8a901b005112d29984d533911a4a0dfbbafff15f
1468 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Xuewen Yan
|
c6fb9f6636 |
ANDROID: Add vendor hook to the effective_cpu_util
android_rvh_effective_cpu_util: To perform vendor-specific cpu util, it is used in EAS/schedutil/thermal. The effective_cpu_util would be called when thermal calc the dynamic power, it's non-atomic context, so set the hook be restricted. Bug: 226686099 Test: build pass Signed-off-by: Xuewen Yan <xuewen.yan@unisoc.com> Change-Id: I6fd77f44ca4328f5ef37d96989aa2e08d65e29bb |
||
Sai Harshini Nimmala
|
a018077c4d |
ANDROID: sched/core: Optimize vendor hook placement
Currently, the tick_entry vendor hook in the scheduler tick path is
called before the rq clock is updated.
Change the vendor hook placement to after the clock update so that an
updated clock value is used.
Fixes:
|
||
Peter Zijlstra
|
f82f0ceba5 |
UPSTREAM: sched: Fix yet more sched_fork() races
commit b1e8206582f9d680cff7d04828708c8b6ab32957 upstream.
Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an
invalid sched_task_group") fixed a fork race vs cgroup, it opened up a
race vs syscalls by not placing the task on the runqueue before it
gets exposed through the pidhash.
Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is
trying to fix a single instance of this, instead fix the whole class
of issues, effectively reverting this commit.
Change-Id: I7c84d5e4fa32359c948f08fbf32da8bbd3d7e3ac
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Tested-by: Zhang Qiao <zhangqiao22@huawei.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/YgoeCbwj5mbCR0qA@hirez.programming.kicks-ass.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 225145763
|
||
Tadeusz Struk
|
1eea6c0aeb |
UPSTREAM: sched/fair: Fix fault in reweight_entity
[ Upstream commit 13765de8148f71fa795e0a6607de37c49ea5915a ]
Syzbot found a GPF in reweight_entity. This has been bisected to
commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid
sched_task_group")
There is a race between sched_post_fork() and setpriority(PRIO_PGRP)
within a thread group that causes a null-ptr-deref in
reweight_entity() in CFS. The scenario is that the main process spawns
number of new threads, which then call setpriority(PRIO_PGRP, 0, -20),
wait, and exit. For each of the new threads the copy_process() gets
invoked, which adds the new task_struct and calls sched_post_fork()
for it.
In the above scenario there is a possibility that
setpriority(PRIO_PGRP) and set_one_prio() will be called for a thread
in the group that is just being created by copy_process(), and for
which the sched_post_fork() has not been executed yet. This will
trigger a null pointer dereference in reweight_entity(), as it will
try to access the run queue pointer, which hasn't been set.
Before the mentioned change the cfs_rq pointer for the task has been
set in sched_fork(), which is called much earlier in copy_process(),
before the new task is added to the thread_group. Now it is done in
the sched_post_fork(), which is called after that. To fix the issue
the remove the update_load param from the update_load param() function
and call reweight_task() only if the task flag doesn't have the
TASK_NEW flag set.
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: syzbot+af7a719bc92395ee41b3@syzkaller.appspotmail.com
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20220203161846.1160750-1-tadeusz.struk@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Change-Id: If81be87378ae7948e0278e30ac4a8618a434d070
Bug: 225145763
|
||
Greg Kroah-Hartman
|
16f06ae351 |
Merge 5.15.27 into android-5.15
Changes in 5.15.27
mac80211_hwsim: report NOACK frames in tx_status
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
i2c: bcm2835: Avoid clock stretching timeouts
ASoC: rt5668: do not block workqueue if card is unbound
ASoC: rt5682: do not block workqueue if card is unbound
regulator: core: fix false positive in regulator_late_cleanup()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
btrfs: get rid of warning on transaction commit when using flushoncommit
KVM: arm64: vgic: Read HW interrupt pending state from the HW
block: loop:use kstatfs.f_bsize of backing file to set discard granularity
tipc: fix a bit overflow in tipc_crypto_key_rcv()
cifs: do not use uninitialized data in the owner/group sid
cifs: fix double free race when mount fails in cifs_get_root()
HID: amd_sfh: Handle amd_sfh work buffer in PM ops
HID: amd_sfh: Add functionality to clear interrupts
HID: amd_sfh: Add interrupt handler to process interrupts
cifs: modefromsids must add an ACE for authenticated users
selftests/seccomp: Fix seccomp failure by adding missing headers
drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby
selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
dmaengine: shdma: Fix runtime PM imbalance on error
i2c: cadence: allow COMPILE_TEST
i2c: imx: allow COMPILE_TEST
i2c: qup: allow COMPILE_TEST
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
usb: gadget: don't release an existing dev->buf
usb: gadget: clear related members when goto fail
exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
exfat: fix i_blocks for files truncated over 4 GiB
tracing: Add test for user space strings when filtering on string pointers
arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
serial: stm32: prevent TDR register overwrite when sending x_char
ext4: drop ineligible txn start stop APIs
ext4: simplify updating of fast commit stats
ext4: fast commit may not fallback for ineligible commit
ext4: fast commit may miss file actions
sched/fair: Fix fault in reweight_entity
ata: pata_hpt37x: fix PCI clock detection
drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
tracing: Add ustring operation to filtering string pointers
ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment()
NFSD: Fix zero-length NFSv3 WRITEs
io_uring: fix no lock protection for ctx->cq_extra
tools/resolve_btf_ids: Close ELF file on error
mtd: spi-nor: Fix mtd size for s3an flashes
MIPS: fix local_{add,sub}_return on MIPS64
signal: In get_signal test for signal_group_exit every time through the loop
PCI: mediatek-gen3: Disable DVFSRC voltage request
PCI: rcar: Check if device is runtime suspended instead of __clk_is_enabled()
PCI: dwc: Do not remap invalid res
PCI: aardvark: Fix checking for MEM resource type
KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest
KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU
KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
KVM: X86: Ensure that dirty PDPTRs are loaded
KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg
KVM: x86: Exit to userspace if emulation prepared a completion callback
i3c: fix incorrect address slot lookup on 64-bit
i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
tracing: Do not let synth_events block other dyn_event systems during create
Input: ti_am335x_tsc - set ADCREFM for X configuration
Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
PCI: mvebu: Check for errors from pci_bridge_emul_init() call
PCI: mvebu: Do not modify PCI IO type bits in conf_write
PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge
PCI: mvebu: Setup PCIe controller to Root Complex mode
PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge
PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge
NFSD: Fix verifier returned in stable WRITEs
Revert "nfsd: skip some unnecessary stats in the v4 case"
nfsd: fix crash on COPY_NOTIFY with special stateid
x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi()
drm/i915: don't call free_mmap_offset when purging
SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point
SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points
drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode
ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
ntb_hw_switchtec: Fix bug with more than 32 partitions
drm/amdkfd: Check for null pointer after calling kmemdup
drm/amdgpu: use spin_lock_irqsave to avoid deadlock by local interrupt
i3c: master: dw: check return of dw_i3c_master_get_free_pos()
dma-buf: cma_heap: Fix mutex locking section
tracing/uprobes: Check the return value of kstrdup() for tu->filename
tracing/probes: check the return value of kstrndup() for pbuf
mm: defer kmemleak object creation of module_alloc()
kasan: fix quarantine conflicting with init_on_free
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting
hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
drm/amdgpu/display: Only set vblank_disable_immediate when PSR is not enabled
drm/amdgpu: filter out radeon PCI device IDs
drm/amdgpu: filter out radeon secondary ids as well
drm/amd/display: Use adjusted DCN301 watermarks
drm/amd/display: move FPU associated DSC code to DML folder
ethtool: Fix link extended state for big endian
octeontx2-af: Optimize KPU1 processing for variable-length headers
octeontx2-af: Reset PTP config in FLR handler
octeontx2-af: cn10k: RPM hardware timestamp configuration
octeontx2-af: cn10k: Use appropriate register for LMAC enable
octeontx2-af: Adjust LA pointer for cpt parse header
octeontx2-af: Add KPU changes to parse NGIO as separate layer
net/mlx5e: IPsec: Refactor checksum code in tx data path
net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic
bpf: Use u64_stats_t in struct bpf_prog_stats
bpf: Fix possible race in inc_misses_counter
drm/amd/display: Update watermark values for DCN301
drm: mxsfb: Set fallback bus format when the bridge doesn't provide one
drm: mxsfb: Fix NULL pointer dereference
riscv/mm: Add XIP_FIXUP for phys_ram_base
drm/i915/display: split out dpt out of intel_display.c
drm/i915/display: Move DRRS code its own file
drm/i915: Disable DRRS on IVB/HSW port != A
gve: Recording rx queue before sending to napi
net: dsa: ocelot: seville: utilize of_mdiobus_register
net: dsa: seville: register the mdiobus under devres
ibmvnic: don't release napi in __ibmvnic_open()
of: net: move of_net under net/
net: ethernet: litex: Add the dependency on HAS_IOMEM
drm/mediatek: mtk_dsi: Reset the dsi0 hardware
cifs: protect session channel fields with chan_lock
cifs: fix confusing unneeded warning message on smb2.1 and earlier
drm/amd/display: Fix stream->link_enc unassigned during stream removal
bnxt_en: Fix occasional ethtool -t loopback test failures
drm/amd/display: For vblank_disable_immediate, check PSR is really used
PCI: mvebu: Fix device enumeration regression
net: of: fix stub of_net helpers for CONFIG_NET=n
ALSA: intel_hdmi: Fix reference to PCM buffer address
ucounts: Fix systemd LimitNPROC with private users regression
riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
riscv: Fix config KASAN && DEBUG_VIRTUAL
iwlwifi: mvm: check debugfs_dir ptr before use
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
iommu/amd: Recover from event log overflow
drm/i915: s/JSP2/ICP2/ PCH
drm/amd/display: Reduce dmesg error to a debug print
xen/netfront: destroy queues before real_num_tx_queues is zeroed
thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
mac80211: fix EAPoL rekey fail in 802.3 rx path
blktrace: fix use after free for struct blk_trace
ntb: intel: fix port config status offset for SPR
mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
xfrm: fix MTU regression
netfilter: fix use-after-free in __nf_register_net_hook()
bpf, sockmap: Do not ignore orig_len parameter
xfrm: fix the if_id check in changelink
xfrm: enforce validity of offload input flags
e1000e: Correct NVM checksum verification flow
net: fix up skbs delta_truesize in UDP GRO frag_list
netfilter: nf_queue: don't assume sk is full socket
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: handle socket prefetch
batman-adv: Request iflink once in batadv-on-batadv check
batman-adv: Request iflink once in batadv_get_real_netdevice
batman-adv: Don't expect inter-netns unique iflink indices
net: ipv6: ensure we call ipv6_mc_down() at most once
net: dcb: flush lingering app table entries for unregistered devices
net: ipa: add an interconnect dependency
net/smc: fix connection leak
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range
mac80211: fix forwarded mesh frames AC & queue selection
net: stmmac: fix return value of __setup handler
mac80211: treat some SAE auth steps as final
iavf: Fix missing check for running netdev
net: sxgbe: fix return value of __setup handler
ibmvnic: register netdev after init of adapter
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
iavf: Fix deadlock in iavf_reset_task
efivars: Respect "block" flag in efivar_entry_set_safe()
auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
firmware: arm_scmi: Remove space in MODULE_ALIAS name
ASoC: cs4265: Fix the duplicated control name
auxdisplay: lcd2s: Fix memory leak in ->remove()
auxdisplay: lcd2s: Use proper API to free the instance of charlcd object
can: gs_usb: change active_channels's type from atomic_t to u8
iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
igc: igc_read_phy_reg_gpy: drop premature return
ARM: Fix kgdb breakpoint for Thumb2
mips: setup: fix setnocoherentio() boolean setting
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
selftests: mlxsw: tc_police_scale: Make test more robust
pinctrl: sunxi: Use unique lockdep classes for IRQs
igc: igc_write_phy_reg_gpy: drop premature return
ibmvnic: free reset-work-item when flushing
memfd: fix F_SEAL_WRITE after shmem huge page allocated
s390/extable: fix exception table sorting
sched: Fix yet more sched_fork() races
arm64: dts: juno: Remove GICv2m dma-range
iommu/amd: Fix I/O page table memory leak
MIPS: ralink: mt7621: do memory detection on KSEG1
ARM: dts: switch timer config to common devkit8000 devicetree
ARM: dts: Use 32KiHz oscillator on devkit8000
soc: fsl: guts: Revert commit
|
||
|
Peter Zijlstra
|
3411613611 |
sched: Fix yet more sched_fork() races
commit b1e8206582f9d680cff7d04828708c8b6ab32957 upstream.
Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an
invalid sched_task_group") fixed a fork race vs cgroup, it opened up a
race vs syscalls by not placing the task on the runqueue before it
gets exposed through the pidhash.
Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is
trying to fix a single instance of this, instead fix the whole class
of issues, effectively reverting this commit.
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Tested-by: Zhang Qiao <zhangqiao22@huawei.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/YgoeCbwj5mbCR0qA@hirez.programming.kicks-ass.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Tadeusz Struk
|
e0bcd6b577 |
sched/fair: Fix fault in reweight_entity
[ Upstream commit 13765de8148f71fa795e0a6607de37c49ea5915a ]
Syzbot found a GPF in reweight_entity. This has been bisected to
commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid
sched_task_group")
There is a race between sched_post_fork() and setpriority(PRIO_PGRP)
within a thread group that causes a null-ptr-deref in
reweight_entity() in CFS. The scenario is that the main process spawns
number of new threads, which then call setpriority(PRIO_PGRP, 0, -20),
wait, and exit. For each of the new threads the copy_process() gets
invoked, which adds the new task_struct and calls sched_post_fork()
for it.
In the above scenario there is a possibility that
setpriority(PRIO_PGRP) and set_one_prio() will be called for a thread
in the group that is just being created by copy_process(), and for
which the sched_post_fork() has not been executed yet. This will
trigger a null pointer dereference in reweight_entity(), as it will
try to access the run queue pointer, which hasn't been set.
