d4414bc0e93d8da170fd0fc9fef65fe84015677d
322 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Andrii Nakryiko
|
8ee6021740 |
UPSTREAM: bpf: Refactor bpf_link update handling
Make bpf_link update support more generic by making it into another bpf_link_ops methods. This allows generic syscall handling code to be agnostic to various conditionally compiled features (e.g., the case of CONFIG_CGROUP_BPF). This also allows to keep link type-specific code to remain static within respective code base. Refactor existing bpf_cgroup_link code and take advantage of this. Change-Id: I9d722c1923e1268ab7cbb49eb8a444f24cb5bcb7 Signed-off-by: Andrii Nakryiko <andriin@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20200429001614.1544-2-andriin@fb.com |
||
|
Andrii Nakryiko
|
abdd333a74 |
UPSTREAM: bpf: Implement bpf_prog replacement for an active bpf_cgroup_link
Add new operation (LINK_UPDATE), which allows to replace active bpf_prog from under given bpf_link. Currently this is only supported for bpf_cgroup_link, but will be extended to other kinds of bpf_links in follow-up patches. For bpf_cgroup_link, implemented functionality matches existing semantics for direct bpf_prog attachment (including BPF_F_REPLACE flag). User can either unconditionally set new bpf_prog regardless of which bpf_prog is currently active under given bpf_link, or, optionally, can specify expected active bpf_prog. If active bpf_prog doesn't match expected one, no changes are performed, old bpf_link stays intact and attached, operation returns a failure. cgroup_bpf_replace() operation is resolving race between auto-detachment and bpf_prog update in the same fashion as it's done for bpf_link detachment, except in this case update has no way of succeeding because of target cgroup marked as dying. So in this case error is returned. Change-Id: Iec655071f81b5f0129ff5571860ae4aa92ad6459 Signed-off-by: Andrii Nakryiko <andriin@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20200330030001.2312810-3-andriin@fb.com |
||
|
Andrii Nakryiko
|
f361de2131 |
BACKPORT: bpf: Implement bpf_link-based cgroup BPF program attachment
Implement new sub-command to attach cgroup BPF programs and return FD-based bpf_link back on success. bpf_link, once attached to cgroup, cannot be replaced, except by owner having its FD. Cgroup bpf_link supports only BPF_F_ALLOW_MULTI semantics. Both link-based and prog-based BPF_F_ALLOW_MULTI attachments can be freely intermixed. To prevent bpf_cgroup_link from keeping cgroup alive past the point when no BPF program can be executed, implement auto-detachment of link. When cgroup_bpf_release() is called, all attached bpf_links are forced to release cgroup refcounts, but they leave bpf_link otherwise active and allocated, as well as still owning underlying bpf_prog. This is because user-space might still have FDs open and active, so bpf_link as a user-referenced object can't be freed yet. Once last active FD is closed, bpf_link will be freed and underlying bpf_prog refcount will be dropped. But cgroup refcount won't be touched, because cgroup is released already. The inherent race between bpf_cgroup_link release (from closing last FD) and cgroup_bpf_release() is resolved by both operations taking cgroup_mutex. So the only additional check required is when bpf_cgroup_link attempts to detach itself from cgroup. At that time we need to check whether there is still cgroup associated with that link. And if not, exit with success, because bpf_cgroup_link was already successfully detached. Change-Id: I1622792e8b00b598f2b8c2f2e6695cf7698d8196 Signed-off-by: Andrii Nakryiko <andriin@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Roman Gushchin <guro@fb.com> Link: https://lore.kernel.org/bpf/20200330030001.2312810-2-andriin@fb.com |
||
|
Tejun Heo
|
ef2099a9a8 |
BACKPORT: cgroup: use cgrp->kn->id as the cgroup ID
cgroup ID is currently allocated using a dedicated per-hierarchy idr and used internally and exposed through tracepoints and bpf. This is confusing because there are tracepoints and other interfaces which use the cgroupfs ino as IDs. The preceding changes made kn->id exposed as ino as 64bit ino on supported archs or ino+gen (low 32bits as ino, high gen). There's no reason for cgroup to use different IDs. The kernfs IDs are unique and userland can easily discover them and map them back to paths using standard file operations. This patch replaces cgroup IDs with kernfs IDs. * cgroup_id() is added and all cgroup ID users are converted to use it. * kernfs_node creation is moved to earlier during cgroup init so that cgroup_id() is available during init. * While at it, s/cgroup/cgrp/ in psi helpers for consistency. * Fallback ID value is changed to 1 to be consistent with root cgroup ID. Change-Id: Iab2ee05e4e75671c3ee6799e7e2b3358394fec66 Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Namhyung Kim <namhyung@kernel.org> |
||
|
Dan Schatzberg
|
4cf6881ab9 |
BACKPORT: kernel/sched/psi.c: expose pressure metrics on root cgroup
Pressure metrics are already recorded and exposed in procfs for the entire system, but any tool which monitors cgroup pressure has to special case the root cgroup to read from procfs. This patch exposes the already recorded pressure metrics on the root cgroup. Link: http://lkml.kernel.org/r/20190510174938.3361741-1-dschatzberg@fb.com Change-Id: Ie2f8db10835e18421d260147870f1a12898d951b Signed-off-by: Dan Schatzberg <dschatzberg@fb.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Tejun Heo <tj@kernel.org> Cc: Li Zefan <lizefan@huawei.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Roman Gushchin
|
9ab38a20ab |
UPSTREAM: cgroup: add tracing points for cgroup v2 freezer
Add cgroup:cgroup_freeze and cgroup:cgroup_unfreeze events, which are using the existing cgroup tracing infrastructure. Add the cgroup_event event class, which is similar to the cgroup class, but contains an additional integer field to store a new value (the level field is dropped). Also add two tracing events: cgroup_notify_populated and cgroup_notify_frozen, which are raised in a generic way using the TRACE_CGROUP_PATH() macro. This allows to trace cgroup state transitions and is generally helpful for debugging the cgroup freezer code. Change-Id: I6c3f9efafc4d4a7c89332696f7e117ba8e257ade Signed-off-by: Roman Gushchin <guro@fb.com> Signed-off-by: Tejun Heo <tj@kernel.org> |
||
|
Andrey Ignatov
|
4311e3d5a2 |
UPSTREAM: bpf: Support replacing cgroup-bpf program in MULTI mode
The common use-case in production is to have multiple cgroup-bpf programs per attach type that cover multiple use-cases. Such programs are attached with BPF_F_ALLOW_MULTI and can be maintained by different people. Order of programs usually matters, for example imagine two egress programs: the first one drops packets and the second one counts packets. If they're swapped the result of counting program will be different. It brings operational challenges with updating cgroup-bpf program(s) attached with BPF_F_ALLOW_MULTI since there is no way to replace a program: * One way to update is to detach all programs first and then attach the new version(s) again in the right order. This introduces an interruption in the work a program is doing and may not be acceptable (e.g. if it's egress firewall); * Another way is attach the new version of a program first and only then detach the old version. This introduces the time interval when two versions of same program are working, what may not be acceptable if a program is not idempotent. It also imposes additional burden on program developers to make sure that two versions of their program can co-exist. Solve the problem by introducing a "replace" mode in BPF_PROG_ATTACH command for cgroup-bpf programs being attached with BPF_F_ALLOW_MULTI flag. This mode is enabled by newly introduced BPF_F_REPLACE attach flag and bpf_attr.replace_bpf_fd attribute to pass fd of the old program to replace That way user can replace any program among those attached with BPF_F_ALLOW_MULTI flag without the problems described above. Details of the new API: * If BPF_F_REPLACE is set but replace_bpf_fd doesn't have valid descriptor of BPF program, BPF_PROG_ATTACH will return corresponding error (EINVAL or EBADF). * If replace_bpf_fd has valid descriptor of BPF program but such a program is not attached to specified cgroup, BPF_PROG_ATTACH will return ENOENT. BPF_F_REPLACE is introduced to make the user intent clear, since replace_bpf_fd alone can't be used for this (its default value, 0, is a valid fd). BPF_F_REPLACE also makes it possible to extend the API in the future (e.g. add BPF_F_BEFORE and BPF_F_AFTER if needed). Change-Id: I4ff69b3a12eb8672a6e0fdde4decfaafbb00cd3b Signed-off-by: Andrey Ignatov <rdna@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Martin KaFai Lau <kafai@fb.com> Acked-by: Andrii Narkyiko <andriin@fb.com> Link: https://lore.kernel.org/bpf/30cd850044a0057bdfcaaf154b7d2f39850ba813.1576741281.git.rdna@fb.com |
||
|
Tejun Heo
|
f5f21af1aa |
BACKPORT: kernfs: convert kernfs_node->id from union kernfs_node_id to u64
kernfs_node->id is currently a union kernfs_node_id which represents either a 32bit (ino, gen) pair or u64 value. I can't see much value in the usage of the union - all that's needed is a 64bit ID which the current code is already limited to. Using a union makes the code unnecessarily complicated and prevents using 64bit ino without adding practical benefits. This patch drops union kernfs_node_id and makes kernfs_node->id a u64. ino is stored in the lower 32bits and gen upper. Accessors - kernfs[_id]_ino() and kernfs[_id]_gen() - are added to retrieve the ino and gen. This simplifies ID handling less cumbersome and will allow using 64bit inos on supported archs. This patch doesn't make any functional changes. Change-Id: I289fc21fdfd22b7c7cae73626665b0cb100a0c5f Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Alexei Starovoitov <ast@kernel.org> |
||
|
Thomas Gleixner
|
3529f5dfba |
UPSTREAM: treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 451
Based on 1 normalized pattern(s): this file is subject to the terms and conditions of version 2 of the gnu general public license see the file copying in the main directory of the linux distribution for more details extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 5 file(s). Change-Id: I8d95ed3d46b0fab9bdcfcb286a583054ddd7d8ea Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081200.872755311@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Roman Gushchin
|
6a1f2235ff |
BACKPORT: bpf: decouple the lifetime of cgroup_bpf from cgroup itself
Currently the lifetime of bpf programs attached to a cgroup is bound to the lifetime of the cgroup itself. It means that if a user forgets (or intentionally avoids) to detach a bpf program before removing the cgroup, it will stay attached up to the release of the cgroup. Since the cgroup can stay in the dying state (the state between being rmdir()'ed and being released) for a very long time, it leads to a waste of memory. Also, it blocks a possibility to implement the memcg-based memory accounting for bpf objects, because a circular reference dependency will occur. Charged memory pages are pinning the corresponding memory cgroup, and if the memory cgroup is pinning the attached bpf program, nothing will be ever released. A dying cgroup can not contain any processes, so the only chance for an attached bpf program to be executed is a live socket associated with the cgroup. So in order to release all bpf data early, let's count associated sockets using a new percpu refcounter. On cgroup removal the counter is transitioned to the atomic mode, and as soon as it reaches 0, all bpf programs are detached. Because cgroup_bpf_release() can block, it can't be called from the percpu ref counter callback directly, so instead an asynchronous work is scheduled. The reference counter is not socket specific, and can be used for any other types of programs, which can be executed from a cgroup-bpf hook outside of the process context, had such a need arise in the future. Change-Id: I522bed27d3800bf9276272348898ed5b393fa5f2 Signed-off-by: Roman Gushchin <guro@fb.com> Cc: jolsa@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Valdis Kletnieks
|
e485bf7e4d |
UPSTREAM: bpf, cgroups: clean up kerneldoc warnings
Building with W=1 reveals some bitrot: CC kernel/bpf/cgroup.o kernel/bpf/cgroup.c:238: warning: Function parameter or member 'flags' not described in '__cgroup_bpf_attach' kernel/bpf/cgroup.c:367: warning: Function parameter or member 'unused_flags' not described in '__cgroup_bpf_detach' Add a kerneldoc line for 'flags'. Fixing the warning for 'unused_flags' is best approached by removing the unused parameter on the function call. Change-Id: I5bcde82bd6bddb5cc1c1c58867070c6025e5ab8e Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Acked-by: Song Liu <songliubraving@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
Michael Bestas
|
157dbbdf4f |
Merge tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-12-01 * tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common: (401 commits) Linux 4.19.324 9p: fix slab cache name creation for real net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition fs: Fix uninitialized value issue in from_kuid and from_kgid powerpc/powernv: Free name on error in opal_event_init() sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML bpf: use kvzmalloc to allocate BPF verifier environment HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad 9p: Avoid creating multiple slab caches with the same name ALSA: usb-audio: Add endianness annotations vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add custom mixer status quirks for RME CC devices ALSA: pcm: Return 0 when size < start_threshold in capture ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() irqchip/gic-v3: Force propagation of the active state with a read-back USB: serial: option: add Quectel RG650V USB: serial: option: add Fibocom FG132 0x0112 composition ... Conflicts: drivers/usb/dwc3/core.c drivers/usb/dwc3/core.h drivers/usb/dwc3/gadget.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/xattr.c net/qrtr/qrtr.c Change-Id: Icc02e115a2066e9732ea14ccb5fca6ee021cc94c |
||
|
Greg Kroah-Hartman
|
2d76dea417 |
Merge 4.19.323 into android-4.19-stable
Changes in 4.19.323 staging: iio: frequency: ad9833: Get frequency value statically staging: iio: frequency: ad9833: Load clock using clock framework staging: iio: frequency: ad9834: Validate frequency parameter value usbnet: ipheth: fix carrier detection in modes 1 and 4 net: ethernet: use ip_hdrlen() instead of bit shift net: phy: vitesse: repair vsc73xx autonegotiation scripts: kconfig: merge_config: config files: add a trailing newline arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma net/mlx5: Update the list of the PCI supported devices net: ftgmac100: Enable TX interrupt to avoid TX timeout net: dpaa: Pad packets to ETH_ZLEN soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" selftests/vm: remove call to ksft_set_plan() selftests/kcmp: remove call to ksft_set_plan() ASoC: allow module autoloading for table db1200_pids pinctrl: at91: make it work with current gpiolib microblaze: don't treat zero reserved memory regions as error net: ftgmac100: Ensure tx descriptor updates are visible wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() gpio: prevent potential speculation leaks in gpio_device_get_desc() USB: serial: pl2303: add device id for Macrosilicon MS3020 ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() wifi: ath9k: fix parameter check in ath9k_init_debug() wifi: ath9k: Remove error checks when creating debugfs entries netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Bluetooth: btusb: Fix not handling ZPL/short-transfer block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() spi: ppc4xx: handle irq_of_parse_and_map() errors spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() hwmon: (max16065) Fix overflows seen when writing limits mtd: slram: insert break after errors in parsing the map hwmon: (ntc_thermistor) fix module autoloading power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() drm/amd: fix typo drm/amdgpu: Replace one-element array with flexible-array member drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: Replace one-element array with flexible-array member drm/radeon: properly handle vbios fake edid sizing drm/rockchip: vop: Allow 4096px width scaling drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets jfs: fix out-of-bounds in dbNextAG() and diAlloc() drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage ipmi: docs: don't advertise deprecated sysfs entries drm/msm: fix %s null argument error xen: use correct end address of kernel for conflict checking xen/swiotlb: simplify range_straddles_page_boundary() xen/swiotlb: add alignment check for dma buffers selftests/bpf: Fix error compiling test_lru_map.c xz: cleanup CRC32 edits from 2018 kthread: add kthread_work tracepoints kthread: fix task state in kthread worker if being frozen jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso ext4: avoid negative min_clusters in find_group_orlov() ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time perf time-utils: Fix 32-bit nsec parsing clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error PCI: xilinx-nwl: Fix register misspelling RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency pinctrl: single: fix missing error code in pcs_probe() clk: ti: dra7-atl: Fix leak of of_nodes pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function RDMA/cxgb4: Added NULL check for lookup_atid ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() nfsd: call cache_put if xdr_reserve_space returns NULL f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() f2fs: fix typo f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: reduce expensive checkpoint trigger frequency coresight: tmc: sg: Do not leak sg_table netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition tcp: introduce tcp_skb_timestamp_us() helper tcp: check skb is non-NULL in tcp_rto_delta_us() net: qrtr: Update packets cloning when broadcasting netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS crypto: aead,cipher - zeroize key buffer after use Remove *.orig pattern from .gitignore soc: versatile: integrator: fix OF node leak in probe() error path USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer firmware_loader: Block path traversal tty: rp2: Fix reset with non forgiving PCIe host bridges drbd: Fix atomicity violation in drbd_uuid_set_bm() drbd: Add NULL check for net_conf to prevent dereference in state validation ACPI: sysfs: validate return type of _STR method f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() vfs: fix race between evice_inodes() and find_inode()&iput() fs: Fix file_set_fowner LSM hook inconsistencies nfs: fix memory leak in error path of nfs4_do_reclaim PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove usb: yurex: Replace snprintf() with the safer scnprintf() variant USB: misc: yurex: fix race between read and write pps: remove usage of the deprecated ida_simple_xx() API pps: add an error check in parport_attach i2c: aspeed: Update the stop sw state when the bus recovery occurs i2c: isch: Add missed 'else' usb: yurex: Fix inconsistent locking bug in yurex_read() mailbox: rockchip: fix a typo in module autoloading mailbox: bcm2835: Fix timeout during suspend mode ceph: remove the incorrect Fw reference check when dirtying pages netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED netfilter: nf_tables: prevent nf_skb_duplicated corruption r8152: Factor out OOB link list waits net: ethernet: lantiq_etop: fix memory disclosure net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() ipv4: ip_gre: Fix drops of small packets in ipgre_xmit sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin f2fs: Require FMODE_WRITE for atomic write ioctls wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: EC: Do not release locks during operation region accesses ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process ACPICA: iasl: handle empty connection_node wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() signal: Replace BUG_ON()s ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop fbdev: pxafb: Fix possible use after free in pxafb_task() power: reset: brcmstb: Do not go into infinite loop if reset fails ata: sata_sil: Rename sil_blacklist to sil_quirks jfs: UBSAN: shift-out-of-bounds in dbFindBits jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uninit-value access of new_ea in ea_buffer drm/amd/display: Check stream before comparing them drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/printer: Allow NULL data in devcoredump printer scsi: aacraid: Rearrange order of struct aac_srb_unit drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() ext4: ext4_search_dir should return a proper error ext4: fix i_data_sem unlock order in ext4_ind_migrate() spi: s3c64xx: fix timeout counters in flush_fifo selftests: breakpoints: use remaining time to check if suspend succeed selftests: vDSO: fix vDSO symbols lookup for powerpc64 i2c: xiic: Wait for TX empty to avoid missed TX NAKs spi: bcm63xx: Fix module autoloading perf/core: Fix small negative period being ignored parisc: Fix itlb miss handler for 64-bit programs ALSA: core: add isascii() check to card ID generator ext4: no need to continue when the number of entries is 1 ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() parisc: Fix 64-bit userspace syscall path of/irq: Support #msi-cells=<0> in of_msi_get_domain jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error ocfs2: fix the la space leak when unmounting an ocfs2 volume ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: reserve space for inline xattr before attaching reflink tree ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix null-ptr-deref when journal load failed. ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate riscv: define ILLEGAL_POINTER_VALUE for 64bit aoe: fix the potential use-after-free problem in more places clk: rockchip: fix error for unknown clocks media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags media: venus: fix use after free bug in venus_remove due to race condition iio: magnetometer: ak8975: Fix reading for ak099xx sensors tomoyo: fallback to realpath if symlink's pathname does not exist Input: adp5589-keys - fix adp5589_gpio_get_value() btrfs: wait for fixup workers before stopping cleaner kthread during umount gpio: davinci: fix lazy disable ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: update orig_path in ext4_find_extent() arm64: Add Cortex-715 CPU part definition arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more uprobes: fix kernel info leak via "[uprobes]" vma nfsd: use ktime_get_seconds() for timestamps nfsd: fix delegation_blocked() to block correctly for at least 30 seconds rtc: at91sam9: drop platform_data support rtc: at91sam9: fix OF node leak in probe() error path ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook ext4: fix inode tree inconsistency caused by ENOMEM net: ethernet: cortina: Drop TSO support tracing: Remove precision vsnprintf() check from print event drm: Move drm_mode_setcrtc() local re-init to failure path drm/crtc: fix uninitialized variable use even harder virtio_console: fix misc probe bugs Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal bpf: Check percpu map value size first s390/facility: Disable compile time optimization for decompressor code s390/mm: Add cond_resched() to cmm_alloc/free_pages() ext4: nested locking for xattr inode s390/cpum_sf: Remove WARN_ON_ONCE statements ktest.pl: Avoid false positives with grub2 skip regex clk: bcm: bcm53573: fix OF node leak in init i2c: i801: Use a different adapter-name for IDF adapters PCI: Mark Creative Labs EMU20k2 INTx masking as broken media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() usb: chipidea: udc: enable suspend interrupt after usb reset tools/iio: Add memory allocation failure check for trigger_name driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute fbdev: sisfb: Fix strbuf array overflow NFS: Remove print_overflow_msg() SUNRPC: Fix integer overflow in decode_rc_list() tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe netfilter: br_netfilter: fix panic with metadata_dst skb Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change gpio: aspeed: Add the flush write to ensure the write complete. clk: Add (devm_)clk_get_optional() functions clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks gpio: aspeed: Use devm_clk api to manage clock source igb: Do not bring the device up after non-fatal error net: ibm: emac: mal: fix wrong goto ppp: fix ppp_async_encode() illegal access net: ipv6: ensure we call ipv6_mc_down() at most once CDC-NCM: avoid overflow in sanity checking HID: plantronics: Workaround for an unexcepted opposite volume key Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" usb: xhci: Fix problem with xhci resume from suspend usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip net: Fix an unsafe loop on the list posix-clock: Fix missing timespec64 check in pc_clock_settime() arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr*_literal() PCI: Add function 0 DMA alias quirk for Glenfly Arise chip fat: fix uninitialized variable KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() net: dsa: mv88e6xxx: Fix out-of-bound access s390/sclp_vt220: Convert newlines to CRLF instead of LFCR KVM: s390: Change virtual to physical address access in diag 0x258 handler x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET drm/vmwgfx: Handle surface check failure correctly iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() iio: light: opt3001: add missing full-scale range value Bluetooth: Remove debugfs directory on module init failure Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 xhci: Fix incorrect stream context type macro USB: serial: option: add support for Quectel EG916Q-GL USB: serial: option: add Telit FN920C04 MBIM compositions parport: Proper fix for array out-of-bounds access x86/apic: Always explicitly disarm TSC-deadline timer nilfs2: propagate directory read errors from nilfs_find_entry() clk: Fix pointer casting to prevent oops in devm_clk_release() clk: Fix slab-out-of-bounds error in devm_clk_release() RDMA/bnxt_re: Fix incorrect AVID type in WQE structure RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/bnxt_re: Return more meaningful error drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation macsec: don't increment counters for an unrelated SA net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() usb: typec: altmode should keep reference to parent Bluetooth: bnep: fix wild-memory-access in proto_unregister arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64: probes: Fix uprobes for big-endian kernels KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Check if guest address is in memslot udf: fix uninit-value use in udf_get_fileshortad jfs: Fix sanity check in dbMount net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() net: usb: usbnet: fix name regression posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() ALSA: hda/realtek: Update default depop procedure drm/amd: Guard against bad data for ATIF ACPI method ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue nilfs2: fix kernel bug due to missing clearing of buffer delay flag hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event selinux: improve error checking in sel_write_load() arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning xfrm: validate new SA's prefixlen using SA family when sel.family is unset usb: dwc3: remove generic PHY calibrate() calls usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc usb: dwc3: core: Stop processing of pending events if controller is halted cgroup: Fix potential overflow issue when checking max_depth wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys gtp: simplify error handling code in 'gtp_encap_enable()' gtp: allow -1 to be specified as file description from userspace net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT bpf: Fix out-of-bounds write in trie_get_next_key() net: support ip generic csum processing in skb_csum_hwoffload_help net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension netfilter: nft_payload: sanitize offset and length before calling skb_checksum() firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() net: amd: mvme147: Fix probe banner message misc: sgi-gru: Don't disable preemption in GRU driver usbip: tools: Fix detach_port() invalid port error path usb: phy: Fix API devm_usb_put_phy() can not release the phy xhci: Fix Link TRB DMA in command ring stopped completion event Revert "driver core: Fix uevent_show() vs driver detach race" wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower wifi: ath10k: Fix memory leak in management tx wifi: iwlegacy: Clear stale interrupts before resuming device nilfs2: fix potential deadlock with newly created symlinks ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow nilfs2: fix kernel bug due to missing clearing of checked flag mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Linux 4.19.323 Change-Id: I2348f834187153067ab46b3b48b8fe7da9cee1f1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Xiu Jianfeng
|
339df130db |
cgroup: Fix potential overflow issue when checking max_depth
[ Upstream commit 3cc4e13bb1617f6a13e5e6882465984148743cf4 ]
cgroup.max.depth is the maximum allowed descent depth below the current
cgroup. If the actual descent depth is equal or larger, an attempt to
create a new child cgroup will fail. However due to the cgroup->max_depth
is of int type and having the default value INT_MAX, the condition
'level > cgroup->max_depth' will never be satisfied, and it will cause
an overflow of the level after it reaches to INT_MAX.
