bka
382 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
bengris32
|
2162cb9481 |
Merge branch 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip into lineage-22.1
* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip: CIP: Bump version suffix to -cip120 after merge from cip/linux-4.19.y-st tree Update localversion-st, tree is up-to-date with 5.4.292. net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy jfs: add index corruption check to DT_GETPAGE() jfs: fix slab-out-of-bounds read in ea_get() tracing: Fix use-after-free in print_graph_function_flags during tracer switching mmc: sdhci-pxav3: set NEED_RSP_BUSY capability x86/tsc: Always save/restore TSC sched_clock() on suspend/resume ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() arcnet: Add NULL check in com20020pci_probe() ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS vsock: avoid timeout during connect() if the socket is closing net_sched: skbprio: Remove overly strict queue assertions netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets ntb: intel: Fix using link status DB's ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans spufs: fix a leak in spufs_create_context() spufs: fix a leak on spufs_new_file() failure hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} sched/deadline: Use online cpus for validating runtime affs: don't write overlarge OFS data block size fields affs: generate OFS sequence numbers starting at 1 wifi: iwlwifi: fw: allocate chained SG tables for dump sched/smt: Always inline sched_smt_active() ring-buffer: Fix bytes_dropped calculation issue objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() fs/procfs: fix the comment above proc_pid_wchan() perf python: Check if there is space to copy all the event perf python: Decrement the refcount of just created event on failure perf python: Fixup description of sample.id event member ocfs2: validate l_tree_depth to avoid out-of-bounds access perf units: Fix insufficient array space iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio coresight: catu: Fix number of pages while using 64k pages isofs: fix KMSAN uninit-value bug in do_isofs_readdir() x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment mfd: sm501: Switch to BIT() to mitigate integer overflows RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow power: supply: max77693: Fix wrong conversion of charge input threshold value x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 IB/mad: Check available slots before posting receive WRs clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent lib: 842: Improve error handling in sw842_compress() clk: amlogic: gxbb: drop incorrect flag on 32k clock fbdev: sm501fb: Add some geometry checks. mdacon: rework dependency list fbdev: au1100fb: Move a variable assignment behind a null pointer check PCI/portdrv: Only disable pciehp interrupts early when needed ALSA: hda/realtek: Always honor no_shutup_pins perf/ring_buffer: Allow the EPOLLRDNORM flag for poll lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() thermal: int340x: Add NULL check for adev EDAC/ie31200: Fix the error path order of ie31200_init() EDAC/ie31200: Fix the DIMM size mask for several SoCs x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() net: usb: usbnet: restore usb%d name exception for local mac addresses net: usb: qmi_wwan: add Telit Cinterion FE990B composition net: usb: qmi_wwan: add Telit Cinterion FN990B composition tty: serial: 8250: Add some more device IDs netfilter: socket: Lookup orig tuple for IPv6 SNAT ARM: 9351/1: fault: Add "cut here" line for prefetch aborts ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() atm: Fix NULL pointer dereference ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() batman-adv: Ignore own maximum aggregation size during RX ARM: shmobile: smp: Enforce shmobile_smp_* alignment mmc: atmel-mci: Add missing clk_disable_unprepare() net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES net: atm: fix use after free in lec_send() Bluetooth: Fix error code in chan_alloc_skb_cb() RDMA/hns: Fix wrong value of max_sge_rd RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path xfrm_output: Force software GSO only in tunnel mode i2c: sis630: Fix an error handling path in sis630_probe() i2c: ali15x3: Fix an error handling path in ali15x3_probe() i2c: ali1535: Fix an error handling path in ali1535_probe() ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() qlcnic: fix memory leak issues in qlcnic_sriov_common.c drm/amd/display: Assign normalized_pix_clk when color depth = 14 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes USB: serial: option: match on interface class for Telit FN990B USB: serial: option: fix Telit Cinterion FE990A name USB: serial: option: add Telit Cinterion FE990B compositions USB: serial: ftdi_sio: add support for Altera USB Blaster 3 block: fix 'kmem_cache of name 'bio-108' already exists' drm/nouveau: Do not override forced connector status x86/irq: Define trace events conditionally nvme: only allow entering LIVE from CONNECTING state sctp: Fix undefined behavior in left shift operation nvmet-rdma: recheck queue state is LIVE in state lock in recv done s390/cio: Fix CHPID "configure" attribute caching HID: ignore non-functional sensor in HP 5MP Camera iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() powercap: call put_device() on an error path in powercap_register_control_type() nvme-fc: go straight to connecting state when initializing net_sched: Prevent creation of classes with TC_H_ROOT ipvs: prevent integer overflow in do_ip_vs_get_ctl() netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() drivers/hv: Replace binary semaphore with mutex netpoll: hold rcu read lock in __netpoll_send_skb() netpoll: netpoll_send_skb() returns transmit status netpoll: move netpoll_send_skb() out of line netpoll: remove dev argument from netpoll_send_skb_on_dev() netpoll: Fix use correct return type for ndo_start_xmit() pinctrl: bcm281xx: Fix incorrect regmap max_registers value sctp: sysctl: auth_enable: avoid using current->nsproxy sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" sched/isolation: Prevent boot crash when the boot CPU is nohz_full CIP: Bump version suffix to -cip119 after merge from cip/linux-4.19.y-st tree watchdog: renesas_wdt: support handover from bootloader Update localversion-st, tree is up-to-date with 5.4.291. gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). gtp: Destroy device along with udp socket's netns dismantle. net: gso: fix ownership in __udp_gso_segment vlan: fix memory leak in vlan_newlink() batman-adv: Drop unmanaged ELP metric worker tee: optee: Fix supplicant wait loop pps: Fix a use-after-free net: rose: lock the socket in rose_bind() btrfs: fix use-after-free when attempting to join an aborted transaction media: lmedm04: Handle errors for lme2510_int_read wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step eeprom: digsy_mtc: Make GPIO lookup table match the device slimbus: messaging: Free transaction ID in delayed interrupt scenario intel_th: pci: Add Panther Lake-P/U support intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Arrow Lake support Squashfs: check the inode number is not the invalid value of zero xhci: pci: Fix indentation in the PCI device ID definitions usb: gadget: Check bmAttributes only if configuration is valid usb: gadget: Fix setting self-powered state on suspend usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality usb: typec: ucsi: increase timeout for PPM reset operations usb: atm: cxacru: fix a flaw in existing endpoint checks usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader usb: renesas_usbhs: Use devm_usb_get_phy() Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" net: ipv6: fix missing dst ref drop in ila lwtunnel net: ipv6: fix dst ref loop in ila lwtunnel net-timestamp: support TCP GSO case for a few missing flags vlan: enforce underlying device type ppp: Fix KMSAN uninit-value warning with bpf be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() llc: do not use skb_get() before dev_queue_xmit() hwmon: (ad7314) Validate leading zero bits and return error hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table hwmon: (pmbus) Initialise page count in pmbus_identify() caif_virtio: fix wrong pointer check in cfv_probe() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() mm/page_alloc: fix uninitialized variable rapidio: fix an API misues when rio_add_net() fails rapidio: add check for rio_add_net() in rio_scan_alloc_net() wifi: nl80211: reject cooked mode if it is set along with other flags wifi: cfg80211: regulatory: improve invalid hints checking x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cacheinfo: Validate CPUID leaf 0x2 EDX output platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M ALSA: hda/realtek: update ALC222 depop optimize ALSA: hda: intel: Add Dell ALC3271 to power_save denylist HID: appleir: Fix potential NULL dereference at raw event handle Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" drm/amdgpu: disable BAR resize on Dell G5 SE drm/amdgpu: Check extended configuration space register when system uses large bar drm/amdgpu: skip BAR resizing if the bios already did it acct: perform last write from workqueue kernel/acct.c: use dedicated helper to access rlimit values kernel/acct.c: use #elif instead of #end and #elif pfifo_tail_enqueue: Drop new packet when sch->limit == 0 sched/core: Prevent rescheduling when interrupts are disabled phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk usbnet: gl620a: fix endpoint checking in genelink_bind() perf/core: Fix low freq setting via IOC_PERIOD ftrace: Avoid potential division by zero in function_stat_show() x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems ipvs: Always clear ipvs_property flag in skb_scrub_packet() ASoC: es8328: fix route from DAC to output net: cadence: macb: Synchronize stats calculations sunrpc: suppress warnings for unused procfs functions batman-adv: Ignore neighbor throughput metrics in error case acct: block access to kernel internal filesystems ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() power: supply: da9150-fg: fix potential overflow geneve: Suppress list corruption splat in geneve_destroy_tunnels(). geneve: Fix use-after-free in geneve_find_dev(). powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC ALSA: hda/realtek - Add type for ALC287 powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/64s/mm: Move __real_pte stubs into hash-4k.h USB: gadget: f_midi: f_midi_complete to call queue_work usb/gadget: f_midi: Replace tasklet with work usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API usb: dwc3: Fix timeout issue during controller enter/exit from halt state mm: update mark_victim tracepoints fields crypto: testmgr - some more fixes to RSA test vectors crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - fix version number of RSA tests crypto: testmgr - Fix wrong test case of RSA crypto: testmgr - fix wrong key length for pkcs1pad driver core: bus: Fix double free in driver API bus_register() scsi: storvsc: Set correct data length for sending SCSI command without payload vlan: move dev_put into vlan_dev_uninit vlan: introduce vlan_dev_free_egress_priority Revert "btrfs: avoid monopolizing a core when activating a swap file" parport_pc: add support for ASIX AX99100 can: ems_pci: move ASIX AX99100 ids to pci_ids.h nilfs2: protect access to buffers with no active references nilfs2: do not force clear folio if buffer is referenced nilfs2: do not output warnings when clearing dirty buffers alpha: replace hardcoded stack offsets with autogenerated ones ndisc: extend RCU protection in ndisc_send_skb() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() arp: use RCU protection in arp_xmit() neighbour: use RCU protection in __neigh_notify() neighbour: delete redundant judgment statements ndisc: use RCU protection in ndisc_alloc_skb() ipv6: use RCU protection in ip6_default_advmss() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in rt_is_expired() net: add dev_net_rcu() helper net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() partitions: mac: fix handling of bogus partition table gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock alpha: align stack for page fault and user unaligned trap handlers alpha: make stack 16-byte aligned (most cases) can: c_can: fix unbalanced runtime PM disable in error path USB: serial: option: drop MeiG Smart defines USB: serial: option: fix Telit Cinterion FN990A name USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: add MeiG Smart SLM828 usb: cdc-acm: Fix handling of oversized fragments usb: cdc-acm: Check control transfer buffer size before access USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk USB: hub: Ignore non-compliant devices with too many configs or interfaces usb: gadget: f_midi: fix MIDI Streaming descriptor lengths USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI usb: dwc2: gadget: remove of_node reference upon udc_stop usb: gadget: udc: renesas_usb3: Fix compiler warning usb: roles: set switch registered flag early on batman-adv: fix panic during interface removal ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V orangefs: fix a oob in orangefs_debug_write Grab mm lock before grabbing pt lock vfio/pci: Enable iowrite64 and ioread64 for vfio pci media: cxd2841er: fix 64-bit division on gcc-9 xen: remove a confusing comment on auto-translated guest I/O gpio: bcm-kona: Add missing newline to dev_err format string gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array team: better TEAM_OPTION_TYPE_STRING validation vrf: use RCU protection in l3mdev_l3_out() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() HID: multitouch: Add NULL check in mt_input_configured ocfs2: check dir i_size in ocfs2_find_entry MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static ptp: Ensure info->enable callback is always set mtd: onenand: Fix uninitialized retlen in do_otp_read() NFC: nci: Add bounds checking in nci_hci_create_pipe() nilfs2: fix possible int overflows in nilfs_fiemap() ocfs2: handle a symlink read error correctly ocfs2: fix incorrect CPU endianness conversion causing mount failure nvmem: core: improve range check for nvmem_cell_write() crypto: qce - fix goto jump in error path media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: ov5640: fix get_light_freq on auto soc: qcom: smem_state: fix missing of_node_put in error path powerpc/pseries/eeh: Fix get PE state translation serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use serial: sh-sci: Drop __initdata macro for port_cfg usb: gadget: f_tcm: Don't prepare BOT write request twice usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: Translate error to sense wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() HID: hid-sensor-hub: don't use stale platform-data on remove of: reserved-memory: Fix using wrong number of cells to get property 'alignment' of: Fix of_find_node_opts_by_path() handling of alias+path+options of: Correct child specifier used as input of the 2nd nexus node clk: qcom: clk-alpha-pll: fix alpha mode configuration Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc KVM: s390: vsie: fix some corner-cases when grabbing vsie pages KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma binfmt_flat: Fix integer overflow bug on 32 bit systems m68k: vga: Fix I/O defines s390/futex: Fix FUTEX_OP_ANDN implementation leds: lp8860: Write full EEPROM, not only half of it cpufreq: s3c64xx: Fix compilation warning tun: revert fix group permission check netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() udp: gso: do not drop small packets when PMTU reduces tg3: Disable tg3 PCIe AER on system reboot firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry nvme: handle connectivity loss in nvme_set_queue_count usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Add timeout argument in address_device USB HCD callback media: uvcvideo: Remove dangling pointers media: uvcvideo: Only save async fh if success nilfs2: handle errors that nilfs_prepare_chunk() may return nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link x86/mm: Don't disable PCID when INVLPG has been fixed by microcode HID: Wacom: Add PCI Wacom device support mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() mmc: core: Respect quirk_max_rate for non-UHS SDIO card tun: fix group permission check printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX sched: Don't try to catch up excess steal time. btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling btrfs: output the reason for open_ctree() failure usb: gadget: f_tcm: Don't free command immediately media: uvcvideo: Fix double free in error path usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE drivers/card_reader/rtsx_usb: Restore interrupt based detection ktest.pl: Check kernelrelease return in get_version NFSD: Reset cb_seq_status after NFS4ERR_DELAY hexagon: Fix unbalanced spinlock in die() hexagon: fix using plain integer as NULL pointer warning in cmpxchg genksyms: fix memory leak when the same symbol is read from *.symref file genksyms: fix memory leak when the same symbol is added from source net: sh_eth: Fix missing rtnl lock in suspend/resume path vsock: Allow retrying on connect() failure net: davicom: fix UAF in dm9000_drv_remove net: rose: fix timer races against user threads PM: hibernate: Add error handling for syscore_suspend() net: fec: implement TSO descriptor cleanup ubifs: skip dumping tnc tree when zroot is null dmaengine: ti: edma: fix OF node reference leaks in edma_driver module: Extend the preempt disabled section in dereference_symbol_descriptor(). ocfs2: mark dquot as inactive if failed to start trans while releasing dquot scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 media: camif-core: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() media: rc: iguanair: handle timeouts fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() ARM: dts: mediatek: mt7623: fix IR nodename arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property rdma/cxgb4: Prevent potential integer overflow on 32bit RDMA/mlx4: Avoid false error about access to uninitialized gids array perf report: Fix misleading help message about --demangle perf top: Don't complain about lack of vmlinux when not resolving some kernel samples padata: fix sysfs store callback check ktest.pl: Remove unused declarations in run_bisect_test function net: sched: Disallow replacing of child qdisc from one parent to another net/mlxfw: Drop hard coded max FW flash image size selftests: harness: fix printing of mismatch values in __EXPECT() selftests/harness: Display signed values correctly wifi: wlcore: fix unbalanced pm_runtime calls regulator: of: Implement the unwind path of of_regulator_match() team: prevent adding a device which is already a team device lower cpupower: fix TSC MHz calculation wifi: rtlwifi: pci: wait for firmware loading before releasing memory wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: remove unused dualmac control leftovers rtlwifi: replace usage of found with dedicated list iterator variable wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: do not complete firmware loading needlessly drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table drm/etnaviv: Fix page property being used for non writecombine buffers afs: Fix directory format encoding struct overflow: Allow mixed type arguments overflow: Correct check_shl_overflow() comment overflow: Add __must_check attribute to check_*() helpers udf: Fix use of check_add_overflow() with mixed type arguments Change-Id: Ia7c26633509cfe8ec59d7dd0d6efd602629c87f4 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Feng Yang
|
13893aedf2 |
ring-buffer: Fix bytes_dropped calculation issue
[ Upstream commit c73f0b69648501978e8b3e8fa7eef7f4197d0481 ]
The calculation of bytes-dropped and bytes_dropped_nested is reversed.
Although it does not affect the final calculation of total_dropped,
it should still be modified.
