98f3cc7ecdf3358fe2e81a5f741d5bd7230df27f
17769 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Maurizio Lombardi
|
d75ce11562 |
mm: prevent page_frag_alloc() from corrupting the memory
commit dac22531bbd4af2426c4e29e05594415ccfa365d upstream.
A number of drivers call page_frag_alloc() with a fragment's size >
PAGE_SIZE.
In low memory conditions, __page_frag_cache_refill() may fail the order
3 cache allocation and fall back to order 0; In this case, the cache
will be smaller than the fragment, causing memory corruptions.
Prevent this from happening by checking if the newly allocated cache is
large enough for the fragment; if not, the allocation will fail and
page_frag_alloc() will return NULL.
Link: https://lkml.kernel.org/r/20220715125013.247085-1-mlombard@redhat.com
Fixes:
|
||
Mel Gorman
|
23d17e2b04 |
mm/page_alloc: fix race condition between build_all_zonelists and page allocation
commit 3d36424b3b5850bd92f3e89b953a430d7cfc88ef upstream. Patrick Daly reported the following problem; NODE_DATA(nid)->node_zonelists[ZONELIST_FALLBACK] - before offline operation [0] - ZONE_MOVABLE [1] - ZONE_NORMAL [2] - NULL For a GFP_KERNEL allocation, alloc_pages_slowpath() will save the offset of ZONE_NORMAL in ac->preferred_zoneref. If a concurrent memory_offline operation removes the last page from ZONE_MOVABLE, build_all_zonelists() & build_zonerefs_node() will update node_zonelists as shown below. Only populated zones are added. NODE_DATA(nid)->node_zonelists[ZONELIST_FALLBACK] - after offline operation [0] - ZONE_NORMAL [1] - NULL [2] - NULL The race is simple -- page allocation could be in progress when a memory hot-remove operation triggers a zonelist rebuild that removes zones. The allocation request will still have a valid ac->preferred_zoneref that is now pointing to NULL and triggers an OOM kill. This problem probably always existed but may be slightly easier to trigger due to |
||
Greg Kroah-Hartman
|
56e3f8d562 |
mm/damon/dbgfs: fix memory leak when using debugfs_lookup()
commit 1552fd3ef7dbe07208b8ae84a0a6566adf7dfc9d upstream.
When calling debugfs_lookup() the result must have dput() called on it,
otherwise the memory will leak over time. Fix this up by properly calling
dput().
Link: https://lkml.kernel.org/r/20220902191149.112434-1-sj@kernel.org
Fixes:
|
||
Greg Kroah-Hartman
|
20c4f16769 |
Merge 5.15.71 into android14-5.15
Changes in 5.15.71
drm/amdgpu: Separate vf2pf work item init from virt data exchange
drm/amdgpu: make sure to init common IP before gmc
staging: r8188eu: Remove support for devices with 8188FU chipset (0bda:f179)
staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
usb: dwc3: Issue core soft reset before enabling run/stop
usb: dwc3: gadget: Prevent repeat pullup()
usb: dwc3: gadget: Refactor pullup()
usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
usb: add quirks for Lenovo OneLink+ Dock
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
Revert "usb: add quirks for Lenovo OneLink+ Dock"
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
USB: core: Fix RST error in hub.c
USB: serial: option: add Quectel BG95 0x0203 composition
USB: serial: option: add Quectel RM520N
Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare"
ALSA: core: Fix double-free at snd_card_new()
ALSA: hda/tegra: set depop delay for tegra
ALSA: hda: add Intel 5 Series / 3400 PCI DID
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
ALSA: hda/realtek: Re-arrange quirk table entries
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
iommu/vt-d: Check correct capability for sagaw determination
btrfs: fix hang during unmount when stopping block group reclaim worker
btrfs: fix hang during unmount when stopping a space reclaim worker
media: flexcop-usb: fix endpoint type check
usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA
thunderbolt: Add support for Intel Maple Ridge single port controller
efi: x86: Wipe setup_data on pure EFI boot
efi: libstub: check Shim mode using MokSBStateRT
wifi: mt76: fix reading current per-tid starting sequence number for aggregation
gpio: mockup: fix NULL pointer dereference when removing debugfs
gpio: mockup: Fix potential resource leakage when register a chip
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
riscv: fix a nasty sigreturn bug...
kasan: call kasan_malloc() from __kmalloc_*track_caller()
can: flexcan: flexcan_mailbox_read() fix return value for drop = true
net: mana: Add rmb after checking owner bits
mm/slub: fix to return errno if kmalloc() fails
mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
arm64: topology: fix possible overflow in amu_fie_setup()
vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment
xfs: reorder iunlink remove operation in xfs_ifree
xfs: fix xfs_ifree() error handling to not leak perag ref
xfs: validate inode fork size against fork format
firmware: arm_scmi: Harden accesses to the reset domains
firmware: arm_scmi: Fix the asynchronous reset requests
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
arm64: dts: rockchip: Fix typo in lisense text for PX30.Core
drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
netfilter: nf_conntrack_irc: Tighten matching on DCC message
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
ice: Don't double unplug aux on peer initiated reset
iavf: Fix cached head and tail value for iavf_get_tx_pending
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
net: core: fix flow symmetric hash
net: phy: aquantia: wait for the suspend/resume operations to finish
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
scsi: mpt3sas: Fix return value check of dma_get_required_mask()
net: bonding: Share lacpdu_mcast_addr definition
net: bonding: Unsync device addresses on ndo_stop
net: team: Unsync device addresses on ndo_stop
drm/panel: simple: Fix innolux_g121i1_l01 bus_format
MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
MIPS: Loongson32: Fix PHY-mode being left unspecified
um: fix default console kernel parameter
iavf: Fix bad page state
mlxbf_gige: clear MDIO gateway lock after read
iavf: Fix set max MTU size with port VLAN and jumbo frames
i40e: Fix VF set max MTU size
i40e: Fix set max_tx_rate when it is lower than 1 Mbps
sfc: fix TX channel offset when using legacy interrupts
sfc: fix null pointer dereference in efx_hard_start_xmit
drm/hisilicon/hibmc: Allow to be built if COMPILE_TEST is enabled
drm/hisilicon: Add depends on MMU
of: mdio: Add of_node_put() when breaking out of for_each_xx
net: ipa: properly limit modem routing table use
wireguard: ratelimiter: disable timings test by default
wireguard: netlink: avoid variable-sized memcpy on sockaddr
net: enetc: move enetc_set_psfp() out of the common enetc_set_features()
net: enetc: deny offload of tc-based TSN features on VF interfaces
net/sched: taprio: avoid disabling offload when it was never enabled
net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
netfilter: ebtables: fix memory leak when blob is malformed
net: ravb: Fix PHY state warning splat during system resume
net: sh_eth: Fix PHY state warning splat during system resume
can: gs_usb: gs_can_open(): fix race dev->can.state condition
perf stat: Fix BPF program section name
perf jit: Include program header in ELF files
perf kcore_copy: Do not check /proc/modules is unchanged
perf tools: Honor namespace when synthesizing build-ids
drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
net/smc: Stop the CLC flow if no link to map buffers on
bonding: fix NULL deref in bond_rr_gen_slave_id
net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
net: sched: fix possible refcount leak in tc_new_tfilter()
bnxt: prevent skb UAF after handing over to PTP worker
selftests: forwarding: add shebang for sch_red.sh
KVM: x86/mmu: Fold rmap_recycle into rmap_add
serial: fsl_lpuart: Reset prior to registration
serial: Create uart_xmit_advance()
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
drm/gma500: Fix BUG: sleeping function called from invalid context errors
drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
drm/amdgpu: use dirty framebuffer helper
drm/amd/display: Limit user regamma to a valid value
drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport()
drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule()
drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
fsdax: Fix infinite loop in dax_iomap_rw()
workqueue: don't skip lockdep work dependency in cancel_work_sync()
i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
i2c: mlxbf: incorrect base address passed during io write
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
i2c: mlxbf: Fix frequency calculation
drm/amdgpu: don't register a dirty callback for non-atomic
NFSv4: Fixes for nfs4_inode_return_delegation()
devdax: Fix soft-reservation memory description
ext4: make directory inode spreading reflect flexbg size
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
ext4: limit the number of retries after discarding preallocations blocks
ext4: make mballoc try target group first even with mb_optimize_scan
ext4: avoid unnecessary spreading of allocations among groups
ext4: use locality group preallocation for small closed files
Linux 5.15.71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie66ba67f788b7ce6ffd766544f9ec0286bec5d9f
|
||
|
Maurizio Lombardi
|
61703b248b |
mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
commit e45cc288724f0cfd497bb5920bcfa60caa335729 upstream. Commit |
||
Chao Yu
|
2d6e55e0c0 |
mm/slub: fix to return errno if kmalloc() fails
commit 7e9c323c52b379d261a72dc7bd38120a761a93cd upstream.
In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to
out-of-memory, if it fails, return errno correctly rather than
triggering panic via BUG_ON();
kernel BUG at mm/slub.c:5893!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Call trace:
sysfs_slab_add+0x258/0x260 mm/slub.c:5973
__kmem_cache_create+0x60/0x118 mm/slub.c:4899
create_cache mm/slab_common.c:229 [inline]
kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335
kmem_cache_create+0x1c/0x28 mm/slab_common.c:390
f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline]
f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808
f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149
mount_bdev+0x1b8/0x210 fs/super.c:1400
f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512
legacy_get_tree+0x30/0x74 fs/fs_context.c:610
vfs_get_tree+0x40/0x140 fs/super.c:1530
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x914 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568
Cc: <stable@kernel.org>
Fixes:
|
||
Peter Collingbourne
|
bf0197aea1 |
kasan: call kasan_malloc() from __kmalloc_*track_caller()
commit 5373b8a09d6e037ee0587cb5d9fe4cc09077deeb upstream. We were failing to call kasan_malloc() from __kmalloc_*track_caller() which was causing us to sometimes fail to produce KASAN error reports for allocations made using e.g. devm_kcalloc(), as the KASAN poison was not being initialized. Fix it. Signed-off-by: Peter Collingbourne <pcc@google.com> Cc: <stable@vger.kernel.org> # 5.15 Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
a449b299e8 |
Merge 5.15.69 into android14-5.15
Changes in 5.15.69
NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests
ACPI: resource: skip IRQ override on AMD Zen platforms
ARM: dts: imx: align SPI NOR node name with dtschema
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
ARM: dts: at91: fix low limit for CPU regulator
ARM: dts: at91: sama7g5ek: specify proper regulator output ranges
lockdep: Fix -Wunused-parameter for _THIS_IP_
x86/mm: Force-inline __phys_addr_nodebug()
task_stack, x86/cea: Force-inline stack helpers
tracing: hold caller_addr to hardirq_{enable,disable}_ip
tracefs: Only clobber mode/uid/gid on remount if asked
iommu/vt-d: Fix kdump kernels boot failure with scalable mode
Input: goodix - add support for GT1158
platform/surface: aggregator_registry: Add support for Surface Laptop Go 2
drm/msm/rd: Fix FIFO-full deadlock
dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
tg3: Disable tg3 device on system reboot to avoid triggering AER
gpio: mockup: remove gpio debugfs when remove device
ieee802154: cc2520: add rc code in cc2520_tx()
Input: iforce - add support for Boeder Force Feedback Wheel
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
net: dsa: hellcreek: Print warning only once
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
soc: fsl: select FSL_GUTS driver for DPIO
usb: gadget: f_uac2: clean up some inconsistent indenting
usb: gadget: f_uac2: fix superspeed transfer
RDMA/irdma: Use s/g array in post send only when its valid
Input: goodix - add compatible string for GT1158
Linux 5.15.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifcadf79f34eb6093489fb3faf5e42c9739e56522
|
||
|
Greg Kroah-Hartman
|
5a1075de9c |
Merge 5.15.68 into android14-5.15
Changes in 5.15.68 net: wwan: iosm: remove pointless null check efi: libstub: Disable struct randomization efi: capsule-loader: Fix use-after-free in efi_capsule_write wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() fs: only do a memory barrier for the first set_buffer_uptodate() Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX scsi: megaraid_sas: Fix double kfree() drm/gem: Fix GEM handle release errors drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/radeon: add a force flush to delay work when radeon scsi: ufs: core: Reduce the power mode change timeout Revert "parisc: Show error if wrong 32/64-bit compiler is being used" parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level netfilter: conntrack: work around exceeded receive window cpufreq: check only freq_table in __resolve_freq() net/core/skbuff: Check the return value of skb_copy_bits() md: Flush workqueue md_rdev_misc_wq in md_alloc() fbdev: fbcon: Destroy mutex on freeing struct fb_info fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: usb-audio: Split endpoint setups for hw_params and prepare ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() tracing: Fix to check event_mutex is held while accessing trigger list btrfs: zoned: set pseudo max append zone limit in zone emulation mode vfio/type1: Unpin zero pages kprobes: Prohibit probes in gate area debugfs: add debugfs_lookup_and_remove() sched/debug: fix dentry leak in update_sched_domain_debugfs drm/amd/display: fix memory leak when using debugfs_lookup() nvmet: fix a use-after-free drm/i915: Implement WaEdpLinkRateDataReload scsi: mpt3sas: Fix use-after-free warning scsi: lpfc: Add missing destroy_workqueue() in error path NFS: Further optimisations for 'ls -l' NFS: Save some space in the inode NFS: Fix another fsync() issue after a server reboot cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock ASoC: qcom: sm8250: add missing module owner RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node soc: imx: gpcv2: Assert reset before ungating clock regulator: core: Clean up on enable failure tee: fix compiler warning in tee_shm_register() RDMA/cma: Fix arguments order in net device validation soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/hns: Fix supported page size RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift wifi: wilc1000: fix DMA on stack objects ARM: at91: pm: fix self-refresh for sama7g5 ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time netfilter: br_netfilter: Drop dst references before setting. netfilter: nf_tables: clean up hook list when offload flags check fails netfilter: nf_conntrack_irc: Fix forged IP logic RDMA/srp: Set scmnd->result only when scmnd is not NULL ALSA: usb-audio: Inform the delayed registration more properly ALSA: usb-audio: Register card again for iface over delayed_register option rxrpc: Fix ICMP/ICMP6 error handling rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() afs: Use the operation issue time instead of the reply time for callbacks Revert "net: phy: meson-gxl: improve link-up behavior" sch_sfb: Don't assume the skb is still around after enqueueing to child tipc: fix shift wrapping bug in map_get() net: introduce __skb_fill_page_desc_noacc tcp: TX zerocopy should not sense pfmemalloc status ice: use bitmap_free instead of devm_kfree i40e: Fix kernel crash during module removal iavf: Detach device during reset task xen-netback: only remove 'hotplug-status' when the vif is actually destroyed RDMA/siw: Pass a pointer to virt_to_page() ipv6: sr: fix out-of-bounds read when setting HMAC data. IB/core: Fix a nested dead lock as part of ODP flow RDMA/mlx5: Set local port to one when accessing counters erofs: fix pcluster use-after-free on UP platforms nvme-tcp: fix UAF when detecting digest errors nvme-tcp: fix regression that causes sporadic requests to time out tcp: fix early ETIMEDOUT after spurious non-SACK RTO nvmet: fix mar and mor off-by-one errors RDMA/irdma: Report the correct max cqes from query device RDMA/irdma: Return correct WC error for bind operation failure RDMA/irdma: Report RNR NAK generation in device caps sch_sfb: Also store skb len before calling child enqueue perf script: Fix Cannot print 'iregs' field for hybrid systems hwmon: (tps23861) fix byte order in resistance register ASoC: mchp-spdiftx: remove references to mchp_i2s_caps ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion MIPS: loongson32: ls1c: Fix hang during startup kbuild: disable header exports for UML in a straightforward way i40e: Refactor tc mqprio checks i40e: Fix ADQ rate limiting for PF swiotlb: avoid potential left shift overflow iommu/amd: use full 64-bit value in build_completion_wait() s390/boot: fix absolute zero lowcore corruption on boot hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors hwmon: (mr75203) fix voltage equation for negative source input hwmon: (mr75203) fix multi-channel voltage reading hwmon: (mr75203) enable polling for all VM channels Revert "arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"" arm64/bti: Disable in kernel BTI when cross section thunks are broken iommu/vt-d: Correctly calculate sagaw value of IOMMU arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly drm/bridge: display-connector: implement bus fmts callbacks perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency Linux 5.15.68 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3e23c18230fda5af55fc5b73db9ac288835c8c23 |
||
|
Greg Kroah-Hartman
|
4204bfff97 |
Merge 5.15.66 into android14-5.15
Changes in 5.15.66 drm/msm/dsi: fix the inconsistent indenting drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: Fix number of regulators for SDM660 platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask iio: adc: mcp3911: make use of the sign bit skmsg: Fix wrong last sg check in sk_msg_recvmsg() bpf: Restrict bpf_sys_bpf to CAP_PERFMON bpf, cgroup: Fix kernel BUG in purge_effective_progs ieee802154/adf7242: defer destroy_workqueue call drm/i915/backlight: extract backlight code to a separate file drm/i915/display: avoid warnings when registering dual panel backlight ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Revert "xhci: turn off port power in shutdown" net: sparx5: fix handling uneven length packets in manual extraction net: smsc911x: Stop and start PHY during suspend and resume openvswitch: fix memory leak at failed datapath creation net: dsa: xrs700x: Use irqsave variant for u64 stats update net: sched: tbf: don't call qdisc_put() while holding tree lock net/sched: fix netdevice reference leaks in attach_default_qdiscs() ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler mlxbf_gige: compute MDIO period based on i1clk kcm: fix strp_init() order and cleanup sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb tcp: annotate data-race around challenge_timestamp Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" net/smc: Remove redundant refcount increase soundwire: qcom: fix device status array range serial: fsl_lpuart: RS485 RTS polariy is inverse staging: rtl8712: fix use after free bugs staging: r8188eu: add firmware dependency powerpc: align syscall table for ppc32 vt: Clear selection before changing the font musb: fix USB_MUSB_TUSB6010 dependency tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag iio: ad7292: Prevent regulator double disable iio: adc: mcp3911: use correct formula for AD conversion misc: fastrpc: fix memory corruption on probe misc: fastrpc: fix memory corruption on open USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id mmc: core: Fix UHS-I SD 1.8V workaround branch mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure binder: fix UAF of ref->proc caused by race condition binder: fix alloc->vma_vm_mm null-ptr dereference cifs: fix small mempool leak in SMB2_negotiate() KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Fix runtime PM sequence in clk_core_unprepare() Input: rk805-pwrkey - fix module autoloading clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() clk: bcm: rpi: Prevent out-of-bounds access clk: bcm: rpi: Add missing newline hwmon: (gpio-fan) Fix array out of bounds access gpio: pca953x: Add mutex_lock for regcache sync in PM KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() mm: pagewalk: Fix race between unmap and page walker xen-blkback: Advertise feature-persistent as user requested xen-blkfront: Advertise feature-persistent as user requested xen-blkfront: Cache feature_persistent value before advertisement thunderbolt: Use the actual buffer in tb_async_error() usb: dwc3: pci: Add support for Intel Raptor Lake media: mceusb: Use new usb_control_msg_*() routines xhci: Add grace period after xHC start to prevent premature runtime suspend. USB: serial: cp210x: add Decagon UCA device id USB: serial: option: add support for OPPO R11 diag port USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device usb: typec: tcpm: Return ENOTSUPP for power supply prop writes usb: dwc2: fix wrong order of phy_power_on and phy_init usb: cdns3: fix issue with rearming ISO OUT endpoint usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb-storage: Add ignore-residue quirk for NXP PN7462AU s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages s390: fix nospec table alignments USB: core: Prevent nested device-reset calls usb: xhci-mtk: relax TT periodic bandwidth allocation usb: xhci-mtk: fix bandwidth release issue usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS driver core: Don't probe devices after bus_type.match() probe deferral wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected wifi: mac80211: Fix UAF in ieee80211_scan_rx() ip: fix triggering of 'icmp redirect' net: Use u64_stats_fetch_begin_irq() for stats fetch. net: mac802154: Fix a condition in the receive path ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 ALSA: seq: oss: Fix data-race for max_midi_devs access ALSA: seq: Fix data-race at module auto-loading drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk drm/i915: Skip wm/ddb readout for disabled pipes tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() kbuild: Unify options for BTF generation for vmlinux and modules kbuild: Add skip_encoding_btf_enum64 option to pahole usb: dwc3: fix PHY disable sequence usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup usb: dwc3: disable USB core PHY management USB: serial: ch341: fix lost character on LCR updates USB: serial: ch341: fix disabled rx timer on older devices Linux 5.15.66 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I309eed59f20bde6cdb0b4debdb6a9c5909f620ee |
||
|
Greg Kroah-Hartman
|
923f8ffad3 |
Merge 5.15.65 into android14-5.15
Changes in 5.15.65
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
drm/bridge: Add stubs for devm_drm_of_get_bridge when OF is disabled
ACPI: thermal: drop an always true check
drm/vc4: hdmi: Rework power up
drm/vc4: hdmi: Depends on CONFIG_PM
firmware: tegra: bpmp: Do only aligned access to IPC memory area
crypto: lib - remove unneeded selection of XOR_BLOCKS
Drivers: hv: balloon: Support status report for larger page sizes
mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
arm64: errata: Add Cortex-A510 to the repeat tlbi list
io_uring: correct fill events helpers types
io_uring: clean cqe filling functions
io_uring: refactor poll update
io_uring: move common poll bits
io_uring: kill poll linking optimisation
io_uring: inline io_poll_complete
io_uring: poll rework
io_uring: Remove unused function req_ref_put
io_uring: remove poll entry from list when canceling all
io_uring: bump poll refs to full 31-bits
io_uring: fail links when poll fails
io_uring: fix wrong arm_poll error handling
io_uring: fix UAF due to missing POLLFREE handling
kbuild: Fix include path in scripts/Makefile.modpost
Bluetooth: L2CAP: Fix build errors in some archs
Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
udmabuf: Set the DMA mask for the udmabuf device (v2)
media: pvrusb2: fix memory leak in pvr_probe
HID: hidraw: fix memory leak in hidraw_release()
net: fix refcount bug in sk_psock_get (2)
fbdev: fb_pm2fb: Avoid potential divide by zero error
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
bpf: Don't redirect packets with invalid pkt_len
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5
HID: add Lenovo Yoga C630 battery quirk
HID: AMD_SFH: Add a DMI quirk entry for Chromebooks
HID: asus: ROG NKey: Ignore portion of 0x5a report
HID: thrustmaster: Add sparco wheel and fix array length
drm/i915/gt: Skip TLB invalidations once wedged
mmc: mtk-sd: Clear interrupts when cqe off/disable
mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs
mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx
mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC
btrfs: remove root argument from btrfs_unlink_inode()
btrfs: remove no longer needed logic for replaying directory deletes
btrfs: add and use helper for unlinking inode during log replay
btrfs: fix warning during log replay when bumping inode link count
fs/ntfs3: Fix work with fragmented xattr
ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path
drm/amd/display: Avoid MPC infinite loop
drm/amd/display: Fix HDMI VSIF V3 incorrect issue
drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
drm/amd/display: clear optc underflow before turn off odm clock
ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured
neigh: fix possible DoS due to net iface start/stop loop
s390/hypfs: avoid error message under KVM
ksmbd: don't remove dos attribute xattr on O_TRUNC open
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
drm/amd/display: Fix pixel clock programming
drm/amdgpu: Increase tlb flush timeout for sriov
drm/amd/display: avoid doing vm_init multiple time
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
testing: selftests: nft_flowtable.sh: use random netns names
btrfs: move lockdep class helpers to locking.c
btrfs: fix lockdep splat with reloc root extent buffers
btrfs: tree-checker: check for overlapping extent items
kprobes: don't call disarm_kprobe() for disabled kprobes
btrfs: fix space cache corruption and potential double allocations
android: binder: fix lockdep check on clearing vma
net/af_packet: check len when min_header_len equals to 0
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Linux 5.15.65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5d29db64b8de0e14dbe991c50430c20bb36ecf59
|
||
|
Greg Kroah-Hartman
|
d32ea5d2c0 |
Merge 5.15.64 into android14-5.15
Changes in 5.15.64 wifi: rtlwifi: remove always-true condition pointed out by GCC 12 eth: sun: cassini: remove dead code audit: fix potential double free on error path from fsnotify_add_inode_mark cgroup: Fix race condition at rebind_subsystems() parisc: Make CONFIG_64BIT available for ARCH=parisc64 only parisc: Fix exception handler for fldw and fstw instructions kernel/sys_ni: add compat entry for fadvise64_64 x86/entry: Move CLD to the start of the idtentry macro block: add a bdev_max_zone_append_sectors helper block: add bdev_max_segments() helper btrfs: zoned: revive max_zone_append_bytes btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size btrfs: convert count_max_extents() to use fs_info->max_extent_size Input: i8042 - move __initconst to fix code styling warning Input: i8042 - merge quirk tables Input: i8042 - add TUXEDO devices to i8042 quirk tables Input: i8042 - add additional TUXEDO devices to i8042 quirk tables drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist scsi: qla2xxx: Fix response queue handler reading stale packets scsi: qla2xxx: edif: Fix dropped IKE message btrfs: put initial index value of a directory in a constant btrfs: pass the dentry to btrfs_log_new_name() instead of the inode btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc() riscv: lib: uaccess: fold fixups into body riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit xfrm: fix refcount leak in __xfrm_policy_check() xfrm: clone missing x->lastused in xfrm_do_migrate af_key: Do not call xfrm_probe_algs in parallel xfrm: policy: fix metadata dst->dev xmit null pointer dereference fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts net: use eth_hw_addr_set() instead of ether_addr_copy() Revert "net: macsec: update SCI upon MAC address change." NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() NFSv4.2 fix problems with __nfs42_ssc_open SUNRPC: RPC level errors should set task->tk_rpc_status mm/smaps: don't access young/dirty bit if pte unpresent ntfs: fix acl handling rose: check NULL rose_loopback_neigh->loopback r8152: fix the units of some registers for RTL8156A r8152: fix the RX FIFO settings when suspending nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout ice: xsk: Force rings to be sized to power of 2 ice: xsk: prohibit usage of non-balanced queue id net/mlx5e: Properly disable vlan strip on non-UL reps net/mlx5: Avoid false positive lockdep warning by adding lock_class_key net/mlx5e: Fix wrong application of the LRO state net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off net: ipa: don't assume SMEM is page-aligned net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() net: moxa: get rid of asymmetry in DMA mapping/unmapping bonding: 802.3ad: fix no transmission of LACPDUs net: ipvtap - add __init/__exit annotations to module init/exit funcs netfilter: ebtables: reject blobs that don't provide all entry points bnxt_en: fix NQ resource accounting during vf creation on 57500 chips netfilter: nf_tables: disallow updates of implicit chain netfilter: nf_tables: make table handle allocation per-netns friendly netfilter: nft_payload: report ERANGE for too long offset and length netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nf_tables: do not leave chain stats enabled on error netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_tunnel: restrict it to netdev family netfilter: nf_tables: consolidate rule verdict trace call netfilter: nft_cmp: optimize comparison for 16-bytes netfilter: bitwise: improve error goto labels netfilter: nf_tables: upfront validation of data via nft_data_init() netfilter: nf_tables: disallow jump to implicit chain from set element netfilter: nf_tables: disallow binding to already bound chain netfilter: flowtable: add function to invoke garbage collection immediately netfilter: flowtable: fix stuck flows on cleanup due to pending work net: Fix data-races around sysctl_[rw]mem_(max|default). net: Fix data-races around weight_p and dev_weight_[rt]x_bias. net: Fix data-races around netdev_max_backlog. net: Fix data-races around netdev_tstamp_prequeue. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around sysctl_optmem_max. net: Fix a data-race around sysctl_tstamp_allow_data. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around netdev_budget. tcp: expose the tcp_mark_push() and tcp_skb_entail() helpers mptcp: stop relying on tcp_tx_skb_cache net: Fix data-races around sysctl_max_skb_frags. net: Fix a data-race around netdev_budget_usecs. net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. net: Fix data-races around sysctl_devconf_inherit_init_net. net: Fix a data-race around sysctl_somaxconn. ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter i40e: Fix incorrect address type for IPv6 flow rules rxrpc: Fix locking in rxrpc's sendmsg ionic: widen queue_lock use around lif init and deinit ionic: clear broken state on generation change ionic: fix up issues with handling EAGAIN on FW cmds ionic: VF initial random MAC address if no assigned mac net: stmmac: work around sporadic tx issue on link-up btrfs: fix silent failure when deleting root reference btrfs: replace: drop assert for suspended replace btrfs: add info when mount fails due to stale replace target btrfs: check if root is readonly while setting security xattr btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() perf/x86/lbr: Enable the branch type for the Arch LBR by default x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry x86/bugs: Add "unknown" reporting for MMIO Stale Data x86/nospec: Unwreck the RSB stuffing loop: Check for overflow while configuring loop writeback: avoid use-after-free after removing device asm-generic: sections: refactor memory_intersects mm/damon/dbgfs: avoid duplicate context directory creation s390/mm: do not trigger write fault when vma does not allow VM_WRITE bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem s390: fix double free of GS and RI CBs on fork() failure fbdev: fbcon: Properly revert changes when vc_resize() failed Revert "memcg: cleanup racy sum avoidance code" ACPI: processor: Remove freq Qos request for all CPUs nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf smb3: missing inode locks in punch hole xen/privcmd: fix error exit of privcmd_ioctl_dm_op() riscv: traps: add missing prototype io_uring: fix issue with io_write() not always undoing sb_start_write() Revert "usbnet: smsc95xx: Fix deadlock on runtime resume" Revert "usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling" mm/hugetlb: fix hugetlb not supporting softdirty tracking Revert "md-raid: destroy the bitmap after destroying the thread" md: call __md_stop_writes in md_stop mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 binder_alloc: add missing mmap_lock calls when using the VMA x86/nospec: Fix i386 RSB stuffing Documentation/ABI: Mention retbleed vulnerability info file for sysfs blk-mq: fix io hung due to missing commit_rqs perf python: Fix build when PYTHON_CONFIG is user supplied perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU perf/x86/intel/ds: Fix precise store latency handling perf stat: Clear evsel->reset_group for each stat run scsi: ufs: core: Enable link lost interrupt scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq bpf: Don't use tnum_range on array range checking for poke descriptors Linux 5.15.64 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8e4d8a8ed90e22487e249b9635b210935febda6e |
||
|
Greg Kroah-Hartman
|
47c7e57022 |
Merge 5.15.61 into android14-5.15
Changes in 5.15.61
Makefile: link with -z noexecstack --no-warn-rwx-segments
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
pNFS/flexfiles: Report RDMA connection errors to the server
NFSD: Clean up the show_nf_flags() macro
nfsd: eliminate the NFSD_FILE_BREAK_* flags
ALSA: usb-audio: Add quirk for Behringer UMC202HD
ALSA: bcd2000: Fix a UAF bug on the error path of probing
ALSA: hda/realtek: Add quirk for Clevo NV45PZ
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
wifi: mac80211_hwsim: fix race condition in pending packet
wifi: mac80211_hwsim: add back erroneously removed cast
wifi: mac80211_hwsim: use 32-bit skb cookie
add barriers to buffer_uptodate and set_buffer_uptodate
lockd: detect and reject lock arguments that overflow
HID: hid-input: add Surface Go battery quirk
HID: wacom: Only report rotation for art pen
HID: wacom: Don't register pad_input for touch switch
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: s390: pv: don't present the ecall interrupt twice
KVM: x86: Split kvm_is_valid_cr4() and export only the non-vendor bits
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
KVM: nVMX: Account for KVM reserved CR4 bits in consistency checks
KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
KVM: x86: Tag kvm_mmu_x86_module_init() with __init
KVM: x86: do not report preemption if the steal time cache is stale
KVM: x86: revalidate steal time cache if MSR value changes
riscv: set default pm_power_off to NULL
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
ALSA: hda/cirrus - support for iMac 12,1 model
ALSA: hda/realtek: Add quirk for another Asus K42JZ model
ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
tty: vt: initialize unicode screen buffer
vfs: Check the truncate maximum size in inode_newsize_ok()
fs: Add missing umask strip in vfs_tmpfile
thermal: sysfs: Fix cooling_device_stats_setup() error code path
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
fbcon: Fix accelerated fbdev scrolling while logo is still shown
usbnet: Fix linkwatch use-after-free on disconnect
fix short copy handling in copy_mc_pipe_to_iter()
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
parisc: Fix device names in /proc/iomem
parisc: Drop pa_swapper_pg_lock spinlock
parisc: Check the return value of ioremap() in lba_driver_probe()
parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
riscv:uprobe fix SR_SPIE set/clear handling
dt-bindings: riscv: fix SiFive l2-cache's cache-sets
RISC-V: kexec: Fixup use of smp_processor_id() in preemptible context
RISC-V: Fixup get incorrect user mode PC for kernel mode regs
RISC-V: Fixup schedule out issue in machine_crash_shutdown()
RISC-V: Add modules to virtual kernel memory layout dump
rtc: rx8025: fix 12/24 hour mode detection on RX-8035
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
drm/shmem-helper: Add missing vunmap on error
drm/vc4: hdmi: Disable audio if dmas property is present but empty
drm/hyperv-drm: Include framebuffer and EDID headers
drm/nouveau: fix another off-by-one in nvbios_addr
drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend()
drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime
drm/nouveau/kms: Fix failure path for creating DP connectors
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
drm/amdgpu: fix check in fbdev init
bpf: Fix KASAN use-after-free Read in compute_effective_progs
btrfs: reject log replay if there is unsupported RO compat flag
mtd: rawnand: arasan: Fix clock rate in NV-DDR
mtd: rawnand: arasan: Update NAND bus clock instead of system clock
um: Remove straying parenthesis
um: seed rng using host OS rng
iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
iio: light: isl29028: Fix the warning in isl29028_remove()
scsi: sg: Allow waiting for commands to complete on removed device
scsi: qla2xxx: Fix incorrect display of max frame size
scsi: qla2xxx: Zero undefined mailbox IN registers
soundwire: qcom: Check device status before reading devid
ksmbd: fix memory leak in smb2_handle_negotiate
ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT
ksmbd: fix use-after-free bug in smb2_tree_disconect
fuse: limit nsec
fuse: ioctl: translate ENOSYS
serial: mvebu-uart: uart2 error bits clearing
md-raid: destroy the bitmap after destroying the thread
md-raid10: fix KASAN warning
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
PCI: Add defines for normal and subtractive PCI bridges
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
powerpc/powernv: Avoid crashing if rng is NULL
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
coresight: Clear the connection field properly
usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
USB: HCD: Fix URB giveback issue in tasklet function
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
usb: dwc3: gadget: refactor dwc3_repare_one_trb
usb: dwc3: gadget: fix high speed multiplier setting
netfilter: nf_tables: do not allow SET_ID to refer to another table
netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: fix null deref due to zeroed list head
epoll: autoremove wakers even more aggressively
x86: Handle idle=nomwait cmdline properly for x86_idle
arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic
arm64: Do not forget syscall when starting a new thread.
arm64: fix oops in concurrently setting insn_emulation sysctls
arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
ext2: Add more validity checks for inode counts
sched/fair: Introduce SIS_UTIL to search idle CPU based on sum of util_avg
genirq: Don't return error on missing optional irq_request_resources()
irqchip/mips-gic: Only register IPI domain when SMP is enabled
genirq: GENERIC_IRQ_IPI depends on SMP
sched/core: Always flush pending blk_plug
irqchip/mips-gic: Check the return value of ioremap() in gic_of_init()
wait: Fix __wait_event_hrtimeout for RT/DL tasks
ARM: dts: imx6ul: add missing properties for sram
ARM: dts: imx6ul: change operating-points to uint32-matrix
ARM: dts: imx6ul: fix keypad compatible
ARM: dts: imx6ul: fix csi node compatible
ARM: dts: imx6ul: fix lcdif node compatible
ARM: dts: imx6ul: fix qspi node compatible
ARM: dts: BCM5301X: Add DT for Meraki MR26
ARM: dts: ux500: Fix Codina accelerometer mounting matrix
ARM: dts: ux500: Fix Gavini accelerometer mounting matrix
spi: synquacer: Add missing clk_disable_unprepare()
ARM: OMAP2+: display: Fix refcount leak bug
ARM: OMAP2+: pdata-quirks: Fix refcount leak bug
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: LPSS: Fix missing check in register_device_clock()
ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART
arm64: dts: qcom: ipq8074: fix NAND node name
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
ARM: shmobile: rcar-gen2: Increase refcount for new reference
firmware: tegra: Fix error check return value of debugfs_create_file()
hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
hwmon: (sht15) Fix wrong assumptions in device remove callback
PM: hibernate: defer device probing when resuming from hibernation
selinux: fix memleak in security_read_state_kernel()
selinux: Add boundary check in put_entry()
kasan: test: Silence GCC 12 warnings
drm/amdgpu: Remove one duplicated ef removal
powerpc/64s: Disable stack variable initialisation for prom_init
spi: spi-rspi: Fix PIO fallback on RZ platforms
ARM: findbit: fix overflowing offset
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
arm64: dts: renesas: beacon: Fix regulator node names
spi: spi-altera-dfl: Fix an error handling path
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
ACPI: processor/idle: Annotate more functions to live in cpuidle section
ARM: dts: imx7d-colibri-emmc: add cpu1 supply
soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
scsi: hisi_sas: Use managed PCI functions
dt-bindings: iio: accel: Add DT binding doc for ADXL355
soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
x86/pmem: Fix platform-device leak in error path
ARM: dts: ast2500-evb: fix board compatible
ARM: dts: ast2600-evb: fix board compatible
ARM: dts: ast2600-evb-a1: fix board compatible
arm64: dts: mt8192: Fix idle-states nodes naming scheme
arm64: dts: mt8192: Fix idle-states entry-method
arm64: select TRACE_IRQFLAGS_NMI_SUPPORT
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
locking/lockdep: Fix lockdep_init_map_*() confusion
arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor
soc: fsl: guts: machine variable might be unset
block: fix infinite loop for invalid zone append
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
ARM: OMAP2+: Fix refcount leak in omapdss_init_of
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
arm64: dts: qcom: sdm630: disable GPU by default
arm64: dts: qcom: sdm630: fix the qusb2phy ref clock
arm64: dts: qcom: sdm630: fix gpu's interconnect path
arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct sdc2 pinconf
cpufreq: zynq: Fix refcount leak in zynq_get_revision
regulator: qcom_smd: Fix pm8916_pldo range
ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1
soc: qcom: ocmem: Fix refcount leak in of_get_ocmem
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
ACPI: APEI: explicit init of HEST and GHES in apci_init()
drivers/iio: Remove all strcpy() uses
ACPI: VIOT: Fix ACS setup
arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201 to sm6125
arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes
arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells
arm64: dts: mt7622: fix BPI-R64 WPS button
arm64: tegra: Fixup SYSRAM references
arm64: tegra: Update Tegra234 BPMP channel addresses
arm64: tegra: Mark BPMP channels as no-memory-wc
arm64: tegra: Fix SDMMC1 CD on P2888
erofs: avoid consecutive detection for Highmem memory
blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
spi: Fix simplification of devm_spi_register_controller
spi: tegra20-slink: fix UAF in tegra_slink_remove()
hwmon: (drivetemp) Add module alias
blktrace: Trace remapped requests correctly
PM: domains: Ensure genpd_debugfs_dir exists before remove
dm writecache: return void from functions
dm writecache: count number of blocks read, not number of read bios
dm writecache: count number of blocks written, not number of write bios
dm writecache: count number of blocks discarded, not number of discard bios
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
soc: qcom: Make QCOM_RPMPD depend on PM
arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment
irqdomain: Report irq number for NOMAP domains
drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
x86/extable: Fix ex_handler_msr() print condition
selftests/seccomp: Fix compile warning when CC=clang
thermal/tools/tmon: Include pthread and time headers in tmon.h
dm: return early from dm_pr_call() if DM device is suspended
pwm: sifive: Simplify offset calculation for PWMCMP registers
pwm: sifive: Ensure the clk is enabled exactly once per running PWM
pwm: sifive: Shut down hardware only after pwmchip_remove() completed
pwm: lpc18xx-sct: Reduce number of devm memory allocations
pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data()
pwm: lpc18xx: Fix period handling
drm/dp: Export symbol / kerneldoc fixes for DP AUX bus
drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function
ath10k: do not enforce interrupt trigger type
drm/st7735r: Fix module autoloading for Okaya RH128128T
drm/panel: Fix build error when CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y && CONFIG_DRM_DISPLAY_HELPER=m
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
ath11k: fix netdev open race
drm/mipi-dbi: align max_chunk to 2 in spi_transfer
ath11k: Fix incorrect debug_mask mappings
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
drm/mediatek: Modify dsi funcs to atomic operations
drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
drm/meson: encoder_hdmi: switch to bridge DRM_BRIDGE_ATTACH_NO_CONNECTOR
drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init
drm/bridge: lt9611uxc: Cancel only driver's work
i2c: npcm: Remove own slave addresses 2:10
i2c: npcm: Correct slave role behavior
i2c: mxs: Silence a clang warning
virtio-gpu: fix a missing check to avoid NULL dereference
drm/shmem-helper: Unexport drm_gem_shmem_create_with_handle()
drm/shmem-helper: Export dedicated wrappers for GEM object functions
drm/shmem-helper: Pass GEM shmem object in public interfaces
drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
drm: adv7511: override i2c address of cec before accessing it
crypto: sun8i-ss - do not allocate memory when handling hash requests
crypto: sun8i-ss - fix error codes in allocate_flows()
net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback
can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback
i2c: Fix a potential use after free
crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs()
media: atmel: atmel-sama7g5-isc: fix warning in configs without OF
media: tw686x: Register the irq at the end of probe
media: imx-jpeg: Correct some definition according specification
media: imx-jpeg: Leave a blank space before the configuration data
media: imx-jpeg: Add pm-runtime support for imx-jpeg
media: imx-jpeg: use NV12M to represent non contiguous NV12
media: imx-jpeg: Set V4L2_BUF_FLAG_LAST at eos
media: imx-jpeg: Refactor function mxc_jpeg_parse
media: imx-jpeg: Identify and handle precision correctly
media: imx-jpeg: Handle source change in a function
media: imx-jpeg: Support dynamic resolution change
media: imx-jpeg: Align upwards buffer size
media: imx-jpeg: Implement drain using v4l2-mem2mem helpers
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
drm/radeon: fix incorrrect SPDX-License-Identifiers
rcutorture: Warn on individual rcu_torture_init() error conditions
rcutorture: Don't cpuhp_remove_state() if cpuhp_setup_state() failed
rcutorture: Fix ksoftirqd boosting timing and iteration
test_bpf: fix incorrect netdev features
crypto: ccp - During shutdown, check SEV data pointer before using
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
media: imx-jpeg: Disable slot interrupt when frame done
drm/mcde: Fix refcount leak in mcde_dsi_bind
media: hdpvr: fix error value returns in hdpvr_read
media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
media: driver/nxp/imx-jpeg: fix a unexpected return value problem
media: tw686x: Fix memory leak in tw686x_video_init
drm/vc4: plane: Remove subpixel positioning check
drm/vc4: plane: Fix margin calculations for the right/bottom edges
drm/bridge: Add a function to abstract away panels
drm/vc4: dsi: Switch to devm_drm_of_get_bridge
drm/vc4: Use of_device_get_match_data()
drm/vc4: dsi: Release workaround buffer and DMA
drm/vc4: dsi: Correct DSI divider calculations
drm/vc4: dsi: Correct pixel order for DSI0
drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
drm/vc4: dsi: Fix dsi0 interrupt support
drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration
drm/vc4: hdmi: Fix HPD GPIO detection
drm/vc4: hdmi: Avoid full hdmi audio fifo writes
drm/vc4: hdmi: Reset HDMI MISC_CONTROL register
drm/vc4: hdmi: Fix timings for interlaced modes
drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0
drm/rockchip: vop: Don't crash for invalid duplicate_state()
drm/rockchip: Fix an error handling path rockchip_dp_probe()
drm/mediatek: dpi: Remove output format of YUV
drm/mediatek: dpi: Only enable dpi after the bridge is enabled
drm: bridge: sii8620: fix possible off-by-one
hinic: Use the bitmap API when applicable
net: hinic: fix bug that ethtool get wrong stats
net: hinic: avoid kernel hung in hinic_get_stats64()
drm/msm/mdp5: Fix global state lock backoff
crypto: hisilicon/sec - don't sleep when in softirq
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
drm/msm: Avoid dirtyfb stalls on video mode displays (v2)
drm/msm/dpu: Fix for non-visible planes
mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
mt76: mt7615: do not update pm stats in case of error
ieee80211: add EHT 1K aggregation definitions
mt76: mt7921: fix aggregation subframes setting to HE max
mt76: mt7921: enlarge maximum VHT MPDU length to 11454
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()
skmsg: Fix invalid last sg check in sk_msg_recvmsg()
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
tcp: make retransmitted SKB fit into the send window
libbpf: Fix the name of a reused map
selftests: timers: valid-adjtimex: build fix for newer toolchains
selftests: timers: clocksource-switch: fix passing errors from child
bpf: Fix subprog names in stack traces.
fs: check FMODE_LSEEK to control internal pipe splicing
media: cedrus: h265: Fix flag name
media: hantro: postproc: Fix motion vector space size
media: hantro: Simplify postprocessor
media: hevc: Embedded indexes in RPS
media: staging: media: hantro: Fix typos
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: p54: add missing parentheses in p54_flush()
selftests/bpf: fix a test for snprintf() overflow
libbpf: fix an snprintf() overflow check
can: pch_can: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
can: usb_8dev: do not report txerr and rxerr during bus-off
can: error: specify the values of data[5..7] of CAN error frames
can: pch_can: pch_can_error(): initialize errc before using it
Bluetooth: hci_intel: Add check for platform_driver_register
i2c: cadence: Support PEC for SMBus block read
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
wifi: libertas: Fix possible refcount leak in if_usb_probe()
media: cedrus: hevc: Add check for invalid timestamp
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
net/mlx5: Adjust log_max_qp to be 18 at most
crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
crypto: hisilicon/sec - fix auth key size error
inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
netdevsim: fib: Fix reference count leak on route deletion failure
wifi: rtw88: check the return value of alloc_workqueue()
iavf: Fix max_rate limiting
iavf: Fix 'tc qdisc show' listing too many queues
netdevsim: Avoid allocation warnings triggered from user space
net: rose: fix netdev reference changes
net: ionic: fix error check for vlan flags in ionic_set_nic_features()
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
net: usb: make USB_RTL8153_ECM non user configurable
wireguard: ratelimiter: use hrtimer in selftest
wireguard: allowedips: don't corrupt stack when detecting overflow
HID: amd_sfh: Don't show client init failed as error when discovery fails
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
mtd: maps: Fix refcount leak in of_flash_probe_versatile
mtd: maps: Fix refcount leak in ap_flash_init
mtd: rawnand: meson: Fix a potential double free issue
of: check previous kernel's ima-kexec-buffer against memory bounds
scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
scsi: qla2xxx: edif: Fix potential stuck session in sa update
scsi: qla2xxx: edif: Reduce connection thrash
scsi: qla2xxx: edif: Fix inconsistent check of db_flags
scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application
scsi: qla2xxx: edif: Add retry for ELS passthrough
scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
scsi: qla2xxx: edif: Fix n2n login retry for secure device
KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported
phy: samsung: exynosautov9-ufs: correct TSRV register configurations
PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
mtd: partitions: Fix refcount leak in parse_redboot_of
mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()
fpga: altera-pr-ip: fix unsigned comparison with less than zero
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()
usb: xhci: tegra: Fix error check
netfilter: xtables: Bring SPDX identifier back
scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
scsi: qla2xxx: edif: Reduce disruption due to multiple app start
scsi: qla2xxx: edif: Fix no login after app start
scsi: qla2xxx: edif: Tear down session if keys have been removed
scsi: qla2xxx: edif: Fix session thrash
scsi: qla2xxx: edif: Fix no logout on delete for N2N
iio: accel: bma400: Fix the scale min and max macro values
platform/chrome: cros_ec: Always expose last resume result
iio: accel: bma400: Reordering of header files
clk: mediatek: reset: Fix written reset bit offset
lib/test_hmm: avoid accessing uninitialized pages
memremap: remove support for external pgmap refcounts
mm/memremap: fix memunmap_pages() race with get_dev_pagemap()
KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
mwifiex: Ignore BTCOEX events from the 88W8897 firmware
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel
scsi: iscsi: Add helper to remove a session from the kernel
scsi: iscsi: Fix session removal on shutdown
dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
mtd: dataflash: Add SPI ID table
clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
driver core: fix potential deadlock in __driver_attach
clk: qcom: clk-krait: unlock spin after mux completion
clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock
usb: host: xhci: use snprintf() in xhci_decode_trb()
RDMA/rxe: Fix deadlock in rxe_do_local_ops()
clk: qcom: ipq8074: fix NSS core PLL-s
clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
clk: qcom: ipq8074: fix NSS port frequency tables
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
clk: qcom: camcc-sm8250: Fix topology around titan_top power domain
clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled.
clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register
mm/mempolicy: fix get_nodes out of bound access
PCI: dwc: Stop link on host_init errors and de-initialization
PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
PCI: dwc: Disable outbound windows only for controllers using iATU
PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
soundwire: bus_type: fix remove and shutdown support
soundwire: revisit driver bind/unbind and callbacks
KVM: arm64: Don't return from void function
dmaengine: sf-pdma: Add multithread support for a DMA channel
PCI: endpoint: Don't stop controller when unbinding endpoint function
scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
intel_th: Fix a resource leak in an error handling path
intel_th: msu-sink: Potential dereference of null pointer
intel_th: msu: Fix vmalloced buffers
binder: fix redefinition of seq_file attributes
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
mmc: mxcmmc: Silence a clang warning
mmc: renesas_sdhi: Get the reset handle early in the probe
memstick/ms_block: Fix some incorrect memory allocation
memstick/ms_block: Fix a memory leak
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
of: device: Fix missing of_node_put() in of_dma_set_restricted_buffer
mmc: block: Add single read for 4k sector cards
KVM: s390: pv: leak the topmost page table when destroy fails
PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
scsi: smartpqi: Fix DMA direction for RAID requests
xtensa: iss/network: provide release() callback
xtensa: iss: fix handling error cases in iss_net_configure()
usb: gadget: udc: amd5536 depends on HAS_DMA
usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
usb: dwc3: qcom: fix missing optional irq warnings
eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
phy: stm32: fix error return in stm32_usbphyc_phy_init
interconnect: imx: fix max_node_id
um: random: Don't initialise hwrng struct with zero
RDMA/irdma: Fix a window for use-after-free
RDMA/irdma: Fix VLAN connection with wildcard address
RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
RDMA/rtrs-srv: Fix modinfo output for stringify
RDMA/rtrs: Fix warning when use poll mode on client side.
RDMA/rtrs: Replace duplicate check with is_pollqueue helper
RDMA/rtrs: Introduce destroy_cq helper
RDMA/rtrs: Do not allow sessname to contain special symbols / and .
RDMA/rtrs: Rename rtrs_sess to rtrs_path
RDMA/rtrs-srv: Rename rtrs_srv_sess to rtrs_srv_path
RDMA/rtrs-clt: Rename rtrs_clt_sess to rtrs_clt_path
RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function
RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
RDMA/hns: Fix incorrect clearing of interrupt status register
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
iio: cros: Register FIFO callback after sensor is registered
clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
HID: amd_sfh: Add NULL check for hid device
dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t)
scripts/gdb: lx-dmesg: read records individually
scripts/gdb: fix 'lx-dmesg' on 32 bits arch
RDMA/rxe: Fix mw bind to allow any consumer key portion
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
HID: alps: Declare U1_UNICORN_LEGACY support
RDMA/rxe: For invalidate compare according to set keys in mr
PCI: tegra194: Fix Root Port interrupt handling
PCI: tegra194: Fix link up retry sequence
HID: amd_sfh: Handle condition of "no sensors"
USB: serial: fix tty-port initialized comments
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}()
KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
platform/olpc: Fix uninitialized data in debugfs write
RDMA/srpt: Duplicate port name members
RDMA/srpt: Introduce a reference count in struct srpt_device
RDMA/srpt: Fix a use-after-free
android: binder: stop saving a pointer to the VMA
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
selftests: kvm: set rax before vmcall
of/fdt: declared return type does not match actual return type
RDMA/mlx5: Add missing check for return value in get namespace flow
RDMA/rxe: Add memory barriers to kernel queues
RDMA/rxe: Remove the is_user members of struct rxe_sq/rxe_rq/rxe_srq
RDMA/rxe: Fix error unwind in rxe_create_qp()
block/rnbd-srv: Set keep_id to true after mutex_trylock
null_blk: fix ida error handling in null_add_dev()
nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
nvme: define compat_ioctl again to unbreak 32-bit userspace.