Fix it by starting the level from 0 and using '>=' instead.
It's worth mentioning that this issue is unlikely to occur in reality,
as it's impossible to have a depth of INT_MAX hierarchy, but should be
be avoided logically.
Fixes:
|
||
|
Michael Bestas
|
eba3e68430 |
Merge tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-10-01 * tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common: (99 commits) Linux 4.19.322 Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" netns: restore ops before calling ops_exit_list cx82310_eth: fix error return code in cx82310_bind() net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket rtmutex: Drop rt_mutex::wait_lock before scheduling drm/i915/fence: Mark debug_fence_free() with __maybe_unused drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused ACPI: processor: Fix memory leaks in error paths of processor_add() ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ila: call nf_unregister_net_hooks() sooner netns: add pre_exit method to struct pernet_operations nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: replace snprintf in show functions with sysfs_emit tracing: Avoid possible softlockup in tracing_iter_reset() ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() uprobes: Use kzalloc to allocate xol area clocksource/drivers/imx-tpm: Fix next event not taking effect sometime clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX VMCI: Fix use-after-free when removing resource in vmci_resource_remove() ... Conflicts: drivers/clk/qcom/clk-alpha-pll.c fs/f2fs/data.c fs/f2fs/file.c fs/f2fs/gc.c fs/f2fs/segment.c Change-Id: Ice6ec779f4f6ec72a1f55e75a9866a60d512eb8c |
||
|
Michael Bestas
|
bf15dd2933 |
Merge tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-09-01 CVE-2024-36972 * tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: (331 commits) Linux 4.19.321 drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var ipc: remove memcg accounting for sops objects in do_semtimedop() scsi: aacraid: Fix double-free on probe failure usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: omap: add missing depopulate in probe error path USB: serial: option: add MeiG Smart SRM825L cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller net: busy-poll: use ktime_get_ns() instead of local_clock() gtp: fix a potential NULL pointer dereference soundwire: stream: fix programming slave ports for non-continous port maps net: prevent mss overflow in skb_segment() ida: Fix crash in ida_free when the bitmap is empty net:rds: Fix possible deadlock in rds_message_put fbmem: Check virtual screen sizes in fb_set_var() fbcon: Prevent that screen size is smaller than font size memcg: enable accounting of ipc resources cgroup/cpuset: Prevent UAF in proc_cpuset_show() ... Conflicts: Documentation/arm64/silicon-errata.txt arch/arm64/include/asm/cpucaps.h arch/arm64/include/asm/cputype.h arch/arm64/kernel/cpu_errata.c drivers/mmc/core/mmc_test.c Change-Id: Id6bbf5f84f4823b601b92267408ab2025b6ba9f4 |
||
|
Greg Kroah-Hartman
|
1b3964c5e0 |
Merge 4.19.322 into android-4.19-stable
Changes in 4.19.322 net: usb: qmi_wwan: add MeiG Smart SRM825L usb: dwc3: st: Add of_node_put() before return in probe function usb: dwc3: st: add missing depopulate in probe error path drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu: fix overflowed array index read warning drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device apparmor: fix possible NULL pointer dereference usbip: Don't submit special requests twice smack: tcp: ipv4, fix incorrect labeling media: uvcvideo: Enforce alignment of frame and interval block: initialize integrity buffer to zero before writing it to media virtio_net: Fix napi_skb_cache_put warning udf: Limit file size to 4TB ALSA: usb-audio: Sanity checks for each pipe and EP types ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check sch/netem: fix use after free in netem_dequeue ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices ata: libata: Fix memory leak for error path in ata_host_alloc() mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K fuse: use unsigned type for getxattr/listxattr size truncation clk: qcom: clk-alpha-pll: Fix the pll post div mask nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function ALSA: hda: Add input value sanity checks to HDMI channel map controls smack: unix sockets: fix accept()ed socket label irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 af_unix: Remove put_pid()/put_cred() in copy_peercred(). netfilter: nf_conncount: fix wrong variable type udf: Avoid excessive partition lengths wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse pcmcia: Use resource_size function on resource object can: bcm: Remove proc entry when dev is unregistered. igb: Fix not clearing TimeSync interrupts for 82580 platform/x86: dell-smbios: Fix error path in dell_smbios_init() cx82310_eth: re-enable ethernet mode after router reboot drivers/net/usb: Remove all strcpy() uses net: usb: don't write directly to netdev->dev_addr usbnet: modern method to get random MAC rfkill: fix spelling mistake contidion to condition net: bridge: add support for sticky fdb entries bridge: switchdev: Allow clearing FDB entry offload indication net: bridge: fdb: convert is_local to bitops net: bridge: fdb: convert is_static to bitops net: bridge: fdb: convert is_sticky to bitops net: bridge: fdb: convert added_by_user to bitops net: bridge: fdb: convert added_by_external_learn to use bitops net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN net: dsa: vsc73xx: fix possible subblocks range of CAPT block iommu/vt-d: Handle volatile descriptor status read cgroup: Protect css->cgroup write under css_set_lock um: line: always fill *error_out in setup_one_line() devres: Initialize an uninitialized struct member pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete PCI: Add missing bridge lock to pci_bus_lock() btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Input: uinput - reject requests with unreasonable number of slots usbnet: ipheth: race between ipheth_close and error handling Squashfs: sanity check symbolic link size of/irq: Prevent device address out-of-bounds read in interrupt map walk ata: pata_macio: Use WARN instead of BUG iio: buffer-dmaengine: fix releasing dma channel on error iio: fix scale application in iio_convert_raw_to_processed_unlocked nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic VMCI: Fix use-after-free when removing resource in vmci_resource_remove() clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime uprobes: Use kzalloc to allocate xol area ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() tracing: Avoid possible softlockup in tracing_iter_reset() nilfs2: replace snprintf in show functions with sysfs_emit nilfs2: protect references to superblock parameters exposed in sysfs netns: add pre_exit method to struct pernet_operations ila: call nf_unregister_net_hooks() sooner ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused rtmutex: Drop rt_mutex::wait_lock before scheduling net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket cx82310_eth: fix error return code in cx82310_bind() netns: restore ops before calling ops_exit_list Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" Linux 4.19.322 Change-Id: I91163696e8593c077f8fe3d59348a68c76a2624b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Waiman Long
|
6760357063 |
cgroup: Protect css->cgroup write under css_set_lock
[ Upstream commit 57b56d16800e8961278ecff0dc755d46c4575092 ] The writing of css->cgroup associated with the cgroup root in rebind_subsystems() is currently protected only by cgroup_mutex. However, the reading of css->cgroup in both proc_cpuset_show() and proc_cgroup_show() is protected just by css_set_lock. That makes the readers susceptible to racing problems like data tearing or caching. It is also a problem that can be reported by KCSAN. This can be fixed by using READ_ONCE() and WRITE_ONCE() to access css->cgroup. Alternatively, the writing of css->cgroup can be moved under css_set_lock as well which is done by this patch. Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
d757552385 |
Merge 4.19.321 into android-4.19-stable
Changes in 4.19.321 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops s390/cio: rename bitmap_size() -> idset_bitmap_size() overflow.h: Add flex_array_size() helper overflow: Implement size_t saturating arithmetic helpers btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: dsa: vsc73xx: pass value in phy_write operation ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output md: clean up invalid BUG_ON in md_ioctl parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). Bluetooth: Make use of __check_timeout on hci_sched_le Bluetooth: hci_core: Fix not handling link timeouts propertly Bluetooth: hci_core: Fix LE quote calculation kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode drm/msm: use drm_debug_enabled() to check for debug categories drm/msm/dpu: don't play tricks with debug macros mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() HID: wacom: Defer calculation of resolution until resolution_code is known cxgb4: add forgotten u64 ivlan cast before shift mmc: dw_mmc: allow biu and ciu clocks to defer ALSA: timer: Relax start tick time check for slave timer elements Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances dm suspend: return -ERESTARTSYS instead of -EINTR scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 media: uvcvideo: Fix integer overflow calculating timestamp ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() memcg: enable accounting of ipc resources fbcon: Prevent that screen size is smaller than font size fbmem: Check virtual screen sizes in fb_set_var() net:rds: Fix possible deadlock in rds_message_put ida: Fix crash in ida_free when the bitmap is empty net: prevent mss overflow in skb_segment() soundwire: stream: fix programming slave ports for non-continous port maps gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure ipc: remove memcg accounting for sops objects in do_semtimedop() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Linux 4.19.321 Change-Id: I5ee663c7c3343a99e3c73dd8f663ca5c4e298478 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Michael Bestas
|
0d750eaafc |
Merge tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: (2363 commits) Linux 4.19.318 i2c: rcar: bring hardware to known state when probing nilfs2: fix kernel bug on rename operation of broken directory SUNRPC: Fix RPC client cleaned up the freed pipefs dentries tcp: avoid too many retransmit packets tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() net: tcp: fix unexcepted socket die when snd_wnd is 0 tcp: refactor tcp_retransmit_timer() libceph: fix race between delayed_work() and ceph_monc_stop() hpet: Support 32-bit userspace USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k USB: serial: option: add Rolling RW350-GL variants USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Fibocom FM350-GL USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Telit generic core-dump composition ARM: davinci: Convert comma to semicolon ... Conflicts: Documentation/devicetree/bindings/sound/rt5645.txt android/abi_gki_aarch64.xml drivers/clk/qcom/clk-rcg2.c drivers/hwtracing/coresight/coresight-etm4x.c drivers/leds/leds-pwm.c drivers/mmc/core/host.c drivers/mmc/core/sdio.c drivers/mmc/host/cqhci.c drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/rpmsg/qcom_glink_native.c drivers/scsi/ufs/ufshcd.c drivers/thermal/thermal_core.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c fs/f2fs/gc.c fs/pstore/ram_core.c include/linux/fs.h include/linux/timer.h include/net/tcp.h init/initramfs.c kernel/events/core.c kernel/sched/idle.c kernel/time/timer.c mm/page_alloc.c net/wireless/scan.c scripts/checkpatch.pl Change-Id: Ice08f3ba5dc64a093bc381710ef2408d963cb983 |
||
|
Chen Ridong
|
27d6dbdc64 |
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
commit 1be59c97c83ccd67a519d8a49486b3a8a73ca28a upstream.
An UAF can happen when /proc/cpuset is read as reported in [1].
This can be reproduced by the following methods:
1.add an mdelay(1000) before acquiring the cgroup_lock In the
cgroup_path_ns function.
2.$cat /proc/<pid>/cpuset repeatly.
3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/
$umount /sys/fs/cgroup/cpuset/ repeatly.
The race that cause this bug can be shown as below:
(umount) | (cat /proc/<pid>/cpuset)
css_release | proc_cpuset_show
css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id);
css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...);
cgroup_destroy_root | mutex_lock(&cgroup_mutex);
rebind_subsystems |
cgroup_free_root |
| // cgrp was freed, UAF
| cgroup_path_ns_locked(cgrp,..);
When the cpuset is initialized, the root node top_cpuset.css.cgrp
will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will
allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated
&cgroup_root.cgrp. When the umount operation is executed,
top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.
The problem is that when rebinding to cgrp_dfl_root, there are cases
where the cgroup_root allocated by setting up the root for cgroup v1
is cached. This could lead to a Use-After-Free (UAF) if it is
subsequently freed. The descendant cgroups of cgroup v1 can only be
freed after the css is released. However, the css of the root will never
be released, yet the cgroup_root should be freed when it is unmounted.
This means that obtaining a reference to the css of the root does
not guarantee that css.cgrp->root will not be freed.
Fix this problem by using rcu_read_lock in proc_cpuset_show().
As cgroup_root is kfree_rcu after commit d23b5c577715
("cgroup: Make operations on the cgroup root_list RCU safe"),
css->cgroup won't be freed during the critical section.
To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to
replace task_get_css with task_css.
[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd
Fixes:
|
||
|
Greg Kroah-Hartman
|
302e1d9773 |
Merge 4.19.316 into android-4.19-stable
Changes in 4.19.316
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
speakup: Fix sizeof() vs ARRAY_SIZE() bug
ring-buffer: Fix a race between readers and resize checks
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
ASoC: da7219-aad: fix usage of device_get_named_child_node()
crypto: bcm - Fix pointer arithmetic
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - Remove forward declaration
crypto: ccp - drop platform ifdef checks
s390/cio: fix tracepoint subchannel type field
jffs2: prevent xattr node from overflowing the eraseblock
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
power: supply: cros_usbpd: provide ID table for avoiding fallback match
nfsd: drop st_mutex before calling move_to_close_lru()
wifi: ath10k: poll service ready message before failing
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
qed: avoid truncating work queue length
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs: cleanup struct utp_task_req_desc
scsi: ufs: add a low-level __ufshcd_issue_tm_cmd helper
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
irqchip/alpine-msi: Fix off-by-one in allocation error path
ACPI: disable -Wstringop-truncation
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
wifi: ath10k: populate board data for WCN3990
macintosh/via-macii: Remove BUG_ON assertions
macintosh/via-macii, macintosh/adb-iop: Clean up whitespace
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
wifi: mwl8k: initialize cmd->addr[] properly
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k/mac: Use '030 reset method on SE/30
m68k: mac: Fix reboot hang on Mac IIci
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
drm/amd/display: Fix potential index out of bounds in color transformation function
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
media: ngene: Add dvb_ca_en50221_init return value check
media: radio-shark2: Avoid led_names truncations
fbdev: sh7760fb: allow modular build
drm/arm/malidp: fix a possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
RDMA/hns: Use complete parentheses in macros
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ext4: avoid excessive credit estimate in ext4_tmpfile()
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: Make the test output consistent and clear
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
greybus: lights: check return of get_channel_from_mode
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
extcon: max8997: select IRQ_DOMAIN instead of depending on it
f2fs: add error prints for debugging mount failure
f2fs: fix to release node block count in error path of f2fs_new_node_page()
serial: sh-sci: Extract sci_dma_rx_chan_invalidate()
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
Input: ims-pcu - fix printf string overflow
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dpu: use kms stored hw mdp block
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
media: stk1160: fix bounds checking in stk1160_copy_video()
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
nfc: nci: Fix uninit-value in nci_rx_work
ipv6: sr: fix memleak in seg6_hmac_init_algo
params: lift param_set_uint_minmax to common code
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
net: fec: avoid lock evasion when reading pps_enable
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
spi: Don't mark message DMA mapped when no transfer in it is
nvmet: fix ns enable/disable possible hang
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
enic: Validate length of nl attributes in enic_set_vf_port
smsc95xx: remove redundant function arguments
smsc95xx: use usbnet->driver_priv
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
net:fec: Add fec_enet_deinit()
kconfig: fix comparison to constant symbols, 'm', 'n'
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
ALSA: timer: Set lower bound of start tick time
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
binder: fix max_thread type inconsistency
mmc: core: Do not force a retune before RPMB switch
nilfs2: fix use-after-free of timer for log writer thread
vxlan: Fix regression when dropping packets due to invalid src addresses
neighbour: fix unaligned access to pneigh_entry
ata: pata_legacy: make legacy_exit() work again
arm64: tegra: Correct Tegra132 I2C alias
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
arm64: dts: hi3798cv200: fix the size of GICR
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
fbdev: savage: Handle err return when savagefb_check_var failed
netfilter: nf_tables: pass context to nft_set_destroy()
netfilter: nftables: rename set element data activation/deactivation functions
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nft_set_rbtree: allow loose matching of closing element in interval
netfilter: nft_set_rbtree: Add missing expired checks
netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
netfilter: nft_set_rbtree: fix null deref on element insertion
netfilter: nft_set_rbtree: fix overlap expiration walk
netfilter: nf_tables: don't skip expired elements during walk
netfilter: nf_tables: GC transaction API to avoid race with control plane
netfilter: nf_tables: adapt set backend to use GC transaction API
netfilter: nf_tables: remove busy mark and gc batch API
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: GC transaction race with abort path
netfilter: nf_tables: defer gc run if previous batch is still pending
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
netfilter: nf_tables: fix memleak when more than 255 elements expired
netfilter: nf_tables: unregister flowtable hooks on netns exit
netfilter: nf_tables: double hook unregistration in netns path
netfilter: nftables: update table flags from the commit phase
netfilter: nf_tables: fix table flag updates
netfilter: nf_tables: disable toggling dormant table state more than once
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19)
netfilter: nft_dynset: fix timeouts later than 23 days
netfilter: nftables: exthdr: fix 4-byte stack OOB write
netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
netfilter: nft_dynset: relax superfluous check on set updates
netfilter: nf_tables: mark newset as dead on transaction abort
netfilter: nf_tables: skip dead set elements in netlink dump
netfilter: nf_tables: validate NFPROTO_* family
netfilter: nft_set_rbtree: skip end interval element from gc
netfilter: nf_tables: set dormant flag on hook register failure
netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
netfilter: nf_tables: do not compare internal table flags on updates
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: discard table flag update with pending basechain deletion
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
net/9p: fix uninit-value in p9_client_rpc()
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
s390/ap: Fix crash in AP internal function modify_bitmap()
nfs: fix undefined behavior in nfs_block_bits()
Linux 4.19.316
Change-Id: I51ad6b82ea33614c19b33c26ae939c4a95430d4f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Vitalii Bursov
|
454de5ed81 |
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
[ Upstream commit a1fd0b9d751f840df23ef0e75b691fc00cfd4743 ]
Change relax_domain_level checks so that it would be possible
to include or exclude all domains from newidle balancing.
This matches the behavior described in the documentation:
-1 no request. use system default or follow request of others.
0 no search.
1 search siblings (hyperthreads in a core).
"2" enables levels 0 and 1, level_max excludes the last (level_max)
level, and level_max+1 includes all levels.
