94de3b405c8dee0ffc8de5c06b32fbf00fc4e8f9
38873 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Choonghoon Park
|
cabf26b4eb |
ANDROID: sched: Add vendor hook to select ilb cpu
Add android_rvh_find_new_ilb to select a next ilb cpu for vendors. Bug: 190228983 Change-Id: Iba1a0cd9cdc22dcf628dd33f8d838fe513a4818f Signed-off-by: Choonghoon Park <choong.park@samsung.com> |
||
|
Choonghoon Park
|
25d620ba79 |
ANDROID: GKI: sched: add rvh for new cfs task util
A vendor hook is added in post_init_entity_util_avg before a new cfs task's util is attached to cfs_rq's util so that vendors can gather and modify se's information to modify scheduling behavior and DVFS as they want. trace_android_rvh_new_task_stats is not a proper hook because it is called after the task's util is attached to cfs_rq's util, which means updating cfs_rq's sched_avg and DVFS request are done. Bug: 184219858 Signed-off-by: Choonghoon Park <choong.park@samsung.com> Change-Id: I2deaa93297f8464895978496c9838cdffaa35b7f |
||
|
Park Bumgyu
|
ca6883251a |
ANDROID: sched: add rvh for rebalance domains
Vendor scheduler may not want to rebalance between domains in some case. New vendor hook is added for vendor to decide whether rebalance domains. Bug: 176952463 Change-Id: Ie2edbd4b11679786096dd0170496904ae180583c Signed-off-by: Park Bumgyu <bumgyu.park@samsung.com> |
||
|
deyaoren@google.com
|
c37e56f9c4 |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: ANDROID: Fix "one_thousand" defined but not used warning ANDROID: GKI: defconfig: Enable DMA-BUF sysfs stats FROMGIT: KVM: arm64: vgic: Replace kernel.h with the necessary inclusions FROMGIT: KVM: arm64: Fix comment typo in kvm_vcpu_finalize_sve() FROMGIT: KVM: arm64: Rework kvm_pgtable initialisation FROMGIT: KVM: arm64: vgic: Demote userspace-triggered console prints to kvm_debug() FROMGIT: KVM: arm64: vgic-v3: Fix vcpu index comparison FROMGIT: KVM: arm64: Drop unused workaround_flags vcpu field ANDROID: GKI: Update virtual_device symbol list ANDROID: dma-heap: Make the page-pool library built-in ANDROID: dma-buf: heaps: fix dma-buf heap pool pages stat ANDROID: dma-heap: Let system heap report total pool size ANDROID: dma-buf: heaps: Add a sysfs file to report total pool size. ANDROID: dma-buf: heaps: fix a warning in dmabuf page pools ANDROID: dma-buf: system_heap: Add pagepool support to system heap ANDROID: dma-buf: heaps: Add a shrinker controlled page pool ANDROID: mm/oom_kill: allow process_mrelease reclaim memory in parallel with exit_mmap FROMLIST: mm/oom_kill: allow process_mrelease to run under mmap_lock protection FROMLIST: mm: protect free_pgtables with mmap_lock write lock in exit_mmap Signed-off-by: deyaoren@google.com <deyaoren@google.com> Change-Id: I7f3ad2085021ee86fc27f6ae84aa5e65a002a219 |
||
|
Suren Baghdasaryan
|
1d50adbe5a |
ANDROID: Fix "one_thousand" defined but not used warning
Fix the following warning issued when CONFIG_PERF_EVENTS is not
defined:
kernel/sysctl.c:124:12: error: ‘one_thousand’ defined but not used [-Werror=unused-variable]
These definitions in upstream has been changed [1] and therefore
the issue does not exist there.
[1] https://lore.kernel.org/all/20211124220801.ip01WsWPQ%25akpm@linux-foundation.org/
Fixes:
|
||
|
deyaoren@google.com
|
17210ce13c |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: (32 commits)
ANDROID: add initial symbol list for mtktv
FROMGIT: KVM: arm64: pkvm: Unshare guest structs during teardown
FROMGIT: KVM: arm64: Expose unshare hypercall to the host
FROMGIT: KVM: arm64: Implement do_unshare() helper for unsharing memory
FROMGIT: KVM: arm64: Implement __pkvm_host_share_hyp() using do_share()
FROMGIT: KVM: arm64: Implement do_share() helper for sharing memory
FROMGIT: KVM: arm64: Introduce wrappers for host and hyp spin lock accessors
FROMGIT: KVM: arm64: Extend pkvm_page_state enumeration to handle absent pages
FROMGIT: KVM: arm64: pkvm: Refcount the pages shared with EL2
BACKPORT: FROMGIT: KVM: arm64: Introduce kvm_share_hyp()
FROMGIT: KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2
FROMGIT: KVM: arm64: Hook up ->page_count() for hypervisor stage-1 page-table
FROMGIT: KVM: arm64: Fixup hyp stage-1 refcount
FROMGIT: KVM: arm64: Refcount hyp stage-1 pgtable pages
FROMGIT: KVM: arm64: Provide {get,put}_page() stubs for early hyp allocator
Revert "FROMLIST: KVM: arm64: Provide {get,put}_page() stubs for early hyp allocator"
Revert "FROMLIST: KVM: arm64: Refcount hyp stage-1 pgtable pages"
Revert "FROMLIST: KVM: arm64: Fixup hyp stage-1 refcount"
Revert "FROMLIST: KVM: arm64: Hook up ->page_count() for hypervisor stage-1 page-table"
Revert "FROMLIST: KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2"
...
Signed-off-by: deyaoren@google.com <deyaoren@google.com>
Change-Id: I431ac42225c44bf0a8268e262f35ccc4a78ff8ed
|
||
|
Ramji Jiyani
|
f8bd6cf70d |
ANDROID: GKI: Add module load time protected symbol lookup
Add CONFIG_MODULE_SIG_PROTECT to enable lookup for the protected symbols and exports from the build time generated list of symbols and exports. Module loading behavior will change as follows: - Allows Android GKI Modules signed using MODULE_SIG_ALL during build. - Allows other modules to load if they don't violate the access to Android GKI protected symbols and do not export the symbols already exported by the Android GKI modules. Loading will fail and return -EACCES (Permission denied) if symbol access contidions are not met. Bug: 200082547 Test: Treehugger Signed-off-by: Ramji Jiyani <ramjiyani@google.com> Change-Id: Iedb99d8434db82a9c7f18ffd363d84f4b2316c5b (cherry picked from commit 9ab6a242258a9ac17506b74c6ed7332703d536f4) |
||
|
Suren Baghdasaryan
|
0f047989b0 |
FROMGIT: mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30%
For embedded systems with low total memory, having to run applications with relatively large memory requirements, 10% max limitation for watermark_scale_factor poses an issue of triggering direct reclaim every time such application is started. This results in slow application startup times and bad end-user experience. By increasing watermark_scale_factor max limit we allow vendors more flexibility to choose the right level of kswapd aggressiveness for their device and workload requirements. Link: https://lkml.kernel.org/r/20211124193604.2758863-1-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Lukas Middendorf <kernel@tuxforce.de> Cc: Antti Palosaari <crope@iki.fi> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Iurii Zaikin <yzaikin@google.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Zhang Yi <yi.zhang@huawei.com> Cc: Fengfei Xi <xi.fengfei@h3c.com> Cc: Mike Rapoport <rppt@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 4e36dc369cc7581ac19a7523303e682a53e52e59 git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master) Bug: 194652782 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I3e926c8b222933a10c79068d22a1407ff3181824 |
||
|
deyaoren@google.com
|
166a729956 |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: (350 commits) ANDROID: GKI: add symbol list for raviole Linux 5.15.12 phonet/pep: refuse to enable an unbound pipe tun: avoid double free in tun_free_netdev hamradio: improve the incomplete fix to avoid NPD hamradio: defer ax25 kfree after unregister_netdev ax25: NPD bug when detaching AX25 device r8152: sync ocp base hwmon: (lm90) Do not report 'busy' status bit as alarm hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 pinctrl: mediatek: fix global-out-of-bounds issue ASoC: rt5682: fix the wrong jack type detected ASoC: SOF: Intel: pci-tgl: add ADL-N support ASoC: SOF: Intel: pci-tgl: add new ADL-P variant ASoC: tas2770: Fix setting of high sample rates Input: goodix - add id->model mapping for the "9111" model Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 Input: iqs626a - prohibit inlining of channel parsing functions kfence: fix memory leak when cat kfence objects arm64: dts: lx2160a: fix scl-gpios property name ... Signed-off-by: deyaoren@google.com <deyaoren@google.com> Change-Id: I5e7b22dc22b6347ed327f957e4c8865c1a17a9ef |
||
|
Greg Kroah-Hartman
|
37039d2a38 |
Merge 5.15.12 into android13-5.15
Changes in 5.15.12 arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd net: usb: lan78xx: add Allied Telesis AT29M2-AF ext4: prevent partial update of the extent blocks ext4: check for out-of-order index extents in ext4_valid_extent_entries() ext4: check for inconsistent extents between index and leaf block selftests: KVM: Fix non-x86 compiling HID: holtek: fix mouse probing HID: potential dereference of null pointer NFSD: Fix READDIR buffer overflow PM: sleep: Fix error handling in dpm_prepare() arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode bus: sunxi-rsb: Fix shutdown spi: change clk_disable_unprepare to clk_unprepare ucounts: Fix rlimit max values check drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() RDMA/hns: Fix RNR retransmission issue for HIP08 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() RDMA/hns: Replace kfree() with kvfree() netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() netfilter: fix regression in looped (broad|multi)cast's MAC handling ARM: dts: imx6qdl-wandboard: Fix Ethernet support ice: Use xdp_buf instead of rx_buf for xsk zero-copy ice: xsk: return xsk buffers back to pool when cleaning the ring net: marvell: prestera: fix incorrect return of port_find net: marvell: prestera: fix incorrect structure access qlcnic: potential dereference null pointer of rx_queue->page_ring tcp: move inet->rx_dst_ifindex to sk->sk_rx_dst_ifindex ipv6: move inet6_sk(sk)->rx_dst_cookie to sk->sk_rx_dst_cookie inet: fully convert sk->sk_rx_dst to RCU rules net: accept UFOv6 packages in virtio_net_hdr_to_skb net: skip virtio_net_hdr_set_proto if protocol already set igb: fix deadlock caused by taking RTNL in