Link: https://lore.kernel.org/20250223070106.6781-1-yangfeng59949@163.com
Fixes:
|
||
|
bengris32
|
cfe5bfae8c |
Merge tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-10-01 * tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.322 Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" netns: restore ops before calling ops_exit_list cx82310_eth: fix error return code in cx82310_bind() net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket rtmutex: Drop rt_mutex::wait_lock before scheduling drm/i915/fence: Mark debug_fence_free() with __maybe_unused drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused ACPI: processor: Fix memory leaks in error paths of processor_add() ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ila: call nf_unregister_net_hooks() sooner netns: add pre_exit method to struct pernet_operations nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: replace snprintf in show functions with sysfs_emit tracing: Avoid possible softlockup in tracing_iter_reset() ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() uprobes: Use kzalloc to allocate xol area clocksource/drivers/imx-tpm: Fix next event not taking effect sometime clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc iio: fix scale application in iio_convert_raw_to_processed_unlocked iio: buffer-dmaengine: fix releasing dma channel on error ata: pata_macio: Use WARN instead of BUG of/irq: Prevent device address out-of-bounds read in interrupt map walk Squashfs: sanity check symbolic link size usbnet: ipheth: race between ipheth_close and error handling Input: uinput - reject requests with unreasonable number of slots HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() PCI: Add missing bridge lock to pci_bus_lock() btrfs: clean up our handling of refs == 0 in snapshot delete btrfs: replace BUG_ON with ASSERT in walk_down_proc() smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() hwmon: (w83627ehf) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (adc128d818) Fix underflows seen when writing limit attributes pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv devres: Initialize an uninitialized struct member um: line: always fill *error_out in setup_one_line() cgroup: Protect css->cgroup write under css_set_lock iommu/vt-d: Handle volatile descriptor status read net: dsa: vsc73xx: fix possible subblocks range of CAPT block net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN net: bridge: fdb: convert added_by_external_learn to use bitops net: bridge: fdb: convert added_by_user to bitops net: bridge: fdb: convert is_sticky to bitops net: bridge: fdb: convert is_static to bitops net: bridge: fdb: convert is_local to bitops bridge: switchdev: Allow clearing FDB entry offload indication net: bridge: add support for sticky fdb entries rfkill: fix spelling mistake contidion to condition usbnet: modern method to get random MAC net: usb: don't write directly to netdev->dev_addr drivers/net/usb: Remove all strcpy() uses cx82310_eth: re-enable ethernet mode after router reboot platform/x86: dell-smbios: Fix error path in dell_smbios_init() igb: Fix not clearing TimeSync interrupts for 82580 can: bcm: Remove proc entry when dev is unregistered. pcmcia: Use resource_size function on resource object media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 udf: Avoid excessive partition lengths netfilter: nf_conncount: fix wrong variable type af_unix: Remove put_pid()/put_cred() in copy_peercred(). irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 smack: unix sockets: fix accept()ed socket label ALSA: hda: Add input value sanity checks to HDMI channel map controls nilfs2: fix state management in error path of log writing function nilfs2: fix missing cleanup on rollforward recovery error clk: qcom: clk-alpha-pll: Fix the pll post div mask fuse: use unsigned type for getxattr/listxattr size truncation mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K ata: libata: Fix memory leak for error path in ata_host_alloc() ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices sch/netem: fix use after free in netem_dequeue ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check ALSA: usb-audio: Sanity checks for each pipe and EP types udf: Limit file size to 4TB virtio_net: Fix napi_skb_cache_put warning block: initialize integrity buffer to zero before writing it to media media: uvcvideo: Enforce alignment of frame and interval smack: tcp: ipv4, fix incorrect labeling usbip: Don't submit special requests twice apparmor: fix possible NULL pointer dereference drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device drm/amdgpu: fix mc_data out-of-bounds read warning drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix overflowed array index read warning drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr usb: dwc3: st: add missing depopulate in probe error path usb: dwc3: st: Add of_node_put() before return in probe function net: usb: qmi_wwan: add MeiG Smart SRM825L BACKPORT: f2fs: fix to handle segment allocation failure correctly BACKPORT: f2fs: stop checkpoint when get a out-of-bounds segment Change-Id: I84f0eb875b2be21a380550b54cee41eeee3a1ed6 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Steven Rostedt (VMware)
|
ac8ffa21dd |
ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance()
[ Upstream commit bc1a72afdc4a91844928831cac85731566e03bc6 ] When the ring buffer was first created, the iterator followed the normal producer/consumer operations where it had both a peek() operation, that just returned the event at the current location, and a read(), that would return the event at the current location and also increment the iterator such that the next peek() or read() will return the next event. The only use of the ring_buffer_read() is currently to move the iterator to the next location and nothing now actually reads the event it returns. Rename this function to its actual use case to ring_buffer_iter_advance(), which also adds the "iter" part to the name, which is more meaningful. As the timestamp returned by ring_buffer_read() was never used, there's no reason that this new version should bother having returning it. It will also become a void function. Link: http://lkml.kernel.org/r/20200317213416.018928618@goodmis.org Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Stable-dep-of: 49aa8a1f4d68 ("tracing: Avoid possible softlockup in tracing_iter_reset()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
bengris32
|
425dddb2d1 |
Merge tag 'ASB-2024-07-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-07-01 CVE-2024-26923 * tag 'ASB-2024-07-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.317 arm64: dts: rockchip: Add sound-dai-cells for RK3368 tcp: Fix data races around icsk->icsk_af_ops. ipv6: Fix data races around sk->sk_prot. ipv6: annotate some data-races around sk->sk_prot pwm: stm32: Refuse too small period requests ftruncate: pass a signed offset ata: libata-core: Fix double free on error batman-adv: Don't accept TT entries for out-of-spec VIDs drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes hexagon: fix fadvise64_64 calling conventions tty: mcf: MCF54418 has 10 UARTS usb: atm: cxacru: fix endpoint checking in cxacru_bind() usb: musb: da8xx: fix a resource leak in probe() usb: gadget: printer: SS+ support net: usb: ax88179_178a: improve link status logs iio: chemical: bme680: Fix sensor data read operation iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix pressure value output iio: adc: ad7266: Fix variable checking bug mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos x86: stop playing stack games in profile_pc() i2c: ocores: set IACK bit after core is enabled i2c: ocores: stop transfer on timeout gpio: davinci: Validate the obtained number of IRQs nvme: fixup comment for nvme RDMA Provider Type soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message media: dvbdev: Initialize sbuf ALSA: emux: improve patch ioctl data validation net/iucv: Avoid explicit cpumask var allocation on stack drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers ASoC: fsl-asoc-card: set priv->pdev before using it netfilter: nf_tables: validate family when identifying table via handle drm/amdgpu: fix UBSAN warning in kv_dpm.c pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER usb: xhci: do not perform Soft Retry for some xHCI hosts xhci: Set correct transferred length for cancelled bulk transfers xhci: Use soft retry to recover faster from transaction errors scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory scsi: mpt3sas: Gracefully handle online firmware update scsi: mpt3sas: Add ioc_<level> logging macros iio: dac: ad5592r: fix temperature channel scaling value iio: dac: ad5592r: un-indent code-block for scale read iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock x86/amd_nb: Check for invalid SMN reads PCI: Add PCI_ERROR_RESPONSE and related definitions perf/core: Fix missing wakeup when waiting for context reference tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test selftests/ftrace: Fix checkbashisms errors ARM: dts: samsung: smdk4412: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdkv310: fix keypad no-autorepeat gcov: add support for GCC 14 drm/radeon: fix UBSAN warning in kv_dpm.c ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." dmaengine: ioatdma: Fix missing kmem_cache_destroy() regulator: core: Fix modpost error "regulator_get_regmap" undefined net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings virtio_net: checksum offloading handling fix xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ipv6: prevent possible NULL dereference in rt6_probe() netrom: Fix a memory leak in nr_heartbeat_expiry() cipso: fix total option length computation MIPS: Routerboard 532: Fix vendor retry check code MIPS: Octeon: Add PCIe link status check PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports udf: udftime: prevent overflow in udf_disk_stamp_to_time() usb: misc: uss720: check for incompatible versions of the Belkin F5U002 powerpc/io: Avoid clang null pointer arithmetic warnings powerpc/pseries: Enforce hcall result buffer validity and size scsi: qedi: Fix crash while reading debugfs attribute batman-adv: bypass empty buckets in batadv_purge_orig_ref() rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment usb-storage: alauda: Check whether the media is initialized hugetlb_encode.h: fix undefined behaviour (34 << 26) hv_utils: drain the timesync packets on onchannelcallback nilfs2: fix potential kernel bug due to lack of writeback flag waiting intel_th: pci: Add Lunar Lake support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Granite Rapids support dmaengine: axi-dmac: fix possible race in remove() PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id ocfs2: fix races between hole punching and AIO+DIO ocfs2: use coarse time for new created files fs/proc: fix softlockup in __read_vmcore vmci: prevent speculation leaks by sanitizing event in event_deliver() drm/exynos/vidi: fix memory leak in .get_modes() drivers: core: synchronize really_probe() and dev_uevent() net/ipv6: Fix the RT cache flush via sysctl using a previous delay ipv6/route: Add a missing check on proc_dointvec Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ tcp: fix race in tcp_v6_syn_recv_sock() drm/bridge/panel: Fix runtime warning on panel bridge release liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet iommu/amd: Fix sysfs leak in iommu init HID: core: remove unnecessary WARN_ON() in implement() xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Input: try trimming too long modalias strings xhci: Apply broken streams quirk to Etron EJ188 xHCI host xhci: Apply reset resume quirk to Etron EJ188 xHCI host jfs: xattr: fix buffer overflow for invalid xattr mei: me: release irq in mei_me_pci_resume error path USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors nilfs2: return the mapped address from nilfs_get_page() nilfs2: Remove check for PageError selftests/mm: compaction_test: fix bogus test success on Aarch64 selftests/mm: conform test to TAP format output selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages media: mc: mark the media devnode as registered from the, start serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler serial: sc16is7xx: replace hardcoded divisor value with BIT() macro drm/amd/display: Handle Y carry-over in VCP X.Y calculation usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). ptp: Fix error message on failed pin verification tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB vxlan: Fix regression when dropping packets due to invalid src addresses ipv6: sr: block BH in seg6_output_core() and seg6_input_core() wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ANDROID: arm64: Place CFI jump table sections in .text Linux 4.19.316 nfs: fix undefined behavior in nfs_block_bits() s390/ap: Fix crash in AP internal function modify_bitmap() ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() sparc: move struct termio to asm/termios.h net: fix __dst_negative_advice() race kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Merge identical case statements in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix buffer overflow during tab-complete sparc64: Fix number of online CPUs intel_th: pci: Add Meteor Lake-S CPU support net/9p: fix uninit-value in p9_client_rpc() crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode netfilter: nf_tables: discard table flag update with pending basechain deletion netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: do not compare internal table flags on updates netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() netfilter: nf_tables: set dormant flag on hook register failure netfilter: nft_set_rbtree: skip end interval element from gc netfilter: nf_tables: validate NFPROTO_* family netfilter: nf_tables: skip dead set elements in netlink dump netfilter: nf_tables: mark newset as dead on transaction abort netfilter: nft_dynset: relax superfluous check on set updates netfilter: nft_dynset: report EOPNOTSUPP on missing set feature netfilter: nftables: exthdr: fix 4-byte stack OOB write netfilter: nft_dynset: fix timeouts later than 23 days netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19) netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: fix table flag updates netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: double hook unregistration in netns path netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: don't skip expired elements during walk netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nft_set_rbtree: Add missing expired checks netfilter: nft_set_rbtree: allow loose matching of closing element in interval netfilter: nf_tables: drop map element references from preparation phase netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: pass context to nft_set_destroy() fbdev: savage: Handle err return when savagefb_check_var failed media: v4l2-core: hold videodev_lock until dev reg, finishes media: mxl5xx: Move xpt structures off stack arm64: dts: hi3798cv200: fix the size of GICR wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING arm64: tegra: Correct Tegra132 I2C alias ata: pata_legacy: make legacy_exit() work again neighbour: fix unaligned access to pneigh_entry vxlan: Fix regression when dropping packets due to invalid src addresses nilfs2: fix use-after-free of timer for log writer thread mmc: core: Do not force a retune before RPMB switch binder: fix max_thread type inconsistency SUNRPC: Fix loop termination condition in gss_free_in_token_pages() genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline ALSA: timer: Set lower bound of start tick time ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound kconfig: fix comparison to constant symbols, 'm', 'n' net:fec: Add fec_enet_deinit() net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM smsc95xx: use usbnet->driver_priv smsc95xx: remove redundant function arguments enic: Validate length of nl attributes in enic_set_vf_port dma-buf/sw-sync: don't enable IRQ from sync_print_obj() net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion nvmet: fix ns enable/disable possible hang spi: Don't mark message DMA mapped when no transfer in it is netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() nfc: nci: Fix kcov check in nci_rx_work() net: fec: avoid lock evasion when reading pps_enable virtio: delete vq in vp_find_vqs_msix() when request_irq() fails arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY openvswitch: Set the skbuff pkt_type for proper pmtud support. tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). params: lift param_set_uint_minmax to common code ipv6: sr: fix memleak in seg6_hmac_init_algo nfc: nci: Fix uninit-value in nci_rx_work x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() media: cec: cec-api: add locking in cec_release() media: cec: cec-adap: always cancel work in cec_transmit_msg_fh um: Fix the -Wmissing-prototypes warning for __switch_mm powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp media: stk1160: fix bounds checking in stk1160_copy_video() um: Add winch to winch_handlers before registering winch IRQ um: Fix return value in ubd_init() drm/msm/dpu: use kms stored hw mdp block Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Input: ims-pcu - fix printf string overflow libsubcmd: Fix parse-options memory leak serial: sh-sci: protect invalidating RXDMA on shutdown serial: sh-sci: Extract sci_dma_rx_chan_invalidate() f2fs: fix to release node block count in error path of f2fs_new_node_page() f2fs: add error prints for debugging mount failure extcon: max8997: select IRQ_DOMAIN instead of depending on it ppdev: Add an error check in register_device ppdev: Remove usage of the deprecated ida_simple_xx() API stm class: Fix a double free in stm_register_device() usb: gadget: u_audio: Clear uac pointer when freed. microblaze: Remove early printk call from cpuinfo-static.c microblaze: Remove gcc flag for non existing early_printk.c file greybus: arche-ctrl: move device table to its right location serial: max3100: Fix bitwise types serial: max3100: Update uart_driver_registered on driver removal serial: max3100: Lock port->lock when calling uart_handle_cts_change() firmware: dmi-id: add a release callback function dmaengine: idma64: Add check for dma_set_max_seg_size greybus: lights: check return of get_channel_from_mode sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax af_packet: do not call packet_read_pending() from tpacket_destruct_skb() netrom: fix possible dead-lock in nr_rt_ioctl() RDMA/IPoIB: Fix format truncation compilation errors selftests/kcmp: remove unused open mode selftests/kcmp: Make the test output consistent and clear SUNRPC: Fix gss_free_in_token_pages() ext4: avoid excessive credit estimate in ext4_tmpfile() x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map RDMA/hns: Use complete parentheses in macros ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value drm/arm/malidp: fix a possible null pointer dereference fbdev: sh7760fb: allow modular build media: radio-shark2: Avoid led_names truncations media: ngene: Add dvb_ca_en50221_init return value check fbdev: sisfb: hide unused variables powerpc/fsl-soc: hide unused const variable drm/mediatek: Add 0 size check to mtk_drm_gem_obj fbdev: shmobile: fix snprintf truncation mtd: rawnand: hynix: fixed typo drm/amd/display: Fix potential index out of bounds in color transformation function ipv6: sr: fix invalid unregister error path ipv6: sr: fix incorrect unregister order ipv6: sr: add missing seg6_local_exit net: openvswitch: fix overwriting ct original tuple for ICMPv6 net: usb: smsc95xx: stop lying about skb->truesize af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg net: ethernet: cortina: Locking fixes m68k: mac: Fix reboot hang on Mac IIci m68k/mac: Use '030 reset method on SE/30 m68k: Fix spinlock race in kernel thread creation net: usb: sr9700: stop lying about skb->truesize wifi: mwl8k: initialize cmd->addr[] properly scsi: qedf: Ensure the copied buf is NUL terminated scsi: bfa: Ensure the copied buf is NUL terminated Revert "sh: Handle calling csum_partial with misaligned data" sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() wifi: ar5523: enable proper endpoint verification wifi: carl9170: add a proper sanity check for endpoints macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" macintosh/via-macii, macintosh/adb-iop: Clean up whitespace macintosh/via-macii: Remove BUG_ON assertions wifi: ath10k: populate board data for WCN3990 wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() x86/purgatory: Switch to the position-independent small code model scsi: hpsa: Fix allocation size for Scsi_Host private data scsi: libsas: Fix the failure of adding phy with zero-address to port ACPI: disable -Wstringop-truncation irqchip/alpine-msi: Fix off-by-one in allocation error path scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: add a low-level __ufshcd_issue_tm_cmd helper scsi: ufs: cleanup struct utp_task_req_desc scsi: ufs: qcom: Perform read back after writing reset bit qed: avoid truncating work queue length x86/boot: Ignore relocations in .notes sections in walk_relocs() too wifi: ath10k: poll service ready message before failing nfsd: drop st_mutex before calling move_to_close_lru() power: supply: cros_usbpd: provide ID table for avoiding fallback match md: fix resync softlockup when bitmap size is less than array size null_blk: Fix missing mutex_destroy() at module removal jffs2: prevent xattr node from overflowing the eraseblock s390/cio: fix tracepoint subchannel type field crypto: ccp - drop platform ifdef checks crypto: ccp - Remove forward declaration parisc: add missing export of __cmpxchg_u8() nilfs2: fix out-of-range warning ecryptfs: Fix buffer size for tag 66 packet firmware: raspberrypi: Use correct device for DMA mappings crypto: bcm - Fix pointer arithmetic ASoC: da7219-aad: fix usage of device_get_named_child_node() ASoC: dt-bindings: rt5645: add cbj sleeve gpio property ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating drm/amd/display: Set color_mgmt_changed to true on unsuspend net: usb: qmi_wwan: add Telit FN920C04 compositions wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class tty: n_gsm: fix possible out-of-bounds in gsm0_receive() nilfs2: fix potential hang in nilfs_detach_log_writer() nilfs2: fix unexpected freezing of nilfs_segctor_sync() net: smc91x: Fix m68k kernel compilation for ColdFire CPU ring-buffer: Fix a race between readers and resize checks speakup: Fix sizeof() vs ARRAY_SIZE() bug x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Change-Id: Ia8a0522057b7e917a9c165a869bec3a24bb9eb58 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Petr Pavlu
|
b50932ea67 |
ring-buffer: Fix a race between readers and resize checks
commit c2274b908db05529980ec056359fae916939fdaa upstream.
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab792705c
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
.. and then run the following commands on the target system:
echo 1 > /sys/kernel/tracing/events/sched/sched_switch/enable
while true; do
echo 16 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
echo 8 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
done &
while true; do
for i in /sys/kernel/tracing/per_cpu/*; do
timeout 0.1 cat $i/trace_pipe; sleep 0.2
done
done
To fix the problem, make sure ring_buffer_resize() doesn't invoke
rb_check_pages() concurrently with a reader operating on the same
ring_buffer_per_cpu by taking its cpu_buffer->reader_lock.
Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-3-petr.pavlu@suse.com
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
bengris32
|
cb105b6174 |
Merge tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-05-01 CVE-2023-4622 * tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "timers: Rename del_timer_sync() to timer_delete_sync()" Revert "geneve: make sure to pull inner header in geneve_rx()" Linux 4.19.312 amdkfd: use calloc instead of kzalloc to avoid integer overflow initramfs: fix populate_initrd_image() section mismatch ip_gre: do not report erspan version on GRE interface erspan: Check IFLA_GRE_ERSPAN_VER is set. VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Bluetooth: btintel: Fixe build regression x86/mm/pat: fix VM_PAT handling in COW mappings virtio: reenable config if freezing device failed drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc fbmon: prevent division by zero in fb_videomode_from_videomode() fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined tools: iio: replace seekdir() in iio_generic_buffer ktest: force $buildonly = 1 for 'make_warnings_file' test type Input: allocate keycode for Display refresh rate toggle block: prevent division by zero in blk_rq_stat_sum() SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int drm/amd/display: Fix nanosec stat overflow media: sta2x11: fix irq handler cast isofs: handle CDs with bad root inode but good Joliet root directory scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() sysv: don't call sb_bread() with pointers_lock held Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Bluetooth: btintel: Fix null ptr deref in btintel_read_version btrfs: send: handle path ref underflow in header iterate_inode_ref() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() arm64: dts: rockchip: fix rk3399 hdmi ports node VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: ath9k: fix LNA selection in ath_ant_try_scan() ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone ata: sata_mv: Fix PCI device ID table declaration compilation warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw erspan: make sure erspan_base_hdr is present in skb->head erspan: Add type I version 0 support. init: open /initrd.image with O_LARGEFILE initramfs: switch initramfs unpacking to struct file based APIs fs: add a vfs_fchmod helper fs: add a vfs_fchown helper initramfs: factor out a helper to populate the initrd image staging: vc04_services: fix information leak in create_component() staging: vc04_services: changen strncpy() to strscpy_pad() staging: mmal-vchiq: Fix client_component for 64 bit kernel staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Avoid use of bool in structures i40e: fix vf may be used uninitialized in this function warning ipv6: Fix infinite recursion in fib6_dump_done(). selftests: reuseaddr_conflict: add missing new line at the end of the output net: stmmac: fix rx queue priority assignment net/sched: act_skbmod: prevent kernel-infoleak netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." net/rds: fix possible cp null dereference netfilter: nf_tables: disallow timeout for anonymous sets Bluetooth: Fix TOCTOU in HCI debugfs implementation Bluetooth: hci_event: set the conn encrypted before conn establishes r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d tcp: properly terminate timers for kernel sockets mptcp: add sk_stop_timer_sync helper nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet USB: core: Fix deadlock in usb_deauthorize_interface() scsi: lpfc: Correct size for wqe for memset() x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: qla2xxx: Fix command flush on cable pull usb: udc: remove warning when queue disabled ep usb: dwc2: gadget: LPM flow fix usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix remote wakeup from hibernation loop: loop_set_status_from_info() check before assignment loop: Check for overflow while configuring loop loop: Factor out configuring loop from status powerpc: xor_vmx: Add '-mhard-float' to CFLAGS efivarfs: Request at most 512 bytes for variable names perf/core: Fix reentry problem in perf_output_read_group() loop: properly observe rotational flag of underlying device loop: Refactor loop_set_status() size calculation loop: Factor out setting loop device size loop: Remove sector_t truncation checks loop: Call loop_config_discard() only after new config is applied Revert "loop: Check for overflow while configuring loop" btrfs: allocate btrfs_ioctl_defrag_range_args on stack printk: Update @console_may_schedule