leak on the deferred close
x86/kprobes: Fix JNG/JNLE emulation
tracing/perf: Fix double put of trace event when init fails
tracing/eprobes: Do not allow eprobes to use $stack, or % for regs
tracing/eprobes: Do not hardcode $comm as a string
tracing/eprobes: Have event probes be consistent with kprobes and uprobes
tracing/probes: Have kprobes and uprobes use $COMM too
tracing: Have filter accept "common_cpu" to be consistent
ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional
can: ems_usb: fix clang's -Wunaligned-access warning
apparmor: fix quiet_denied for file rules
apparmor: fix absroot causing audited secids to begin with =
apparmor: Fix failed mount permission check error message
apparmor: fix aa_label_asxprint return check
apparmor: fix setting unconfined mode on a loaded profile
apparmor: fix overlapping attachment computation
apparmor: fix reference count leak in aa_pivotroot()
apparmor: Fix memleak in aa_simple_write_to_buffer()
Documentation: ACPI: EINJ: Fix obsolete example
NFSv4.1: Don't decrease the value of seq_nr_highest_sent
NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
NFSv4/pnfs: Fix a use-after-free bug in open
BPF: Fix potential bad pointer dereference in bpf_sys_bpf()
bpf: Don't reinit map value in prealloc_lru_pop
bpf: Acquire map uref in .init_seq_private for array map iterator
bpf: Acquire map uref in .init_seq_private for hash map iterator
bpf: Acquire map uref in .init_seq_private for sock local storage map iterator
bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
bpf: Check the validity of max_rdwr_access for sock local storage map iterator
can: mcp251x: Fix race condition on receive interrupt
can: j1939: j1939_session_destroy(): fix memory leak of skbs
net: atlantic: fix aq_vec index out of range error
m68k: coldfire/device.c: protect FLEXCAN blocks
sunrpc: fix expiry of auth creds
SUNRPC: Fix xdr_encode_bool()
SUNRPC: Reinitialise the backchannel request buffers before reuse
virtio_net: fix memory leak inside XPD_TX with mergeable
devlink: Fix use-after-free after a failed reload
net: phy: Warn about incorrect mdio_bus_phy_resume() state
net: bcmgenet: Indicate MAC is in charge of PHY PM
net: bgmac: Fix a BUG triggered by wrong bytes_compl
selftests: forwarding: Fix failing tests with old libnet
dt-bindings: arm: qcom: fix Alcatel OneTouch Idol 3 compatibles
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
pinctrl: amd: Don't save/restore interrupt status and wake status bits
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
pinctrl: qcom: sm8250: Fix PDC map
Input: exc3000 - fix return value check of wait_for_completion_timeout
octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration
octeontx2-af: Apply tx nibble fixup always
octeontx2-af: suppress external profile loading warning
octeontx2-af: Fix mcam entry resource leak
octeontx2-af: Fix key checking for source mac
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
geneve: do not use RT_TOS for IPv6 flowlabel
mlx5: do not use RT_TOS for IPv6 flowlabel
ipv6: do not use RT_TOS for IPv6 flowlabel
plip: avoid rcu debug splat
vsock: Fix memory leak in vsock_connect()
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
dt-bindings: gpio: zynq: Add missing compatible strings
dt-bindings: arm: qcom: fix Longcheer L8150 compatibles
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
dt-bindings: arm: qcom: fix MSM8994 boards compatibles
dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
spi: dt-bindings: cadence: add missing 'required'
spi: dt-bindings: zynqmp-qspi: add missing 'required'
ceph: use correct index when encoding client supported features
tools/vm/slabinfo: use alphabetic order when two values are equal
ceph: don't leak snap_rwsem in handle_cap_grant
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
tools build: Switch to new openssl API for test-libcrypto
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
xen/xenbus: fix return type in xenbus_file_read()
atm: idt77252: fix use-after-free bugs caused by tst_timer
geneve: fix TOS inheriting for ipv4
perf probe: Fix an error handling path in 'parse_perf_probe_command()'
perf parse-events: Fix segfault when event parser gets an error
perf tests: Fix Track with sched_switch test for hybrid case
dpaa2-eth: trace the allocated address instead of page struct
fs/ntfs3: Fix using uninitialized value n when calling indx_read
fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
fs/ntfs3: Don't clear upper bits accidentally in log_replay()
fs/ntfs3: Fix double free on remount
fs/ntfs3: Do not change mode if ntfs_set_ea failed
fs/ntfs3: Fix missing i_op in ntfs_read_mft
nios2: page fault et.al. are *not* restartable syscalls...
nios2: don't leave NULLs in sys_call_table[]
nios2: traced syscall does need to check the syscall number
nios2: fix syscall restart checks
nios2: restarts apply only to the first sigframe we build...
nios2: add force_successful_syscall_return()
iavf: Fix adminq error handling
iavf: Fix reset error handling
ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
ASoC: tas2770: Set correct FSYNC polarity
ASoC: tas2770: Allow mono streams
ASoC: tas2770: Drop conflicting set_bias_level power setting
ASoC: tas2770: Fix handling of mute/unmute
ASoC: codec: tlv320aic32x4: fix mono playback via I2S
netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access
fs/ntfs3: uninitialized variable in ntfs_set_acl_ex()
netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag
netfilter: nf_tables: possible module reference underflow in error path
netfilter: nf_tables: really skip inactive sets when allocating name
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags
netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END
netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
powerpc/pci: Fix get_phb_number() locking
spi: meson-spicc: add local pow2 clock ops to preserve rate between messages
net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
net: dsa: mv88e6060: prevent crash on an unused port
mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice
net: moxa: pass pdev instead of ndev to DMA functions
net: fix potential refcount leak in ndisc_router_discovery()
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters
net: genl: fix error path memory leak in policy dumping
net: dsa: don't warn in dsa_port_set_state_now() when driver doesn't support it
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
ice: Ignore EEXIST when setting promisc mode
i2c: imx: Make sure to unregister adapter on remove()
regulator: pca9450: Remove restrictions for regulator-name
i40e: Fix to stop tx_timeout recovery if GLOBR fails
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
igb: Add lock to avoid data race
kbuild: fix the modules order between drivers and libs
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
tracing/eprobes: Fix reading of string fields
drm/imx/dcss: get rid of HPD warning message
ASoC: SOF: Intel: hda: Define rom_status_reg in sof_intel_dsp_desc
ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
drm/sun4i: dsi: Prevent underflow when computing packet sizes
net: qrtr: start MHI channel after endpoit creation
KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems
KVM: arm64: Reject 32bit user PSTATE on asymmetric systems
HID: multitouch: new device class fix Lenovo X12 trackpad sticky
PCI: Add ACS quirk for Broadcom BCM5750x NICs
platform/chrome: cros_ec_proto: don't show MKBP version if unsupported
usb: cdns3 fix use-after-free at workaround 2
usb: cdns3: fix random warning message when driver load
usb: gadget: uvc: calculate the number of request depending on framesize
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
PCI: aardvark: Fix reporting Slot capabilities on emulated bridge
irqchip/tegra: Fix overflow implicit truncation warnings
drm/meson: Fix overflow implicit truncation warnings
clk: ti: Stop using legacy clkctrl names for omap4 and 5
scsi: ufs: ufs-mediatek: Fix the timing of configuring device regulators
usb: host: ohci-ppc-of: Fix refcount leak bug
usb: renesas: Fix refcount leak bug
usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
vboxguest: Do not use devm for irq
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
uacce: Handle parent device removal or parent driver module rmmod
zram: do not lookup algorithm in backends table
clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
gadgetfs: ep_io - wait until IRQ finishes
coresight: etm4x: avoid build failure with unrolled loops
habanalabs/gaudi: fix shift out of bounds
habanalabs/gaudi: mask constant value before cast
mmc: tmio: avoid glitches when resetting
pinctrl: intel: Check against matching data instead of ACPI companion
cxl: Fix a memory leak in an error handling path
PCI/ACPI: Guard ARM64-specific mcfg_quirks
um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
dmaengine: dw-axi-dmac: do not print NULL LLI during error
dmaengine: dw-axi-dmac: ignore interrupt if no descriptor
RDMA/rxe: Limit the number of calls to each tasklet
csky/kprobe: reclaim insn_slot on kprobe unregistration
selftests/kprobe: Do not test for GRP/ without event failures
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
openrisc: io: Define iounmap argument as volatile
phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks
md: Notify sysfs sync_completed in md_reap_sync_thread()
nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
drivers:md:fix a potential use-after-free bug
ext4: avoid remove directory when directory is corrupted
ext4: avoid resizing to a partial cluster size
lib/list_debug.c: Detect uninitialized lists
tty: serial: Fix refcount leak bug in ucc_uart.c
KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
vfio: Clear the caps->buf to NULL after free
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit
modules: Ensure natural alignment for .altinstructions and __bug_table sections
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl()
riscv: dts: sifive: Add fu740 topology information
riscv: dts: canaan: Add k210 topology information
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
RISC-V: Add fast call path of crash_kexec()
watchdog: export lockup_detector_reconfigure
powerpc/32: Set an IBAT covering up to _einittext during init
powerpc/32: Don't always pass -mcpu=powerpc to the compiler
ovl: warn if trusted xattr creation fails
powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
ALSA: core: Add async signal helpers
ALSA: timer: Use deferred fasync helper
ALSA: control: Use deferred fasync helper
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
f2fs: fix to do sanity check on segment type in build_sit_entries()
smb3: check xattr value length earlier
powerpc/64: Init jump labels before parse_early_param()
venus: pm_helpers: Fix warning in OPP during probe
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
scsi: ufs: ufs-mediatek: Fix build error and type mismatch
xfs: flush inodegc workqueue tasks before cancel
xfs: reserve quota for dir expansion when linking/unlinking files
xfs: reserve quota for target dir expansion when renaming files
xfs: remove infinite loop when reserving free block pool
xfs: always succeed at setting the reserve pool size
xfs: fix overfilling of reserve pool
xfs: fix soft lockup via spinning in filestream ag selection loop
xfs: revert "xfs: actually bump warning counts when we send warnings"
xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
Linux 5.15.63
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I85d0cf74054be9e400907eac7d8f2d4d85914f6f
|
||
|
Tetsuo Handa
|
5db17805b6 |
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
commit 43626dade36fa74d3329046f4ae2d7fdefe401c6 upstream.
syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at
cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix
threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that
cpuset_attach() is also called from cgroup_attach_task_all().
Add cpus_read_lock() like what cgroup_procs_write_start() does.
Link: https://syzkaller.appspot.com/bug?extid=29d3a3b4d86c8136ad9e [1]
Reported-by: syzbot <syzbot+29d3a3b4d86c8136ad9e@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock")
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
47c7e57022 |
Merge 5.15.61 into android14-5.15
Changes in 5.15.61
Makefile: link with -z noexecstack --no-warn-rwx-segments
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
pNFS/flexfiles: Report RDMA connection errors to the server
NFSD: Clean up the show_nf_flags() macro
nfsd: eliminate the NFSD_FILE_BREAK_* flags
ALSA: usb-audio: Add quirk for Behringer UMC202HD
ALSA: bcd2000: Fix a UAF bug on the error path of probing
ALSA: hda/realtek: Add quirk for Clevo NV45PZ
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
wifi: mac80211_hwsim: fix race condition in pending packet
wifi: mac80211_hwsim: add back erroneously removed cast
wifi: mac80211_hwsim: use 32-bit skb cookie
add barriers to buffer_uptodate and set_buffer_uptodate
lockd: detect and reject lock arguments that overflow
HID: hid-input: add Surface Go battery quirk
HID: wacom: Only report rotation for art pen
HID: wacom: Don't register pad_input for touch switch
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: s390: pv: don't present the ecall interrupt twice
KVM: x86: Split kvm_is_valid_cr4() and export only the non-vendor bits
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
KVM: nVMX: Account for KVM reserved CR4 bits in consistency checks
KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
KVM: x86: Tag kvm_mmu_x86_module_init() with __init
KVM: x86: do not report preemption if the steal time cache is stale
KVM: x86: revalidate steal time cache if MSR value changes
riscv: set default pm_power_off to NULL
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
ALSA: hda/cirrus - support for iMac 12,1 model
ALSA: hda/realtek: Add quirk for another Asus K42JZ model
ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
tty: vt: initialize unicode screen buffer
vfs: Check the truncate maximum size in inode_newsize_ok()
fs: Add missing umask strip in vfs_tmpfile
thermal: sysfs: Fix cooling_device_stats_setup() error code path
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
fbcon: Fix accelerated fbdev scrolling while logo is still shown
usbnet: Fix linkwatch use-after-free on disconnect
fix short copy handling in copy_mc_pipe_to_iter()
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
parisc: Fix device names in /proc/iomem
parisc: Drop pa_swapper_pg_lock spinlock
parisc: Check the return value of ioremap() in lba_driver_probe()
parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
riscv:uprobe fix SR_SPIE set/clear handling
dt-bindings: riscv: fix SiFive l2-cache's cache-sets
RISC-V: kexec: Fixup use of smp_processor_id() in preemptible context
RISC-V: Fixup get incorrect user mode PC for kernel mode regs
RISC-V: Fixup schedule out issue in machine_crash_shutdown()
RISC-V: Add modules to virtual kernel memory layout dump
rtc: rx8025: fix 12/24 hour mode detection on RX-8035
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
drm/shmem-helper: Add missing vunmap on error
drm/vc4: hdmi: Disable audio if dmas property is present but empty
drm/hyperv-drm: Include framebuffer and EDID headers
drm/nouveau: fix another off-by-one in nvbios_addr
drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend()
drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime
drm/nouveau/kms: Fix failure path for creating DP connectors
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
drm/amdgpu: fix check in fbdev init
bpf: Fix KASAN use-after-free Read in compute_effective_progs
btrfs: reject log replay if there is unsupported RO compat flag
mtd: rawnand: arasan: Fix clock rate in NV-DDR
mtd: rawnand: arasan: Update NAND bus clock instead of system clock
um: Remove straying parenthesis
um: seed rng using host OS rng
iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
iio: light: isl29028: Fix the warning in isl29028_remove()
scsi: sg: Allow waiting for commands to complete on removed device
scsi: qla2xxx: Fix incorrect display of max frame size
scsi: qla2xxx: Zero undefined mailbox IN registers
soundwire: qcom: Check device status before reading devid
ksmbd: fix memory leak in smb2_handle_negotiate
ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT
ksmbd: fix use-after-free bug in smb2_tree_disconect
fuse: limit nsec
fuse: ioctl: translate ENOSYS
serial: mvebu-uart: uart2 error bits clearing
md-raid: destroy the bitmap after destroying the thread
md-raid10: fix KASAN warning
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
PCI: Add defines for normal and subtractive PCI bridges
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
powerpc/powernv: Avoid crashing if rng is NULL
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
coresight: Clear the connection field properly
usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
USB: HCD: Fix URB giveback issue in tasklet function
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
usb: dwc3: gadget: refactor dwc3_repare_one_trb
usb: dwc3: gadget: fix high speed multiplier setting
netfilter: nf_tables: do not allow SET_ID to refer to another table
netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: fix null deref due to zeroed list head
epoll: autoremove wakers even more aggressively
x86: Handle idle=nomwait cmdline properly for x86_idle
arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic
arm64: Do not forget syscall when starting a new thread.
arm64: fix oops in concurrently setting insn_emulation sysctls
arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
ext2: Add more validity checks for inode counts
sched/fair: Introduce SIS_UTIL to search idle CPU based on sum of util_avg
genirq: Don't return error on missing optional irq_request_resources()
irqchip/mips-gic: Only register IPI domain when SMP is enabled
genirq: GENERIC_IRQ_IPI depends on SMP
sched/core: Always flush pending blk_plug
irqchip/mips-gic: Check the return value of ioremap() in gic_of_init()
wait: Fix __wait_event_hrtimeout for RT/DL tasks
ARM: dts: imx6ul: add missing properties for sram
ARM: dts: imx6ul: change operating-points to uint32-matrix
ARM: dts: imx6ul: fix keypad compatible
ARM: dts: imx6ul: fix csi node compatible
ARM: dts: imx6ul: fix lcdif node compatible
ARM: dts: imx6ul: fix qspi node compatible
ARM: dts: BCM5301X: Add DT for Meraki MR26
ARM: dts: ux500: Fix Codina accelerometer mounting matrix
ARM: dts: ux500: Fix Gavini accelerometer mounting matrix
spi: synquacer: Add missing clk_disable_unprepare()
ARM: OMAP2+: display: Fix refcount leak bug
ARM: OMAP2+: pdata-quirks: Fix refcount leak bug
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: LPSS: Fix missing check in register_device_clock()
ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART
arm64: dts: qcom: ipq8074: fix NAND node name
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
ARM: shmobile: rcar-gen2: Increase refcount for new reference
firmware: tegra: Fix error check return value of debugfs_create_file()
hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
hwmon: (sht15) Fix wrong assumptions in device remove callback
PM: hibernate: defer device probing when resuming from hibernation
selinux: fix memleak in security_read_state_kernel()
selinux: Add boundary check in put_entry()
kasan: test: Silence GCC 12 warnings
drm/amdgpu: Remove one duplicated ef removal
powerpc/64s: Disable stack variable initialisation for prom_init
spi: spi-rspi: Fix PIO fallback on RZ platforms
ARM: findbit: fix overflowing offset
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
arm64: dts: renesas: beacon: Fix regulator node names
spi: spi-altera-dfl: Fix an error handling path
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
ACPI: processor/idle: Annotate more functions to live in cpuidle section
ARM: dts: imx7d-colibri-emmc: add cpu1 supply
soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
scsi: hisi_sas: Use managed PCI functions
dt-bindings: iio: accel: Add DT binding doc for ADXL355
soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
x86/pmem: Fix platform-device leak in error path
ARM: dts: ast2500-evb: fix board compatible
ARM: dts: ast2600-evb: fix board compatible
ARM: dts: ast2600-evb-a1: fix board compatible
arm64: dts: mt8192: Fix idle-states nodes naming scheme
arm64: dts: mt8192: Fix idle-states entry-method
arm64: select TRACE_IRQFLAGS_NMI_SUPPORT
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
locking/lockdep: Fix lockdep_init_map_*() confusion
arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor
soc: fsl: guts: machine variable might be unset
block: fix infinite loop for invalid zone append
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
ARM: OMAP2+: Fix refcount leak in omapdss_init_of
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
arm64: dts: qcom: sdm630: disable GPU by default
arm64: dts: qcom: sdm630: fix the qusb2phy ref clock
arm64: dts: qcom: sdm630: fix gpu's interconnect path
arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct sdc2 pinconf
cpufreq: zynq: Fix refcount leak in zynq_get_revision
regulator: qcom_smd: Fix pm8916_pldo range
ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1
soc: qcom: ocmem: Fix refcount leak in of_get_ocmem
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
ACPI: APEI: explicit init of HEST and GHES in apci_init()
drivers/iio: Remove all strcpy() uses
ACPI: VIOT: Fix ACS setup
arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201 to sm6125
arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes
arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells
arm64: dts: mt7622: fix BPI-R64 WPS button
arm64: tegra: Fixup SYSRAM references
arm64: tegra: Update Tegra234 BPMP channel addresses
arm64: tegra: Mark BPMP channels as no-memory-wc
arm64: tegra: Fix SDMMC1 CD on P2888
erofs: avoid consecutive detection for Highmem memory
blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
spi: Fix simplification of devm_spi_register_controller
spi: tegra20-slink: fix UAF in tegra_slink_remove()
hwmon: (drivetemp) Add module alias
blktrace: Trace remapped requests correctly
PM: domains: Ensure genpd_debugfs_dir exists before remove
dm writecache: return void from functions
dm writecache: count number of blocks read, not number of read bios
dm writecache: count number of blocks written, not number of write bios
dm writecache: count number of blocks discarded, not number of discard bios
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
soc: qcom: Make QCOM_RPMPD depend on PM
arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment
irqdomain: Report irq number for NOMAP domains
drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
x86/extable: Fix ex_handler_msr() print condition
selftests/seccomp: Fix compile warning when CC=clang
thermal/tools/tmon: Include pthread and time headers in tmon.h
dm: return early from dm_pr_call() if DM device is suspended
pwm: sifive: Simplify offset calculation for PWMCMP registers
pwm: sifive: Ensure the clk is enabled exactly once per running PWM
pwm: sifive: Shut down hardware only after pwmchip_remove() completed
pwm: lpc18xx-sct: Reduce number of devm memory allocations
pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data()
pwm: lpc18xx: Fix period handling
drm/dp: Export symbol / kerneldoc fixes for DP AUX bus
drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function
ath10k: do not enforce interrupt trigger type
drm/st7735r: Fix module autoloading for Okaya RH128128T
drm/panel: Fix build error when CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y && CONFIG_DRM_DISPLAY_HELPER=m
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
ath11k: fix netdev open race
drm/mipi-dbi: align max_chunk to 2 in spi_transfer
ath11k: Fix incorrect debug_mask mappings
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
drm/mediatek: Modify dsi funcs to atomic operations
drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
drm/meson: encoder_hdmi: switch to bridge DRM_BRIDGE_ATTACH_NO_CONNECTOR
drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init
drm/bridge: lt9611uxc: Cancel only driver's work
i2c: npcm: Remove own slave addresses 2:10
i2c: npcm: Correct slave role behavior
i2c: mxs: Silence a clang warning
virtio-gpu: fix a missing check to avoid NULL dereference
drm/shmem-helper: Unexport drm_gem_shmem_create_with_handle()
drm/shmem-helper: Export dedicated wrappers for GEM object functions
drm/shmem-helper: Pass GEM shmem object in public interfaces
drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
drm: adv7511: override i2c address of cec before accessing it
crypto: sun8i-ss - do not allocate memory when handling hash requests
crypto: sun8i-ss - fix error codes in allocate_flows()
net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback
can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback
i2c: Fix a potential use after free
crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs()
media: atmel: atmel-sama7g5-isc: fix warning in configs without OF
media: tw686x: Register the irq at the end of probe
media: imx-jpeg: Correct some definition according specification
media: imx-jpeg: Leave a blank space before the configuration data
media: imx-jpeg: Add pm-runtime support for imx-jpeg
media: imx-jpeg: use NV12M to represent non contiguous NV12
media: imx-jpeg: Set V4L2_BUF_FLAG_LAST at eos
media: imx-jpeg: Refactor function mxc_jpeg_parse
media: imx-jpeg: Identify and handle precision correctly
media: imx-jpeg: Handle source change in a function
media: imx-jpeg: Support dynamic resolution change
media: imx-jpeg: Align upwards buffer size
media: imx-jpeg: Implement drain using v4l2-mem2mem helpers
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
drm/radeon: fix incorrrect SPDX-License-Identifiers
rcutorture: Warn on individual rcu_torture_init() error conditions
rcutorture: Don't cpuhp_remove_state() if cpuhp_setup_state() failed
rcutorture: Fix ksoftirqd boosting timing and iteration
test_bpf: fix incorrect netdev features
crypto: ccp - During shutdown, check SEV data pointer before using
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
media: imx-jpeg: Disable slot interrupt when frame done
drm/mcde: Fix refcount leak in mcde_dsi_bind
media: hdpvr: fix error value returns in hdpvr_read
media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
media: driver/nxp/imx-jpeg: fix a unexpected return value problem
media: tw686x: Fix memory leak in tw686x_video_init
drm/vc4: plane: Remove subpixel positioning check
drm/vc4: plane: Fix margin calculations for the right/bottom edges
drm/bridge: Add a function to abstract away panels
drm/vc4: dsi: Switch to devm_drm_of_get_bridge
drm/vc4: Use of_device_get_match_data()
drm/vc4: dsi: Release workaround buffer and DMA
drm/vc4: dsi: Correct DSI divider calculations
drm/vc4: dsi: Correct pixel order for DSI0
drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
drm/vc4: dsi: Fix dsi0 interrupt support
drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration
drm/vc4: hdmi: Fix HPD GPIO detection
drm/vc4: hdmi: Avoid full hdmi audio fifo writes
drm/vc4: hdmi: Reset HDMI MISC_CONTROL register
drm/vc4: hdmi: Fix timings for interlaced modes
drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0
drm/rockchip: vop: Don't crash for invalid duplicate_state()
drm/rockchip: Fix an error handling path rockchip_dp_probe()
drm/mediatek: dpi: Remove output format of YUV
drm/mediatek: dpi: Only enable dpi after the bridge is enabled
drm: bridge: sii8620: fix possible off-by-one
hinic: Use the bitmap API when applicable
net: hinic: fix bug that ethtool get wrong stats
net: hinic: avoid kernel hung in hinic_get_stats64()
drm/msm/mdp5: Fix global state lock backoff
crypto: hisilicon/sec - don't sleep when in softirq
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
drm/msm: Avoid dirtyfb stalls on video mode displays (v2)
drm/msm/dpu: Fix for non-visible planes
mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
mt76: mt7615: do not update pm stats in case of error
ieee80211: add EHT 1K aggregation definitions
mt76: mt7921: fix aggregation subframes setting to HE max
mt76: mt7921: enlarge maximum VHT MPDU length to 11454
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()
skmsg: Fix invalid last sg check in sk_msg_recvmsg()
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
tcp: make retransmitted SKB fit into the send window
libbpf: Fix the name of a reused map
selftests: timers: valid-adjtimex: build fix for newer toolchains
selftests: timers: clocksource-switch: fix passing errors from child
bpf: Fix subprog names in stack traces.
fs: check FMODE_LSEEK to control internal pipe splicing
media: cedrus: h265: Fix flag name
media: hantro: postproc: Fix motion vector space size
media: hantro: Simplify postprocessor
media: hevc: Embedded indexes in RPS
media: staging: media: hantro: Fix typos
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: p54: add missing parentheses in p54_flush()
selftests/bpf: fix a test for snprintf() overflow
libbpf: fix an snprintf() overflow check
can: pch_can: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
can: usb_8dev: do not report txerr and rxerr during bus-off
can: error: specify the values of data[5..7] of CAN error frames
can: pch_can: pch_can_error(): initialize errc before using it
Bluetooth: hci_intel: Add check for platform_driver_register
i2c: cadence: Support PEC for SMBus block read
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
wifi: libertas: Fix possible refcount leak in if_usb_probe()
media: cedrus: hevc: Add check for invalid timestamp
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
net/mlx5: Adjust log_max_qp to be 18 at most
crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
crypto: hisilicon/sec - fix auth key size error
inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
netdevsim: fib: Fix reference count leak on route deletion failure
wifi: rtw88: check the return value of alloc_workqueue()
iavf: Fix max_rate limiting
iavf: Fix 'tc qdisc show' listing too many queues
netdevsim: Avoid allocation warnings triggered from user space
net: rose: fix netdev reference changes
net: ionic: fix error check for vlan flags in ionic_set_nic_features()
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
net: usb: make USB_RTL8153_ECM non user configurable
wireguard: ratelimiter: use hrtimer in selftest
wireguard: allowedips: don't corrupt stack when detecting overflow
HID: amd_sfh: Don't show client init failed as error when discovery fails
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
mtd: maps: Fix refcount leak in of_flash_probe_versatile
mtd: maps: Fix refcount leak in ap_flash_init
mtd: rawnand: meson: Fix a potential double free issue
of: check previous kernel's ima-kexec-buffer against memory bounds
scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
scsi: qla2xxx: edif: Fix potential stuck session in sa update
scsi: qla2xxx: edif: Reduce connection thrash
scsi: qla2xxx: edif: Fix inconsistent check of db_flags
scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application
scsi: qla2xxx: edif: Add retry for ELS passthrough
scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
scsi: qla2xxx: edif: Fix n2n login retry for secure device
KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported
phy: samsung: exynosautov9-ufs: correct TSRV register configurations
PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
mtd: partitions: Fix refcount leak in parse_redboot_of
mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()
fpga: altera-pr-ip: fix unsigned comparison with less than zero
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()
usb: xhci: tegra: Fix error check
netfilter: xtables: Bring SPDX identifier back
scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
scsi: qla2xxx: edif: Reduce disruption due to multiple app start
scsi: qla2xxx: edif: Fix no login after app start
scsi: qla2xxx: edif: Tear down session if keys have been removed
scsi: qla2xxx: edif: Fix session thrash
scsi: qla2xxx: edif: Fix no logout on delete for N2N
iio: accel: bma400: Fix the scale min and max macro values
platform/chrome: cros_ec: Always expose last resume result
iio: accel: bma400: Reordering of header files
clk: mediatek: reset: Fix written reset bit offset
lib/test_hmm: avoid accessing uninitialized pages
memremap: remove support for external pgmap refcounts
mm/memremap: fix memunmap_pages() race with get_dev_pagemap()
KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
mwifiex: Ignore BTCOEX events from the 88W8897 firmware
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel
scsi: iscsi: Add helper to remove a session from the kernel
scsi: iscsi: Fix session removal on shutdown
dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
mtd: dataflash: Add SPI ID table
clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
driver core: fix potential deadlock in __driver_attach
clk: qcom: clk-krait: unlock spin after mux completion
clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock
usb: host: xhci: use snprintf() in xhci_decode_trb()
RDMA/rxe: Fix deadlock in rxe_do_local_ops()
clk: qcom: ipq8074: fix NSS core PLL-s
clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
clk: qcom: ipq8074: fix NSS port frequency tables
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
clk: qcom: camcc-sm8250: Fix topology around titan_top power domain
clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled.
clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register
mm/mempolicy: fix get_nodes out of bound access
PCI: dwc: Stop link on host_init errors and de-initialization
PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
PCI: dwc: Disable outbound windows only for controllers using iATU
PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
soundwire: bus_type: fix remove and shutdown support
soundwire: revisit driver bind/unbind and callbacks
KVM: arm64: Don't return from void function
dmaengine: sf-pdma: Add multithread support for a DMA channel
PCI: endpoint: Don't stop controller when unbinding endpoint function
scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
intel_th: Fix a resource leak in an error handling path
intel_th: msu-sink: Potential dereference of null pointer
intel_th: msu: Fix vmalloced buffers
binder: fix redefinition of seq_file attributes
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
mmc: mxcmmc: Silence a clang warning
mmc: renesas_sdhi: Get the reset handle early in the probe
memstick/ms_block: Fix some incorrect memory allocation
memstick/ms_block: Fix a memory leak
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
of: device: Fix missing of_node_put() in of_dma_set_restricted_buffer
mmc: block: Add single read for 4k sector cards
KVM: s390: pv: leak the topmost page table when destroy fails
PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
scsi: smartpqi: Fix DMA direction for RAID requests
xtensa: iss/network: provide release() callback
xtensa: iss: fix handling error cases in iss_net_configure()
usb: gadget: udc: amd5536 depends on HAS_DMA
usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
usb: dwc3: qcom: fix missing optional irq warnings
eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
phy: stm32: fix error return in stm32_usbphyc_phy_init
interconnect: imx: fix max_node_id
um: random: Don't initialise hwrng struct with zero
RDMA/irdma: Fix a window for use-after-free
RDMA/irdma: Fix VLAN connection with wildcard address
RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
RDMA/rtrs-srv: Fix modinfo output for stringify
RDMA/rtrs: Fix warning when use poll mode on client side.
RDMA/rtrs: Replace duplicate check with is_pollqueue helper
RDMA/rtrs: Introduce destroy_cq helper
RDMA/rtrs: Do not allow sessname to contain special symbols / and .
RDMA/rtrs: Rename rtrs_sess to rtrs_path
RDMA/rtrs-srv: Rename rtrs_srv_sess to rtrs_srv_path
RDMA/rtrs-clt: Rename rtrs_clt_sess to rtrs_clt_path
RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function
RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
RDMA/hns: Fix incorrect clearing of interrupt status register
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
iio: cros: Register FIFO callback after sensor is registered
clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
HID: amd_sfh: Add NULL check for hid device
dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t)
scripts/gdb: lx-dmesg: read records individually
scripts/gdb: fix 'lx-dmesg' on 32 bits arch
RDMA/rxe: Fix mw bind to allow any consumer key portion
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
HID: alps: Declare U1_UNICORN_LEGACY support
RDMA/rxe: For invalidate compare according to set keys in mr
PCI: tegra194: Fix Root Port interrupt handling
PCI: tegra194: Fix link up retry sequence
HID: amd_sfh: Handle condition of "no sensors"
USB: serial: fix tty-port initialized comments
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}()
KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
platform/olpc: Fix uninitialized data in debugfs write
RDMA/srpt: Duplicate port name members
RDMA/srpt: Introduce a reference count in struct srpt_device
RDMA/srpt: Fix a use-after-free
android: binder: stop saving a pointer to the VMA
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
selftests: kvm: set rax before vmcall
of/fdt: declared return type does not match actual return type
RDMA/mlx5: Add missing check for return value in get namespace flow
RDMA/rxe: Add memory barriers to kernel queues
RDMA/rxe: Remove the is_user members of struct rxe_sq/rxe_rq/rxe_srq
RDMA/rxe: Fix error unwind in rxe_create_qp()
block/rnbd-srv: Set keep_id to true after mutex_trylock
null_blk: fix ida error handling in null_add_dev()
nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
nvme: define compat_ioctl again to unbreak 32-bit userspace.
nvme: disable namespace access for unsupported metadata
nvme: don't return an error from nvme_configure_metadata
nvme: catch -ENODEV from nvme_revalidate_zones again
block/bio: remove duplicate append pages code
block: ensure iov_iter advances for added pages
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable()
opp: Fix error check in dev_pm_opp_attach_genpd()
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
ASoC: samsung: Fix error handling in aries_audio_probe
ASoC: imx-audmux: Silence a clang warning
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
serial: 8250: Export ICR access helpers for internal use
serial: 8250: dma: Allow driver operations before starting DMA transfers
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
rpmsg: char: Add mutex protection for rpmsg_eptdev_open()
rpmsg: mtk_rpmsg: Fix circular locking dependency
remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
selftests/livepatch: better synchronize test_klp_callbacks_busy
profiling: fix shift too large makes kernel panic
remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable
ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables
tty: n_gsm: Delete gsmtty open SABM frame when config requester
tty: n_gsm: fix user open not possible at responder until initiator open
tty: n_gsm: fix tty registration before control channel open
tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
tty: n_gsm: fix missing timer to handle stalled links
tty: n_gsm: fix non flow control frames during mux flow off
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix race condition in gsmld_write()
tty: n_gsm: fix resource allocation order in gsm_activate_mux()
ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe()
ASoC: imx-card: Fix DSD/PDM mclk frequency
remoteproc: qcom: wcnss: Fix handling of IRQs
vfio/ccw: Do not change FSM state in subchannel event
serial: 8250_fsl: Don't report FE, PE and OE twice
tty: n_gsm: fix wrong T1 retry count handling
tty: n_gsm: fix DM command
tty: n_gsm: fix missing corner cases in gsmld_poll()
MIPS: vdso: Utilize __pa() for gic_pfn
swiotlb: fail map correctly with failed io_tlb_default_mem
ASoC: mt6359: Fix refcount leak bug
serial: 8250_bcm7271: Save/restore RTS in suspend/resume
iommu/exynos: Handle failed IOMMU device registration properly
9p: fix a bunch of checkpatch warnings
9p: Drop kref usage
9p: Add client parameter to p9_req_put()
net: 9p: fix refcount leak in p9_read_work() error handling
MIPS: Fixed __debug_virt_addr_valid()
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
kfifo: fix kfifo_to_user() return type
lib/smp_processor_id: fix imbalanced instrumentation_end() call
proc: fix a dentry lock race between release_task and lookup
remoteproc: qcom: pas: Check if coredump is enabled
remoteproc: sysmon: Wait for SSCTL service to come up
mfd: t7l66xb: Drop platform disable callback
mfd: max77620: Fix refcount leak in max77620_initialise_fps
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
perf tools: Fix dso_id inode generation comparison
s390/dump: fix old lowcore virtual vs physical address confusion
s390/maccess: fix semantics of memcpy_real() and its callers
s390/crash: fix incorrect number of bytes to copy to user space
s390/zcore: fix race when reading from hardware system area
ASoC: fsl_asrc: force cast the asrc_format type
ASoC: fsl-asoc-card: force cast the asrc_format type
ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format
ASoC: imx-card: use snd_pcm_format_t type for asrc_format
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
fuse: Remove the control interface for virtio-fs
ASoC: audio-graph-card: Add of_node_put() in fail path
watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
video: fbdev: amba-clcd: Fix refcount leak bugs
video: fbdev: sis: fix typos in SiS_GetModeID()
ASoC: mchp-spdifrx: disable end of block interrupt on failures
powerpc/32: Call mmu_mark_initmem_nx() regardless of data block mapping.
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
tty: serial: fsl_lpuart: correct the count of break characters
s390/dump: fix os_info virtual vs physical address confusion
s390/smp: cleanup target CPU callback starting
s390/smp: cleanup control register update routines
s390/maccess: rework absolute lowcore accessors
s390/smp: enforce lowcore protection on CPU restart
f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
perf symbol: Fail to read phdr workaround
kprobes: Forbid probing on trampoline and BPF code areas
x86/bus_lock: Don't assume the init value of DEBUGCTLMSR.BUS_LOCK_DETECT to be zero
powerpc/pci: Fix PHB numbering when using opal-phbid
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
scripts/faddr2line: Fix vmlinux detection on arm64
sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
x86/numa: Use cpumask_available instead of hardcoded NULL check
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
tools/thermal: Fix possible path truncations
sched: Fix the check of nr_running at queue wakelist
sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle
sched/core: Do not requeue task on CPU excluded from cpus_mask
x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y
f2fs: allow compression for mmap files in compress_mode=user
f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED
video: fbdev: vt8623fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: s3fb: Check the size of screen before memset_io()
scsi: ufs: core: Correct ufshcd_shutdown() flow
scsi: zfcp: Fix missing auto port scan and thus missing target ports
scsi: qla2xxx: Fix imbalance vha->vref_count
scsi: qla2xxx: Fix discovery issues in FC-AL topology
scsi: qla2xxx: Turn off multi-queue for 8G adapters
scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
scsi: qla2xxx: Fix excessive I/O error messages by default
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
scsi: qla2xxx: Wind down adapter after PCIe error
scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
scsi: qla2xxx: Fix losing target when it reappears during delete
scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
x86/bugs: Enable STIBP for IBPB mitigated RETBleed
ftrace/x86: Add back ftrace_expected assignment
x86/kprobes: Update kcb status flag after singlestepping
x86/olpc: fix 'logical not is only applied to the left hand side'
SMB3: fix lease break timeout when multiple deferred close handles for the same file.
posix-cpu-timers: Cleanup CPU timers before freeing them during exec
Input: gscps2 - check return value of ioremap() in gscps2_probe()
__follow_mount_rcu(): verify that mount_lock remains unchanged
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
drm/mediatek: Allow commands to be sent during video mode
drm/mediatek: Keep dsi as LP00 before dcs cmds transfer
crypto: blake2s - remove shash module
drm/dp/mst: Read the extended DPCD capabilities during system resume
drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
usbnet: smsc95xx: Don't clear read-only PHY interrupt
usbnet: smsc95xx: Avoid link settings race on interrupt reception
usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling
usbnet: smsc95xx: Fix deadlock on runtime resume
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
scsi: lpfc: Fix EEH support for NVMe I/O
scsi: lpfc: SLI path split: Refactor lpfc_iocbq
scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
scsi: lpfc: SLI path split: Refactor SCSI paths
scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID
intel_th: pci: Add Meteor Lake-P support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Raptor Lake-S CPU support
KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
PCI/AER: Iterate over error counters instead of error strings
PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
serial: 8250_pci: Refactor the loop in pci_ite887x_init()
serial: 8250_pci: Replace dev_*() by pci_*() macros
serial: 8250: Fold EndRun device support into OxSemi Tornado code
serial: 8250: Add proper clock handling for OxSemi PCIe devices
tty: 8250: Add support for Brainboxes PX cards.
dm writecache: set a default MAX_WRITEBACK_JOBS
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
net/9p: Initialize the iounit field during fid creation
ARM: remove some dead code
timekeeping: contribute wall clock to rng on time change
locking/csd_lock: Change csdlock_debug from early_param to __setup
block: remove the struct blk_queue_ctx forward declaration
block: don't allow the same type rq_qos add more than once
btrfs: ensure pages are unlocked on cow_file_range() failure
btrfs: reset block group chunk force if we have to wait
btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA
ACPI: CPPC: Do not prevent CPPC from working in the future
powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU
KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl
KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL
KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists
dm raid: fix address sanitizer warning in raid_status
dm raid: fix address sanitizer warning in raid_resume
tracing: Add '__rel_loc' using trace event macros
tracing: Avoid -Warray-bounds warning for __rel_loc macro
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix extent status tree race in writeback error recovery path
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: correct max_inline_xattr_value_size computing
ext4: correct the misjudgment in ext4_iget_extra_inode
ext4: fix warning in ext4_iomap_begin as race between bmap and write
ext4: check if directory block is within i_size
ext4: make sure ext4_append() always allocates new block
ext4: remove EA inode entry from mbcache on inode eviction
ext4: use kmemdup() to replace kmalloc + memcpy
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
KEYS: asymmetric: enforce SM2 signature use pkey algo
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
xen-blkback: fix persistent grants negotiation
xen-blkback: Apply 'feature_persistent' parameter when connect
xen-blkfront: Apply 'feature_persistent' parameter when connect
powerpc: Fix eh field when calling lwarx on PPC32
tracing: Use a struct alignof to determine trace event field alignment
net_sched: cls_route: remove from list when handle is 0
mac80211: fix a memory leak where sta_info is not freed
tcp: fix over estimation in sk_forced_mem_schedule()
crypto: lib/blake2s - reduce stack frame usage in self test
Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
Revert "s390/smp: enforce lowcore protection on CPU restart"
drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function
net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode
drm/vc4: change vc4_dma_range_matches from a global to static
tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
drm/msm: Fix dirtyfb refcounting
drm/meson: Fix refcount leak in meson_encoder_hdmi_init
io_uring: mem-account pbuf buckets
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
drm/bridge: Move devm_drm_of_get_bridge to bridge/panel.c
scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
Linux 5.15.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iec359ed301bcbcd6e19b67ee8534418fab26850b
|
||
Yipeng Zou
|
3c90af5a77 |
tracing: hold caller_addr to hardirq_{enable,disable}_ip
[ Upstream commit 54c3931957f6a6194d5972eccc36d052964b2abe ]
Currently, The arguments passing to lockdep_hardirqs_{on,off} was fixed
in CALLER_ADDR0.
The function trace_hardirqs_on_caller should have been intended to use
caller_addr to represent the address that caller wants to be traced.
For example, lockdep log in riscv showing the last {enabled,disabled} at
__trace_hardirqs_{on,off} all the time(if called by):
[ 57.853175] hardirqs last enabled at (2519): __trace_hardirqs_on+0xc/0x14
[ 57.853848] hardirqs last disabled at (2520): __trace_hardirqs_off+0xc/0x14
After use trace_hardirqs_xx_caller, we can get more effective information:
[ 53.781428] hardirqs last enabled at (2595): restore_all+0xe/0x66
[ 53.782185] hardirqs last disabled at (2596): ret_from_exception+0xa/0x10
Link: https://lkml.kernel.org/r/20220901104515.135162-2-zouyipeng@huawei.com
Cc: stable@vger.kernel.org
Fixes:
|
||
Nick Desaulniers
|
f9571a9699 |
lockdep: Fix -Wunused-parameter for _THIS_IP_
[ Upstream commit 8b023accc8df70e72f7704d29fead7ca914d6837 ] While looking into a bug related to the compiler's handling of addresses of labels, I noticed some uses of _THIS_IP_ seemed unused in lockdep. Drive by cleanup. -Wunused-parameter: kernel/locking/lockdep.c:1383:22: warning: unused parameter 'ip' kernel/locking/lockdep.c:4246:48: warning: unused parameter 'ip' kernel/locking/lockdep.c:4844:19: warning: unused parameter 'ip' Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Waiman Long <longman@redhat.com> Link: https://lore.kernel.org/r/20220314221909.2027027-1-ndesaulniers@google.com Stable-dep-of: 54c3931957f6 ("tracing: hold caller_addr to hardirq_{enable,disable}_ip") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Chao Gao
|
4f8d658848 |
swiotlb: avoid potential left shift overflow
[ Upstream commit 3f0461613ebcdc8c4073e235053d06d5aa58750f ]
The second operand passed to slot_addr() is declared as int or unsigned int
in all call sites. The left-shift to get the offset of a slot can overflow
if swiotlb size is larger than 4G.
Convert the macro to an inline function and declare the second argument as
phys_addr_t to avoid the potential overflow.
Fixes:
|
||
Yishai Hadas
|
819110054b |
IB/core: Fix a nested dead lock as part of ODP flow
[ Upstream commit 85eaeb5058f0f04dffb124c97c86b4f18db0b833 ]
Fix a nested dead lock as part of ODP flow by using mmput_async().
From the below call trace [1] can see that calling mmput() once we have
the umem_odp->umem_mutex locked as required by
ib_umem_odp_map_dma_and_lock() might trigger in the same task the
exit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which
may dead lock when trying to lock the same mutex.
Moving to use mmput_async() will solve the problem as the above
exit_mmap() flow will be called in other task and will be executed once
the lock will be available.
[1]
[64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid:
2 flags:0x00004000
[64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]
[64843.077719] Call Trace:
[64843.077722] <TASK>
[64843.077724] __schedule+0x23d/0x590
[64843.077729] schedule+0x4e/0xb0
[64843.077735] schedule_preempt_disabled+0xe/0x10
[64843.077740] __mutex_lock.constprop.0+0x263/0x490
[64843.077747] __mutex_lock_slowpath+0x13/0x20
[64843.077752] mutex_lock+0x34/0x40
[64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib]
[64843.077808] __mmu_notifier_release+0x1a4/0x200
[64843.077816] exit_mmap+0x1bc/0x200
[64843.077822] ? walk_page_range+0x9c/0x120
[64843.077828] ? __cond_resched+0x1a/0x50
[64843.077833] ? mutex_lock+0x13/0x40
[64843.077839] ? uprobe_clear_state+0xac/0x120
[64843.077860] mmput+0x5f/0x140
[64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core]
[64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib]
[64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib]
[64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560
[mlx5_ib]
[64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib]
[64843.078051] process_one_work+0x22b/0x3d0
[64843.078059] worker_thread+0x53/0x410
[64843.078065] ? process_one_work+0x3d0/0x3d0
[64843.078073] kthread+0x12a/0x150
[64843.078079] ? set_kthread_struct+0x50/0x50
[64843.078085] ret_from_fork+0x22/0x30
[64843.078093] </TASK>
Fixes:
|
||
Tejun Heo
|
3bf4bf5406 |
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
[ Upstream commit 4f7e7236435ca0abe005c674ebd6892c6e83aeb3 ] Bringing up a CPU may involve creating and destroying tasks which requires read-locking threadgroup_rwsem, so threadgroup_rwsem nests inside cpus_read_lock(). However, cpuset's ->attach(), which may be called with thredagroup_rwsem write-locked, also wants to disable CPU hotplug and acquires cpus_read_lock(), leading to a deadlock. Fix it by guaranteeing that ->attach() is always called with CPU hotplug disabled and removing cpus_read_lock() call from cpuset_attach(). Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-and-tested-by: Imran Khan <imran.f.khan@oracle.com> Reported-and-tested-by: Xuewen Yan <xuewen.yan@unisoc.com> Fixes: 05c7b7a92cc8 ("cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug") Cc: stable@vger.kernel.org # v5.17+ Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Tejun Heo
|
509e3456d3 |
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
[ Upstream commit 671c11f0619e5ccb380bcf0f062f69ba95fc974a ] cgroup_update_dfl_csses() write-lock the threadgroup_rwsem as updating the csses can trigger process migrations. However, if the subtree doesn't contain any tasks, there aren't gonna be any cgroup migrations. This condition can be trivially detected by testing whether mgctx.preloaded_src_csets is empty. Elide write-locking threadgroup_rwsem if the subtree is empty. After this optimization, the usage pattern of creating a cgroup, enabling the necessary controllers, and then seeding it with CLONE_INTO_CGROUP and then removing the cgroup after it becomes empty doesn't need to write-lock threadgroup_rwsem at all. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Christian Brauner <brauner@kernel.org> Cc: Michal Koutný <mkoutny@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
26e9a1ded8 |
sched/debug: fix dentry leak in update_sched_domain_debugfs
commit c2e406596571659451f4b95e37ddfd5a8ef1d0dc upstream. Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory. Fix this up by using the newly created debugfs_lookup_and_remove() call instead which properly handles the dentry reference counting logic. Cc: Major Chen <major.chen@samsung.com> Cc: stable <stable@kernel.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Juri Lelli <juri.lelli@redhat.com> Cc: Vincent Guittot <vincent.guittot@linaro.org> Cc: Dietmar Eggemann <dietmar.eggemann@arm.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ben Segall <bsegall@google.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Daniel Bristot de Oliveira <bristot@redhat.com> Cc: Valentin Schneider <vschneid@redhat.com> Cc: Matthias Brugger <matthias.bgg@gmail.com> Reported-by: Kuyo Chang <kuyo.chang@mediatek.com> Tested-by: Kuyo Chang <kuyo.chang@mediatek.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lore.kernel.org/r/20220902123107.109274-2-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Christian A. Ehrhardt
|
8875d60676 |
kprobes: Prohibit probes in gate area
commit 1efda38d6f9ba26ac88b359c6277f1172db03f1e upstream.
The system call gate area counts as kernel text but trying
to install a kprobe in this area fails with an Oops later on.
To fix this explicitly disallow the gate area for kprobes.
Found by syzkaller with the following reproducer:
perf_event_open$cgroup(&(0x7f00000001c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x80ffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffffff600000}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
Sample report:
BUG: unable to handle page fault for address: fffffbfff3ac6000
PGD 6dfcb067 P4D 6dfcb067 PUD 6df8f067 PMD 6de4d067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 PID: 21978 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3e60b-dirty #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:__insn_get_emulate_prefix arch/x86/lib/insn.c:91 [inline]
RIP: 0010:insn_get_emulate_prefix arch/x86/lib/insn.c:106 [inline]
RIP: 0010:insn_get_prefixes.part.0+0xa8/0x1110 arch/x86/lib/insn.c:134
Code: 49 be 00 00 00 00 00 fc ff df 48 8b 40 60 48 89 44 24 08 e9 81 00 00 00 e8 e5 4b 39 ff 4c 89 fa 4c 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 32 38 ca 7f 08 84 d2 0f 85 06 10 00 00 48 89 d8 48 89
RSP: 0018:ffffc900088bf860 EFLAGS: 00010246
RAX: 0000000000040000 RBX: ffffffff9b9bebc0 RCX: 0000000000000000
RDX: 1ffffffff3ac6000 RSI: ffffc90002d82000 RDI: ffffc900088bf9e8
RBP: ffffffff9d630001 R08: 0000000000000000 R09: ffffc900088bf9e8
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff9d630000 R14: dffffc0000000000 R15: ffffffff9d630000
FS: 00007f63eef63640(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3ac6000 CR3: 0000000029d90005 CR4: 0000000000770ef0
PKRU: 55555554
Call Trace:
<TASK>
insn_get_prefixes arch/x86/lib/insn.c:131 [inline]
insn_get_opcode arch/x86/lib/insn.c:272 [inline]
insn_get_modrm+0x64a/0x7b0 arch/x86/lib/insn.c:343
insn_get_sib+0x29a/0x330 arch/x86/lib/insn.c:421
insn_get_displacement+0x350/0x6b0 arch/x86/lib/insn.c:464
insn_get_immediate arch/x86/lib/insn.c:632 [inline]
insn_get_length arch/x86/lib/insn.c:707 [inline]
insn_decode+0x43a/0x490 arch/x86/lib/insn.c:747
can_probe+0xfc/0x1d0 arch/x86/kernel/kprobes/core.c:282
arch_prepare_kprobe+0x79/0x1c0 arch/x86/kernel/kprobes/core.c:739
prepare_kprobe kernel/kprobes.c:1160 [inline]
register_kprobe kernel/kprobes.c:1641 [inline]
register_kprobe+0xb6e/0x1690 kernel/kprobes.c:1603
__register_trace_kprobe kernel/trace/trace_kprobe.c:509 [inline]
__register_trace_kprobe+0x26a/0x2d0 kernel/trace/trace_kprobe.c:477
create_local_trace_kprobe+0x1f7/0x350 kernel/trace/trace_kprobe.c:1833
perf_kprobe_init+0x18c/0x280 kernel/trace/trace_event_perf.c:271
perf_kprobe_event_init+0xf8/0x1c0 kernel/events/core.c:9888
perf_try_init_event+0x12d/0x570 kernel/events/core.c:11261
perf_init_event kernel/events/core.c:11325 [inline]
perf_event_alloc.part.0+0xf7f/0x36a0 kernel/events/core.c:11619
perf_event_alloc kernel/events/core.c:12059 [inline]
__do_sys_perf_event_open+0x4a8/0x2a00 kernel/events/core.c:12157
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f63ef7efaed
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f63eef63028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f63ef90ff80 RCX: 00007f63ef7efaed
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00000000200001c0
RBP: 00007f63ef86019c R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000002 R14: 00007f63ef90ff80 R15: 00007f63eef43000
</TASK>
Modules linked in:
CR2: fffffbfff3ac6000
---[ end trace 0000000000000000 ]---
RIP: 0010:__insn_get_emulate_prefix arch/x86/lib/insn.c:91 [inline]
RIP: 0010:insn_get_emulate_prefix arch/x86/lib/insn.c:106 [inline]
RIP: 0010:insn_get_prefixes.part.0+0xa8/0x1110 arch/x86/lib/insn.c:134
Code: 49 be 00 00 00 00 00 fc ff df 48 8b 40 60 48 89 44 24 08 e9 81 00 00 00 e8 e5 4b 39 ff 4c 89 fa 4c 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 32 38 ca 7f 08 84 d2 0f 85 06 10 00 00 48 89 d8 48 89
RSP: 0018:ffffc900088bf860 EFLAGS: 00010246
RAX: 0000000000040000 RBX: ffffffff9b9bebc0 RCX: 0000000000000000
RDX: 1ffffffff3ac6000 RSI: ffffc90002d82000 RDI: ffffc900088bf9e8
RBP: ffffffff9d630001 R08: 0000000000000000 R09: ffffc900088bf9e8
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff9d630000 R14: dffffc0000000000 R15: ffffffff9d630000
FS: 00007f63eef63640(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3ac6000 CR3: 0000000029d90005 CR4: 0000000000770ef0
PKRU: 55555554
==================================================================
Link: https://lkml.kernel.org/r/20220907200917.654103-1-lk@c--e.de
cc: "Naveen N. Rao" <naveen.n.rao@linux.ibm.com>
cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
cc: "David S. Miller" <davem@davemloft.net>
Cc: stable@vger.kernel.org
Fixes:
|
||
Masami Hiramatsu (Google)
|
75082adeb4 |
tracing: Fix to check event_mutex is held while accessing trigger list
commit cecf8e128ec69149fe53c9a7bafa505a4bee25d9 upstream.
Since the check_user_trigger() is called outside of RCU
read lock, this list_for_each_entry_rcu() caused a suspicious
RCU usage warning.
# echo hist:keys=pid > events/sched/sched_stat_runtime/trigger
# cat events/sched/sched_stat_runtime/trigger
[ 43.167032]
[ 43.167418] =============================
[ 43.167992] WARNING: suspicious RCU usage
[ 43.168567] 5.19.0-rc5-00029-g19ebe4651abf #59 Not tainted
[ 43.169283] -----------------------------
[ 43.169863] kernel/trace/trace_events_trigger.c:145 RCU-list traversed in non-reader section!!
...
However, this file->triggers list is safe when it is accessed
under event_mutex is held.
To fix this warning, adds a lockdep_is_held check to the
list_for_each_entry_rcu().
Link: https://lkml.kernel.org/r/166226474977.223837.1992182913048377113.stgit@devnote2
Cc: stable@vger.kernel.org
Fixes:
|
||
Todd Kjos
|
b6dace455e |
ANDROID: subsystem-specific vendor_hooks.c for sched
Change how vendor hooks are instantiated to promote more complete structure definition in the ABI XML description without complicating hook definition for partners. We don't want to force partners to include all headers as part of the hook definition in include/trace/hooks/ since that causes extra headers to be included in source files that runs the risk of changing visibility resulting in CRC changes to KMI symbols. Instead continue the practice of using forward declarations in the hook header files. Instead of instantiating all hook tracepoints globally in drivers/android/vendor_hooks.c, use subsystem-specific vendor_hooks.c if inclusion of subsystem-specific header files is required. This avoids namespace collisions between internal header files and limits the exposure to the internal headers to the instantiation, not the call sites. In this patch, all of the scheduler related hooks are instantiated in kernel/sched/vendor_hooks.c which can cleanly include scheduler-related header files to provide full type visibility. Bug: 233047575 Signed-off-by: Todd Kjos <tkjos@google.com> Change-Id: Ife5a66c2968de73e3f6d05840411310611e2e175 |
||
Pu Lehui
|
222bd95c89 |
bpf, cgroup: Fix kernel BUG in purge_effective_progs
[ Upstream commit 7d6620f107bae6ed687ff07668e8e8f855487aa9 ] Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0 Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48 8b 0c5 RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578 RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000 R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00 FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0 Call Trace: <TASK> cgroup_bpf_prog_detach+0xcc/0x100 __sys_bpf+0x2273/0x2a00 __x64_sys_bpf+0x17/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f68214dbcb9 Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff8 RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9 RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009 RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003 R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20 R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Repetition steps: For the following cgroup tree, root | cg1 | cg2 1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs attach type is NONE or OVERRIDE. 2. write 1 to /proc/thread-self/fail-nth for failslab. 3. detach prog1 for cg1, and then kernel BUG occur. Failslab injection will cause kmalloc fail and fall back to purge_effective_progs. The problem is that cg2 have attached another prog, so when go through cg2 layer, iteration will add pos to 1, and subsequent operations will be skipped by the following condition, and cg will meet NULL in the end. `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))` The NULL cg means no link or prog match, this is as expected, and it's not a bug. So here just skip the no match situation. Fixes: 4c46091ee985 ("bpf: Fix KASAN use-after-free Read in compute_effective_progs") Signed-off-by: Pu Lehui <pulehui@huawei.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20220813134030.1972696-1-pulehui@huawei.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
YiFei Zhu
|
1c518476ce |
bpf: Restrict bpf_sys_bpf to CAP_PERFMON
[ Upstream commit 14b20b784f59bdd95f6f1cfb112c9818bcec4d84 ]
The verifier cannot perform sufficient validation of any pointers passed
into bpf_attr and treats them as integers rather than pointers. The helper
will then read from arbitrary pointers passed into it. Restrict the helper
to CAP_PERFMON since the security model in BPF of arbitrary kernel read is
CAP_BPF + CAP_PERFMON.
Fixes:
|
||
Kuniyuki Iwashima
|
55c7a91527 |
kprobes: don't call disarm_kprobe() for disabled kprobes
commit 9c80e79906b4ca440d09e7f116609262bb747909 upstream.
The assumption in __disable_kprobe() is wrong, and it could try to disarm
an already disarmed kprobe and fire the WARN_ONCE() below. [0] We can
easily reproduce this issue.
1. Write 0 to /sys/kernel/debug/kprobes/enabled.
# echo 0 > /sys/kernel/debug/kprobes/enabled
2. Run execsnoop. At this time, one kprobe is disabled.
# /usr/share/bcc/tools/execsnoop &
[1] 2460
PCOMM PID PPID RET ARGS
# cat /sys/kernel/debug/kprobes/list
ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]
ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]
3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes
kprobes_all_disarmed to false but does not arm the disabled kprobe.
# echo 1 > /sys/kernel/debug/kprobes/enabled
# cat /sys/kernel/debug/kprobes/list
ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]
ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]
4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the
disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().
# fg
/usr/share/bcc/tools/execsnoop
^C
Actually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses
some cleanups and leaves the aggregated kprobe in the hash table. Then,
__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an
infinite loop like this.
aggregated kprobe.list -> kprobe.list -.
^ |
'.__.'
In this situation, these commands fall into the infinite loop and result
in RCU stall or soft lockup.
cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the
infinite loop with RCU.
/usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,
and __get_valid_kprobe() is stuck in
the loop.
To avoid the issue, make sure we don't call disarm_kprobe() for disabled
kprobes.
[0]
Failed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)
WARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)
Modules linked in: ena
CPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28
Hardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017
RIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)
Code: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94
RSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001
RDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff
RBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff
R10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40
R13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000
FS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
__disable_kprobe (kernel/kprobes.c:1716)
disable_kprobe (kernel/kprobes.c:2392)
__disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)
disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)
perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)
perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)
_free_event (kernel/events/core.c:4971)
perf_event_release_kernel (kernel/events/core.c:5176)
perf_release (kernel/events/core.c:5186)
__fput (fs/file_table.c:321)
task_work_run (./include/linux/sched.h:2056 (discriminator 1) kernel/task_work.c:179 (discriminator 1))
exit_to_user_mode_prepare (./include/linux/resume_user_mode.h:49 kernel/entry/common.c:169 kernel/entry/common.c:201)
syscall_exit_to_user_mode (./arch/x86/include/asm/jump_label.h:55 ./arch/x86/include/asm/nospec-branch.h:384 ./arch/x86/include/asm/entry-common.h:94 kernel/entry/common.c:133 kernel/entry/common.c:296)
do_syscall_64 (arch/x86/entry/common.c:87)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
RIP: 0033:0x7fe7ff210654
Code: 15 79 89 20 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb be 0f 1f 00 8b 05 9a cd 20 00 48 63 ff 85 c0 75 11 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3a f3 c3 48 83 ec 18 48 89 7c 24 08 e8 34 fc
RSP: 002b:00007ffdbd1d3538 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00007fe7ff210654
RDX: 0000000000000000 RSI: 0000000000002401 RDI: 0000000000000008
RBP: 0000000000000000 R08: 94ae31d6fda838a4 R0900007fe8001c9d30
R10: 00007ffdbd1d34b0 R11: 0000000000000246 R12: 00007ffdbd1d3600
R13: 0000000000000000 R14: fffffffffffffffc R15: 00007ffdbd1d3560
</TASK>
Link: https://lkml.kernel.org/r/20220813020509.90805-1-kuniyu@amazon.com
Fixes:
|
||
Yang Jihong
|
e4ae972959 |
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
commit c3b0f72e805f0801f05fa2aa52011c4bfc694c44 upstream.
ftrace_startup does not remove ops from ftrace_ops_list when
ftrace_startup_enable fails:
register_ftrace_function
ftrace_startup
__register_ftrace_function
...
add_ftrace_ops(&ftrace_ops_list, ops)
...
...
ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1
...
return 0 // ops is in the ftrace_ops_list.
When ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:
unregister_ftrace_function
ftrace_shutdown
if (unlikely(ftrace_disabled))
return -ENODEV; // return here, __unregister_ftrace_function is not executed,
// as a result, ops is still in the ftrace_ops_list
__unregister_ftrace_function
...
If ops is dynamically allocated, it will be free later, in this case,
is_ftrace_trampoline accesses NULL pointer:
is_ftrace_trampoline
ftrace_ops_trampoline
do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!
Syzkaller reports as follows:
[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b
[ 1203.508039] #PF: supervisor read access in kernel mode
[ 1203.508798] #PF: error_code(0x0000) - not-present page
[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0
[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI
[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8
[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0
[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00
[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246
[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866
[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b
[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07
[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399
[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008
[ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0
[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Therefore, when ftrace_startup_enable fails, we need to rollback registration
process and remove ops from ftrace_ops_list.
Link: https://lkml.kernel.org/r/20220818032659.56209-1-yangjihong1@huawei.com
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Daniel Borkmann
|
4f672112f8 |
bpf: Don't use tnum_range on array range checking for poke descriptors
commit a657182a5c5150cdfacb6640aad1d2712571a409 upstream.
Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which
is based on a customized syzkaller:
BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0
Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489
CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x9c/0xc9
print_address_description.constprop.0+0x1f/0x1f0
? bpf_int_jit_compile+0x1257/0x13f0
kasan_report.cold+0xeb/0x197
? kvmalloc_node+0x170/0x200
? bpf_int_jit_compile+0x1257/0x13f0
bpf_int_jit_compile+0x1257/0x13f0
? arch_prepare_bpf_dispatcher+0xd0/0xd0
? rcu_read_lock_sched_held+0x43/0x70
bpf_prog_select_runtime+0x3e8/0x640
? bpf_obj_name_cpy+0x149/0x1b0
bpf_prog_load+0x102f/0x2220
? __bpf_prog_put.constprop.0+0x220/0x220
? find_held_lock+0x2c/0x110
? __might_fault+0xd6/0x180
? lock_downgrade+0x6e0/0x6e0
? lock_is_held_type+0xa6/0x120
? __might_fault+0x147/0x180
__sys_bpf+0x137b/0x6070
? bpf_perf_link_attach+0x530/0x530
? new_sync_read+0x600/0x600
? __fget_files+0x255/0x450
? lock_downgrade+0x6e0/0x6e0
? fput+0x30/0x1a0
? ksys_write+0x1a8/0x260
__x64_sys_bpf+0x7a/0xc0
? syscall_enter_from_user_mode+0x21/0x70
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f917c4e2c2d
The problem here is that a range of tnum_range(0, map->max_entries - 1) has
limited ability to represent the concrete tight range with the tnum as the
set of resulting states from value + mask can result in a superset of the
actual intended range, and as such a tnum_in(range, reg->var_off) check may
yield true when it shouldn't, for example tnum_range(0, 2) would result in
00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here
represented by a less precise superset of {0, 1, 2, 3}. As the register is
known const scalar, really just use the concrete reg->var_off.value for the
upper index check.
Fixes:
|
||
Randy Dunlap
|
108fb7e99b |
kernel/sys_ni: add compat entry for fadvise64_64
commit a8faed3a02eeb75857a3b5d660fa80fe79db77a3 upstream.
When CONFIG_ADVISE_SYSCALLS is not set/enabled and CONFIG_COMPAT is
set/enabled, the riscv compat_syscall_table references
'compat_sys_fadvise64_64', which is not defined:
riscv64-linux-ld: arch/riscv/kernel/compat_syscall_table.o:(.rodata+0x6f8):
undefined reference to `compat_sys_fadvise64_64'
Add 'fadvise64_64' to kernel/sys_ni.c as a conditional COMPAT function so
that when CONFIG_ADVISE_SYSCALLS is not set, there is a fallback function
available.
Link: https://lkml.kernel.org/r/20220807220934.5689-1-rdunlap@infradead.org
Fixes:
|
||
Jing-Ting Wu
|
f49fd5fe23 |
cgroup: Fix race condition at rebind_subsystems()
commit 763f4fb76e24959c370cdaa889b2492ba6175580 upstream.
Root cause:
The rebind_subsystems() is no lock held when move css object from A
list to B list,then let B's head be treated as css node at
list_for_each_entry_rcu().
Solution:
Add grace period before invalidating the removed rstat_css_node.
Reported-by: Jing-Ting Wu <jing-ting.wu@mediatek.com>
Suggested-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Jing-Ting Wu <jing-ting.wu@mediatek.com>
Tested-by: Jing-Ting Wu <jing-ting.wu@mediatek.com>
Link: https://lore.kernel.org/linux-arm-kernel/d8f0bc5e2fb6ed259f9334c83279b4c011283c41.camel@mediatek.com/T/
Acked-by: Mukesh Ojha <quic_mojha@quicinc.com>
Fixes:
|
||
Gaosheng Cui
|
5c192867ae |
audit: fix potential double free on error path from fsnotify_add_inode_mark
commit ad982c3be4e60c7d39c03f782733503cbd88fd2a upstream.
Audit_alloc_mark() assign pathname to audit_mark->path, on error path
from fsnotify_add_inode_mark(), fsnotify_put_mark will free memory
of audit_mark->path, but the caller of audit_alloc_mark will free
the pathname again, so there will be double free problem.
Fix this by resetting audit_mark->path to NULL pointer on error path
from fsnotify_add_inode_mark().
Cc: stable@vger.kernel.org
Fixes:
|
||
Laurent Dufour
|
6568e52b28 |
watchdog: export lockup_detector_reconfigure
[ Upstream commit 7c56a8733d0a2a4be2438a7512566e5ce552fccf ] In some circumstances it may be interesting to reconfigure the watchdog from inside the kernel. On PowerPC, this may helpful before and after a LPAR migration (LPM) is initiated, because it implies some latencies, watchdog, and especially NMI watchdog is expected to be triggered during this operation. Reconfiguring the watchdog with a factor, would prevent it to happen too frequently during LPM. Rename lockup_detector_reconfigure() as __lockup_detector_reconfigure() and create a new function lockup_detector_reconfigure() calling __lockup_detector_reconfigure() under the protection of watchdog_mutex. Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com> [mpe: Squash in build fix from Laurent, reported by Sachin] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20220713154729.80789-3-ldufour@linux.ibm.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
1c7e569c0e |
tracing/eprobes: Fix reading of string fields
commit f04dec93466a0481763f3b56cdadf8076e28bfbf upstream.
Currently when an event probe (eprobe) hooks to a string field, it does
not display it as a string, but instead as a number. This makes the field
rather useless. Handle the different kinds of strings, dynamic, static,
relational/dynamic etc.
Now when a string field is used, the ":string" type can be used to display
it:
echo "e:sw sched/sched_switch comm=$next_comm:string" > dynamic_events
Link: https://lkml.kernel.org/r/20220820134400.959640191@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes:
|
||
Hou Tao
|
2f56304a0c |
bpf: Acquire map uref in .init_seq_private for hash map iterator
commit ef1e93d2eeb58a1f08c37b22a2314b94bc045f15 upstream.
bpf_iter_attach_map() acquires a map uref, and the uref may be released
before or in the middle of iterating map elements. For example, the uref
could be released in bpf_iter_detach_map() as part of
bpf_link_release(), or could be released in bpf_map_put_with_uref() as
part of bpf_map_release().
So acquiring an extra map uref in bpf_iter_init_hash_map() and
releasing it in bpf_iter_fini_hash_map().
Fixes:
|
||
|
Hou Tao
|
370805f0e7 |
bpf: Acquire map uref in .init_seq_private for array map iterator
commit f76fa6b338055054f80c72b29c97fb95c1becadc upstream.
bpf_iter_attach_map() acquires a map uref, and the uref may be released
before or in the middle of iterating map elements. For example, the uref
could be released in bpf_iter_detach_map() as part of
bpf_link_release(), or could be released in bpf_map_put_with_uref() as
part of bpf_map_release().
Alternative fix is acquiring an extra bpf_link reference just like
a pinned map iterator does, but it introduces unnecessary dependency
on bpf_link instead of bpf_map.
So choose another fix: acquiring an extra map uref in .init_seq_private
for array map iterator.
Fixes:
|
||
Kumar Kartikeya Dwivedi
|
18a994e066 |
bpf: Don't reinit map value in prealloc_lru_pop
commit 275c30bcee66a27d1aa97a215d607ad6d49804cb upstream.
The LRU map that is preallocated may have its elements reused while
another program holds a pointer to it from bpf_map_lookup_elem. Hence,
only check_and_free_fields is appropriate when the element is being
deleted, as it ensures proper synchronization against concurrent access
of the map value. After that, we cannot call check_and_init_map_value
again as it may rewrite bpf_spin_lock, bpf_timer, and kptr fields while
they can be concurrently accessed from a BPF program.
This is safe to do as when the map entry is deleted, concurrent access
is protected against by check_and_free_fields, i.e. an existing timer
would be freed, and any existing kptr will be released by it. The
program can create further timers and kptrs after check_and_free_fields,
but they will eventually be released once the preallocated items are
freed on map destruction, even if the item is never reused again. Hence,
the deleted item sitting in the free list can still have resources
attached to it, and they would never leak.
With spin_lock, we never touch the field at all on delete or update, as
we may end up modifying the state of the lock. Since the verifier
ensures that a bpf_spin_lock call is always paired with bpf_spin_unlock
call, the program will eventually release the lock so that on reuse the
new user of the value can take the lock.
Essentially, for the preallocated case, we must assume that the map
value may always be in use by the program, even when it is sitting in
the freelist, and handle things accordingly, i.e. use proper
synchronization inside check_and_free_fields, and never reinitialize the
special fields when it is reused on update.
Fixes:
|
||
|
Steven Rostedt (Google)
|
2fb8f62ee3 |
tracing: Have filter accept "common_cpu" to be consistent
commit b2380577d4fe1c0ef3fa50417f1e441c016e4cbe upstream.
Make filtering consistent with histograms. As "cpu" can be a field of an
event, allow for "common_cpu" to keep it from being confused with the
"cpu" field of the event.
Link: https://lkml.kernel.org/r/20220820134401.513062765@goodmis.org
Link: https://lore.kernel.org/all/20220820220920.e42fa32b70505b1904f0a0ad@kernel.org/
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
dac2b60345 |
tracing/probes: Have kprobes and uprobes use $COMM too
commit ab8384442ee512fc0fc72deeb036110843d0e7ff upstream.
Both $comm and $COMM can be used to get current->comm in eprobes and the
filtering and histogram logic. Make kprobes and uprobes consistent in this
regard and allow both $comm and $COMM as well. Currently kprobes and
uprobes only handle $comm, which is inconsistent with the other utilities,
and can be confusing to users.
Link: https://lkml.kernel.org/r/20220820134401.317014913@goodmis.org
Link: https://lore.kernel.org/all/20220820220442.776e1ddaf8836e82edb34d01@kernel.org/
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
b489aca082 |
tracing/eprobes: Have event probes be consistent with kprobes and uprobes
commit 6a832ec3d680b3a4f4fad5752672827d71bae501 upstream.
Currently, if a symbol "@" is attempted to be used with an event probe
(eprobes), it will cause a NULL pointer dereference crash.
Both kprobes and uprobes can reference data other than the main registers.
Such as immediate address, symbols and the current task name. Have eprobes
do the same thing.
For "comm", if "comm" is used and the event being attached to does not
have the "comm" field, then make it the "$comm" that kprobes has. This is
consistent to the way histograms and filters work.
Link: https://lkml.kernel.org/r/20220820134401.136924220@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
a11ce7bfbd |
tracing/eprobes: Do not hardcode $comm as a string
commit 02333de90e5945e2fe7fc75b15b4eb9aee187f0a upstream.
The variable $comm is hard coded as a string, which is true for both
kprobes and uprobes, but for event probes (eprobes) it is a field name. In
most cases the "comm" field would be a string, but there's no guarantee of
that fact.
Do not assume that comm is a string. Not to mention, it currently forces
comm fields to fault, as string processing for event probes is currently
broken.
Link: https://lkml.kernel.org/r/20220820134400.756152112@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes:
|