RPM resume path ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module gpio: virtio: remove timeout bonding: fix ad_actor_system option setting to default fjes: Check for error irq drivers: net: smc911x: Check for error irq net: ks8851: Check for error irq sfc: Check null pointer of rx_queue->page_ring sfc: falcon: Check null pointer of rx_queue->page_ring asix: fix uninit-value in asix_mdio_read() asix: fix wrong return value in asix_check_host_enable() io_uring: zero iocb->ki_pos for stream file types veth: ensure skb entering GRO are not cloned. net: stmmac: ptp: fix potentially overflowing expression net: bridge: Use array_size() helper in copy_to_user() net: bridge: fix ioctl old_deviceless bridge argument r8152: fix the force speed doesn't work for RTL8156 net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M Input: elantech - fix stack out of bound access in elantech_change_report_id() pinctrl: bcm2835: Change init order for gpio hogs hwmon: (lm90) Fix usage of CONFIG2 register in detect function hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations hwmon: (lm90) Introduce flag indicating extended temperature support hwmon: (lm90) Add basic support for TI TMP461 hwmon: (lm90) Drop critical attribute support for MAX6654 ARM: 9160/1: NOMMU: Reload __secondary_data after PROCINFO_INITFUNC uapi: Fix undefined __always_inline on non-glibc systems compiler.h: Fix annotation macro misplacement with Clang platform/x86/intel: Remove X86_PLATFORM_DRIVERS_INTEL kernel/crash_core: suppress unknown crashkernel parameter warning Revert "x86/boot: Pull up cmdline preparation and early param parsing" x86/boot: Move EFI range reservation after cmdline parsing ALSA: jack: Check the return value of kstrdup() ALSA: drivers: opl3: Fix incorrect use of vp->state ALSA: rawmidi - fix the uninitalized user_pversion ALSA: hda/hdmi: Disable silent stream on GLK ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 ALSA: hda/realtek: Add new alc285-hp-amp-init model ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook ALSA: hda/realtek: Fix quirk for Clevo NJ51CU ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s ASoC: tegra: Add DAPM switches for headphones and mic jack ASoC: tegra: Restore headphones jack name on Nyan Big Input: atmel_mxt_ts - fix double free in mxt_read_info_block ipmi: bail out if init_srcu_struct fails ipmi: ssif: initialize ssif_info->client early ipmi: fix initialization when workqueue allocation fails parisc: Correct completer in lws start parisc: Fix mask used to select futex spinlock tee: handle lookup of shm with reference count 0 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT platform/x86: amd-pmc: only use callbacks for suspend platform/x86: intel_pmc_core: fix memleak on registration failure KVM: x86: Always set kvm_run->if_flag KVM: x86/mmu: Don't advance iterator after restart due to yielding KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required KVM: VMX: Always clear vmx->fail on emulation_required KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines gpio: dln2: Fix interrupts when replugging the device mmc: sdhci-tegra: Fix switch to HS400ES mode mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands mmc: core: Disable card detect during shutdown mmc: mmci: stm32: clear DLYB_CR after sending tuning command ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling ksmbd: fix error code in ndr_read_int32() ksmbd: fix uninitialized symbol 'pntsd_size' ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 mac80211: fix locking in ieee80211_start_ap error path mm: mempolicy: fix THP allocations escaping mempolicy restrictions mm, hwpoison: fix condition in free hugetlb page path mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() mm/damon/dbgfs: protect targets destructions with kdamond_lock tee: optee: Fix incorrect page free bug f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() netfs: fix parameter of cleanup() KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state arm64: dts: lx2160a: fix scl-gpios property name kfence: fix memory leak when cat kfence objects Input: iqs626a - prohibit inlining of channel parsing functions Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 Input: goodix - add id->model mapping for the "9111" model ASoC: tas2770: Fix setting of high sample rates ASoC: SOF: Intel: pci-tgl: add new ADL-P variant ASoC: SOF: Intel: pci-tgl: add ADL-N support ASoC: rt5682: fix the wrong jack type detected pinctrl: mediatek: fix global-out-of-bounds issue hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 hwmon: (lm90) Do not report 'busy' status bit as alarm r8152: sync ocp base ax25: NPD bug when detaching AX25 device hamradio: defer ax25 kfree after unregister_netdev hamradio: improve the incomplete fix to avoid NPD tun: avoid double free in tun_free_netdev phonet/pep: refuse to enable an unbound pipe Linux 5.15.12 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5e3abccc5e4dc038ebf84e8efee6083b2c7f39d5 |
||
|
Philipp Rudo
|
70e7705b02 |
kernel/crash_core: suppress unknown crashkernel parameter warning
[ Upstream commit 71d2bcec2d4d69ff109c497e6611d6c53c8926d4 ]
When booting with crashkernel= on the kernel command line a warning
similar to
Kernel command line: ro console=ttyS0 crashkernel=256M
Unknown kernel command line parameters "crashkernel=256M", will be passed to user space.
is printed.
This comes from crashkernel= being parsed independent from the kernel
parameter handling mechanism. So the code in init/main.c doesn't know
that crashkernel= is a valid kernel parameter and prints this incorrect
warning.
Suppress the warning by adding a dummy early_param handler for
crashkernel=.
Link: https://lkml.kernel.org/r/20211208133443.6867-1-prudo@redhat.com
Fixes:
|
||
|
Alexey Gladkov
|
11bf802877 |
ucounts: Fix rlimit max values check
[ Upstream commit 59ec71575ab440cd5ca0aa53b2a2985b3639fad4 ]
The semantics of the rlimit max values differs from ucounts itself. When
creating a new userns, we store the current rlimit of the process in
ucount_max. Thus, the value of the limit in the parent userns is saved
in the created one.
The problem is that now we are taking the maximum value for counter from
the same userns. So for init_user_ns it will always be RLIM_INFINITY.
To fix the problem we need to check the counter value with the max value
stored in userns.
Reproducer:
su - test -c "ulimit -u 3; sleep 5 & sleep 6 & unshare -U --map-root-user sh -c 'sleep 7 & sleep 8 & date; wait'"
Before:
[1] 175
[2] 176
Fri Nov 26 13:48:20 UTC 2021
[1]- Done sleep 5
[2]+ Done sleep 6
After:
[1] 167
[2] 168
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: retry: Resource temporarily unavailable
sh: fork: Interrupted system call
[1]- Done sleep 5
[2]+ Done sleep 6
Fixes:
|
||
|
Greg Kroah-Hartman
|
bbc1b6a8a4 |
Merge 5.15.11 into android13-5.15
Changes in 5.15.11 reset: tegra-bpmp: Revert Handle errors in BPMP response KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE KVM: downgrade two BUG_ONs to WARN_ON_ONCE x86/kvm: remove unused ack_notifier callbacks KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() mac80211: fix rate control for retransmitted frames mac80211: fix regression in SSN handling of addba tx mac80211: mark TX-during-stop for TX in in_reconfig mac80211: send ADDBA requests using the tid/queue of the aggregation session mac80211: validate extended element ID is present firmware: arm_scpi: Fix string overflow in SCPI genpd driver bpf: Fix kernel address leakage in atomic fetch bpf, selftests: Add test case for atomic fetch on spilled pointer bpf: Fix signed bounds propagation after mov32 bpf: Make 32->64 bounds propagation slightly more robust bpf, selftests: Add test case trying to taint map value pointer bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer vduse: fix memory corruption in vduse_dev_ioctl() vduse: check that offset is within bounds in get_config() virtio_ring: Fix querying of maximum DMA mapping size for virtio device vdpa: check that offsets are within bounds s390/entry: fix duplicate tracking of irq nesting level recordmcount.pl: look for jgnop instruction as well as bcrl on s390 arm64: dts: ten64: remove redundant interrupt declaration for gpio-keys ceph: fix up non-directory creation in SGID directories dm btree remove: fix use after free in rebalance_children() audit: improve robustness of the audit queue handling btrfs: convert latest_bdev type to btrfs_device and rename btrfs: use latest_dev in btrfs_show_devname btrfs: update latest_dev when we create a sprout device btrfs: remove stale comment about the btrfs_show_devname scsi: ufs: core: Retry START_STOP on UNIT_ATTENTION drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() pinctrl: amd: Fix wakeups when IRQ is shared with SCI arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply arm64: dts: rockchip: fix audio-supply for Rock Pi 4 arm64: dts: rockchip: fix poweroff on helios64 dmaengine: idxd: add halt interrupt support dmaengine: idxd: fix calling wq quiesce inside spinlock mac80211: track only QoS data frames for admission control tee: amdtee: fix an IS_ERR() vs NULL bug ceph: fix duplicate increment of opened_inodes metric ceph: initialize pathlen variable in reconnect_caps_cb ARM: socfpga: dts: fix qspi node compatible arm64: dts: imx8mq: remove interconnect property from lcdif clk: Don't parent clks until the parent is fully registered soc: imx: Register SoC device only on i.MX boards iwlwifi: mvm: don't crash on invalid rate w/o STA virtio: always enter drivers/virtio/ virtio/vsock: fix the transport to work with VMADDR_CID_ANY vdpa: Consider device id larger than 31 Revert "drm/fb-helper: improve DRM fbdev emulation device names" selftests: net: Correct ping6 expected rc from 2 to 1 s390/kexec_file: fix error handling when applying