in console_trylock_spinning() fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs usb: cdc-wdm: close race between read and workqueue exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes mm/migrate: set swap entry values of THP tail pages properly. mm/memory-failure: fix an incorrect use of tail pages vt: fix memory overlapping when deleting chars in the buffer vt: fix unicode buffer corruption when deleting characters tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled usb: port: Don't try to peer unused USB ports based on location usb: gadget: ncm: Fix handling of zero block length packets USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform xfrm: Avoid clang fortify warning in copy_to_user_tmpl() netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag comedi: comedi_test: Prevent timers rescheduling during deletion ahci: asm1064: asm1166: don't limit reported ports ahci: asm1064: correct count of reported ports x86/CPU/AMD: Update the Zenbleed microcode revisions nilfs2: prevent kernel bug at submit_bh_wbc() nilfs2: use a more common logging style nilfs2: fix failure to detect DAT corruption in btree and direct mappings memtest: use {READ,WRITE}_ONCE in memory scanning drm/vc4: hdmi: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() s390/zcrypt: fix reference counting on zcrypt card objects soc: fsl: qbman: Use raw spinlock for cgr_lock soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Always disable interrupts when taking cgr_lock vfio/platform: Disable virqfds on cleanup kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 speakup: Fix 8bit characters from direct synth slimbus: core: Remove usage of the deprecated ida_simple_xx() API ext4: fix corruption during on-line resize hwmon: (amc6821) add of_match table mmc: core: Fix switch on gp3 partition dm-raid: fix lockdep waring in "pers->hot_add_disk" Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" PCI/PM: Drain runtime-idle callbacks before driver removal PCI: Drop pci_device_remove() test of pci_dev->driver fuse: don't unhash root mmc: tmio: avoid concurrent runs of mmc_request_done() PM: sleep: wakeirq: fix wake irq warning in system suspend USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: add device ID for VeriFone adapter USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB powerpc/fsl: Fix mfpmr build errors with newer binutils clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays PM: suspend: Set mem_sleep_current during kernel command line setup parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix ip_fast_csum parisc: Do not hardcode registers in checksum functions ubi: correct the calculation of fastmap size ubi: Check for too small LEB size in VTBL code ubifs: Set page uptodate in the correct place fat: fix uninitialized field in nostale filehandles crypto: qat - resolve race condition during AER recovery crypto: qat - fix double free during reset sparc: vDSO: fix return value of __setup handler sparc64: NMI watchdog: fix return value of __setup handler KVM: Always flush async #PF workqueue when vCPU is being destroyed media: xc4000: Fix atomicity violation in xc4000_get_frequency arm: dts: marvell: Fix maxium->maxim typo in brownstone dts ARM: dts: mmp2-brownstone: Don't redeclare phandle references smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach timers: Rename del_timer_sync() to timer_delete_sync() timers: Use del_timer_sync() even on UP timers: Update kernel-doc for various functions timers: Prepare support for PREEMPT_RT timer/trace: Improve timer tracing timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps x86/bugs: Use sysfs_emit() x86/cpu: Support AMD Automatic IBRS Documentation/hw-vuln: Update spectre doc Linux 4.19.311 crypto: af_alg - Work around empty control messages without MSG_MORE crypto: af_alg - Fix regression on empty requests spi: spi-mt65xx: Fix NULL pointer access in interrupt handler net/bnx2x: Prevent access to a freed page in page_pool hsr: Handle failures in module init rds: introduce acquire/release ordering in acquire/release_in_xmit() hsr: Fix uninit-value access in hsr_get_node() net: hsr: fix placement of logical operator in a multi-line statement usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin staging: greybus: fix get_channel_from_mode() failure path serial: 8250_exar: Don't remove GPIO device on suspend rtc: mt6397: select IRQ_DOMAIN instead of depending on it kconfig: fix infinite loop when expanding a macro at the end of file tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT serial: max310x: fix syntax error in IRQ error message clk: qcom: gdsc: Add support to update GDSC transition delay NFS: Fix an off by one in root_nfs_cat() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn scsi: csiostor: Avoid function pointer casts ALSA: usb-audio: Stop parsing channels bits when all channels are found. sparc32: Fix section mismatch in leon_pci_grpci backlight: lp8788: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: lm3630a: Initialize backlight_properties on init powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip media: go7007: fix a memleak in go7007_load_encoder media: dvb-frontends: avoid stack overflow warnings with clang media: pvrusb2: fix uaf in pvr2_context_set_notify drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs mtd: rawnand: lpc32xx_mlc: fix irq handler prototype crypto: arm/sha - fix function cast warnings crypto: arm - Rename functions to avoid conflict with crypto/sha256.h mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref drm/tegra: put drm_gem_object ref on error in tegra_fb_create clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() PCI: Mark 3ware-9650SE Root Port Extended Tags as broken drm/mediatek: dsi: Fix DSI RGB666 formats and definitions clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface media: pvrusb2: fix pvr2_stream_callback casts media: go7007: add check of return value of go7007_read_addr() ALSA: seq: fix function cast warnings drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() quota: Fix rcu annotations of inode dquot pointers quota: Fix potential NULL pointer dereference quota: simplify drop_dquot_ref() quota: check time limit when back out space/inode change fs/quota: erase unused but set variable warning quota: code cleanup for __dquot_alloc_space() clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: support resetting multiple bits clk: qcom: reset: Allow specifying custom reset delay media: edia: dvbdev: fix a use-after-free media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvbdev: fix error logic at dvb_register_device() media: dvbdev: Fix memleak in dvb_register_device media: media/dvb: Use kmemdup rather than duplicating its implementation media: dvbdev: remove double-unlock media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: v4l2-tpg: fix some memleaks in tpg_alloc media: em28xx: annotate unchecked call to media_device_register() ABI: sysfs-bus-pci-devices-aer_stats uses an invalid tag perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() media: tc358743: register v4l2 async device only after successful setup drm/rockchip: lvds: do not print scary message when probing defer drm/rockchip: lvds: do not overwrite error code drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: inno_hdmi: Fix video timing drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Make use of the helper function dev_err_probe() gpu: host1x: mipi: Update tegra_mipi_request() to be node based drm/tegra: dsi: Add missing check for of_find_device_by_node dm: call the resume method on internal suspend dm raid: fix false positive for requeue needed during reshape nfp: flower: handle acti_netdevs allocation failure net/x25: fix incorrect parameter validation in the x25_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipv6: fib6_rules: flush route cache when rule is changed bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches sr9800: Add check for usbnet_get_endpoints Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: Remove superfluous call to hci_conn_check_pending() igb: Fix missing time sync events igb: move PEROUT and EXTTS isr logic to separate functions mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function SUNRPC: fix some memleaks in gssx_dec_option_array x86, relocs: Ignore relocations in .notes section ACPI: scan: Fix device check notification handling ARM: dts: arm: realview: Fix development chip ROM compatible value wifi: brcmsmac: avoid function pointer casts iommu/amd: Mark interrupt as managed bus: tegra-aconnect: Update dependency to ARCH_TEGRA ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). sock_diag: annotate data-races around sock_diag_handlers[family] wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() wifi: b43: Disable QoS for bcm4331 wifi: b43: Stop correct queue in DMA worker when QoS is disabled b43: main: Fix use true/false for bool type wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled b43: dma: Fix use true/false for bool type variable wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() timekeeping: Fix cross-timestamp interpolation for non-x86 timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation on counter wrap aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts md: Don't clear MD_CLOSING when the raid is about to stop md: implement ->set_read_only to hook into BLKROSET processing block: add a new set_read_only method md: switch to ->check_events for media change notifications fs/select: rework stack allocation hack for clang do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak crypto: algif_aead - Only wake up when ctx->more is zero crypto: af_alg - make some functions static crypto: algif_aead - fix uninitialized ctx->init ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet firewire: core: use long bus reset on gap count error Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security scsi: mpt3sas: Prevent sending diag_reset when the controller is ready dm-verity, dm-crypt: align "struct bvec_iter" correctly block: sed-opal: handle empty atoms when parsing response net/iucv: fix the allocation size of iucv_path_table array MIPS: Clear Cause.BD in instruction_pointer_set x86/xen: Add some null pointer checking to smp.c ASoC: rt5645: Make LattePanda board DMI match more precise Linux 4.19.310 selftests/vm: fix map_hugetlb length used for testing read and write selftests/vm: fix display of page size in map_hugetlb getrusage: use sig->stats_lock rather than lock_task_sighand() getrusage: use __for_each_thread() getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: add the "signal_struct *sig" local variable y2038: rusage: use __kernel_old_timeval hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Make netvsc/VF binding check both MAC and serial number Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU um: allow not setting extra rpaths in the linux binary selftests: mm: fix map_hugetlb failure on 64K page size systems tools/selftest/vm: allow choosing mem size and page size in map_hugetlb btrfs: ref-verify: free ref cache before clearing mount opt netrom: Fix data-races around sysctl_net_busy_read netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix a data-race around sysctl_netrom_default_path_quality netfilter: nf_conntrack_h323: Add protection for bmp length out of range net/rds: fix WARNING in rds_conn_connect_if_down net/ipv6: avoid possible UAF in ip6_route_mpath_notify() geneve: make sure to pull inner header in geneve_rx() net: move definition of pcpu_lstats to header file net: lan78xx: fix runtime PM count underflow on link stop lan78xx: Fix race conditions in suspend/resume handling lan78xx: Fix partial packet errors on suspend/resume lan78xx: Add missing return code checks lan78xx: Fix white space and style issues net: usb: lan78xx: Remove lots of set but unused 'ret' variables Linux 4.19.309 gpio: 74x164: Enable output pins after registers are reset cachefiles: fix memory leak in cachefiles_add_cache() mmc: core: Fix eMMC initialization with 1-bit bus connection btrfs: dev-replace: properly validate device names wifi: nl80211: reject iftype change with mesh ID change gtp: fix use-after-free and null-ptr-deref in gtp_newlink() ALSA: Drop leftover snd-rtctimer stuff from Makefile power: supply: bq27xxx-i2c: Do not free non existing IRQ efi/capsule-loader: fix incorrect allocation size Bluetooth: Enforce validation on max value of connection interval Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: Avoid potential use-after-free in hci_error_reset net: usb: dm9601: fix wrong return value in dm9601_mdio_read lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected tun: Fix xdp_rxq_info's queue_index when detaching netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Linux 4.19.308 scripts/bpf: Fix xdp_md forward declaration typo fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() PCI/MSI: Prevent MSI hardware interrupt number truncation s390: use the correct count for __iowrite64_copy() packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin bpf, scripts: Correct GPL license name scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions RDMA/srpt: fix function pointer cast warnings RDMA/srpt: Make debug output more detailed RDMA/ulp: Use dev_name instead of ibdev->name RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/bnxt_re: Return error for SRQ resize IB/hfi1: Fix a memleak in init_credit_return usb: roles: don't get/set_role() when usb_role_switch is unregistered usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs ARM: ep93xx: Add terminator to gpiod_lookup_table l2tp: pass correct message length to ip6_append_data gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() dm-crypt: don't modify the data when using authenticated encryption mm: memcontrol: switch to rcu protection in drain_all_stock() IB/hfi1: Fix sdma.h tx->num_descs off-by-one error pmdomain: renesas: r8a77980-sysc: CR7 must be always on s390/qeth: Fix potential loss of L3-IP@ in case of network issues virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error hwmon: (coretemp) Enlarge per package core count limit regulator: pwm-regulator: Add validity checks in continuous .get_voltage ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ahci: asm1166: correct count of reported ports fbdev: sis: Error out if pixclock equals zero fbdev: savage: Error out if pixclock equals zero wifi: mac80211: fix race condition on enabling fast-xmit wifi: cfg80211: fix missing interfaces when dumping dmaengine: shdma: increase size of 'dev_id' scsi: target: core: Add TMF to tmr_list handling sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb nilfs2: replace WARN_ONs for invalid DAT metadata block requests memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() net: stmmac: fix notifier registration stmmac: no need to check return value of debugfs_create functions net/sched: Retire dsmark qdisc net/sched: Retire ATM qdisc net/sched: Retire CBQ qdisc Linux 4.19.307 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() lsm: new security_file_ioctl_compat() hook nilfs2: fix potential bug in end_buffer_async_write sched/membarrier: reduce the ability to hammer on sys_membarrier Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" pmdomain: core: Move the unused cleanup to a _sync initcall irqchip/irq-brcmstb-l2: Add write memory barrier before exit nfp: use correct macro for LengthSelect in BAR config nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nilfs2: fix data corruption in dsync block recovery for small block sizes ALSA: hda/conexant: Add quirk for SWS JS201D x86/mm/ident_map: Use gbpages only where full GB page should be mapped. x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 serial: max310x: improve crystal stable clock detection serial: max310x: set default value when reading clock ready bit ring-buffer: Clean ring_buffer_poll_wait() error return staging: iio: ad5933: fix type mismatch regression ext4: fix double-free of blocks due to wrong extents moved_len binder: signal epoll threads of self-work xen-netback: properly sync TX responses nfc: nci: free rx_data_reassembly skb on NCI device cleanup firewire: core: correct documentation of fw_csr_string() kernel API scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" usb: f_mass_storage: forbid async queue when shutdown happen USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT HID: wacom: Do not register input devices until after hid_hw_start HID: wacom: generic: Avoid reporting a serial of '0' to userspace mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again tracing/trigger: Fix to return error if failed to alloc snapshot i40e: Fix waiting for queues of all VSIs to be disabled MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler net: sysfs: Fix /sys/class/net/<iface> path for statistics Documentation: net-sysfs: describe missing statistics ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() spi: ppc4xx: Drop write-only variable btrfs: send: return EOPNOTSUPP on unknown flags btrfs: forbid creating subvol qgroups hrtimer: Report offline hrtimer enqueue vhost: use kzalloc() instead of kmalloc() followed by memset() Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID USB: serial: cp210x: add ID for IMST iM871A-USB USB: serial: option: add Fibocom FM101-GL variant USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e net/af_iucv: clean up a try_then_request_module() netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_compat: reject unused compat flag ppp_async: limit MRU to 64K tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() rxrpc: Fix response to PING RESPONSE ACKs to a dead call inet: read sk->sk_family once in inet_recv_error() hwmon: (coretemp) Fix bogus core_id to attr name mapping hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (aspeed-pwm-tacho) mutex for tach reading atm: idt77252: fix a memleak in open_card_ubr0 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV bonding: remove print in bond_verify_device_path HID: apple: Add 2021 magic keyboard FN key mapping HID: apple: Swap the Fn and Left Control keys on Apple keyboards HID: apple: Add support for the 2021 Magic Keyboard net: sysfs: Fix /sys/class/net/<iface> path af_unix: fix lockdep positive in sk_diag_dump_icons() net: ipv4: fix a memleak in ip_setup_cork netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger llc: call sock_orphan() at release time ipv6: Ensure natural alignment of const ipv6 loopback and router addresses ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ixgbe: Refactor overtemp event handling ixgbe: Refactor returning internal error codes ixgbe: Remove non-inclusive language net: remove unneeded break scsi: isci: Fix an error code problem in isci_io_request_build() wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' ceph: fix deadlock or deadcode of misusing dget() blk-mq: fix IO hang from sbitmap wakeup race virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings libsubcmd: Fix memory leak in uniq() usb: hub: Replace hardcoded quirk value with BIT() macro PCI: Only override AMD USB controller if required mfd: ti_am335x_tscadc: Fix TI SoC dependencies um: net: Fix return type of uml_net_start_xmit() um: Don't use vfprintf() for os_info() um: Fix naming clash between UML and scheduler leds: trigger: panic: Don't register panic notifier if creating the trigger failed drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdgpu: Let KFD sync with VM fences clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() drm/msm/dpu: Ratelimit framedone timeout msgs media: ddbridge: fix an error code problem in ddb_probe IB/ipoib: Fix mcast list locking drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time ALSA: hda: Intel: add HDA_ARL PCI ID support PCI: add INTEL_HDA_ARL to pci_ids.h media: rockchip: rga: fix swizzling for RGB formats media: stk1160: Fixed high volume of stk1160_dbg messages drm/mipi-dsi: Fix detach call without attach drm/framebuffer: Fix use of uninitialized variable drm/drm_file: fix use of uninitialized variable RDMA/IPoIB: Fix error code return in ipoib_mcast_join fast_dput(): handle underflows gracefully ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument f2fs: fix to check return value of f2fs_reserve_new_block() wifi: cfg80211: free beacon_ies when overridden from hidden BSS wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices md: Whenassemble the array, consult the superblock of the freshest device ARM: dts: imx23/28: Fix the DMA controller node name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx1: Fix sram node ARM: dts: imx27: Fix sram node ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: rockchip: fix rk3036 hdmi ports node scsi: libfc: Fix up timeout error in fc_fcp_rec_error() scsi: libfc: Don't schedule abort twice bpf: Add map and need_defer parameters to .map_fd_put_ptr() wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() ARM: dts: imx7s: Fix nand-controller #size-cells ARM: dts: imx7s: Fix lcdif compatible bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk PCI: Add no PM reset quirk for NVIDIA Spectrum devices scsi: lpfc: Fix possible file string name overflow when updating firmware ext4: avoid online resizing failures due to oversized flex bg ext4: remove unnecessary check from alloc_flex_gd() ext4: unify the type of flexbg_size to unsigned int ext4: fix inconsistent between segment fstrim and full fstrim SUNRPC: Fix a suspicious RCU usage warning KVM: s390: fix setting of fpc register s390/ptrace: handle setting of fpc register correctly jfs: fix array-index-out-of-bounds in diNewExt rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() crypto: stm32/crc32 - fix parsing list of devices pstore/ram: Fix crash when setting number of cpus to an odd number jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix slab-out-of-bounds Read in dtSearch UBSAN: array-index-out-of-bounds in dtSplitRoot FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree ACPI: extlog: fix NULL pointer dereference check PNP: ACPI: fix fortify warning ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop audit: Send netlink ACK before setting connection in auditd_set powerpc/lib: Validate size for vector operations powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix null-pointer dereference in pgtable_cache_add net/sched: cbs: Fix not adding cbs instance to list x86/entry/ia32: Ensure s32 is sign extended to s64 tick/sched: Preserve number of idle sleeps across CPU hotplug events mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan gpio: eic-sprd: Clear interrupt after set the interrupt type drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume drm/bridge: nxp-ptn3460: simplify some error checking drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm: Don't unref the same fb many times by mistake due to deadlock handling gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 netfilter: nf_tables: reject QUEUE/DROP verdict parameters btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't warn if discard range is not aligned to sector net: fec: fix the unhandled context fault from smmu fjes: fix memleaks in fjes_hw_setup netfilter: nf_tables: restrict anonymous set and map names to 16 bytes net/mlx5e: fix a double-free in arfs_create_groups net/mlx5: Use kfree(ft->g) in arfs_create_groups() netlink: fix potential sleeping issue in mqueue_flush_file Conflicts: drivers/gpu/drm/mediatek/mtk_dsi.c (used ours) kernel/time/timer.c mm/memory-failure.c Change-Id: I9b993a4082cf508287c664e1f8c709558d9cd903 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
4136e7cd20 |
Merge tag 'ASB-2024-02-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-02-01 * tag 'ASB-2024-02-05_4.19-stable' of https://android.googlesource.com/kernel/common: Reapply "perf: Fix perf_event_validate_size()" UPSTREAM: usb: raw-gadget: properly handle interrupted requests UPSTREAM: mm/cma: use nth_page() in place of direct struct page manipulation UPSTREAM: wireguard: allowedips: expand maximum node depth UPSTREAM: coresight: tmc: Explicit type conversions to prevent integer overflow UPSTREAM: wireguard: netlink: send staged packets when setting initial private key UPSTREAM: wireguard: queueing: use saner cpu selection wrapping UPSTREAM: kheaders: Use array declaration instead of char UPSTREAM: arm64: efi: Make efi_rt_lock a raw_spinlock UPSTREAM: sched/psi: Fix use-after-free in ep_remove_wait_queue() UPSTREAM: usb: musb: mediatek: don't unregister something that wasn't registered UPSTREAM: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() UPSTREAM: xfrm: compat: change expression for switch in xfrm_xlate64 UPSTREAM: perf/core: Call LSM hook after copying perf_event_attr Linux 4.19.306 crypto: scompress - initialize per-CPU variables on each CPU Revert "NFSD: Fix possible sleep during nfsd4_release_lockowner()" i2c: s3c24xx: fix transferring more than one message in polling mode i2c: s3c24xx: fix read transfers in polling mode kdb: Fix a potential buffer overflow in kdb_local() kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ ipvs: avoid stat macros calls from preemptible context net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe net: ravb: Fix dma_addr_t truncation in error case net: qualcomm: rmnet: fix global oob in rmnet_policy serial: imx: Correct clock error message in function probe() apparmor: avoid crash when parsed profile name is empty perf genelf: Set ELF program header addresses properly acpi: property: Let args be NULL in __acpi_node_get_property_reference MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() HID: wacom: Correct behavior when processing some confidence == false touches wifi: mwifiex: configure BSSID consistently when starting AP wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code fbdev: flush deferred work in fb_deferred_io_fsync() ALSA: oxygen: Fix right channel of capture volume mixer usb: mon: Fix atomicity violation in mon_bin_vma_fault usb: typec: class: fix typec_altmode_put_partner to put plugs Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Revert "usb: dwc3: Soft reset phy on probe for host" usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug binder: fix unused alloc->free_async_space binder: fix race between mmput() and do_exit() xen-netback: don't produce zero-size SKB frags Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" Input: atkbd - use ab83 as id when skipping the getid command binder: fix async space check for 0-sized buffers of: unittest: Fix of_count_phandle_with_args() expected value message of: Fix double free in of_parse_phandle_with_args_map mmc: sdhci_omap: Fix TI SoC dependencies watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: set cdev owner before adding gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table drm/amd/pm: fix a double-free in si_dpm_init drm/amdgpu/debugfs: fix error code when smc register accessors are NULL media: dvbdev: drop refcount on error path in dvb_device_open() media: cx231xx: fix a memleak in cx231xx_init_isoc drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/drv: propagate errors from drm_modeset_register_all() drm/msm/mdp4: flush vblank event on disable ASoC: cs35l34: Fix GPIO name and drop legacy include ASoC: cs35l33: Fix GPIO name and drop legacy include drm/radeon: check return value of radeon_ring_lock() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() f2fs: fix to avoid dirent corruption drm/bridge: Fix typo in post_disable() description media: pvrusb2: fix use after free on context disconnection RDMA/usnic: Silence uninitialized symbol smatch warnings ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() Bluetooth: btmtkuart: fix recv_buf() return value Bluetooth: Fix bogus check for re-auth no supported with non-ssp wifi: rtlwifi: rtl8192se: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192de: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: add calculate_bit_shift() dma-mapping: clear dev->dma_mem to NULL after freeing it scsi: hisi_sas: Replace with standard error code return value wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() net/ncsi: Fix netlink