Fixes:
|
||
|
Greg Kroah-Hartman
|
24a799db09 |
Merge 4.19.297 into android-4.19-stable
Changes in 4.19.297 indirect call wrappers: helpers to speed-up indirect calls of builtin net: use indirect calls helpers at the socket layer net: fix kernel-doc warnings for socket.c net: prevent rewrite of msg_name in sock_sendmsg() RDMA/cxgb4: Check skb value for failure to allocate HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect quota: Fix slow quotaoff net: prevent address rewrite in kernel_bind() drm: etvnaviv: fix bad backport leading to warning drm/msm/dsi: skip the wait for video mode done if not applicable ieee802154: ca8210: Fix a potential UAF in ca8210_probe xen-netback: use default TX queue size for vifs drm/vmwgfx: fix typo of sizeof argument ixgbe: fix crash with empty VF macvlan list net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() nfc: nci: assert requested protocol is valid workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() sched,idle,rcu: Push rcu_idle deeper into the idle path dmaengine: stm32-mdma: abort resume if no ongoing transfer usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: dwc3: Soft reset phy on probe for host usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address iio: pressure: bmp280: Fix NULL pointer exception iio: pressure: ms5611: ms5611_prom_is_valid false negative bug mcb: remove is_added flag from mcb_device struct ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Input: powermate - fix use-after-free in powermate_config_complete Input: psmouse - fix fast_reconnect function for PS/2 mode Input: xpad - add PXN V900 support cgroup: Remove duplicates in cgroup v1 tasks file pinctrl: avoid unsafe code pattern in find_pinctrl() x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() x86/alternatives: Disable KASAN in apply_alternatives() dev_forward_skb: do not scrub skb mark within the same name space usb: hub: Guard against accesses to uninitialized BOS descriptors Bluetooth: hci_event: Ignore NULL link key Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: vhci: Fix race when opening vhci device Bluetooth: hci_event: Fix coding style Bluetooth: avoid memcmp() out of bounds warning nfc: nci: fix possible NULL pointer dereference in send_acknowledge() regmap: fix NULL deref on lookup KVM: x86: Mask LVTPC when handling a PMI netfilter: nft_payload: fix wrong mac header matching xfrm: fix a data-race in xfrm_gen_index() xfrm: interface: use DEV_STATS_INC() net: ipv4: fix return value check in esp_remove_trailer net: ipv6: fix return value check in esp_remove_trailer net: rfkill: gpio: prevent value glitch during probe tcp: fix excessive TLP and RACK timeouts from HZ rounding tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb net: usb: smsc95xx: Fix an error code in smsc95xx_reset() i40e: prevent crash on probe if hw registers have invalid values net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve netfilter: nft_set_rbtree: .deactivate fails if element has expired net: pktgen: Fix interface flags printing libceph: fix unaligned accesses in ceph_entity_addr handling libceph: use kernel_connect() ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 btrfs: initialize start_slot in btrfs_log_prealloc_extents i2c: mux: Avoid potential false error message in i2c_mux_add_adapter overlayfs: set ctime when setting mtime and atime gpio: timberdale: Fix potential deadlock on &tgpio->lock ata: libata-eh: Fix compilation warning in ata_eh_link_report() tracing: relax trace_event_eval_update() execution with cond_resched() HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Bluetooth: Avoid redundant authentication Bluetooth: hci_core: Fix build warnings wifi: mac80211: allow transmitting EAPOL frames with tainted key wifi: cfg80211: avoid leaking stack data into trace sky2: Make sure there is at least one frag_addr available drm: panel-orientation-quirks: Add quirk for One Mix 2S btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c Bluetooth: hci_event: Fix using memcmp when comparing keys mtd: rawnand: qcom: Unmap the right resource upon probe failure mtd: spinand: micron: correct bitmask for ecc status mmc: core: Capture correct oemid-bits for eMMC cards Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" ACPI: irq: Fix incorrect return value in acpi_register_gsi() USB: serial: option: add Telit LE910C4-WWX 0x1035 composition USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Fibocom to DELL custom modem FM101R-GL perf: Disallow mis-matched inherited group reads s390/pci: fix iommu bitmap allocation gpio: vf610: set value before the direction to avoid a glitch ASoC: pxa: fix a memory leak in probe() phy: mapphone-mdm6600: Fix runtime PM for remove Bluetooth: hci_sock: fix slab oob read in create_monitor_event Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name xfrm6: fix inet6_dev refcount underflow problem Linux 4.19.297 Change-Id: I495e8b8fbb6416ec3f94094fa905bdde364618b4 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Michal Koutný
|
987fb4353c |
cgroup: Remove duplicates in cgroup v1 tasks file
commit 1ca0b605150501b7dc59f3016271da4eb3e96fce upstream. One PID may appear multiple times in a preloaded pidlist. (Possibly due to PID recycling but we have reports of the same task_struct appearing with different PIDs, thus possibly involving transfer of PID via de_thread().) Because v1 seq_file iterator uses PIDs as position, it leads to a message: > seq_file: buggy .next function kernfs_seq_next did not update position index Conservative and quick fix consists of removing duplicates from `tasks` file (as opposed to removing pidlists altogether). It doesn't affect correctness (it's sufficient to show a PID once), performance impact would be hidden by unconditional sorting of the pidlist already in place (asymptotically). Link: https://lore.kernel.org/r/20230823174804.23632-1-mkoutny@suse.com/ Suggested-by: Firo Yang <firo.yang@suse.com> Signed-off-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Wilson Sung
|
e3167a4609 |
Merge android-4.19-stable (4.19.294) into android-msm-pixel-4.19-lts
Merge 4.19.294 into android-4.19-stable
Linux 4.19.294
Revert "ARM: ep93xx: fix missing-prototype warnings"
Revert "MIPS: Alchemy: fix dbdma2"
Merge 4.19.293 into android-4.19-stable
Linux 4.19.293
dma-buf/sw_sync: Avoid recursive lock during fence signal
* clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
include/linux/clk.h
* scsi: core: raid_class: Remove raid_component_add()
include/linux/raid_class.h
scsi: snic: Fix double free in snic_tgt_create()
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
* rtnetlink: Reject negative ifindexes in RTM_NEWLINK
net/core/rtnetlink.c
* netfilter: nf_queue: fix socket leak
net/netfilter/nf_queue.c
* sched/rt: pick_next_rt_entity(): check list_entry
kernel/sched/rt.c
* mmc: block: Fix in_flight[issue_type] value error
drivers/mmc/core/block.c
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
* lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
lib/clz_ctz.c
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Don't increase MTU when set by user
batman-adv: Trigger events for auto adjusted MTU
nfsd: Fix race to FREE_STATEID and cl_revoked
ibmveth: Use dcbf rather than dcbfl
ipvs: fix racy memcpy in proc_do_sync_threshold
ipvs: Improve robustness to the ipvs sysctl
* bonding: fix macvlan over alb bond support
drivers/net/bonding/bond_alb.c
include/net/bonding.h
* net: remove bond_slave_has_mac_rcu()
include/net/bonding.h
* net/sched: fix a qdisc modification with ambiguous command request
net/sched/sch_api.c
igb: Avoid starting unnecessary workqueues
dccp: annotate data-races in dccp_poll()
* sock: annotate data-races around prot->memory_pressure
include/net/sock.h
net/sctp/socket.c
* tracing: Fix memleak due to race between current_tracer and trace
kernel/trace/trace.c
drm/amd/display: check TG is non-null before checking if enabled
drm/amd/display: do not wait for mpc idle if tg is disabled
* regmap: Account for register length in SMBus I/O limits
drivers/base/regmap/regmap-i2c.c
dm integrity: reduce vmalloc space footprint on 32-bit architectures
dm integrity: increase RECALC_SECTORS to improve recalculate speed
powerpc: Fail build if using recordmcount with binutils v2.37
powerpc: remove leftover code of old GCC version checks
powerpc/32: add stack protector support
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
PCI: acpiphp: Reassign resources on bridge if necessary
net: phy: broadcom: stub c45 read/write for 54810
* net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
net/xfrm/xfrm_user.c
* net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
net/ipv4/tcp_timer.c
virtio-net: set queues after driver_ok
* af_unix: Fix null-ptr-deref in unix_stream_sendpage().
net/unix/af_unix.c
* netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
net/netfilter/nf_conntrack_proto_sctp.c
test_firmware: prevent race conditions by a correct implementation of locking
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
cifs: Release folio lock on fscache read hit.
* ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
sound/usb/quirks-table.h
serial: 8250: Fix oops for port->pm on uart_change_pm()
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ASoC: rt5665: add missed regulator_bulk_disable
* net: do not allow gso_size to be set to GSO_BY_FRAGS
include/linux/virtio_net.h
* sock: Fix misuse of sk_under_memory_pressure()
include/net/sock.h
net/core/sock.c
i40e: fix misleading debug logs
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
netfilter: nft_dynset: disallow object maps
selftests: mirror_gre_changes: Tighten up the TTL test match
* xfrm: add NULL check in xfrm_update_ae_params
net/xfrm/xfrm_user.c
* ip_vti: fix potential slab-use-after-free in decode_session6
net/ipv4/ip_vti.c
* ip6_vti: fix slab-use-after-free in decode_session6
net/ipv6/ip6_vti.c
* xfrm: fix slab-use-after-free in decode_session6
net/xfrm/xfrm_interface_core.c
* xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
net/xfrm/Makefile
* net: af_key: fix sadb_x_filter validation
net/key/af_key.c
* net: xfrm: Fix xfrm_address_filter OOB read
net/xfrm/xfrm_user.c
btrfs: fix BUG_ON condition in btrfs_cancel_balance
powerpc/rtas_flash: allow user copy to flash block cache objects
fbdev: mmp: fix value check in mmphw_probe()
virtio-mmio: don't break lifecycle of vm_dev
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: convert to devm_platform_ioremap_resource
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
block: fix signed int overflow in Amiga partition support
mmc: sunxi: fix deferred probing
mmc: bcm2835: fix deferred probing
* mmc: Remove dev_err() usage after platform_get_irq()
drivers/mmc/host/sdhci-msm.c
mmc: tmio: move tmio_mmc_set_clock() to platform hook
mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock()
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
* USB: dwc3: qcom: fix NULL-deref on suspend
drivers/usb/dwc3/dwc3-qcom.c
* usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
drivers/usb/dwc3/dwc3-qcom.c
irqchip/mips-gic: Use raw spinlock for gic_lock
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
powerpc/64s/radix: Fix soft dirty tracking
powerpc: Move page table dump files in a dedicated subdirectory
powerpc/mm: dump block address translation on book3s/32
powerpc/mm: dump segment registers on book3s/32
powerpc/mm: Move pgtable_t into platform headers
powerpc/mm: move platform specific mmu-xxx.h in platform directories
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: adc: stx104: Implement and utilize register structures
iio: adc: stx104: Utilize iomap interface
* iio: add addac subdirectory
drivers/iio/Kconfig
drivers/iio/Makefile
drivers/iio/addac/Kconfig
drivers/iio/addac/Makefile
* IMA: allow/fix UML builds
security/integrity/ima/Kconfig
drm/amdgpu: Fix potential fence use-after-free v2
* Bluetooth: L2CAP: Fix use-after-free
net/bluetooth/l2cap_core.c
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
gfs2: Fix possible data races in gfs2_show_options()
media: platform: mediatek: vpu: fix NULL ptr dereference
* media: v4l2-mem2mem: add lock to protect parameter num_rdy
include/media/v4l2-mem2mem.h
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
MIPS: dec: prom: Address -Warray-bounds warning
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
udf: Fix uninitialized array access for some pathnames
* HID: add quirk for 03f0:464a HP Elite Presenter Mouse
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
* quota: fix warning in dqgrab()
fs/quota/dquot.c
* quota: Properly disable quotas when add_dquot_ref() fails
fs/quota/dquot.c
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
drm/radeon: Fix integer overflow in radeon_cs_parser_init
selftests: forwarding: tc_flower: Relax success criterion
* lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
lib/mpi/longlong.h
Merge 4.19.292 into android-4.19-stable
* Revert "posix-timers: Ensure timer ID search-loop limit is valid"
include/linux/sched/signal.h
kernel/time/posix-timers.c
Merge 4.19.291 into android-4.19-stable
Merge 4.19.290 into android-4.19-stable
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
* UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
Linux 4.19.292
* sch_netem: fix issues in netem_change() vs get_dist_table()
net/sched/sch_netem.c
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
* scsi: core: Fix legacy /proc parsing buffer overflow
drivers/scsi/scsi_proc.c
* netfilter: nf_tables: report use refcount overflow
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
include/net/netfilter/nf_tables.h
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
* wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
include/net/cfg80211.h
IB/hfi1: Fix possible panic during hotplug remove
* drivers: net: prevent tun_build_skb() to exceed the packet size limit
drivers/net/tun.c
dccp: fix data-race around dp->dccps_mss_cache
* bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
drivers/net/bonding/bond_main.c
* net/packet: annotate data-races around tp->status
net/packet/af_packet.c
mISDN: Update parameter type of dsp_cmx_send()
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
* usb: dwc3: Properly handle processing of pending events
drivers/usb/dwc3/gadget.c
usb-storage: alauda: Fix uninit-value in alauda_check_media()
* binder: fix memory leak in binder_init()
drivers/android/binder.c
drivers/android/binder_alloc.c
drivers/android/binder_alloc.h
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
radix tree test suite: fix incorrect allocation size for pthreads
drm/nouveau/gr: enable memory loads on helper invocation on all channels
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
* ipv6: adjust ndisc_is_useropt() to also return true for PIO
net/ipv6/ndisc.c
mmc: moxart: read scr register without changing byte order
sparc: fix up arch_cpu_finalize_init() build breakage.
* UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
Linux 4.19.291
* drm/edid: fix objtool warning in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
* drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
drivers/base/arch_topology.c
drivers/base/cacheinfo.c
drivers/base/core.c
drivers/base/cpu.c
drivers/base/firmware_loader/fallback.c
drivers/base/platform.c
drivers/base/power/sysfs.c
drivers/base/soc.c
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
ARM: dts: imx6sll: fixup of operating points
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: Make ssi node name same as other platforms
* PM: sleep: wakeirq: fix wake irq arming
drivers/base/power/power.h
drivers/base/power/wakeirq.c
* PM / wakeirq: support enabling wake-up irq after runtime_suspend called
drivers/base/power/power.h
drivers/base/power/runtime.c
drivers/base/power/wakeirq.c
include/linux/pm_wakeirq.h
powerpc/mm/altmap: Fix altmap boundary check
mtd: rawnand: omap_elm: Fix incorrect type in assignment
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
test_firmware: fix a memory leak with reqs buffer
ext2: Drop fragment support
* net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
drivers/net/usb/usbnet.c
* Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
fs/sysv: Null check to prevent null-ptr-deref bug
* USB: zaurus: Add ID for A-300/B-500/C-700
drivers/net/usb/cdc_ether.c
drivers/net/usb/zaurus.c
libceph: fix potential hang in ceph_osdc_notify()
scsi: zfcp: Defer fc_rport blocking until after ADISC response
* tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_net
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_vals[]
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_lock
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_stamp
net/ipv4/tcp_metrics.c
* tcp_metrics: fix addr_same() helper
net/ipv4/tcp_metrics.c
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
* net: add missing data-race annotation for sk_ll_usec
net/core/sock.c
* net: add missing data-race annotations around sk->sk_peek_off
net/core/sock.c
net/unix/af_unix.c
* net: sched: cls_u32: Fix match key mis-addressing
net/sched/cls_u32.c
perf test uprobe_from_different_cu: Skip if there is no gcc
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
KVM: s390: fix sthyi error handling
* word-at-a-time: use the same return type for has_zero regardless of endianness
include/asm-generic/word-at-a-time.h
* loop: Select I/O scheduler 'none' from inside add_disk()
drivers/block/loop.c
* perf: Fix function pointer case
kernel/events/core.c
* net/sched: cls_u32: Fix reference counter leak leading to overflow
net/sched/cls_u32.c
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
drm/client: Fix memory leak in drm_client_target_cloned
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
s390/dasd: fix hanging device after quiesce/resume
virtio-net: fix race between set queues and probe
serial: 8250_dw: Preserve original value of DLF register
* serial: 8250_dw: split Synopsys DesignWare 8250 common functions
drivers/tty/serial/8250/Kconfig
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
tpm_tis: Explicitly check for error code
btrfs: check for commit error at btrfs_attach_transaction_barrier()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Documentation: security-bugs.rst: clarify CVE handling
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
usb: xhci-mtk: set the dma max_seg_size
* USB: quirks: add quirk for Focusrite Scarlett
drivers/usb/core/quirks.c
usb: ohci-at91: Fix the unhandle interrupt when resume
* usb: dwc3: don't reset device side if dwc3 was configured as host-only
drivers/usb/dwc3/core.c
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
* Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
drivers/usb/dwc3/core.c
drivers/usb/dwc3/core.h
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
USB: serial: simple: sort driver entries
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: option: add Quectel EC200A module support
USB: serial: option: support Quectel EM060K_128
* tracing: Fix warning in trace_buffered_event_disable()
kernel/trace/trace_events.c
* ring-buffer: Fix wrong stat of cpu_buffer->read
kernel/trace/ring_buffer.c
ata: pata_ns87415: mark ns87560_tf_read static
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
* block: Fix a source code comment in include/uapi/linux/blkzoned.h
include/uapi/linux/blkzoned.h
ASoC: fsl_spdif: Silence output on stop
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
RDMA/mlx4: Make check for invalid flags stricter
benet: fix return value check in be_lancer_xmit_workarounds()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: refactor nlattr parsing to a separate function
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
team: reset team's flags when down link is P2P device
* bonding: reset bond's flags when down link is P2P device
drivers/net/bonding/bond_main.c
* tcp: Reduce chance of collisions in inet6_hashfn().
include/net/ipv6.h
* ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
net/ipv6/addrconf.c
ethernet: atheros: fix return value check in atl1e_tso_csum()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
fs/ext4/ioctl.c
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Check if pages were allocated before calling free_pages()
* ftrace: Add information on number of page groups allocated
kernel/trace/trace.c
kernel/trace/trace.h
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
PCI/ASPM: Avoid link retraining race
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI: Rework pcie_retrain_link() wait loop
* ext4: Fix reusing stale buffer heads from last failed mounting
fs/ext4/super.c
* ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
fs/ext4/ext4.h
fs/ext4/fsmap.c
fs/ext4/super.c
btrfs: fix extent buffer leak after tree mod log failure at split_node()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
* tcp: annotate data-races around fastopenq.max_qlen
include/linux/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_fastopen.c
* tcp: annotate data-races around tp->notsent_lowat
include/net/tcp.h
net/ipv4/tcp.c
* tcp: annotate data-races around rskq_defer_accept
net/ipv4/tcp.c
* tcp: annotate data-races around tp->linger2
net/ipv4/tcp.c
* net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
include/net/tcp.h
net/ipv4/tcp.c
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nf_tables: fix spurious set element insertion failure
* llc: Don't drop packet from non-root netns.
net/llc/llc_input.c
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
* Revert "tcp: avoid the lookup process failing to get sk in ehash table"
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
net:ipv6: check return value of pskb_trim()
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
pinctrl: amd: Use amd_pinconf_set() for all config options
fbdev: imxfb: warn about invalid left/right margin
spi: bcm63xx: fix max prepend length
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
* wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
net/wireless/wext-core.c
* bpf: Address KCSAN report on bpf_lru_list
kernel/bpf/bpf_lru_list.c
kernel/bpf/bpf_lru_list.h
* sched/fair: Don't balance task to its current running CPU
kernel/sched/fair.c
* posix-timers: Ensure timer ID search-loop limit is valid
include/linux/sched/signal.h
kernel/time/posix-timers.c
md/raid10: prevent soft lockup while flush writes
md: fix data corruption for raid456 when reshape restart while grow up
nbd: Add the maximum limit of allocated index in nbd_dev_add
debugobjects: Recheck debug_objects_enabled before reporting
* ext4: correct inline offset when handling xattrs in inode body
fs/ext4/xattr.c
can: bcm: Fix UAF in bcm_proc_show()
* fuse: revalidate: don't invalidate if interrupted
fs/fuse/dir.c
perf probe: Add test for regression introduced by switch to die_get_decl_file()
tracing/histograms: Add histograms to hist_vars if they have referenced variables
* drm/atomic: Fix potential use-after-free in nonblocking commits
drivers/gpu/drm/drm_atomic.c
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Wait for io return on terminate rport
xtensa: ISS: fix call to split_if_spec
* ring-buffer: Fix deadloop issue on reading trace_pipe
kernel/trace/ring_buffer.c
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
* Revert "8250: add support for ASIX devices with a FIFO bug"
include/linux/serial_8250.h
meson saradc: fix clock divider mask length
ceph: don't let check_caps skip sending responses for revoke msgs
hwrng: imx-rngc - fix the timeout for init and self check
serial: atmel: don't enable IRQs prematurely
fs: dlm: return positive pid value for F_GETLK
md/raid0: add discard support for the 'original' layout
misc: pci_endpoint_test: Re-init completion for every test
misc: pci_endpoint_test: Free IRQs before removing the device
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: qcom: Disable write access to read only registers for IP v2.3.3
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
drivers/pci/quirks.c
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
drivers/pci/pci.c
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
* ext4: only update i_reserved_data_blocks on successful block allocation
fs/ext4/indirect.c
fs/ext4/inode.c
* ext4: fix wrong unit use in ext4_mb_clear_bb
fs/ext4/mballoc.c
perf intel-pt: Fix CYC timestamps after standalone CBR
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
pinctrl: amd: Only use special debounce behavior for GPIO 0
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Fix mistake in handling clearing pins at startup
* net/sched: make psched_mtu() RTNL-less safe
include/net/pkt_sched.h
wifi: airo: avoid uninitialized warning in airo_get_rate()
* ipv6/addrconf: fix a potential refcount underflow for idev
net/ipv6/addrconf.c
NTB: ntb_tool: Add check for devm_kcalloc
NTB: ntb_transport: fix possible memory leak while device_register() fails
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: idt: Fix error handling in idt_pci_driver_init()
* udp6: fix udp6_ehashfn() typo
net/ipv6/udp.c
* icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
net/ipv6/icmp.c
* vrf: Increment Icmp6InMsgs on the original netdev
include/net/addrconf.h
net/ipv6/icmp.c
net/ipv6/reassembly.c
net: mvneta: fix txq_map in case of txq_number==1
* workqueue: clean up WORK_* constant types, clarify masking
include/linux/workqueue.h
kernel/workqueue.c
net: lan743x: Don't sleep in atomic context
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
net/netfilter/nf_conntrack_helper.c
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
* netfilter: nf_tables: reject unbound anonymous set before commit phase
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
include/net/netfilter/nf_tables.h
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* netfilter: nf_tables: use net_generic infra for transaction data
include/net/netfilter/nf_tables.h
include/net/netns/nftables.h
* netfilter: add helper function to set up the nfnetlink header and use it
include/linux/netfilter/nfnetlink.h
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
netfilter: nftables: add helper function to set the base sequence number
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: fix nat hook table deletion
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
ARM: orion5x: fix d2net gpio initialization
btrfs: fix race when deleting quota root from the dirty cow roots list
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
* integrity: Fix possible multiple allocation in integrity_inode_get()
security/integrity/iint.c
bcache: Remove unnecessary NULL point check in node allocations
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: core: disable TRIM on Kingston EMMC04G-M627
NFSD: add encoding of op_recall flag for write delegation
* ALSA: jack: Fix mutex call in snd_jack_report()
sound/core/jack.c
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
sh: dma: Fix DMA channel offset calculation
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
* tcp: annotate data races in __tcp_oow_rate_limited()
net/ipv4/tcp_input.c
* net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
net/bridge/br_if.c
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
* f2fs: fix error path handling in truncate_dnode()
fs/f2fs/node.c
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
* sctp: fix potential deadlock on &net->sctp.addr_wq_lock
net/sctp/socket.c
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
mfd: stmpe: Only disable the regulators if they are enabled
mfd: intel-lpss: Add missing check for platform_get_resource
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: rt5033: Drop rt5033-battery sub-device
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
* extcon: Fix kernel doc of property capability fields to avoid warnings
drivers/extcon/extcon.c
* extcon: Fix kernel doc of property fields to avoid warnings
drivers/extcon/extcon.c
media: usb: siano: Fix warning due to null work_func_t function pointer
* media: videodev2.h: Fix struct v4l2_input tuner index comment
include/uapi/linux/videodev2.h
media: usb: Check az6007_read() return value
sh: j2: Use ioremap() to translate device tree address into kernel memory
w1: fix loop in w1_fini()
* block: change all __u32 annotations to __be32 in affs_hardblocks.h
include/uapi/linux/affs_hardblocks.h
USB: serial: option: add LARA-R6 01B PIDs
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARCv2: entry: avoid a branch
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: comments about hardware auto-save on taken interrupts
* modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
scripts/mod/modpost.c
* modpost: fix section mismatch message for R_ARM_ABS32
scripts/mod/modpost.c
crypto: nx - fix build warnings when DEBUG_FS is not enabled
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
pinctrl: at91-pio4: check return value of devm_kasprintf()
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: cherryview: Return correct value if pin in push-pull mode
* PCI: Add pci_clear_master() stub for non-CONFIG_PCI
include/linux/pci.h
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/radeon: fix possible division-by-zero errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
* soc/fsl/qe: fix usb.c build errors
drivers/soc/fsl/qe/Kconfig
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ARM: ep93xx: fix missing-prototype warnings
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Input: adxl34x - do not hardcode interrupt trigger type
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: drv260x - sleep between polling GO bit
radeon: avoid double free in ci_dpm_init()
* netlink: Add __sock_i_ino() for __netlink_diag_dump().
include/net/sock.h
net/core/sock.c
ipvlan: Fix return value of ipvlan_queue_xmit()
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
* lib/ts_bm: reset initial match offset for every block of text
lib/ts_bm.c
gtp: Fix use-after-free in __gtp_encap_destroy().