relocations sch_cake: do not call cake_destroy() from cake_init() inet_diag: fix kernel-infoleak for UDP sockets netdevsim: don't overwrite read only ethtool parms selftests: icmp_redirect: pass xfail=0 to log_test() net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg net: hns3: fix race condition in debugfs selftests: Add duplicate config only for MD5 VRF tests selftests: Fix raw socket bind tests with VRF selftests: Fix IPv6 address bind tests dmaengine: idxd: fix missed completion on abort path dmaengine: st_fdma: fix MODULE_ALIAS drm: simpledrm: fix wrong unit with pixel clock net/sched: sch_ets: don't remove idle classes from the round-robin list selftests/net: toeplitz: fix udp option net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() selftest/net/forwarding: declare NETIFS p9 p10 mptcp: never allow the PM to close a listener subflow drm/ast: potential dereference of null pointer drm/i915/display: Fix an unsigned subtraction which can never be negative. mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock cfg80211: Acquire wiphy mutex on regulatory work mac80211: fix lookup when adding AddBA extension element net: stmmac: fix tc flower deletion for VLAN priority Rx steering flow_offload: return EOPNOTSUPP for the unsupported mpls action type rds: memory leak in __rds_conn_create() ice: Use div64_u64 instead of div_u64 in adjfine ice: Don't put stale timestamps in the skb drm/amd/display: Set exit_optimized_pwr_state for DCN31 drm/amd/pm: fix a potential gpu_metrics_table memory leak mptcp: remove tcp ulp setsockopt support mptcp: clear 'kern' flag from fallback sockets mptcp: fix deadlock in __mptcp_push_pending() soc/tegra: fuse: Fix bitwise vs. logical OR warning igb: Fix removal of unicast MAC filters of VFs igbvf: fix double free in `igbvf_probe` igc: Fix typo in i225 LTR functions ixgbe: Document how to enable NBASE-T support ixgbe: set X550 MDIO speed before talking to PHY netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc net/packet: rx_owner_map depends on pg_vec net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup sfc_ef100: potential dereference of null pointer dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED net: Fix double 0x prefix print in SKB dump net/smc: Prevent smc_release() from long blocking net: systemport: Add global locking for descriptor lifecycle sit: do not call ipip6_dev_free() from sit_init_net() afs: Fix mmap arm64: kexec: Fix missing error code 'ret' warning in load_other_segments() bpf: Fix extable fixup offset. bpf, selftests: Fix racing issue in btf_skc_cls_ingress test powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n USB: gadget: bRequestType is a bitfield, not a enum Revert "usb: early: convert to readl_poll_timeout_atomic()" KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error PCI/MSI: Mask MSI-X vectors only on success usb: xhci-mtk: fix list_del warning when enable list debug usb: xhci: Extend support for runtime power management for AMD's Yellow carp. usb: cdnsp: Fix incorrect status for control request usb: cdnsp: Fix incorrect calling of cdnsp_died function usb: cdnsp: Fix issue in cdnsp_log_ep trace event usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore usb: typec: tcpm: fix tcpm unregister port but leave a pending timer usb: gadget: u_ether: fix race in setting MAC address in setup phase USB: serial: cp210x: fix CP2105 GPIO registration USB: serial: option: add Telit FN990 compositions selinux: fix sleeping function called from invalid context btrfs: fix memory leak in __add_inode_ref() btrfs: fix double free of anon_dev after failure to create subvolume btrfs: check WRITE_ERR when trying to read an extent buffer btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() zonefs: add MODULE_ALIAS_FS iocost: Fix divide-by-zero on donation from low hweight cgroup serial: 8250_fintek: Fix garbled text for console timekeeping: Really make sure wall_to_monotonic isn't positive cifs: sanitize multiple delimiters in prepath locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner() riscv: dts: unleashed: Add gpio card detect to mmc-spi-slot riscv: dts: unmatched: Add gpio card detect to mmc-spi-slot perf inject: Fix segfault due to close without open perf inject: Fix segfault due to perf_data__fd() without open libata: if T_LENGTH is zero, dma direction should be DMA_NONE powerpc/module_64: Fix livepatching for RO modules drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE drm/amdgpu: don't override default ECO_BITs setting drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC Revert "can: m_can: remove support for custom bit timing" can: m_can: make custom bittiming fields const can: m_can: pci: use custom bit timings for Elkhart Lake ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name xsk: Do not sleep in poll() when need_wakeup set mptcp: add missing documented NL params bpf, x64: Factor out emission of REX byte in more cases bpf: Fix extable address check. USB: core: Make do_proc_control() and do_proc_bulk() killable media: mxl111sf: change mutex_init() location fuse: annotate lock in fuse_reverse_inval_entry() ovl: fix warning in ovl_create_real() scsi: scsi_debug: Don't call kcalloc() if size arg is zero scsi: scsi_debug: Fix type in min_t to avoid stack OOB scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() io-wq: remove spurious bit clear on task_work addition io-wq: check for wq exit after adding new worker task_work rcu: Mark accesses to rcu_state.n_force_qs io-wq: drop wqe lock before creating new worker bus: ti-sysc: Fix variable set but not used warning for reinit_modules selftests/damon: test debugfs file reads/writes with huge count Revert "xsk: Do not sleep in poll() when need_wakeup set" xen/blkfront: harden blkfront against event channel storms xen/netfront: harden netfront against event channel storms xen/console: harden hvc_xen against event channel storms xen/netback: fix rx queue stall detection xen/netback: don't queue unlimited number of packages Linux 5.15.11 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I20c400f64f45729c6f833c31ee18eb4b92f5ed89 |
||
|
Greg Kroah-Hartman
|
5ee2de48ea |
Merge 5.15.10 into android13-5.15
Changes in 5.15.10 nfc: fix segfault in nfc_genl_dump_devices_done hwmon: (corsair-psu) fix plain integer used as NULL pointer RDMA: Fix use-after-free in rxe_queue_cleanup RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow mtd: rawnand: Fix nand_erase_op delay mtd: rawnand: Fix nand_choose_best_timings() on unsupported interface inet: use #ifdef CONFIG_SOCK_RX_QUEUE_MAPPING consistently dt-bindings: media: nxp,imx7-mipi-csi2: Drop bad if/then schema clk: qcom: sm6125-gcc: Swap ops of ice and apps on sdcc1 perf bpf_skel: Do not use typedef to avoid error on old clang netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock RDMA/irdma: Fix a user-after-free in add_pble_prm RDMA/irdma: Fix a potential memory allocation issue in 'irdma_prm_add_pble_mem()' RDMA/irdma: Report correct WC errors RDMA/irdma: Don't arm the CQ more than two times if no CE for this CQ ice: fix FDIR init missing when reset VF vmxnet3: fix minimum vectors alloc issue i2c: virtio: fix completion handling drm/msm: Fix null ptr access msm_ioctl_gem_submit() drm/msm/a6xx: Fix uinitialized use of gpu_scid drm/msm/dsi: set default num_data_lanes drm/msm/dp: Avoid unpowered AUX xfers that caused crashes KVM: arm64: Save PSTATE early on exit s390/test_unwind: use raw opcode instead of invalid instruction Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" net/mlx4_en: Update reported link modes for 1/10G loop: Use pr_warn_once() for loop_control_remove() warning ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P parisc/agp: Annotate parisc agp init functions with __init i2c: rk3x: Handle a spurious start completion interrupt flag net: netlink: af_netlink: Prevent empty skb by adding a check on len. drm/amdgpu: cancel the correct hrtimer on exit drm/amdgpu: check atomic flag to differeniate with legacy path drm/amd/display: Fix for the no Audio bug with Tiled Displays drm/amdkfd: fix double free mem structure drm/amd/display: add connector type check for CRC source set drm/amdkfd: process_info lock not needed for svm tracing: Fix a kmemleak false positive in tracing_map staging: most: dim2: use device release method fuse: make sure reclaim doesn't write the inode perf inject: Fix itrace space allowed for new attributes Linux 5.15.10 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I611aba3cbaa414f3dc6e3922245e140c36cbcb14 |
||
|
deyaoren@google.com
|
469d0ebe87 |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: ANDROID: GKI: Export clocksource_mmio_init ANDROID: GKI: Export sched_clock_register Signed-off-by: deyaoren@google.com <deyaoren@google.com> Change-Id: Iff377cd09d8e33bef2c0b4254d73160b0c5128b5 |
||
|
Chun-Hung Wu
|
39b50e0685 |
ANDROID: GKI: Export sched_clock_register
clocksource driver may use sched_clock_register to resigter itself as a sched_clock source. Export it to support building such driver as module, like timer-mediatek.c Bug: 161675989 Signed-off-by: Chun-Hung Wu <chun-hung.wu@mediatek.com> Change-Id: I610b48abe1d2ec612023173bc847994c34703f56 |
||
|
Paul E. McKenney
|
a96ac0688a |
rcu: Mark accesses to rcu_state.n_force_qs
commit 2431774f04d1050292054c763070021bade7b151 upstream. This commit marks accesses to the rcu_state.n_force_qs. These data races are hard to make happen, but syzkaller was equal to the task. Reported-by: syzbot+e08a83a1940ec3846cd5@syzkaller.appspotmail.com Acked-by: Marco Elver <elver@google.com> Signed-off-by: Paul E. McKenney <paulmck@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Zqiang
|
5e14b8b268 |
locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner()
commit 8f556a326c93213927e683fc32bbf5be1b62540a upstream.
Optimistic spinning needs to be terminated when the spinning waiter is not
longer the top waiter on the lock, but the condition is negated. It
terminates if the waiter is the top waiter, which is defeating the whole
purpose.
Fixes:
|
||
|
Yu Liao
|
c5664d5086 |
timekeeping: Really make sure wall_to_monotonic isn't positive
commit 4e8c11b6b3f0b6a283e898344f154641eda94266 upstream. Even after commit |
||
|
Paul Moore
|
a5f4d17daf |
audit: improve robustness of the audit queue handling
commit f4b3ee3c85551d2d343a3ba159304066523f730f upstream.
If the audit daemon were ever to get stuck in a stopped state the
kernel's kauditd_thread() could get blocked attempting to send audit
records to the userspace audit daemon. With the kernel thread
blocked it is possible that the audit queue could grow unbounded as
certain audit record generating events must be exempt from the queue
limits else the system enter a deadlock state.
This patch resolves this problem by lowering the kernel thread's
socket sending timeout from MAX_SCHEDULE_TIMEOUT to HZ/10 and tweaks
the kauditd_send_queue() function to better manage the various audit
queues when connection problems occur between the kernel and the
audit daemon. With this patch, the backlog may temporarily grow
beyond the defined limits when the audit daemon is stopped and the
system is under heavy audit pressure, but kauditd_thread() will
continue to make progress and drain the queues as it would for other
connection problems. For example, with the audit daemon put into a
stopped state and the system configured to audit every syscall it
was still possible to shutdown the system without a kernel panic,
deadlock, etc.; granted, the system was slow to shutdown but that is
to be expected given the extreme pressure of recording every syscall.
The timeout value of HZ/10 was chosen primarily through
experimentation and this developer's "gut feeling". There is likely
no one perfect value, but as this scenario is limited in scope (root
privileges would be needed to send SIGSTOP to the audit daemon), it
is likely not worth exposing this as a tunable at present. This can
always be done at a later date if it proves necessary.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Daniel Borkmann
|
f87a6c160e |
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
commit a82fe085f344ef20b452cd5f481010ff96b5c4cd upstream.
The implementation of BPF_CMPXCHG on a high level has the following parameters:
.-[old-val] .-[new-val]
BPF_R0 = cmpxchg{32,64}(DST_REG + insn->off, BPF_R0, SRC_REG)
`-[mem-loc] `-[old-val]
Given a BPF insn can only have two registers (dst, src), the R0 is fixed and
used as an auxilliary register for input (old value) as well as output (returning
old value from memory location). While the verifier performs a number of safety
checks, it misses to reject unprivileged programs where R0 contains a pointer as
old value.
Through brute-forcing it takes about ~16sec on my machine to leak a kernel pointer
with BPF_CMPXCHG. The PoC is basically probing for kernel addresses by storing the
guessed address into the map slot as a scalar, and using the map value pointer as
R0 while SRC_REG has a canary value to detect a matching address.
Fix it by checking R0 for pointers, and reject if that's the case for unprivileged
programs.
Fixes:
|
||
|
Daniel Borkmann
|
dbda060d50 |
bpf: Make 32->64 bounds propagation slightly more robust
commit e572ff80f05c33cd0cb4860f864f5c9c044280b6 upstream. Make the bounds propagation in __reg_assign_32_into_64() slightly more robust and readable by aligning it similarly as we did back in the __reg_combine_64_into_32() counterpart. Meaning, only propagate or pessimize them as a smin/smax pair. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Daniel Borkmann
|
f77d7a35d4 |
bpf: Fix signed bounds propagation after mov32
commit 3cf2b61eb06765e27fec6799292d9fb46d0b7e60 upstream.
For the case where both s32_{min,max}_value bounds are positive, the
__reg_assign_32_into_64() directly propagates them to their 64 bit
counterparts, otherwise it pessimises them into [0,u32_max] universe and
tries to refine them later on by learning through the tnum as per comment
in mentioned function. However, that does not always happen, for example,
in mov32 operation we call zext_32_to_64(dst_reg) which invokes the
__reg_assign_32_into_64() as is without subsequent bounds update as
elsewhere thus no refinement based on tnum takes place.
Thus, not calling into the __update_reg_bounds() / __reg_deduce_bounds() /
__reg_bound_offset() triplet as we do, for example, in case of ALU ops via
adjust_scalar_min_max_vals(), will lead to more pessimistic bounds when
dumping the full register state:
Before fix:
0: (b4) w0 = -1
1: R0_w=invP4294967295
(id=0,imm=ffffffff,
smin_value=4294967295,smax_value=4294967295,
umin_value=4294967295,umax_value=4294967295,
var_off=(0xffffffff; 0x0),
s32_min_value=-1,s32_max_value=-1,
u32_min_value=-1,u32_max_value=-1)
1: (bc) w0 = w0
2: R0_w=invP4294967295
(id=0,imm=ffffffff,
smin_value=0,smax_value=4294967295,
umin_value=4294967295,umax_value=4294967295,
var_off=(0xffffffff; 0x0),
s32_min_value=-1,s32_max_value=-1,
u32_min_value=-1,u32_max_value=-1)
Technically, the smin_value=0 and smax_value=4294967295 bounds are not
incorrect, but given the register is still a constant, they break assumptions
about const scalars that smin_value == smax_value and umin_value == umax_value.
After fix:
0: (b4) w0 = -1
1: R0_w=invP4294967295
(id=0,imm=ffffffff,
smin_value=4294967295,smax_value=4294967295,
umin_value=4294967295,umax_value=4294967295,
var_off=(0xffffffff; 0x0),
s32_min_value=-1,s32_max_value=-1,
u32_min_value=-1,u32_max_value=-1)
1: (bc) w0 = w0
2: R0_w=invP4294967295
(id=0,imm=ffffffff,
smin_value=4294967295,smax_value=4294967295,
umin_value=4294967295,umax_value=4294967295,
var_off=(0xffffffff; 0x0),
s32_min_value=-1,s32_max_value=-1,
u32_min_value=-1,u32_max_value=-1)
Without the smin_value == smax_value and umin_value == umax_value invariant
being intact for const scalars, it is possible to leak out kernel pointers
from unprivileged user space if the latter is enabled. For example, when such
registers are involved in pointer arithmtics, then adjust_ptr_min_max_vals()
will taint the destination register into an unknown scalar, and the latter
can be exported and stored e.g. into a BPF map value.
Fixes:
|
||
|
Daniel Borkmann
|
423628125a |
bpf: Fix kernel address leakage in atomic fetch
commit 7d3baf0afa3aa9102d6a521a8e4c41888bb79882 upstream. The change in commit |
||
|
Chen Jun
|
9985d29c47 |
tracing: Fix a kmemleak false positive in tracing_map
[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ]
Doing the command:
echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger
Triggers many kmemleak reports:
unreferenced object 0xffff0000c7ea4980 (size 128):
comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
[<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
[<00000000633bd154>] tracing_map_init+0x1f8/0x268
[<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
[<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
[<00000000f549355a>] event_trigger_write+0x7c/0x120
[<00000000b80f898d>] vfs_write+0xc4/0x380
[<00000000823e1055>] ksys_write+0x74/0xf8
[<000000008a9374aa>] __arm64_sys_write+0x24/0x30
[<0000000087124017>] do_el0_svc+0x88/0x1c0
[<00000000efd0dcd1>] el0_svc+0x1c/0x28
[<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
[<00000000e7399680>] el0_sync+0x148/0x180
unreferenced object 0xffff0000c7ea4980 (size 128):
comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
[<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
[<00000000633bd154>] tracing_map_init+0x1f8/0x268
[<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
[<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
[<00000000f549355a>] event_trigger_write+0x7c/0x120
[<00000000b80f898d>] vfs_write+0xc4/0x380
[<00000000823e1055>] ksys_write+0x74/0xf8
[<000000008a9374aa>] __arm64_sys_write+0x24/0x30
[<0000000087124017>] do_el0_svc+0x88/0x1c0
[<00000000efd0dcd1>] el0_svc+0x1c/0x28
[<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
[<00000000e7399680>] el0_sync+0x148/0x180
The reason is elts->pages[i] is alloced by get_zeroed_page.
and kmemleak will not scan the area alloced by get_zeroed_page.
The address stored in elts->pages will be regarded as leaked.
That is, the elts->pages[i] will have pointers loaded onto it as well, and
without telling kmemleak about it, those pointers will look like memory
without a reference.
To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]
Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
deyaoren@google.com
|
17c2e7594c |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: (174 commits) ANDROID: Fix wrong pr_err type specifier in remove_memory_subsection ANDROID: GKI: update symbol list for usleep_range change Linux 5.15.8 bpf: Add selftests to cover packet access corner cases clocksource/drivers/dw_apb_timer_of: Fix probe failure misc: fastrpc: fix improper packet size calculation irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL aio: Fix incorrect usage of eventfd_signal_allowed() irqchip/armada-370-xp: Fix support for Multi-MSI interrupts irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() irqchip/aspeed-scu: Replace update_bits with write_bits. csky: fix typo of fpu config macro bus: mhi: core: Add support for forced PM resume bus: mhi: pci_generic: Fix device recovery failed issue nvmem: eeprom: at25: fix FRAM byte_len misc: rtsx: Avoid mangling IRQ during runtime PM iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: ad7768-1: Call iio_trigger_notify_done() on error iio: adc: axp20x_adc: fix charging current reporting on AXP22x ... Signed-off-by: deyaoren@google.com <deyaoren@google.com> Change-Id: If475ed7fb14da595590f0cfa021e002b2bc299a2 |
||
|
deyaoren@google.com
|
4e79193d40 |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15: ANDROID: GKI: update virtual device symbol list UPSTREAM: arm64: dts: qcom: qrb5165-rb5: Add msm-id and board-id UPSTREAM: arm64: dts: qcom: sdm845-db845c: Add msm-id and board-id ANDROID: GKI: Add VLAN_8021Q ANDROID: sched: add hook point in do_sched_yield() Signed-off-by: deyaoren@google.com <deyaoren@google.com> Change-Id: I3d388aaa4ceb19a1e9d154a8b97fc339fdd7fb99 |
||
|
Greg Kroah-Hartman
|
1dcc7190fe |
Merge 5.15.8 into android13-5.15
Changes in 5.15.8
usb: gadget: uvc: fix multiple opens
HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
HID: google: add eel USB id
HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested
HID: add hid_is_usb() function to make it simpler for USB detection
HID: add USB_HID dependancy to hid-prodikeys
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy on some USB HID drivers
HID: bigbenff: prevent null pointer dereference
HID: wacom: fix problems when device is not a valid USB device
HID: check for valid USB device for many HID drivers
mtd: dataflash: Add device-tree SPI IDs
mmc: spi: Add device-tree SPI IDs
HID: sony: fix error path in probe
HID: Ignore battery for Elan touchscreen on Asus UX550VE
platform/x86/intel: hid: add quirk to support Surface Go 3
nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups
IB/hfi1: Insure use of smp_processor_id() is preempt disabled
IB/hfi1: Fix early init panic
IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
can: kvaser_usb: get CAN clock frequency from device
can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
can: sja1000: fix use after free in ems_pcmcia_add_card()
can: pch_can: pch_can_rx_normal: fix use after free
can: m_can: m_can_read_fifo: fix memory leak in error branch
can: m_can: pci: fix incorrect reference clock rate
can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo()
can: m_can: Disable and ignore ELO interrupt
net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's"
net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
x86/sme: Explicitly map new EFI memmap table as encrypted
platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
selftests: netfilter: add a vrf+conntrack testcase
vrf: don't run conntrack on vrf with !dflt qdisc
bpf, x86: Fix "no previous prototype" warning
bpf, sockmap: Attach map progs to psock early for feature probes
bpf: Make sure bpf_disable_instrumentation() is safe vs preemption.
bpf: Fix the off-by-two error in range markings
ice: ignore dropped packets during init
ethtool: do not perform operations on net devices being unregistered
bonding: make tx_rebalance_counter an atomic
nfp: Fix memory leak in nfp_cpp_area_cache_add()
seg6: fix the iif in the IPv6 socket control block
udp: using datalen to cap max gso segments
netfilter: nft_exthdr: break evaluation if setting TCP option fails
netfilter: conntrack: annotate data-races around ct->timeout
iavf: restore MSI state on reset
iavf: Fix reporting when setting descriptor count
IB/hfi1: Correct guard on eager buffer deallocation
devlink: fix netns refcount leak in devlink_nl_cmd_reload()
net: bcm4908: Handle dma_set_coherent_mask error codes
net: dsa: mv88e6xxx: error handling for serdes_power functions
net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
net/sched: fq_pie: prevent dismantle issue
net: mvpp2: fix XDP rx queues registering
KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit
KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall
timers: implement usleep_idle_range()
mm/damon/core: fix fake load reports due to uninterruptible sleeps
mm/slub: fix endianness bug for alloc/free_traces attributes
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
ALSA: ctl: Fix copy of updated id with element read/write
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
cifs: Fix crash on unload of cifs_arc4.ko
scsi: qla2xxx: Format log strings only if needed
btrfs: clear extent buffer uptodate when we fail to write it
btrfs: fix re-dirty process of tree-log nodes
btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
btrfs: free exchange changeset on failures
perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage
perf intel-pt: Fix sync state when a PSB (synchronization) packet is found
perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type
perf intel-pt: Fix state setting when receiving overflow (OVF) packet
perf intel-pt: Fix next 'err' value, walking trace
perf intel-pt: Fix missing 'instruction' events with 'q' option
perf intel-pt: Fix error timestamp setting on the decoder error path
md: fix update super 1.0 on rdev size change
nfsd: fix use-after-free due to delegation race
nfsd: Fix nsfd startup race (again)
tracefs: Have new files inherit the ownership of their parent
selftests: KVM: avoid failures due to reserved HyperTransport region
hwmon: (pwm-fan) Ensure the fan going on in .probe()
mmc: renesas_sdhi: initialize variable properly when tuning
clk: qcom: regmap-mux: fix parent clock lookup
thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL
drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
libata: add horkage for ASMedia 1092
io_uring: ensure task_work gets run as part of cancelations
wait: add wake_up_pollfree()
binder: use wake_up_pollfree()
signalfd: use wake_up_pollfree()
aio: keep poll requests on waitqueue until completed
aio: fix use-after-free due to missing POLLFREE handling
tracefs: Set all files to the same group ownership as the mount option
i2c: mpc: Use atomic read and fix break condition
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
scsi: scsi_debug: Fix buffer size of REPORT ZONES command
ALSA: usb-audio: Reorder snd_djm_devices[] entries
qede: validate non LSO skb length
PM: runtime: Fix pm_runtime_active() kerneldoc comment
ASoC: rt5682: Fix crash due to out of scope stack vars
ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
ASoC: codecs: wsa881x: fix return values from kcontrol put
ASoC: codecs: wcd934x: handle channel mappping list correctly
ASoC: codecs: wcd934x: return correct value from mixer put
RDMA/hns: Do not halt commands during reset until later
RDMA/hns: Do not destroy QP resources in the hw resetting phase
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
clk: imx: use module_platform_driver
clk: qcom: clk-alpha-pll: Don't reconfigure running Trion
i40e: Fix failed opcode appearing if handling messages from VF
i40e: Fix pre-set max number of queues for VF
mtd: rawnand: fsmc: Take instruction delay into account
mtd: rawnand: fsmc: Fix timing computation
bpf, sockmap: Re-evaluate proto ops when psock is removed from sockmap
i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge"
drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
perf tools: Fix SMT detection fast read path
Documentation/locking/locktypes: Update migrate_disable() bits.
dt-bindings: net: Reintroduce PHY no lane swap binding
tools build: Remove needless libpython-version feature check that breaks test-all fast path
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
net: altera: set a couple error code in probe()
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net, neigh: clear whole pneigh_entry at alloc time
net/qla3xxx: fix an error code in ql_adapter_up()
selftests/fib_tests: Rework fib_rp_filter_test()
USB: gadget: detect too-big endpoint 0 requests
USB: gadget: zero allocate endpoint 0 buffers
Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property by default"
usb: core: config: fix validation of wMaxPacketValue entries
xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
usb: core: config: using bit mask instead of individual bits
xhci: avoid race between disable slot command and host runtime suspend
iio: gyro: adxrs290: fix data signedness
iio: trigger: Fix reference counting
iio: trigger: stm32-timer: fix MODULE_ALIAS
iio: stk3310: Don't return error code in interrupt handler
iio: mma8452: Fix trigger reference couting
iio: ltr501: Don't return error code in trigger handler
iio: kxsd9: Don't return error code in trigger handler
iio: itg3200: Call iio_trigger_notify_done() on error
iio: dln2-adc: Fix lockdep complaint
iio: dln2: Check return value of devm_iio_trigger_register()
iio: at91-sama5d2: Fix incorrect sign extension
iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: ad7768-1: Call iio_trigger_notify_done() on error
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
misc: rtsx: Avoid mangling IRQ during runtime PM
nvmem: eeprom: at25: fix FRAM byte_len
bus: mhi: pci_generic: Fix device recovery failed issue
bus: mhi: core: Add support for forced PM resume
csky: fix typo of fpu config macro
irqchip/aspeed-scu: Replace update_bits with write_bits.
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
aio: Fix incorrect usage of eventfd_signal_allowed()
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip: nvic: Fix offset for Interrupt Priority Offsets
misc: fastrpc: fix improper packet size calculation
clocksource/drivers/dw_apb_timer_of: Fix probe failure
bpf: Add selftests to cover packet access corner cases
Linux 5.15.8
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4d543d6826c20e322ce477fe82c462791dc36ce4
|
||
|
Tengfei Fan
|
46161882da |
ANDROID: sched: add hook point in do_sched_yield()
When a task yields, it relinquishes the cpu and scheduler is tasked to find another task. However our vendor scheduler logic implementation could return the same task leading to a loop where the yielded task gets to run back, so add hook point in do_sched_yield() for vendor can do some work before task is scheduled. Bug: 205804537 Change-Id: I6528c3f4b0ee360559ef9c97cb1eb2b2d1357870 Signed-off-by: Tengfei Fan <quic_tengfan@quicinc.com> Signed-off-by: Sai Harshini Nimmala <quic_snimmala@quicinc.com> |
||
|
Eric Biggers
|
1ebb6cd8c7 |
wait: add wake_up_pollfree()
commit 42288cb44c4b5fff7653bc392b583a2b8bd6a8c0 upstream. Several ->poll() implementations are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay for blocking polls, since a blocking poll occurs within one task; however, non-blocking polls require another solution. This solution is for the queue to be cleared before it is freed, using 'wake_up_poll(wq, EPOLLHUP | POLLFREE);'. However, that has a bug: wake_up_poll() calls __wake_up() with nr_exclusive=1. Therefore, if there are multiple "exclusive" waiters, and the wakeup function for the first one returns a positive value, only that one will be called. That's *not* what's needed for POLLFREE; POLLFREE is special in that it really needs to wake up everyone. Considering the three non-blocking poll systems: - io_uring poll doesn't handle POLLFREE at all, so it is broken anyway. - aio poll is unaffected, since it doesn't support exclusive waits. However, that's fragile, as someone could add this feature later. - epoll doesn't appear to be broken by this, since its wakeup function returns 0 when it sees POLLFREE. But this is fragile. Although there is a workaround (see epoll), it's better to define a function which always sends POLLFREE to all waiters. Add such a function. Also make it verify that the queue really becomes empty after all waiters have been woken up. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211209010455.42744-2-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
SeongJae Park
|
5a960e533c |
timers: implement usleep_idle_range()
commit e4779015fd5d2fb8390c258268addff24d6077c7 upstream. Patch series "mm/damon: Fix fake /proc/loadavg reports", v3. This patchset fixes DAMON's fake load report issue. The first patch makes yet another variant of usleep_range() for this fix, and the second patch fixes the issue of DAMON by making it using the newly introduced function. This patch (of 2): Some kernel threads such as DAMON could need to repeatedly sleep in micro seconds level. Because usleep_range() sleeps in uninterruptible state, however, such threads would make /proc/loadavg reports fake load. To help such cases, this commit implements a variant of usleep_range() called usleep_idle_range(). It is same to usleep_range() but sets the state of the current task as TASK_IDLE while sleeping. Link: https://lkml.kernel.org/r/20211126145015.15862-1-sj@kernel.org Link: https://lkml.kernel.org/r/20211126145015.15862-2-sj@kernel.org Signed-off-by: SeongJae Park <sj@kernel.org> Suggested-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Cc: John Stultz <john.stultz@linaro.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Maxim Mikityanskiy
|
b4fb67fd1a |
bpf: Fix the off-by-two error in range markings
commit 2fa7d94afc1afbb4d702760c058dc2d7ed30f226 upstream.
The first commit cited below attempts to fix the off-by-one error that
appeared in some comparisons with an open range. Due to this error,
arithmetically equivalent pieces of code could get different verdicts
from the verifier, for example (pseudocode):
// 1. Passes the verifier:
if (data + 8 > data_end)
return early
read *(u64 *)data, i.e. [data; data+7]
// 2. Rejected by the verifier (should still pass):
if (data + 7 >= data_end)
return early
read *(u64 *)data, i.e. [data; data+7]
The attempted fix, however, shifts the range by one in a wrong
direction, so the bug not only remains, but also such piece of code
starts failing in the verifier:
// 3. Rejected by the verifier, but the check is stricter than in #1.
if (data + 8 >= data_end)
return early
read *(u64 *)data, i.e. [data; data+7]
The change performed by that fix converted an off-by-one bug into
off-by-two. The second commit cited below added the BPF selftests
written to ensure than code chunks like #3 are rejected, however,
they should be accepted.
This commit fixes the off-by-two error by adjusting new_range in the
right direction and fixes the tests by changing the range into the
one that should actually fail.
Fixes:
|
||
|
deyaoren@google.com
|
b84e063d06 |
Merge keystone/mirror-android13-5.15 into keystone/android13-5.15-keystone-qcom-dev
* keystone/mirror-android13-5.15:
ANDROID: clang: update to 14.0.0
FROMGIT: clk: Don't parent clks until the parent is fully registered
ANDROID: sched: Introducing PELT multiplier
ANDROID: mm/memory_hotplug: Relax remove_memory_subsection error checking
ANDROID: mm/memory_hotplug: fix check for proper subsection removal
ANDROID: mm/memory_hotplug: implement {add/remove}_memory_subsection
Signed-off-by: deyaoren@google.com <deyaoren@google.com>
Change-Id: Ifb0a84b965d4418b694d16f876d5ef69c2e684f9
|
||
|
Elliot Berman
|
6075de7607 |
ANDROID: qki: Add hidden config option for RCUTORTURE
Add hidden configuration for RCUTORTURE module so they can be
enabled through GKI_HIDDEN configurations required for some debug
related defconfigs.
Bug: 191628908
Change-Id: I3f0056fa22b01902ff2b0a6d2edae4fafbc8aa86
Signed-off-by: Elliot Berman <eberman@codeaurora.org>
Signed-off-by: Jeevan Shriram <jshriram@codeaurora.org>
(cherry picked from commit
|
||
|
Vincent Donnefort
|
889f8be857 |
ANDROID: sched: Introducing PELT multiplier
The new sysctl sched_pelt_multiplier allows a user to set a clock multiplier x2 or x4 (x1 being the default). This clock multiplier artificially speed-up PELT ramp up/down similarly to a faster half-life. Indeed, if we write PELT as a first order filter: y(t) = G * (1 - exp(t/tau)) Then we can see that multiplying the time by a constant X, is the same as dividing the time constant tau by X. y(t) = G * (1 - exp((t*X)/tau)) y(t) = G * (1 - exp(t/(tau/X))) Tau being half-life*ln(2), multiplying the PELT time is the same as dividing the half-life: - x1: 32ms half-life - x2: 16ms half-life - x4: 8ms half-life Internally, a new clock is created: rq->clock_task_mult. It sits in the clock hierarchy between rq->clock_task and rq->clock_pelt. Bug: 177593580 Change-Id: I67e6ca7994bebea22bf75732ee11d2b10e0d6b7e Suggested-by: Morten Rasmussen <morten.rasmussen@arm.com> Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com> |
||
|
Greg Kroah-Hartman
|
e5f6d1dffb |
Merge 5.15.7 into android13-5.15
Changes in 5.15.7 ALSA: usb-audio: Restrict rates for the shared clocks ALSA: usb-audio: Rename early_playback_start flag with lowlatency_playback ALSA: usb-audio: Disable low-latency playback for free-wheel mode ALSA: usb-audio: Disable low-latency mode for implicit feedback sync ALSA: usb-audio: Check available frames for the next packet size ALSA: usb-audio: Add spinlock to stop_urbs() ALSA: usb-audio: Improved lowlatency playback support ALSA: usb-audio: Avoid killing in-flight URBs during draining ALSA: usb-audio: Fix packet size calculation regression ALSA: usb-audio: Less restriction for low-latency playback mode ALSA: usb-audio: Switch back to non-latency mode at a later point ALSA: usb-audio: Don't start stream for capture at prepare gfs2: release iopen glock early in evict gfs2: Fix length of holes reported at end-of-file powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY mac80211: do not access the IV when it was stripped mac80211: fix throughput LED trigger x86/hyperv: Move required MSRs check to initial platform probing net/smc: Transfer remaining wait queue entries during fallback atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait net: return correct error code pinctrl: qcom: fix unmet dependencies on GPIOLIB for GPIOLIB_IRQCHIP platform/x86: dell-wmi-descriptor: disable by default platform/x86: thinkpad_acpi: Add support for dual fan control platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit btrfs: silence lockdep when reading chunk tree during mount btrfs: check-integrity: fix a warning on write caching disabled disk thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler net: usb: r8152: Add MAC passthrough support for more Lenovo Docks drm/amd/pm: Remove artificial freq level on Navi1x drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again drm/amd/amdgpu: fix potential memleak ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile ata: libahci: Adjust behavior when StorageD3Enable _DSD is set ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() ipv6: check return value of ipv6_skip_exthdr net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() perf sort: Fix the 'weight' sort key behavior perf sort: Fix the 'ins_lat' sort key behavior perf sort: Fix the 'p_stage_cyc' sort key behavior perf inject: Fix ARM SPE handling perf hist: Fix memory leak of a perf_hpp_fmt perf report: Fix memory leaks around perf_tip() tracing: Don't use out-of-sync va_list in event printing net/smc: Avoid warning of possible recursive locking ACPI: Add stubs for wakeup handler functions net/tls: Fix authentication failure in CCM mode vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver rt2x00: do not mark device gone on EPROTO errors during start ipmi: Move remove_work to dedicated workqueue cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() iwlwifi: mvm: retry init flow if failed dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow s390/pci: move pseudo-MMIO to prevent MIO overlap fget: check that the fd still exists after getting a ref to it sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO scsi: ufs: ufs-pci: Add support for Intel ADL ipv6: fix memory leak in fib6_rule_suppress drm/amd/display: Allow DSC on supported MST branch devices drm/i915/dp: Perform 30ms delay after source OUI write KVM: fix avic_set_running for preemptable kernels KVM: Disallow user memslot with size that exceeds "unsigned long" KVM: x86/mmu: Fix TLB flush range when handling disconnected pt KVM: Ensure local memslot copies operate on up-to-date arch-specific data KVM: x86: ignore APICv if LAPIC is not enabled KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled KVM: x86: Use a stable condition around all VT-d PI paths KVM: MMU: shadow nested paging does not have PKU KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1 KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() KVM: x86: check PIR even for vCPUs with disabled APICv tracing/histograms: String compares should not care about signed values net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed wireguard: selftests: increase default dmesg log size wireguard: allowedips: add missing __rcu annotation to satisfy sparse wireguard: selftests: actually test for routing loops wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST wireguard: device: reset peer src endpoint when netns exits wireguard: receive: use ring buffer for incoming handshakes wireguard: receive: drop handshakes if queue lock is contended wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() i2c: stm32f7: flush TX FIFO upon transfer errors i2c: stm32f7: recover the bus on access timeout i2c: stm32f7: stop dma transfer in case of NACK i2c: cbus-gpio: set atomic transfer callback natsemi: xtensa: fix section mismatch warnings tcp: fix page frag corruption on page fault net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() net: mpls: Fix notifications when deleting a device siphash: use _unaligned version by default arm64: ftrace: add missing BTIs iwlwifi: fix warnings produced by kernel debug options net/mlx5e: IPsec: Fix Software parser inner l3 type setting in case of encapsulation net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() selftests: net: Correct case name net: dsa: b53: Add SPI ID table mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode ASoC: tegra: Fix wrong value type in ADMAIF ASoC: tegra: Fix wrong value type in I2S ASoC: tegra: Fix wrong value type in DMIC ASoC: tegra: Fix wrong value type in DSPK ASoC: tegra: Fix kcontrol put callback in ADMAIF ASoC: tegra: Fix kcontrol put callback in I2S ASoC: tegra: Fix kcontrol put callback in DMIC ASoC: tegra: Fix kcontrol put callback in DSPK ASoC: tegra: Fix kcontrol put callback in AHUB rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net: marvell: mvpp2: Fix the computation of shared CPUs dpaa2-eth: destroy workqueue at the end of remove function octeontx2-af: Fix a memleak bug in rvu_mbox_init() net: annotate data-races on txq->xmit_lock_owner ipv4: convert fib_num_tclassid_users to atomic_t net/smc: fix wrong list_del in smc_lgr_cleanup_early net/rds: correct socket tunable error in rds_tcp_tune() net/smc: Keep smc_close_final rc during active close drm/msm/a6xx: Allocate enough space for GMU registers drm/msm: Do hw_init() before capturing GPU state drm/vc4: kms: Wait for the commit before increasing our clock rate drm/vc4: kms: Fix return code check drm/vc4: kms: Add missing drm_crtc_commit_put drm/vc4: kms: Clear the HVS FIFO commit pointer once done drm/vc4: kms: Don't duplicate pending commit drm/vc4: kms: Fix previous HVS commit wait atlantic: Increase delay for fw transactions atlatnic: enable Nbase-t speeds with base-t atlantic: Fix to display FW bundle version instead of FW mac version. atlantic: Add missing DIDs and fix 115c. Remove Half duplex mode speed capabilities. atlantic: Fix statistics logic for production hardware atlantic: Remove warn trace message. KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() drm/msm/devfreq: Fix OPP refcnt leak drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP drm/msm: Fix wait_fence submitqueue leak drm/msm: Restore error return on invalid fence ASoC: rk817: Add module alias for rk817-codec iwlwifi: Fix memory leaks in error handling path KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 KVM: SEV: initialize regions_list of a mirror VM net/mlx5e: Fix missing IPsec statistics on uplink representor net/mlx5: Move MODIFY_RQT command to ignore list in internal error state net/mlx5: E-switch, Respect BW share of the new group net/mlx5: E-Switch, fix single FDB creation on BlueField net/mlx5: E-Switch, Check group pointer before reading bw_share value KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register KVM: VMX: Set failure code in prepare_vmcs02() mctp: Don't let RTM_DELROUTE delete local routes Revert "drm/i915: Implement Wa_1508744258" io-wq: don't retry task_work creation failure on fatal conditions x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() x86/entry: Use the correct fence macro after swapgs in kernel CR3 x86/xen: Add xenpv_restore_regs_and_return_to_usermode() preempt/dynamic: Fix setup_preempt_mode() return value sched/uclamp: Fix rq->uclamp_max not set on first enqueue KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path net/mlx5e: Rename lro_timeout to packet_merge_timeout net/mlx5e: Rename TIR lro functions to TIR packet merge functions net/mlx5e: Sync TIR params updates against concurrent create/modify serial: 8250_bcm7271: UART errors after resuming from S2 parisc: Fix KBUILD_IMAGE for self-extracting kernel parisc: Fix "make install" on newer debian releases parisc: Mark cr16 CPU clocksource unstable on all SMP machines vgacon: Propagate console boot parameters before calling `vc_resize' xhci: Fix commad ring abort, write all 64 bits to CRCR register. USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() x86/tsc: Add a timer to make sure TSC_adjust is always checked x86/tsc: Disable clocksource watchdog for TSC on qualified platorms x86/64/mm: Map all kernel memory into trampoline_pgd tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 serial: core: fix transmit-buffer reset and memleak serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array serial: 8250_pci: rewrite pericom_do_set_divisor() serial: 8250: Fix RTS modem control while in rs485 mode serial: liteuart: Fix NULL pointer dereference in ->remove() serial: liteuart: fix use-after-free and memleak on unbind serial: liteuart: fix minor-number leak on probe errors ipmi: msghandler: Make symbol 'remove_work_wq' static Linux 5.15.7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9300a10911f6205d2fb76f18255b017d34d68d1d |
||
|
Qais Yousef
|
a246d92dda |
sched/uclamp: Fix rq->uclamp_max not set on first enqueue
[ Upstream commit 315c4f884800c45cb6bd8c90422fad554a8b9588 ] Commit |
||
|
Andrew Halaney
|
fcf7147760 |
preempt/dynamic: Fix setup_preempt_mode() return value
[ Upstream commit 9ed20bafc85806ca6c97c9128cec46c3ef80ae86 ]
__setup() callbacks expect 1 for success and 0 for failure. Correct the
usage here to reflect that.
Fixes:
|
||
|
Steven Rostedt (VMware)
|
f7b4f571d5 |
tracing/histograms: String compares should not care about signed values
commit 450fec13d9170127678f991698ac1a5b05c02e2f upstream.
When comparing two strings for the "onmatch" histogram trigger, fields
that are strings use string comparisons, which do not care about being
signed or not.
Do not fail to match two string fields if one is unsigned char array and
the other is a signed char array.
Link: https://lore.kernel.org/all/20211129123043.5cfd687a@gandalf.local.home/
Cc: stable@vgerk.kernel.org
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: Yafang Shao <laoar.shao@gmail.com>
Fixes:
|
||
|
Masami Hiramatsu
|
16ccd481e3 |
kprobes: Limit max data_size of the kretprobe instances
commit 6bbfa44116689469267f1a6e3d233b52114139d2 upstream.
The 'kprobe::data_size' is unsigned, thus it can not be negative. But if
user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
+ sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
kretprobe_instance) or zero. In result, the kretprobe_instance are
allocated without enough memory, and kretprobe accesses outside of
allocated memory.
To avoid this issue, introduce a max limitation of the
kretprobe::data_size. 4KB per instance should be OK.
Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Nikita Yushchenko
|
859ea5a20e |
tracing: Don't use out-of-sync va_list in event printing
[ Upstream commit 2ef75e9bd2c998f1c6f6f23a3744136105ddefd5 ] If trace_seq becomes full, trace_seq_vprintf() no longer consumes arguments from va_list, making va_list out of sync with format processing by trace_check_vprintf(). This causes va_arg() in trace_check_vprintf() to return wrong positional argument, which results into a WARN_ON_ONCE() hit. ftrace_stress_test from LTP triggers this situation. Fix it by explicitly avoiding further use if va_list at the point when it's consistency can no longer be guaranteed. Link: https://lkml.kernel.org/r/20211118145516.13219-1-nikita.yushchenko@virtuozzo.com Signed-off-by: Nikita Yushchenko <nikita.yushchenko@virtuozzo.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Rick Yiu
|
7aa82e72a1 |
ANDROID: sched: Export available_idle_cpu
Previously idle_cpu is exported which is used by vendor module to check if a cpu is in idle state, but later we think available_idle_cpu is better than idle_cpu because it also checks vcpu_is_preempted. Bug: 171740453 Change-Id: I17ccc4925650431f334a9eb2bbc94a138ab36ae0 Signed-off-by: Rick Yiu <rickyiu@google.com> Signed-off-by: Will McVicker <willmcvicker@google.com> Signed-off-by: Shaleen Agrawal <quic_shalagra@quicinc.com> |
||
|
Rick Yiu
|
f0a317610a |
ANDROID: sched: Export symbol for vendor RT hook funcion
Export task_may_not_preempt. Bug: 174030348 Change-Id: I71b50f876306811f008414096043b883dc43b4d5 Signed-off-by: Rick Yiu <rickyiu@google.com> Signed-off-by: Will McVicker <willmcvicker@google.com> Signed-off-by: Shaleen Agrawal <quic_shalagra@quicinc.com> |
||
|
Rick Yiu
|
468e34ac93 |
ANDROID: sched: Export symbol for vendor RT hook funcion
Export cpupri_find_fitness. Bug: 174030348 Change-Id: I47b2af2395bc7a618eb4f4af4469cc2422e25446 Signed-off-by: Rick Yiu <rickyiu@google.com> Signed-off-by: Will McVicker <willmcvicker@google.com> Signed-off-by: Shaleen Agrawal <quic_shalagra@quicinc.com> |
||
|
Satya Durga Srinivasu Prabhala
|
c44fcf911c |
ANDROID: sched/fair: fix place_entity() vendor hook
place_entity() vendor hook is meant to tweak vruntime by vendor modules as needed, but with current form of the hook that is not possible as vruntime is passed by it's value. Fix it by switching to pass by reference. Bug: 175448877 Change-Id: Ibb51592f94da31019fa98a6767d080ec61daafe6 Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org> |
||
|
Quentin Perret
|
3efa38ae9b |
ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE
There is currently nothing preventing tasks from changing their per-task clamp values in anyway that they like. The rationale is probably that system administrators are still able to limit those clamps thanks to the cgroup interface. However, this causes pain in a system where both per-task and per-cgroup clamp values are expected to be under the control of core system components (as is the case for Android). To fix this, let's require CAP_SYS_NICE to change per-task clamp values. There are ongoing discussions upstream about more flexible approaches than this using the RLIMIT API -- see [1]. But the upstream discussion has not converged yet, and this is way too late for UAPI changes in android12-5.10 anyway, so let's apply this change which provides the behaviour we want without actually impacting UAPIs. [1] https://lore.kernel.org/lkml/20210623123441.592348-4-qperret@google.com/ Bug: 187186685 Signed-off-by: Quentin Perret <qperret@google.com> Change-Id: I749312a77306460318ac5374cf243d00b78120dd |
||
|
Greg Kroah-Hartman
|
eb2f3d6b8d |
Merge 5.15.6 into android13-5.15
Changes in 5.15.6 scsi: sd: Fix sd_do_mode_sense() buffer length handling ACPI: Get acpi_device's parent from the parent field ACPI: CPPC: Add NULL pointer check to cppc_get_perf() USB: serial: pl2303: fix GC type detection USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: dwc2: gadget: Fix ISOC flow for elapsed frames usb: dwc2: hcd_queue: Fix use of floating point literal usb: dwc3: leave default DMA for PCI devices usb: dwc3: core: Revise GHWPARAMS9 offset usb: dwc3: gadget: Ignore NoStream after End Transfer usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer usb: dwc3: gadget: Fix null pointer exception net: usb: Correct PHY handling of smsc95xx net: nexthop: fix null pointer dereference when IPv6 is not enabled usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts usb: xhci: tegra: Check padctrl interrupt presence in device tree usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 media: cec: copy sequence field for the reply Revert "parisc: Fix backtrace to always include init funtion names" HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging/fbtft: Fix backlight staging: greybus: Add missing rwsem around snd_ctl_remove() calls staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() staging: r8188eu: Use kzalloc() with GFP_ATOMIC in atomic context staging: r8188eu: Fix breakage introduced when 5G code was removed staging: r8188eu: use GFP_ATOMIC under spinlock staging: r8188eu: fix a memory leak in rtw_wx_read32() fuse: release pipe buf after last use xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init io_uring: correct link-list traversal locking io_uring: fail cancellation for EXITING tasks io_uring: fix link traversal locking drm/amdgpu: IH process reset count when restart drm/amdgpu/pm: fix powerplay OD interface drm/nouveau: recognise GA106 ksmbd: downgrade addition info error msg to debug in smb2_get_info_sec() ksmbd: contain default data stream even if xattr is empty ksmbd: fix memleak in get_file_stream_info() KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB tracing/uprobe: Fix uprobe_perf_open probes iteration tracing: Fix pid filtering when triggers are attached mmc: sdhci-esdhc-imx: disable CMDQ support mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB mdio: aspeed: Fix "Link is Down" issue arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd cpufreq: intel_pstate: Fix active mode offline/online EPP handling powerpc/32: Fix hardlockup on vmap stack overflow iomap: Fix inline extent handling in iomap_readpage NFSv42: Fix pagecache invalidation after COPY/CLONE PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() PCI: aardvark: Implement re-issuing config requests on CRS response PCI: aardvark: Simplify initialization of rootcap on virtual bridge PCI: aardvark: Fix link training drm/amd/display: Fix OLED brightness control on eDP proc/vmcore: fix clearing user buffer by properly using clear_user() ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY netfilter: ctnetlink: do not erase error code with EINVAL netfilter: ipvs: Fix reuse connection if RS weight is 0 netfilter: flowtable: fix IPv6 tunnel addr match media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86 firmware: arm_scmi: Fix null de-reference on error path ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ARM: dts: bcm2711: Fix PCIe interrupts ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ASoC: codecs: wcd938x: fix volatile register range ASoC: codecs: wcd934x: return error code correctly from hw_params ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask net: ieee802154: handle iftypes as u32 firmware: arm_scmi: Fix base agent discover response firmware: arm_scmi: pm: Propagate return value to caller ASoC: stm32: i2s: fix 32 bits channel length without mclk NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() scsi: mpt3sas: Fix kernel panic during drive powercycle test scsi: mpt3sas: Fix system going into read-only mode scsi: mpt3sas: Fix incorrect system timestamp drm/vc4: fix error code in vc4_create_object() drm/aspeed: Fix vga_pw sysfs output net: marvell: prestera: fix brige port operation net: marvell: prestera: fix double free issue on err path HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields HID: input: set usage type to key on keycode remap HID: magicmouse: prevent division by 0 on scroll iavf: Prevent changing static ITR values if adaptive moderation is on iavf: Fix refreshing iavf adapter stats on ethtool request iavf: Fix VLAN feature flags after VFR x86/pvh: add prototype for xen_pvh_init() xen/pvh: add missing prototype to header ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec mptcp: fix delack timer mptcp: use delegate action to schedule 3rd ack retrans af_unix: fix regression in read after shutdown firmware: smccc: Fix check for ARCH_SOC_ID not implemented ipv6: fix typos in __ip6_finish_output() nfp: checking parameter process for rx-usecs/tx-usecs is invalid net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls net: ipv6: add fib6_nh_release_dsts stub net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group ice: fix vsi->txq_map sizing ice: avoid bpf_prog refcount underflow scsi: core: sysfs: Fix setting device state to SDEV_RUNNING scsi: scsi_debug: Zero clear zones at reset write pointer erofs: fix deadlock when shrink erofs slab i2c: virtio: disable timeout handling net/smc: Ensure the active closing peer first closes clcsock mlxsw: spectrum: Protect driver from buggy firmware net: ipa: directly disable ipa-setup-ready interrupt net: ipa: separate disabling setup from modem stop net: ipa: kill ipa_cmd_pipeline_clear() net: marvell: mvpp2: increase MTU limit when XDP enabled cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs nvmet-tcp: fix incomplete data digest send drm/hyperv: Fix device removal on Gen1 VMs arm64: uaccess: avoid blocking within critical sections net/ncsi : Add payload to be 32-bit aligned to fix dropped packets PM: hibernate: use correct mode for swsusp_close() drm/amd/display: Fix DPIA outbox timeout after GPU reset drm/amd/display: Set plane update flags for all planes in reset tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows lan743x: fix deadlock in lan743x_phy_link_status_change() net: phylink: Force link down and retrigger resolve on interface change net: phylink: Force retrigger in case of latched link-fail indicator net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() net/smc: Fix loop in smc_listen nvmet: use IOCB_NOWAIT only if the filesystem supports it igb: fix netpoll exit with traffic MIPS: loongson64: fix FTLB configuration MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 tls: splice_read: fix record type check tls: splice_read: fix accessing pre-processed records tls: fix replacing proto_ops net: stmmac: Disable Tx queues when reconfiguring the interface net/sched: sch_ets: don't peek at classes beyond 'nbands' ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() net: vlan: fix underflow for the real_dev refcnt net/smc: Don't call clcsock shutdown twice when smc shutdown net: hns3: fix VF RSS failed problem after PF enable multi-TCs net: hns3: fix incorrect components info of ethtool --reset command net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP net: mscc: ocelot: correctly report the timestamping RX filters in ethtool locking/rwsem: Make handoff bit handling more consistent perf: Ignore sigtrap for tracepoints destined for other tasks sched/scs: Reset task stack state in bringup_cpu() iommu/rockchip: Fix PAGE_DESC_HI_MASKs for RK3568 iommu/vt-d: Fix unmap_pages support f2fs: quota: fix potential deadlock f2fs: set SBI_NEED_FSCK flag when inconsistent node block found riscv: dts: microchip: fix board compatible riscv: dts: microchip: drop duplicated MMC/SDHC node cifs: nosharesock should not share socket with future sessions ceph: properly handle statfs on multifs setups iommu/amd: Clarify AMD IOMMUv2 initialization messages vdpa_sim: avoid putting an uninitialized iova_domain vhost/vsock: fix incorrect used length reported to the guest ksmbd: Fix an error handling path in 'smb2_sess_setup()' tracing: Check pid filtering when creating events cifs: nosharesock should be set on new server io_uring: fix soft lockup when call __io_remove_buffers firmware: arm_scmi: Fix type error assignment in voltage protocol firmware: arm_scmi: Fix type error in sensor protocol docs: accounting: update delay-accounting.rst reference blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() block: avoid to quiesce queue in elevator_init_mq drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ Linux 5.15.6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ibe65221ba285038e25de36ad3659e0ce201408c2 |
||
|
Greg Kroah-Hartman
|
ae4825a553 |
Revert "ANDROID: rwsem: Add vendor hook to the rw-semaphore"
This reverts commit |
||
|
Steven Rostedt (VMware)
|
c9c8c054a0 |
tracing: Check pid filtering when creating events
commit 6cb206508b621a9a0a2c35b60540e399225c8243 upstream.
When pid filtering is activated in an instance, all of the events trace
files for that instance has the PID_FILTER flag set. This determines
whether or not pid filtering needs to be done on the event, otherwise the
event is executed as normal.
If pid filtering is enabled when an event is created (via a dynamic event
or modules), its flag is not updated to reflect the current state, and the
events are not filtered properly.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Mark Rutland
|
229c555260 |
sched/scs: Reset task stack state in bringup_cpu()
[ Upstream commit dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3 ] To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the active stack frames, and when shadow call stacks are in use. When shadow call stacks (SCS) are in use the task's saved SCS SP is left pointing at an arbitrary point within the task's shadow call stack. When a CPU is offlined than onlined back into the kernel, this stale state can adversely affect execution. Stale KASAN shadow can alias new stackframes and result in bogus KASAN warnings. A stale SCS SP is effectively a memory leak, and prevents a portion of the shadow call stack being used. Across a number of hotplug cycles the idle task's entire shadow call stack can become unusable. We previously fixed the KASAN issue in commit: |