major/minor version numbers ncsi: internal.h: Fix a spello ARM: dts: qcom: apq8064: correct XOADC register address wifi: libertas: stop selecting wext bpf, lpm: Fix check prefixlen before walking trie NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT blocklayoutdriver: Fix reference leak of pnfs_device_node crypto: scomp - fix req->dst buffer overflow crypto: scompress - Use per-CPU struct instead multiple variables crypto: scompress - return proper error code for allocation failure crypto: sahara - do not resize req->src when doing hash operations crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - fix ahash reqsize crypto: virtio - Wait for tasklet to complete on device remove pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() crypto: sahara - fix error handling in sahara_hw_descriptor_create() crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix ahash selftest failure crypto: sahara - remove FLAGS_NEW_KEY logic crypto: af_alg - Disallow multiple in-flight AIO requests crypto: ccp - fix memleak in ccp_init_dm_workarea crypto: virtio - Handle dataq logic with tasklet selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket mtd: Fix gluebi NULL pointer dereference caused by ftl notifier calipso: fix memory leak in netlbl_calipso_add_pass() netlabel: remove unused parameter in netlbl_netlink_auditinfo() net: netlabel: Fix kerneldoc warnings ACPI: LPIT: Avoid u32 multiplication overflow ACPI: video: check for error while searching for backlight device parent mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response powerpc/imc-pmu: Add a null pointer check in update_events_in_group() powerpc/powernv: Add a null pointer check in opal_event_init() selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/pseries/memhp: Fix access beyond end of drmem array powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/44x: select I2C for CURRITUCK powerpc: remove redundant 'default n' from Kconfig-s powerpc: add crtsavres.o to always-y instead of extra-y EDAC/thunderx: Fix possible out-of-bounds string access x86/lib: Fix overflow when counting digits coresight: etm4x: Fix width of CCITMIN field uio: Fix use-after-free in uio_open binder: fix comment on binder_alloc_new_buf() return value binder: use EPOLLERR from eventpoll.h drm/crtc: fix uninitialized variable use ARM: sun9i: smp: fix return code check of of_property_match_string Input: xpad - add Razer Wolverine V2 support ARC: fix spare error s390/scm: fix virtual vs physical address confusion Input: i8042 - add nomux quirk for Acer P459-G2-M Input: atkbd - skip ATKBD_CMD_GETID in translated mode reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI tracing: Add size check when printing trace_marker output tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing drm/crtc: Fix uninit-value bug in drm_mode_setcrtc jbd2: correct the printing of write_flags in jbd2_write_superblock() clk: rockchip: rk3128: Fix HCLK_OTG gate register drm/exynos: fix a potential error pointer dereference ASoC: da7219: Support low DC impedance headset net/tg3: fix race condition in tg3_reset_task() ASoC: rt5650: add mutex to avoid the jack detection failure ASoC: cs43130: Fix incorrect frame delay configuration ASoC: cs43130: Fix the position of const qualifier ASoC: Intel: Skylake: mem leak in skl register function f2fs: explicitly null-terminate the xattr list UPSTREAM: wifi: cfg80211: fix buffer overflow in elem comparison UPSTREAM: gcov: clang: fix the buffer overflow issue BACKPORT: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs UPSTREAM: wifi: cfg80211: ensure length byte is present before access UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() UPSTREAM: wireguard: netlink: avoid variable-sized memcpy on sockaddr UPSTREAM: wireguard: ratelimiter: disable timings test by default UPSTREAM: crypto: lib - remove unneeded selection of XOR_BLOCKS UPSTREAM: wireguard: allowedips: don't corrupt stack when detecting overflow UPSTREAM: wireguard: ratelimiter: use hrtimer in selftest UPSTREAM: crypto: arm64/poly1305 - fix a read out-of-bound UPSTREAM: wifi: mac80211_hwsim: set virtio device ready in probe() UPSTREAM: crypto: memneq - move into lib/ UPSTREAM: dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace BACKPORT: usb: typec: mux: Check dev_set_name() return value UPSTREAM: wireguard: device: check for metadata_dst with skb_valid_dst() UPSTREAM: sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq UPSTREAM: cfg80211: hold bss_lock while updating nontrans_list UPSTREAM: wireguard: socket: ignore v6 endpoints when ipv6 is disabled UPSTREAM: wireguard: socket: free skb in send6 when ipv6 is disabled UPSTREAM: wireguard: queueing: use CFI-safe ptr_ring cleanup function UPSTREAM: mm: don't try to NUMA-migrate COW pages that have other uses UPSTREAM: copy_process(): Move fd_install() out of sighand->siglock critical section UPSTREAM: usb: raw-gadget: fix handling of dual-direction-capable endpoints UPSTREAM: psi: Fix "no previous prototype" warnings when CONFIG_CGROUPS=n UPSTREAM: sched/uclamp: Fix rq->uclamp_max not set on first enqueue UPSTREAM: wireguard: selftests: increase default dmesg log size UPSTREAM: wireguard: allowedips: add missing __rcu annotation to satisfy sparse UPSTREAM: sched/uclamp: Fix uclamp_tg_restrict() UPSTREAM: coresight: etm4x: Fix etm4_count race by moving cpuhp callbacks to init UPSTREAM: sched/uclamp: Fix a deadlock when enabling uclamp static key UPSTREAM: mac80211_hwsim: use GFP_ATOMIC under spin lock UPSTREAM: usercopy: Avoid soft lockups in test_check_nonzero_user() UPSTREAM: lib: test_user_copy: style cleanup UPSTREAM: fork: return proper negative error code Revert "ipv6: make ip6_rt_gc_expire an atomic_t" Revert "ipv6: remove max_size check inline with ipv4" Linux 4.19.305 ipv6: remove max_size check inline with ipv4 ipv6: make ip6_rt_gc_expire an atomic_t net/dst: use a smaller percpu_counter batch for dst entries accounting net: add a route cache full diagnostic message PCI: Disable ATS for specific Intel IPU E2000 devices PCI: Extract ATS disabling to a helper function netfilter: nf_tables: Reject tables of unsupported family fuse: nlookup missing decrement in fuse_direntplus_link mmc: core: Cancel delayed work before releasing host mmc: rpmb: fixes pause retune on all RPMB partitions. mm: fix unmap_mapping_range high bits shift bug firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards mm/memory-failure: check the mapcount of the precise page bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() asix: Add check for usbnet_get_endpoints net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues net/qla3xxx: switch from 'pci_' to 'dma_' API i40e: Restore VF MSI-X state during PCI reset i40e: fix use-after-free in i40e_aqc_add_filters() net: Save and restore msg_namelen in sock_sendmsg net: bcmgenet: Fix FCS generation for fragmented skbuffs ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init net: sched: em_text: fix possible memory leak in em_text_destroy() i40e: Fix filter input checks to prevent config with invalid values nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local UPSTREAM: fsverity: skip PKCS#7 parser when keyring is empty Conflicts: kernel/sched/core.c mm/memory-failure.c Change-Id: Ia3e5cc3e0d08850affcfbd4f40eff6d7281b350c Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
4817452ad1 |
Merge tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-01-01 * tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.304 block: Don't invalidate pagecache for invalid falloc modes dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() scsi: bnx2fc: Remove set but not used variable 'oxid' Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() pinctrl: at91-pio4: use dedicated lock class for IRQ net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Revert "cred: switch to using atomic_long_t" Linux 4.19.303 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" cred: switch to using atomic_long_t Revert "PCI: acpiphp: Reassign resources on bridge if necessary" appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" ANDROID: Snapshot Mainline's version of checkpatch.pl Linux 4.19.302 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work IB/isert: Fix unaligned immediate-data handling tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() packet: Move reference count in packet_sock to atomic_long_t ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket netfilter: xt_owner: Add supplementary groups option net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier media: davinci: vpif_capture: fix potential double free spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. spi: imx: correct wml as the last sg length spi: imx: move wml setting to later than setup_transfer spi: imx: add a device specific prepare_message callback Linux 4.19.301 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded ravb: Fix races between ravb_tx_timeout_work() and net related ops ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address powerpc: Don't clobber f0/vs0 during fp|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration USB: dwc3: qcom: fix wakeup after probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields MIPS: KVM: Fix a build warning about variable set but not used net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links Conflicts: arch/arm64/boot/dts/mediatek/mt8173-evb.dts (used ours) drivers/mmc/core/block.c Change-Id: I714e6e76ce2fca35f3042715416373728fa5289b Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
dcc8f37fc1 |
Merge tag 'ASB-2023-11-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-11-01 * tag 'ASB-2023-11-05_4.19-stable' of https://android.googlesource.com/kernel/common: Reapply "perf: Disallow mis-matched inherited group reads" Revert "perf: Disallow mis-matched inherited group reads" Revert "xfrm: fix a data-race in xfrm_gen_index()" Revert "Bluetooth: hci_core: Fix build warnings" Revert "xfrm: interface: use DEV_STATS_INC()" Linux 4.19.297 xfrm6: fix inet6_dev refcount underflow problem Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Bluetooth: hci_sock: fix slab oob read in create_monitor_event phy: mapphone-mdm6600: Fix runtime PM for remove ASoC: pxa: fix a memory leak in probe() gpio: vf610: set value before the direction to avoid a glitch s390/pci: fix iommu bitmap allocation perf: Disallow mis-matched inherited group reads USB: serial: option: add Fibocom to DELL custom modem FM101R-GL USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Telit LE910C4-WWX 0x1035 composition ACPI: irq: Fix incorrect return value in acpi_register_gsi() Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" mmc: core: Capture correct oemid-bits for eMMC cards mtd: spinand: micron: correct bitmask for ecc status mtd: rawnand: qcom: Unmap the right resource upon probe failure Bluetooth: hci_event: Fix using memcmp when comparing keys btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c drm: panel-orientation-quirks: Add quirk for One Mix 2S sky2: Make sure there is at least one frag_addr available wifi: cfg80211: avoid leaking stack data into trace wifi: mac80211: allow transmitting EAPOL frames with tainted key Bluetooth: hci_core: Fix build warnings Bluetooth: Avoid redundant authentication HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event tracing: relax trace_event_eval_update() execution with cond_resched() ata: libata-eh: Fix compilation warning in ata_eh_link_report() gpio: timberdale: Fix potential deadlock on &tgpio->lock overlayfs: set ctime when setting mtime and atime i2c: mux: Avoid potential false error message in i2c_mux_add_adapter btrfs: initialize start_slot in btrfs_log_prealloc_extents btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone libceph: use kernel_connect() libceph: fix unaligned accesses in ceph_entity_addr handling net: pktgen: Fix interface flags printing netfilter: nft_set_rbtree: .deactivate fails if element has expired net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve i40e: prevent crash on probe if hw registers have invalid values net: usb: smsc95xx: Fix an error code in smsc95xx_reset() tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb tcp: fix excessive TLP and RACK timeouts from HZ rounding net: rfkill: gpio: prevent value glitch during probe net: ipv6: fix return value check in esp_remove_trailer net: ipv4: fix return value check in esp_remove_trailer xfrm: interface: use DEV_STATS_INC() xfrm: fix a data-race in xfrm_gen_index() netfilter: nft_payload: fix wrong mac header matching KVM: x86: Mask LVTPC when handling a PMI regmap: fix NULL deref on lookup nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Bluetooth: avoid memcmp() out of bounds warning Bluetooth: hci_event: Fix coding style Bluetooth: vhci: Fix race when opening vhci device Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: hci_event: Ignore NULL link key usb: hub: Guard against accesses to uninitialized BOS descriptors dev_forward_skb: do not scrub skb mark within the same name space x86/alternatives: Disable KASAN in apply_alternatives() powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call usb: gadget: udc-xilinx: replace memcpy with memcpy_toio x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs pinctrl: avoid unsafe code pattern in find_pinctrl() cgroup: Remove duplicates in cgroup v1 tasks file Input: xpad - add PXN V900 support Input: psmouse - fix fast_reconnect function for PS/2 mode Input: powermate - fix use-after-free in powermate_config_complete ceph: fix incorrect revoked caps assert in ceph_fill_file_size() mcb: remove is_added flag from mcb_device struct iio: pressure: ms5611: ms5611_prom_is_valid false negative bug iio: pressure: bmp280: Fix NULL pointer exception usb: musb: Modify the "HWVers" register address usb: musb: Get the musb_qh poniter after musb_giveback usb: dwc3: Soft reset phy on probe for host net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer dmaengine: stm32-mdma: abort resume if no ongoing transfer sched,idle,rcu: Push rcu_idle deeper into the idle path workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() nfc: nci: assert requested protocol is valid net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() ixgbe: fix crash with empty VF macvlan list drm/vmwgfx: fix typo of sizeof argument xen-netback: use default TX queue size for vifs ieee802154: ca8210: Fix a potential UAF in ca8210_probe drm/msm/dsi: skip the wait for video mode done if not applicable drm: etvnaviv: fix bad backport leading to warning net: prevent address rewrite in kernel_bind() quota: Fix slow quotaoff HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect RDMA/cxgb4: Check skb value for failure to allocate net: prevent rewrite of msg_name in sock_sendmsg() net: fix kernel-doc warnings for socket.c net: use indirect calls helpers at the socket layer indirect call wrappers: helpers to speed-up indirect calls of builtin Revert "net: add atomic_long_t to net_device_stats fields" Revert "net: Fix unwanted sign extension in netdev_stats_to_stats64()" Revert "net: bridge: use DEV_STATS_INC()" Linux 4.19.296 xen/events: replace evtchn_rwlock with RCU rtnetlink: Reject negative ifindexes in RTM_NEWLINK Revert "rtnetlink: Reject negative ifindexes in RTM_NEWLINK" dccp: fix dccp_v4_err()/dccp_v6_err() again parisc: Restore __ldcw_align for PA-RISC 2.0 processors RDMA/mlx5: Fix NULL string error RDMA/cma: Fix truncation compilation warning in make_cma_ports gpio: pxa: disable pinctrl calls for MMP_GPIO gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() IB/mlx4: Fix the size of a buffer in add_port_entries() cpupower: add Makefile dependencies for install targets sctp: update hb timer immediately after users change hb_interval sctp: update transport state when processing a dupcook packet tcp: fix delayed ACKs for MSS boundary condition tcp: fix quick-ack counting to count actual ACKs of new data net: stmmac: dwmac-stm32: fix resume on STM32 MCU net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() modpost: add missing else to the "of" check scsi: target: core: Fix deadlock due to recursive locking regmap: rbtree: Fix wrong register marked as in-cache when creating new node drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet ubi: Refuse attaching if mtd's erasesize is 0 net: replace calls to sock->ops->connect() with kernel_connect() wifi: mwifiex: Fix tlv_buf_left calculation qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info scsi: zfcp: Fix a double put in zfcp_port_enqueue() Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" media: dvb: symbol fixup for dvb_attach() - again Revert "drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions" ata: libata: disallow dev-initiated LPM transitions to unsupported states ext4: fix rec_len verify error fs: binfmt_elf_efpic: fix personality for ELF-FDPIC ata: libata-sata: increase PMP SRST timeout to 10s ata: libata-core: Do not register PM operations for SAS ports ata: libata-core: Fix port and device removal ata: libata-core: Fix ata_port_request_pm() locking net: thunderbolt: Fix TCPv6 GSO checksum calculation btrfs: properly report 0 avail for very full file systems i2c: i801: unregister tco_pdev in i801_probe() error path ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() serial: 8250_port: Check IRQ data before use smack: Record transmuting in smk_transmuted smack: Retrieve transmuting information in smack_inode_getsecurity() Smack:- Use overlay inode label in smack_inode_copy_up() scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers net: Fix unwanted sign extension in netdev_stats_to_stats64() watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running watchdog: iTCO_wdt: No need to stop the timer in probe nvme-pci: do not set the NUMA node of device if it has none fbdev/sh7760fb: Depend on FB=y bpf: Clarify error expectations from bpf_clone_redirect ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() ring-buffer: Avoid softlockup in ring_buffer_resize() selftests/ftrace: Correctly enable event in instance-event.tc parisc: irq: Make irq_stack_union static to avoid sparse warning parisc: drivers: Fix sparse warning parisc: iosapic.c: Fix sparse warnings parisc: sba: Fix compile warning wrt list of SBA devices gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot clk: tegra: fix error return case for recalc_rate MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled ext4: do not let fstrim block system suspend ext4: move setting of trimmed bit into ext4_try_to_trim_range() ext4: replace the traditional ternary conditional operator with with max()/min() ext4: mark group as trimmed only if it was fully scanned ext4: change s_last_trim_minblks type to unsigned long ext4: scope ret locally in ext4_try_to_trim_range() ext4: add new helper interface ext4_try_to_trim_range() ext4: remove the 'group' parameter of ext4_trim_extent scsi: megaraid_sas: Fix deadlock on firmware crashdump scsi: megaraid_sas: Load balance completions across all MSI-X scsi: qla2xxx: Remove unsupported ql2xenabledif option scsi: qla2xxx: Add protection mask module parameters Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() team: fix null-ptr-deref when team device type is changed net: bridge: use DEV_STATS_INC() net: add atomic_long_t to net_device_stats fields net: hns3: add 5ms delay before clear firmware reset irq source powerpc/perf/hv-24x7: Update domain value check ipv4: fix null-deref in ipv4_link_failure selftests: tls: swap the TX and RX sockets in some tests selftests/tls: Add {} to avoid static checker warning netfilter: nf_tables: disallow element removal on anonymous sets ata: libahci: clear pending interrupt status ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones NFS/pNFS: Report EINVAL errors from connect() to the server ANDROID: ALSA: jack: Revert mismerge done in v4.19.291 Change-Id: I75d4e719a98bc6ffdfb5a39ca02617d086352458 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
56175d5f73 |
Merge tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.294 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.19.293 dma-buf/sw_sync: Avoid recursive lock during fence signal clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable rtnetlink: Reject negative ifindexes in RTM_NEWLINK netfilter: nf_queue: fix socket leak sched/rt: pick_next_rt_entity(): check list_entry mmc: block: Fix in_flight[issue_type] value error x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Don't increase MTU when set by user batman-adv: Trigger events for auto adjusted MTU nfsd: Fix race to FREE_STATEID and cl_revoked ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl bonding: fix macvlan over alb bond support net: remove bond_slave_has_mac_rcu() net/sched: fix a qdisc modification with ambiguous command request igb: Avoid starting unnecessary workqueues dccp: annotate data-races in dccp_poll() sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: do not wait for mpc idle if tg is disabled regmap: Account for register length in SMBus I/O limits dm integrity: reduce vmalloc space footprint on 32-bit architectures dm integrity: increase RECALC_SECTORS to improve recalculate speed powerpc: Fail build if using recordmcount with binutils v2.37 powerpc: remove leftover code of old GCC version checks powerpc/32: add stack protector support fbdev: fix potential OOB read in fast_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: Improve performance of sys_imageblit() tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" MIPS: cpu-features: Use boot_cpu_type for CPU type based features MIPS: cpu-features: Enable octeon_cache by cpu_type fs: dlm: fix mismatch of plock results from userspace fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: change plock interrupted message to debug again fs: dlm: add pid to debug log dlm: replace usage of found with dedicated list iterator variable dlm: improve plock logging if interrupted PCI: acpiphp: Reassign resources on bridge if necessary net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled virtio-net: set queues after driver_ok af_unix: Fix null-ptr-deref in unix_stream_sendpage(). netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. serial: 8250: Fix oops for port->pm on uart_change_pm() ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: rt5665: add missed regulator_bulk_disable net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps selftests: mirror_gre_changes: Tighten up the TTL test match xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 xfrm: fix slab-use-after-free in decode_session6 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read btrfs: fix BUG_ON condition in btrfs_cancel_balance powerpc/rtas_flash: allow user copy to flash block cache objects fbdev: mmp: fix value check in mmphw_probe() virtio-mmio: don't break lifecycle of vm_dev virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: convert to devm_platform_ioremap_resource nfsd: Remove incorrect check in nfsd4_validate_stateid nfsd4: kill warnings on testing stateids with mismatched clientids block: fix signed int overflow in Amiga partition support mmc: sunxi: fix deferred probing mmc: bcm2835: fix deferred probing mmc: Remove dev_err() usage after platform_get_irq() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: meson-gx: remove useless lock USB: dwc3: qcom: fix NULL-deref on suspend usb: dwc3: qcom: Add helper functions to enable,disable wake irqs irqchip/mips-gic: Use raw spinlock for gic_lock irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms powerpc/64s/radix: Fix soft dirty tracking powerpc: Move page table dump files in a dedicated subdirectory powerpc/mm: dump block address translation on book3s/32 powerpc/mm: dump segment registers on book3s/32 powerpc/mm: Move pgtable_t into platform headers powerpc/mm: move platform specific mmu-xxx.h in platform directories iio: addac: stx104: Fix race condition when converting analog-to-digital iio: addac: stx104: Fix race condition for stx104_write_raw() iio: adc: stx104: Implement and utilize register structures iio: adc: stx104: Utilize iomap interface iio: add addac subdirectory IMA: allow/fix UML builds drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames HID: add quirk for 03f0:464a HP Elite Presenter Mouse quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init selftests: forwarding: tc_flower: Relax success criterion lib/mpi: Eliminate unused umul_ppmm definitions for MIPS Revert "posix-timers: Ensure timer ID search-loop limit is valid" UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.19.292 sch_netem: fix issues in netem_change() vs get_dist_table() alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush btrfs: don't stop integrity writeback too early ibmvnic: Handle DMA unmapping of login buffs in release functions wifi: cfg80211: fix sband iftype data lookup for AP_VLAN IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status mISDN: Update parameter type of dsp_cmx_send() drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() binder: fix memory leak in binder_init() iio: cros_ec: Fix the allocation size for cros_ec_command nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads drm/nouveau/gr: enable memory loads on helper invocation on all channels dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free Linux 4.19.291 drm/edid: fix objtool warning in drm_cvt_modes() arm64: dts: stratix10: fix incorrect I2C property for SCL signal drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node ARM: dts: imx6sll: fixup of operating points ARM: dts: imx: add usb alias ARM: dts: imx6sll: Make ssi node name same as other platforms PM: sleep: wakeirq: fix wake irq arming PM / wakeirq: support enabling wake-up irq after runtime_suspend called powerpc/mm/altmap: Fix altmap boundary check mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() scsi: zfcp: Defer fc_rport blocking until after ADISC response tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off net: sched: cls_u32: Fix match key mis-addressing perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() KVM: s390: fix sthyi error handling word-at-a-time: use the same return type for has_zero regardless of endianness loop: Select I/O scheduler 'none' from inside add_disk() perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow ASoC: cs42l51: fix driver to properly autoload with automatic module loading net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume virtio-net: fix race between set queues and probe serial: 8250_dw: Preserve original value of DLF register serial: 8250_dw: split Synopsys DesignWare 8250 common functions irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code btrfs: check for commit error at btrfs_attach_transaction_barrier() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: clarify CVE handling Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size USB: quirks: add quirk for Focusrite Scarlett usb: ohci-at91: Fix the unhandle interrupt when resume usb: dwc3: don't reset device side if dwc3 was configured as host-only usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() RDMA/mlx4: Make check for invalid flags stricter benet: fix return value check in be_lancer_xmit_workarounds() net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 net/sched: mqprio: add extack to mqprio_parse_nlattr() net/sched: mqprio: refactor nlattr parsing to a separate function platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() ftrace: Store the order of pages allocated in ftrace_page ftrace: Check if pages were allocated before calling free_pages() ftrace: Add information on number of page groups allocated fs: dlm: interrupt posix locks only when process is killed dlm: rearrange async condition return dlm: cleanup plock_op vs plock_xop PCI/ASPM: Avoid link retraining race PCI/ASPM: Factor out pcie_wait_for_retrain() PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() PCI: Rework pcie_retrain_link() wait loop ext4: Fix reusing stale buffer heads from last failed mounting ext4: rename journal_dev to s_journal_dev inside ext4_sb_info btrfs: fix extent buffer leak after tree mod log failure at split_node() bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set