* netlink: do not hard code device address lenth in fdb dumps
net/core/rtnetlink.c
* netlink: fix potential deadlock in netlink_set_err()
net/netlink/af_netlink.c
wifi: ath9k: convert msecs to jiffies where needed
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
memstick r592: make memstick_debug_get_tpc_name() static
kexec: fix a memory leak in crash_shrink_memory()
watchdog/perf: more properly prevent false positives with turbo modes
* watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
include/linux/nmi.h
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wl3501_cs: use eth_hw_addr_set()
* net: create netdev->dev_addr assignment helpers
include/linux/etherdevice.h
include/linux/netdevice.h
wl3501_cs: Fix misspelling and provide missing documentation
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix a bunch of formatting issues related to function docs
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
* nfc: constify several pointers to u8, char and sk_buff
include/net/nfc/nfc.h
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
evm: Complete description of evm_inode_setattr()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
* PM: domains: fix integer overflow issues in genpd_parse_state()
drivers/base/power/domain.c
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
* clocksource/drivers: Unify the names to timer-* format
drivers/clocksource/Makefile
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
md/raid10: fix io loss while replacement replace rdev
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
* treewide: Remove uninitialized_var() usage
drivers/clk/clk-gate.c
drivers/gpu/drm/drm_edid.c
drivers/md/dm-io.c
drivers/md/dm-ioctl.c
drivers/md/dm-snap-persistent.c
drivers/md/dm-table.c
fs/fat/dir.c
fs/fuse/control.c
fs/fuse/file.c
fs/overlayfs/copy_up.c
kernel/async.c
kernel/audit.c
kernel/events/core.c
kernel/events/uprobes.c
kernel/exit.c
kernel/futex.c
kernel/trace/ring_buffer.c
lib/radix-tree.c
mm/memcontrol.c
mm/percpu.c
mm/slub.c
mm/swap.c
net/ipv4/netfilter/nf_socket_ipv4.c
net/ipv6/ip6_flowlabel.c
net/ipv6/netfilter/nf_socket_ipv6.c
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
net/sched/cls_flow.c
sound/core/control_compat.c
sound/usb/endpoint.c
drm/amdgpu: Validate VM ioctl flags.
scripts/tags.sh: Resolve gtags empty index generation
* drm/edid: Fix uninitialized variable in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
video: imsttfb: check for ioremap() failures
x86/smp: Use dedicated cache-line for mwait_play_dead()
gfs2: Don't deref jdesc in evict
Linux 4.19.290
x86: fix backwards merge of GDS/SRSO bit
xen/netback: Fix buffer overrun triggered by unusual packet
Documentation/x86: Fix backwards on/off logic about YMM support
x86/xen: Fix secondary processors' FPU initialization
KVM: Add GDS_NO support to KVM
x86/speculation: Add Kconfig option for GDS
x86/speculation: Add force option to GDS mitigation
* x86/speculation: Add Gather Data Sampling mitigation
drivers/base/cpu.c
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
x86/fpu: Mark init functions __init
x86/fpu: Remove cpuinfo argument from init functions
* init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
init/main.c
* init: Invoke arch_cpu_finalize_init() earlier
init/main.c
* init: Remove check_bugs() leftovers
init/main.c
um/cpu: Switch to arch_cpu_finalize_init()
sparc/cpu: Switch to arch_cpu_finalize_init()
sh/cpu: Switch to arch_cpu_finalize_init()
mips/cpu: Switch to arch_cpu_finalize_init()
m68k/cpu: Switch to arch_cpu_finalize_init()
ia64/cpu: Switch to arch_cpu_finalize_init()
ARM: cpu: Switch to arch_cpu_finalize_init()
x86/cpu: Switch to arch_cpu_finalize_init()
* init: Provide arch_cpu_finalize_init()
arch/Kconfig
include/linux/cpu.h
init/main.c
Merge 4.19.289 into android-4.19-stable
Linux 4.19.289
x86/cpu/amd: Add a Zenbleed fix
x86/cpu/amd: Move the errata checking functionality up
x86/microcode/AMD: Load late on both threads too
Merge 4.19.288 into android-4.19-stable
Linux 4.19.288
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/exynos: vidi: fix a wrong error return
ASoC: nau8824: Add quirk to active-high jack-detect
s390/cio: unregister device when the only path is gone
usb: gadget: udc: fix NULL dereference in remove()
nfcsim.c: Fix error checking for debugfs_create_dir
media: cec: core: don't set last_initiator if tx in progress
* arm64: Add missing Set/Way CMO encodings
arch/arm64/include/asm/sysreg.h
* HID: wacom: Add error check to wacom_parse_and_register()
drivers/hid/wacom_sys.c
scsi: target: iscsi: Prevent login threads from racing between each other
* sch_netem: acquire qdisc lock in netem_change()
net/sched/sch_netem.c
netfilter: nfnetlink_osf: fix module autoload
netfilter: nf_tables: disallow element updates of bound anonymous sets
be2net: Extend xmit workaround to BE3 chip
mmc: usdhi60rol0: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: omap: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: mvsdio: convert to devm_platform_ioremap_resource
mmc: mtk-sd: fix deferred probing
net: qca_spi: Avoid high load if QCA7000 is not available
xfrm: Linearize the skb after offloading if needed.
ieee802154: hwsim: Fix possible memory leaks
* rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
include/linux/rcupdate.h
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
* cgroup: Do not corrupt task iteration when rebinding subsystem
kernel/cgroup/cgroup.c
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
nilfs2: fix buffer corruption due to concurrent device reads
ipmi: move message error checking to avoid deadlock
* ipmi: Make the smi watcher be disabled immediately when not needed
include/linux/ipmi_smi.h
x86/purgatory: remove PGO flags
nilfs2: reject devices with insufficient block count
serial: lantiq: add missing interrupt ack
serial: lantiq: Do not swap register read/writes
serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32
serial: lantiq: Change ltq_w32_mask to asc_update_bits
Merge 4.19.287 into android-4.19-stable
Linux 4.19.287
* mmc: block: ensure error propagation for non-blk
drivers/mmc/core/block.c
powerpc: Fix defconfig choice logic when cross compiling
drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
* neighbour: delete neigh_lookup_nodev as not used
include/net/neighbour.h
net/core/neighbour.c
* net: Remove unused inline function dst_hold_and_use()
include/net/dst.h
* neighbour: Remove unused inline function neigh_key_eq16()
include/net/neighbour.h
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
* net: tipc: resize nlattr array to correct size
net/tipc/bearer.c
net: lapbether: only support ethernet devices
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/kms: Don't change EDID when it hasn't actually changed
drm/nouveau/dp: check for NULL nv_connector->native_mode
igb: fix nvm.ops.read() error handling
* sctp: fix an error code in sctp_sf_eat_auth()
net/sctp/sm_statefuns.c
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
* ping6: Fix send to link-local addresses with VRF.
net/ipv6/ping.c
* netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
net/netfilter/nfnetlink.c
* usb: gadget: f_ncm: Fix NTP-32 support
drivers/usb/gadget/function/f_ncm.c
* usb: gadget: f_ncm: Add OS descriptor support
drivers/usb/gadget/function/f_ncm.c
drivers/usb/gadget/function/u_ncm.h
* usb: dwc3: gadget: Reset num TRBs before giving back the request
drivers/usb/dwc3/gadget.c
USB: serial: option: add Quectel EM061KGL series
* Remove DECnet support from kernel
include/linux/netdevice.h
include/linux/netfilter.h
include/linux/netfilter_defs.h
include/net/netns/netfilter.h
include/uapi/linux/netlink.h
net/Kconfig
net/Makefile
net/core/dev.c
net/core/neighbour.c
net/netfilter/core.c
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
xen/blkfront: Only check REQ_FUA for writes
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
* power: supply: Fix logic checking if system is running from battery
drivers/power/supply/power_supply_core.c
irqchip/meson-gpio: Mark OF related data as maybe unused
* regulator: Fix error checking for debugfs_create_dir
drivers/regulator/core.c
* power: supply: Ratelimit no data debug output
drivers/power/supply/power_supply_sysfs.c
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: ab8500: Fix external_power_changed race
Merge "Merge 4.19.286 into android-4.19-stable" into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
Merge "Merge 4.19.285 into android-4.19-stable" into android-4.19-stable
Merge 4.19.286 into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* ANDROID: GKI: update ABI xml for incrementalfs.ko
android/abi_gki_aarch64.xml
Merge 4.19.285 into android-4.19-stable
Linux 4.19.286
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
* ext4: only check dquot_initialize_needed() when debugging
fs/ext4/xattr.c
i2c: sprd: Delete i2c adapter in .remove's error path
pinctrl: meson-axg: add missing GPIOA_18 gpio group
* Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
net/bluetooth/hci_core.c
ceph: fix use-after-free bug for inodes when flushing capsnaps
drm/amdgpu: fix xclk freq on CHIP_STONEY
Input: psmouse - fix OOB access in Elantech protocol
* Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
drivers/input/joystick/xpad.c
batman-adv: Broken sync while rescheduling delayed work
* lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
lib/cpu_rmap.c
* net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net/sched/cls_api.c
* net: sched: move rtm_tca_policy declaration to include file
include/net/pkt_sched.h
net/sched/cls_api.c
* rfs: annotate lockless accesses to RFS sock flow table
include/linux/netdevice.h
net/core/dev.c
* rfs: annotate lockless accesses to sk->sk_rxhash
include/net/sock.h
* Bluetooth: L2CAP: Add missing checks for invalid DCID
net/bluetooth/l2cap_core.c
* Bluetooth: Fix l2cap_disconnect_req deadlock
net/bluetooth/l2cap_core.c
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
spi: qup: Request DMA before enabling clocks
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
* UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
* Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT"
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit"
net/ipv4/tcp.c
* Revert "tcp: factor out __tcp_close() helper"
include/net/tcp.h
net/ipv4/tcp.c
* Revert "tcp: add annotations around sk->sk_shutdown accesses"
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* ANDROID: fix abi break in 4.19.284 for cpuhotplug.h
include/linux/cpuhotplug.h
Merge "Merge 4.19.284 into android-4.19-stable" into android-4.19-stable
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
Linux 4.19.285
wifi: rtlwifi: 8192de: correct checking of IQK reload
* scsi: dpt_i2o: Do not process completions with invalid addresses
drivers/scsi/Kconfig
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
* regmap: Account for register length when chunking
drivers/base/regmap/regmap.c
fbcon: Fix null-ptr-deref in soft_cursor
* ext4: add lockdep annotations for i_data_sem for ea_inode's
fs/ext4/ext4.h
fs/ext4/xattr.c
* selinux: don't use make's grouped targets feature yet
security/selinux/Makefile
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
rsi: Remove unnecessary boolean condition
regulator: da905{2,5}: Remove unnecessary array check
hwmon: (scmi) Remove redundant pointer check
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
lib/dynamic_debug.c: use address-of operator on section symbols
* kernel/extable.c: use address-of operator on section symbols
kernel/extable.c
eth: sun: cassini: remove dead code
* gcc-12: disable '-Wdangling-pointer' warning for now
Makefile
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
* usb: gadget: f_fs: Add unbind event before functionfs_unbind
drivers/usb/gadget/function/f_fs.c
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
* iio: dac: build ad5758 driver when AD5758 is selected
drivers/iio/dac/Makefile
iio: dac: mcp4725: Fix i2c_master_send() return value handling
* HID: wacom: avoid integer overflow in wacom_intuos_inout()
drivers/hid/wacom_wac.c
* HID: google: add jewel USB id
drivers/hid/hid-ids.h
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
ALSA: oss: avoid missing-prototype warnings
* netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
net/netfilter/nf_conntrack_netlink.c
wifi: b43: fix incorrect __packed annotation
* scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
drivers/scsi/scsi_lib.c
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
arch/arm64/mm/fault.c
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
* media: dvb-core: Fix use-after-free due on race condition at dvb_net
include/media/dvb_net.h
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
* media: dvb_demux: fix a bug for the continuity counter
drivers/media/dvb-core/dvb_demux.c
ASoC: ssm2602: Add workaround for playback distortions
* xfrm: Check if_id in inbound policy/secpath match
net/xfrm/xfrm_policy.c
ASoC: dwc: limit the number of overrun messages
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
watchdog: menz069_wdt: fix watchdog initialisation
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
* udp6: Fix race condition in udp6_sendmsg & connect
net/core/sock.c
* net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
net/netlink/af_netlink.c
* ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
include/linux/bitops.h
* net: sched: fix NULL pointer dereference in mq_attach
net/sched/sch_api.c
* net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched/sch_api.c
* net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched/sch_api.c
net/sched/sch_ingress.c
* net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched/sch_ingress.c
* net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched/sch_ingress.c
* tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
net/ipv4/tcp.c
* tcp: deny tcp_disconnect() when threads are waiting
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* af_packet: do not use READ_ONCE() in packet_bind()
net/packet/af_packet.c
amd-xgbe: fix the false linkup in xgbe_phy_status
* af_packet: Fix data-races of pkt_sk(sk)->num.
net/packet/af_packet.c
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
* netfilter: ctnetlink: Support offloaded conntrack entry deletion
net/netfilter/nf_conntrack_netlink.c
* ipv{4,6}/raw: fix output xfrm lookup wrt protocol
include/net/ip.h
include/uapi/linux/in.h
net/ipv4/ip_sockglue.c
net/ipv4/raw.c
net/ipv6/raw.c
* bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
net/bluetooth/hci_sock.c
* cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
power: supply: bq24190: Call power_supply_changed() after updating input current
* power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
drivers/power/supply/power_supply_core.c
include/linux/power_supply.h
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
* net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
Merge 4.19.284 into android-4.19-stable
UPSTREAM: efi: rt-wrapper: Add missing include
* BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
arch/arm64/include/asm/efi.h
* Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
include/uapi/linux/const.h
Merge "Merge 4.19.283 into android-4.19-stable" into android-4.19-stable
Linux 4.19.284
* drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
drivers/base/platform.c
3c589_cs: Fix an error handling path in tc589_probe()
forcedeth: Fix an error handling path in nv_probe()
* ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
include/uapi/sound/skl-tplg-interface.h
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
* coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
drivers/hwtracing/coresight/coresight-tmc-etr.c
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
* power: supply: bq27xxx: Fix poll_interval handling and races on remove
include/linux/power/bq27xxx_battery.h
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
* power: supply: leds: Fix blink to LED on transition
drivers/power/supply/power_supply_leds.c
* ipv6: Fix out-of-bounds access in ipv6_find_tlv()
net/ipv6/exthdrs_core.c
* bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
kernel/bpf/verifier.c
* net: fix skb leak in __skb_tstamp_tx()
net/core/skbuff.c
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
* USB: core: Add routines for endpoint checks in old drivers
drivers/usb/core/usb.c
include/linux/usb.h
* udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
net/ipv4/udplite.c
net/ipv6/udplite.c
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
btrfs: use nofs when cleaning up aborted transactions
parisc: Allow to reboot machine after system halt
m68k: Move signal frame following exception on 68020/030
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
vc_screen: rewrite vcs_size to accept vc, not inode
* usb: gadget: u_ether: Fix host MAC address case
drivers/usb/gadget/function/u_ether.c
* usb: gadget: u_ether: Convert prints to device prints
drivers/usb/gadget/function/u_ether.c
* lib/string_helpers: Introduce string_upper() and string_lower() helpers
include/linux/string_helpers.h
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
* HID: wacom: Force pen out of prox if no events have been received in a while
drivers/hid/wacom.h
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: stricter validation of element data
* netfilter: nf_tables: allow up to 64 bytes in the set element data area
include/net/netfilter/nf_tables.h
netfilter: nf_tables: add nft_setelem_parse_key()
netfilter: nf_tables: validate registers coming from userspace.
* netfilter: nftables: statify nft_parse_register()
include/net/netfilter/nf_tables.h
* netfilter: nftables: add nft_parse_register_store() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_fib.h
* netfilter: nftables: add nft_parse_register_load() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_masq.h
include/net/netfilter/nft_redir.h
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
serial: Add support for Advantech PCI-1611U card
* statfs: enforce statfs[64] structure initialization
fs/statfs.c
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
* usb-storage: fix deadlock when a scsi command timeouts more than once
drivers/usb/storage/scsiglue.c
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
media: netup_unidvb: fix use-after-free at del_timer()
erspan: get the proto with the md version for collect_md
* ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
include/net/ip6_tunnel.h
include/net/ip_tunnels.h
ip6_gre: Make o_seqno start from 0 in native mode
ip6_gre: Fix skb_under_panic in __gre6_xmit()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
* drivers: provide devm_platform_ioremap_resource()
drivers/base/platform.c
include/linux/platform_device.h
vsock: avoid to close connected socket after the timeout
net: fec: Better handle pm_runtime_get() failing in .remove()
* af_key: Reject optional tunnel/BEET mode templates in outbound policies
net/key/af_key.c
cpupower: Make TSC read per CPU for Mperf monitor
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
* Input: xpad - add constants for GIP interface numbers
drivers/input/joystick/xpad.c
clk: tegra20: fix gcc-7 constant overflow warning
recordmcount: Fix memory leaks in the uwrite function
* sched: Fix KCSAN noinstr violation
include/linux/sched/task_stack.h
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
* HID: wacom: generic: Set battery quirk only when we see battery data
drivers/hid/wacom_wac.c
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
* Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
* f2fs: fix to drop all dirty pages during umount() if cp_error is set
fs/f2fs/checkpoint.c
fs/f2fs/data.c
* ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
fs/ext4/mballoc.c
* ext4: set goal start correctly in ext4_mb_normalize_request
fs/ext4/mballoc.c
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
* lib: cpu_rmap: Avoid use after free on rmap->obj array entries
lib/cpu_rmap.c
* net: Catch invalid index in XPS mapping
net/core/dev.c
net: pasemi: Fix return type of pasemi_mac_start_tx()
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
ACPI: EC: Fix oops when removing custom query handlers
* firmware: arm_sdei: Fix sleep from invalid context BUG
include/linux/cpuhotplug.h
memstick: r592: Fix UAF bug in r592_remove due to race condition
* regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drivers/base/regmap/regcache.c
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
* af_unix: Fix data races around sk->sk_shutdown.
net/unix/af_unix.c
* af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net/unix/af_unix.c
* net: datagram: fix data-races in datagram_poll()
net/core/datagram.c
ipvlan:Fix out-of-bounds caused by unclear skb->cb
* tcp: add annotations around sk->sk_shutdown accesses
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* tcp: factor out __tcp_close() helper
include/net/tcp.h
net/ipv4/tcp.c
* tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
net/ipv4/tcp.c
* tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* net: annotate sk->sk_err write from do_recvmmsg()
net/socket.c
* netlink: annotate accesses to nlk->cb_running
net/netlink/af_netlink.c
* net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
include/net/sock.h
* UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
Merge 4.19.283 into android-4.19-stable
* UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
Linux 4.19.283
* mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
mm/page_alloc.c
* printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
include/linux/printk.h
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
* tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
drivers/tty/tty_io.c
drivers/tty/tty_ioctl.c
include/linux/tty.h
* ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
* ext4: remove a BUG_ON in ext4_mb_release_group_pa()
fs/ext4/mballoc.c
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason
fs/ext4/inline.c
* ext4: add bounds checking in get_max_inline_xattr_value_size()
fs/ext4/inline.c
* ext4: improve error recovery code paths in __ext4_remount()
fs/ext4/super.c
* ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
* ext4: fix WARNING in mb_find_extent
fs/ext4/balloc.c
* HID: wacom: Set a default resolution for older tablets
drivers/hid/wacom_wac.c
drm/panel: otm8009a: Set backlight parent to panel device
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: math-emu: fix macro redefined warning
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf vendor events power9: Remove UTF-8 characters from JSON files
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
* drm/amdgpu: Add command to override the context priority.
include/uapi/drm/amdgpu_drm.h
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
* af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
net/packet/af_packet.c
rxrpc: Fix hard call timeout units
* net/sched: act_mirred: Add carrier check
net/sched/act_mirred.c
* writeback: fix call of incorrect macro
fs/fs-writeback.c
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
* sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net/ipv6/sit.c
relayfs: fix out-of-bounds access in relay_file_read
kernel/relay.c: fix read_pos error when multiple readers
* dm verity: fix error handling for check_at_most_once on FEC
drivers/md/dm-verity-target.c
* dm verity: skip redundant verity_handle_err() on I/O errors
drivers/md/dm-verity-target.c
ipmi: fix SSIF not responding under certain cond.
ipmi_ssif: Rename idle state and check
* ipmi: Fix how the lower layers are told to watch for messages
include/linux/ipmi_smi.h
ipmi: Fix SSIF flag requests
* tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
drivers/base/cpu.c
include/linux/tick.h
kernel/time/tick-sched.c
* nohz: Add TICK_DEP_BIT_RCU
include/linux/tick.h
include/trace/events/timer.h
kernel/time/tick-sched.c
* netfilter: nf_tables: deactivate anonymous set from preparation phase
include/net/netfilter/nf_tables.h
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
* dm ioctl: fix nested locking in table_clear() to remove deadlock concern
drivers/md/dm-ioctl.c
dm flakey: fix a crash with invalid table line
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
s390/dasd: fix hanging blockdevice after request requeue
* btrfs: scrub: reject unsupported scrub flags
include/uapi/linux/btrfs.h
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
wifi: rtl8xxxu: RTL8192EU always needs full init
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
dmaengine: at_xdmac: do not enable all cyclic channels
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
openrisc: Properly store r31 to pt_regs on unhandled exceptions
RDMA/mlx5: Use correct device num_ports when modify DC
* SUNRPC: remove the maximum number of retries in call_bind_status
include/linux/sunrpc/sched.h
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
* clk: add missing of_node_put() in "assigned-clocks" property parsing
drivers/clk/clk-conf.c
power: supply: generic-adc-battery: fix unit scaling
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
RDMA/rdmavt: Delete unnecessary NULL check
* perf/core: Fix hardlockup failure caused by perf throttle
kernel/events/core.c
powerpc/rtas: use memmove for potentially overlapping buffer copy
* macintosh: via-pmu-led: requires ATA to be set
drivers/macintosh/Kconfig
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
* spmi: Add a check for remove callback when removing a SPMI driver
drivers/spmi/spmi.c
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
tty: serial: fsl_lpuart: adjust buffer length to the intended size
usb: chipidea: fix missing goto in `ci_hdrc_probe`
sh: sq: Fix incorrect element size for allocating bitmap buffer
* uapi/linux/const.h: prefer ISO-friendly __typeof__
include/uapi/linux/const.h
spi: cadence-quadspi: fix suspend-resume implementations
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
* of: Fix modalias string generation
drivers/of/device.c
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
spi: qup: fix PM reference leak in spi_qup_remove()
* linux/vt_buffer.h: allow either builtin or modular for macros
include/linux/vt_buffer.h
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
fpga: bridge: fix kernel-doc parameter description
usb: host: xhci-rcar: remove leftover quirk handling
* pstore: Revert pmsg_lock back to a normal mutex
fs/pstore/pmsg.c
* tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net/core/skbuff.c
net: amd: Fix link leak when verifying config failed
* netlink: Use copy_to_user() for optval in netlink_getsockopt().
net/netlink/af_netlink.c
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
* ipv4: Fix potential uninit variable access bug in __ip_make_skb()
net/ipv4/ip_output.c
* netfilter: nf_tables: don't write table validation state without mutex
include/linux/netfilter/nfnetlink.h
net/netfilter/nfnetlink.c
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
md/raid10: fix memleak of md thread
md: update the optimal I/O size on reshape
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
* crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto/drbg.c
* crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto/drbg.c
bpftool: Fix bug for long instructions in program CFG dumps
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
rtlwifi: Replace RT_TRACE with rtl_dbg
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
* net/packet: convert po->auxdata to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
* net/packet: convert po->origdev to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
vlan: partially enable SIOCSHWTSTAMP in container
* scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
include/net/scm.h
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
debugobject: Prevent init race with static objects
debugobjects: Move printk out of db->lock critical sections
debugobjects: Add percpu free pools
* arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
arch/arm64/include/asm/debug-monitors.h
arch/arm64/kernel/debug-monitors.c
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
* firmware: qcom_scm: Clear download bit during reboot
drivers/firmware/qcom_scm.c
media: av7110: prevent underflow in write_ts_to_decoder()
* media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
include/uapi/linux/media-bus-format.h
media: bdisp: Add missing check for create_workqueue
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
EDAC, skx: Move debugfs node under EDAC's hierarchy
* drm/probe-helper: Cancel previous job before starting new one
drivers/gpu/drm/drm_probe_helper.c
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
* selinux: ensure av_permissions.h is built when needed
security/selinux/Makefile
* selinux: fix Makefile dependencies of flask.h
security/selinux/Makefile
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
i2c: omap: Fix standard mode false ACK readings
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
* ring-buffer: Sync IRQ works before buffer destruction
kernel/trace/ring_buffer.c
pwm: meson: Fix axg ao mux parents
MIPS: fw: Allow firmware to pass a empty env
* xhci: fix debugfs register accesses while suspended
drivers/usb/host/xhci-debugfs.c
* debugfs: regset32: Add Runtime PM support
fs/debugfs/file.c
include/linux/debugfs.h
staging: iio: resolver: ads1210: fix config mode
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
* USB: dwc3: fix runtime pm imbalance on unbind
drivers/usb/dwc3/core.c
stmmac: debugfs entry name is not be changed when udev rename device name.