Before the mentioned change the cfs_rq pointer for the task has been
set in sched_fork(), which is called much earlier in copy_process(),
before the new task is added to the thread_group. Now it is done in
the sched_post_fork(), which is called after that. To fix the issue
the remove the update_load param from the update_load param() function
and call reweight_task() only if the task flag doesn't have the
TASK_NEW flag set.
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: syzbot+af7a719bc92395ee41b3@syzkaller.appspotmail.com
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20220203161846.1160750-1-tadeusz.struk@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Stephen Dickey
|
4345c3db84 |
ANDROID: sched: update is_cpu_allowed tracehook
Currently, the trace hook for is_cpu_allowed only executes if the cpu is not a kthread. Modules need to be able to reject cpus regardless of whether the task is a kthread or not. Modules also need to have the flexibility to execute, or not, the remainder of is_cpu_allowed. Move the tracepoint for is_cpu_allowed so that it is invoked regardless of task's kthread status, but do not interfere with per-cpu-kthread cpu assignment. Bug: 222550772 Change-Id: Ide48a82a33129448bb22be28814267b0b76535a2 Signed-off-by: Stephen Dickey <quic_dickey@quicinc.com> |
||
|
Peter Zijlstra
|
42da9cb956 |
UPSTREAM: sched: Fix yet more sched_fork() races
Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an
invalid sched_task_group") fixed a fork race vs cgroup, it opened up a
race vs syscalls by not placing the task on the runqueue before it
gets exposed through the pidhash.
Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is
trying to fix a single instance of this, instead fix the whole class
of issues, effectively reverting this commit.
Change-Id: I4d34311eac28b23ee32e9308a21c66afe8fa8a3b
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Tested-by: Zhang Qiao <zhangqiao22@huawei.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/YgoeCbwj5mbCR0qA@hirez.programming.kicks-ass.net
BUG: 221850698
(cherry picked from commit b1e8206582f9d680cff7d04828708c8b6ab32957)
Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
|
||
|
Tadeusz Struk
|
8ab19855fc |
UPSTREAM: sched/fair: Fix fault in reweight_entity
Syzbot found a GPF in reweight_entity. This has been bisected to
commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid
sched_task_group")
There is a race between sched_post_fork() and setpriority(PRIO_PGRP)
within a thread group that causes a null-ptr-deref in
reweight_entity() in CFS. The scenario is that the main process spawns
number of new threads, which then call setpriority(PRIO_PGRP, 0, -20),
wait, and exit. For each of the new threads the copy_process() gets
invoked, which adds the new task_struct and calls sched_post_fork()
for it.
In the above scenario there is a possibility that
setpriority(PRIO_PGRP) and set_one_prio() will be called for a thread
in the group that is just being created by copy_process(), and for
which the sched_post_fork() has not been executed yet. This will
trigger a null pointer dereference in reweight_entity(), as it will
try to access the run queue pointer, which hasn't been set.
Before the mentioned change the cfs_rq pointer for the task has been
set in sched_fork(), which is called much earlier in copy_process(),
before the new task is added to the thread_group. Now it is done in
the sched_post_fork(), which is called after that. To fix the issue
the remove the update_load param from the update_load param() function
and call reweight_task() only if the task flag doesn't have the
TASK_NEW flag set.
Change-Id: I22d5b9d0b06cd85f0f02446b1e8a2389935cffa8
Fixes: 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group")
Reported-by: syzbot+af7a719bc92395ee41b3@syzkaller.appspotmail.com
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20220203161846.1160750-1-tadeusz.struk@linaro.org
BUG: 221850698
(cherry picked from commit 13765de8148f71fa795e0a6607de37c49ea5915a)
Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
287cd0232c |
Merge 5.15.24 into android13-5.15
Changes in 5.15.24 integrity: check the return value of audit_log_start() ima: fix reference leak in asymmetric_verify() ima: Remove ima_policy file before directory ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Do not print policy rule with inactive LSM labels mmc: sdhci-of-esdhc: Check for error num after setting mask mmc: core: Wait for command setting 'Power Off Notification' bit to complete can: isotp: fix potential CAN frame reception race in isotp_rcv() can: isotp: fix error path in isotp_sendmsg() to unlock wait queue net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs NFS: Fix initialisation of nfs_client cl_flags field NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes NFSD: Fix ia_size underflow NFSD: Clamp WRITE offsets NFSD: Fix offset type in I/O trace points NFSD: Fix the behavior of READ near OFFSET_MAX thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume thermal/drivers/int340x: processor_thermal: Suppot 64 bit RFIM responses thermal: int340x: Limit Kconfig to 64-bit thermal/drivers/int340x: Fix RFIM mailbox write commands tracing: Propagate is_signed to expression NFS: change nfs_access_get_cached to only report the mask NFSv4 only print the label when its queried nfs: nfs4clinet: check the return value of kstrdup() NFSv4.1: Fix uninitialised variable in devicenotify NFSv4 remove zero number of fs_locations entries error check NFSv4 store server support for fs_location attribute NFSv4.1 query for fs_location attr on a new file system NFSv4 expose nfs_parse_server_name function NFSv4 handle port presence in fs_location server string SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() irqchip/realtek-rtl: Service all pending interrupts perf/x86/rapl: fix AMD event handling x86/perf: Avoid warning for Arch LBR without XSAVE sched: Avoid double preemption in __cond_resched_*lock*() drm/vc4: Fix deadlock on DSI device attach error drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer net: sched: Clarify error message when qdisc kind is unknown powerpc/fixmap: Fix VM debug warning on unmap scsi: target: iscsi: Make sure the np under each tpg is unique scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() scsi: qedf: Add stag_work to all the vports scsi: qedf: Fix refcount issue when LOGO is received during TMF scsi: qedf: Change context reset messages to ratelimited scsi: pm8001: Fix bogus FW crash for maxcpus=1 scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() scsi: ufs: Treat link loss as fatal error scsi: myrs: Fix crash in error case net: stmmac: reduce unnecessary wakeups from eee sw timer PM: hibernate: Remove register_nosave_region_late() drm/amd/display: Correct MPC split policy for DCN301 usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend perf: Always wake the parent event nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs MIPS: Fix build error due to PTR used in more places net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() KVM: eventfd: Fix false positive RCU usage warning KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow KVM: x86: Report deprecated x87 features in supported CPUID riscv: fix build with binutils 2.38 riscv: cpu-hotplug: clear cpu from numa map when teardown riscv: eliminate unreliable __builtin_frame_address(1) gfs2: Fix gfs2_release for non-writers regression ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group ARM: dts: Fix boot regression on Skomer ARM: socfpga: fix missing RESET_CONTROLLER nvme-tcp: fix bogus request completion when failing to send AER ACPI/IORT: Check node revision for PMCG resources PM: s2idle: ACPI: Fix wakeup interrupts handling drm/amdgpu/display: change pipe policy for DCN 2.0 drm/rockchip: vop: Correct RK3399 VOP register fields drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration drm/i915: Populate pipe dbuf slices more accurately during readout ARM: dts: Fix timer regression for beagleboard revision c ARM: dts: meson: Fix the UART compatible strings ARM: dts: meson8: Fix the UART device-tree schema validation ARM: dts: meson8b: Fix the UART device-tree schema validation phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: imx6qdl-udoo: Properly describe the SD card detect phy: xilinx: zynqmp: Fix bus width setting for SGMII phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers usb: f_fs: Fix use-after-free for epfile phy: dphy: Correct clk_pre parameter gpio: aggregator: Fix calling into sleeping GPIO controllers NFS: Don't overfill uncached readdir pages NFS: Don't skip directory entries when doing uncached readdir drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd. misc: fastrpc: avoid double fput() on failed usercopy net: sparx5: Fix get_stat64 crash in tcpdump netfilter: ctnetlink: disable helper autoassign arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 arm64: dts: meson-sm1-odroid: fix boot loop after reboot ixgbevf: Require large buffers for build_skb on 82599VF drm/panel: simple: Assign data from panel_dpi_probe() correctly ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE gpiolib: Never return internal error codes to user space gpio: sifive: use the correct register to read output values fbcon: Avoid 'cap' set but not used warning bonding: pair enable_port with slave_arr_updates net: dsa: mv88e6xxx: don't use devres for mdiobus net: dsa: ar9331: register the mdiobus under devres net: dsa: bcm_sf2: don't use devres for mdiobus net: dsa: felix: don't use devres for mdiobus net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding net: dsa: lantiq_gswip: don't use devres for mdiobus ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path nfp: flower: fix ida_idx not being released net: do not keep the dst cache when uncloning an skb dst and its metadata net: fix a memleak when uncloning an skb dst and its metadata veth: fix races around rq->rx_notify_masked net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE tipc: rate limit warning for received illegal binding update net: amd-xgbe: disable interrupts during pci removal drm/amd/pm: fix hwmon node of power1_label create issue mptcp: netlink: process IPv6 addrs in creating listening sockets dpaa2-eth: unregister the netdev before disconnecting from the PHY ice: fix an error code in ice_cfg_phy_fec() ice: fix IPIP and SIT TSO offload ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler ice: Avoid RTNL lock when re-creating auxiliary device net: mscc: ocelot: fix mutex lock error during ethtool stats read net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister vt_ioctl: fix array_index_nospec in vt_setactivate vt_ioctl: add array_index_nospec to VT_ACTIVATE n_tty: wake up poll(POLLRDNORM) on receiving data eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX usb: dwc2: drd: fix soft connect when gadget is unconfigured Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured" net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup usb: ulpi: Move of_node_put to ulpi_dev_release usb: ulpi: Call of_node_put correctly usb: dwc3: gadget: Prevent core from processing stale TRBs usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition USB: gadget: validate interface OS descriptor requests usb: gadget: rndis: check size of RNDIS_MSG_SET command usb: gadget: f_uac2: Define specific wTerminalType usb: raw-gadget: fix handling of dual-direction-capable endpoints USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 USB: serial: option: add ZTE MF286D modem USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: cp210x: add NCR Retail IO box id USB: serial: cp210x: add CPI Bulk Coin Recycler id speakup-dectlk: Restore pitch setting phy: ti: Fix missing sentinel for clk_div_table iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL mm: memcg: synchronize objcg lists with a dedicated spinlock seccomp: Invalidate seccomp mode to catch death failures signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE s390/cio: verify the driver availability for path_event call bus: mhi: pci_generic: Add mru_default for Foxconn SDX55 bus: mhi: pci_generic: Add mru_default for Cinterion MV31-W hwmon: (dell-smm) Speed up setting of fan speed x86/sgx: Silence softlockup detection when releasing large enclaves Makefile.extrawarn: Move -Wunaligned-access to W=1 scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled scsi: lpfc: Reduce log messages seen after firmware download MIPS: octeon: Fix missed PTR->PTR_WD conversion arm64: dts: imx8mq: fix lcdif port node perf: Fix list corruption in perf_cgroup_switch() iommu: Fix potential use-after-free during probe Linux 5.15.24 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ibe10e24eeda28e78c35f7656bc49cf11f58d858c |
||
|
Peter Zijlstra
|
85008bde41 |
sched: Avoid double preemption in __cond_resched_*lock*()
[ Upstream commit 7e406d1ff39b8ee574036418a5043c86723170cf ] For PREEMPT/DYNAMIC_PREEMPT the *_unlock() will already trigger a preemption, no point in then calling preempt_schedule_common() *again*. Use _cond_resched() instead, since this is a NOP for the preemptible configs while it provide a preemption point for the others. Reported-by: xuhaifeng <xuhaifeng@oppo.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/YcGnvDEYBwOiV0cR@hirez.programming.kicks-ass.net Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Will Deacon
|
ccabb0e365 |
ANDROID: sched: Don't allow frozen asymmetric tasks to remain on the rq
If a task with a restricted possible CPU mask and PF_FROZEN or PF_FREEZER_SKIP set blocks, then we must not put it back on the runqueue to handle a signal because this could lead to migration failures later on if the suspending CPU is not capable of running it. Return such a task to the runqueue only if a fatal signal is pending, and otherwise allow the task to block. Bug: 202918514 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I04cc9e65751f2bffc556c4da9ef02fe386764324 |
||
Will Deacon
|
6ebb3c5057 |
FROMLIST: sched: Defer wakeup in ttwu() for unschedulable frozen tasks
Asymmetric systems may not offer the same level of userspace ISA support across all CPUs, meaning that some applications cannot be executed by some CPUs. As a concrete example, upcoming arm64 big.LITTLE designs do not feature support for 32-bit applications on both clusters. Although we take care to prevent explicit hot-unplug of all 32-bit capable CPUs on such a system, this is required when suspending on some SoCs where the firmware mandates that the suspend/resume operation is handled by CPU 0, which may not be capable of running 32-bit tasks. Consequently, there is a window on the resume path where no 32-bit capable CPUs are available for scheduling and waking up a 32-bit task will result in a scheduler BUG() due to failure of select_fallback_rq(): | kernel BUG at kernel/sched/core.c:2858! | Internal error: Oops - BUG: 0 [#1] PREEMPT SMP | ... | Call trace: | select_fallback_rq+0x4b0/0x4e4 | try_to_wake_up.llvm.4388853297126348405+0x460/0x5b0 | default_wake_function+0x1c/0x30 | autoremove_wake_function+0x1c/0x60 | __wake_up_common.llvm.11763074518265335900+0x100/0x1b8 | __wake_up+0x78/0xc4 | ep_poll_callback+0x20c/0x3fc Prevent wakeups of unschedulable frozen tasks in ttwu() and instead defer the wakeup to __thaw_tasks(), which runs only once all the secondary CPUs are back online. Signed-off-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/linux-arch/20210525151432.16875-17-will@kernel.org/ Bug: 186372082 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I5a0531b48d537a79e1926289b5a87edcd7dd78ad (cherry picked from commit 94155f60a54df82652117b58c124a529556db6be) |
||
Rick Yiu
|
97d6c580df |
ANDROID: sched: Add trace for __setscheduler_uclamp
To know per-task uclamp request. Bug: 191973176 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: Ibd40391f2228db5daa410198339237879e67a078 Signed-off-by: Will McVicker <willmcvicker@google.com> |
||
|
Rick Yiu
|
abf44714df |
ANDROID: sched: Add vendor hook for uclamp_eff_get
Vendor may have their own behavior for determing uclamp value. Also uclamp_eff_get() is used in uclamp_rq_inc_id() when task is enqueued, and it is contained in uclamp_eff_value(), there is no much benefit to hook uclamp_eff_value(), so remove the hook in uclamp_eff_value(). Bug: 170507972 Bug: 180859906 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: Ibf7c043188a77c40baf5b4040b198a4197236089 Signed-off-by: Will McVicker <willmcvicker@google.com> |
||
|
Stephen Dickey
|
1050e6e021 |
ANDROID: sched: core: hook for get_nohz_timer_target
Allow module to control behavior of get_nohz_timer_target. Bug: 205164003 Change-Id: I38cb201ebf06db7bbce0d6cb68dbbe3729355be8 Signed-off-by: Stephen Dickey <quic_dickey@quicinc.com> |
||
|
Stephen Dickey
|
a243208877 |
ANDROID: kernel: sched: tracehook for is_cpu_allowed
To support the replacement of pause, is_cpu_allowed is the best place to hook into the code to restrict CPUs for a module based implementation. This restricts select_fallback_rq, select_task_rq, and __migate_task, to ensure the cpu is allowed. Include a hook in is_cpu_allowed to allow the module to control which cpu is allowed during a migration event. Bug: 205164003 Change-Id: I665e4d39318079bdb99bd248969ecb9eb528f9df Signed-off-by: Stephen Dickey <quic_dickey@quicinc.com> |
||
Park Bumgyu
|
9e280ea43e |
ANDROID: sched: export task_rq_lock
Declare task_rq_lock as EXPORT_SYMBOL_GPL needed by vendor module. Bug: 178340230 Signed-off-by: Park Bumgyu <bumgyu.park@samsung.com> Change-Id: I4afc2d67bd208b00e6c43590782196cb4ee07937 |
||
Tengfei Fan
|
46161882da |
ANDROID: sched: add hook point in do_sched_yield()
When a task yields, it relinquishes the cpu and scheduler is tasked to find another task. However our vendor scheduler logic implementation could return the same task leading to a loop where the yielded task gets to run back, so add hook point in do_sched_yield() for vendor can do some work before task is scheduled. Bug: 205804537 Change-Id: I6528c3f4b0ee360559ef9c97cb1eb2b2d1357870 Signed-off-by: Tengfei Fan <quic_tengfan@quicinc.com> Signed-off-by: Sai Harshini Nimmala <quic_snimmala@quicinc.com> |
||
|
Greg Kroah-Hartman
|
e5f6d1dffb |
Merge 5.15.7 into android13-5.15
Changes in 5.15.7 ALSA: usb-audio: Restrict rates for the shared clocks ALSA: usb-audio: Rename early_playback_start flag with lowlatency_playback ALSA: usb-audio: Disable low-latency playback for free-wheel mode ALSA: usb-audio: Disable low-latency mode for implicit feedback sync ALSA: usb-audio: Check available frames for the next packet size ALSA: usb-audio: Add spinlock to stop_urbs() ALSA: usb-audio: Improved lowlatency playback support ALSA: usb-audio: Avoid killing in-flight URBs during draining ALSA: usb-audio: Fix packet size calculation regression ALSA: usb-audio: Less restriction for low-latency playback mode ALSA: usb-audio: Switch back to non-latency mode at a later point ALSA: usb-audio: Don't start stream for capture at prepare gfs2: release iopen glock early in evict gfs2: Fix length of holes reported at end-of-file powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY mac80211: do not access the IV when it was stripped mac80211: fix throughput LED trigger x86/hyperv: Move required MSRs check to initial platform probing net/smc: Transfer remaining wait queue entries during fallback atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait net: return correct error code pinctrl: qcom: fix unmet dependencies on GPIOLIB for GPIOLIB_IRQCHIP platform/x86: dell-wmi-descriptor: disable by default platform/x86: thinkpad_acpi: Add support for dual fan control platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit btrfs: silence lockdep when reading chunk tree during mount btrfs: check-integrity: fix a warning on write caching disabled disk thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler net: usb: r8152: Add MAC passthrough support for more Lenovo Docks drm/amd/pm: Remove artificial freq level on Navi1x drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again drm/amd/amdgpu: fix potential memleak ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile ata: libahci: Adjust behavior when StorageD3Enable _DSD is set ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() ipv6: check return value of ipv6_skip_exthdr net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() perf sort: Fix the 'weight' sort key behavior perf sort: Fix the 'ins_lat' sort key behavior perf sort: Fix the 'p_stage_cyc' sort key behavior perf inject: Fix ARM SPE handling perf hist: Fix memory leak of a perf_hpp_fmt perf report: Fix memory leaks around perf_tip() tracing: Don't use out-of-sync va_list in event printing net/smc: Avoid warning of possible recursive locking ACPI: Add stubs for wakeup handler functions net/tls: Fix authentication failure in CCM mode vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver rt2x00: do not mark device gone on EPROTO errors during start ipmi: Move remove_work to dedicated workqueue cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() iwlwifi: mvm: retry init flow if failed dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow s390/pci: move pseudo-MMIO to prevent MIO overlap fget: check that the fd still exists after getting a ref to it sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO scsi: ufs: ufs-pci: Add support for Intel ADL ipv6: fix memory leak in fib6_rule_suppress drm/amd/display: Allow DSC on supported MST branch devices drm/i915/dp: Perform 30ms delay after source OUI write KVM: fix avic_set_running for preemptable kernels KVM: Disallow user memslot with size that exceeds "unsigned long" KVM: x86/mmu: Fix TLB flush range when handling disconnected pt KVM: Ensure local memslot copies operate on up-to-date arch-specific data KVM: x86: ignore APICv if LAPIC is not enabled KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled KVM: x86: Use a stable condition around all VT-d PI paths KVM: MMU: shadow nested paging does not have PKU KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1 KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() KVM: x86: check PIR even for vCPUs with disabled APICv tracing/histograms: String compares should not care about signed values net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed wireguard: selftests: increase default dmesg log size wireguard: allowedips: add missing __rcu annotation to satisfy sparse wireguard: selftests: actually test for routing loops wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST wireguard: device: reset peer src endpoint when netns exits wireguard: receive: use ring buffer for incoming handshakes wireguard: receive: drop handshakes if queue lock is contended wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() i2c: stm32f7: flush TX FIFO upon transfer errors i2c: stm32f7: recover the bus on access timeout i2c: stm32f7: stop dma transfer in case of NACK i2c: cbus-gpio: set atomic transfer callback natsemi: xtensa: fix section mismatch warnings tcp: fix page frag corruption on page fault net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() net: mpls: Fix notifications when deleting a device siphash: use _unaligned version by default arm64: ftrace: add missing BTIs iwlwifi: fix warnings produced by kernel debug options net/mlx5e: IPsec: Fix Software parser inner l3 type setting in case of encapsulation net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() selftests: net: Correct case name net: dsa: b53: Add SPI ID table mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode ASoC: tegra: Fix wrong value type in ADMAIF ASoC: tegra: Fix wrong value type in I2S ASoC: tegra: Fix wrong value type in DMIC ASoC: tegra: Fix wrong value type in DSPK ASoC: tegra: Fix kcontrol put callback in ADMAIF ASoC: tegra: Fix kcontrol put callback in I2S ASoC: tegra: Fix kcontrol put callback in DMIC ASoC: tegra: Fix kcontrol put callback in DSPK ASoC: tegra: Fix kcontrol put callback in AHUB rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net: marvell: mvpp2: Fix the computation of shared CPUs dpaa2-eth: destroy workqueue at the end of remove function octeontx2-af: Fix a memleak bug in rvu_mbox_init() net: annotate data-races on txq->xmit_lock_owner ipv4: convert fib_num_tclassid_users to atomic_t net/smc: fix wrong list_del in smc_lgr_cleanup_early net/rds: correct socket tunable error in rds_tcp_tune() net/smc: Keep smc_close_final rc during active close drm/msm/a6xx: Allocate enough space for GMU registers drm/msm: Do hw_init() before capturing GPU state drm/vc4: kms: Wait for the commit before increasing our clock rate drm/vc4: kms: Fix return code check drm/vc4: kms: Add missing drm_crtc_commit_put drm/vc4: kms: Clear the HVS FIFO commit pointer once done drm/vc4: kms: Don't duplicate pending commit drm/vc4: kms: Fix previous HVS commit wait atlantic: Increase delay for fw transactions atlatnic: enable Nbase-t speeds with base-t atlantic: Fix to display FW bundle version instead of FW mac version. atlantic: Add missing DIDs and fix 115c. Remove Half duplex mode speed capabilities. atlantic: Fix statistics logic for production hardware atlantic: Remove warn trace message. KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() drm/msm/devfreq: Fix OPP refcnt leak drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP drm/msm: Fix wait_fence submitqueue leak drm/msm: Restore error return on invalid fence ASoC: rk817: Add module alias for rk817-codec iwlwifi: Fix memory leaks in error handling path KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 KVM: SEV: initialize regions_list of a mirror VM net/mlx5e: Fix missing IPsec statistics on uplink representor net/mlx5: Move MODIFY_RQT command to ignore list in internal error state net/mlx5: E-switch, Respect BW share of the new group net/mlx5: E-Switch, fix single FDB creation on BlueField net/mlx5: E-Switch, Check group pointer before reading bw_share value KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register KVM: VMX: Set failure code in prepare_vmcs02() mctp: Don't let RTM_DELROUTE delete local routes Revert "drm/i915: Implement Wa_1508744258" io-wq: don't retry task_work creation failure on fatal conditions x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() x86/entry: Use the correct fence macro after swapgs in kernel CR3 x86/xen: Add xenpv_restore_regs_and_return_to_usermode() preempt/dynamic: Fix setup_preempt_mode() return value sched/uclamp: Fix rq->uclamp_max not set on first enqueue KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path net/mlx5e: Rename lro_timeout to packet_merge_timeout net/mlx5e: Rename TIR lro functions to TIR packet merge functions net/mlx5e: Sync TIR params updates against concurrent create/modify serial: 8250_bcm7271: UART errors after resuming from S2 parisc: Fix KBUILD_IMAGE for self-extracting kernel parisc: Fix "make install" on newer debian releases parisc: Mark cr16 CPU clocksource unstable on all SMP machines vgacon: Propagate console boot parameters before calling `vc_resize' xhci: Fix commad ring abort, write all 64 bits to CRCR register. USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() x86/tsc: Add a timer to make sure TSC_adjust is always checked x86/tsc: Disable clocksource watchdog for TSC on qualified platorms x86/64/mm: Map all kernel memory into trampoline_pgd tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 serial: core: fix transmit-buffer reset and memleak serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array serial: 8250_pci: rewrite pericom_do_set_divisor() serial: 8250: Fix RTS modem control while in rs485 mode serial: liteuart: Fix NULL pointer dereference in ->remove() serial: liteuart: fix use-after-free and memleak on unbind serial: liteuart: fix minor-number leak on probe errors ipmi: msghandler: Make symbol 'remove_work_wq' static Linux 5.15.7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9300a10911f6205d2fb76f18255b017d34d68d1d |
||
Qais Yousef
|
a246d92dda |
sched/uclamp: Fix rq->uclamp_max not set on first enqueue
[ Upstream commit 315c4f884800c45cb6bd8c90422fad554a8b9588 ] Commit |
||
Andrew Halaney
|
fcf7147760 |
preempt/dynamic: Fix setup_preempt_mode() return value
[ Upstream commit 9ed20bafc85806ca6c97c9128cec46c3ef80ae86 ]
__setup() callbacks expect 1 for success and 0 for failure. Correct the
usage here to reflect that.
Fixes:
|
||
|
Rick Yiu
|
7aa82e72a1 |
ANDROID: sched: Export available_idle_cpu
Previously idle_cpu is exported which is used by vendor module to check if a cpu is in idle state, but later we think available_idle_cpu is better than idle_cpu because it also checks vcpu_is_preempted. Bug: 171740453 Change-Id: I17ccc4925650431f334a9eb2bbc94a138ab36ae0 Signed-off-by: Rick Yiu <rickyiu@google.com> Signed-off-by: Will McVicker <willmcvicker@google.com> Signed-off-by: Shaleen Agrawal <quic_shalagra@quicinc.com> |
||
Quentin Perret
|
3efa38ae9b |
ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE
There is currently nothing preventing tasks from changing their per-task clamp values in anyway that they like. The rationale is probably that system administrators are still able to limit those clamps thanks to the cgroup interface. However, this causes pain in a system where both per-task and per-cgroup clamp values are expected to be under the control of core system components (as is the case for Android). To fix this, let's require CAP_SYS_NICE to change per-task clamp values. There are ongoing discussions upstream about more flexible approaches than this using the RLIMIT API -- see [1]. But the upstream discussion has not converged yet, and this is way too late for UAPI changes in android12-5.10 anyway, so let's apply this change which provides the behaviour we want without actually impacting UAPIs. [1] https://lore.kernel.org/lkml/20210623123441.592348-4-qperret@google.com/ Bug: 187186685 Signed-off-by: Quentin Perret <qperret@google.com> Change-Id: I749312a77306460318ac5374cf243d00b78120dd |
||
|
Greg Kroah-Hartman
|
eb2f3d6b8d |
Merge 5.15.6 into android13-5.15
Changes in 5.15.6 scsi: sd: Fix sd_do_mode_sense() buffer length handling ACPI: Get acpi_device's parent from the parent field ACPI: CPPC: Add NULL pointer check to cppc_get_perf() USB: serial: pl2303: fix GC type detection USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: dwc2: gadget: Fix ISOC flow for elapsed frames usb: dwc2: hcd_queue: Fix use of floating point literal usb: dwc3: leave default DMA for PCI devices usb: dwc3: core: Revise GHWPARAMS9 offset usb: dwc3: gadget: Ignore NoStream after End Transfer usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer usb: dwc3: gadget: Fix null pointer exception net: usb: Correct PHY handling of smsc95xx net: nexthop: fix null pointer dereference when IPv6 is not enabled usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts usb: xhci: tegra: Check padctrl interrupt presence in device tree usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 media: cec: copy sequence field for the reply Revert "parisc: Fix backtrace to always include init funtion names" HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging/fbtft: Fix backlight staging: greybus: Add missing rwsem around snd_ctl_remove() calls staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() staging: r8188eu: Use kzalloc() with GFP_ATOMIC in atomic context staging: r8188eu: Fix breakage introduced when 5G code was removed staging: r8188eu: use GFP_ATOMIC under spinlock staging: r8188eu: fix a memory leak in rtw_wx_read32() fuse: release pipe buf after last use xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init io_uring: correct link-list traversal locking io_uring: fail cancellation for EXITING tasks io_uring: fix link traversal locking drm/amdgpu: IH process reset count when restart drm/amdgpu/pm: fix powerplay OD interface drm/nouveau: recognise GA106 ksmbd: downgrade addition info error msg to debug in smb2_get_info_sec() ksmbd: contain default data stream even if xattr is empty ksmbd: fix memleak in get_file_stream_info() KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB tracing/uprobe: Fix uprobe_perf_open probes iteration tracing: Fix pid filtering when triggers are attached mmc: sdhci-esdhc-imx: disable CMDQ support mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB mdio: aspeed: Fix "Link is Down" issue arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd cpufreq: intel_pstate: Fix active mode offline/online EPP handling powerpc/32: Fix hardlockup on vmap stack overflow iomap: Fix inline extent handling in iomap_readpage NFSv42: Fix pagecache invalidation after COPY/CLONE PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() PCI: aardvark: Implement re-issuing config requests on CRS response PCI: aardvark: Simplify initialization of rootcap on virtual bridge PCI: aardvark: Fix link training drm/amd/display: Fix OLED brightness control on eDP proc/vmcore: fix clearing user buffer by properly using clear_user() ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY netfilter: ctnetlink: do not erase error code with EINVAL netfilter: ipvs: Fix reuse connection if RS weight is 0 netfilter: flowtable: fix IPv6 tunnel addr match media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86 firmware: arm_scmi: Fix null de-reference on error path ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ARM: dts: bcm2711: Fix PCIe interrupts ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ASoC: codecs: wcd938x: fix volatile register range ASoC: codecs: wcd934x: return error code correctly from hw_params ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask net: ieee802154: handle iftypes as u32 firmware: arm_scmi: Fix base agent discover response firmware: arm_scmi: pm: Propagate return value to caller ASoC: stm32: i2s: fix 32 bits channel length without mclk NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() scsi: mpt3sas: Fix kernel panic during drive powercycle test scsi: mpt3sas: Fix system going into read-only mode scsi: mpt3sas: Fix incorrect system timestamp drm/vc4: fix error code in vc4_create_object() drm/aspeed: Fix vga_pw sysfs output net: marvell: prestera: fix brige port operation net: marvell: prestera: fix double free issue on err path HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields HID: input: set usage type to key on keycode remap HID: magicmouse: prevent division by 0 on scroll iavf: Prevent changing static ITR values if adaptive moderation is on iavf: Fix refreshing iavf adapter stats on ethtool request iavf: Fix VLAN feature flags after VFR x86/pvh: add prototype for xen_pvh_init() xen/pvh: add missing prototype to header ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec mptcp: fix delack timer mptcp: use delegate action to schedule 3rd ack retrans af_unix: fix regression in read after shutdown firmware: smccc: Fix check for ARCH_SOC_ID not implemented ipv6: fix typos in __ip6_finish_output() nfp: checking parameter process for rx-usecs/tx-usecs is invalid net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls net: ipv6: add fib6_nh_release_dsts stub net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group ice: fix vsi->txq_map sizing ice: avoid bpf_prog refcount underflow scsi: core: sysfs: Fix setting device state to SDEV_RUNNING scsi: scsi_debug: Zero clear zones at reset write pointer erofs: fix deadlock when shrink erofs slab i2c: virtio: disable timeout handling net/smc: Ensure the active closing peer first closes clcsock mlxsw: spectrum: Protect driver from buggy firmware net: ipa: directly disable ipa-setup-ready interrupt net: ipa: separate disabling setup from modem stop net: ipa: kill ipa_cmd_pipeline_clear() net: marvell: mvpp2: increase MTU limit when XDP enabled cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs nvmet-tcp: fix incomplete data digest send drm/hyperv: Fix device removal on Gen1 VMs arm64: uaccess: avoid blocking within critical sections net/ncsi : Add payload to be 32-bit aligned to fix dropped packets PM: hibernate: use correct mode for swsusp_close() drm/amd/display: Fix DPIA outbox timeout after GPU reset drm/amd/display: Set plane update flags for all planes in reset tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows lan743x: fix deadlock in lan743x_phy_link_status_change() net: phylink: Force link down and retrigger resolve on interface change net: phylink: Force retrigger in case of latched link-fail indicator net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() net/smc: Fix loop in smc_listen nvmet: use IOCB_NOWAIT only if the filesystem supports it igb: fix netpoll exit with traffic MIPS: loongson64: fix FTLB configuration MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 tls: splice_read: fix record type check tls: splice_read: fix accessing pre-processed records tls: fix replacing proto_ops net: stmmac: Disable Tx queues when reconfiguring the interface net/sched: sch_ets: don't peek at classes beyond 'nbands' ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() net: vlan: fix underflow for the real_dev refcnt net/smc: Don't call clcsock shutdown twice when smc shutdown net: hns3: fix VF RSS failed problem after PF enable multi-TCs net: hns3: fix incorrect components info of ethtool --reset command net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP net: mscc: ocelot: correctly report the timestamping RX filters in ethtool locking/rwsem: Make handoff bit handling more consistent perf: Ignore sigtrap for tracepoints destined for other tasks sched/scs: Reset task stack state in bringup_cpu() iommu/rockchip: Fix PAGE_DESC_HI_MASKs for RK3568 iommu/vt-d: Fix unmap_pages support f2fs: quota: fix potential deadlock f2fs: set SBI_NEED_FSCK flag when inconsistent node block found riscv: dts: microchip: fix board compatible riscv: dts: microchip: drop duplicated MMC/SDHC node cifs: nosharesock should not share socket with future sessions ceph: properly handle statfs on multifs setups iommu/amd: Clarify AMD IOMMUv2 initialization messages vdpa_sim: avoid putting an uninitialized iova_domain vhost/vsock: fix incorrect used length reported to the guest ksmbd: Fix an error handling path in 'smb2_sess_setup()' tracing: Check pid filtering when creating events cifs: nosharesock should be set on new server io_uring: fix soft lockup when call __io_remove_buffers firmware: arm_scmi: Fix type error assignment in voltage protocol firmware: arm_scmi: Fix type error in sensor protocol docs: accounting: update delay-accounting.rst reference blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() block: avoid to quiesce queue in elevator_init_mq drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ Linux 5.15.6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ibe65221ba285038e25de36ad3659e0ce201408c2 |
||
Mark Rutland
|
229c555260 |
sched/scs: Reset task stack state in bringup_cpu()
[ Upstream commit dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3 ] To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the active stack frames, and when shadow call stacks are in use. When shadow call stacks (SCS) are in use the task's saved SCS SP is left pointing at an arbitrary point within the task's shadow call stack. When a CPU is offlined than onlined back into the kernel, this stale state can adversely affect execution. Stale KASAN shadow can alias new stackframes and result in bogus KASAN warnings. A stale SCS SP is effectively a memory leak, and prevents a portion of the shadow call stack being used. Across a number of hotplug cycles the idle task's entire shadow call stack can become unusable. We previously fixed the KASAN issue in commit: |
||
|
Greg Kroah-Hartman
|
966869fb2a |
Merge 5.15.5 into android13-5.15
Changes in 5.15.5
arm64: zynqmp: Do not duplicate flash partition label property
arm64: zynqmp: Fix serial compatible string
clk: sunxi-ng: Unregister clocks/resets when unbinding
ARM: dts: sunxi: Fix OPPs node name
arm64: dts: allwinner: h5: Fix GPU thermal zone node name
arm64: dts: allwinner: a100: Fix thermal zone node name
staging: wfx: ensure IRQ is ready before enabling it
ARM: dts: BCM5301X: Fix nodes names
ARM: dts: BCM5301X: Fix MDIO mux binding
ARM: dts: NSP: Fix mpcore, mmc node names
arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus
scsi: pm80xx: Fix memory leak during rmmod
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
ASoC: mediatek: mt8195: Add missing of_node_put()
arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
arm64: dts: hisilicon: fix arm,sp805 compatible string
RDMA/bnxt_re: Check if the vlan is valid before reporting
bus: ti-sysc: Add quirk handling for reinit on context lost
bus: ti-sysc: Use context lost quirk for otg
usb: musb: tusb6010: check return value after calling platform_get_resource()
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
ARM: dts: ux500: Skomer regulator fixes
staging: rtl8723bs: remove possible deadlock when disconnect (v2)
staging: rtl8723bs: remove a second possible deadlock
staging: rtl8723bs: remove a third possible deadlock
ARM: BCM53016: Specify switch ports for Meraki MR32
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
arm64: dts: qcom: ipq8074: Fix qcom,controlled-remotely property
arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property
arm64: dts: freescale: fix arm,sp805 compatible string
arm64: dts: ls1012a: Add serial alias for ls1012a-rdb
RDMA/rxe: Separate HW and SW l/rkeys
ASoC: SOF: Intel: hda-dai: fix potential locking issue
scsi: core: Fix scsi_mode_sense() buffer length handling
ALSA: usb-audio: disable implicit feedback sync for Behringer UFX1204 and UFX1604
clk: imx: imx6ul: Move csi_sel mux to correct base register
ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
scsi: advansys: Fix kernel pointer leak
scsi: smartpqi: Add controller handshake during kdump
arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY
ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec
ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single amp
ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45
firmware_loader: fix pre-allocated buf built-in firmware use
HID: multitouch: disable sticky fingers for UPERFECT Y
ALSA: usb-audio: Add support for the Pioneer DJM 750MK2 Mixer/Soundcard
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ASoC: rt5682: fix a little pop while playback
ARM: dts: ls1021a: move thermal-zones node out of soc/
ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
ALSA: ISA: not for M68K
iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
RDMA/core: Use kvzalloc when allocating the struct ib_port
scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
scsi: lpfc: Fix link down processing to address NULL pointer dereference
scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss
memory: tegra20-emc: Add runtime dependency on devfreq governor module
powerpc/5200: dts: fix memory node unit name
ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
arm64: dts: qcom: Fix node name of rpm-msg-ram device nodes
ALSA: gus: fix null pointer dereference on pointer block
ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
clk: at91: sama7g5: remove prescaler part of master clock
iommu/dart: Initialize DART_STREAMS_ENABLE
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
f2fs: fix up f2fs_lookup tracepoints
f2fs: fix to use WHINT_MODE
f2fs: fix wrong condition to trigger background checkpoint correctly
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: math-emu: drop unused functions
sh: define __BIG_ENDIAN for math-emu
f2fs: compress: disallow disabling compress on non-empty compressed file
f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
clk: ingenic: Fix bugs with divided dividers
clk/ast2600: Fix soc revision for AHB
clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
KVM: arm64: Fix host stage-2 finalization
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
MIPS: boot/compressed/: add __bswapdi2() to target for ZSTD decompression
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
sched/fair: Prevent dead task groups from regaining cfs_rq's
perf/x86/vlbr: Add c->flags to vlbr event constraints
blkcg: Remove extra blkcg_bio_issue_init
tracing/histogram: Do not copy the fixed-size char array field over the field size
perf bpf: Avoid memory leak from perf_env__insert_btf()
perf bench futex: Fix memory leak of perf_cpu_map__new()
perf tests: Remove bash construct from record+zstd_comp_decomp.sh
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
bpf: Fix inner map state pruning regression.
samples/bpf: Fix summary per-sec stats in xdp_sample_user
samples/bpf: Fix incorrect use of strlen in xdp_redirect_cpu
selftests: net: switch to socat in the GSO GRE test
net/ipa: ipa_resource: Fix wrong for loop range
tcp: Fix uninitialized access in skb frags array for Rx 0cp.
tracing: Add length protection to histogram string copies
nl80211: fix radio statistics in survey dump
mac80211: fix monitor_sdata RCU/locking assertions
net: ipa: HOLB register sometimes must be written twice
net: ipa: disable HOLB drop when updating timer
selftests: gpio: fix gpio compiling error
net: bnx2x: fix variable dereferenced before check
bnxt_en: reject indirect blk offload when hw-tc-offload is off
tipc: only accept encrypted MSG_CRYPTO msgs
sock: fix /proc/net/sockstat underflow in sk_clone_lock()
net/smc: Make sure the link_id is unique
NFSD: Fix exposure in nfsd4_decode_bitmap()
iavf: Fix return of set the new channel count
iavf: check for null in iavf_fix_features
iavf: free q_vectors before queues in iavf_disable_vf
iavf: don't clear a lock we don't hold
iavf: Fix failure to exit out from last all-multicast mode
iavf: prevent accidental free of filter structure
iavf: validate pointers
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: Fix for setting queues to 0
iavf: Restore VLAN filters after link down
bpf: Fix toctou on read-only map's constant scalar tracking
MIPS: generic/yamon-dt: fix uninitialized variable error
mips: bcm63xx: add support for clk_get_parent()
mips: lantiq: add support for clk_get_parent()
gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
platform/x86: think-lmi: Abort probe on analyze failure
udp: Validate checksum in udp_read_sock()
btrfs: make 1-bit bit-fields of scrub_page unsigned int
RDMA/core: Set send and receive CQ before forwarding to the driver
net/mlx5e: kTLS, Fix crash in RX resync flow
net/mlx5e: Wait for concurrent flow deletion during neigh/fib events
net/mlx5: E-Switch, Fix resetting of encap mode when entering switchdev
net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
net/mlx5: Update error handler for UCTX and UMEM
net/mlx5: E-Switch, rebuild lag only when needed
net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
net/mlx5: Lag, update tracker when state change event received
net/mlx5: E-Switch, return error if encap isn't supported
scsi: ufs: core: Improve SCSI abort handling
scsi: core: sysfs: Fix hang when device state is set via sysfs
scsi: ufs: core: Fix task management completion timeout race
scsi: ufs: core: Fix another task management completion race
net: mvmdio: fix compilation warning
net: sched: act_mirred: drop dst for the direction from egress to ingress
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
net: virtio_net_hdr_to_skb: count transport header in UFO
i40e: Fix correct max_pkt_size on VF RX queue
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix ping is lost after configuring ADq on VF
RDMA/mlx4: Do not fail the registration on port stats
i40e: Fix warning message and call stack during rmmod i40e driver
i40e: Fix creation of first queue by omitting it if is not power of two
i40e: Fix display error code in dmesg
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
NFC: add NCI_UNREG flag to eliminate the race
e100: fix device suspend/resume
ptp: ocp: Fix a couple NULL vs IS_ERR() checks
tools build: Fix removal of feature-sync-compare-and-swap feature detection
riscv: fix building external modules
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
powerpc: clean vdso32 and vdso64 directories
powerpc/pseries: rename numa_dist_table to form2_distances
powerpc/pseries: Fix numa FORM2 parsing fallback code
pinctrl: qcom: sdm845: Enable dual edge errata
pinctrl: qcom: sm8350: Correct UFS and SDC offsets
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
s390/kexec: fix return code handling
blk-cgroup: fix missing put device in error path from blkg_conf_pref()
dmaengine: remove debugfs #ifdef
tun: fix bonding active backup with arp monitoring
Revert "mark pstore-blk as broken"
pstore/blk: Use "%lu" to format unsigned long
hexagon: export raw I/O routines for modules
hexagon: clean up timer-regs.h
tipc: check for null after calling kmemdup
ipc: WARN if trying to remove ipc object which is absent
shm: extend forced shm destroy to support objects from several IPC nses
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
hugetlb, userfaultfd: fix reservation restore on userfaultfd error
kmap_local: don't assume kmap PTEs are linear arrays in memory
mm/damon/dbgfs: use '__GFP_NOWARN' for user-specified size buffer allocation
mm/damon/dbgfs: fix missed use of damon_dbgfs_lock
x86/boot: Pull up cmdline preparation and early param parsing
x86/sgx: Fix free page accounting
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
KVM: x86: Assume a 64-bit hypercall for guests with protected state
KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap()
KVM: x86/mmu: include EFER.LMA in extended mmu role
KVM: x86/xen: Fix get_attr of KVM_XEN_ATTR_TYPE_SHARED_INFO
powerpc/signal32: Fix sigset_t copy
powerpc/xive: Change IRQ domain to a tree domain
powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"
Revert "parisc: Reduce sigreturn trampoline to 3 instructions"
ata: libata: improve ata_read_log_page() error message
ata: libata: add missing ata_identify_page_supported() calls
scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c'
s390/setup: avoid reserving memory above identity mapping
s390/boot: simplify and fix kernel memory layout setup
s390/vdso: filter out -mstack-guard and -mstack-size
s390/kexec: fix memory leak of ipl report buffer
s390/dump: fix copying to user-space of swapped kdump oldmem
block: Check ADMIN before NICE for IOPRIO_CLASS_RT
fbdev: Prevent probing generic drivers if a FB is already registered
KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created vCPUs
KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load
drm/cma-helper: Release non-coherent memory with dma_free_noncoherent()
printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces
udf: Fix crash after seekdir
spi: fix use-after-free of the add_lock mutex
net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform
Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size
btrfs: fix memory ordering between normal and ordered work functions
fs: handle circular mappings correctly
net: stmmac: Fix signed/unsigned wreckage
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
mac80211: fix radiotap header generation
mac80211: drop check for DONT_REORDER in __ieee80211_select_queue
drm/amd/display: Update swizzle mode enums
drm/amd/display: Limit max DSC target bpp for specific monitors
drm/i915/guc: Fix outstanding G2H accounting
drm/i915/guc: Don't enable scheduling on a banned context, guc_id invalid, not registered
drm/i915/guc: Workaround reset G2H is received after schedule done G2H
drm/i915/guc: Don't drop ce->guc_active.lock when unwinding context
drm/i915/guc: Unwind context requests in reverse order
drm/udl: fix control-message timeout
drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
drm/nouveau: Add a dedicated mutex for the clients list
drm/nouveau: use drm_dev_unplug() during device removal
drm/nouveau: clean up all clients on device removal
drm/i915/dp: Ensure sink rate values are always valid
drm/i915/dp: Ensure max link params are always valid
drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/amd/pm: avoid duplicate powergate/ungate setting
signal: Implement force_fatal_sig
exit/syscall_user_dispatch: Send ordinary signals on failure
signal/powerpc: On swapcontext failure force SIGSEGV
signal/s390: Use force_sigsegv in default_trap_handler
signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails
signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig
signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
signal/x86: In emulate_vsyscall force a signal instead of calling do_exit
signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
signal: Don't always set SA_IMMUTABLE for forced signals
signal: Replace force_fatal_sig with force_exit_sig when in doubt
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
RDMA/netlink: Add __maybe_unused to static inline in C file
bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs
selinux: fix NULL-pointer dereference when hashtab allocation fails
ASoC: DAPM: Cover regression by kctl change notification fix
ASoC: rsnd: fixup DMAEngine API
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ice: Fix VF true promiscuous mode
ice: Delete always true check of PF pointer
fs: export an inode_update_time helper
btrfs: update device path inode time instead of bd_inode
net: add and use skb_unclone_keeptruesize() helper
x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
ALSA: hda: hdac_ext_stream: fix potential locking issues
ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
Linux 5.15.5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If86a02ba2cf9af765d9838ada3b9a2cbcea9a08d
|
||
Mathias Krause
|
512e21c150 |
sched/fair: Prevent dead task groups from regaining cfs_rq's
[ Upstream commit b027789e5e50494c2325cc70c8642e7fd6059479 ] Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). Initial debugging revealed that we've live cfs_rq's (on_list=1) in an about to be kfree()'d task group in free_fair_sched_group(). However, it was unclear how that can happen. His kernel config happened to lead to a layout of struct sched_entity that put the 'my_q' member directly into the middle of the object which makes it incidentally overlap with SLUB's freelist pointer. That, in combination with SLAB_FREELIST_HARDENED's freelist pointer mangling, leads to a reliable access violation in form of a #GP which made the UAF fail fast. Michal seems to have run into the same issue[1]. He already correctly diagnosed that commit |
||
Vincent Donnefort
|
e4511d8dc2 |
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
[ Upstream commit 42dc938a590c96eeb429e1830123fef2366d9c80 ]
Nothing protects the access to the per_cpu variable sd_llc_id. When testing
the same CPU (i.e. this_cpu == that_cpu), a race condition exists with
update_top_cache_domain(). One scenario being:
CPU1 CPU2
==================================================================
per_cpu(sd_llc_id, CPUX) => 0
partition_sched_domains_locked()
detach_destroy_domains()
cpus_share_cache(CPUX, CPUX) update_top_cache_domain(CPUX)
per_cpu(sd_llc_id, CPUX) => 0
per_cpu(sd_llc_id, CPUX) = CPUX
per_cpu(sd_llc_id, CPUX) => CPUX
return false
ttwu_queue_cond() wouldn't catch smp_processor_id() == cpu and the result
is a warning triggered from ttwu_queue_wakelist().
Avoid a such race in cpus_share_cache() by always returning true when
this_cpu == that_cpu.
Fixes:
|
||
|
Greg Kroah-Hartman
|
36de88a855 |
Merge 5.15.3 into android13-5.15
Changes in 5.15.3
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
Input: iforce - fix control-message timeout
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
scsi: scsi_ioctl: Validate command size
scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run
scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd()
scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding
scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
scsi: qla2xxx: Fix crash in NVMe abort path
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
scsi: qla2xxx: Fix use after free in eh_abort path
ce/gf100: fix incorrect CE0 address calculation on some GPUs
char: xillybus: fix msg_ep UAF in xillyusb_probe()
mmc: mtk-sd: Add wait dma stop done flow
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
exfat: fix incorrect loading of i_blocks for large files
io-wq: remove worker to owner tw dependency
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix ptrace check on syscall return
tpm: Check for integer overflow in tpm2_map_response_body()
firmware/psci: fix application of sizeof to pointer
crypto: s5p-sss - Add error handling in s5p_aes_probe()
media: rkvdec: Do not override sizeimage for output format
media: ite-cir: IR receiver stop working after receive overflow
media: rkvdec: Support dynamic resolution changes
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: v4l2-ioctl: Fix check_ext_ctrls
ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
ALSA: hda/realtek: Add quirk for Clevo PC70HS
ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: hda: Free card instance properly at probe errors
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: pci: rme: Fix unaligned buffer addresses
ALSA: PCM: Fix NULL dereference at mmap checks
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
Revert "ext4: enforce buffer head state assertion in ext4_da_map_blocks"
ext4: fix lazy initialization next schedule time computation in more granular unit
ext4: ensure enough credits in ext4_ext_shift_path_extents
ext4: refresh the ext4_ext_path struct after dropping i_data_sem.
fuse: fix page stealing
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/iopl: Fake iopl(3) CLI/STI usage
btrfs: clear MISSING device status bit in btrfs_close_one_device
btrfs: fix lost error handling when replaying directory deletes
btrfs: call btrfs_check_rw_degradable only if there is a missing device
KVM: x86/mmu: Drop a redundant, broken remote TLB flush
KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup
KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
ia64: kprobes: Fix to pass correct trampoline address to the handler
selinux: fix race condition when computing ocontext SIDs
ipmi:watchdog: Set panic count to proper value on a panic
md/raid1: only allocate write behind bio for WriteMostly device
hwmon: (pmbus/lm25066) Add offset coefficients
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
ath10k: fix control-message timeout
ath10k: fix division by zero in send path
PCI: Mark Atheros QCA6174 to avoid bus reset
rtl8187: fix control-message timeouts
evm: mark evm_fixmode as __ro_after_init
ifb: Depend on netfilter alternatively to tc
platform/surface: aggregator_registry: Add support for Surface Laptop Studio
mt76: mt7615: fix skb use-after-free on mac reset
HID: surface-hid: Use correct event registry for managing HID events
HID: surface-hid: Allow driver matching for target ID 1 devices
wcn36xx: Fix HT40 capability for 2Ghz band
wcn36xx: Fix tx_status mechanism
wcn36xx: Fix (QoS) null data frame bitrate/modulation
PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions
mwifiex: Read a PCI register after writing the TX ring write pointer
mwifiex: Try waking the firmware until we get an interrupt
libata: fix checking of DMA state
dma-buf: fix and rework dma_buf_poll v7
wcn36xx: handle connection loss indication
rsi: fix occasional initialisation failure with BT coex
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix rate mask set leading to P2P failure
rsi: Fix module dev_oper_mode parameter description
perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server
perf/x86/intel/uncore: Fix invalid unit check
perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
ASoC: tegra: Set default card name for Trimslice
ASoC: tegra: Restore AC97 support
signal: Remove the bogus sigkill_pending in ptrace_stop
memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed
soc: samsung: exynos-pmu: Fix compilation when nothing selects CONFIG_MFD_CORE
soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id
soc: fsl: dpio: use the combined functions to protect critical zone
mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines
mctp: handle the struct sockaddr_mctp padding fields
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
iio: core: fix double free in iio_device_unregister_sysfs()
iio: core: check return value when calling dev_set_name()
KVM: arm64: Extract ESR_ELx.EC only
KVM: x86: Fix recording of guest steal time / preempted status
KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
KVM: nVMX: Handle dynamic MSR intercept toggling
can: peak_usb: always ask for BERR reporting for PCAN-USB devices
can: mcp251xfd: mcp251xfd_irq(): add missing can_rx_offload_threaded_irq_finish() in case of bus off
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
can: j1939: j1939_can_recv(): ignore messages with invalid source address
can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
iio: adc: tsc2046: fix scan interval warning
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
io_uring: honour zeroes as io-wq worker limits
ring-buffer: Protect ring_buffer_reset() from reentrancy
serial: core: Fix initializing and restoring termios speed
ifb: fix building without CONFIG_NET_CLS_ACT
xen/balloon: add late_initcall_sync() for initial ballooning done
ovl: fix use after free in struct ovl_aio_req
ovl: fix filattr copy-up failure
PCI: pci-bridge-emul: Fix emulation of W1C bits
PCI: cadence: Add cdns_plat_pcie_probe() missing return
cxl/pci: Fix NULL vs ERR_PTR confusion
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Fix configuring Reference clock
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
cifs: To match file servers, make sure the server hostname matches
cifs: set a minimum of 120s for next dns resolution
mfd: simple-mfd-i2c: Select MFD_CORE to fix build error
pinctrl: core: fix possible memory leak in pinctrl_enable()
coresight: cti: Correct the parameter for pm_runtime_put
coresight: trbe: Fix incorrect access of the sink specific data
coresight: trbe: Defer the probe on offline CPUs
iio: buffer: check return value of kstrdup_const()
iio: buffer: Fix memory leak in iio_buffers_alloc_sysfs_and_mask()
iio: buffer: Fix memory leak in __iio_buffer_alloc_sysfs_and_mask()
iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups()
drivers: iio: dac: ad5766: Fix dt property name
iio: dac: ad5446: Fix ad5622_write() return value
iio: ad5770r: make devicetree property reading consistent
Documentation:devicetree:bindings:iio:dac: Fix val
USB: serial: keyspan: fix memleak on probe errors
serial: 8250: fix racy uartclk update
ksmbd: set unique value to volume serial field in FS_VOLUME_INFORMATION
io-wq: serialize hash clear with wakeup
serial: 8250: Fix reporting real baudrate value in c_ospeed field
Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field"
most: fix control-message timeouts
USB: iowarrior: fix control-message timeouts
USB: chipidea: fix interrupt deadlock
power: supply: max17042_battery: Clear status bits in interrupt handler
component: do not leave master devres group open after bind
dma-buf: WARN on dmabuf release with pending attachments
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: call sock_hold earlier in sco_conn_del
drm/panel-orientation-quirks: add Valve Steam Deck
rcutorture: Avoid problematic critical section nesting on PREEMPT_RT
platform/x86: wmi: do not fail if disabling fails
drm/amdgpu: move iommu_resume before ip init/resume
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
locking/lockdep: Avoid RCU-induced noinstr fail
net: sched: update default qdisc visibility after Tx queue cnt changes
ACPI: resources: Add DMI-based legacy IRQ override quirk
rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop
smackfs: Fix use-after-free in netlbl_catmap_walk()
ath11k: Align bss_chan_info structure with firmware
crypto: aesni - check walk.nbytes instead of err
x86/mm/64: Improve stack overflow warnings
x86: Increase exception stack sizes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
mwifiex: Properly initialize private structure on interface type changes
spi: Check we have a spi_device_id for each DT compatible
fscrypt: allow 256-bit master keys with AES-256-XTS
drm/amdgpu: Fix MMIO access page fault
drm/amd/display: Fix null pointer dereference for encoders
selftests: net: fib_nexthops: Wait before checking reported idle time
ath11k: Avoid reg rules update during firmware recovery
ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED
ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets
ath10k: high latency fixes for beacon buffer
octeontx2-pf: Enable promisc/allmulti match MCAM entries.
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: atomisp: Fix error handling in probe
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: uvcvideo: Set capability in s_param
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set unique vdev name based in type
media: vidtv: Fix memory leak in remove
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: videobuf2: rework vb2_mem_ops API
media: imx: set a media_device bus_info string
media: rcar-vin: Use user provided buffers when starting
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
rtw88: fix RX clock gate setting while fifo dump
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ipmi: Disable some operations during a panic
fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
kselftests/sched: cleanup the child processes
ACPICA: Avoid evaluating methods too early during system resume
cpufreq: Make policy min/max hard requirements
ice: Move devlink port to PF/VF struct
media: imx-jpeg: Fix possible null pointer dereference
media: ipu3-imgu: imgu_fmt: Handle properly try
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
net-sysfs: try not to restart the syscall if it will fail eventually
drm/amdkfd: rm BO resv on validation to avoid deadlock
tracefs: Have tracefs directories not set OTH permission bits by default
tracing: Disable "other" permission bits in the tracefs files
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall
mmc: moxart: Fix reference count leaks in moxart_probe
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ACPI: battery: Accept charges over the design capacity as full
ACPI: scan: Release PM resources blocked by unused objects
drm/amd/display: fix null pointer deref when plugging in display
drm/amdkfd: fix resume error when iommu disabled in Picasso
net: phy: micrel: make *-skew-ps check more lenient
leaking_addresses: Always print a trailing newline
thermal/core: Fix null pointer dereference in thermal_release()
drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture()
thermal/drivers/tsens: Add timeout to get_temp_tsens_valid
block: bump max plugged deferred size from 16 to 32
floppy: fix calling platform_device_unregister() on invalid drives
md: update superblock after changing rdev flags in state_store
memstick: r592: Fix a UAF bug when removing the driver
locking/rwsem: Disable preemption for spinning region
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
workqueue: make sysfs of unbound kworker cpumask more clever
tracing/cfi: Fix cmp_entries_* functions signature mismatch
mt76: mt7915: fix an off-by-one bound check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
iwlwifi: change all JnP to NO-160 configuration
block: remove inaccurate requeue check
media: allegro: ignore interrupt if mailbox is not initialized
drm/amdgpu/pm: properly handle sclk for profiling modes on vangogh
nvmet: fix use-after-free when a port is removed
nvmet-rdma: fix use-after-free when a port is removed
nvmet-tcp: fix use-after-free when a port is removed
nvme: drop scan_lock and always kick requeue list when removing namespaces
samples/bpf: Fix application of sizeof to pointer
arm64: vdso32: suppress error message for 'make mrproper'
PM: hibernate: Get block device exclusively in swsusp_check()
selftests: kvm: fix mismatched fclose() after popen()
selftests/bpf: Fix perf_buffer test on system with offline cpus
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
can: bittiming: can_fixup_bittiming(): change type of tseg1 and alltseg to unsigned int
gfs2: Cancel remote delete work asynchronously
gfs2: Fix glock_hash_walk bugs
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
tools/latency-collector: Use correct size when writing queue_full_warning
vrf: run conntrack only in context of lower/physdev for locally generated packets
net: annotate data-race in neigh_output()
ACPI: AC: Quirk GK45 to skip reading _PSR
ACPI: resources: Add one more Medion model in IRQ override quirk
btrfs: reflink: initialize return value to 0 in btrfs_extent_same()
btrfs: do not take the uuid_mutex in btrfs_rm_device
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
wcn36xx: Correct band/freq reporting on RX
wcn36xx: Fix packet drop on resume
Revert "wcn36xx: Enable firmware link monitoring"
ftrace: do CPU checking after preemption disabled
inet: remove races in inet{6}_getname()
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled
selftests/core: fix conflicting types compile error for close_range()
perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings
parisc: fix warning in flush_tlb_all
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
erofs: don't trigger WARN() when decompression fails
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
selftests/bpf: Fix strobemeta selftest regression
fbdev/efifb: Release PCI device's runtime PM ref during FB destroy
drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux()
perf/x86/intel/uncore: Fix Intel SPR CHA event constraints
perf/x86/intel/uncore: Fix Intel SPR IIO event constraints
perf/x86/intel/uncore: Fix Intel SPR M2PCIE event constraints
perf/x86/intel/uncore: Fix Intel SPR M3UPI event constraints
drm/bridge: it66121: Initialize {device,vendor}_ids
drm/bridge: it66121: Wait for next bridge to be probed
Bluetooth: fix init and cleanup of sco_conn.timeout_work
libbpf: Don't crash on object files with no symbol tables
Bluetooth: hci_uart: fix GPF in h5_recv
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
MIPS: lantiq: dma: fix burst length for DEU
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
objtool: Handle __sanitize_cov*() tail calls
net/mlx5: Publish and unpublish all devlink parameters at once
drm/v3d: fix wait for TMU write combiner flush
crypto: sm4 - Do not change section of ck and sbox
virtio-gpu: fix possible memory allocation failure
lockdep: Let lock_is_held_type() detect recursive read as read
net: net_namespace: Fix undefined member in key_remove_domain()
net: phylink: don't call netif_carrier_off() with NULL netdev
drm: bridge: it66121: Fix return value it66121_probe
spi: Fixed division by zero warning
cgroup: Make rebind_subsystems() disable v2 controllers all at once
wcn36xx: Fix Antenna Diversity Switching
wilc1000: fix possible memory leak in cfg_scan_result()
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
drm/amdgpu: Fix crash on device remove/driver unload
drm/amd/display: Pass display_pipe_params_st as const in DML
drm/amdgpu: move amdgpu_virt_release_full_gpu to fini_early stage
crypto: caam - disable pkc for non-E SoCs
crypto: qat - power up 4xxx device
Bluetooth: hci_h5: Fix (runtime)suspend issues on RTL8723BS HCIs
bnxt_en: Check devlink allocation and registration status
qed: Don't ignore devlink allocation failures
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
mptcp: do not shrink snd_nxt when recovering
fortify: Fix dropped strcpy() compile-time write overflow check
mac80211: twt: don't use potentially unaligned pointer
cfg80211: always free wiphy specific regdomain
net/mlx5: Accept devlink user input after driver initialization complete
net: dsa: rtl8366rb: Fix off-by-one bug
net: dsa: rtl8366: Fix a bug in deleting VLANs
bpf/tests: Fix error in tail call limit tests
ath11k: fix some sleeping in atomic bugs
ath11k: Avoid race during regd updates
ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status
ath11k: Fix memory leak in ath11k_qmi_driver_event_work
gve: DQO: avoid unused variable warnings
ath10k: Fix missing frame timestamp for beacon/probe-resp
ath10k: sdio: Add missing BH locking around napi_schdule()
drm/ttm: stop calling tt_swapin in vm_access
arm64: mm: update max_pfn after memory hotplug
drm/amdgpu: fix warning for overflow check
libbpf: Fix skel_internal.h to set errno on loader retval < 0
media: em28xx: add missing em28xx_close_extension
media: meson-ge2d: Fix rotation parameter changes detection in 'ge2d_s_ctrl()'
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: ttusb-dec: avoid release of non-acquired mutex
media: dvb-usb: fix ununit-value in az6027_rc_query
media: imx258: Fix getting clock frequency
media: v4l2-ioctl: S_CTRL output the right value
media: mtk-vcodec: venc: fix return value when start_streaming fails
media: TDA1997x: handle short reads of hdmi info frame.
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: imx-jpeg: Fix the error handling path of 'mxc_jpeg_probe()'
media: i2c: ths8200 needs V4L2_ASYNC
media: sun6i-csi: Allow the video device to be open multiple times
media: radio-wl1273: Avoid card name truncation
media: si470x: Avoid card name truncation
media: tm6000: Avoid card name truncation
media: cx23885: Fix snd_card_free call on null card pointer
media: atmel: fix the ispck initialization
scs: Release kasan vmalloc poison in scs_free process
kprobes: Do not use local variable when creating debugfs file
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
drm: fb_helper: fix CONFIG_FB dependency
cpuidle: Fix kobject memory leaks in error paths
media: em28xx: Don't use ops->suspend if it is NULL
ath10k: Don't always treat modem stop events as crashes
ath9k: Fix potential interrupt storm on queue reset
PM: EM: Fix inefficient states detection
x86/insn: Use get_unaligned() instead of memcpy()
EDAC/amd64: Handle three rank interleaving mode
rcu: Always inline rcu_dynticks_task*_{enter,exit}()
rcu: Fix rcu_dynticks_curr_cpu_in_eqs() vs noinstr
netfilter: nft_dynset: relax superfluous check on set updates
media: venus: fix vpp frequency calculation for decoder
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
crypto: ccree - avoid out-of-range warnings from clang
crypto: qat - detect PFVF collision after ACK
crypto: qat - disregard spurious PFVF interrupts
hwrng: mtk - Force runtime pm ops for sleep ops
ima: fix deadlock when traversing "ima_default_rules".
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
gve: Recover from queue stall due to missed IRQ
gve: Track RX buffer allocation failures
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
mmc: sdhci-omap: Fix context restore
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
hwmon: Fix possible memleak in __hwmon_device_register()
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
ath10k: fix max antenna gain unit
kernel/sched: Fix sched_fork() access an invalid sched_task_group
net: fealnx: fix build for UML
net: intel: igc_ptp: fix build for UML
net: tulip: winbond-840: fix build for UML
tcp: switch orphan_count to bare per-cpu counters
crypto: octeontx2 - set assoclen in aead_do_fallback()
thermal/core: fix a UAF bug in __thermal_cooling_device_register()
drm/msm/dsi: do not enable irq handler before powering up the host
drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init()
drm/msm: potential error pointer dereference in init()
drm/msm: unlock on error in get_sched_entity()
drm/msm: fix potential NULL dereference in cleanup
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
thermal/drivers/qcom/lmh: make QCOM_LMH depends on QCOM_SCM
mailbox: Remove WARN_ON for async_cb.cb in cmdq_exec_done
media: ivtv: fix build for UML
media: ir_toy: assignment to be16 should be of correct type
mmc: mxs-mmc: disable regulator on error and in the remove function
io-wq: Remove duplicate code in io_workqueue_create()
block: ataflop: fix breakage introduced at blk-mq refactoring
blk-wbt: prevent NULL pointer dereference in wb_timer_fn
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mailbox: mtk-cmdq: Validate alias_id on probe
mailbox: mtk-cmdq: Fix local clock ID usage
ACPI: PM: Turn off unused wakeup power resources
ACPI: PM: Fix sharing of wakeup power resources
drm/amdkfd: Fix an inappropriate error handling in allloc memory of gpu
mt76: mt7921: fix endianness in mt7921_mcu_tx_done_event
mt76: mt7915: fix endianness warning in mt7915_mac_add_txs_skb
mt76: mt7921: fix endianness warning in mt7921_update_txs
mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal()
mt76: connac: fix mt76_connac_gtk_rekey_tlv usage
mt76: fix build error implicit enumeration conversion
mt76: mt7921: fix survey-dump reporting
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
mt76: mt7921: Fix out of order process by invalid event pkt
mt76: mt7915: fix potential overflow of eeprom page index
mt76: mt7915: fix bit fields for HT rate idx
mt76: mt7921: fix dma hang in rmmod
mt76: connac: fix GTK rekey offload failure on WPA mixed mode
mt76: overwrite default reg_ops if necessary
mt76: mt7921: report HE MU radiotap
mt76: mt7921: fix firmware usage of RA info using legacy rates
mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate
mt76: mt7921: always wake device if necessary in debugfs
mt76: mt7915: fix hwmon temp sensor mem use-after-free
mt76: mt7615: fix hwmon temp sensor mem use-after-free
mt76: mt7915: fix possible infinite loop release semaphore
mt76: mt7921: fix retrying release semaphore without end
mt76: mt7615: fix monitor mode tear down crash
mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2
mt76: mt7915: fix sta_rec_wtbl tag len
mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
rsi: stop thread firstly in rsi_91x_init() error handling
mwifiex: Send DELBA requests according to spec
iwlwifi: mvm: reset PM state on unsuccessful resume
iwlwifi: pnvm: don't kmemdup() more than we have
iwlwifi: pnvm: read EFI data only if long enough
net: enetc: unmap DMA in enetc_send_cmd()
phy: micrel: ksz8041nl: do not use power down mode
nbd: Fix use-after-free in pid_show
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
PM: hibernate: fix sparse warnings
clocksource/drivers/timer-ti-dm: Select TIMER_OF
x86/sev: Fix stack type check in vc_switch_off_ist()
drm/msm: Fix potential NULL dereference in DPU SSPP
drm/msm/dsi: fix wrong type in msm_dsi_host
crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
KVM: selftests: Fix nested SVM tests when built with clang
libbpf: Fix memory leak in btf__dedup()
bpftool: Avoid leaking the JSON writer prepared for program metadata
libbpf: Fix overflow in BTF sanity checks
libbpf: Fix BTF header parsing checks
mt76: mt7615: mt7622: fix ibss and meshpoint
s390/gmap: validate VMA in __gmap_zap()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
s390/mm: validate VMA in PGSTE manipulation functions
s390/mm: fix VMA and page table handling code in storage key handling functions
s390/uv: fully validate the VMA before calling follow_page()
KVM: s390: pv: avoid double free of sida page
KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
irq: mips: avoid nested irq_enter()
net: dsa: avoid refcount warnings when ->port_{fdb,mdb}_del returns error
ARM: 9142/1: kasan: work around LPAE build warning
ath10k: fix module load regression with iram-recovery feature
block: ataflop: more blk-mq refactoring fixes
blk-cgroup: synchronize blkg creation against policy deactivation
libbpf: Fix off-by-one bug in bpf_core_apply_relo()
tpm: fix Atmel TPM crash caused by too frequent queries
tpm_tis_spi: Add missing SPI ID
libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED()
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
tracing: Fix missing trace_boot_init_histograms kstrdup NULL checks
cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization
spi: spi-rpc-if: Check return value of rpcif_sw_init()
samples/kretprobes: Fix return value if register_kretprobe() failed
KVM: s390: Fix handle_sske page fault handling
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
wcn36xx: add proper DMA memory barriers in rx path
wcn36xx: Fix discarded frames due to wrong sequence number
bpf: Avoid races in __bpf_prog_run() for 32bit arches
bpf: Fixes possible race in update_prog_stats() for 32bit arches
wcn36xx: Channel list update before hardware scan
drm/amdgpu: fix a potential memory leak in amdgpu_device_fini_sw()
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
selftests/bpf: Fix fd cleanup in sk_lookup test
selftests/bpf: Fix memory leak in test_ima
sctp: allow IP fragmentation when PLPMTUD enters Error state
sctp: reset probe_timer in sctp_transport_pl_update
sctp: subtract sctphdr len in sctp_transport_pl_hlen
sctp: return true only for pathmtu update in sctp_transport_pl_toobig
net: amd-xgbe: Toggle PLL settings during rate change
ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()'
nfp: fix NULL pointer access when scheduling dim work
nfp: fix potential deadlock when canceling dim work
net: phylink: avoid mvneta warning when setting pause parameters
net: bridge: fix uninitialized variables when BRIDGE_CFM is disabled
selftests: net: bridge: update IGMP/MLD membership interval value
crypto: pcrypt - Delay write to padata->info
selftests/bpf: Fix fclose/pclose mismatch in test_progs
udp6: allow SO_MARK ctrl msg to affect routing
ibmvnic: don't stop queue in xmit
ibmvnic: Process crqs after enabling interrupts
ibmvnic: delay complete()
selftests: mptcp: fix proto type in link_failure tests
skmsg: Lose offset info in sk_psock_skb_ingress
cgroup: Fix rootcg cpu.stat guest double counting
bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.
bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit.
of: unittest: fix EXPECT text for gpio hog errors
cpufreq: Fix parameter in parse_perf_domain()
staging: r8188eu: fix memory leak in rtw_set_key
arm64: dts: meson: sm1: add Ethernet PHY reset line for ODROID-C4/HC4
iio: st_sensors: disable regulators after device unregistration
RDMA/rxe: Fix wrong port_cap_flags
ARM: dts: BCM5301X: Fix memory nodes names
arm64: dts: broadcom: bcm4908: Fix UART clock name
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
scsi: pm80xx: Fix lockup in outbound queue management
scsi: qla2xxx: edif: Use link event to wake up app
scsi: lpfc: Fix NVMe I/O failover to non-optimized path
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes
arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe
arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id" properties of pcie node
arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number for PCIe
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
arm64: dts: meson-g12b: Fix the pwm regulator supply properties
arm64: dts: meson-sm1: Fix the pwm regulator supply properties
bus: ti-sysc: Fix timekeeping_suspended warning on resume
ARM: dts: at91: tse850: the emac<->phy interface is rmii
arm64: dts: qcom: sc7180: Base dynamic CPU power coefficients in reality
soc: qcom: llcc: Disable MMUHWT retention
arm64: dts: qcom: sc7280: fix display port phy reg property
scsi: dc395: Fix error case unwinding
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
JFS: fix memleak in jfs_mount
pinctrl: renesas: rzg2l: Fix missing port register 21h
ASoC: wcd9335: Use correct version to initialize Class H
arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock
arm64: dts: renesas: beacon: Fix Ethernet PHY mode
iommu/mediatek: Fix out-of-range warning with clang
arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000
iommu/dma: Fix sync_sg with swiotlb
iommu/dma: Fix arch_sync_dma for map
ALSA: hda: Reduce udelay() at SKL+ position reporting
ALSA: hda: Use position buffer for SKL+ again
ALSA: usb-audio: Fix possible race at sync of urb completions
soundwire: debugfs: use controller id and link_id for debugfs
power: reset: at91-reset: check properly the return value of devm_of_iomap
scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition
scsi: ufs: core: Stop clearing UNIT ATTENTIONS
scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt
scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp()
driver core: Fix possible memory leak in device_link_add()
arm: dts: omap3-gta04a4: accelerometer irq fix
ASoC: SOF: topology: do not power down primary core during topology removal
iio: st_pressure_spi: Add missing entries SPI to device ID table
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
clk: at91: check pmc node status before registering syscore ops
powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous prototype for 'create_section_mapping'
video: fbdev: chipsfb: use memset_io() instead of memset()
powerpc: fix unbalanced node refcount in check_kvm_guest()
powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
power: supply: max17040: fix null-ptr-deref in max17040_probe()
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
usb: musb: select GENERIC_PHY instead of depending on it
staging: most: dim2: do not double-register the same device
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
RDMA/core: Set sgtable nents when using ib_dma_virt_map_sg()
dyndbg: make dyndbg a known cli param
powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10
pinctrl: renesas: checker: Fix off-by-one bug in drive register check
ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
ARM: dts: stm32: fix STUSB1600 Type-C irq level on stm32mp15xx-dkx
ARM: dts: stm32: fix SAI sub nodes register range
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
ASoC: cs42l42: Always configure both ASP TX channels
ASoC: cs42l42: Correct some register default values
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
soc: qcom: rpmhpd: Make power_on actually enable the domain
soc: qcom: socinfo: add two missing PMIC IDs
iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask()
usb: typec: STUSB160X should select REGMAP_I2C
iio: adis: do not disabe IRQs in 'adis_init()'
soundwire: bus: stop dereferencing invalid slave pointer
scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset
serial: imx: fix detach/attach of serial console
usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init
usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled
usb: dwc2: drd: reset current session before setting the new one
powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and KFENCE
usb: dwc3: gadget: Skip resizing EP's TX FIFO if already resized
firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()
soc: qcom: rpmhpd: fix sm8350_mxc's peer domain
soc: qcom: apr: Add of_node_put() before return
arm64: dts: qcom: pmi8994: Fix "eternal"->"external" typo in WLED node
arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly
arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock
pinctrl: equilibrium: Fix function addition in multiple groups
ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
phy: qcom-qusb2: Fix a memory leak on probe
phy: ti: gmii-sel: check of_get_address() for failure
phy: qcom-qmp: another fix for the sc8180x PCIe definition
phy: qcom-snps: Correct the FSEL_MASK
phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe()
serial: xilinx_uartps: Fix race condition causing stuck TX
clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL
clk: at91: clk-master: check if div or pres is zero
clk: at91: clk-master: fix prescaler logic
HID: u2fzero: clarify error check and length calculations
HID: u2fzero: properly handle timeouts in usb_submit_urb
powerpc/nohash: Fix __ptep_set_access_flags() and ptep_set_wrprotect()
powerpc/book3e: Fix set_memory_x() and set_memory_nx()
powerpc/44x/fsp2: add missing of_node_put
powerpc/xmon: fix task state output
ALSA: oxfw: fix functional regression for Mackie Onyx 1640i in v5.14 or later
iommu/dma: Fix incorrect error return on iommu deferred attach
powerpc: Don't provide __kernel_map_pages() without ARCH_SUPPORTS_DEBUG_PAGEALLOC
ASoC: cs42l42: Correct configuring of switch inversion from ts-inv
RDMA/hns: Fix initial arm_st of CQ
RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware compatibility
ASoC: rsnd: Fix an error handling path in 'rsnd_node_count()'
serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE
virtio_ring: check desc == NULL when using indirect with packed
vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit
mips: cm: Convert to bitfield API to fix out-of-bounds access
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
RDMA/core: Require the driver to set the IOVA correctly during rereg_mr
apparmor: fix error check
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
mtd: rawnand: intel: Fix potential buffer overflow in probe
nfsd: don't alloc under spinlock in rpc_parse_scope_id
rtc: ds1302: Add SPI ID table
rtc: ds1390: Add SPI ID table
rtc: pcf2123: Add SPI ID table
remoteproc: imx_rproc: Fix TCM io memory type
i2c: i801: Use PCI bus rescan mutex to protect P2SB access
dmaengine: idxd: move out percpu_ref_exit() to ensure it's outside submission
rtc: mcp795: Add SPI ID table
Input: ariel-pwrbutton - add SPI device ID table
i2c: mediatek: fixing the incorrect register offset
NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED
NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA
NFS: Ignore the directory size when marking for revalidation
NFS: Fix dentry verifier races
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
drm/bridge/lontium-lt9611uxc: fix provided connector suport
drm/plane-helper: fix uninitialized variable reference
PCI: aardvark: Don't spam about PIO Response Status
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
opp: Fix return in _opp_add_static_v2()
NFS: Fix deadlocks in nfs_scan_commit_list()
sparc: Add missing "FORCE" target when using if_changed
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
Input: st1232 - increase "wait ready" timeout
drm/bridge: nwl-dsi: Add atomic_get_input_bus_fmts
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation
mtd: rawnand: arasan: Prevent an unsupported configuration
mtd: core: don't remove debugfs directory if device is in use
remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()'
rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
dmaengine: stm32-dma: fix stm32_dma_get_max_width
NFS: Fix up commit deadlocks
NFS: Fix an Oops in pnfs_mark_request_commit()
Fix user namespace leak
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: ht16k33: Fix frame buffer device blanking
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
dmaengine: tegra210-adma: fix pm runtime unbalance
dmanegine: idxd: fix resource free ordering on driver removal
dmaengine: idxd: reconfig device after device reset command
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
ar7: fix kernel builds for compiler test
scsi: target: core: Remove from tmr_list during LUN unlink
scsi: qla2xxx: Relogin during fabric disturbance
scsi: qla2xxx: Fix gnl list corruption
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: edif: Fix app start fail
scsi: qla2xxx: edif: Fix app start delay