gpio: tps68470: Make tps68470_gpio_output() always set the initial value tracing/histograms: Return an error if we fail to add histogram to hist_vars list tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->linger2 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Revert "tcp: avoid the lookup process failing to get sk in ehash table" net:ipv6: check return value of pskb_trim() net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: iwlwifi: mvm: avoid baid size integer overflow wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() tracing/histograms: Add histograms to hist_vars if they have referenced variables drm/atomic: Fix potential use-after-free in nonblocking commits scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length ceph: don't let check_caps skip sending responses for revoke msgs hwrng: imx-rngc - fix the timeout for init and self check serial: atmel: don't enable IRQs prematurely fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test misc: pci_endpoint_test: Free IRQs before removing the device PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() net: bcmgenet: Ensure MDIO unregistration has clocks enabled tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_tool: Add check for devm_kcalloc NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). vrf: Increment Icmp6InMsgs on the original netdev net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_* constant types, clarify masking net: lan743x: Don't sleep in atomic context netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: use net_generic infra for transaction data netfilter: add helper function to set up the nfnetlink header and use it netfilter: nftables: add helper function to set the base sequence number netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: fix nat hook table deletion spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() bcache: Remove unnecessary NULL point check in node allocations mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation ALSA: jack: Fix mutex call in snd_jack_report() i2c: xiic: Don't try to handle more interrupt events after error i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y f2fs: fix error path handling in truncate_dnode() mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard ARCv2: entry: rewrite to enable use of double load/stores LDD/STD ARCv2: entry: avoid a branch ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE ARCv2: entry: comments about hardware auto-save on taken interrupts modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled hwrng: virtio - Fix race on data_avail and actual data hwrng: virtio - always add a pending request hwrng: virtio - don't waste entropy hwrng: virtio - don't wait on cleanup hwrng: virtio - add an internal buffer pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). ipvlan: Fix return value of ipvlan_queue_xmit() netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: ray_cs: Drop useless status variable in parse_addr() wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wl3501_cs: use eth_hw_addr_set() net: create netdev->dev_addr assignment helpers wl3501_cs: Fix misspelling and provide missing documentation wl3501_cs: Remove unnecessary NULL check wl3501_cs: Fix a bunch of formatting issues related to function docs wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() nfc: constify several pointers to u8, char and sk_buff wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() samples/bpf: Fix buffer overflow in tcp_basertt wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() ARM: 9303/1: kprobes: avoid missing-declaration warnings PM: domains: fix integer overflow issues in genpd_parse_state() clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe clocksource/drivers/cadence-ttc: Use ttc driver as platform driver clocksource/drivers: Unify the names to timer-* format irqchip/jcore-aic: Fix missing allocation of IRQ descriptors irqchip/jcore-aic: Kill use of irq_create_strict_mappings() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay md/raid10: check slab-out-of-bounds in md_bitmap_get_counter treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe video: imsttfb: check for ioremap() failures x86/smp: Use dedicated cache-line for mwait_play_dead() gfs2: Don't deref jdesc in evict Linux 4.19.290 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/clocksource/Makefile init/main.c Change-Id: Id679da6558c7e9f4513a49aa6992e2966b66c2a6 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
c8394188f6 |
Merge tag 'ASB-2023-07-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-07-01 CVE-2022-42703 CVE-2023-21255 CVE-2023-25012 * tag 'ASB-2023-07-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.288 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/exynos: vidi: fix a wrong error return ASoC: nau8824: Add quirk to active-high jack-detect s390/cio: unregister device when the only path is gone usb: gadget: udc: fix NULL dereference in remove() nfcsim.c: Fix error checking for debugfs_create_dir media: cec: core: don't set last_initiator if tx in progress arm64: Add missing Set/Way CMO encodings HID: wacom: Add error check to wacom_parse_and_register() scsi: target: iscsi: Prevent login threads from racing between each other sch_netem: acquire qdisc lock in netem_change() netfilter: nfnetlink_osf: fix module autoload netfilter: nf_tables: disallow element updates of bound anonymous sets be2net: Extend xmit workaround to BE3 chip mmc: usdhi60rol0: fix deferred probing mmc: sdhci-acpi: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: omap: fix deferred probing mmc: mvsdio: fix deferred probing mmc: mvsdio: convert to devm_platform_ioremap_resource mmc: mtk-sd: fix deferred probing net: qca_spi: Avoid high load if QCA7000 is not available xfrm: Linearize the skb after offloading if needed. ieee802154: hwsim: Fix possible memory leaks rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() nilfs2: prevent general protection fault in nilfs_clear_dirty_page() cgroup: Do not corrupt task iteration when rebinding subsystem PCI: hv: Fix a race condition bug in hv_pci_query_relations() Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs nilfs2: fix buffer corruption due to concurrent device reads ipmi: move message error checking to avoid deadlock ipmi: Make the smi watcher be disabled immediately when not needed x86/purgatory: remove PGO flags nilfs2: reject devices with insufficient block count serial: lantiq: add missing interrupt ack serial: lantiq: Do not swap register read/writes serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32 serial: lantiq: Change ltq_w32_mask to asc_update_bits Linux 4.19.287 mmc: block: ensure error propagation for non-blk powerpc: Fix defconfig choice logic when cross compiling drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth neighbour: delete neigh_lookup_nodev as not used net: Remove unused inline function dst_hold_and_use() neighbour: Remove unused inline function neigh_key_eq16() selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET net: tipc: resize nlattr array to correct size net: lapbether: only support ethernet devices drm/nouveau: add nv_encoder pointer check for NULL drm/nouveau/kms: Don't change EDID when it hasn't actually changed drm/nouveau/dp: check for NULL nv_connector->native_mode igb: fix nvm.ops.read() error handling sctp: fix an error code in sctp_sf_eat_auth() IB/isert: Fix incorrect release of isert connection IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix dead lock in ib_isert IB/uverbs: Fix to consider event queue closing also upon non-blocking mode RDMA/rxe: Fix the use-before-initialization error of resp_pkts RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Remove the unused variable obj ping6: Fix send to link-local addresses with VRF. netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM usb: gadget: f_ncm: Fix NTP-32 support usb: gadget: f_ncm: Add OS descriptor support usb: dwc3: gadget: Reset num TRBs before giving back the request USB: serial: option: add Quectel EM061KGL series Remove DECnet support from kernel net: usb: qmi_wwan: add support for Compal RXM-G1 RDMA/uverbs: Restrict usage of privileged QKEYs nouveau: fix client work fence deletion race powerpc/purgatory: remove PGO flags kexec: support purgatories with .text.hot sections nilfs2: fix possible out-of-bounds segment allocation in resize ioctl nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nios2: dts: Fix tse_mac "max-frame-size" property ocfs2: check new file size on fallocate call ocfs2: fix use-after-free when unmounting read-only filesystem xen/blkfront: Only check REQ_FUA for writes mips: Move initrd_start check after initrd address sanitisation. MIPS: Alchemy: fix dbdma2 parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() power: supply: Fix logic checking if system is running from battery irqchip/meson-gpio: Mark OF related data as maybe unused regulator: Fix error checking for debugfs_create_dir power: supply: Ratelimit no data debug output ARM: dts: vexpress: add missing cache properties power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() power: supply: ab8500: Fix external_power_changed race Revert "tcp: deny tcp_disconnect() when threads are waiting" Revert "tcp: deny tcp_disconnect() when threads are waiting" ANDROID: GKI: update ABI xml for incrementalfs.ko Linux 4.19.286 Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() btrfs: check return value of btrfs_commit_transaction in relocation ext4: only check dquot_initialize_needed() when debugging i2c: sprd: Delete i2c adapter in .remove's error path pinctrl: meson-axg: add missing GPIOA_18 gpio group Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk ceph: fix use-after-free bug for inodes when flushing capsnaps drm/amdgpu: fix xclk freq on CHIP_STONEY Input: psmouse - fix OOB access in Elantech protocol Input: xpad - delete a Razer DeathAdder mouse VID/PID entry batman-adv: Broken sync while rescheduling delayed work lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() net: sched: fix possible refcount leak in tc_chain_tmplt_add() net: sched: move rtm_tca_policy declaration to include file rfs: annotate lockless accesses to RFS sock flow table rfs: annotate lockless accesses to sk->sk_rxhash Bluetooth: L2CAP: Add missing checks for invalid DCID Bluetooth: Fix l2cap_disconnect_req deadlock net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods spi: qup: Request DMA before enabling clocks i40e: fix build warnings in i40e_alloc.h i40iw: fix build warning in i40iw_manage_apbvt() UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize UPSTREAM: cdc_ncm: Fix the build warning UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT" Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit" Revert "tcp: factor out __tcp_close() helper" Revert "tcp: add annotations around sk->sk_shutdown accesses" ANDROID: fix abi break in 4.19.284 for cpuhotplug.h UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() Linux 4.19.285 wifi: rtlwifi: 8192de: correct checking of IQK reload scsi: dpt_i2o: Do not process completions with invalid addresses scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) regmap: Account for register length when chunking fbcon: Fix null-ptr-deref in soft_cursor ext4: add lockdep annotations for i_data_sem for ea_inode's selinux: don't use make's grouped targets feature yet tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK mmc: vub300: fix invalid response handling rsi: Remove unnecessary boolean condition regulator: da905{2,5}: Remove unnecessary array check hwmon: (scmi) Remove redundant pointer check wifi: rtlwifi: remove always-true condition pointed out by GCC 12 lib/dynamic_debug.c: use address-of operator on section symbols kernel/extable.c: use address-of operator on section symbols eth: sun: cassini: remove dead code gcc-12: disable '-Wdangling-pointer' warning for now ACPI: thermal: drop an always true check x86/boot: Wrap literal addresses in absolute_pointer() ata: libata-scsi: Use correct device no in ata_find_dev() scsi: stex: Fix gcc 13 warnings usb: gadget: f_fs: Add unbind event before functionfs_unbind net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 iio: dac: build ad5758 driver when AD5758 is selected iio: dac: mcp4725: Fix i2c_master_send() return value handling HID: wacom: avoid integer overflow in wacom_intuos_inout() HID: google: add jewel USB id iio: adc: mxs-lradc: fix the order of two cleanup operations mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() atm: hide unused procfs functions ALSA: oss: avoid missing-prototype warnings netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT wifi: b43: fix incorrect __packed annotation scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed arm64/mm: mark private VM_FAULT_X defines as vm_fault_t ARM: dts: stm32: add pin map for CAN controller on stm32f7 wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() media: dvb-core: Fix use-after-free due on race condition at dvb_net media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() media: dvb_ca_en50221: fix a size write bug media: netup_unidvb: fix irq init by register it at the end of probe media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() media: dvb_demux: fix a bug for the continuity counter ASoC: ssm2602: Add workaround for playback distortions xfrm: Check if_id in inbound policy/secpath match ASoC: dwc: limit the number of overrun messages nbd: Fix debugfs_create_dir error checking fbdev: stifb: Fix info entry in sti_struct on error path fbdev: modedb: Add 1920x1080 at 60 Hz video mode media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE ARM: 9295/1: unwind:fix unwind abort for uleb128 case mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() watchdog: menz069_wdt: fix watchdog initialisation net: dsa: mv88e6xxx: Increase wait after reset deactivation net/sched: flower: fix possible OOB write in fl_set_geneve_opt() udp6: Fix race condition in udp6_sendmsg & connect net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use net: sched: fix NULL pointer dereference in mq_attach net/sched: Prohibit regrafting ingress or clsact Qdiscs net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs net/sched: sch_clsact: Only create under TC_H_CLSACT net/sched: sch_ingress: Only create under TC_H_INGRESS tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set tcp: deny tcp_disconnect() when threads are waiting af_packet: do not use READ_ONCE() in packet_bind() amd-xgbe: fix the false linkup in xgbe_phy_status af_packet: Fix data-races of pkt_sk(sk)->num. netrom: fix info-leak in nr_write_internal() net/mlx5: fw_tracer, Fix event handling dmaengine: pl330: rename _start to prevent build error netfilter: ctnetlink: Support offloaded conntrack entry deletion ipv{4,6}/raw: fix output xfrm lookup wrt protocol bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() cdc_ncm: Fix the build warning power: supply: bq24190: Call power_supply_changed() after updating input current power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier() power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize cdc_ncm: Implement the 32-bit version of NCM Transfer Block UPSTREAM: efi: rt-wrapper: Add missing include BACKPORT: arm64: efi: Execute runtime services from a dedicated stack Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__" Linux 4.19.284 drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() 3c589_cs: Fix an error handling path in tc589_probe() forcedeth: Fix an error handling path in nv_probe() ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg x86/show_trace_log_lvl: Ensure stack pointer is aligned, again xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() power: supply: sbs-charger: Fix INHIBITED bit for Status reg power: supply: bq27xxx: Fix poll_interval handling and races on remove power: supply: bq27xxx: Fix I2C IRQ race on remove power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition power: supply: leds: Fix blink to LED on transition ipv6: Fix out-of-bounds access in ipv6_find_tlv() bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields net: fix skb leak in __skb_tstamp_tx() media: radio-shark: Add endpoint checks USB: sisusbvga: Add endpoint checks USB: core: Add routines for endpoint checks in old drivers udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported parisc: Fix flush_dcache_page() for usage from irq context selftests/memfd: Fix unknown type name build failure x86/mm: Avoid incomplete Global INVLPG flushes btrfs: use nofs when cleaning up aborted transactions parisc: Allow to reboot machine after system halt m68k: Move signal frame following exception on 68020/030 ALSA: hda/ca0132: add quirk for EVGA X299 DARK spi: fsl-cpm: Use 16 bit mode for large transfers with even size spi: fsl-spi: Re-organise transfer bits_per_word adaptation spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode s390/qdio: fix do_sqbs() inline assembly constraint s390/qdio: get rid of register asm vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF vc_screen: rewrite vcs_size to accept vc, not inode usb: gadget: u_ether: Fix host MAC address case usb: gadget: u_ether: Convert prints to device prints lib/string_helpers: Introduce string_upper() and string_lower() helpers ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 ALSA: hda/realtek - ALC897 headset MIC no sound ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW ALSA: hda/realtek - The front Mic on a HP machine doesn't work ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 ALSA: hda/realtek - Add Headset Mic supported for HP cPC ALSA: hda/realtek - More constifications Add Acer Aspire Ethos 8951G model quirk HID: wacom: Force pen out of prox if no events have been received in a while netfilter: nf_tables: do not allow RULE_ID to refer to another chain netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag netfilter: nf_tables: stricter validation of element data netfilter: nf_tables: allow up to 64 bytes in the set element data area netfilter: nf_tables: add nft_setelem_parse_key() netfilter: nf_tables: validate registers coming from userspace. netfilter: nftables: statify nft_parse_register() netfilter: nftables: add nft_parse_register_store() and use it netfilter: nftables: add nft_parse_register_load() and use it nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() tpm/tpm_tis: Disable interrupts for more Lenovo devices ceph: force updating the msg pointer in non-split case serial: Add support for Advantech PCI-1611U card statfs: enforce statfs[64] structure initialization ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table ALSA: hda: Fix Oops by 9.1 surround channel names usb: typec: altmodes/displayport: fix pin_assignment_show usb-storage: fix deadlock when a scsi command timeouts more than once vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() igb: fix bit_shift to be in [1..8] range cassini: Fix a memory leak in the error handling path of cas_init_one() net: bcmgenet: Restore phy_stop() depending upon suspend/close net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() drm/exynos: fix g2d_open/close helper function definitions media: netup_unidvb: fix use-after-free at del_timer() erspan: get the proto with the md version for collect_md ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode ip6_gre: Make o_seqno start from 0 in native mode ip6_gre: Fix skb_under_panic in __gre6_xmit() serial: arc_uart: fix of_iomap leak in `arc_serial_probe` drivers: provide devm_platform_ioremap_resource() vsock: avoid to close connected socket after the timeout net: fec: Better handle pm_runtime_get() failing in .remove() af_key: Reject optional tunnel/BEET mode templates in outbound policies cpupower: Make TSC read per CPU for Mperf monitor btrfs: fix space cache inconsistency after error loading it from disk btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid mfd: dln2: Fix memory leak in dln2_probe() phy: st: miphy28lp: use _poll_timeout functions for waits Input: xpad - add constants for GIP interface numbers clk: tegra20: fix gcc-7 constant overflow warning recordmcount: Fix memory leaks in the uwrite function sched: Fix KCSAN noinstr violation mcb-pci: Reallocate memory region to avoid memory overlapping serial: 8250: Reinit port->pm on port specific driver unbind usb: typec: tcpm: fix multiple times discover svids error HID: wacom: generic: Set battery quirk only when we see battery data spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 HID: logitech-hidpp: Reconcile USB and Unifying serials HID: logitech-hidpp: Don't use the USB serial for USB devices staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace f2fs: fix to drop all dirty pages during umount() if cp_error is set ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() ext4: set goal start correctly in ext4_mb_normalize_request gfs2: Fix inode height consistency check scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition lib: cpu_rmap: Avoid use after free on rmap->obj array entries net: Catch invalid index in XPS mapping net: pasemi: Fix return type of pasemi_mac_start_tx() ext2: Check block size validity during mount wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects ACPICA: Avoid undefined behavior: applying zero offset to null pointer drm/tegra: Avoid potential 32-bit integer overflow ACPI: EC: Fix oops when removing custom query handlers firmware: arm_sdei: Fix sleep from invalid context BUG memstick: r592: Fix UAF bug in r592_remove due to race condition regmap: cache: Return error in cache sync operations for REGCACHE_NONE drm/amd/display: Use DC_LOG_DC in the trasform pixel function fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() af_unix: Fix data races around sk->sk_shutdown. af_unix: Fix a data race of sk->sk_receive_queue->qlen. net: datagram: fix data-races in datagram_poll() ipvlan:Fix out-of-bounds caused by unclear skb->cb tcp: add annotations around sk->sk_shutdown accesses tcp: factor out __tcp_close() helper tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT net: annotate sk->sk_err write from do_recvmmsg() netlink: annotate accesses to nlk->cb_running net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). Linux 4.19.283 mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors drbd: correctly submit flush bio on barrier serial: 8250: Fix serial8250_tx_empty() race with DMA Tx tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH ext4: fix invalid free tracking in ext4_xattr_move_to_block() ext4: remove a BUG_ON in ext4_mb_release_group_pa() ext4: bail out of ext4_xattr_ibody_get() fails for any reason ext4: add bounds checking in get_max_inline_xattr_value_size() ext4: improve error recovery code paths in __ext4_remount() ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum ext4: fix WARNING in mb_find_extent HID: wacom: Set a default resolution for older tablets drm/panel: otm8009a: Set backlight parent to panel device ARM: dts: s5pv210: correct MIPI CSIS clock name ARM: dts: exynos: fix WM8960 clock name in Itop Elite sh: nmi_debug: fix return value of __setup handler sh: init: use OF_EARLY_FLATTREE for early init sh: math-emu: fix macro redefined warning platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i cifs: fix pcchunk length type in smb2_copychunk_range btrfs: print-tree: parent bytenr must be aligned to sector size btrfs: fix btrfs_prev_leaf() to not return the same key twice perf symbols: Fix return incorrect build_id size in elf_read_build_id() perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() perf vendor events power9: Remove UTF-8 characters from JSON files virtio_net: suppress cpu stall when free_unused_bufs virtio_net: split free_unused_bufs() ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` drm/amdgpu: add a missing lock for AMDGPU_SCHED drm/amdgpu: Add command to override the context priority. drm/amdgpu: Put enable gfx off feature to a delay thread drm/amdgpu: Add amdgpu_gfx_off_ctrl function af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). rxrpc: Fix hard call timeout units net/sched: act_mirred: Add carrier check writeback: fix call of incorrect macro net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() relayfs: fix out-of-bounds access in relay_file_read kernel/relay.c: fix read_pos error when multiple readers dm verity: fix error handling for check_at_most_once on FEC dm verity: skip redundant verity_handle_err() on I/O errors ipmi: fix SSIF not responding under certain cond. ipmi_ssif: Rename idle state and check ipmi: Fix how the lower layers are told to watch for messages ipmi: Fix SSIF flag requests tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem nohz: Add TICK_DEP_BIT_RCU netfilter: nf_tables: deactivate anonymous set from preparation phase debugobject: Ensure pool refill (again) perf auxtrace: Fix address filter entire kernel size dm ioctl: fix nested locking in table_clear() to remove deadlock concern dm flakey: fix a crash with invalid table line dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path s390/dasd: fix hanging blockdevice after request requeue btrfs: scrub: reject unsupported scrub flags clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent wifi: rtl8xxxu: RTL8192EU always needs full init md/raid10: fix null-ptr-deref in raid10_sync_request nilfs2: fix infinite loop in nilfs_mdt_get_block() nilfs2: do not write dirty data after degenerating to read-only parisc: Fix argument pointer in real64_call_asm() dmaengine: at_xdmac: do not enable all cyclic channels phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port pwm: mtk-disp: Disable shadow registers before setting backlight values pwm: mtk-disp: Adjust the clocks to avoid them mismatch pwm: mtk-disp: Don't check the return code of pwmchip_remove() openrisc: Properly store r31 to pt_regs on unhandled exceptions RDMA/mlx5: Use correct device num_ports when modify DC SUNRPC: remove the maximum number of retries in call_bind_status NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order clk: add missing of_node_put() in "assigned-clocks" property parsing power: supply: generic-adc-battery: fix unit scaling RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() RDMA/rdmavt: Delete unnecessary NULL check perf/core: Fix hardlockup failure caused by perf throttle powerpc/rtas: use memmove for potentially overlapping buffer copy macintosh: via-pmu-led: requires ATA to be set powerpc/sysdev/tsi108: fix resource printk format warnings powerpc/wii: fix resource printk format warnings powerpc/mpc512x: fix resource printk format warning macintosh/windfarm_smu_sat: Add missing of_node_put() spmi: Add a check for remove callback when removing a SPMI driver staging: rtl8192e: Fix W_DISABLE# does not work after stop/start serial: 8250: Add missing wakeup event reporting tty: serial: fsl_lpuart: adjust buffer length to the intended size usb: chipidea: fix missing goto in `ci_hdrc_probe` sh: sq: Fix incorrect element size for allocating bitmap buffer uapi/linux/const.h: prefer ISO-friendly __typeof__ spi: cadence-quadspi: fix suspend-resume implementations mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry ia64: salinfo: placate defined-but-not-used warning ia64: mm/contig: fix section mismatch warning/error of: Fix modalias string generation vmci_host: fix a race condition in vmci_host_poll() causing GPF spi: fsl-spi: Fix CPM/QE mode Litte Endian spi: qup: Don't skip cleanup in remove's error path spi: qup: fix PM reference leak in spi_qup_remove() linux/vt_buffer.h: allow either builtin or modular for macros usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition fpga: bridge: fix kernel-doc parameter description usb: host: xhci-rcar: remove leftover quirk handling pstore: Revert pmsg_lock back to a normal mutex tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. net: amd: Fix link leak when verifying config failed netlink: Use copy_to_user() for optval in netlink_getsockopt(). Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" ipv4: Fix potential uninit variable access bug in __ip_make_skb() netfilter: nf_tables: don't write table validation state without mutex ixgbe: Enable setting RSS table to default values ixgbe: Allow flow hash to be set via ethtool wifi: iwlwifi: mvm: check firmware response size wifi: iwlwifi: make the loop for card preparation effective md/raid10: fix memleak of md thread md: update the optimal I/O size on reshape md/raid10: fix memleak for 'conf->bio_split' md/raid10: fix leak of 'r10bio->remaining' for recovery crypto: drbg - Only fail when jent is unavailable in FIPS mode crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors bpftool: Fix bug for long instructions in program CFG dumps wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() rtlwifi: Replace RT_TRACE with rtl_dbg rtlwifi: Start changing RT_TRACE into rtl_dbg rtlwifi: rtl_pci: Fix memory leak when hardware init fails scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS scsi: target: iscsit: Fix TAS handling during conn cleanup net/packet: convert po->auxdata to an atomic flag net/packet: convert po->origdev to an atomic flag vlan: partially enable SIOCSHWTSTAMP in container scm: fix MSG_CTRUNC setting condition for SO_PASSSEC tools: bpftool: Remove invalid \' json escape wifi: ath6kl: reduce WARN to dev_dbg() in callback wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() wifi: ath9k: hif_usb: fix memory leak of remain_skbs wifi: ath6kl: minor fix for allocation size debugobject: Prevent init race with static objects debugobjects: Move printk out of db->lock critical sections debugobjects: Add percpu free pools arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() media: rc: gpio-ir-recv: Fix support for wake-up media: rcar_fdp1: Fix refcount leak in probe and remove function media: rcar_fdp1: Fix the correct variable assignments media: saa7134: fix use after free bug in saa7134_finidev due to race condition media: dm1105: Fix use after free bug in dm1105_remove due to race condition x86/apic: Fix atomic update of offset in reserve_eilvt_offset() drm/msm/adreno: drop bogus pm_runtime_set_active() drm/msm/adreno: Defer enabling runpm until hw_init() firmware: qcom_scm: Clear download bit during reboot media: av7110: prevent underflow in write_ts_to_decoder() media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format. media: bdisp: Add missing check for create_workqueue ARM: dts: qcom: ipq4019: Fix the PCI I/O port range EDAC/skx: Fix overflows on the DRAM row address mapping arrays EDAC, skx: Move debugfs node under EDAC's hierarchy drm/probe-helper: Cancel previous job before starting new one drm/vgem: add missing mutex_destroy drm/rockchip: Drop unbalanced obj unref selinux: ensure av_permissions.h is built when needed selinux: fix Makefile dependencies of flask.h ubifs: Free memory for tmpfile name ubi: Fix return value overwrite issue in try_write_vid_and_data() ubifs: Fix memleak when insert_old_idx() failed Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" i2c: omap: Fix standard mode false ACK readings KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted reiserfs: Add security prefix to xattr name in reiserfs_security_write() ring-buffer: Sync IRQ works before buffer destruction pwm: meson: Fix axg ao mux parents MIPS: fw: Allow firmware to pass a empty env xhci: fix debugfs register accesses while suspended debugfs: regset32: Add Runtime PM support staging: iio: resolver: ads1210: fix config mode perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE) USB: dwc3: fix runtime pm imbalance on unbind stmmac: debugfs entry name is not be changed when udev rename device name. ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 iio: adc: palmas_gpadc: fix NULL dereference on rmmod USB: serial: option: add UNISOC vendor and TOZED LT70C product bluetooth: Perform careful capability checks in hci_sock_ioctl() wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Conflicts: drivers/pwm/pwm-mtk-disp.c (used ours) drivers/usb/gadget/function/u_ether.c Change-Id: I31696f887aef82a29a8674c129903f2145a71961 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