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
USB: serial: option: add UNISOC vendor and TOZED LT70C product
* bluetooth: Perform careful capability checks in hci_sock_ioctl()
net/bluetooth/hci_sock.c
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
* ANDROID: incremental fs: Evict inodes before freeing mount data
fs/incfs/main.c
fs/incfs/vfs.c
* Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
android/abi_gki_aarch64.xml
include/linux/rmap.h
mm/rmap.c
Bug: 299241959
Change-Id: Ib8c4ff87b1b0b720abce0f5fcdf1a51f01a472a9
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Signed-off-by: ChangYan Lee <changyan@google.com>
|
||
|
Greg Kroah-Hartman
|
501b721387 |
Merge 4.19.295 into android-4.19-stable
Changes in 4.19.295
erofs: ensure that the post-EOF tails are all zeroed
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
HID: wacom: remove the battery when the EKR is off
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
serial: sc16is7xx: fix bug when first setting GPIO direction
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ethernet: atheros: fix return value check in atl1c_tso_csum()
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
ASoC: atmel: Fix the 8K sample parameter in I2SC master
platform/x86: intel: hid: Always call BTNL ACPI method
security: keys: perform capable check only on privileged operations
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
cifs: add a warning when the in-flight count goes negative
ALSA: seq: oss: Fix racy open/close of MIDI devices
net: Avoid address overwrite in kernel_connect
powerpc/32: Include .branch_lt in data section
powerpc/32s: Fix assembler warning about r0
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
eventfd: Export eventfd_ctx_do_read()
eventfd: prevent underflow for eventfd semaphores
new helper: lookup_positive_unlocked()
netfilter: nft_flow_offload: fix underflow in flowtable reference counter
netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
fs: Fix error checking for d_hash_and_lookup()
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
bpf: Clear the probe_addr for uprobe
tcp: tcp_enter_quickack_mode() should be static
regmap: rbtree: Use alloc_flags for memory allocations
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
mwifiex: drop 'set_consistent_dma_mask' log message
mwifiex: switch from 'pci_' to 'dma_' API
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
crypto: caam - fix unchecked return value error
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
quota: add dqi_dirty_list description to comment of Dquot List Management
quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
arm64: dts: msm8996: thermal: Add interrupt support
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
ARM: dts: s3c64xx: align pinctrl with dtschema
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
drm/tegra: Remove superfluous error messages around platform_get_irq()
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions
drm/msm/mdp5: Don't leak some plane state
smackfs: Prevent underflow in smk_set_cipso()
audit: fix possible soft lockup in __audit_inode_child()
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
PCI/ATS: Add pci_prg_resp_pasid_required() interface.
PCI: Cleanup register definition width and whitespace
PCI: Decode PCIe 32 GT/s link speed
PCI: Add #defines for Enter Compliance, Transmit Margin
drm/amdgpu: Correct Transmit Margin masks
drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/amdgpu: Prefer pcie_capability_read_word()
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Correct Transmit Margin masks
drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/radeon: Prefer pcie_capability_read_word()
drm/radeon: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
media: Use of_node_name_eq for node name comparisons
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
dma-buf/sync_file: Fix docs syntax
IB/uverbs: Fix an potential error pointer dereference
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
cgroup:namespace: Remove unused cgroup_namespaces_init()
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
HID: multitouch: Correct devm device reference for hidinput input_dev name
rpmsg: glink: Add check for kstrdup
arch: um: drivers: Kconfig: pedantic formatting
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
media: dvb: symbol fixup for dvb_attach()
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
pstore/ram: Check start of empty przs during init
PCI/ATS: Add inline to pci_prg_resp_pasid_required()
sc16is7xx: Set iobase to device index
serial: sc16is7xx: fix broken port 0 uart init
usb: typec: tcpci: clear the fault status bit
udf: initialize newblock to 0
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Turn off noisy message log
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
kconfig: fix possible buffer overflow
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
net: read sk->sk_family once in sk_mc_loop()
igb: disable virtualization features on 82580
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
idr: fix param name in idr_alloc_cyclic() doc
netfilter: nfnetlink_osf: avoid OOB read
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix potential false time out warning
perf hists browser: Fix hierarchy mode header
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
kcm: Fix memory leak in error path of kcm_sendmsg()
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
drm/amd/display: Fix a bug when searching for insert_above_mpcc
parisc: Drop loops_per_jiffy from per_cpu struct
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
tpm_tis: Resend command to recover from data transfer errors
alx: fix OOB-read compiler warning
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
iio: core: Use min() instead of min_t() to make code more robust
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
kobject: Add sanity check for kset->kobj.ktype in kset_register()
md/raid1: fix error: ISO C90 forbids mixed declarations
attr: block mode changes of symlinks
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
nfsd: fix change_info in NFSv4 RENAME replies
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: Retire rsvp classifier
Linux 4.19.295
Change-Id: I5de88dc1e8cebe5736df3023205233cb40c4aa35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Lu Jialin
|
2f570db43d |
cgroup:namespace: Remove unused cgroup_namespaces_init()
[ Upstream commit 82b90b6c5b38e457c7081d50dff11ecbafc1e61a ]
cgroup_namspace_init() just return 0. Therefore, there is no need to
call it during start_kernel. Just remove it.
Fixes:
|
||
|
Greg Kroah-Hartman
|
f13140b2a7 |
Merge 4.19.288 into android-4.19-stable
Changes in 4.19.288 serial: lantiq: Change ltq_w32_mask to asc_update_bits serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32 serial: lantiq: Do not swap register read/writes serial: lantiq: add missing interrupt ack nilfs2: reject devices with insufficient block count x86/purgatory: remove PGO flags ipmi: Make the smi watcher be disabled immediately when not needed ipmi: move message error checking to avoid deadlock nilfs2: fix buffer corruption due to concurrent device reads Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs PCI: hv: Fix a race condition bug in hv_pci_query_relations() cgroup: Do not corrupt task iteration when rebinding subsystem nilfs2: prevent general protection fault in nilfs_clear_dirty_page() rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() ieee802154: hwsim: Fix possible memory leaks xfrm: Linearize the skb after offloading if needed. net: qca_spi: Avoid high load if QCA7000 is not available mmc: mtk-sd: fix deferred probing mmc: mvsdio: convert to devm_platform_ioremap_resource mmc: mvsdio: fix deferred probing mmc: omap: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: sdhci-acpi: fix deferred probing mmc: usdhi60rol0: fix deferred probing be2net: Extend xmit workaround to BE3 chip netfilter: nf_tables: disallow element updates of bound anonymous sets netfilter: nfnetlink_osf: fix module autoload sch_netem: acquire qdisc lock in netem_change() scsi: target: iscsi: Prevent login threads from racing between each other HID: wacom: Add error check to wacom_parse_and_register() arm64: Add missing Set/Way CMO encodings media: cec: core: don't set last_initiator if tx in progress nfcsim.c: Fix error checking for debugfs_create_dir usb: gadget: udc: fix NULL dereference in remove() s390/cio: unregister device when the only path is gone ASoC: nau8824: Add quirk to active-high jack-detect drm/exynos: vidi: fix a wrong error return drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle Linux 4.19.288 Change-Id: I0ec8e3df85fb79855d508ea71b305c91eba49210 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Xiu Jianfeng
|
b327297a28 |
cgroup: Do not corrupt task iteration when rebinding subsystem
commit 6f363f5aa845561f7ea496d8b1175e3204470486 upstream.
We found a refcount UAF bug as follows:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 342 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x148
Workqueue: events cpuset_hotplug_workfn
Call trace:
refcount_warn_saturate+0xa0/0x148
__refcount_add.constprop.0+0x5c/0x80
css_task_iter_advance_css_set+0xd8/0x210
css_task_iter_advance+0xa8/0x120
css_task_iter_next+0x94/0x158
update_tasks_root_domain+0x58/0x98
rebuild_root_domains+0xa0/0x1b0
rebuild_sched_domains_locked+0x144/0x188
cpuset_hotplug_workfn+0x138/0x5a0
process_one_work+0x1e8/0x448
worker_thread+0x228/0x3e0
kthread+0xe0/0xf0
ret_from_fork+0x10/0x20
then a kernel panic will be triggered as below:
Unable to handle kernel paging request at virtual address 00000000c0000010
Call trace:
cgroup_apply_control_disable+0xa4/0x16c
rebind_subsystems+0x224/0x590
cgroup_destroy_root+0x64/0x2e0
css_free_rwork_fn+0x198/0x2a0
process_one_work+0x1d4/0x4bc
worker_thread+0x158/0x410
kthread+0x108/0x13c
ret_from_fork+0x10/0x18
The race that cause this bug can be shown as below:
(hotplug cpu) | (umount cpuset)
mutex_lock(&cpuset_mutex) | mutex_lock(&cgroup_mutex)
cpuset_hotplug_workfn |
rebuild_root_domains | rebind_subsystems
update_tasks_root_domain | spin_lock_irq(&css_set_lock)
css_task_iter_start | list_move_tail(&cset->e_cset_node[ss->id]
while(css_task_iter_next) | &dcgrp->e_csets[ss->id]);
css_task_iter_end | spin_unlock_irq(&css_set_lock)
mutex_unlock(&cpuset_mutex) | mutex_unlock(&cgroup_mutex)
Inside css_task_iter_start/next/end, css_set_lock is hold and then
released, so when iterating task(left side), the css_set may be moved to
another list(right side), then it->cset_head points to the old list head
and it->cset_pos->next points to the head node of new list, which can't
be used as struct css_set.
To fix this issue, switch from all css_sets to only scgrp's css_sets to
patch in-flight iterators to preserve correct iteration, and then
update it->cset_head as well.
Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://www.spinics.net/lists/cgroups/msg37935.html
Suggested-by: Michal Koutný <mkoutny@suse.com>
Link: https://lore.kernel.org/all/20230526114139.70274-1-xiujianfeng@huaweicloud.com/
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Fixes:
|
||
|
Wilson Sung
|
7b88bd86ba |
Merge android-4.19-stable (4.19.282) into android-msm-pixel-4.19-lts
Merge 4.19.282 into android-4.19-stable
Linux 4.19.282
* ASN.1: Fix check for strdup() success
scripts/asn1_compiler.c
iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
* sctp: Call inet6_destroy_sock() via sk->sk_destruct().
net/sctp/socket.c
* dccp: Call inet6_destroy_sock() via sk->sk_destruct().
net/dccp/dccp.h
net/dccp/ipv6.c
net/dccp/proto.c
net/ipv6/af_inet6.c
* inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
net/ipv6/ping.c
net/ipv6/raw.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
net/l2tp/l2tp_ip6.c
* tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
include/net/ipv6.h
include/net/udp.h
include/net/udplite.h
net/ipv4/udp.c
net/ipv4/udplite.c
net/ipv6/af_inet6.c
net/ipv6/udp.c
net/ipv6/udp_impl.h
net/ipv6/udplite.c
* udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
include/net/ipv6.h
net/ipv6/af_inet6.c
net/ipv6/ipv6_sockglue.c
* ext4: fix use-after-free in ext4_xattr_set_entry
fs/ext4/xattr.c
* ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
fs/ext4/inline.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
fs/ext4/xattr.c
x86/purgatory: Don't generate debug info for purgatory.ro
memstick: fix memory leak if card device is never registered
* nilfs2: initialize unused bytes in segment summary blocks
fs/nilfs2/segment.c
* xen/netback: use same error messages for same errors
drivers/net/xen-netback/netback.c
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
net: dsa: b53: mmap: add phy ops
* scsi: core: Improve scsi_vpd_inquiry() checks
drivers/scsi/scsi.c
* scsi: megaraid_sas: Fix fw_crash_buffer_show()
drivers/scsi/megaraid/megaraid_sas_base.c
* selftests: sigaltstack: fix -Wuninitialized
tools/testing/selftests/sigaltstack/current_stack_pointer.h
tools/testing/selftests/sigaltstack/sas.c
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
* f2fs: Fix f2fs_truncate_partial_nodes ftrace event
include/trace/events/f2fs.h
e1000e: Disable TSO on i219-LM card to increase speed
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
* virtio_net: bugfix overflow inside xdp_linearize_page()
drivers/net/virtio_net.c
* net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
net/sched/sch_qfq.c
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Merge 4.19.281 into android-4.19-stable
Linux 4.19.281
arm64: KVM: Fix system register enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
KVM: arm64: Factor out core register ID enumeration
KVM: nVMX: add missing consistency checks for CR0 and CR4
* coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
drivers/hwtracing/coresight/coresight-etm4x.c
* watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
drivers/watchdog/sbsa_gwdt.c
* cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
kernel/cgroup/cpuset.c
ubi: Fix deadlock caused by recursively holding work_sem
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
* scsi: ses: Handle enclosure with just a primary component gracefully
drivers/scsi/ses.c
verify_pefile: relax wrapper length check
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: imx-lpi2c: clean rx/tx buffers upon new message
* power: supply: cros_usbpd: reclassify "default case!" as debug
drivers/power/supply/cros_usbpd-charger.c
* udp6: fix potential access to stale information
net/ipv6/udp.c
net: macb: fix a memory corruption in extended buffer descriptor mode
* sctp: fix a potential overflow in sctp_ifwdtsn_skip
net/sctp/stream_interleave.c
qlcnic: check pci_reset_function result
niu: Fix missing unwind goto in niu_alloc_channels()
* 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
net/9p/trans_xen.c
mtdblock: tolerate corrected bit-flips
* Bluetooth: Fix race condition in hidp_session_thread
net/bluetooth/hidp/core.c
* Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
net/bluetooth/l2cap_core.c
* ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
sound/pci/hda/patch_sigmatel.c
* ALSA: i2c/cs8427: fix iec958 mixer control deactivation
sound/i2c/cs8427.c
* ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
sound/pci/hda/patch_sigmatel.c
* ALSA: emu10k1: fix capture interrupt handler unlinking
sound/pci/emu10k1/emupcm.c
* Revert "pinctrl: amd: Disable and mask interrupts on resume"
drivers/pinctrl/pinctrl-amd.c
* mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
mm/swapfile.c
* ring-buffer: Fix race while reader and writer are on the same page
kernel/trace/ring_buffer.c
* ftrace: Mark get_lock_parent_ip() __always_inline
include/linux/ftrace.h
* perf/core: Fix the same task check in perf_event_set_output
kernel/events/core.c
* ALSA: hda/realtek: Add quirk for Clevo X370SNW
sound/pci/hda/patch_realtek.c
* nilfs2: fix sysfs interface lifetime
fs/nilfs2/super.c
fs/nilfs2/the_nilfs.c
* nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
fs/nilfs2/segment.c
* tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
drivers/tty/serial/sh-sci.c
* tty: serial: sh-sci: Fix transmit end interrupt handler
drivers/tty/serial/sh-sci.c
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
* USB: serial: option: add Quectel RM500U-CN modem
drivers/usb/serial/option.c
* USB: serial: option: add Telit FE990 compositions
drivers/usb/serial/option.c
* USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
drivers/usb/serial/cp210x.c
gpio: davinci: Add irq chip flag to skip set wake
* ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net/ipv6/ip6_output.c
* sctp: check send stream number after wait_for_sndbuf
net/sctp/socket.c
* net: don't let netpoll invoke NAPI if in xmit context
net/core/netpoll.c
* icmp: guard against too small mtu
net/ipv4/icmp.c
* wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net/mac80211/sta_info.c
* pwm: cros-ec: Explicitly set .polarity in .get_state()
drivers/pwm/pwm-cros-ec.c
* NFSv4: Fix hangs when recovering open state after a server reboot
fs/nfs/nfs4proc.c
* NFSv4: Check the return value of update_open_stateid()
fs/nfs/nfs4proc.c
* NFSv4: Convert struct nfs4_state to use refcount_t
fs/nfs/nfs4_fs.h
fs/nfs/nfs4proc.c
fs/nfs/nfs4state.c
* pinctrl: amd: Disable and mask interrupts on resume
drivers/pinctrl/pinctrl-amd.c
* pinctrl: amd: disable and mask interrupts on probe
drivers/pinctrl/pinctrl-amd.c
* pinctrl: amd: Use irqchip template
drivers/pinctrl/pinctrl-amd.c
* pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
drivers/pinctrl/pinctrl-amd.c
Revert "dm thin: fix deadlock when swapping to thin device"
Merge "Merge 4.19.280 into android-4.19-stable" into android-4.19-stable
Merge 4.19.280 into android-4.19-stable
* UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
fs/ext4/inode.c
Linux 4.19.280
* cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
kernel/cgroup/cgroup-v1.c
* cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
kernel/cgroup/cgroup.c
kernel/cgroup/cpuset.c
* cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
include/linux/cpuset.h
kernel/cgroup/cpuset.c
* net: sched: cbq: dont intepret cls results when asked to drop
net/sched/sch_cbq.c
* gfs2: Always check inode size of inline inodes
fs/gfs2/aops.c
fs/gfs2/bmap.c
fs/gfs2/glops.c
firmware: arm_scmi: Fix device node validation for mailbox transport
* ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
fs/ext4/inode.c
* usb: host: ohci-pxa27x: Fix and & vs | typo
drivers/usb/host/ohci-pxa27x.c
s390/uaccess: add missing earlyclobber annotations to __clear_user()
drm/etnaviv: fix reference leak when mmaping imported buffer
* ALSA: usb-audio: Fix regression on detection of Roland VS-100
sound/usb/format.c
* ALSA: hda/conexant: Partial revert of a quirk for Lenovo
sound/pci/hda/patch_conexant.c
* pinctrl: at91-pio4: fix domain name assignment
drivers/pinctrl/pinctrl-at91-pio4.c
* xen/netback: don't do grant copy across page boundary
drivers/net/xen-netback/common.h
drivers/net/xen-netback/netback.c
* cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
fs/cifs/cifsfs.h
* cifs: prevent infinite recursion in CIFSGetDFSRefer()
fs/cifs/cifssmb.c
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
net: mvneta: make tx buffer array agnostic
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
i40e: fix registers dump after run ethtool adapter self test
* can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
net/can/bcm.c
* scsi: megaraid_sas: Fix crash after a double completion
drivers/scsi/megaraid/megaraid_sas_fusion.c
* ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
drivers/net/ieee802154/ca8210.c
* fbdev: au1200fb: Fix potential divide by zero
drivers/video/fbdev/au1200fb.c
* fbdev: lxfb: Fix potential divide by zero
drivers/video/fbdev/geode/lxfb_core.c
* fbdev: intelfb: Fix potential divide by zero
drivers/video/fbdev/intelfb/intelfbdrv.c
* fbdev: nvidia: Fix potential divide by zero
drivers/video/fbdev/nvidia/nvidia.c
* sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
kernel/compat.c
kernel/sched/core.c
* fbdev: tgafb: Fix potential divide by zero
drivers/video/fbdev/tgafb.c
* ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
sound/pci/hda/patch_ca0132.c
* ALSA: asihpi: check pao in control_message()
sound/pci/asihpi/hpi6205.c
md: avoid signed overflow in slot_store()
bus: imx-weim: fix branch condition evaluates to a garbage value
* ocfs2: fix data corruption after failed write
fs/ocfs2/aops.c
* tun: avoid double free in tun_free_netdev
drivers/net/tun.c
* sched/fair: Sanitize vruntime of entity being migrated
kernel/sched/core.c
kernel/sched/fair.c
* sched/fair: sanitize vruntime of entity being placed
kernel/sched/fair.c
dm crypt: add cond_resched() to dmcrypt_write()
* dm stats: check for and propagate alloc_percpu failure
drivers/md/dm-stats.c
drivers/md/dm-stats.h
drivers/md/dm.c
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
* nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
fs/nilfs2/ioctl.c
* usb: chipidea: core: fix possible concurrent when switch role
drivers/usb/chipidea/ci.h
drivers/usb/chipidea/core.c
drivers/usb/chipidea/otg.c
* usb: chipdea: core: fix return -EINVAL if request role is the same with current role
drivers/usb/chipidea/core.c
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
* usb: gadget: u_audio: don't let userspace block driver unbind
drivers/usb/gadget/function/u_audio.c
* scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
drivers/scsi/scsi_devinfo.c
* cifs: empty interface list when server doesn't support query interfaces
fs/cifs/smb2ops.c
sh: sanitize the flags on sigreturn
* net: usb: qmi_wwan: add Telit 0x1080 composition
drivers/net/usb/qmi_wwan.c
* net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
drivers/net/usb/cdc_mbim.c
* scsi: ufs: core: Add soft dependency on governor_simpleondemand
drivers/scsi/ufs/ufshcd.c
* scsi: target: iscsi: Fix an error message in iscsi_check_key()
drivers/target/iscsi/iscsi_target_parameters.c
m68k: Only force 030 bus error if PC not in exception table
* ca8210: fix mac_len negative array access
drivers/net/ieee802154/ca8210.c
riscv: Bump COMMAND_LINE_SIZE value to 1024
* thunderbolt: Use const qualifier for `ring_interrupt_index`
drivers/thunderbolt/nhi.c
* uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
drivers/usb/storage/unusual_uas.h
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
* net: mdio: thunder: Add missing fwnode_handle_put()
drivers/net/phy/mdio-thunder.c
* hvc/xen: prevent concurrent accesses to the shared ring
drivers/tty/hvc/hvc_xen.c
net/sonic: use dma_mapping_error() for error check
* erspan: do not use skb_mac_header() in ndo_start_xmit()
net/ipv4/ip_gre.c
net/ipv6/ip6_gre.c
atm: idt77252: fix kmemleak when rmmod idt77252
net/mlx5: Read the TC mapping of all priorities on ETS query
* bpf: Adjust insufficient default bpf_jit_limit
kernel/bpf/core.c
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
* net: usb: smsc95xx: Limit packet length to skb->len
drivers/net/usb/smsc95xx.c
* scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
drivers/scsi/device_handler/scsi_dh_alua.c
i2c: imx-lpi2c: check only for enabled interrupt flags
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: diet and reformat
* intel-ethernet: rename i40evf to iavf
drivers/net/ethernet/intel/Kconfig
drivers/net/ethernet/intel/Makefile
i40evf: Change a VF mac without reloading the VF driver
* power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
drivers/power/supply/da9150-charger.c
* UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
fs/verity/enable.c
* UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue
fs/verity/verify.c
* BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool
block/blk-mq-tag.c
block/blk-mq-tag.h
block/blk-mq.c
Merge 4.19.279 into android-4.19-stable
Linux 4.19.279
* HID: uhid: Over-ride the default maximum data buffer value with our own
drivers/hid/uhid.c
* HID: core: Provide new max_buffer_size attribute to over-ride the default
drivers/hid/hid-core.c
include/linux/hid.h
* serial: 8250_em: Fix UART port type
drivers/tty/serial/8250/8250_em.c
drm/i915: Don't use stolen memory for ring buffers with LLC
x86/mm: Fix use of uninitialized buffer in sme_enable()
* fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
drivers/video/fbdev/stifb.c
* ftrace: Fix invalid address access in lookup_rec() when index is 0
kernel/trace/ftrace.c
* tracing: Make tracepoint lockdep check actually test something
include/linux/tracepoint.h
* tracing: Check field value in hist_field_name()
kernel/trace/trace_events_hist.c
* sh: intc: Avoid spurious sizeof-pointer-div warning
include/linux/sh_intc.h
drm/amdkfd: Fix an illegal memory access
* ext4: fix task hung in ext4_xattr_delete_inode
fs/ext4/xattr.c
* ext4: fail ext4_iget if special inode unallocated
fs/ext4/inode.c
* jffs2: correct logic when creating a hole in jffs2_write_begin
fs/jffs2/file.c
mmc: atmel-mci: fix race between stop command and start of next command
media: m5mols: fix off-by-one loop termination error
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (adt7475) Display smoothing attributes in correct order
ethernet: sun: add check for the mdesc_grab()
* net/iucv: Fix size of interrupt data
net/iucv/iucv.c
* net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
drivers/net/usb/smsc75xx.c
* ipv4: Fix incorrect table ID in IOCTL path
net/ipv4/fib_frontend.c
block: sunvdc: add check for mdesc_grab() returning NULL
* nvmet: avoid potential UAF in nvmet_req_complete()
drivers/nvme/target/core.c
* net: usb: smsc75xx: Limit packet length to skb->len
drivers/net/usb/smsc75xx.c
* nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
drivers/nfc/st-nci/ndlc.c
* net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
drivers/net/phy/smsc.c
* net: tunnels: annotate lockless accesses to dev->needed_headroom
include/linux/netdevice.h
net/ipv4/ip_tunnel.c
net/ipv6/ip6_tunnel.c
qed/qed_dev: guard against a possible division by zero
* nfc: pn533: initialize struct pn533_out_arg properly
drivers/nfc/pn533/usb.c
* tcp: tcp_make_synack() can be called from process context
net/ipv4/tcp_output.c
* clk: HI655X: select REGMAP instead of depending on it
drivers/clk/Kconfig
* fs: sysfs_emit_at: Remove PAGE_SIZE alignment check
fs/sysfs/file.c
* ext4: fix cgroup writeback accounting with fs-layer encryption
fs/ext4/page-io.c
UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems
Bug: 280919362
Change-Id: I82670fbe6b3ec996da2d714238e86e360c10ccd8
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
0b85669846 |
Merge 4.19.281 into android-4.19-stable
Changes in 4.19.281
pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
pinctrl: amd: Use irqchip template
pinctrl: amd: disable and mask interrupts on probe
pinctrl: amd: Disable and mask interrupts on resume
NFSv4: Convert struct nfs4_state to use refcount_t
NFSv4: Check the return value of update_open_stateid()
NFSv4: Fix hangs when recovering open state after a server reboot
pwm: cros-ec: Explicitly set .polarity in .get_state()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
icmp: guard against too small mtu
net: don't let netpoll invoke NAPI if in xmit context
sctp: check send stream number after wait_for_sndbuf
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
gpio: davinci: Add irq chip flag to skip set wake
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
ALSA: hda/realtek: Add quirk for Clevo X370SNW
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
Revert "pinctrl: amd: Disable and mask interrupts on resume"
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
mtdblock: tolerate corrected bit-flips
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
niu: Fix missing unwind goto in niu_alloc_channels()
qlcnic: check pci_reset_function result
sctp: fix a potential overflow in sctp_ifwdtsn_skip
net: macb: fix a memory corruption in extended buffer descriptor mode
udp6: fix potential access to stale information
power: supply: cros_usbpd: reclassify "default case!" as debug
i2c: imx-lpi2c: clean rx/tx buffers upon new message
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
verify_pefile: relax wrapper length check
scsi: ses: Handle enclosure with just a primary component gracefully
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix deadlock caused by recursively holding work_sem
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
KVM: nVMX: add missing consistency checks for CR0 and CR4
KVM: arm64: Factor out core register ID enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
arm64: KVM: Fix system register enumeration
Linux 4.19.281
Change-Id: I1883ac62812715a59cfcef066451a70fa7803b2e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Waiman Long
|
30e138e23f |
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
commit ba9182a89626d5f83c2ee4594f55cb9c1e60f0e2 upstream.
After a successful cpuset_can_attach() call which increments the
attach_in_progress flag, either cpuset_cancel_attach() or cpuset_attach()
will be called later. In cpuset_attach(), tasks in cpuset_attach_wq,
if present, will be woken up at the end. That is not the case in
cpuset_cancel_attach(). So missed wakeup is possible if the attach
operation is somehow cancelled. Fix that by doing the wakeup in
cpuset_cancel_attach() as well.
Fixes:
|
||
|
Greg Kroah-Hartman
|
ca61495eb4 |
Merge 4.19.280 into android-4.19-stable
Changes in 4.19.280 power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition i40evf: Change a VF mac without reloading the VF driver intel-ethernet: rename i40evf to iavf iavf: diet and reformat iavf: fix inverted Rx hash condition leading to disabled hash intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success i2c: imx-lpi2c: check only for enabled interrupt flags scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() net: usb: smsc95xx: Limit packet length to skb->len qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: qcom/emac: Fix use after free bug in emac_remove due to race condition net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error bpf: Adjust insufficient default bpf_jit_limit net/mlx5: Read the TC mapping of all priorities on ETS query atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check hvc/xen: prevent concurrent accesses to the shared ring net: mdio: thunder: Add missing fwnode_handle_put() Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use const qualifier for `ring_interrupt_index` riscv: Bump COMMAND_LINE_SIZE value to 1024 ca8210: fix mac_len negative array access m68k: Only force 030 bus error if PC not in exception table scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: ufs: core: Add soft dependency on governor_simpleondemand net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition sh: sanitize the flags on sigreturn cifs: empty interface list when server doesn't support query interfaces scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: gadget: u_audio: don't let userspace block driver unbind igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated tun: avoid double free in tun_free_netdev ocfs2: fix data corruption after failed write bus: imx-weim: fix branch condition evaluates to a garbage value md: avoid signed overflow in slot_store() ALSA: asihpi: check pao in control_message() ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() fbdev: tgafb: Fix potential divide by zero sched_getaffinity: don't assume 'cpumask_size()' is fully initialized fbdev: nvidia: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: au1200fb: Fix potential divide by zero ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() scsi: megaraid_sas: Fix crash after a double completion can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write i40e: fix registers dump after run ethtool adapter self test net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only net: mvneta: make tx buffer array agnostic Input: alps - fix compatibility with -funsigned-char Input: focaltech - use explicitly signed char type cifs: prevent infinite recursion in CIFSGetDFSRefer() cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL xen/netback: don't do grant copy across page boundary pinctrl: at91-pio4: fix domain name assignment ALSA: hda/conexant: Partial revert of a quirk for Lenovo ALSA: usb-audio: Fix regression on detection of Roland VS-100 drm/etnaviv: fix reference leak when mmaping imported buffer s390/uaccess: add missing earlyclobber annotations to __clear_user() usb: host: ohci-pxa27x: Fix and & vs | typo ext4: fix kernel BUG in 'ext4_write_inline_data_end()' firmware: arm_scmi: Fix device node validation for mailbox transport gfs2: Always check inode size of inline inodes net: sched: cbq: dont intepret cls results when asked to drop cgroup/cpuset: Change cpuset_rwsem and hotplug lock order cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() Linux 4.19.280 Change-Id: I63f8dc1e674a396e468ee0ea314d141682d60b72 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Tetsuo Handa
|
321488cfac |
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
commit 43626dade36fa74d3329046f4ae2d7fdefe401c6 upstream.
syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at
cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix
threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that
cpuset_attach() is also called from cgroup_attach_task_all().
Add cpus_read_lock() like what cgroup_procs_write_start() does.
Link: https://syzkaller.appspot.com/bug?extid=29d3a3b4d86c8136ad9e [1]
Reported-by: syzbot <syzbot+29d3a3b4d86c8136ad9e@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock")
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Tejun Heo
|
e446300968 |
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
commit 4f7e7236435ca0abe005c674ebd6892c6e83aeb3 upstream.
Add #include <linux/cpu.h> to avoid compile error on some architectures.
commit 9a3284fad42f6 ("cgroup: Optimize single thread migration") and
commit 671c11f0619e5 ("cgroup: Elide write-locking threadgroup_rwsem
when updating csses on an empty subtree") are not backport. So ignore the
input parameter of cgroup_attach_lock/cgroup_attach_unlock.
original commit message:
Bringing up a CPU may involve creating and destroying tasks which requires
read-locking threadgroup_rwsem, so threadgroup_rwsem nests inside
cpus_read_lock(). However, cpuset's ->attach(), which may be called with
thredagroup_rwsem write-locked, also wants to disable CPU hotplug and
acquires cpus_read_lock(), leading to a deadlock.
Fix it by guaranteeing that ->attach() is always called with CPU hotplug
disabled and removing cpus_read_lock() call from cpuset_attach().
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-and-tested-by: Imran Khan <imran.f.khan@oracle.com>
Reported-and-tested-by: Xuewen Yan <xuewen.yan@unisoc.com>
Fixes: 05c7b7a92cc8 ("cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug")
Cc: stable@vger.kernel.org # v5.17+
Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Juri Lelli
|
224262583f |
cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
commit d74b27d63a8bebe2fe634944e4ebdc7b10db7a39 upstream.
commit 1243dc518c9da ("cgroup/cpuset: Convert cpuset_mutex to
percpu_rwsem") is performance patch which is not backport. So
convert percpu_rwsem to cpuset_mutex.
commit
|
||
|
Wilson Sung
|
63376759a1 |
Merge android-4.19-stable (4.19.272) into android-msm-pixel-4.19-lts
Merge 4.19.272 into android-4.19-stable
Linux 4.19.272
* usb: host: xhci-plat: add wakeup entry at sysfs
drivers/usb/host/xhci-plat.c
* ipv6: ensure sane device mtu in tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/sit.c
* exit: Use READ_ONCE() for all oops/warn limit reads
kernel/exit.c
kernel/panic.c
docs: Fix path paste-o for /sys/kernel/warn_count
* panic: Expose "warn_count" to sysfs
kernel/panic.c
* panic: Introduce warn_limit
kernel/panic.c
* panic: Consolidate open-coded panic_on_warn checks
include/linux/kernel.h
kernel/panic.c
kernel/sched/core.c
* exit: Allow oops_limit to be disabled
kernel/exit.c
* exit: Expose "oops_count" to sysfs
kernel/exit.c
* exit: Put an upper limit on how often we can oops
kernel/exit.c
ia64: make IA64_MCA_RECOVERY bool instead of tristate
h8300: Fix build errors from do_exit() to make_task_dead() transition
hexagon: Fix function name in die()
objtool: Add a missing comma to avoid string concatenation
* exit: Add and use make_task_dead.
arch/arm64/kernel/traps.c
arch/arm64/mm/fault.c
include/linux/sched/task.h
kernel/exit.c
* panic: unset panic_on_warn inside panic()
kernel/panic.c
* sysctl: add a new register_sysctl_init() interface
fs/proc/proc_sysctl.c
include/linux/sysctl.h
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
ARM: dts: imx: Fix pca9547 i2c-mux node name
x86/entry/64: Add instruction suffix to SYSRET
x86/asm: Fix an assembler warning with current binutils
drm/i915/display: fix compiler warning about array overrun
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: ravb: Fix possible hang if RIS2_QFF1 happen
* sctp: fail if no bound addresses can be used for a given scope
net/sctp/bind_addr.c
netrom: Fix use-after-free of a listening socket.
* netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
net/netfilter/nf_conntrack_proto_sctp.c
* ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
net/ipv4/metrics.c
* netlink: annotate data races around sk_state
net/netlink/af_netlink.c
* netlink: annotate data races around dst_portid and dst_group
net/netlink/af_netlink.c
* netlink: annotate data races around nlk->portid
net/netlink/af_netlink.c
* netlink: remove hash::nelems check in netlink_insert
net/netlink/af_netlink.c
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
* net: fix UaF in netns ops registration error path
net/core/net_namespace.c
* EDAC/device: Respect any driver-supplied workqueue polling value
drivers/edac/edac_device.c
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
smbd: Make upper layer decide when to destroy the transport
trace_events_hist: add check for return value of 'create_hist_field'
* tracing: Make sure trace_printk() can output as soon as it can be used
kernel/trace/trace.c
kernel/trace/trace.h
kernel/trace/trace_output.c
* module: Don't wait for GOING modules
kernel/module.c
scsi: hpsa: Fix allocation size for scsi_host_alloc()
* Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
net/bluetooth/hci_core.c
fs: reiserfs: remove useless new_opts in reiserfs_remount
perf env: Do not return pointers to local variables
* block: fix and cleanup bio_check_ro
block/blk-core.c
* netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
net/netfilter/nf_conntrack_proto_tcp.c
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
* tcp: avoid the lookup process failing to get sk in ehash table
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: commonize DMA copy size calculation
HID: betop: check shape of output reports
net: macb: fix PTP TX timestamp failure due to packet padding
* dmaengine: Fix double increment of client_count in dma_chan_get()
drivers/dma/dmaengine.c
net: mlx5: eliminate anonymous module_init & module_exit
* usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
drivers/usb/gadget/function/f_fs.c
* usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* HID: check empty report_list in hid_validate_values()
drivers/hid/hid-core.c
* net: mdio: validate parameter addr in mdiobus_get_phy()
drivers/net/phy/mdio_bus.c
net: usb: sr9700: Handle negative len
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: nfc: Fix use-after-free in local_cleanup()
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
* bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
kernel/bpf/verifier.c
amd-xgbe: Delay AN timeout during KR training
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
affs: initialize fsdata in affs_truncate()
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Reject a zero-length user expected buffer
tomoyo: fix broken dependency on *.conf.default
EDAC/highbank: Fix memory leak in highbank_mc_probe()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
UPSTREAM: tcp: fix tcp_rmem documentation
* UPSTREAM: nvmem: core: skip child nodes not matching binding
drivers/nvmem/core.c
* BACKPORT: nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
drivers/nvmem/core.c
* UPSTREAM: sched/eas: Don't update misfit status if the task is pinned
kernel/sched/fair.c
* BACKPORT: arm64: link with -z norelro for LLD or aarch64-elf
arch/arm64/Makefile
* UPSTREAM: driver: core: Fix list corruption after device_del()
drivers/base/core.c
* UPSTREAM: coresight: tmc-etr: Fix barrier packet insertion for perf buffer
drivers/hwtracing/coresight/coresight-tmc-etr.c
* UPSTREAM: f2fs: fix double free of unicode map
fs/f2fs/super.c
* BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()
net/xfrm/xfrm_state.c
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
* UPSTREAM: scsi: ufs: Fix missing brace warning for old compilers
drivers/scsi/ufs/ufshcd-crypto.c
* UPSTREAM: arm64: vdso32: make vdso32 install conditional
arch/arm64/Makefile
* UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
drivers/block/loop.c
BACKPORT: drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
* BACKPORT: sched/uclamp: Protect uclamp fast path code with static key
kernel/sched/core.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/sched.h
* BACKPORT: sched/uclamp: Fix initialization of struct uclamp_rq
kernel/sched/core.c
* UPSTREAM: coresight: etmv4: Fix CPU power management setup in probe() function
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
arch/arm64/kernel/vdso/Makefile
* BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
arch/arm64/kernel/vdso/Makefile
UPSTREAM: drm/virtio: fix a wait_event condition
* BACKPORT: sched/topology: Don't try to build empty sched domains
kernel/cgroup/cpuset.c
kernel/sched/topology.c
* BACKPORT: binder: prevent UAF read in print_binder_transaction_log_entry()
drivers/android/binder.c
drivers/android/binder_internal.h
* BACKPORT: copy_process(): don't use ksys_close() on cleanups
kernel/fork.c
* BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
arch/arm64/kernel/asm-offsets.c
* UPSTREAM: locking/lockdep, cpu/hotplug: Annotate AP thread
kernel/cpu.c
* Revert "xhci: Add a flag to disable USB3 lpm on a xhci root port level."
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
Merge 4.19.271 into android-4.19-stable
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: mac80211_hwsim: add frame transmission support over virtio This allows communication with external entities.
include/uapi/linux/virtio_ids.h
* BACKPORT: driver core: Skip unnecessary work when device doesn't have sync_state()
drivers/base/core.c
Linux 4.19.271
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
* Revert "ext4: generalize extents status tree search functions"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: add new pending reservation mechanism"
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* Revert "ext4: fix reserved cluster accounting at delayed write time"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline"
fs/ext4/extents.c
gsmi: fix null-deref in gsmi_get_variable
serial: atmel: fix incorrect baudrate setup
serial: pch_uart: Pass correct sg to dma_unmap_sg()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
* usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
drivers/usb/gadget/function/f_ncm.c
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: typec: altmodes/displayport: Add pin assignment helper
usb: host: ehci-fsl: Fix module alias
USB: serial: cp210x: add SCALANCE LPE-9000 device id
cifs: do not include page data when checking signature
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
comedi: adv_pci1760: Fix PWM instruction handling
* usb: core: hub: disable autosuspend for TI TUSB8041
drivers/usb/core/hub.c
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
USB: serial: option: add Quectel EM05CN modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (GR) modem
* prlimit: do_prlimit needs to have a speculation check
kernel/sys.c
* xhci: Add a flag to disable USB3 lpm on a xhci root port level.
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
* xhci: Fix null pointer dereference when host dies
drivers/usb/host/xhci.c
* usb: xhci: Check endpoint is valid before dereferencing it
drivers/usb/host/xhci-ring.c
* xhci-pci: set the dma max_seg_size
drivers/usb/host/xhci-pci.c
nilfs2: fix general protection fault in nilfs_btree_insert()
Add exception protection processing for vd in axi_chan_handle_err function
* f2fs: let's avoid panic if extent_tree is not created
fs/f2fs/extent_cache.c
RDMA/srp: Move large values to a new enum for gcc13
* net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
net/core/ethtool.c
pNFS/filelayout: Fix coalescing test for single DS
* ANDROID: usb: f_accessory: Check buffer size when initialised via composite
drivers/usb/gadget/configfs.c
drivers/usb/gadget/function/f_accessory.c
Merge 4.19.270 into android-4.19-stable
Linux 4.19.270
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
serial: tegra: Only print FIFO error message when an error occurs
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
efi: fix NULL-deref in init error path
* arm64: cmpxchg_double*: hazard against entire exchange variable
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
drm/virtio: Fix GEM handle creation UAF
x86/resctrl: Fix task CLOSID/RMID update race
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5: Rename ptp clock info
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
hvc/xen: lock console list traversal
regulator: da9211: Use irq handler when ready
* EDAC/device: Fix period calculation in edac_device_reset_delay_period()
drivers/edac/edac_device.c
drivers/edac/edac_module.h
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
* ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
fs/ext4/exten Conflicts:
drivers/edac/edac_device.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/usb/core/hub.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
kernel/panic.c
mm/kasan/report.cts.c
* ext4: fix reserved cluster accounting at delayed write time
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: add new pending reservation mechanism
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* ext4: generalize extents status tree search functions
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: fix uninititialized value in 'ext4_evict_inode'
fs/ext4/super.c
* ext4: fix use-after-free in ext4_orphan_cleanup
fs/ext4/inode.c
* ext4: lost matching-pair of trace in ext4_truncate
fs/ext4/inode.c
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
fs/quota/dquot.c
* quota: Factor out setup of quota inode
fs/quota/dquot.c
include/linux/quotaops.h
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl: Fix incorrect reboot for grub2bls
ktest: introduce grub2bls REBOOT_TYPE option
ktest: cleanup get_grub_index
ktest: introduce _get_grub_index
ktest: Add support for meta characters in GRUB_MENU
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
wifi: wilc1000: sdio: fix module autoloading
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
net/ipv6/raw.c
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
cifs: Fix uninitialized memory read for smb311 posix symlink create
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
sound/core/control_compat.c
* net/ulp: prevent ULP without clone op from entering the LISTEN status
net/ipv4/inet_connection_sock.c
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
perf auxtrace: Fix address filter duplicate symbol selection
docs: Fix the docs build with Sphinx 6.0
* net: sched: disallow noqueue for qdisc classes
net/sched/sch_api.c
* driver core: Fix bus_type.match() error handling in __driver_attach()
drivers/base/dd.c
parisc: Align parisc MADV_XXX constants with all other architectures
* mbcache: Avoid nesting of cache->c_list_lock under bit locks
fs/mbcache.c
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
hfs/hfsplus: use WARN_ON for sanity check
* ext4: don't allow journal inode to have encrypt flag
fs/ext4/super.c
riscv: uaccess: fix type of 0 variable on error in get_user()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
x86/bugs: Flush IBP in ib_prctl_set()
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
udf: Fix extension of the last extent in the file
caif: fix memory leak in cfctrl_linkup_request()
usb: rndis_host: Secure rndis_query check against int overflow
net: sched: atm: dont intepret cls results when asked to drop
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: amd-xgbe: add missed tasklet_kill
nfc: Fix potential resource leaks
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
* bpf: pull before calling skb_postpull_rcsum()
net/core/filter.c
* SUNRPC: ensure the matching upcall is in-flight upon downcall
include/linux/sunrpc/rpc_pipe_fs.h
* ext4: fix deadlock due to mbcache entry corruption
fs/ext4/xattr.c
fs/mbcache.c
include/linux/mbcache.h
* mbcache: automatically delete entries from cache on freeing
fs/mbcache.c
include/linux/mbcache.h
* ext4: fix race when reusing xattr blocks
fs/ext4/xattr.c
* ext4: unindent codeblock in ext4_xattr_block_set()
fs/ext4/xattr.c
* ext4: remove EA inode entry from mbcache on inode eviction
fs/ext4/inode.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* mbcache: add functions to delete entry if unused
fs/mbcache.c
include/linux/mbcache.h
* mbcache: don't reclaim used entries
fs/mbcache.c
* ext4: use kmemdup() to replace kmalloc + memcpy
fs/ext4/xattr.c
* ext4: correct inconsistent error msg in nojournal mode
fs/ext4/super.c
* ext4: goto right label 'failed_mount3a'
fs/ext4/super.c
* driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
drivers/base/dd.c
ravb: Fix "failed to switch device to config mode" message during unbind
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
dm thin: resume even if in FAIL mode
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
btrfs: replace strncpy() with strscpy()
btrfs: send: avoid unnecessary backref lookups when finding clone source
* ext4: allocate extended attribute value in vmalloc area
fs/ext4/xattr.c
* ext4: avoid unaccounted block allocation when expanding inode
fs/ext4/inode.c
* ext4: initialize quota before expanding inode in setproject ioctl
fs/ext4/ioctl.c
* ext4: fix inode leak in ext4_xattr_inode_create() on an error path
fs/ext4/xattr.c
* ext4: avoid BUG_ON when creating xattrs
fs/ext4/xattr.c
* ext4: fix error code return to user-space in ext4_get_branch()
fs/ext4/indirect.c
* ext4: fix corruption when online resizing a 1K bigalloc fs
fs/ext4/resize.c
* ext4: init quota for 'old.inode' in 'ext4_rename'
fs/ext4/namei.c
* ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
fs/ext4/ioctl.c
* ext4: add helper to check quota inums
fs/ext4/super.c
* ext4: fix undefined behavior in bit shift for ext4_check_flag_values
fs/ext4/ext4.h
* ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
fs/ext4/inode.c
drm/vmwgfx: Validate the box size for the snooped cursor
* drm/connector: send hotplug uevent on connector cleanup
drivers/gpu/drm/drm_connector.c
device_cgroup: Roll back to original exceptions after copy failure
parisc: led: Fix potential null-ptr-deref in start_task()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
crypto: n2 - add missing hash statesize
* PCI/sysfs: Fix double free in error path
drivers/pci/pci-sysfs.c
* PCI: Fix pci_device_is_present() for VFs by checking PF
drivers/pci/pci.c
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix long wait in unload when IPMI disconnect
md/bitmap: Fix bitmap chunk size overflow issues
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
* tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
kernel/trace/trace.c
x86/microcode/intel: Do not retry microcode reloading on the APs
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm thin: Fix UAF in run_timer_softirq()
dm thin: Use last transaction's pmd->root when commit failed
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
binfmt: Fix error return code in load_elf_fdpic_binary()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
selftests: Use optional USERCFLAGS and USERLDFLAGS
ARM: ux500: do not directly dereference __iomem
ktest.pl minconfig: Unset configs instead of just removing them
* soc: qcom: Select REMAP_MMIO for LLCC driver
drivers/soc/qcom/Kconfig
media: stv0288: use explicitly signed char
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
md: fix a crash in mempool_free
* pnode: terminate at peers of source
fs/pnode.c
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
* ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
fs/overlayfs/dir.c
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
* HID: plantronics: Additional PIDs for double volume key presses quirk
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
powerpc/rtas: avoid scheduling in rtas_os_term()
powerpc/rtas: avoid device tree lookups in rtas_os_term()
ata: ahci: Fix PCS quirk application for suspend
media: dvbdev: fix refcnt bug
* media: dvbdev: fix build warning due to comments
include/media/dvbdev.h
gcov: add support for checksum field
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
reiserfs: Add missing calls to reiserfs_security_free()
* HID: wacom: Ensure bootloader PID is usable in hidraw mode
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
drivers/hid/wacom_wac.h
* usb: dwc3: core: defer probe on ulpi_read_id timeout
drivers/usb/dwc3/core.c
* pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
fs/pstore/Kconfig
* pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
fs/pstore/pmsg.c
ASoC: rt5670: Remove unbalanced pm_runtime_put()
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
clk: st: Fix memory leak in st_of_quadfs_setup()
media: si470x: Fix use-after-free in si470x_int_in_callback()
mmc: f-sdh30: Add quirks for broken timeout clock capability
* regulator: core: fix use_count leakage when handling boot-on
drivers/regulator/core.c
* blk-mq: fix possible memleak when register 'hctx' failed
block/blk-mq-sysfs.c
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
* media: dvbdev: adopts refcnt to avoid UAF
include/media/dvbdev.h
media: dvb-frontends: fix leak of memory fw
* ppp: associate skb with a device at tx
drivers/net/ppp/ppp_generic.c
* mrp: introduce active flags to prevent UAF when applicant uninit
include/net/mrp.h
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
drm/sti: Use drm_mode_copy()
s390/lcs: Fix return type of lcs_start_xmit()
s390/netiucv: Fix return type of netiucv_tx()
s390/ctcm: Fix return type of ctc{mp,}m_tx()
drm/amdgpu: Fix type of second parameter in trans_msg() callback
igb: Do not free q_vector unless new one was allocated
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
* bpf: make sure skb->len != 0 when redirecting to a tunneling device
net/core/filter.c
ipmi: fix memleak when unload ipmi driver
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
wifi: ath9k: verify the expected usb_endpoints are present
hfs: fix OOB Read in __hfs_brec_find
acct: fix potential integer overflow in encode_comp_t()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
ACPICA: Fix error code path in acpi_ds_call_control_method()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbAllocAG
binfmt_misc: fix shift-out-of-bounds in check_special_flags
* net: stream: purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
myri10ge: Fix an error handling path in myri10ge_probe()
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
* net_sched: reject TCF_EM_SIMPLE case for complex ematch module
net/sched/ematch.c
* skbuff: Account for tail adjustment during pull operations
net/core/skbuff.c
openvswitch: Fix flow lookup to use unmasked key
rtc: mxc_v2: Add missing clk_disable_unprepare()
r6040: Fix kmemleak in probe and remove
nfc: pn533: Clear nfc_target before being used
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
selftests/powerpc: Fix resource leaks
powerpc/hv-gpci: Fix hv_gpci event list
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/52xx: Fix a resource leak in an error handling path
macintosh/macio-adb: check the return value of ioremap()
macintosh: fix possible memory leak in macio_add_one_device()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
iommu/amd: Fix pci device refcount leak in ppr_notifier()
rtc: snvs: Allow a time difference on clock register read
* include/uapi/linux/swab: Fix potentially missing __always_inline
include/uapi/linux/swab.h
HSI: omap_ssi_core: Fix error handling in ssi_init()
perf symbol: correction while adjusting symbol
* power: supply: fix residue sysfs file in error handle route of __power_supply_register()
drivers/power/supply/power_supply_core.c
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
fbdev: vermilion: decrease reference count in error path
fbdev: via: Fix error in via_core_init()
fbdev: pm2fb: fix missing pci_disable_device()
* fbdev: ssd1307fb: Drop optional dependency
drivers/video/fbdev/Kconfig
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
tracing/hist: Fix issue of losting command info in error_log
usb: storage: Add check for kcalloc
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
vme: Fix error not catched in fake_init()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
staging: rtl8192u: Fix use after free in ieee80211_rx()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
* chardev: fix error handling in cdev_device_add()
fs/char_dev.c
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
drivers: mcb: fix resource leak in mcb_probe()
* usb: gadget: f_hid: fix refcount leak on error path
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: fix f_hidg lifetime vs cdev
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: optional SETUP/SET_REPORT mode
drivers/usb/gadget/function/f_hid.c
drivers/usb/gadget/function/u_hid.h
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
test_firmware: fix memory leak in test_firmware_init()
serial: sunsab: Fix error handling in sunsab_init()
serial: altera_uart: fix locking in polling mode
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: amba-pl011: avoid SBSA UART accessing DMACR register
* usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
drivers/usb/typec/bus.c
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: fotg210-udc: Fix ages old endianness issues
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
vfio: platform: Do not pass return buffer to ACPI _RST method
* class: fix possible memory leak in __class_register()
drivers/base/class.c
serial: tegra: Read DMA status before terminating
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Add PIO mode support
serial: tegra: report clk rate errors
serial: tegra: add support to adjust baud rate
serial: tegra: add support to use 8 bytes trigger
serial: tegra: set maximum num of uart ports to 8
serial: tegra: check for FIFO mode enabled status
serial: tegra: avoid reg access when clk disabled
drivers: dio: fix possible memory leak in dio_init()
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
hwrng: geode - Fix PCI device refcount leak
hwrng: amd - Fix PCI device refcount leak
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hfi1: Fix error return code in parse_platform_config()
scsi: snic: Fix possible UAF in snic_tgt_create()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
scsi: hpsa: use local workqueues instead of system workqueues
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hfi: Decrease PCI device reference count in error path
* PCI: Check for alloc failure in pci_request_irq()
drivers/pci/irq.c
scsi: scsi_debug: Fix a warning in resp_write_scat()
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
* f2fs: fix normal discard process
fs/f2fs/segment.c
apparmor: Fix abi check to include v8 abi
apparmor: fix lockdep warning when removing a namespace
apparmor: fix a memleak in multi_transaction_new()
stmmac: fix potential division by 0
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
* Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
net/bluetooth/hci_core.c
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
net: lan9303: Fix read error execution path
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: amd-xgbe: Fix logic around active and passive cables
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
* net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net/ipv4/udp_tunnel.c
net: farsync: Fix kmemleak when rmmods farsync
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
net: defxx: Fix missing err handling in dfx_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: clk-pll: Remove unused variable 'rc'
* blktrace: Fix output non-blktrace event when blk_classic option enabled
kernel/trace/blktrace.c
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
rtl8xxxu: add enumeration for channel bandwidth
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
media: coda: Add check for kmalloc
media: coda: Add check for dcoda_iram_alloc
media: c8sectpfe: Add of_node_put() when breaking out of loop
mmc: mmci: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
NFSv4.x: Fail client initialisation if state manager thread can't run
SUNRPC: Fix missing release socket in rpc_sockname()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
media: saa7164: fix missing pci_disable_device()
* regulator: core: fix module refcount leak in set_supply()
drivers/regulator/core.c
* wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
net/wireless/reg.c
* bonding: uninitialized variable in bond_miimon_inspect()
drivers/net/bonding/bond_main.c
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
ALSA: asihpi: fix missing pci_disable_device()
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFSv4.2: Fix a memory stomp in decode_attr_security_label
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
* pinctrl: pinconf-generic: add missing of_node_put()
drivers/pinctrl/pinconf-generic.c
media: imon: fix a race condition in send_packet()
drbd: remove call to memset before free device/resource/connection
mtd: maps: pxa2xx-flash: fix memory leak in probe
* bonding: Export skip slave logic to function
drivers/net/bonding/bond_main.c
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
* ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
include/uapi/sound/asequencer.h
HID: hid-sensor-custom: set fixed size for custom attributes
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Input: elants_i2c - properly handle the reset GPIO when power is off
mtd: lpddr2_nvm: Fix possible null-ptr-deref
wifi: ath10k: Fix return value in ath10k_pci_init()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
* regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
drivers/regulator/core.c
ASoC: pxa: fix null-pointer dereference in filter()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
* net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
include/linux/proc_fs.h
media: camss: Clean up received buffers on failed start of streaming
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
mtd: Fix device name leak when register device failed in add_mtd_device()
media: vivid: fix compose size exceed boundary
spi: Update reference to struct spi_controller
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: do not increase tx statistics when sending error message frames
media: i2c: ad5820: Fix error path
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
wifi: rtl8xxxu: Fix reading the vendor of combo chips
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
rapidio: devices: fix missing put_device in mport_cdev_open
hfs: Fix OOB Write in hfs_asc2mac
relay: fix type mismatch when allocating memory in relay_create_buf()
* eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
include/linux/eventfd.h
rapidio: fix possible UAF when kfifo_alloc() fails
fs: sysv: Fix sysv_nblocks() returns wrong value
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
* PM: runtime: Do not call __rpm_callback() from rpm_idle()
drivers/base/power/runtime.c
* PM: runtime: Improve path in rpm_idle() when no callback
drivers/base/power/runtime.c
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
x86/xen: Fix memory leak in xen_init_lock_cpu()
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
rapidio: rio: fix possible name leak in rio_register_mport()
rapidio: fix possible name leaks when rio_add_device() fails
* debugfs: fix error when writing negative value to atomic_t debugfs file
fs/debugfs/file.c
include/linux/debugfs.h
lib/notifier-error-inject: fix error when writing -errno to debugfs file
* libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
fs/libfs.c
include/linux/fs.h
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
PNP: fix name memory leak in pnp_alloc_dev()
MIPS: vpe-cmp: fix possible memory leak while module exiting
MIPS: vpe-mt: fix possible memory leak while module exiting
ocfs2: fix memory leak in ocfs2_stack_glue_init()
proc: fixup uptime selftest
* timerqueue: Use rb_entry_safe() in timerqueue_getnext()
include/linux/timerqueue.h
* perf: Fix possible memleak in pmu_dev_alloc()
kernel/events/core.c
selftests/ftrace: event_triggers: wait longer for test_event_enable
* fs: don't audit the capability check in simple_xattr_list()
fs/xattr.c
alpha: fix syscall entry in !AUDUT_SYSCALL case
* cpuidle: dt: Return the correct numbers of parsed idle states
drivers/cpuidle/dt_idle_states.c
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
* pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
fs/pstore/ram_core.c
ARM: mmp: fix timer_read delay
* pstore/ram: Fix error return code in ramoops_probe()
fs/pstore/ram.c
ARM: dts: turris-omnia: Add switch port 6 node
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
arm: dts: spear600: Fix clcd interrupt
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
ARM: dts: qcom: apq8064: fix coresight compatible
usb: musb: remove extra check in musb_gadget_vbus_draw
* net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers/net/loopback.c
* Bluetooth: L2CAP: Fix u8 overflow
net/bluetooth/l2cap_core.c
igb: Initialize mailbox message for VF reset
USB: serial: f81534: fix division by zero on line-speed change
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: option: add Quectel EM05-G modem
usb: gadget: uvc: Prevent buffer overflow in setup handler
udf: Fix extending file within last block
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix preallocation discarding at indirect extent boundary
udf: Discard preallocation before extending file with a hole
perf script python: Remove explicit shebang from tests/attr.c
* ASoC: ops: Correct bounds check for second channel on SX controls
sound/soc/soc-ops.c
can: mcba_usb: Fix termination command argument
* can: sja1000: fix size of OCR_MODE_MASK define
include/linux/can/platform/sja1000.h
pinctrl: meditatek: Startup with the IRQs disabled
* ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
sound/soc/soc-ops.c
nfp: fix use-after-free in area_cache_get()
* block: unhash blkdev part inode when the part is deleted
block/partition-generic.c
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
* mm/khugepaged: fix GUP-fast interaction by sending IPI
include/asm-generic/tlb.h
mm/memory.c
ANDROID: Add more hvc devices for virtio-console.
ANDROID: Add allowed symbols required from Qualcomm drivers
* BACKPORT: lib: introduce copy_struct_from_user() helper
include/linux/bitops.h
include/linux/uaccess.h
lib/strnlen_user.c
lib/usercopy.c
* ANDROID: fix BIT() redefinition
include/linux/bits.h
include/vdso/bits.h
Bug: 268137599
Change-Id: I1ae5c7cfdd0387ced375d87341327c27bd3ae454
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Valentin Schneider
|
c6ffa58898 |
BACKPORT: sched/topology: Don't try to build empty sched domains
Turns out hotplugging CPUs that are in exclusive cpusets can lead to the
cpuset code feeding empty cpumasks to the sched domain rebuild machinery.
This leads to the following splat:
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 235 Comm: kworker/5:2 Not tainted 5.4.0-rc1-00005-g8d495477d62e #23
Hardware name: ARM Juno development board (r0) (DT)
Workqueue: events cpuset_hotplug_workfn
pstate: 60000005 (nZCv daif -PAN -UAO)
pc : build_sched_domains (./include/linux/arch_topology.h:23 kernel/sched/topology.c:1898 kernel/sched/topology.c:1969)
lr : build_sched_domains (kernel/sched/topology.c:1966)
Call trace:
build_sched_domains (./include/linux/arch_topology.h:23 kernel/sched/topology.c:1898 kernel/sched/topology.c:1969)
partition_sched_domains_locked (kernel/sched/topology.c:2250)
rebuild_sched_domains_locked (./include/linux/bitmap.h:370 ./include/linux/cpumask.h:538 kernel/cgroup/cpuset.c:955 kernel/cgroup/cpuset.c:978 kernel/cgroup/cpuset.c:1019)
rebuild_sched_domains (kernel/cgroup/cpuset.c:1032)
cpuset_hotplug_workfn (kernel/cgroup/cpuset.c:3205 (discriminator 2))
process_one_work (./arch/arm64/include/asm/jump_label.h:21 ./include/linux/jump_label.h:200 ./include/trace/events/workqueue.h:114 kernel/workqueue.c:2274)
worker_thread (./include/linux/compiler.h:199 ./include/linux/list.h:268 kernel/workqueue.c:2416)
kthread (kernel/kthread.c:255)
ret_from_fork (arch/arm64/kernel/entry.S:1167)
Code: f860dae2 912802d6 aa1603e1 12800000 (f8616853)
The faulty line in question is:
cap = arch_scale_cpu_capacity(cpumask_first(cpu_map));
and we're not checking the return value against nr_cpu_ids (we shouldn't
have to!), which leads to the above.
Prevent generate_sched_domains() from returning empty cpumasks, and add
some assertion in build_sched_domains() to scream bloody murder if it
happens again.
The above splat was obtained on my Juno r0 with the following reproducer:
$ cgcreate -g cpuset:asym
$ cgset -r cpuset.cpus=0-3 asym
$ cgset -r cpuset.mems=0 asym
$ cgset -r cpuset.cpu_exclusive=1 asym
$ cgcreate -g cpuset:smp
$ cgset -r cpuset.cpus=4-5 smp
$ cgset -r cpuset.mems=0 smp
$ cgset -r cpuset.cpu_exclusive=1 smp
$ cgset -r cpuset.sched_load_balance=0 .
$ echo 0 > /sys/devices/system/cpu/cpu4/online
$ echo 0 > /sys/devices/system/cpu/cpu5/online
Bug: 254441685
Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Dietmar.Eggemann@arm.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: hannes@cmpxchg.org
Cc: lizefan@huawei.com
Cc: morten.rasmussen@arm.com
Cc: qperret@google.com
Cc: tj@kernel.org
Cc: vincent.guittot@linaro.org
Fixes: 05484e098448 ("sched/topology: Add SD_ASYM_CPUCAPACITY flag detection")
Link: https://lkml.kernel.org/r/20191023153745.19515-2-valentin.schneider@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit cd1cb3350561d2bf544ddfef76fbf0b1c9c7178f)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If93e57ff867b5d6004cc0481a1fcc198a9bcefe8
|
||
|
Wilson Sung
|
9935a3fd79 |
Merge android-4.19-stable (4.19.269) into android-msm-pixel-4.19-lts
Merge 4.19.269 into android-4.19-stable
Linux 4.19.269
can: esd_usb: Allow REC and TEC to return to zero
net: mvneta: Fix an out of bounds check
* ipv6: avoid use-after-free in ip6_fragment()
net/ipv6/ip6_output.c
net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
xen/netback: fix build warning
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
* tipc: Fix potential OOB in tipc_link_proto_rcv()
net/tipc/link.c
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: stmmac: fix "snps,axi-config" node property parsing
nvme initialize core quirks before calling nvme_init_subsystem
NFC: nci: Bounds check struct nfc_target arrays
i40e: Disallow ip4 and ip6 l4_4_bytes
i40e: Fix for VF MAC address 0
i40e: Fix not setting default xps_cpus after reset
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
xen-netfront: Fix NULL sring after live migration
net: encx24j600: Fix invalid logic in reading of MISTAT register
net: encx24j600: Add parentheses to fix precedence
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
* Bluetooth: Fix not cleanup led when bt_init fails
net/bluetooth/af_bluetooth.c
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
igb: Allocate MSI-X vector when testing
e1000e: Fix TX dispatch condition
gpio: amd8111: Fix PCI device reference count leak
ca8210: Fix crash by zero initializing data
ieee802154: cc2520: Fix error return code in cc2520_hw_init()
* HID: core: fix shift-out-of-bounds in hid_report_raw_event
drivers/hid/hid-core.c
HID: hid-lg4ff: Add check for empty lbuf
KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
* memcg: fix possible use-after-free in memcg_write_event_control()
include/linux/cgroup.h
kernel/cgroup/cgroup-internal.h
mm/memcontrol.c
* media: v4l2-dv-timings.c: fix too strict blanking sanity checks
drivers/media/v4l2-core/v4l2-dv-timings.c
rcutorture: Automatically create initrd directory
xen/netback: don't call kfree_skb() with interrupts disabled
xen/netback: do some code cleanup
xen/netback: Ensure protocol headers don't fall in the non-linear area
net: usb: qmi_wwan: add u-blox 0x1342 composition
9p/xen: check logical size for buffer size
fbcon: Use kzalloc() in fbcon_prepare_logo()
regulator: twl6030: fix get status of twl6032 regulators
* ASoC: soc-pcm: Add NULL check in BE reparenting
sound/soc/soc-pcm.c
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
9p/fd: Use P9_HDRSZ for header size
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
ARM: dts: rockchip: fix ir-receiver node names
arm: dts: rockchip: fix node name for hym8563 rtc
ANDROID: Add allowed symbols required from Qualcomm drivers
Merge 4.19.268 into android-4.19-stable
Linux 4.19.268
ipc/sem: Fix dangling sem_array access in semtimedop race
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
* Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
net/bluetooth/l2cap_core.c
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
* tcp/udp: Fix memory leak in ipv6_renew_options().
net/ipv6/ipv6_sockglue.c
* Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
lib/Kconfig.debug
* parisc: Increase FRAME_WARN to 2048 bytes on parisc
lib/Kconfig.debug
* xtensa: increase size of gcc stack frame check
lib/Kconfig.debug
* parisc: Increase size of gcc stack frame check
lib/Kconfig.debug
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
* ASoC: ops: Fix bounds check for _sx controls
sound/soc/soc-ops.c
* mm: Fix '.data.once' orphan section warning
include/linux/mmdebug.h
* arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arch/arm64/kernel/cpu_errata.c
* arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
arch/arm64/kernel/cpu_errata.c
pinctrl: intel: Save and restore pins in "direct IRQ" mode
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
* error-injection: Add prompt for function error injection
lib/Kconfig.debug
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
* packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net/packet/af_packet.c
* net: tun: Fix use-after-free in tun_detach()
drivers/net/tun.c
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
* net: phy: fix null-ptr-deref while probe() failed
drivers/net/phy/phy_device.c
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
* of: property: decrement node refcount in of_fwnode_get_reference_args()
drivers/of/property.c
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
scripts/faddr2line: Fix regression in name resolution on ppc64le
* iio: light: rpr0521: add missing Kconfig dependencies
drivers/iio/light/Kconfig
iio: health:
|
||
|
JohnnLee
|
4417492ff1 |
Revert "FROMGIT: cgroup: Use separate src/dst nodes when preloading css_sets for migration"
This reverts commit
|
||
|
JohnnLee
|
bb9406fd87 |
Merge branch 'LA.UM.9.12.C10.11.00.00.840.415' via branch 'qcom-msm-4.19-7250' into android-msm-pixel-4.19
Conflicts: arch/arm64/configs/vendor/kona_defconfig drivers/char/adsprpc.c drivers/dma-buf/dma-buf.c drivers/firmware/qcom/tz_log.c drivers/hid/hid-holtek-mouse.c drivers/mmc/host/cqhci-crypto-qti.c drivers/soc/qcom/qmi_rmnet.c drivers/usb/gadget/composite.c drivers/usb/gadget/function/f_uac1.c drivers/usb/gadget/function/rndis.c fs/f2fs/super.c net/sctp/input.c Bug: 253163588 Change-Id: Ie21081a2d496960b56a3a2ac9cb6c45e285e698e Signed-off-by: JohnnLee <johnnlee@google.com> |
||
|
Greg Kroah-Hartman
|
6369256a83 |
Merge 4.19.269 into android-4.19-stable
Changes in 4.19.269 arm: dts: rockchip: fix node name for hym8563 rtc ARM: dts: rockchip: fix ir-receiver node names ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 9p/fd: Use P9_HDRSZ for header size ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event ASoC: soc-pcm: Add NULL check in BE reparenting regulator: twl6030: fix get status of twl6032 regulators fbcon: Use kzalloc() in fbcon_prepare_logo() 9p/xen: check logical size for buffer size net: usb: qmi_wwan: add u-blox 0x1342 composition xen/netback: Ensure protocol headers don't fall in the non-linear area xen/netback: do some code cleanup xen/netback: don't call kfree_skb() with interrupts disabled rcutorture: Automatically create initrd directory media: v4l2-dv-timings.c: fix too strict blanking sanity checks memcg: fix possible use-after-free in memcg_write_event_control() KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field HID: hid-lg4ff: Add check for empty lbuf HID: core: fix shift-out-of-bounds in hid_report_raw_event ieee802154: cc2520: Fix error return code in cc2520_hw_init() ca8210: Fix crash by zero initializing data gpio: amd8111: Fix PCI device reference count leak e1000e: Fix TX dispatch condition igb: Allocate MSI-X vector when testing Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() Bluetooth: Fix not cleanup led when bt_init fails selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() net: encx24j600: Add parentheses to fix precedence net: encx24j600: Fix invalid logic in reading of MISTAT register xen-netfront: Fix NULL sring after live migration net: mvneta: Prevent out of bounds read in mvneta_config_rss() i40e: Fix not setting default xps_cpus after reset i40e: Fix for VF MAC address 0 i40e: Disallow ip4 and ip6 l4_4_bytes NFC: nci: Bounds check struct nfc_target arrays nvme initialize core quirks before calling nvme_init_subsystem net: stmmac: fix "snps,axi-config" node property parsing net: hisilicon: Fix potential use-after-free in hisi_femac_rx() net: hisilicon: Fix potential use-after-free in hix5hd2_rx() tipc: Fix potential OOB in tipc_link_proto_rcv() ethernet: aeroflex: fix potential skb leak in greth_init_rings() xen/netback: fix build warning net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() ipv6: avoid use-after-free in ip6_fragment() net: mvneta: Fix an out of bounds check can: esd_usb: Allow REC and TEC to return to zero Linux 4.19.269 Change-Id: Ie79e55bad6376d2314d44479ef1ec3c546d24030 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Tejun Heo
|
e1ae97624e |
memcg: fix possible use-after-free in memcg_write_event_control()
commit 4a7ba45b1a435e7097ca0f79a847d0949d0eb088 upstream. memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access d_name as long as the specified file is a regular cgroup file. Also, as these cgroup interface files can't be removed before the directory, it's safe to access the parent too. Prior to |
||
|
Suren Baghdasaryan
|
9f6a273d7d |
ANDROID: cgroup: Fix for a partially backported patch
The backports of 0d2b5955b36250a9428c832664f2079cbf723bec upstream commit to 4.14 and 4.19 stable kernels drop changes to cgroup_pressure_*() functions which breaks PSI cgroup file handlers in Android Common Kernels. The partial backport changes cgroup_file_open to allocate struct cgroup_file_ctx and use kernfs_open_file.priv to point to it while skipping the accompanying changes in cgroup_pressure_*(). This leads to cgroup_pressure_*() functions treating kernfs_open_file.priv as a pointer to struct psi_trigger instead of struct cgroup_file_ctx. This partial backport works fine in upstream stable kernels because they are missing PSI feature there, however in Android, PSI is backported in 4.14 and 4.19 kernels and therefore the missing pieces result in PSI feature being broken. Fix this by adding the dropped pieces from the original patch. Link to the original patch: https://lore.kernel.org/r/20211213191833.916632-3-tj@kernel.org/ Link to the 4.19 backport: https://lore.kernel.org/r/20220414110848.311690316@linuxfoundation.org/ Bug: 233410456 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: Ib8858fa85a7a1fb82904cea0c8c903fd900d6316 |
||
|
Lucas Wei
|
9861f5c7bf |
Merge android-4.19-stable (4.19.248) into android-msm-pixel-4.19-lts
Merge 4.19.248 into android-4.19-stable
* UPSTREAM: ext4: verify dir block before splitting it
fs/ext4/namei.c
* UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
* BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled
fs/ext4/sysfs.c
* BACKPORT: ext4: fix no-key deletion for encrypt+casefold
fs/ext4/namei.c
* BACKPORT: ext4: optimize match for casefolded encrypted dirs
fs/ext4/ext4.h
fs/ext4/namei.c
* BACKPORT: ext4: handle casefolding with encryption
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
fs/ext4/sysfs.c
* Revert "ANDROID: ext4: Handle casefolding with encryption"
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/ialloc.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
* Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs"
fs/ext4/ext4.h
fs/ext4/namei.c
* UPSTREAM: Revert "hwmon: Make chip parameter for with_info API mandatory"
drivers/hwmon/hwmon.c
* ANDROID: extcon: fix allocation for edev->bnh
drivers/extcon/extcon.c
* Revert "drm: fix EDID struct for old ARM OABI format"
include/drm/drm_edid.h
* Revert "mailbox: forward the hrtimer if not queued and under a lock"
drivers/mailbox/mailbox.c
include/linux/mailbox_controller.h
* Revert "ALSA: jack: Access input_dev under mutex"
include/sound/jack.h
sound/core/jack.c
* Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
fs/ext4/namei.c
* Revert "ext4: verify dir block before splitting it"
fs/ext4/namei.c
Linux 4.19.248
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
* x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Jasper Lake to Intel family
* cpu/speculation: Add prototype for cpu_show_srbds()
include/linux/cpu.h
x86/cpu: Add Elkhart Lake to Intel family
Merge 4.19.247 into android-4.19-stable
Linux 4.19.247
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
net/ipv4/tcp_input.c
* mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
include/linux/mtd/cfi.h
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
md/raid0: Ignore RAID0 layout if the second zone has only one device
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
ixgbe: fix bcast packets Rx on VF after promisc removal
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
mmc: block: Fix CQE recovery reset success
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
* nodemask: Fix return values to be unsigned
include/linux/nodemask.h
lib/nodemask.c
nbd: fix io hung while disconnecting device
nbd: fix race between nbd_alloc_config() and module removal
nbd: call genl_unregister_family() first in nbd_cleanup()
* modpost: fix undefined behavior of is_arm_mapping_symbol()
scripts/mod/modpost.c
drm/radeon: fix a possible null pointer dereference
ceph: allow ceph.dir.rctime xattr to be updatable
* Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
md: protect md_unregister_thread from reentrancy
* kernfs: Separate kernfs_pr_cont_buf and rename_lock.
fs/kernfs/dir.c
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
* extcon: Modify extcon device to be created after driver data is set
drivers/extcon/extcon.c
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
* USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers/usb/core/hcd-pci.c
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
drm: imx: fix compiler warning with gcc-12
net: altera: Fix refcount leak in altera_tse_mdio_create
ip_gre: test csum_start instead of transport header
net/mlx5: Rearm the FW tracer after each tracer event
net: ipv6: unexport __init-annotated seg6_hmac_init()
* net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net/ipv4/xfrm4_protocol.c
* net: mdio: unexport __init-annotated mdio_bus_init()
drivers/net/phy/mdio_bus.c
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
* bpf, arm64: Clear prog->jited_len along prog->jited
arch/arm64/net/bpf_jit_comp.c
* af_unix: Fix a data-race in unix_dgram_peer_wake_me().
net/unix/af_unix.c
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
xprtrdma: treat all calls not a bcall when bc_serv is NULL
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
NFSv4: Don't hold the layoutget locks across multiple RPC calls
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
* tracing: Avoid adding tracer option before update_tracer_options
kernel/trace/trace.c
* tracing: Fix sleeping function called from invalid context on RT kernel
kernel/trace/trace.c
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
* tipc: check attribute length for bearer name
net/tipc/bearer.c
afs: Fix infinite loop found by xfstest generic/676
* tcp: tcp_rtx_synack() can be called from process context
net/ipv4/tcp_output.c
net/mlx5e: Update netdev features after changing XDP state
nfp: only report pause frame configuration for physical device
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
jffs2: fix memory leak in jffs2_do_fill_super
* modpost: fix removing numeric suffixes
scripts/mod/modpost.c
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
bus: ti-sysc: Fix warnings for unbind for serial
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: stm32-usart: Correct CSIZE, bits, and parity
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
clocksource/drivers/riscv: Events are stopped during CPU suspend
soc: rockchip: Fix refcount leak in rockchip_grf_init
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
iio: adc: sc27xx: fix read big scale voltage not right
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
usb: musb: Fix missing of_node_put() in omap2430_probe
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
tty: goldfish: Use tty_port_destroy() to destroy port
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
phy: qcom-qmp: fix reset-controller leak on probe errors
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
phy: qcom-qmp: fix struct clk leak on probe errors
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
* ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
sound/soc/codecs/rt5514.c
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
* nodemask.h: fix compilation error with GCC12
include/linux/nodemask.h
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
media: coda: Add more H264 levels for CODA960
media: coda: Fix reported H264 profile
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
* scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drivers/scsi/ufs/ufs-qcom.c
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
PCI: qcom: Fix unbalanced PHY init on probe errors
PCI: qcom: Fix runtime PM imbalance on probe errors
* PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
drivers/pci/pci.c
tracing: Fix potential double free in create_var_ref()
* ext4: avoid cycles in directory h-tree
fs/ext4/namei.c
* ext4: verify dir block before splitting it
fs/ext4/namei.c
* ext4: fix bug_on in ext4_writepages
fs/ext4/inline.c
* ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
netfilter: nf_tables: disallow non-stateful expression in sets earlier
* fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
fs/fs-writeback.c
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
* f2fs: fix deadloop in foreground GC
fs/f2fs/segment.h
perf jevents: Fix event syntax error caused by ExtSel
perf c2c: Use stdio interface if slang is not supported
iommu/amd: Increase timeout waiting for GA log enablement
dmaengine: stm32-mdma: remove GISR1 register
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
i2c: at91: Initialize dma_buf in at91_twi_xfer()
i2c: at91: use dma safe buffers
iommu/mediatek: Add list_del in mtk_iommu_remove
* f2fs: fix dereference of stale list iterator after loop body
fs/f2fs/segment.c
RDMA/hfi1: Prevent use of lock before it is initialized
* mailbox: forward the hrtimer if not queued and under a lock
drivers/mailbox/mailbox.c
include/linux/mailbox_controller.h
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
powerpc/perf: Fix the threshold compare group constraint for power9
Input: sparcspkr - fix refcount leak in bbc_beep_probe
* tty: fix deadlock caused by calling printk() under tty_port->lock
drivers/tty/tty_buffer.c
* proc: fix dentry/inode overinstantiating under /proc/${pid}/net
fs/proc/generic.c
fs/proc/proc_net.c
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
dax: fix cache flush on PMD-mapped pages
drivers/base/node.c: fix compaction sysfs file leak
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
* scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
include/scsi/libfcoe.h
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
crypto: marvell/cesa - ECB does not IV
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
PCI: rockchip: Fix find_first_zero_bit() limit
PCI: cadence: Fix find_first_zero_bit() limit
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
* soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
drivers/soc/qcom/smp2p.c
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
* ext4: reject the 'commit' option on ext2 filesystems
fs/ext4/super.c
* sctp: read sk->sk_bound_dev_if once in sctp_rcv()
net/sctp/input.c
m68k: math-emu: Fix dependencies of math emulation support
* Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
net/bluetooth/sco.c
media: vsp1: Fix offset calculation for plane cropping
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: st-delta: Fix PM disable depth imbalance in delta_probe
scripts/faddr2line: Fix overlapping text section failures
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
perf/amd/ibs: Use interrupt regs ip for stack unwinding
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86: Fix return value of __setup handlers
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
* x86/speculation: Add missing prototype for unpriv_ebpf_notify()
include/linux/bpf.h
x86/pm: Fix false positive kmemleak report in msr_build_context()
* scsi: ufs: core: Exclude UECxx from SFR dump list
drivers/scsi/ufs/ufshcd.c
of: overlay: do not break notify on NOTIFY_{OK|STOP}
* fsnotify: fix wrong lockdep annotations
fs/notify/mark.c
* inotify: show inotify mask flags in proc fdinfo
fs/notify/fdinfo.c
fs/notify/inotify/inotify.h
fs/notify/inotify/inotify_user.c
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: elan: Fix potential double free in elan_input_configured
HID: hid-led: fix maximum brightness for Dream Cheeky
* efi: Add missing prototype for efi_capsule_setup_info
include/linux/efi.h
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
* nl80211: show SSID for P2P_GO interfaces
net/wireless/nl80211.c
drm/vc4: txp: Force alpha to be 0xff if it's disabled
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm/bridge: adv7511: clean up CEC adapter when probe fails
* drm/edid: fix invalid EDID extension block filtering
drivers/gpu/drm/drm_edid.c
ath9k: fix ar9003_get_eepmisc
* drm: fix EDID struct for old ARM OABI format
include/drm/drm_edid.h
RDMA/hfi1: Prevent panic when SDMA is disabled
* macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
drivers/macintosh/Kconfig
drivers/macintosh/Makefile
powerpc/xics: fix refcount leak in icp_opal_init()
* tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
include/trace/events/vmscan.h
* PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
drivers/pci/pci.c
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
* fat: add ratelimit to fat*_ent_bread()
fs/fat/fatent.c
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
PM / devfreq: rk3399_dmc: Disable edev on remove()
ARM: dts: ox820: align interrupt controller node name with dtschema
* eth: tg3: silence the GCC 12 array-bounds warning
drivers/net/ethernet/broadcom/Makefile
rxrpc: Return an error to sendmsg if call failed
* hwmon: Make chip parameter for with_info API mandatory
drivers/hwmon/hwmon.c
media: exynos4-is: Fix compile warning
net: phy: micrel: Allow probing without .driver_data
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
media: cec-adap.c: fix is_configuring state
rtlwifi: Use pr_warn instead of WARN_ONCE
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
mlxsw: spectrum_dcb: Do not warn about priority changes
* ASoC: dapm: Don't fold register value changes into notifications
sound/soc/soc-dapm.c
* ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/ipv6/addrconf.c
drm/amd/pm: fix the compile warning
* drm/plane: Move range check for format_count earlier
drivers/gpu/drm/drm_plane.c
scsi: megaraid: Fix error check return value of register_chrdev()
md/bitmap: don't set sb values if can't pass sanity check
media: cx25821: Fix the warning when removing the module
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: venus: hfi: avoid null dereference in deinit
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
* ALSA: jack: Access input_dev under mutex
include/sound/jack.h
sound/core/jack.c
ACPICA: Avoid cache flush inside virtual machines
fbcon: Consistently protect deferred_takeover with console_lock()
* ipv6: fix locking issues with loops over idev->addr_list
include/net/if_inet6.h
net/ipv6/addrconf.c
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: repair super block num_devices automatically
btrfs: add "0x" prefix for unsupported optional features
* ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
kernel/ptrace.c
* ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
include/linux/ptrace.h
* USB: new quirk for Dell Gen 2 devices
drivers/usb/core/quirks.c
USB: serial: option: add Quectel BG95 modem
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
* BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
include/linux/psi.h
include/linux/psi_types.h
kernel/cgroup/cgroup.c
kernel/sched/psi.c
* FROMGIT: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
Merge 4.19.246 into android-4.19-stable
Linux 4.19.246
* bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
net/core/filter.c
NFSD: Fix possible sleep during nfsd4_release_lockowner()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
* HID: multitouch: Add support for Google Whiskers Touchpad
drivers/hid/hid-multitouch.c
* dm verity: set DM_TARGET_IMMUTABLE feature flag
drivers/md/dm-verity-target.c
* dm stats: add cond_resched when looping over entries
drivers/md/dm-stats.c
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
* zsmalloc: fix races between asynchronous zspage free and page migration
mm/zsmalloc.c
* netfilter: conntrack: re-fetch conntrack after insertion
include/net/netfilter/nf_conntrack_core.h
* exec: Force single empty string when argv is empty
fs/exec.c
* block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
block/bio.c
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
perf tests bp_account: Make global variable static
perf bench: Share some global variables to fix build with gcc 10
libtraceevent: Fix build with binutils 2.35
* cfg80211: set custom regdomain after wiphy registration
net/wireless/core.c
net/wireless/reg.c
* assoc_array: Fix BUG_ON during garbage collect
lib/assoc_array.c
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
* net: af_key: check encryption module availability consistency
net/key/af_key.c
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
* secure_seq: use the 64 bits of the siphash for port offset calculation
include/net/inet_hashtables.h
include/net/secure_seq.h
net/core/secure_seq.c
net/ipv4/inet_hashtables.c
net/ipv6/inet6_hashtables.c
* tcp: change source port randomizarion at connect() time
net/ipv4/inet_hashtables.c
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
Bug: 237729727
Change-Id: I56a64d00c29e30a27ccd47323103f846dc3c002e
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
8effcf185b |
Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
b8c975143a |
Merge 4.19.253 into android-4.19-stable
Changes in 4.19.253 ALSA: hda - Add fixup for Dell Latitidue E5430 ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue tracing/histograms: Fix memory leak problem net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer ARM: 9213/1: Print message about disabled Spectre workarounds only once ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction cgroup: Use separate src/dst nodes when preloading css_sets for migration nilfs2: fix incorrect masking of permission flags for symlinks ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle ASoC: sgtl5000: Fix noise on shutdown/remove inetpeer: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. cipso: Fix data-races around sysctl. icmp: Fix data-races around sysctl. ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero icmp: Fix a data-race around sysctl_icmp_ratelimit. icmp: Fix a data-race around sysctl_icmp_ratemask. ipv4: Fix data-races around sysctl_ip_dynaddr. sfc: fix use after free when disabling sriov seg6: fix skb checksum evaluation in SRH encapsulation/insertion seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors seg6: bpf: fix skb checksum in bpf_push_seg6_encap() sfc: fix kernel panic when creating VF virtio_mmio: Add missing PM calls to freeze/restore virtio_mmio: Restore guest page size on resume netfilter: br_netfilter: do not skip all hooks with 0 priority cpufreq: pmac32-cpufreq: Fix refcount leak bug platform/x86: hp-wmi: Ignore Sanitization Mode event net: tipc: fix possible refcount leak in tipc_sk_create() NFC: nxp-nci: don't print header length mismatch on i2c error net: sfp: fix memory leak in sfp_probe() ASoC: ops: Fix off by one in range control validation ASoC: wm5110: Fix DRE control irqchip: or1k-pic: Undefine mask_ack for level triggered hardware x86: Clear .brk area at early boot ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 signal handling: don't use BUG_ON() for debugging USB: serial: ftdi_sio: add Belimo device ids usb: typec: add missing uevent when partner support PD usb: dwc3: gadget: Fix event pending check tty: serial: samsung_tty: set dma burst_size to 1 serial: 8250: fix return error code in serial8250_request_std_resource() serial: stm32: Clear prev values before setting RTS delays serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle can: m_can: m_can_tx_handler(): fix use after free of skb Linux 4.19.253 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia4eb1233ba3feb878fe7235a111408298cf3eab4 |
||
|
Tejun Heo
|
cec2bbdcc1 |
cgroup: Use separate src/dst nodes when preloading css_sets for migration
commit 07fd5b6cdf3cc30bfde8fe0f644771688be04447 upstream.
Each cset (css_set) is pinned by its tasks. When we're moving tasks around
across csets for a migration, we need to hold the source and destination
csets to ensure that they don't go away while we're moving tasks about. This
is done by linking cset->mg_preload_node on either the
mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the
same cset->mg_preload_node for both the src and dst lists was deemed okay as
a cset can't be both the source and destination at the same time.
Unfortunately, this overloading becomes problematic when multiple tasks are
involved in a migration and some of them are identity noop migrations while
others are actually moving across cgroups. For example, this can happen with
the following sequence on cgroup1:
#1> mkdir -p /sys/fs/cgroup/misc/a/b
#2> echo $$ > /sys/fs/cgroup/misc/a/cgroup.procs
#3> RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS &
#4> PID=$!
#5> echo $PID > /sys/fs/cgroup/misc/a/b/tasks
#6> echo $PID > /sys/fs/cgroup/misc/a/cgroup.procs
the process including the group leader back into a. In this final migration,
non-leader threads would be doing identity migration while the group leader
is doing an actual one.
After #3, let's say the whole process was in cset A, and that after #4, the
leader moves to cset B. Then, during #6, the following happens:
1. cgroup_migrate_add_src() is called on B for the leader.
2. cgroup_migrate_add_src() is called on A for the other threads.
3. cgroup_migrate_prepare_dst() is called. It scans the src list.
4. It notices that B wants to migrate to A, so it tries to A to the dst
list but realizes that its ->mg_preload_node is already busy.
5. and then it notices A wants to migrate to A as it's an identity
migration, it culls it by list_del_init()'ing its ->mg_preload_node and
putting references accordingly.
6. The rest of migration takes place with B on the src list but nothing on
the dst list.
This means that A isn't held while migration is in progress. If all tasks
leave A before the migration finishes and the incoming task pins it, the
cset will be destroyed leading to use-after-free.
This is caused by overloading cset->mg_preload_node for both src and dst
preload lists. We wanted to exclude the cset from the src list but ended up
inadvertently excluding it from the dst list too.
This patch fixes the issue by separating out cset->mg_preload_node into
->mg_src_preload_node and ->mg_dst_preload_node, so that the src and dst
preloadings don't interfere with each other.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reported-by: shisiyuan <shisiyuan19870131@gmail.com>
Link: http://lkml.kernel.org/r/1654187688-27411-1-git-send-email-shisiyuan@xiaomi.com
Link: https://www.spinics.net/lists/cgroups/msg33313.html
Fixes:
|
||
|
Suren Baghdasaryan
|
a8de508bc7 |
ANDROID: cgroup: Fix for a partially backported patch
The backports of 0d2b5955b36250a9428c832664f2079cbf723bec upstream commit to 4.14 and 4.19 stable kernels drop changes to cgroup_pressure_*() functions which breaks PSI cgroup file handlers in Android Common Kernels. The partial backport changes cgroup_file_open to allocate struct cgroup_file_ctx and use kernfs_open_file.priv to point to it while skipping the accompanying changes in cgroup_pressure_*(). This leads to cgroup_pressure_*() functions treating kernfs_open_file.priv as a pointer to struct psi_trigger instead of struct cgroup_file_ctx. This partial backport works fine in upstream stable kernels because they are missing PSI feature there, however in Android, PSI is backported in 4.14 and 4.19 kernels and therefore the missing pieces result in PSI feature being broken. Fix this by adding the dropped pieces from the original patch. Link to the original patch: https://lore.kernel.org/r/20211213191833.916632-3-tj@kernel.org/ Link to the 4.19 backport: https://lore.kernel.org/r/20220414110848.311690316@linuxfoundation.org/ Bug: 233410456 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: Ib8858fa85a7a1fb82904cea0c8c903fd900d6316 |