scsi: qla2xxx: edif: Flush stale events and msgs on session down
scsi: qla2xxx: edif: Increase ELS payload
scsi: qla2xxx: edif: Fix EDIF bsg
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
dmaengine: idxd: fix resource leak on dmaengine driver disable
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
gpio: realtek-otto: fix GPIO line IRQ offset
xen-pciback: Fix return in pm_ctrl_init()
nbd: fix max value for 'first_minor'
nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
io-wq: fix max-workers not correctly set on multi-node system
net: davinci_emac: Fix interrupt pacing disable
kselftests/net: add missed icmp.sh test to Makefile
kselftests/net: add missed setup_loopback.sh/setup_veth.sh to Makefile
kselftests/net: add missed SRv6 tests
kselftests/net: add missed vrf_strict_mode_test.sh test to Makefile
kselftests/net: add missed toeplitz.sh/toeplitz_client.sh to Makefile
ethtool: fix ethtool msg len calculation for pause stats
openrisc: fix SMP tlb flush NULL pointer dereference
net: vlan: fix a UAF in vlan_dev_real_dev()
net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge
ice: Fix replacing VF hardware MAC to existing MAC filter
ice: Fix not stopping Tx queues for VFs
kdb: Adopt scheduler's task classification
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
PCI: j721e: Fix j721e_pcie_probe() error path
nvdimm/btt: do not call del_gendisk() if not needed
scsi: bsg: Fix errno when scsi_bsg_register_queue() fails
scsi: ufs: ufshpb: Use proper power management API
scsi: ufs: core: Fix NULL pointer dereference
scsi: ufs: ufshpb: Properly handle max-single-cmd
selftests: net: properly support IPv6 in GSO GRE test
drm/nouveau/svm: Fix refcount leak bug and missing check against null bug
nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet assigned
block/ataflop: use the blk_cleanup_disk() helper
block/ataflop: add registration bool before calling del_gendisk()
block/ataflop: provide a helper for cleanup up an atari disk
ataflop: remove ataflop_probe_lock mutex
PCI: Do not enable AtomicOps on VFs
cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline
net: phy: fix duplex out of sync problem while changing settings
block: fix device_add_disk() kobject_create_and_add() error handling
drm/ttm: remove ttm_bo_vm_insert_huge()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
octeontx2-pf: select CONFIG_NET_DEVLINK
ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer
mfd: core: Add missing of_node_put for loop iteration
mfd: cpcap: Add SPI device ID table
mfd: sprd: Add SPI device ID table
mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion
ACPI: PM: Fix device wakeup power reference counting error
libbpf: Fix lookup_and_delete_elem_flags error reporting
selftests/bpf/xdp_redirect_multi: Put the logs to tmp folder
selftests/bpf/xdp_redirect_multi: Use arping to accurate the arp number
selftests/bpf/xdp_redirect_multi: Give tcpdump a chance to terminate cleanly
selftests/bpf/xdp_redirect_multi: Limit the tests in netns
drm: fb_helper: improve CONFIG_FB dependency
Revert "drm/imx: Annotate dma-fence critical section in commit path"
drm/amdgpu/powerplay: fix sysfs_emit/sysfs_emit_at handling
can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
zram: off by one in read_block_state()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
litex_liteeth: Fix a double free in the remove function
arm64: arm64_ftr_reg->name may not be a human-readable string
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
bpf, sockmap: Remove unhash handler for BPF sockmap usage
bpf, sockmap: Fix race in ingress receive verdict with redirect to self
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg
dmaengine: stm32-dma: fix burst in case of unaligned memory address
dmaengine: stm32-dma: avoid 64-bit division in stm32_dma_get_max_width
gve: Fix off by one in gve_tx_timeout()
drm/i915/fb: Fix rounding error in subsampled plane size calculation
init: make unknown command line param message clearer
seq_file: fix passing wrong private data
drm/amdgpu: fix uvd crash on Polaris12 during driver unloading
net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on ports other than 10
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
net: hns3: fix ROCE base interrupt vector initialization bug
net: hns3: fix pfc packet number incorrect after querying pfc parameters
net: hns3: fix kernel crash when unload VF while it is being reset
net: hns3: allow configure ETS bandwidth of all TCs
net: stmmac: allow a tc-taprio base-time of zero
net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
net: marvell: mvpp2: Fix wrong SerDes reconfiguration order
vsock: prevent unnecessary refcnt inc for nonblocking connect
net/smc: fix sk_refcnt underflow on linkdown and fallback
cxgb4: fix eeprom len when diagnostics not implemented
selftests/net: udpgso_bench_rx: fix port argument
thermal: int340x: fix build on 32-bit targets
smb3: do not error on fsync when readonly
ARM: 9155/1: fix early early_iounmap()
ARM: 9156/1: drop cc-option fallbacks for architecture selection
parisc: Fix backtrace to always include init funtion names
parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page
MIPS: fix duplicated slashes for Platform file path
MIPS: fix *-pkg builds for loongson2ef platform
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
x86/mce: Add errata workaround for Skylake SKX37
PCI/MSI: Move non-mask check back into low level accessors
PCI/MSI: Destroy sysfs before freeing entries
KVM: x86: move guest_pv_has out of user_access section
posix-cpu-timers: Clear task::posix_cputimers_work in copy_process()
irqchip/sifive-plic: Fixup EOI failed when masked
f2fs: should use GFP_NOFS for directory inodes
f2fs: include non-compressed blocks in compr_written_block
f2fs: fix UAF in f2fs_available_free_memory
ceph: fix mdsmap decode when there are MDS's beyond max_mds
erofs: fix unsafe pagevec reuse of hooked pclusters
drm/i915/guc: Fix blocked context accounting
block: Hold invalidate_lock in BLKDISCARD ioctl
block: Hold invalidate_lock in BLKZEROOUT ioctl
block: Hold invalidate_lock in BLKRESETZONE ioctl
ksmbd: Fix buffer length check in fsctl_validate_negotiate_info()
ksmbd: don't need 8byte alignment for request length in ksmbd_check_message
dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail
dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail
dmaengine: bestcomm: fix system boot lockups
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
9p/net: fix missing error check in p9_check_errors
mm/filemap.c: remove bogus VM_BUG_ON
memcg: prohibit unconditional exceeding the limit of dying tasks
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm, oom: do not trigger out_of_memory from the #PF
mm, thp: lock filemap when truncating page cache
mm, thp: fix incorrect unmap behavior for private pages
mfd: dln2: Add cell for initializing DLN2 ADC
video: backlight: Drop maximum brightness override for brightness zero
bcache: fix use-after-free problem in bcache_device_free()
bcache: Revert "bcache: use bvec_virt"
PM: sleep: Avoid calling put_device() under dpm_list_mtx
s390/cpumf: cpum_cf PMU displays invalid value after hotplug remove
s390/cio: check the subchannel validity for dev_busid
s390/tape: fix timer initialization in tape_std_assign()
s390/ap: Fix hanging ioctl caused by orphaned replies
s390/cio: make ccw_device_dma_* more robust
remoteproc: elf_loader: Fix loading segment when is_iomem true
remoteproc: Fix the wrong default value of is_iomem
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Fix rsc-table name
mtd: rawnand: fsmc: Fix use of SM ORDER
mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines
mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines
mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines
mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines
mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines
mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines
mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines
mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
powerpc/vas: Fix potential NULL pointer dereference
powerpc/bpf: Fix write protecting JIT code
powerpc/32e: Ignore ESR in instruction storage interrupt handler
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
powerpc/security: Use a mutex for interrupt exit code patching
powerpc/64s/interrupt: Fix check_return_regs_valid() false positive
powerpc/pseries/mobility: ignore ibm, platform-facilities updates
powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n
drm/sun4i: Fix macros in sun8i_csc.h
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
PCI: aardvark: Fix PCIe Max Payload Size setting
SUNRPC: Partial revert of commit
|
||
Zhang Qiao
|
3869eecf05 |
kernel/sched: Fix sched_fork() access an invalid sched_task_group
[ Upstream commit 4ef0c5c6b5ba1f38f0ea1cedad0cad722f00c14a ]
There is a small race between copy_process() and sched_fork()
where child->sched_task_group point to an already freed pointer.
parent doing fork() | someone moving the parent
| to another cgroup
-------------------------------+-------------------------------
copy_process()
+ dup_task_struct()<1>
parent move to another cgroup,
and free the old cgroup. <2>
+ sched_fork()
+ __set_task_cpu()<3>
+ task_fork_fair()
+ sched_slice()<4>
In the worst case, this bug can lead to "use-after-free" and
cause panic as shown above:
(1) parent copy its sched_task_group to child at <1>;
(2) someone move the parent to another cgroup and free the old
cgroup at <2>;
(3) the sched_task_group and cfs_rq that belong to the old cgroup
will be accessed at <3> and <4>, which cause a panic:
[] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[] PGD 8000001fa0a86067 P4D 8000001fa0a86067 PUD 2029955067 PMD 0
[] Oops: 0000 [#1] SMP PTI
[] CPU: 7 PID: 648398 Comm: ebizzy Kdump: loaded Tainted: G OE --------- - - 4.18.0.x86_64+ #1
[] RIP: 0010:sched_slice+0x84/0xc0
[] Call Trace:
[] task_fork_fair+0x81/0x120
[] sched_fork+0x132/0x240
[] copy_process.part.5+0x675/0x20e0
[] ? __handle_mm_fault+0x63f/0x690
[] _do_fork+0xcd/0x3b0
[] do_syscall_64+0x5d/0x1d0
[] entry_SYSCALL_64_after_hwframe+0x65/0xca
[] RIP: 0033:0x7f04418cd7e1
Between cgroup_can_fork() and cgroup_post_fork(), the cgroup
membership and thus sched_task_group can't change. So update child's
sched_task_group at sched_post_fork() and move task_fork() and
__set_task_cpu() (where accees the sched_task_group) from sched_fork()
to sched_post_fork().
Fixes:
|
||
|
Stephen Dickey
|
a027f0d72e |
ANDROID: sched: add hook to set_cpus_allowed_ptr_locked
It is necessary to update the valid mask to implement CPU Pause from a vendor module. Introduce a hook to allow this. Bug: 205164003 Change-Id: Ic99b74d17f361453b044e115a54698e566db13b6 Signed-off-by: Stephen Dickey <quic_dickey@quicinc.com> |
||
|
Stephen Dickey
|
ca2177d4a0 |
ANDROID: sched: allow access to critical common code for CPU Pause
Allow module access to critical functionality to support CPU Pause from a vendor module. Bug: 205164003 Change-Id: Ia04608dae076469e265071f8e0d53aee66d49cfa Signed-off-by: Stephen Dickey <quic_dickey@quicinc.com> |
||
|
Stephen Dickey
|
72a288144d |
ANDROID: sched: support pick_migrate_task in common kernel
__pick_migrate_task() was present in 5.10 and removed in
5.15 in favor of the balance_push concept.
Restore this function so that the ability to pick a task to migrate
across all scheduling classes can be used by a vendor module.
Function Removed In commit
|
||
|
Greg Kroah-Hartman
|
c20e72b4f2 |
Merge 87066fdd2e ("Revert "mm/secretmem: use refcount_t instead of atomic_t"") into android-mainline
Steps on the way to 5.15-rc7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ife9745eb5ca183ce2b441a293b7448c75c9f5612 |
||
Sai Harshini Nimmala
|
4cd67c09b6 |
ANDROID: sched: Export symbol for scheduler vendor module
Export symbol for balance_push_callback because it is included in a scheduler header file causing it to be visible to scheduler vendor modules. Bug: 203580415 Signed-off-by: Sai Harshini Nimmala <snimmala@codeaurora.org> Change-Id: Ib482a4ef4d7810595160e25fa4be249605cc3476 |
||
|
Sai Harshini Nimmala
|
fc6bf56229 |
ANDROID: sched: Export rq lock symbols
Export the double_rq_lock(), raw_spin_rq_lock_nested() and raw_spin_rq_unlock() symbols used in, a) scheduler vendor hooks. b) included in scheduler header file visible to vendor modules. Bug: 203580415 Signed-off-by: Sai Harshini Nimmala <snimmala@codeaurora.org> Change-Id: I6dca36ba7b7b0cd0d5f83fcd08633acc1ab72944 |
||
Woody Lin
|
63acd42c0d |
sched/scs: Reset the shadow stack when idle_task_exit
Commit |
||
Martin Liu
|
6a878921fc |
ANDROID: sched: move blocked reason trace point to cover all class
Now, we only export CFS taks' blocked reasons but it's
important and useful to know other class' blocked
reasons such as RT tasks.
Move the blocked reason trace point to where the scheduler
core layer and before the task's state moves to the waking
state. Thus, we could cover all the sched classes.
Bug: 203080186
Test: check traces
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: Ic61865642d852d0127cdcf474adf8c06e4c2d570
(cherry picked from commit
|
||
Shaleen Agrawal
|
5cfe879a2a |
ANDROID: sched: Add export symbols for sched features
Export symbols needed to implement vendor scheduler value-adds to modify sched features dynamically at runtime, such as disabling TTWU_QUEUE. Bug: 177050087 Change-Id: Ibe14d2019403be68b7ceeee47425b2473ccb51fe Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org> |
||
|
Shaleen Agrawal
|
4cdd5274cc |
ANDROID: sched: Add export symbol resched_curr
Add export symbol resched_curr to enable scheduler value add. Bug: 176077958 Change-Id: I9c26b4d8738d6fd7d1067cb164a30b0228c5a301 Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org> |
||
lijianzhong
|
bc70904edc |
ANDROID: sched: Add vendor hooks for sched.
Add vendor hooks in scheduler to support OEM's value adds. Bug: 183674818 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: I8415958749948b3702e411f835c227ad4f8d8e92 Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org> |
||
Pavankumar Kondeti
|
30c8f87544 |
ANDROID: sched: Add android_rvh_cpu_cgroup_online hook
Add a restricted vendor hook to notify that a cpu controller cgroup is online. Bug: 200103201 Change-Id: I7d37f38c24ce146eabb4716a959aee703d71926e Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com> |
||
|
Shaleen Agrawal
|
99545883fb |
ANDROID: Sched: Add hooks for scheduler
Add vendors hooks for to facilitate various scheduler value adds. Bug: 200103201 Change-Id: I5d488ae78ce05f81e6c73b69c56128b065647fec Signed-off-by: Shaleen Agrawal <shalagra@codeaurora.org> Signed-off-by: Ashay Jaiswal <ashayj@codeaurora.org> |
||
Ashay Jaiswal
|
ca60d78542 |
Revert "Revert "ANDROID: Sched: Add restricted vendor hooks for scheduler""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
e74ef7cf8f |
Merge tag 'v5.15-rc1' into android-mainline
Linux 5.15-rc1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib4933c598d27b18268860e7549966ef7724652fc |
||
Linus Torvalds
|
56c244382f |
Merge tag 'sched_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Borislav Petkov: - Make sure the idle timer expires in hardirq context, on PREEMPT_RT - Make sure the run-queue balance callback is invoked only on the outgoing CPU * tag 'sched_urgent_for_v5.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched: Prevent balance_push() on remote runqueues sched/idle: Make the idle timer expire in hard interrupt context |
||
Thomas Gleixner
|
868ad33bfa |
sched: Prevent balance_push() on remote runqueues
sched_setscheduler() and rt_mutex_setprio() invoke the run-queue balance
callback after changing priorities or the scheduling class of a task. The
run-queue for which the callback is invoked can be local or remote.
That's not a problem for the regular rq::push_work which is serialized with
a busy flag in the run-queue struct, but for the balance_push() work which
is only valid to be invoked on the outgoing CPU that's wrong. It not only
triggers the debug warning, but also leaves the per CPU variable push_work
unprotected, which can result in double enqueues on the stop machine list.
Remove the warning and validate that the function is invoked on the
outgoing CPU.
Fixes:
|
||
|
Greg Kroah-Hartman
|
883f370b3b |
Merge e5e726f7bb ("Merge tag 'locking-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") into android-mainline
Steps on the way to 5.15-rc1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I15ca29e0126c6b134a26bad932dbb3e6d779f860 |