8468a57f73 |
Merge tag 'ASB-2023-05-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-05-01 CVE-2023-21102 CVE-2023-21106 CVE-2023-0266 * tag 'ASB-2023-05-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.282 ASN.1: Fix check for strdup() success iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() counter: 104-quad-8: Fix race condition between FLAG and CNTR reads sctp: Call inet6_destroy_sock() via sk->sk_destruct(). dccp: Call inet6_destroy_sock() via sk->sk_destruct(). inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). ext4: fix use-after-free in ext4_xattr_set_entry ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() Revert "ext4: fix use-after-free in ext4_xattr_set_entry" x86/purgatory: Don't generate debug info for purgatory.ro memstick: fix memory leak if card device is never registered nilfs2: initialize unused bytes in segment summary blocks xen/netback: use same error messages for same errors s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling net: dsa: b53: mmap: add phy ops scsi: core: Improve scsi_vpd_inquiry() checks scsi: megaraid_sas: Fix fw_crash_buffer_show() selftests: sigaltstack: fix -Wuninitialized Input: i8042 - add quirk for Fujitsu Lifebook A574/H f2fs: Fix f2fs_truncate_partial_nodes ftrace event e1000e: Disable TSO on i219-LM card to increase speed mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() i40e: fix i40e_setup_misc_vector() error handling i40e: fix accessing vsi->active_filters without holding lock virtio_net: bugfix overflow inside xdp_linearize_page() net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg ARM: dts: rockchip: fix a typo error for rk3288 spdif node Linux 4.19.281 arm64: KVM: Fix system register enumeration KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST KVM: arm64: Factor out core register ID enumeration KVM: nVMX: add missing consistency checks for CR0 and CR4 coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug watchdog: sbsa_wdog: Make sure the timeout programming is within the limits cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() ubi: Fix deadlock caused by recursively holding work_sem mtd: ubi: wl: Fix a couple of kernel-doc issues ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot scsi: ses: Handle enclosure with just a primary component gracefully verify_pefile: relax wrapper length check efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L i2c: imx-lpi2c: clean rx/tx buffers upon new message power: supply: cros_usbpd: reclassify "default case!" as debug udp6: fix potential access to stale information net: macb: fix a memory corruption in extended buffer descriptor mode sctp: fix a potential overflow in sctp_ifwdtsn_skip qlcnic: check pci_reset_function result niu: Fix missing unwind goto in niu_alloc_channels() 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition mtdblock: tolerate corrected bit-flips Bluetooth: Fix race condition in hidp_session_thread Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards ALSA: i2c/cs8427: fix iec958 mixer control deactivation ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard ALSA: emu10k1: fix capture interrupt handler unlinking Revert "pinctrl: amd: Disable and mask interrupts on resume" mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() ring-buffer: Fix race while reader and writer are on the same page ftrace: Mark get_lock_parent_ip() __always_inline perf/core: Fix the same task check in perf_event_set_output ALSA: hda/realtek: Add quirk for Clevo X370SNW nilfs2: fix sysfs interface lifetime nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() tty: serial: sh-sci: Fix Rx on RZ/G2L SCI tty: serial: sh-sci: Fix transmit end interrupt handler iio: dac: cio-dac: Fix max DAC write value check for 12-bit USB: serial: option: add Quectel RM500U-CN modem USB: serial: option: add Telit FE990 compositions USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs gpio: davinci: Add irq chip flag to skip set wake ipv6: Fix an uninit variable access bug in __ip6_make_skb() sctp: check send stream number after wait_for_sndbuf net: don't let netpoll invoke NAPI if in xmit context icmp: guard against too small mtu wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta pwm: cros-ec: Explicitly set .polarity in .get_state() NFSv4: Fix hangs when recovering open state after a server reboot NFSv4: Check the return value of update_open_stateid() NFSv4: Convert struct nfs4_state to use refcount_t pinctrl: amd: Disable and mask interrupts on resume pinctrl: amd: disable and mask interrupts on probe pinctrl: amd: Use irqchip template pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver Revert "dm thin: fix deadlock when swapping to thin device" Linux 4.19.280 cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock cgroup/cpuset: Change cpuset_rwsem and hotplug lock order net: sched: cbq: dont intepret cls results when asked to drop gfs2: Always check inode size of inline inodes firmware: arm_scmi: Fix device node validation for mailbox transport ext4: fix kernel BUG in 'ext4_write_inline_data_end()' usb: host: ohci-pxa27x: Fix and & vs | typo s390/uaccess: add missing earlyclobber annotations to __clear_user() drm/etnaviv: fix reference leak when mmaping imported buffer ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/conexant: Partial revert of a quirk for Lenovo pinctrl: at91-pio4: fix domain name assignment xen/netback: don't do grant copy across page boundary cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL cifs: prevent infinite recursion in CIFSGetDFSRefer() Input: focaltech - use explicitly signed char type Input: alps - fix compatibility with -funsigned-char net: mvneta: make tx buffer array agnostic net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only i40e: fix registers dump after run ethtool adapter self test can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write scsi: megaraid_sas: Fix crash after a double completion ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() fbdev: au1200fb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: nvidia: Fix potential divide by zero sched_getaffinity: don't assume 'cpumask_size()' is fully initialized fbdev: tgafb: Fix potential divide by zero ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() ALSA: asihpi: check pao in control_message() md: avoid signed overflow in slot_store() bus: imx-weim: fix branch condition evaluates to a garbage value ocfs2: fix data corruption after failed write tun: avoid double free in tun_free_netdev sched/fair: Sanitize vruntime of entity being migrated sched/fair: sanitize vruntime of entity being placed dm crypt: add cond_resched() to dmcrypt_write() dm stats: check for and propagate alloc_percpu failure i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() usb: chipidea: core: fix possible concurrent when switch role usb: chipdea: core: fix return -EINVAL if request role is the same with current role dm thin: fix deadlock when swapping to thin device igb: revert rtnl_lock() that causes deadlock usb: gadget: u_audio: don't let userspace block driver unbind scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR cifs: empty interface list when server doesn't support query interfaces sh: sanitize the flags on sigreturn net: usb: qmi_wwan: add Telit 0x1080 composition net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: target: iscsi: Fix an error message in iscsi_check_key() m68k: Only force 030 bus error if PC not in exception table ca8210: fix mac_len negative array access riscv: Bump COMMAND_LINE_SIZE value to 1024 thunderbolt: Use const qualifier for `ring_interrupt_index` uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: btqcomsmd: Fix command timeout after setting BD address net: mdio: thunder: Add missing fwnode_handle_put() hvc/xen: prevent concurrent accesses to the shared ring net/sonic: use dma_mapping_error() for error check erspan: do not use skb_mac_header() in ndo_start_xmit() atm: idt77252: fix kmemleak when rmmod idt77252 net/mlx5: Read the TC mapping of all priorities on ETS query bpf: Adjust insufficient default bpf_jit_limit net/ps3_gelic_net: Use dma_mapping_error net/ps3_gelic_net: Fix RX sk_buff length net: qcom/emac: Fix use after free bug in emac_remove due to race condition xirc2ps_cs: Fix use after free bug in xirc2ps_detach qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info net: usb: smsc95xx: Limit packet length to skb->len scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() i2c: imx-lpi2c: check only for enabled interrupt flags igbvf: Regard vf reset nack as success intel/igbvf: free irq on the error path in igbvf_request_msix() iavf: fix inverted Rx hash condition leading to disabled hash iavf: diet and reformat intel-ethernet: rename i40evf to iavf i40evf: Change a VF mac without reloading the VF driver power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition Change-Id: I2946dac28279db50a5c938869bf9c9be5487954d Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
409a666605 |
Merge tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-04-01 CVE-2022-4696 CVE-2023-20941 * tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool Linux 4.19.279 HID: uhid: Over-ride the default maximum data buffer value with our own HID: core: Provide new max_buffer_size attribute to over-ride the default serial: 8250_em: Fix UART port type drm/i915: Don't use stolen memory for ring buffers with LLC x86/mm: Fix use of uninitialized buffer in sme_enable() fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks ftrace: Fix invalid address access in lookup_rec() when index is 0 tracing: Make tracepoint lockdep check actually test something tracing: Check field value in hist_field_name() sh: intc: Avoid spurious sizeof-pointer-div warning drm/amdkfd: Fix an illegal memory access ext4: fix task hung in ext4_xattr_delete_inode ext4: fail ext4_iget if special inode unallocated jffs2: correct logic when creating a hole in jffs2_write_begin mmc: atmel-mci: fix race between stop command and start of next command media: m5mols: fix off-by-one loop termination error hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (adt7475) Display smoothing attributes in correct order ethernet: sun: add check for the mdesc_grab() net/iucv: Fix size of interrupt data net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull ipv4: Fix incorrect table ID in IOCTL path block: sunvdc: add check for mdesc_grab() returning NULL nvmet: avoid potential UAF in nvmet_req_complete() net: usb: smsc75xx: Limit packet length to skb->len nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails net: tunnels: annotate lockless accesses to dev->needed_headroom qed/qed_dev: guard against a possible division by zero nfc: pn533: initialize struct pn533_out_arg properly tcp: tcp_make_synack() can be called from process context clk: HI655X: select REGMAP instead of depending on it fs: sysfs_emit_at: Remove PAGE_SIZE alignment check ext4: fix cgroup writeback accounting with fs-layer encryption UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems Linux 4.19.278 ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties net: caif: Fix use-after-free in cfusbl_device_notify() drm/i915: Don't use BAR mappings for ring buffers with LLC tipc: improve function tipc_wait_for_cond() media: ov5640: Fix analogue gain control PCI: Add SolidRun vendor ID macintosh: windfarm: Use unsigned type for 1-bit bitfields alpha: fix R_ALPHA_LITERAL reloc for large modules MIPS: Fix a compilation issue Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()" scsi: core: Remove the /proc/scsi/${proc_name} directory earlier kbuild: generate modules.order only in directories visited by obj-y/m kbuild: fix false-positive need-builtin calculation udf: Detect system inodes linked into directory hierarchy udf: Preserve link count of system files udf: Remove pointless union in udf_inode_info udf: reduce leakage of blocks related to named streams udf: Explain handling of load_nls() failure nfc: change order inside nfc_se_io error path ext4: zero i_disksize when initializing the bootloader inode ext4: fix WARNING in ext4_update_inline_data ext4: move where set the MAY_INLINE_DATA flag is set ext4: fix another off-by-one fsmap error on 1k block filesystems ext4: fix RENAME_WHITEOUT handling for inline directories x86/CPU/AMD: Disable XSAVES on AMD family 0x17 fs: prevent out-of-bounds array speculation when closing a file descriptor Linux 4.19.277 staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" Linux 4.19.276 thermal: intel: powerclamp: Fix cur_state for multi package system f2fs: fix cgroup writeback accounting with fs-layer encryption media: uvcvideo: Fix race condition with usb_kill_urb media: uvcvideo: Provide sync and async uvc_ctrl_status_event tcp: Fix listen() regression in 4.19.270 s390/setup: init jump labels before command line parsing s390/maccess: add no DAT mode to kernel_write Bluetooth: hci_sock: purge socket queues in the destruct() callback phy: rockchip-typec: Fix unsigned comparison with less than zero usb: uvc: Enumerate valid values for color matching USB: ene_usb6250: Allocate enough memory for full object usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() tools/iio/iio_utils:fix memory leak mei: bus-fixup:upon error print return values of send and receive tty: serial: fsl_lpuart: disable the CTS when send break signal tty: fix out-of-bounds access in tty_driver_lookup_tty() media: uvcvideo: Silence memcpy() run-time false positive warnings media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Handle cameras with invalid descriptors firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 tracing: Add NULL checks for buffer in ring_buffer_free_read_page() thermal: intel: quark_dts: fix error pointer dereference scsi: ipr: Work around fortify-string warning vc_screen: modify vcs_size() handling in vcs_read() tcp: tcp_check_req() can be called from process context ARM: dts: spear320-hmi: correct STMPE GPIO compatible nfc: fix memory leak of se_io context in nfc_genl_se_io 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 9p/xen: fix connection sequence 9p/xen: fix version parsing net: fix __dev_kfree_skb_any() vs drop monitor netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: Fix kmemleak in watchdog_cdev_register watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: Re-statistic cleaned znode count if commit failed ubi: Fix possible null-ptr-deref in ubi_free_volume() ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix use-after-free when volume resizing failed ubifs: Reserve one leb for each journal head while doing budget ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Fix wrong dirty space budget for dirty inode ubifs: Rectify space budget for ubifs_xrename() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubi: ensure that VID header offset + VID header size <= alloc, size um: vector: Fix memory leak in vector_config pwm: stm32-lp: fix the check on arr and cmp registers update fs/jfs: fix shift exponent db_agl2size negative net/sched: Retire tcindex classifier kbuild: Port silent mode detection to future gnu make. wifi: ath9k: use proper statements in conditionals drm/radeon: Fix eDP for single-display iMac11,2 PCI: Avoid FLR for AMD FCH AHCI adapters scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Don't attach if enclosure has no components scsi: qla2xxx: Fix erroneous link down scsi: qla2xxx: Fix link failure in NPIV environment ktest.pl: Add RUN_TIMEOUT option with default unlimited ktest.pl: Fix missing "end_monitor" when machine check fails ktest.pl: Give back console on Ctrt^C on monitor media: ipu3-cio2: Fix PM runtime usage_count in driver unbind mips: fix syscall_get_nr alpha: fix FEN fault handling rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails ARM: dts: exynos: correct TMU phandle in Odroid XU ARM: dts: exynos: correct TMU phandle in Exynos4 dm flakey: don't corrupt the zero page dm flakey: fix logic when corrupting a bio wifi: cfg80211: Fix use after free for wext wifi: rtl8xxxu: Use a longer retry limit of 48 ext4: refuse to create ea block when umounted ext4: optimize ea_inode block expansion ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() irqdomain: Drop bogus fwspec-mapping error handling irqdomain: Fix disassociation race irqdomain: Fix association race ima: Align ima_file_mmap() parameters with mmap_file LSM hook Documentation/hw-vuln: Document the interaction between IBRS and STIBP x86/speculation: Allow enabling STIBP with legacy IBRS x86/microcode/AMD: Fix mixed steppings support x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/reboot: Disable virtualization in an emergency if SVM is supported x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) udf: Fix file corruption when appending just after end of preallocated extent udf: Do not update file length for failed writes to inline files udf: Do not bother merging very long extents udf: Truncate added extents on failed expansion ocfs2: fix non-auto defrag path not working issue ocfs2: fix defrag path triggering jbd2 ASSERT f2fs: fix information leak in f2fs_move_inline_dirents() fs: hfsplus: fix UAF issue in hfsplus_put_super hfs: fix missing hfs_bnode_get() in __hfs_bnode_create ARM: dts: exynos: correct HDMI phy compatible in Exynos4 s390/kprobes: fix current_kprobe never cleared after kprobes reenter s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390: discard .interp section rtc: pm8xxx: fix set-alarm race firmware: coreboot: framebuffer: Ignore reserved pixel color bits wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu dm cache: add cond_resched() to various workqueue loops dm thin: add cond_resched() to various workqueue loops pinctrl: at91: use devm_kasprintf() to avoid potential leaks regulator: s5m8767: Bounds check id indexing into arrays regulator: max77802: Bounds check regulator id against opmode ASoC: kirkwood: Iterate over array indexes instead of using pointer math docs/scripts/gdb: add necessary make scripts_gdb step drm/msm/dsi: Add missing check for alloc_ordered_workqueue drm/radeon: free iio for atombios when driver shutdown drm/amd/display: Fix potential null-deref in dm_resume net/mlx5: fw_tracer: Fix debug print ACPI: video: Fix Lenovo Ideapad Z570 DMI match m68k: Check syscall_trace_enter() return code net: bcmgenet: Add a check for oversized packets ACPI: Don't build ACPICA with '-Os' inet: fix fast path in __inet_hash_connect() wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds x86/bugs: Reset speculation control settings on init timers: Prevent union confusion from unexpected restart_syscall() thermal: intel: Fix unsigned comparison with less than zero rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy udf: Define EFSCORRUPTED error code rpmsg: glink: Avoid infinite loop on intent for missing channel media: usb: siano: Fix use after free bugs caused by do_submit_urb media: i2c: ov7670: 0 instead of -EINVAL was returned media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: i2c: ov772x: Fix memleak in ov772x_probe() powerpc: Remove linker flag from KBUILD_AFLAGS media: platform: ti: Add missing check for devm_regulator_get MIPS: vpe-mt: drop physical_memsize powerpc/rtas: ensure 4KB alignment for rtas_data_buf powerpc/rtas: make all exports GPL powerpc/pseries/lparcfg: add missing RTAS retry status handling clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Input: ads7846 - don't check penirq immediately for 7845 Input: ads7846 - don't report pressure for ads7845 mtd: rawnand: sunxi: Fix the size of the last OOB region mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() selftests/ftrace: Fix bash specific "==" operator sparc: allow PM configs for sparc32 COMPILE_TEST perf tools: Fix auto-complete on aarch64 perf llvm: Fix inadvertent file creation gfs2: jdata writepage fix cifs: Fix warning and UAF when destroy the MR list cifs: Fix lost destroy smbd connection when MR allocate failed nfsd: fix race to check ls_layouts dm: remove flush_scheduled_work() during local_exit() hwmon: (mlxreg-fan) Return zero speed for broken fan spi: bcm63xx-hsspi: Fix multi-bit mode setting spi: bcm63xx-hsspi: fix pm_runtime scsi: aic94xx: Add missing check for dma_map_single() hwmon: (ltc2945) Handle error case in ltc2945_value_store gpio: vf610: connect GPIO label to dev name ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() drm/mediatek: Clean dangling pointer on bind error path drm/mediatek: Drop unbalanced obj unref gpu: host1x: Don't skip assigning syncpoints to channels drm/msm/dpu: Add check for pstates drm/msm: use strscpy instead of strncpy drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness ALSA: hda/ca0132: minor fix for allocation size pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours drm/msm/hdmi: Add missing check for alloc_ordered_workqueue gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/vc4: dpi: Fix format mapping for RGB565 drm/vc4: dpi: Add option for inverting pixel clock and output enable drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros drm/bridge: megachips: Fix error handling in i2c_register_driver() drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC selftest: fib_tests: Always cleanup before exit irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error wifi: mac80211: make rate u32 in sta_set_rate_info_rx() crypto: crypto4xx - Call dma_unmap_page when done wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() wifi: iwl4965: Add missing check for create_singlethread_workqueue() wifi: iwl3945: Add missing check for create_singlethread_workqueue RISC-V: time: initialize hrtimer based broadcast clock event device m68k: /proc/hardware should depend on PROC_FS crypto: rsa-pkcs1pad - Use akcipher_request_complete rds: rds_rm_zerocopy_callback() correct order for list_add_tail() libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Bluetooth: L2CAP: Fix potential user-after-free irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains net/mlx5: Enhance debug print in page allocation failure powercap: fix possible name leak in powercap_register_zone() crypto: seqiv - Handle EBUSY correctly ACPI: battery: Fix missing NUL-termination with large strings wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails ath9k: htc: clean up statistics macros ath9k: hif_usb: simplify if-if to if-else wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function wifi: orinoco: check return value of hermes_write_wordrec() ACPICA: nsrepair: handle cases without a return value correctly lib/mpi: Fix buffer overrun when SG is too long genirq: Fix the return type of kstat_cpu_irqs_sum() ACPICA: Drop port I/O validation for some regions wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() ipw2x00: switch from 'pci_' to 'dma_' API wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() rtlwifi: fix -Wpointer-sign warning wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: libertas: fix memory leak in lbs_init_adapter() wifi: rsi: Fix memory leak in rsi_coex_attach() block: bio-integrity: Copy flags when bio_integrity_payload is cloned blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name arm64: dts: meson-axg: enable SCPI arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name ARM: imx: Call ida_simple_remove() for ida_simple_get ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address arm64: dts: meson-gx: Fix Ethernet MAC address unit name ARM: zynq: Fix refcount leak in zynq_early_slcr_init ARM: OMAP2+: Fix memory leak in realtime_counter_init() HID: asus: use spinlock to safely schedule workers HID: asus: use spinlock to protect concurrent accesses HID: asus: Remove check for same LED brightness on set Conflicts: drivers/gpu/drm/mediatek/mtk_drm_drv.c Change-Id: I8ed30840ecc6696815fac3f6026d4084f6611fdb Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
43c8b52a71 |
Merge tag 'ASB-2022-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2022-12-01
CVE-2022-23960
* tag 'ASB-2022-12-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.268
ipc/sem: Fix dangling sem_array access in semtimedop race
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
tcp/udp: Fix memory leak in ipv6_renew_options().
Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
parisc: Increase FRAME_WARN to 2048 bytes on parisc
xtensa: increase size of gcc stack frame check
parisc: Increase size of gcc stack frame check
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
ASoC: ops: Fix bounds check for _sx controls
mm: Fix '.data.once' orphan section warning
arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
pinctrl: intel: Save and restore pins in "direct IRQ" mode
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
error-injection: Add prompt for function error injection
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net: tun: Fix use-after-free in tun_detach()
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
net: phy: fix null-ptr-deref while probe() failed
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
of: property: decrement node refcount in of_fwnode_get_reference_args()
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
scripts/faddr2line: Fix regression in name resolution on ppc64le
iio: light: rpr0521: add missing Kconfig dependencies
iio: health:
|
||
|
bengris32
|
4e9a406212 |
Merge tag 'ASB-2022-11-01_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2022-11-01 * tag 'ASB-2022-11-01_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.264 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive net/mlx5e: Do not increment ESN when updating IPsec ESN state net: ehea: fix possible memory leak in ehea_register_port() openvswitch: switch from WARN to pr_warn ALSA: aoa: Fix I2S device accounting ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() PM: domains: Fix handling of unavailable/disabled idle states net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() i40e: Fix flow-type by setting GL_HASH_INSET registers i40e: Fix VF hang when reset is triggered on another VF i40e: Fix ethtool rx-flow-hash setting for X722 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' media: v4l2-dv-timings: add sanity checks for blanking values media: vivid: dev->bitmap_cap wasn't freed in all cases media: vivid: s_fbuf: add more sanity checks PM: hibernate: Allow hybrid sleep to work with s2idle can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path tcp: fix indefinite deferral of RTO with SACK reneging net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed kcm: annotate data-races around kcm->rx_wait kcm: annotate data-races around kcm->rx_psock amd-xgbe: add the bit rate quirk for Molex cables amd-xgbe: fix the SFP compliance codes check for DAC cables x86/unwind/orc: Fix unreliable stack dump with gcov net: netsec: fix error handling in netsec_register_mdio() tipc: fix a null-ptr-deref in tipc_topsrv_accept ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() arc: iounmap() arg is volatile drm/msm: Fix return type of mdp4_lvds_connector_mode_valid net: ieee802154: fix error return code in dgram_bind() mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages xen/gntdev: Prevent leaking grants Xen/gntdev: don't ignore kernel unmapping error s390/futex: add missing EX_TABLE entry to __futex_atomic_op() perf auxtrace: Fix address filter symbol name match for modules kernfs: fix use-after-free in __kernfs_remove mmc: core: Fix kernel panic when remove non-standard SDIO card drm/msm/hdmi: fix memory corruption with too many bridges drm/msm/dsi: fix memory corruption with too many bridges mac802154: Fix LQI recording fbdev: smscufx: Fix several use-after-free bugs iio: light: tsl2583: Fix module unloading tools: iio: iio_utils: fix digit calculation xhci: Remove device endpoints from bandwidth list when freeing the device usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller usb: bdc: change state when port disconnected usb: dwc3: gadget: Don't set IMI for no_interrupt usb: dwc3: gadget: Stop processing more requests on IMI USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM ALSA: au88x0: use explicitly signed char ALSA: Use del_timer_sync() before freeing timer can: kvaser_usb: Fix possible completions during init_completion mm: /proc/pid/smaps_rollup: fix no vma's null-deref hv_netvsc: Fix race between VF offering and VF association message from host Makefile.debug: re-enable debug info for .S files ACPI: video: Force backlight native for more TongFang devices media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls iommu/vt-d: Clean up si_domain in the init_dmars() error path net: hns: fix possible memory leak in hnae_ae_register() net: sched: cake: fix null pointer access issue when cake_init() fails net/atm: fix proc_mpc_write incorrect return value HID: magicmouse: Do not set BTN_MOUSE on double report tipc: fix an information leak in tipc_topsrv_kern_subscr tipc: Fix recognition of trial period ACPI: extlog: Handle multiple records btrfs: fix processing of delayed tree block refs during backref walking btrfs: fix processing of delayed data refs during backref walking r8152: add PID for the Lenovo OneLink+ Dock arm64: errata: Remove AES hwcap for COMPAT tasks media: venus: dec: Handle the case where find_format fails KVM: arm64: vgic: Fix exit condition in scan_its_table() ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS ata: ahci-imx: Fix MODULE_ALIAS hwmon/coretemp: Handle large core ID value x86/microcode/AMD: Apply the patch early on every logical thread ocfs2: fix BUG when iput after ocfs2_mknod fails ocfs2: clear dinode links count in case of error UPSTREAM: once: fix section mismatch on clang builds Revert "serial: 8250: Fix restoring termios speed after suspend" UPSTREAM: ARM: 8788/1: ftrace: remove old mcount support Linux 4.19.263 once: fix section mismatch on clang builds Linux 4.19.262 gcov: support GCC 12.1 and newer compilers thermal: intel_powerclamp: Use first online CPU as control_cpu inet: fully convert sk->sk_rx_dst to RCU rules efi: libstub: drop pointless get_memory_map() call md: Replace snprintf with scnprintf ext4: continue to expand file system when the target size doesn't reach net/ieee802154: don't warn zero-sized raw_sendmsg() net: ieee802154: return -EINVAL for unknown addr type perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc clk: bcm2835: Make peripheral PLLC critical usb: idmouse: fix an uninit-value in idmouse_open nvme: copy firmware_rev on each init Revert "usb: storage: Add quirk for Samsung Fit flash" usb: musb: Fix musb_gadget.c rxstate overflow bug usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d HID: roccat: Fix use-after-free in roccat_read() ata: libahci_platform: Sanity check the DT child nodes number staging: vt6655: fix potential memory leak power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() nbd: Fix hung when signal interrupts nbd_start_device_ioctl() scsi: 3w-9xxx: Avoid disabling device if failing to enable it media: cx88: Fix a null-ptr-deref bug in buffer_prepare() ARM: dts: imx6sx: add missing properties for sram ARM: dts: imx6sll: add missing properties for sram ARM: dts: imx6sl: add missing properties for sram ARM: dts: imx6qp: add missing properties for sram ARM: dts: imx6dl: add missing properties for sram ARM: dts: imx6q: add missing properties for sram ARM: dts: imx7d-sdb: config the max pressure for tsc2046 drm/amdgpu: fix initial connector audio value platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading drm: panel-orientation-quirks: Add quirk for Anbernic Win600 drm/vc4: vec: Fix timings for VEC modes drm/amd/display: fix overflow on MIN_I64 definition drm: Prevent drm_copy_field() to attempt copying a NULL pointer drm: Use size_t type for len variable in drm_copy_field() r8152: Rate limit overflow messages Bluetooth: L2CAP: Fix user-after-free net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory wifi: rt2x00: correctly set BBP register 86 for MT7620 wifi: rt2x00: set SoC wmac clock register wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 can: bcm: check the result of can_send() in bcm_can_tx() Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() xfrm: Update ipcomp_scratches with NULL when freed wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() tcp: annotate data-race around tcp_md5sig_pool_populated openvswitch: Fix overreporting of drops in dropwatch openvswitch: Fix double reporting of drops in dropwatch wifi: brcmfmac: fix invalid address access when enabling SCAN log level NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue MIPS: BCM47XX: Cast memcmp() of function to (void *) ACPI: video: Add Toshiba Satellite/Portege Z830 quirk f2fs: fix race condition on setting FI_NO_EXTENT flag crypto: cavium - prevent integer overflow loading firmware iommu/iova: Fix module config properly iommu/omap: Fix buffer overflow in debugfs powerpc: Fix SPE Power ISA properties for e500v1 platforms powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition powerpc/powernv: add missing of_node_put() in opal_export_attrs() powerpc/pci_dn: Add missing of_node_put() powerpc/sysdev/fsl_msi: Add missing of_node_put() powerpc/math_emu/efp: Include module.h mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration spmi: pmic-arb: correct duplicate APID to PPID mapping logic dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() mfd: sm501: Add check for platform_driver_register() mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() mfd: lp8788: Fix an error handling path in lp8788_probe() mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() fsi: core: Check error number after calling ida_simple_get serial: 8250: Fix restoring termios speed after suspend firmware: google: Test spinlock on panic path to avoid lockups staging: vt6655: fix some erroneous memory clean-up loops phy: qualcomm: call clk_disable_unprepare in the error handling drivers: serial: jsm: fix some leaks in probe usb: gadget: function: fix dangling pnp_string in f_printer.c xhci: Don't show warning for reinit on known broken suspend md/raid5: Ensure stripe_fill happens on non-read IO with journal ata: fix ata_id_has_dipm() ata: fix ata_id_has_ncq_autosense() ata: fix ata_id_has_devslp() ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() mtd: devices: docg3: check the return value of devm_ioremap() in the probe dyndbg: let query-modname override actual module name dyndbg: fix module.dyndbg handling RDMA/rxe: Fix the error caused by qp->sk RDMA/rxe: Fix "kernel NULL pointer dereference" error media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init tty: xilinx_uartps: Fix the ignore_status media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop HSI: omap_ssi_port: Fix dma_map_sg error check HSI: omap_ssi: Fix refcount leak in ssi_probe clk: tegra20: Fix refcount leak in tegra20_clock_init clk: tegra: Fix refcount leak in tegra114_clock_init clk: tegra: Fix refcount leak in tegra210_clock_init clk: berlin: Add of_node_put() for of_get_parent() clk: oxnas: Hold reference returned by of_get_parent() iio: ABI: Fix wrong format of differential capacitance channel ABI. iio: inkern: only release the device node when done with it iio: adc: at91-sama5d2_adc: check return status for pressure and touch iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX ARM: dts: exynos: fix polarity of VBUS GPIO of Origen ARM: Drop CMDLINE_* dependency on ATAGS ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family ARM: dts: kirkwood: lsxl: remove first ethernet port ARM: dts: kirkwood: lsxl: fix serial line ARM: dts: turris-omnia: Fix mpp26 pin name and comment soc: qcom: smem_state: Add refcounting for the 'state->of_node' soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() memory: of: Fix refcount leak bug in of_get_ddr_timings() ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() ALSA: dmaengine: increment buffer pointer atomically drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() drm/bridge: megachips: Fix a null pointer dereference bug platform/x86: msi-laptop: Fix resource cleanup platform/x86: msi-laptop: Fix old-ec check for backlight registering platform/chrome: fix double-free in chromeos_laptop_prepare() drm/mipi-dsi: Detach devices when removing the host drm: bridge: adv7511: fix CEC power down control register offset net: mvpp2: fix mvpp2 debugfs leak once: add DO_ONCE_SLOW() for sleepable contexts bnx2x: fix potential memory leak in bnx2x_tpa_stop() net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited sctp: handle the error returned from sctp_auth_asoc_init_active_key mISDN: fix use-after-free bugs in l1oip timer handlers vhost/vsock: Use kvmalloc/kvfree for larger packets. spi: s3c64xx: Fix large transfers with DMA netfilter: nft_fib: Fix for rpath check with VRF devices spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe bpf: Ensure correct locking around vulnerable function find_vpid() net: fs_enet: Fix wrong check in do_pd_setup wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration bpf: btf: fix truncated last_member_type_id in btf_struct_resolve wifi: rtl8xxxu: Fix skb misuse in TX queue selection spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() spi: mt7621: Fix an error message in mt7621_spi_probe() bpftool: Fix a wrong type cast in btf_dumper_int wifi: mac80211: allow bw change during channel switch in mesh wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() sh: machvec: Use char[] for section boundaries selinux: use "grep -E" instead of "egrep" KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility ring-buffer: Fix race between reset page and reading page ring-buffer: Check pending waiters when doing wake ups as well ring-buffer: Allow splice to read previous partially read pages ftrace: Properly unset FTRACE_HASH_FL_MOD livepatch: fix race between fork and KLP transition ext4: place buffer head allocation before handle start ext4: make ext4_lazyinit_thread freezable ext4: fix null-ptr-deref in ext4_write_info ext4: avoid crash when inline data creation follows DIO write nilfs2: fix use-after-free bug of struct nilfs_root riscv: fix build with binutils 2.38 btrfs: fix race between quota enable and quota rescan ioctl fbdev: smscufx: Fix use-after-free in ufx_ops_open() PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK riscv: Allow PROT_WRITE-only mmap() parisc: fbdev/stifb: Align graphics memory size to 4MB Revert "fs: check FMODE_LSEEK to control internal pipe splicing" regulator: qcom_rpm: Fix circular deferral regression quota: Check next/prev free block number after reading from quota file HID: multitouch: Add memory barriers fs: dlm: handle -EBUSY first in lock arg validation fs: dlm: fix race between test_bit() and queue_work() can: kvaser_usb_leaf: Fix CAN state after restart can: kvaser_usb_leaf: Fix TX queue out of sync after restart can: kvaser_usb_leaf: Fix overread with an invalid command can: kvaser_usb: Fix use of uninitialized completion usb: add quirks for Lenovo OneLink+ Dock iio: dac: ad5593r: Fix i2c read protocol requirements mtd: rawnand: atmel: Unmap streaming DMA mappings ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 ALSA: usb-audio: Fix NULL dererence at error path ALSA: usb-audio: Fix potential memory leaks ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() ALSA: oss: Fix potential deadlock at unregistration Input: xpad - fix wireless 360 controller breaking after suspend Input: xpad - add supported devices as contributed on github wifi: mac80211_hwsim: avoid mac80211 warning on bad rate random: use expired timer rather than wq for mixing fast pool random: avoid reading two cache lines on irq randomness random: restore O_NONBLOCK support USB: serial: qcserial: add new usb-id for Dell branded EM7455 scsi: stex: Properly zero out the passthrough command structure ALSA: hda: Fix position reporting on Poulsbo random: clamp credited irq bits to maximum mixed ceph: don't truncate file in atomic_open nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() rpmsg: qcom: glink: replace strncpy() with strscpy_pad() mmc: core: Terminate infinite loop in SD-UHS voltage switch mmc: core: Replace with already defined values for readability USB: serial: ftdi_sio: fix 300 bps rate for SIO usb: mon: make mmapped memory read only um: Cleanup compiler warning in arch/x86/um/tls_32.c um: Cleanup syscall_handler_t cast in syscalls_32.h net/ieee802154: fix uninit value bug in dgram_sendmsg scsi: qedf: Fix a UAF bug in __qedf_probe() ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property firmware: arm_scmi: Add SCMI PM driver remove routine fs: fix UAF/GPF bug in nilfs_mdt_destroy ARM: fix function graph tracer and unwinder dependencies docs: update mediator information in CoC docs Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 BACKPORT: arm64: compat: vdso: Use legacy syscalls as fallback ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO UPSTREAM: hardening: Clarify Kconfig text for auto-var-init ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS UPSTREAM: f2fs: guarantee to write dirty data when enabling checkpoint back Conflicts: drivers/media/v4l2-core/v4l2-mem2mem.c Change-Id: I3c51e7c66eb498f31efe107d121b411361439ac4 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Vincent Donnefort
|
8eed2abb51 |
ring-buffer: Clean ring_buffer_poll_wait() error return
commit 66bbea9ed6446b8471d365a22734dc00556c4785 upstream.
The return type for ring_buffer_poll_wait() is __poll_t. This is behind
the scenes an unsigned where we can set event bits. In case of a
non-allocated CPU, we do return instead -EINVAL (0xffffffea). Lucky us,
this ends up setting few error bits (EPOLLERR | EPOLLHUP | EPOLLNVAL), so
user-space at least is aware something went wrong.
Nonetheless, this is an incorrect code. Replace that -EINVAL with a
proper EPOLLERR to clean that output. As this doesn't change the
behaviour, there's no need to treat this change as a bug fix.
Link: https://lore.kernel.org/linux-trace-kernel/20240131140955.3322792-1-vdonnefort@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (Google)
|
70887567dd |
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
[ Upstream commit 712292308af2265cd9b126aedfa987f10f452a33 ] As the ring buffer recording requires cmpxchg() to work, if the architecture does not support cmpxchg in NMI, then do not do any recording within an NMI. Link: https://lore.kernel.org/linux-trace-kernel/20231213175403.6fc18540@gandalf.local.home Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
863a9cab1c |
ring-buffer: Fix memory leak of free page
commit 17d801758157bec93f26faaf5ff1a8b9a552d67a upstream.
Reading the ring buffer does a swap of a sub-buffer within the ring buffer
with a empty sub-buffer. This allows the reader to have full access to the
content of the sub-buffer that was swapped out without having to worry
about contention with the writer.
The readers call ring_buffer_alloc_read_page() to allocate a page that
will be used to swap with the ring buffer. When the code is finished with
the reader page, it calls ring_buffer_free_read_page(). Instead of freeing
the page, it stores it as a spare. Then next call to
ring_buffer_alloc_read_page() will return this spare instead of calling
into the memory management system to allocate a new page.
Unfortunately, on freeing of the ring buffer, this spare page is not
freed, and causes a memory leak.
Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@rorschach.local.home
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Zheng Yejian
|
d93e05a521 |
ring-buffer: Avoid softlockup in ring_buffer_resize()
[ Upstream commit f6bd2c92488c30ef53b5bd80c52f0a7eee9d545a ] When user resize all trace ring buffer through file 'buffer_size_kb', then in ring_buffer_resize(), kernel allocates buffer pages for each cpu in a loop. If the kernel preemption model is PREEMPT_NONE and there are many cpus and there are many buffer pages to be allocated, it may not give up cpu for a long time and finally cause a softlockup. To avoid it, call cond_resched() after each cpu buffer allocation. Link: https://lore.kernel.org/linux-trace-kernel/20230906081930.3939106-1-zhengyejian1@huawei.com Cc: <mhiramat@kernel.org> Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Zheng Yejian
|
8fc349b4cb |
ring-buffer: Fix wrong stat of cpu_buffer->read
[ Upstream commit 2d093282b0d4357373497f65db6a05eb0c28b7c8 ]
When pages are removed in rb_remove_pages(), 'cpu_buffer->read' is set
to 0 in order to make sure any read iterators reset themselves. However,
this will mess 'entries' stating, see following steps:
# cd /sys/kernel/tracing/
# 1. Enlarge ring buffer prepare for later reducing:
# echo 20 > per_cpu/cpu0/buffer_size_kb
# 2. Write a log into ring buffer of cpu0:
# taskset -c 0 echo "hello1" > trace_marker
# 3. Read the log:
# cat per_cpu/cpu0/trace_pipe
<...>-332 [000] ..... 62.406844: tracing_mark_write: hello1
# 4. Stop reading and see the stats, now 0 entries, and 1 event readed:
# cat per_cpu/cpu0/stats
entries: 0
[...]
read events: 1
# 5. Reduce the ring buffer
# echo 7 > per_cpu/cpu0/buffer_size_kb
# 6. Now entries became unexpected 1 because actually no entries!!!
# cat per_cpu/cpu0/stats
entries: 1
[...]
read events: 0
To fix it, introduce 'page_removed' field to count total removed pages
since last reset, then use it to let read iterators reset themselves
instead of changing the 'read' pointer.
Link: https://lore.kernel.org/linux-trace-kernel/20230724054040.3489499-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <vnagarnaik@google.com>
Fixes:
|
||
|
Zheng Yejian
|
a55e8a3596 |
ring-buffer: Fix deadloop issue on reading trace_pipe
commit 7e42907f3a7b4ce3a2d1757f6d78336984daf8f5 upstream.
Soft lockup occurs when reading file 'trace_pipe':
watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]
[...]
RIP: 0010:ring_buffer_empty_cpu+0xed/0x170
RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb
RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218
RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f
R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901
R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000
[...]
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__find_next_entry+0x1a8/0x4b0
? peek_next_entry+0x250/0x250
? down_write+0xa5/0x120
? down_write_killable+0x130/0x130
trace_find_next_entry_inc+0x3b/0x1d0
tracing_read_pipe+0x423/0xae0
? tracing_splice_read_pipe+0xcb0/0xcb0
vfs_read+0x16b/0x490
ksys_read+0x105/0x210
? __ia32_sys_pwrite64+0x200/0x200
? switch_fpu_return+0x108/0x220
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x61/0xc6
Through the vmcore, I found it's because in tracing_read_pipe(),
ring_buffer_empty_cpu() found some buffer is not empty but then it
cannot read anything due to "rb_num_of_entries() == 0" always true,
Then it infinitely loop the procedure due to user buffer not been
filled, see following code path:
tracing_read_pipe() {
... ...
waitagain:
tracing_wait_pipe() // 1. find non-empty buffer here
trace_find_next_entry_inc() // 2. loop here try to find an entry
__find_next_entry()
ring_buffer_empty_cpu(); // 3. find non-empty buffer
peek_next_entry() // 4. but peek always return NULL
ring_buffer_peek()
rb_buffer_peek()
rb_get_reader_page()
// 5. because rb_num_of_entries() == 0 always true here
// then return NULL
// 6. user buffer not been filled so goto 'waitgain'
// and eventually leads to an deadloop in kernel!!!
}
By some analyzing, I found that when resetting ringbuffer, the 'entries'
of its pages are not all cleared (see rb_reset_cpu()). Then when reducing
the ringbuffer, and if some reduced pages exist dirty 'entries' data, they
will be added into 'cpu_buffer->overrun' (see rb_remove_pages()), which
cause wrong 'overrun' count and eventually cause the deadloop issue.
To fix it, we need to clear every pages in rb_reset_cpu().
Link: https://lore.kernel.org/linux-trace-kernel/20230708225144.3785600-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Kees Cook
|
b7e389235c |
treewide: Remove uninitialized_var() usage
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream. Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Johannes Berg
|
2702b67f59 |
ring-buffer: Sync IRQ works before buffer destruction
commit 675751bb20634f981498c7d66161584080cc061e upstream.
If something was written to the buffer just before destruction,
it may be possible (maybe not in a real system, but it did
happen in ARCH=um with time-travel) to destroy the ringbuffer
before the IRQ work ran, leading this KASAN report (or a crash
without KASAN):
BUG: KASAN: slab-use-after-free in irq_work_run_list+0x11a/0x13a
Read of size 8 at addr 000000006d640a48 by task swapper/0
CPU: 0 PID: 0 Comm: swapper Tainted: G W O 6.3.0-rc1 #7
Stack:
60c4f20f 0c203d48 41b58ab3 60f224fc
600477fa 60f35687 60c4f20f 601273dd
00000008 6101eb00 6101eab0 615be548
Call Trace:
[<60047a58>] show_stack+0x25e/0x282
[<60c609e0>] dump_stack_lvl+0x96/0xfd
[<60c50d4c>] print_report+0x1a7/0x5a8
[<603078d3>] kasan_report+0xc1/0xe9
[<60308950>] __asan_report_load8_noabort+0x1b/0x1d
[<60232844>] irq_work_run_list+0x11a/0x13a
[<602328b4>] irq_work_tick+0x24/0x34
[<6017f9dc>] update_process_times+0x162/0x196
[<6019f335>] tick_sched_handle+0x1a4/0x1c3
[<6019fd9e>] tick_sched_timer+0x79/0x10c
[<601812b9>] __hrtimer_run_queues.constprop.0+0x425/0x695
[<60182913>] hrtimer_interrupt+0x16c/0x2c4
[<600486a3>] um_timer+0x164/0x183
[...]
Allocated by task 411:
save_stack_trace+0x99/0xb5
stack_trace_save+0x81/0x9b
kasan_save_stack+0x2d/0x54
kasan_set_track+0x34/0x3e
kasan_save_alloc_info+0x25/0x28
____kasan_kmalloc+0x8b/0x97
__kasan_kmalloc+0x10/0x12
__kmalloc+0xb2/0xe8
load_elf_phdrs+0xee/0x182
[...]
The buggy address belongs to the object at 000000006d640800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 584 bytes inside of
freed 1024-byte region [000000006d640800, 000000006d640c00)
Add the appropriate irq_work_sync() so the work finishes before
the buffers are destroyed.
Prior to the commit in the Fixes tag below, there was only a
single global IRQ work, so this issue didn't exist.
Link: https://lore.kernel.org/linux-trace-kernel/20230427175920.a76159263122.I8295e405c44362a86c995e9c2c37e3e03810aa56@changeid
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes:
|
||
|
Zheng Yejian
|
f720853cf7 |
ring-buffer: Fix race while reader and writer are on the same page
commit 6455b6163d8c680366663cdb8c679514d55fc30c upstream.
When user reads file 'trace_pipe', kernel keeps printing following logs
that warn at "cpu_buffer->reader_page->read > rb_page_size(reader)" in
rb_get_reader_page(). It just looks like there's an infinite loop in
tracing_read_pipe(). This problem occurs several times on arm64 platform
when testing v5.10 and below.