nvme: disable namespace access for unsupported metadata
nvme: don't return an error from nvme_configure_metadata
nvme: catch -ENODEV from nvme_revalidate_zones again
block/bio: remove duplicate append pages code
block: ensure iov_iter advances for added pages
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable()
opp: Fix error check in dev_pm_opp_attach_genpd()
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
ASoC: samsung: Fix error handling in aries_audio_probe
ASoC: imx-audmux: Silence a clang warning
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
serial: 8250: Export ICR access helpers for internal use
serial: 8250: dma: Allow driver operations before starting DMA transfers
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
rpmsg: char: Add mutex protection for rpmsg_eptdev_open()
rpmsg: mtk_rpmsg: Fix circular locking dependency
remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
selftests/livepatch: better synchronize test_klp_callbacks_busy
profiling: fix shift too large makes kernel panic
remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable
ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables
tty: n_gsm: Delete gsmtty open SABM frame when config requester
tty: n_gsm: fix user open not possible at responder until initiator open
tty: n_gsm: fix tty registration before control channel open
tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
tty: n_gsm: fix missing timer to handle stalled links
tty: n_gsm: fix non flow control frames during mux flow off
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix race condition in gsmld_write()
tty: n_gsm: fix resource allocation order in gsm_activate_mux()
ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe()
ASoC: imx-card: Fix DSD/PDM mclk frequency
remoteproc: qcom: wcnss: Fix handling of IRQs
vfio/ccw: Do not change FSM state in subchannel event
serial: 8250_fsl: Don't report FE, PE and OE twice
tty: n_gsm: fix wrong T1 retry count handling
tty: n_gsm: fix DM command
tty: n_gsm: fix missing corner cases in gsmld_poll()
MIPS: vdso: Utilize __pa() for gic_pfn
swiotlb: fail map correctly with failed io_tlb_default_mem
ASoC: mt6359: Fix refcount leak bug
serial: 8250_bcm7271: Save/restore RTS in suspend/resume
iommu/exynos: Handle failed IOMMU device registration properly
9p: fix a bunch of checkpatch warnings
9p: Drop kref usage
9p: Add client parameter to p9_req_put()
net: 9p: fix refcount leak in p9_read_work() error handling
MIPS: Fixed __debug_virt_addr_valid()
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
kfifo: fix kfifo_to_user() return type
lib/smp_processor_id: fix imbalanced instrumentation_end() call
proc: fix a dentry lock race between release_task and lookup
remoteproc: qcom: pas: Check if coredump is enabled
remoteproc: sysmon: Wait for SSCTL service to come up
mfd: t7l66xb: Drop platform disable callback
mfd: max77620: Fix refcount leak in max77620_initialise_fps
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
perf tools: Fix dso_id inode generation comparison
s390/dump: fix old lowcore virtual vs physical address confusion
s390/maccess: fix semantics of memcpy_real() and its callers
s390/crash: fix incorrect number of bytes to copy to user space
s390/zcore: fix race when reading from hardware system area
ASoC: fsl_asrc: force cast the asrc_format type
ASoC: fsl-asoc-card: force cast the asrc_format type
ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format
ASoC: imx-card: use snd_pcm_format_t type for asrc_format
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
fuse: Remove the control interface for virtio-fs
ASoC: audio-graph-card: Add of_node_put() in fail path
watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
video: fbdev: amba-clcd: Fix refcount leak bugs
video: fbdev: sis: fix typos in SiS_GetModeID()
ASoC: mchp-spdifrx: disable end of block interrupt on failures
powerpc/32: Call mmu_mark_initmem_nx() regardless of data block mapping.
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
tty: serial: fsl_lpuart: correct the count of break characters
s390/dump: fix os_info virtual vs physical address confusion
s390/smp: cleanup target CPU callback starting
s390/smp: cleanup control register update routines
s390/maccess: rework absolute lowcore accessors
s390/smp: enforce lowcore protection on CPU restart
f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
perf symbol: Fail to read phdr workaround
kprobes: Forbid probing on trampoline and BPF code areas
x86/bus_lock: Don't assume the init value of DEBUGCTLMSR.BUS_LOCK_DETECT to be zero
powerpc/pci: Fix PHB numbering when using opal-phbid
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
scripts/faddr2line: Fix vmlinux detection on arm64
sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
x86/numa: Use cpumask_available instead of hardcoded NULL check
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
tools/thermal: Fix possible path truncations
sched: Fix the check of nr_running at queue wakelist
sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle
sched/core: Do not requeue task on CPU excluded from cpus_mask
x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y
f2fs: allow compression for mmap files in compress_mode=user
f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED
video: fbdev: vt8623fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: s3fb: Check the size of screen before memset_io()
scsi: ufs: core: Correct ufshcd_shutdown() flow
scsi: zfcp: Fix missing auto port scan and thus missing target ports
scsi: qla2xxx: Fix imbalance vha->vref_count
scsi: qla2xxx: Fix discovery issues in FC-AL topology
scsi: qla2xxx: Turn off multi-queue for 8G adapters
scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
scsi: qla2xxx: Fix excessive I/O error messages by default
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
scsi: qla2xxx: Wind down adapter after PCIe error
scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
scsi: qla2xxx: Fix losing target when it reappears during delete
scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
x86/bugs: Enable STIBP for IBPB mitigated RETBleed
ftrace/x86: Add back ftrace_expected assignment
x86/kprobes: Update kcb status flag after singlestepping
x86/olpc: fix 'logical not is only applied to the left hand side'
SMB3: fix lease break timeout when multiple deferred close handles for the same file.
posix-cpu-timers: Cleanup CPU timers before freeing them during exec
Input: gscps2 - check return value of ioremap() in gscps2_probe()
__follow_mount_rcu(): verify that mount_lock remains unchanged
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
drm/mediatek: Allow commands to be sent during video mode
drm/mediatek: Keep dsi as LP00 before dcs cmds transfer
crypto: blake2s - remove shash module
drm/dp/mst: Read the extended DPCD capabilities during system resume
drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
usbnet: smsc95xx: Don't clear read-only PHY interrupt
usbnet: smsc95xx: Avoid link settings race on interrupt reception
usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling
usbnet: smsc95xx: Fix deadlock on runtime resume
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
scsi: lpfc: Fix EEH support for NVMe I/O
scsi: lpfc: SLI path split: Refactor lpfc_iocbq
scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
scsi: lpfc: SLI path split: Refactor SCSI paths
scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID
intel_th: pci: Add Meteor Lake-P support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Raptor Lake-S CPU support
KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
PCI/AER: Iterate over error counters instead of error strings
PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
serial: 8250_pci: Refactor the loop in pci_ite887x_init()
serial: 8250_pci: Replace dev_*() by pci_*() macros
serial: 8250: Fold EndRun device support into OxSemi Tornado code
serial: 8250: Add proper clock handling for OxSemi PCIe devices
tty: 8250: Add support for Brainboxes PX cards.
dm writecache: set a default MAX_WRITEBACK_JOBS
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
net/9p: Initialize the iounit field during fid creation
ARM: remove some dead code
timekeeping: contribute wall clock to rng on time change
locking/csd_lock: Change csdlock_debug from early_param to __setup
block: remove the struct blk_queue_ctx forward declaration
block: don't allow the same type rq_qos add more than once
btrfs: ensure pages are unlocked on cow_file_range() failure
btrfs: reset block group chunk force if we have to wait
btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA
ACPI: CPPC: Do not prevent CPPC from working in the future
powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU
KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl
KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL
KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists
dm raid: fix address sanitizer warning in raid_status
dm raid: fix address sanitizer warning in raid_resume
tracing: Add '__rel_loc' using trace event macros
tracing: Avoid -Warray-bounds warning for __rel_loc macro
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix extent status tree race in writeback error recovery path
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: correct max_inline_xattr_value_size computing
ext4: correct the misjudgment in ext4_iget_extra_inode
ext4: fix warning in ext4_iomap_begin as race between bmap and write
ext4: check if directory block is within i_size
ext4: make sure ext4_append() always allocates new block
ext4: remove EA inode entry from mbcache on inode eviction
ext4: use kmemdup() to replace kmalloc + memcpy
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
KEYS: asymmetric: enforce SM2 signature use pkey algo
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
xen-blkback: fix persistent grants negotiation
xen-blkback: Apply 'feature_persistent' parameter when connect
xen-blkfront: Apply 'feature_persistent' parameter when connect
powerpc: Fix eh field when calling lwarx on PPC32
tracing: Use a struct alignof to determine trace event field alignment
net_sched: cls_route: remove from list when handle is 0
mac80211: fix a memory leak where sta_info is not freed
tcp: fix over estimation in sk_forced_mem_schedule()
crypto: lib/blake2s - reduce stack frame usage in self test
Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
Revert "s390/smp: enforce lowcore protection on CPU restart"
drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function
net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode
drm/vc4: change vc4_dma_range_matches from a global to static
tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
drm/msm: Fix dirtyfb refcounting
drm/meson: Fix refcount leak in meson_encoder_hdmi_init
io_uring: mem-account pbuf buckets
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
drm/bridge: Move devm_drm_of_get_bridge to bridge/panel.c
scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
Linux 5.15.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iec359ed301bcbcd6e19b67ee8534418fab26850b
|
||
Jann Horn
|
3998dc50eb |
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
This is a stable-specific patch.
I botched the stable-specific rewrite of
commit b67fbebd4cf98 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"):
As Hugh pointed out, unmap_region() actually operates on a list of VMAs,
and the variable "vma" merely points to the first VMA in that list.
So if we want to check whether any of the VMAs we're operating on is
PFNMAP or MIXEDMAP, we have to iterate through the list and check each VMA.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Yee Lee
|
625c78e1ae |
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
This reverts commit 23c2d497de21f25898fbea70aeb292ab8acc8c94.
Commit 23c2d497de21 ("mm: kmemleak: take a full lowmem check in
kmemleak_*_phys()") brought false leak alarms on some archs like arm64
that does not init pfn boundary in early booting. The final solution
lands on linux-6.0: commit 0c24e061196c ("mm: kmemleak: add rbtree and
store physical address for objects allocated with PA").
Revert this commit before linux-6.0. The original issue of invalid PA
can be mitigated by additional check in devicetree.
The false alarm report is as following: Kmemleak output: (Qemu/arm64)
unreferenced object 0xffff0000c0170a00 (size 128):
comm "swapper/0", pid 1, jiffies 4294892404 (age 126.208s)
hex dump (first 32 bytes):
62 61 73 65 00 00 00 00 00 00 00 00 00 00 00 00 base............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<(____ptrval____)>] __kmalloc_track_caller+0x1b0/0x2e4
[<(____ptrval____)>] kstrdup_const+0x8c/0xc4
[<(____ptrval____)>] kvasprintf_const+0xbc/0xec
[<(____ptrval____)>] kobject_set_name_vargs+0x58/0xe4
[<(____ptrval____)>] kobject_add+0x84/0x100
[<(____ptrval____)>] __of_attach_node_sysfs+0x78/0xec
[<(____ptrval____)>] of_core_init+0x68/0x104
[<(____ptrval____)>] driver_init+0x28/0x48
[<(____ptrval____)>] do_basic_setup+0x14/0x28
[<(____ptrval____)>] kernel_init_freeable+0x110/0x178
[<(____ptrval____)>] kernel_init+0x20/0x1a0
[<(____ptrval____)>] ret_from_fork+0x10/0x20
This pacth is also applicable to linux-5.17.y/linux-5.18.y/linux-5.19.y
Cc: <stable@vger.kernel.org>
Signed-off-by: Yee Lee <yee.lee@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Steven Price
|
c235c4fc52 |
mm: pagewalk: Fix race between unmap and page walker
[ Upstream commit 8782fb61cc848364e1e1599d76d3c9dd58a1cc06 ]
The mmap lock protects the page walker from changes to the page tables
during the walk. However a read lock is insufficient to protect those
areas which don't have a VMA as munmap() detaches the VMAs before
downgrading to a read lock and actually tearing down PTEs/page tables.
For users of walk_page_range() the solution is to simply call pte_hole()
immediately without checking the actual page tables when a VMA is not
present. We now never call __walk_page_range() without a valid vma.
For walk_page_range_novma() the locking requirements are tightened to
require the mmap write lock to be taken, and then walking the pgd
directly with 'no_vma' set.
This in turn means that all page walkers either have a valid vma, or
it's that special 'novma' case for page table debugging. As a result,
all the odd '(!walk->vma && !walk->no_vma)' tests can be removed.
Fixes:
|
||
|
Jann Horn
|
c18a209b56 |
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
commit 2555283eb40df89945557273121e9393ef9b542b upstream.
anon_vma->degree tracks the combined number of child anon_vmas and VMAs
that use the anon_vma as their ->anon_vma.
anon_vma_clone() then assumes that for any anon_vma attached to
src->anon_vma_chain other than src->anon_vma, it is impossible for it to
be a leaf node of the VMA tree, meaning that for such VMAs ->degree is
elevated by 1 because of a child anon_vma, meaning that if ->degree
equals 1 there are no VMAs that use the anon_vma as their ->anon_vma.
This assumption is wrong because the ->degree optimization leads to leaf
nodes being abandoned on anon_vma_clone() - an existing anon_vma is
reused and no new parent-child relationship is created. So it is
possible to reuse an anon_vma for one VMA while it is still tied to
another VMA.
This is an issue because is_mergeable_anon_vma() and its callers assume
that if two VMAs have the same ->anon_vma, the list of anon_vmas
attached to the VMAs is guaranteed to be the same. When this assumption
is violated, vma_merge() can merge pages into a VMA that is not attached
to the corresponding anon_vma, leading to dangling page->mapping
pointers that will be dereferenced during rmap walks.
Fix it by separately tracking the number of child anon_vmas and the
number of VMAs using the anon_vma as their ->anon_vma.
Fixes:
|
||
Miaohe Lin
|
da60ddd80d |
mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
commit ab74ef708dc51df7cf2b8a890b9c6990fac5c0c6 upstream.
In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page
cache are installed in the ptes. But hugepage_add_new_anon_rmap is called
for them mistakenly because they're not vm_shared. This will corrupt the
page->mapping used by page cache code.
Link: https://lkml.kernel.org/r/20220712130542.18836-1-linmiaohe@huawei.com
Fixes:
|
||
|
Jann Horn
|
3ffb97fce2 |
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
commit b67fbebd4cf980aecbcc750e1462128bffe8ae15 upstream.
Some drivers rely on having all VMAs through which a PFN might be
accessible listed in the rmap for correctness.
However, on X86, it was possible for a VMA with stale TLB entries
to not be listed in the rmap.
This was fixed in mainline with
commit b67fbebd4cf9 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"),
but that commit relies on preceding refactoring in
commit 18ba064e42df3 ("mmu_gather: Let there be one tlb_{start,end}_vma()
implementation") and commit 1e9fdf21a4339 ("mmu_gather: Remove per arch
tlb_{start,end}_vma()").
This patch provides equivalent protection without needing that
refactoring, by forcing a TLB flush between removing PTEs in
unmap_vmas() and the call to unlink_file_vma() in free_pgtables().
[This is a stable-specific rewrite of the upstream commit!]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
David Hildenbrand
|
0038f85933 |
mm/hugetlb: fix hugetlb not supporting softdirty tracking
commit f96f7a40874d7c746680c0b9f57cef2262ae551f upstream.
Patch series "mm/hugetlb: fix write-fault handling for shared mappings", v2.
I observed that hugetlb does not support/expect write-faults in shared
mappings that would have to map the R/O-mapped page writable -- and I
found two case where we could currently get such faults and would
erroneously map an anon page into a shared mapping.
Reproducers part of the patches.
I propose to backport both fixes to stable trees. The first fix needs a
small adjustment.
This patch (of 2):
Staring at hugetlb_wp(), one might wonder where all the logic for shared
mappings is when stumbling over a write-protected page in a shared
mapping. In fact, there is none, and so far we thought we could get away
with that because e.g., mprotect() should always do the right thing and
map all pages directly writable.
Looks like we were wrong:
--------------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mman.h>
#define HUGETLB_SIZE (2 * 1024 * 1024u)
static void clear_softdirty(void)
{
int fd = open("/proc/self/clear_refs", O_WRONLY);
const char *ctrl = "4";
int ret;
if (fd < 0) {
fprintf(stderr, "open(clear_refs) failed\n");
exit(1);
}
ret = write(fd, ctrl, strlen(ctrl));
if (ret != strlen(ctrl)) {
fprintf(stderr, "write(clear_refs) failed\n");
exit(1);
}
close(fd);
}
int main(int argc, char **argv)
{
char *map;
int fd;
fd = open("/dev/hugepages/tmp", O_RDWR | O_CREAT);
if (!fd) {
fprintf(stderr, "open() failed\n");
return -errno;
}
if (ftruncate(fd, HUGETLB_SIZE)) {
fprintf(stderr, "ftruncate() failed\n");
return -errno;
}
map = mmap(NULL, HUGETLB_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (map == MAP_FAILED) {
fprintf(stderr, "mmap() failed\n");
return -errno;
}
*map = 0;
if (mprotect(map, HUGETLB_SIZE, PROT_READ)) {
fprintf(stderr, "mmprotect() failed\n");
return -errno;
}
clear_softdirty();
if (mprotect(map, HUGETLB_SIZE, PROT_READ|PROT_WRITE)) {
fprintf(stderr, "mmprotect() failed\n");
return -errno;
}
*map = 0;
return 0;
}
--------------------------------------------------------------------------
Above test fails with SIGBUS when there is only a single free hugetlb page.
# echo 1 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
# ./test
Bus error (core dumped)
And worse, with sufficient free hugetlb pages it will map an anonymous page
into a shared mapping, for example, messing up accounting during unmap
and breaking MAP_SHARED semantics:
# echo 2 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
# ./test
# cat /proc/meminfo | grep HugePages_
HugePages_Total: 2
HugePages_Free: 1
HugePages_Rsvd: 18446744073709551615
HugePages_Surp: 0
Reason in this particular case is that vma_wants_writenotify() will
return "true", removing VM_SHARED in vma_set_page_prot() to map pages
write-protected. Let's teach vma_wants_writenotify() that hugetlb does not
support softdirty tracking.
Link: https://lkml.kernel.org/r/20220811103435.188481-1-david@redhat.com
Link: https://lkml.kernel.org/r/20220811103435.188481-2-david@redhat.com
Fixes:
|
||
Liu Shixin
|
16a12ee619 |
bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem
commit dd0ff4d12dd284c334f7e9b07f8f335af856ac78 upstream.
The vmemmap pages is marked by kmemleak when allocated from memblock.
Remove it from kmemleak when freeing the page. Otherwise, when we reuse
the page, kmemleak may report such an error and then stop working.
kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)
kmemleak: Kernel memory leak detector disabled
kmemleak: Object 0xffff98fb6be00000 (size 335544320):
kmemleak: comm "swapper", pid 0, jiffies 4294892296
kmemleak: min_count = 0
kmemleak: count = 0
kmemleak: flags = 0x1
kmemleak: checksum = 0
kmemleak: backtrace:
Link: https://lkml.kernel.org/r/20220819094005.2928241-1-liushixin2@huawei.com
Fixes:
|
||
Badari Pulavarty
|
ddcb069613 |
mm/damon/dbgfs: avoid duplicate context directory creation
commit d26f60703606ab425eee9882b32a1781a8bed74d upstream.
When user tries to create a DAMON context via the DAMON debugfs interface
with a name of an already existing context, the context directory creation
fails but a new context is created and added in the internal data
structure, due to absence of the directory creation success check. As a
result, memory could leak and DAMON cannot be turned on. An example test
case is as below:
# cd /sys/kernel/debug/damon/
# echo "off" > monitor_on
# echo paddr > target_ids
# echo "abc" > mk_context
# echo "abc" > mk_context
# echo $$ > abc/target_ids
# echo "on" > monitor_on <<< fails
Return value of 'debugfs_create_dir()' is expected to be ignored in
general, but this is an exceptional case as DAMON feature is depending
on the debugfs functionality and it has the potential duplicate name
issue. This commit therefore fixes the issue by checking the directory
creation failure and immediately return the error in the case.
Link: https://lkml.kernel.org/r/20220821180853.2400-1-sj@kernel.org
Fixes:
|
||
Khazhismel Kumykov
|
f96b9f7c16 |
writeback: avoid use-after-free after removing device
commit f87904c075515f3e1d8f4a7115869d3b914674fd upstream.
When a disk is removed, bdi_unregister gets called to stop further
writeback and wait for associated delayed work to complete. However,
wb_inode_writeback_end() may schedule bandwidth estimation dwork after
this has completed, which can result in the timer attempting to access the
just freed bdi_writeback.
Fix this by checking if the bdi_writeback is alive, similar to when
scheduling writeback work.
Since this requires wb->work_lock, and wb_inode_writeback_end() may get
called from interrupt, switch wb->work_lock to an irqsafe lock.
Link: https://lkml.kernel.org/r/20220801155034.3772543-1-khazhy@google.com
Fixes:
|
||
|
Miaohe Lin
|
9fc8d3bee7 |
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
[ Upstream commit 7f82f922319ede486540e8746769865b9508d2c2 ] Since the beginning, charged is set to 0 to avoid calling vm_unacct_memory twice because vm_unacct_memory will be called by above unmap_region. But since commit |
||
Tianyu Li
|
4465215448 |
mm/mempolicy: fix get_nodes out of bound access
[ Upstream commit 000eca5d044d1ee23b4ca311793cf3fc528da6c6 ]
When user specified more nodes than supported, get_nodes will access nmask
array out of bounds.
Link: https://lkml.kernel.org/r/20220601093211.2970565-1-tianyu.li@arm.com
Fixes:
|
||
|
Miaohe Lin
|
d56c5eac84 |
mm/memremap: fix memunmap_pages() race with get_dev_pagemap()
[ Upstream commit 1e57ffb6e3fd9583268c6462c4e3853575b21701 ]
Think about the below scene:
CPU1 CPU2
memunmap_pages
percpu_ref_exit
__percpu_ref_exit
free_percpu(percpu_count);
/* percpu_count is freed here! */
get_dev_pagemap
xa_load(&pgmap_array, PHYS_PFN(phys))
/* pgmap still in the pgmap_array */
percpu_ref_tryget_live(&pgmap->ref)
if __ref_is_percpu
/* __PERCPU_REF_ATOMIC_DEAD not set yet */
this_cpu_inc(*percpu_count)
/* access freed percpu_count here! */
ref->percpu_count_ptr = __PERCPU_REF_ATOMIC_DEAD;
/* too late... */
pageunmap_range
To fix the issue, do percpu_ref_exit() after pgmap_array is emptied. So
we won't do percpu_ref_tryget_live() against a being freed percpu_ref.
Link: https://lkml.kernel.org/r/20220609121305.2508-1-linmiaohe@huawei.com
Fixes:
|
||
Christoph Hellwig
|
d18a908565 |
memremap: remove support for external pgmap refcounts
[ Upstream commit b80892ca022e9eb484771a66eb68e12364695a2a ] No driver is left using the external pgmap refcount, so remove the code to support it. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Link: https://lore.kernel.org/r/20211028151017.50234-1-hch@lst.de Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
046ce7a74e |
Merge 5.15.59 into android14-5.15
Changes in 5.15.59
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
Revert "ocfs2: mount shared volume without ha stack"
ntfs: fix use-after-free in ntfs_ucsncmp()
fs: sendfile handles O_NONBLOCK of out_fd
secretmem: fix unhandled fault in truncate
mm: fix page leak with multiple threads mapping the same page
hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte
asm-generic: remove a broken and needless ifdef conditional
s390/archrandom: prevent CPACF trng invocations in interrupt context
nouveau/svm: Fix to migrate all requested pages
drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid()
watch_queue: Fix missing rcu annotation
watch_queue: Fix missing locking in add_watch_to_object()
tcp: Fix data-races around sysctl_tcp_dsack.
tcp: Fix a data-race around sysctl_tcp_app_win.
tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
tcp: Fix a data-race around sysctl_tcp_frto.
tcp: Fix a data-race around sysctl_tcp_nometrics_save.
tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
ice: do not setup vlan for loopback VSI
scsi: ufs: host: Hold reference returned by of_parse_phandle()
Revert "tcp: change pingpong threshold to 3"
octeontx2-pf: Fix UDP/TCP src and dst port tc filters
tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
scsi: core: Fix warning in scsi_alloc_sgtables()
scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
net: ping6: Fix memleak in ipv6_renew_options().
ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
net/tls: Remove the context from the list in tls_device_down
igmp: Fix data-races around sysctl_igmp_qrv.
net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
tcp: Fix a data-race around sysctl_tcp_autocorking.
tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
Documentation: fix sctp_wmem in ip-sysctl.rst
macsec: fix NULL deref in macsec_add_rxsa
macsec: fix error message in macsec_add_rxsa and _txsa
macsec: limit replay window size with XPN
macsec: always read MACSEC_SA_ATTR_PN as a u64
net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa()
net: mld: fix reference count leak in mld_{query | report}_work()
tcp: Fix data-races around sk_pacing_rate.
net: Fix data-races around sysctl_[rw]mem(_offset)?.
tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
tcp: Fix data-races around sysctl_tcp_reflect_tos.
ipv4: Fix data-races around sysctl_fib_notify_on_flag_change.
i40e: Fix interface init with MSI interrupts (no MSI-X)
sctp: fix sleep in atomic context bug in timer handlers
octeontx2-pf: cn10k: Fix egress ratelimit configuration
netfilter: nf_queue: do not allow packet truncation below transport header offset
virtio-net: fix the race between refill work and close
perf symbol: Correct address for bss symbols
sfc: disable softirqs for ptp TX
sctp: leave the err path free in sctp_stream_init to sctp_stream_free
ARM: crypto: comment out gcc warning that breaks clang builds
mm/hmm: fault non-owner device private entries
page_alloc: fix invalid watermark check on a negative value
ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
EDAC/ghes: Set the DIMM label unconditionally
docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed
locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter
x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
Linux 5.15.59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4f2002d38aea467e150a912f50d456c41b23de89
|
||
Marc Zyngier
|
d7ddd989d6 |
ANDROID: mm/vmalloc: Add arch-specific callbacks to track io{remap,unmap} physical pages
Add a pair of hooks (ioremap_phys_range_hook/iounmap_phys_range_hook) that can be implemented by an architecture. Contrary to the existing arch_sync_kernel_mappings(), this one tracks things at the physical address level. This is specially useful in these virtualised environments where the guest has to tell the host whether (and how) it intends to use a MMIO device. Signed-off-by: Marc Zyngier <maz@kernel.org> Bug: 233587962 Change-Id: I970c2e632cb2b01060d5e66e4194fa9248188f43 Signed-off-by: Will Deacon <willdeacon@google.com> |
||
Will Deacon
|
432cf24bb2 |
Revert "ANDROID: mm/vmalloc: Add arch-specific callbacks to track io{remap,unmap} physical pages"
This reverts commit
|
||
Jaewon Kim
|
86e83233dd |
page_alloc: fix invalid watermark check on a negative value
commit 9282012fc0aa248b77a69f5eb802b67c5a16bb13 upstream. There was a report that a task is waiting at the throttle_direct_reclaim. The pgscan_direct_throttle in vmstat was increasing. This is a bug where zone_watermark_fast returns true even when the free is very low. The commit |
||
Ralph Campbell
|
51a772c34e |
mm/hmm: fault non-owner device private entries
commit 8a295dbbaf7292c582a40ce469c326f472d51f66 upstream.
If hmm_range_fault() is called with the HMM_PFN_REQ_FAULT flag and a
device private PTE is found, the hmm_range::dev_private_owner page is used
to determine if the device private page should not be faulted in.
However, if the device private page is not owned by the caller,
hmm_range_fault() returns an error instead of calling migrate_to_ram() to
fault in the page.
For example, if a page is migrated to GPU private memory and a RDMA fault
capable NIC tries to read the migrated page, without this patch it will
get an error. With this patch, the page will be migrated back to system
memory and the NIC will be able to read the data.
Link: https://lkml.kernel.org/r/20220727000837.4128709-2-rcampbell@nvidia.com
Link: https://lkml.kernel.org/r/20220725183615.4118795-2-rcampbell@nvidia.com
Fixes:
|
||
|
Miaohe Lin
|
dc124c849c |
hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte
commit da9a298f5fad0dc615079a340da42928bc5b138e upstream.
When alloc_huge_page fails, *pagep is set to NULL without put_page first.
So the hugepage indicated by *pagep is leaked.
Link: https://lkml.kernel.org/r/20220709092629.54291-1-linmiaohe@huawei.com
Fixes:
|
||
Josef Bacik
|
2722fb0f70 |
mm: fix page leak with multiple threads mapping the same page
commit 3fe2895cfecd03ac74977f32102b966b6589f481 upstream. We have an application with a lot of threads that use a shared mmap backed by tmpfs mounted with -o huge=within_size. This application started leaking loads of huge pages when we upgraded to a recent kernel. Using the page ref tracepoints and a BPF program written by Tejun Heo we were able to determine that these pages would have multiple refcounts from the page fault path, but when it came to unmap time we wouldn't drop the number of refs we had added from the faults. I wrote a reproducer that mmap'ed a file backed by tmpfs with -o huge=always, and then spawned 20 threads all looping faulting random offsets in this map, while using madvise(MADV_DONTNEED) randomly for huge page aligned ranges. This very quickly reproduced the problem. The problem here is that we check for the case that we have multiple threads faulting in a range that was previously unmapped. One thread maps the PMD, the other thread loses the race and then returns 0. However at this point we already have the page, and we are no longer putting this page into the processes address space, and so we leak the page. We actually did the correct thing prior to |
||
Mike Rapoport
|
70d0ce332d |
secretmem: fix unhandled fault in truncate
commit 84ac013046ccc438af04b7acecd4d3ab84fe4bde upstream. syzkaller reports the following issue: BUG: unable to handle page fault for address: ffff888021f7e005 PGD |
||
|
Greg Kroah-Hartman
|
6d2ac8a0a4 |
Merge 5.15.58 into android14-5.15
Changes in 5.15.58 pinctrl: stm32: fix optional IRQ support to gpios riscv: add as-options for modules with assembly compontents mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication lockdown: Fix kexec lockdown bypass with ima policy drm/ttm: fix locking in vmap/vunmap TTM GEM helpers bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision bus: mhi: host: pci_generic: add Telit FN990 Revert "selftest/vm: verify remap destination address in mremap_test" Revert "selftest/vm: verify mmap addr in mremap_test" PCI: hv: Fix multi-MSI to allow more than one MSI vector PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() PCI: hv: Fix interrupt mapping for multi-MSI serial: mvebu-uart: correctly report configured baudrate value batman-adv: Use netif_rx_any_context() any. Revert "mt76: mt7921: Fix the error handling path of mt7921_pci_probe()" Revert "mt76: mt7921e: fix possible probe failure after reboot" mt76: mt7921: use physical addr to unify register access mt76: mt7921e: fix possible probe failure after reboot mt76: mt7921: Fix the error handling path of mt7921_pci_probe() xfs: fix maxlevels comparisons in the btree staging code xfs: fold perag loop iteration logic into helper function xfs: rename the next_agno perag iteration variable xfs: terminate perag iteration reliably on agcount xfs: fix perag reference leak on iteration race with growfs xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() r8152: fix a WOL issue ip: Fix data-races around sysctl_ip_default_ttl. xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe RDMA/irdma: Do not advertise 1GB page size for x722 RDMA/irdma: Fix sleep from invalid context BUG pinctrl: ralink: rename MT7628(an) functions to MT76X8 pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink pinctrl: ralink: Check for null return of devm_kcalloc perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() ipv4/tcp: do not use per netns ctl sockets net: tun: split run_ebpf_filter() and pskb_trim() into different "if statement" mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% sysctl: move some boundary constants from sysctl.c to sysctl_vals tcp: Fix data-races around sysctl_tcp_ecn. drm/amd/display: Support for DMUB HPD interrupt handling drm/amd/display: Add option to defer works of hpd_rx_irq drm/amd/display: Fork thread to offload work of hpd_rx_irq drm/amdgpu/display: add quirk handling for stutter mode drm/amd/display: Ignore First MST Sideband Message Return Error scsi: megaraid: Clear READ queue map's nr_queues scsi: ufs: core: Drop loglevel of WriteBoost message nvme: check for duplicate identifiers earlier nvme: fix block device naming collision e1000e: Enable GPT clock before sending message to CSME Revert "e1000e: Fix possible HW unit hang after an s0ix exit" igc: Reinstate IGC_REMOVED logic and implement it properly ip: Fix data-races around sysctl_ip_no_pmtu_disc. ip: Fix data-races around sysctl_ip_fwd_use_pmtu. ip: Fix data-races around sysctl_ip_fwd_update_priority. ip: Fix data-races around sysctl_ip_nonlocal_bind. ip: Fix a data-race around sysctl_ip_autobind_reuse. ip: Fix a data-race around sysctl_fwmark_reflect. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() tcp: Fix data-races around sysctl_tcp_l3mdev_accept. tcp: Fix data-races around sysctl_tcp_mtu_probing. tcp: Fix data-races around sysctl_tcp_base_mss. tcp: Fix data-races around sysctl_tcp_min_snd_mss. tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp: Fix a data-race around sysctl_tcp_probe_interval. net: stmmac: fix pm runtime issue in stmmac_dvr_remove() net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow mtd: rawnand: gpmi: validate controller clock rate mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times net: dsa: microchip: ksz_common: Fix refcount leak bug net: skb: introduce kfree_skb_reason() net: skb: use kfree_skb_reason() in tcp_v4_rcv() net: skb: use kfree_skb_reason() in __udp4_lib_rcv() net: socket: rename SKB_DROP_REASON_SOCKET_FILTER net: skb_drop_reason: add document for drop reasons net: netfilter: use kfree_drop_reason() for NF_DROP net: ipv4: use kfree_skb_reason() in ip_rcv_core() net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() i2c: mlxcpld: Fix register setting for 400KHz frequency i2c: cadence: Change large transfer count reset logic to be unconditional perf tests: Fix Convert perf time to TSC test for hybrid net: stmmac: fix dma queue left shift overflow issue net/tls: Fix race in TLS device down flow igmp: Fix data-races around sysctl_igmp_llm_reports. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_max_msf. tcp: Fix data-races around keepalive sysctl knobs. tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. tcp: Fix data-races around sysctl_tcp_syncookies. tcp: Fix data-races around sysctl_tcp_migrate_req. tcp: Fix data-races around sysctl_tcp_reordering. tcp: Fix data-races around some timeout sysctl knobs. tcp: Fix a data-race around sysctl_tcp_notsent_lowat. tcp: Fix a data-race around sysctl_tcp_tw_reuse. tcp: Fix data-races around sysctl_max_syn_backlog. tcp: Fix data-races around sysctl_tcp_fastopen. tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. iavf: Fix handling of dummy receive descriptors pinctrl: armada-37xx: Use temporary variable for struct device pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() pinctrl: armada-37xx: Convert to use dev_err_probe() pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context i40e: Fix erroneous adapter reinitialization during recovery process ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero net: stmmac: remove redunctant disable xPCS EEE call gpio: pca953x: only use single read/write for No AI mode gpio: pca953x: use the correct range when do regmap sync gpio: pca953x: use the correct register address when regcache sync during init be2net: Fix buffer overflow in be_get_module_eeprom net: dsa: sja1105: silent spi_device_id warnings net: dsa: vitesse-vsc73xx: silent spi_device_id warnings drm/imx/dcss: Add missing of_node_put() in fail path ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. ip: Fix data-races around sysctl_ip_prot_sock. udp: Fix a data-race around sysctl_udp_l3mdev_accept. tcp: Fix data-races around sysctl knobs related to SYN option. tcp: Fix a data-race around sysctl_tcp_early_retrans. tcp: Fix data-races around sysctl_tcp_recovery. tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. tcp: Fix a data-race around sysctl_tcp_retrans_collapse. tcp: Fix a data-race around sysctl_tcp_stdurg. tcp: Fix a data-race around sysctl_tcp_rfc1337. tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. tcp: Fix data-races around sysctl_tcp_max_reordering. gpio: gpio-xilinx: Fix integer overflow KVM: selftests: Fix target thread to be migrated in rseq_test spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers KVM: Don't null dereference ops->destroy mm/mempolicy: fix uninit-value in mpol_rebind_policy() bpf: Make sure mac_header was set before using it sched/deadline: Fix BUG_ON condition for deboosted tasks x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts dlm: fix pending remove if msg allocation fails x86/uaccess: Implement macros for CMPXCHG on user addresses x86/extable: Tidy up redundant handler functions x86/extable: Get rid of redundant macros x86/mce: Deduplicate exception handling x86/extable: Rework the exception table mechanics x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE bitfield.h: Fix "type of reg too small for mask" test x86/entry_32: Remove .fixup usage x86/extable: Extend extable functionality x86/msr: Remove .fixup usage x86/futex: Remove .fixup usage KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses xhci: dbc: refactor xhci_dbc_init() xhci: dbc: create and remove dbc structure in dbgtty driver. xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit xhci: Set HCD flag to defer primary roothub registration mt76: fix use-after-free by removing a non-RCU wcid pointer iwlwifi: fw: uefi: add missing include guards crypto: qat - set to zero DH parameters before free crypto: qat - use pre-allocated buffers in datapath crypto: qat - refactor submission logic crypto: qat - add backlog mechanism crypto: qat - fix memory leak in RSA crypto: qat - remove dma_free_coherent() for RSA crypto: qat - remove dma_free_coherent() for DH crypto: qat - add param check for RSA crypto: qat - add param check for DH crypto: qat - re-enable registration of algorithms exfat: fix referencing wrong parent directory information after renaming tracing: Have event format check not flag %p* on __get_dynamic_array() tracing: Place trace_pid_list logic into abstract functions tracing: Fix return value of trace_pid_write() um: virtio_uml: Allow probing from devicetree um: virtio_uml: Fix broken device handling in time-travel Bluetooth: Add bt_skb_sendmsg helper Bluetooth: Add bt_skb_sendmmsg helper Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Bluetooth: Fix passing NULL to PTR_ERR Bluetooth: SCO: Fix sco_send_frame returning skb->len Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks exfat: use updated exfat_chain directly during renaming drm/amd/display: Reset DMCUB before HW init drm/amd/display: Optimize bandwidth on following fast update drm/amd/display: Fix surface optimization regression on Carrizo x86/amd: Use IBPB for firmware calls x86/alternative: Report missing return thunk details watchqueue: make sure to serialize 'wqueue->defunct' properly tty: drivers/tty/, stop using tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drop tty_schedule_flip() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() net: usb: ax88179_178a needs FLAG_SEND_ZLP watch-queue: remove spurious double semicolon drm/amd/display: Don't lock connection_mutex for DMUB HPD drm/amd/display: invalid parameter check in dmub_hpd_callback x86/extable: Prefer local labels in .set directives KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() x86/entry_32: Fix segment exceptions drm/amd/display: Fix wrong format specifier in amdgpu_dm.c Linux 5.15.58 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I6655a937b4226d3011278d13df84b25e5ab4b9ef |
||
Wang Cheng
|
8c5429a04c |
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
commit 018160ad314d75b1409129b2247b614a9f35894c upstream. mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL. Check pol->mode before access pol->w.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c). BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline] BUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368 mpol_rebind_policy mm/mempolicy.c:352 [inline] mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368 cpuset_change_task_nodemask kernel/cgroup/cpuset.c:1711 [inline] cpuset_attach+0x787/0x15e0 kernel/cgroup/cpuset.c:2278 cgroup_migrate_execute+0x1023/0x1d20 kernel/cgroup/cgroup.c:2515 cgroup_migrate kernel/cgroup/cgroup.c:2771 [inline] cgroup_attach_task+0x540/0x8b0 kernel/cgroup/cgroup.c:2804 __cgroup1_procs_write+0x5cc/0x7a0 kernel/cgroup/cgroup-v1.c:520 cgroup1_tasks_write+0x94/0xb0 kernel/cgroup/cgroup-v1.c:539 cgroup_file_write+0x4c2/0x9e0 kernel/cgroup/cgroup.c:3852 kernfs_fop_write_iter+0x66a/0x9f0 fs/kernfs/file.c:296 call_write_iter include/linux/fs.h:2162 [inline] new_sync_write fs/read_write.c:503 [inline] vfs_write+0x1318/0x2030 fs/read_write.c:590 ksys_write+0x28b/0x510 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0xdb/0x120 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] slab_alloc mm/slub.c:3259 [inline] kmem_cache_alloc+0x902/0x11c0 mm/slub.c:3264 mpol_new mm/mempolicy.c:293 [inline] do_set_mempolicy+0x421/0xb70 mm/mempolicy.c:853 kernel_set_mempolicy mm/mempolicy.c:1504 [inline] __do_sys_set_mempolicy mm/mempolicy.c:1510 [inline] __se_sys_set_mempolicy+0x44c/0xb60 mm/mempolicy.c:1507 __x64_sys_set_mempolicy+0xd8/0x110 mm/mempolicy.c:1507 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae KMSAN: uninit-value in mpol_rebind_task (2) https://syzkaller.appspot.com/bug?id=d6eb90f952c2a5de9ea718a1b873c55cb13b59dc This patch seems to fix below bug too. KMSAN: uninit-value in mpol_rebind_mm (2) https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). When syzkaller reproducer runs to the beginning of mpol_new(), mpol_new() mm/mempolicy.c do_mbind() mm/mempolicy.c kernel_mbind() mm/mempolicy.c `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` is 0. Then mode = MPOL_LOCAL; ... policy->mode = mode; policy->flags = flags; will be executed. So in mpol_set_nodemask(), mpol_set_nodemask() mm/mempolicy.c do_mbind() kernel_mbind() pol->mode is 4 (MPOL_LOCAL), that `nodemask` in `pol` is not initialized, which will be accessed in mpol_rebind_policy(). Link: https://lkml.kernel.org/r/20220512123428.fq3wofedp6oiotd4@ppc.localdomain Signed-off-by: Wang Cheng <wanngchenng@gmail.com> Reported-by: <syzbot+217f792c92599518a2ab@syzkaller.appspotmail.com> Tested-by: <syzbot+217f792c92599518a2ab@syzkaller.appspotmail.com> Cc: David Rientjes <rientjes@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
56f32ebb01 |
Merge 5.15.56 into android14-5.15
Changes in 5.15.56
ALSA: hda - Add fixup for Dell Latitidue E5430
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
ALSA: hda/realtek: Fix headset mic for Acer SF313-51
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
fix race between exit_itimers() and /proc/pid/timers
mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
mm: split huge PUD on wp_huge_pud fallback
tracing/histograms: Fix memory leak problem
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
ip: fix dflt addr selection for connected nexthop
ARM: 9213/1: Print message about disabled Spectre workarounds only once
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
wifi: mac80211: fix queue selection for mesh/OCB interfaces
cgroup: Use separate src/dst nodes when preloading css_sets for migration
btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents
drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error
drm/panfrost: Fix shrinker list corruption by madvise IOCTL
fs/remap: constrain dedupe of EOF blocks
nilfs2: fix incorrect masking of permission flags for symlinks
sh: convert nommu io{re,un}map() to static inline functions
Revert "evm: Fix memleak in init_desc"
xfs: only run COW extent recovery when there are no live extents
xfs: don't include bnobt blocks when reserving free block pool
xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
xfs: drop async cache flushes from CIL commits.
reset: Fix devm bulk optional exclusive control getter
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
spi: amd: Limit max transfer and message size
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
ARM: 9210/1: Mark the FDT_FIXED sections as shareable
net/mlx5e: kTLS, Fix build time constant test in TX
net/mlx5e: kTLS, Fix build time constant test in RX
net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
net/mlx5e: Fix capability check for updating vnic env counters
net/mlx5e: Ring the TX doorbell on DMA errors
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
ima: Fix a potential integer overflow in ima_appraise_measurement
ASoC: sgtl5000: Fix noise on shutdown/remove
ASoC: tas2764: Add post reset delays
ASoC: tas2764: Fix and extend FSYNC polarity handling
ASoC: tas2764: Correct playback volume range
ASoC: tas2764: Fix amp gain register offset & default
ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
net: stmmac: dwc-qos: Disable split header for Tegra194
net: ethernet: ti: am65-cpsw: Fix devlink port register sequence
sysctl: Fix data races in proc_dointvec().
sysctl: Fix data races in proc_douintvec().
sysctl: Fix data races in proc_dointvec_minmax().
sysctl: Fix data races in proc_douintvec_minmax().
sysctl: Fix data races in proc_doulongvec_minmax().
sysctl: Fix data races in proc_dointvec_jiffies().
tcp: Fix a data-race around sysctl_tcp_max_orphans.
inetpeer: Fix data-races around sysctl.
net: Fix data-races around sysctl_mem.
cipso: Fix data-races around sysctl.
icmp: Fix data-races around sysctl.
ipv4: Fix a data-race around sysctl_fib_sync_mem.
ARM: dts: at91: sama5d2: Fix typo in i2s1 node
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
netfilter: nf_log: incorrect offset to network header
netfilter: nf_tables: replace BUG_ON by element length check
drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
lockd: set fl_owner when unlocking files
lockd: fix nlm_close_files
tracing: Fix sleeping while atomic in kdb ftdump
drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
drm/i915/dg2: Add Wa_22011100796
drm/i915/gt: Serialize GRDOM access between multiple engine resets
drm/i915/gt: Serialize TLB invalidates with GT resets
drm/i915/uc: correctly track uc_fw init failure
drm/i915: Require the vm mutex for i915_vma_bind()
bnxt_en: Fix bnxt_reinit_after_abort() code path
bnxt_en: Fix bnxt_refclk_read()
sysctl: Fix data-races in proc_dou8vec_minmax().
sysctl: Fix data-races in proc_dointvec_ms_jiffies().
icmp: Fix data-races around sysctl_icmp_echo_enable_probe.
icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses.
icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
icmp: Fix a data-race around sysctl_icmp_ratelimit.
icmp: Fix a data-race around sysctl_icmp_ratemask.
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
ipv4: Fix data-races around sysctl_ip_dynaddr.
nexthop: Fix data-races around nexthop_compat_mode.
net: ftgmac100: Hold reference returned by of_get_child_by_name()
net: stmmac: fix leaks in probe
ima: force signature verification when CONFIG_KEXEC_SIG is configured
ima: Fix potential memory leak in ima_init_crypto()
drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines.
drm/amd/pm: Prevent divide by zero
sfc: fix use after free when disabling sriov
ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host
seg6: fix skb checksum evaluation in SRH encapsulation/insertion
seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
sfc: fix kernel panic when creating VF
net: atlantic: remove deep parameter on suspend/resume functions
net: atlantic: remove aq_nic_deinit() when resume
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
net/tls: Check for errors in tls_device_init
ACPI: video: Fix acpi_video_handles_brightness_key_presses()
mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
btrfs: rename btrfs_bio to btrfs_io_context
btrfs: zoned: fix a leaked bioc in read_zone_info
ksmbd: use SOCK_NONBLOCK type for kernel_accept()
powerpc/xive/spapr: correct bitmap allocation size
vdpa/mlx5: Initialize CVQ vringh only once
vduse: Tie vduse mgmtdev and its device
virtio_mmio: Add missing PM calls to freeze/restore
virtio_mmio: Restore guest page size on resume
netfilter: br_netfilter: do not skip all hooks with 0 priority
scsi: hisi_sas: Limit max hw sectors for v3 HW
cpufreq: pmac32-cpufreq: Fix refcount leak bug
platform/x86: hp-wmi: Ignore Sanitization Mode event
firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer
firmware: sysfb: Add sysfb_disable() helper function
fbdev: Disable sysfb device registration when removing conflicting FBs
net: tipc: fix possible refcount leak in tipc_sk_create()
NFC: nxp-nci: don't print header length mismatch on i2c error
nvme-tcp: always fail a request when sending it failed
nvme: fix regression when disconnect a recovering ctrl
net: sfp: fix memory leak in sfp_probe()
ASoC: ops: Fix off by one in range control validation
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
ASoC: Intel: sof_sdw: handle errors on card registration
ASoC: rt711: fix calibrate mutex initialization
ASoC: rt7*-sdw: harden jack_detect_handler
ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
ASoC: wcd938x: Fix event generation for some controls
ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
ASoC: wm5110: Fix DRE control
ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
ASoC: dapm: Initialise kcontrol data for mux/demux controls
ASoC: cs47l15: Fix event generation for low power mux control
ASoC: madera: Fix event generation for OUT1 demux
ASoC: madera: Fix event generation for rate controls
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
x86: Clear .brk area at early boot
soc: ixp4xx/npe: Fix unused match warning
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
Revert "can: xilinx_can: Limit CANFD brp to 2"
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
ALSA: usb-audio: Add quirk for Fiero SC-01
ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
nvme-pci: phison e16 has bogus namespace ids
signal handling: don't use BUG_ON() for debugging
USB: serial: ftdi_sio: add Belimo device ids
usb: typec: add missing uevent when partner support PD
usb: dwc3: gadget: Fix event pending check
tty: serial: samsung_tty: set dma burst_size to 1
vt: fix memory overlapping when deleting chars in the buffer
serial: 8250: fix return error code in serial8250_request_std_resource()
serial: stm32: Clear prev values before setting RTS delays
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
serial: 8250: Fix PM usage_count for console handover
x86/pat: Fix x86_has_pat_wp()
drm/aperture: Run fbdev removal before internal helpers
Linux 5.15.56
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I763d2a7b49435bf2996b31e201aa9794ab64609e
|
||
Gowans, James
|
e4967d2288 |
mm: split huge PUD on wp_huge_pud fallback
commit 14c99d65941538aa33edd8dc7b1bbbb593c324a2 upstream.
Currently the implementation will split the PUD when a fallback is taken
inside the create_huge_pud function. This isn't where it should be done:
the splitting should be done in wp_huge_pud, just like it's done for PMDs.
Reason being that if a callback is taken during create, there is no PUD
yet so nothing to split, whereas if a fallback is taken when encountering
a write protection fault there is something to split.
It looks like this was the original intention with the commit where the
splitting was introduced, but somehow it got moved to the wrong place
between v1 and v2 of the patch series. Rebase mistake perhaps.
Link: https://lkml.kernel.org/r/6f48d622eb8bce1ae5dd75327b0b73894a2ec407.camel@amazon.com
Fixes:
|
||
Axel Rasmussen
|
27056f20d7 |
mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
commit 73f37dbcfe1763ee2294c7717a1f571e27d17fd8 upstream.
When fallocate() is used on a shmem file, the pages we allocate can end up
with !PageUptodate.
Since UFFDIO_CONTINUE tries to find the existing page the user wants to
map with SGP_READ, we would fail to find such a page, since
shmem_getpage_gfp returns with a "NULL" pagep for SGP_READ if it discovers
!PageUptodate. As a result, UFFDIO_CONTINUE returns -EFAULT, as it would
do if the page wasn't found in the page cache at all.
This isn't the intended behavior. UFFDIO_CONTINUE is just trying to find
if a page exists, and doesn't care whether it still needs to be cleared or
not. So, instead of SGP_READ, pass in SGP_NOALLOC. This is the same,
except for one critical difference: in the !PageUptodate case, SGP_NOALLOC
will clear the page and then return it. With this change, UFFDIO_CONTINUE
works properly (succeeds) on a shmem file which has been fallocated, but
otherwise not modified.
Link: https://lkml.kernel.org/r/20220610173812.1768919-1-axelrasmussen@google.com
Fixes:
|
||
Liujie Xie
|
1ed025b9a1 |
ANDROID: Allow vendor module to reclaim a memcg
Export try_to_free_mem_cgroup_pages function to allow vendor modules to reclaim a memory cgroup.
Bug: 192052083
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Iec6ef50f5c71c62d0c9aa6de90e56a143dac61c1
(cherry picked from commit
|
||
|
Liujie Xie
|
bf24c43b7f |
ANDROID: Export memcg functions to allow module to add new files
Export cgroup_add_legacy_cftypes and a helper function to allow vendor module to expose additional files in the memory cgroup hierarchy.
Bug: 192052083
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Ie2b936b3e77c7ab6d740d1bb6d70e03c70a326a7
(cherry picked from commit
|
||
|
Liujie Xie
|
7af5027889 |
ANDROID: vendor_hooks: add hooks in mem_cgroup subsystem
Add hooks to tune memory policy based on mem_cgroup.
Bug: 192052083
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
Change-Id: Ica1a5409eed86fbd466edd2c7557f94972a40175
(cherry picked from commit
|
||
rongqianfeng
|
8da6ee328b |
ANDROID: vendor_hooks: add hook and OEM data for slab shrink
Some shrinker add lock in count_objects() may cause lock contention issues and lead all task stall on slab shrink. Add vendor hook in do_shrink_slab() for shrinker->count_objects() latency measuring. Add 3 oem data in shrink_control struct. Two is for shrinker->count_objects() and shrinker->scan_objects() latency measuring, other one to store priority, some shrinker know the reclaimer priority can control the memory reclaim more better. Bug: 188684131 Change-Id: I80e9d90179bb52a99c54d9a067c6fcee835bb2ad Signed-off-by: rongqianfeng <rongqianfeng@vivo.com> |
||
zhaoyang.huang
|
109097ed1c |
ANDROID: Add vendor hook for MemcgV2 optimization
The associated vendor hooks/data are used for implementing dynamic memory.low protection based on memcgv2. Bug: 232723420 Test: build pass Change-Id: I2e92bdc2840af1eaaa08ee6427d2a82d78390005 Signed-off-by: zhaoyang.huang <zhaoyang.huang@unisoc.com> |
||
Suren Baghdasaryan
|
0864756fb0 |
Revert "ANDROID: Use the notifier lock to perform file-backed vma teardown"
This reverts commit
|
||
wudean
|
842c68a977 |
ANDROID: vendor_hooks: bypass shrink slab
Add hooks for bypass shrink slab.
Bug: 185951972
(cherry picked from commit
|
||
Liangcai Fan
|
bf46e6f5db |
BACKPORT: mm: khugepaged: recalculate min_free_kbytes after stopping khugepaged
When initializing transparent huge pages, min_free_kbytes would be calculated according to what khugepaged expected. So when transparent huge pages get disabled, min_free_kbytes should be recalculated instead of the higher value set by khugepaged. Link: https://lkml.kernel.org/r/1633937809-16558-1-git-send-email-liangcaifan19@gmail.com Signed-off-by: Liangcai Fan <liangcaifan19@gmail.com> Signed-off-by: Chunyan Zhang <zhang.lyra@gmail.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit bd3400ea173fb611cdf2030d03620185ff6c0b0e) Bug: 235523176 Signed-off-by: Chinwen Chang <chinwen.chang@mediatek.com> Change-Id: I815893d25186847933db2a0872528fb15a00b3c8 |
||
|
Liujie Xie
|
b7ea1c4987 |
ANDROID: vendor_hooks: Add hook in shrink_node_memcgs
Add vendor hook in shrink_node_memcgs to adjust whether to skip memory reclamation of memcg. Bug: 226482420 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I925856353e63c5a821027de4f8476c833e21b982 |
||
|
Liujie Xie
|
5fdfed7d78 |
ANDROID: vendor_hooks: Add hooks for memory when debug
Add vendors hooks for recording memory used Bug: 182443489 Bug: 234407991 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I62d8bb2b6650d8b187b433f97eb833ef0b784df1 |