Call trace:
rb_get_reader_page+0x248/0x1300
rb_buffer_peek+0x34/0x160
ring_buffer_peek+0xbc/0x224
peek_next_entry+0x98/0xbc
__find_next_entry+0xc4/0x1c0
trace_find_next_entry_inc+0x30/0x94
tracing_read_pipe+0x198/0x304
vfs_read+0xb4/0x1e0
ksys_read+0x74/0x100
__arm64_sys_read+0x24/0x30
el0_svc_common.constprop.0+0x7c/0x1bc
do_el0_svc+0x2c/0x94
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb4
el0_sync+0x160/0x180
Then I dump the vmcore and look into the problematic per_cpu ring_buffer,
I found that tail_page/commit_page/reader_page are on the same page while
reader_page->read is obviously abnormal:
tail_page == commit_page == reader_page == {
.write = 0x100d20,
.read = 0x8f9f4805, // Far greater than 0xd20, obviously abnormal!!!
.entries = 0x10004c,
.real_end = 0x0,
.page = {
.time_stamp = 0x857257416af0,
.commit = 0xd20, // This page hasn't been full filled.
// .data[0...0xd20] seems normal.
}
}
The root cause is most likely the race that reader and writer are on the
same page while reader saw an event that not fully committed by writer.
To fix this, add memory barriers to make sure the reader can see the
content of what is committed. Since commit a0fcaaed0c46 ("ring-buffer: Fix
race between reset page and reading page") has added the read barrier in
rb_get_reader_page(), here we just need to add the write barrier.
Link: https://lore.kernel.org/linux-trace-kernel/20230325021247.2923907-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Jia-Ju Bai
|
f4c6322a5f |
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
[ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ]
In a previous commit 7433632c9ff6, buffer, buffer->buffers and
buffer->buffers[cpu] in ring_buffer_wake_waiters() can be NULL,
and thus the related checks are added.
However, in the same call stack, these variables are also used in
ring_buffer_free_read_page():
tracing_buffers_release()
ring_buffer_wake_waiters(iter->array_buffer->buffer)
cpu_buffer = buffer->buffers[cpu] -> Add checks by previous commit
ring_buffer_free_read_page(iter->array_buffer->buffer)
cpu_buffer = buffer->buffers[cpu] -> No check
Thus, to avod possible null-pointer derefernces, the related checks
should be added.
These results are reported by a static tool designed by myself.
Link: https://lkml.kernel.org/r/20230113125501.760324-1-baijiaju1990@gmail.com
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Daniil Tatianin
|
455ea32477 |
ring_buffer: Do not deactivate non-existant pages
commit 56f4ca0a79a9f1af98f26c54b9b89ba1f9bcc6bd upstream.
rb_head_page_deactivate() expects cpu_buffer to contain a valid list of
->pages, so verify that the list is actually present before calling it.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Link: https://lkml.kernel.org/r/20221114143129.3534443-1-d-tatianin@yandex-team.ru
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (Google)
|
7e642bd051 |
ring-buffer: Fix race between reset page and reading page
commit a0fcaaed0c46cf9399d3a2d6e0c87ddb3df0e044 upstream.
The ring buffer is broken up into sub buffers (currently of page size).
Each sub buffer has a pointer to its "tail" (the last event written to the
sub buffer). When a new event is requested, the tail is locally
incremented to cover the size of the new event. This is done in a way that
there is no need for locking.
If the tail goes past the end of the sub buffer, the process of moving to
the next sub buffer takes place. After setting the current sub buffer to
the next one, the previous one that had the tail go passed the end of the
sub buffer needs to be reset back to the original tail location (before
the new event was requested) and the rest of the sub buffer needs to be
"padded".
The race happens when a reader takes control of the sub buffer. As readers
do a "swap" of sub buffers from the ring buffer to get exclusive access to
the sub buffer, it replaces the "head" sub buffer with an empty sub buffer
that goes back into the writable portion of the ring buffer. This swap can
happen as soon as the writer moves to the next sub buffer and before it
updates the last sub buffer with padding.
Because the sub buffer can be released to the reader while the writer is
still updating the padding, it is possible for the reader to see the event
that goes past the end of the sub buffer. This can cause obvious issues.
To fix this, add a few memory barriers so that the reader definitely sees
the updates to the sub buffer, and also waits until the writer has put
back the "tail" of the sub buffer back to the last event that was written
on it.
To be paranoid, it will only spin for 1 second, otherwise it will
warn and shutdown the ring buffer code. 1 second should be enough as
the writer does have preemption disabled. If the writer doesn't move
within 1 second (with preemption disabled) something is horribly
wrong. No interrupt should last 1 second!
Link: https://lore.kernel.org/all/20220830120854.7545-1-jiazi.li@transsion.com/
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216369
Link: https://lkml.kernel.org/r/20220929104909.0650a36c@gandalf.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (Google)
|
4d3e7f0407 |
ring-buffer: Check pending waiters when doing wake ups as well
commit ec0bbc5ec5664dcee344f79373852117dc672c86 upstream.
The wake up waiters only checks the "wakeup_full" variable and not the
"full_waiters_pending". The full_waiters_pending is set when a waiter is
added to the wait queue. The wakeup_full is only set when an event is
triggered, and it clears the full_waiters_pending to avoid multiple calls
to irq_work_queue().
The irq_work callback really needs to check both wakeup_full as well as
full_waiters_pending such that this code can be used to wake up waiters
when a file is closed that represents the ring buffer and the waiters need
to be woken up.
Link: https://lkml.kernel.org/r/20220927231824.209460321@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
8d3485b6b9 |
ring-buffer: Allow splice to read previous partially read pages
commit fa8f4a89736b654125fb254b0db753ac68a5fced upstream.
If a page is partially read, and then the splice system call is run
against the ring buffer, it will always fail to read, no matter how much
is in the ring buffer. That's because the code path for a partial read of
the page does will fail if the "full" flag is set.
The splice system call wants full pages, so if the read of the ring buffer
is not yet full, it should return zero, and the splice will block. But if
a previous read was done, where the beginning has been consumed, it should
still be given to the splice caller if the rest of the page has been
written to.
This caused the splice command to never consume data in this scenario, and
let the ring buffer just fill up and lose events.
Link: https://lkml.kernel.org/r/20220927144317.46be6b80@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes:
|
||
|
ot_dick.yang
|
874ed009ee |
[ALPS06396594] tracing: Fix bug in rb_per_cpu_empty() that might cause
deadloop
The "rb_per_cpu_empty()" misinterpret the condition (as not-empty) when
"head_page" and "commit_page" of "struct ring_buffer_per_cpu" points to
the same buffer page, whose "buffer_data_page" is empty and "read" field
is non-zero.
An error scenario could be constructed as followed (kernel perspective):
1. All pages in the buffer has been accessed by reader(s) so that all of
them will have non-zero "read" field.
2. Read and clear all buffer pages so that "rb_num_of_entries()" will
return 0 rendering theres no more data to read. It is also required
that the "read_page", "commit_page" and "tail_page" points to the same
page, while "head_page" is the next page of them.
3. Invoke "ring_buffer_lock_reserve()" with large enough "length"
so that it shot pass the end of current tail buffer page. Now the
"head_page", "commit_page" and "tail_page" points to the same page.
4. Discard current event with "ring_buffer_discard_commit()", so that
"head_page", "commit_page" and "tail_page" points to a page whose buffer
data page is now empty.
When the error scenario has been constructed, "tracing_read_pipe" will
be trapped inside a deadloop: "trace_empty()" returns 0 since
"rb_per_cpu_empty()" returns 0 when it hits the CPU containing such
constructed ring buffer. Then "trace_find_next_entry_inc()" always
return NULL since "rb_num_of_entries()" reports theres no more entry
to read. Finally "trace_seq_to_user()" returns "-EBUSY" spanking
"tracing_read_pipe" back to the start of the "waitagain" loop.
Ive also written a proof-of-concept script to construct the scenario
and trigger the bug automatically, you can use it to trace and validate
my reasoning above:
https://github.com/aegistudio/RingBufferDetonator.git
Tests has been carried out on linux kernel 5.14-rc2
(2734d6c1b1a089fb593ef6a23d4b70903526fe0c), my fixed version
of kernel (for testing whether my update fixes the bug) and
some older kernels (for range of affected kernels). Test result is
also attached to the proof-of-concept repository.
Link: https://lore.kernel.org/linux-trace-devel/YPaNxsIlb2yjSi5Y@aegistudio/
Link: https://lore.kernel.org/linux-trace-devel/YPgrN85WL9VyrZ55@aegistudio
MTK-Commit-Id: a6aaf46f366ee79c91f87e3bd990c8d1bb38d836
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Haoran Luo
|
6a99bfee7f |
tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
commit 67f0d6d9883c13174669f88adac4f0ee656cc16a upstream.
The "rb_per_cpu_empty()" misinterpret the condition (as not-empty) when
"head_page" and "commit_page" of "struct ring_buffer_per_cpu" points to
the same buffer page, whose "buffer_data_page" is empty and "read" field
is non-zero.
An error scenario could be constructed as followed (kernel perspective):
1. All pages in the buffer has been accessed by reader(s) so that all of
them will have non-zero "read" field.
2. Read and clear all buffer pages so that "rb_num_of_entries()" will
return 0 rendering there's no more data to read. It is also required
that the "read_page", "commit_page" and "tail_page" points to the same
page, while "head_page" is the next page of them.
3. Invoke "ring_buffer_lock_reserve()" with large enough "length"
so that it shot pass the end of current tail buffer page. Now the
"head_page", "commit_page" and "tail_page" points to the same page.
4. Discard current event with "ring_buffer_discard_commit()", so that
"head_page", "commit_page" and "tail_page" points to a page whose buffer
data page is now empty.
When the error scenario has been constructed, "tracing_read_pipe" will
be trapped inside a deadloop: "trace_empty()" returns 0 since
"rb_per_cpu_empty()" returns 0 when it hits the CPU containing such
constructed ring buffer. Then "trace_find_next_entry_inc()" always
return NULL since "rb_num_of_entries()" reports there's no more entry
to read. Finally "trace_seq_to_user()" returns "-EBUSY" spanking
"tracing_read_pipe" back to the start of the "waitagain" loop.
I've also written a proof-of-concept script to construct the scenario
and trigger the bug automatically, you can use it to trace and validate
my reasoning above:
https://github.com/aegistudio/RingBufferDetonator.git
Tests has been carried out on linux kernel 5.14-rc2
(2734d6c1b1a089fb593ef6a23d4b70903526fe0c), my fixed version
of kernel (for testing whether my update fixes the bug) and
some older kernels (for range of affected kernels). Test result is
also attached to the proof-of-concept repository.
Link: https://lore.kernel.org/linux-trace-devel/YPaNxsIlb2yjSi5Y@aegistudio/
Link: https://lore.kernel.org/linux-trace-devel/YPgrN85WL9VyrZ55@aegistudio
Cc: stable@vger.kernel.org
Fixes:
|
||
|
bo.ye
|
47a12e27d4 |
[ALPS05605552] [Do NOT Sync]Merge branch android-4.19-stable into alps-trunk-s0.basic
[Detail]
Target:
|
||
|
Gaurav Kohli
|
acfa7ad7b7 |
tracing: Fix race in trace_open and buffer resize call
commit bbeb97464eefc65f506084fd9f18f21653e01137 upstream.
Below race can come, if trace_open and resize of
cpu buffer is running parallely on different cpus
CPUX CPUY
ring_buffer_resize
atomic_read(&buffer->resize_disabled)
tracing_open
tracing_reset_online_cpus
ring_buffer_reset_cpu
rb_reset_cpu
rb_update_pages
remove/insert pages
resetting pointer
This race can cause data abort or some times infinte loop in
rb_remove_pages and rb_insert_pages while checking pages
for sanity.
Take buffer lock to fix this.
Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org
Cc: stable@vger.kernel.org
Fixes:
|
||
|
bo.ye
|
4f099f5a37 |
[ALPS05525109] [Do NOT Sync]Merge branch android-4.19-stable into alps-trunk-s0.basic
[Detail]
Target:
|
||
|
Steven Rostedt (VMware)
|
d4e0ae6388 |
[ALPS05232231] ring-buffer: Remove all BUG() calls
Theres a lot of checks to make sure the ring buffer is working, and if an anomaly is detected, it safely shuts itself down. But theres a few cases that it will call BUG(), which defeats the point of being safe (it crashes the kernel when an anomaly is found!). Theres no reason for them. Switch them all to either WARN_ON_ONCE() (when no ring buffer descriptor is present), or to RB_WARN_ON() (when a ring buffer descriptor is present). Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> MTK-Commit-Id: 818c091668e14f4216af839775837af9438c7a69 Change-Id: I26f7f5472027856b03c392879023e707c1def0e5 CR-Id: ALPS05232231 Feature: System Performance Signed-off-by: Andress Kuo <andress.kuo@mediatek.com> |
||
|
Steven Rostedt (VMware)
|
b410d07e96 |
ring-buffer: Fix recursion protection transitions between interrupt context
commit b02414c8f045ab3b9afc816c3735bc98c5c3d262 upstream.
The recursion protection of the ring buffer depends on preempt_count() to be
correct. But it is possible that the ring buffer gets called after an
interrupt comes in but before it updates the preempt_count(). This will
trigger a false positive in the recursion code.
Use the same trick from the ftrace function callback recursion code which
uses a "transition" bit that gets set, to allow for a single recursion for
to handle transitions between contexts.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Qiujun Huang
|
57ebe91029 |
ring-buffer: Return 0 on success from ring_buffer_resize()
commit 0a1754b2a97efa644aa6e84d1db5b17c42251483 upstream.
We don't need to check the new buffer size, and the return value
had confused resize_buffer_duplicate_size().
...
ret = ring_buffer_resize(trace_buf->buffer,
per_cpu_ptr(size_buf->data,cpu_id)->entries, cpu_id);
if (ret == 0)
per_cpu_ptr(trace_buf->data, cpu_id)->entries =
per_cpu_ptr(size_buf->data, cpu_id)->entries;
...
Link: https://lkml.kernel.org/r/20201019142242.11560-1-hqjagain@gmail.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (VMware)
|
a1de406751 |
ring-buffer: Zero out time extend if it is nested and not absolute
commit 097350d1c6e1f5808cae142006f18a0bbc57018d upstream.
Currently the ring buffer makes events that happen in interrupts that preempt
another event have a delta of zero. (Hopefully we can change this soon). But
this is to deal with the races of updating a global counter with lockless
and nesting functions updating deltas.
With the addition of absolute time stamps, the time extend didn't follow
this rule. A time extend can happen if two events happen longer than 2^27
nanoseconds appart, as the delta time field in each event is only 27 bits.
If that happens, then a time extend is injected with 2^59 bits of
nanoseconds to use (18 years). But if the 2^27 nanoseconds happen between
two events, and as it is writing the event, an interrupt triggers, it will
see the 2^27 difference as well and inject a time extend of its own. But a
recent change made the time extend logic not take into account the nesting,
and this can cause two time extend deltas to happen moving the time stamp
much further ahead than the current time. This gets all reset when the ring
buffer moves to the next page, but that can cause time to appear to go
backwards.
This was observed in a trace-cmd recording, and since the data is saved in a
file, with trace-cmd report --debug, it was possible to see that this indeed
did happen!
bash-52501 110d... 81778.908247: sched_switch: bash:52501 [120] S ==> swapper/110:0 [120] [12770284:0x2e8:64]
<idle>-0 110d... 81778.908757: sched_switch: swapper/110:0 [120] R ==> bash:52501 [120] [509947:0x32c:64]
TIME EXTEND: delta:306454770 length:0
bash-52501 110.... 81779.215212: sched_swap_numa: src_pid=52501 src_tgid=52388 src_ngid=52501 src_cpu=110 src_nid=2 dst_pid=52509 dst_tgid=52388 dst_ngid=52501 dst_cpu=49 dst_nid=1 [0:0x378:48]
TIME EXTEND: delta:306458165 length:0
bash-52501 110dNh. 81779.521670: sched_wakeup: migration/110:565 [0] success=1 CPU:110 [0:0x3b4:40]
and at the next page, caused the time to go backwards:
bash-52504 110d... 81779.685411: sched_switch: bash:52504 [120] S ==> swapper/110:0 [120] [8347057:0xfb4:64]
CPU:110 [SUBBUFFER START] [81779379165886:0x1320000]
<idle>-0 110dN.. 81779.379166: sched_wakeup: bash:52504 [120] success=1 CPU:110 [0:0x10:40]
<idle>-0 110d... 81779.379167: sched_switch: swapper/110:0 [120] R ==> bash:52504 [120] [1168:0x3c:64]
Link: https://lkml.kernel.org/r/20200622151815.345d1bf5@oasis.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Peter Zijlstra
|
d0264d10ae |
trace: Fix preempt_enable_no_resched() abuse
commit d6097c9e4454adf1f8f2c9547c2fa6060d55d952 upstream.
Unless the very next line is schedule(), or implies it, one must not use
preempt_enable_no_resched(). It can cause a preemption to go missing and
thereby cause arbitrary delays, breaking the PREEMPT=y invariant.
Link: http://lkml.kernel.org/r/20190423200318.GY14281@hirez.programming.kicks-ass.net
Cc: Waiman Long <longman@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: the arch/x86 maintainers <x86@kernel.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: huang ying <huang.ying.caritas@gmail.com>
Cc: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Douglas Anderson
|
b73c7d0204 |
tracing: kdb: Fix ftdump to not sleep
[ Upstream commit 31b265b3baaf55f209229888b7ffea523ddab366 ] As reported back in 2016-11 [1], the "ftdump" kdb command triggers a BUG for "sleeping function called from invalid context". kdb's "ftdump" command wants to call ring_buffer_read_prepare() in atomic context. A very simple solution for this is to add allocation flags to ring_buffer_read_prepare() so kdb can call it without triggering the allocation error. This patch does that. Note that in the original email thread about this, it was suggested that perhaps the solution for kdb was to either preallocate the buffer ahead of time or create our own iterator. I'm hoping that this alternative of adding allocation flags to ring_buffer_read_prepare() can be considered since it means I don't need to duplicate more of the core trace code into "trace_kdb.c" (for either creating my own iterator or re-preparing a ring allocator whose memory was already allocated). NOTE: another option for kdb is to actually figure out how to make it reuse the existing ftrace_dump() function and totally eliminate the duplication. This sounds very appealing and actually works (the "sr z" command can be seen to properly dump the ftrace buffer). The downside here is that ftrace_dump() fully consumes the trace buffer. Unless that is changed I'd rather not use it because it means "ftdump | grep xyz" won't be very useful to search the ftrace buffer since it will throw away the whole trace on the first grep. A future patch to dump only the last few lines of the buffer will also be hard to implement. [1] https://lkml.kernel.org/r/20161117191605.GA21459@google.com Link: http://lkml.kernel.org/r/20190308193205.213659-1-dianders@chromium.org Reported-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Vaibhav Nagarnaik
|
83f365554e |
ring-buffer: Allow for rescheduling when removing pages
When reducing ring buffer size, pages are removed by scheduling a work
item on each CPU for the corresponding CPU ring buffer. After the pages
are removed from ring buffer linked list, the pages are free()d in a
tight loop. The loop does not give up CPU until all pages are removed.
In a worst case behavior, when lot of pages are to be freed, it can
cause system stall.
After the pages are removed from the list, the free() can happen while
the work is rescheduled. Call cond_resched() in the loop to prevent the
system hangup.
Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (VMware)
|
bcea3f96e1 |
tracing: Add SPDX License format tags to tracing files
Add the SPDX License header to ease license compliance management. Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Steven Rostedt (VMware)
|
d7224c0e12 |
ring-buffer: Make ring_buffer_record_is_set_on() return bool
The value of ring_buffer_record_is_set_on() is either true or false, so have its return value be bool. Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Steven Rostedt (VMware)
|
3ebea280d7 |
ring-buffer: Make ring_buffer_record_is_on() return bool
The value of ring_buffer_record_is_on() is either true or false, so have its return value be bool. Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Masami Hiramatsu
|
73c8d89455 |
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
Maintain the tracing on/off setting of the ring_buffer when switching
to the trace buffer snapshot.
Taking a snapshot is done by swapping the backup ring buffer
(max_tr_buffer). But since the tracing on/off setting is defined
by the ring buffer, when swapping it, the tracing on/off setting
can also be changed. This causes a strange result like below:
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 0 > tracing_on
/sys/kernel/debug/tracing # cat tracing_on
0
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
0
We don't touch tracing_on, but snapshot changes tracing_on
setting each time. This is an anomaly, because user doesn't know
that each "ring_buffer" stores its own tracing-enable state and
the snapshot is done by swapping ring buffers.
Link: http://lkml.kernel.org/r/153149929558.11274.11730609978254724394.stgit@devbox
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: Hiraku Toyooka <hiraku.toyooka@cybertrust.co.jp>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (VMware)
|
6167c205ca |
ring-buffer: Fix a bunch of typos in comments
An anonymous source sent me a bunch of typo fixes in the comments of ring_buffer.c file. That source did not want to be associated to this patch because they don't want to be known as "one of those" commiters (you know who you are!). They gave me permission to sign this off in my own name. Suggested-by: One-of-those-commiters@YouKnowWhoYouAre.org Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Steven Rostedt (VMware)
|
927e56db62 |
ring-buffer: Add set/clear_current_oom_origin() during allocations
As si_mem_available() can say there is enough memory even though the memory available is not useable by the ring buffer, it is best to not kill innocent applications because the ring buffer is taking up all the memory while it is trying to allocate a great deal of memory. If the allocator is user space (because kernel threads can also increase the size of the kernel ring buffer on boot up), then after si_mem_available() says there is enough memory, set the OOM killer to kill the current task if an OOM triggers during the allocation. Link: http://lkml.kernel.org/r/20180404062340.GD6312@dhcp22.suse.cz Suggested-by: Michal Hocko <mhocko@kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Steven Rostedt (VMware)
|
2a872fa4e9 |
ring-buffer: Check if memory is available before allocation
The ring buffer is made up of a link list of pages. When making the ring buffer bigger, it will allocate all the pages it needs before adding to the ring buffer, and if it fails, it frees them and returns an error. This makes increasing the ring buffer size an all or nothing action. When this was first created, the pages were allocated with "NORETRY". This was to not cause any Out-Of-Memory (OOM) actions from allocating the ring buffer. But NORETRY was too strict, as the ring buffer would fail to expand even when there's memory available, but was taken up in the page cache. Commit |
||
|
Chris Wilson
|
913ea4d0b1 |
tracing: Mention trace_clock=global when warning about unstable clocks
Mention the alternative of adding trace_clock=global to the kernel command line when we detect that we've used an unstable clock across a suspend/resume cycle. Link: http://lkml.kernel.org/r/20180330150132.16903-2-chris@chris-wilson.co.uk Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |