94de3b405c8dee0ffc8de5c06b32fbf00fc4e8f9
854 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
5020746bff |
Merge 5.15.92 into android13-5.15-lts
Changes in 5.15.92 ARM: dts: imx: Fix pca9547 i2c-mux node name ARM: dts: vf610: Fix pca9548 i2c-mux node names arm64: dts: freescale: Fix pca954x i2c-mux node names arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI firmware: arm_scmi: Clear stale xfer->hdr.status bpf: Skip task with pid=1 in send_signal_common() erofs/zmap.c: Fix incorrect offset calculation blk-cgroup: fix missing pd_online_fn() while activating policy HID: playstation: sanity check DualSense calibration data. dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() ext4: fix bad checksum after online resize extcon: usbc-tusb320: fix kernel-doc warning ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt tools: fix ARRAY_SIZE defines in tools and selftests hdrs selftests/vm: remove ARRAY_SIZE define from individual tests selftests: Provide local define of __cpuid_count() net: fix NULL pointer in skb_segment_list net: mctp: purge receive queues on sk destruction Linux 5.15.92 Change-Id: I4296d925a243903069b8e1ae7e81697027b8b28c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Yan Zhai
|
046de74f9a |
net: fix NULL pointer in skb_segment_list
commit 876e8ca8366735a604bac86ff7e2732fc9d85d2d upstream. Commit |
||
|
Greg Kroah-Hartman
|
e66b45d527 |
Merge branch 'android13-5.15' into android13-5.15-lts
Sync up with android13-5.15 for the following commits: |
||
|
Greg Kroah-Hartman
|
a60104c6cc |
Merge tag 'android13-5.15.78_r00' into android13-5.15
This is the merge of the upstream LTS release of 5.15.78 into the android13-5.15 branch. It contains the following commits: |
||
|
Subash Abhinov Kasiviswanathan
|
f162762e3a |
UPSTREAM: skbuff: Account for tail adjustment during pull operations
Extending the tail can have some unexpected side effects if a program uses
a helper like BPF_FUNC_skb_pull_data to read partial content beyond the
head skb headlen when all the skbs in the gso frag_list are linear with no
head_frag -
kernel BUG at net/core/skbuff.c:4219!
pc : skb_segment+0xcf4/0xd2c
lr : skb_segment+0x63c/0xd2c
Call trace:
skb_segment+0xcf4/0xd2c
__udp_gso_segment+0xa4/0x544
udp4_ufo_fragment+0x184/0x1c0
inet_gso_segment+0x16c/0x3a4
skb_mac_gso_segment+0xd4/0x1b0
__skb_gso_segment+0xcc/0x12c
udp_rcv_segment+0x54/0x16c
udp_queue_rcv_skb+0x78/0x144
udp_unicast_rcv_skb+0x8c/0xa4
__udp4_lib_rcv+0x490/0x68c
udp_rcv+0x20/0x30
ip_protocol_deliver_rcu+0x1b0/0x33c
ip_local_deliver+0xd8/0x1f0
ip_rcv+0x98/0x1a4
deliver_ptype_list_skb+0x98/0x1ec
__netif_receive_skb_core+0x978/0xc60
Fix this by marking these skbs as GSO_DODGY so segmentation can handle
the tail updates accordingly.
Fixes:
|
||
|
Subash Abhinov Kasiviswanathan
|
8fb773eed4 |
skbuff: Account for tail adjustment during pull operations
[ Upstream commit 2d7afdcbc9d32423f177ee12b7c93783aea338fb ]
Extending the tail can have some unexpected side effects if a program uses
a helper like BPF_FUNC_skb_pull_data to read partial content beyond the
head skb headlen when all the skbs in the gso frag_list are linear with no
head_frag -
kernel BUG at net/core/skbuff.c:4219!
pc : skb_segment+0xcf4/0xd2c
lr : skb_segment+0x63c/0xd2c
Call trace:
skb_segment+0xcf4/0xd2c
__udp_gso_segment+0xa4/0x544
udp4_ufo_fragment+0x184/0x1c0
inet_gso_segment+0x16c/0x3a4
skb_mac_gso_segment+0xd4/0x1b0
__skb_gso_segment+0xcc/0x12c
udp_rcv_segment+0x54/0x16c
udp_queue_rcv_skb+0x78/0x144
udp_unicast_rcv_skb+0x8c/0xa4
__udp4_lib_rcv+0x490/0x68c
udp_rcv+0x20/0x30
ip_protocol_deliver_rcu+0x1b0/0x33c
ip_local_deliver+0xd8/0x1f0
ip_rcv+0x98/0x1a4
deliver_ptype_list_skb+0x98/0x1ec
__netif_receive_skb_core+0x978/0xc60
Fix this by marking these skbs as GSO_DODGY so segmentation can handle
the tail updates accordingly.
Fixes:
|
||
|
Greg Kroah-Hartman
|
ac2a7a141f |
Merge 5.15.79 into android13-5.15-lts
Changes in 5.15.79
thunderbolt: Tear down existing tunnels when resuming from hibernate
thunderbolt: Add DP OUT resource when DP tunnel is discovered
fuse: fix readdir cache race
drm/amdkfd: avoid recursive lock in migrations back to RAM
drm/amdkfd: handle CPU fault on COW mapping
drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
hwspinlock: qcom: correct MMIO max register for newer SoCs
phy: stm32: fix an error code in probe
wifi: cfg80211: silence a sparse RCU warning
wifi: cfg80211: fix memory leak in query_regdb_file()
soundwire: qcom: reinit broadcast completion
soundwire: qcom: check for outanding writes before doing a read
bpf, verifier: Fix memory leak in array reallocation for stack state
bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
wifi: mac80211: Set TWT Information Frame Disabled bit as 1
bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
HID: hyperv: fix possible memory leak in mousevsc_probe()
bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues
bpf: Fix sockmap calling sleepable function in teardown path
bpf, sock_map: Move cancel_work_sync() out of sock lock
bpf: Add helper macro bpf_for_each_reg_in_vstate
bpf: Fix wrong reg type conversion in release_reference()
net: gso: fix panic on frag_list with mixed head alloc types
macsec: delete new rxsc when offload fails
macsec: fix secy->n_rx_sc accounting
macsec: fix detection of RXSCs when toggling offloading
macsec: clear encryption keys from the stack after setting up offload
octeontx2-pf: Use hardware register for CQE count
octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
net: tun: Fix memory leaks of napi_get_frags
bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
net: fman: Unregister ethernet device on removal
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
phy: ralink: mt7621-pci: add sentinel to quirks table
KVM: s390: pv: don't allow userspace to set the clock under PV
net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
hamradio: fix issue of dev reference count leakage in bpq_device_event()
net: wwan: iosm: fix memory leak in ipc_wwan_dellink
net: wwan: mhi: fix memory leak in mhi_mbim_dellink
drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
can: af_can: fix NULL pointer dereference in can_rx_register()
net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
net: broadcom: Fix BCMGENET Kconfig
tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
dmaengine: pxa_dma: use platform_get_irq_optional
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
net: lapbether: fix issue of invalid opcode in lapbeth_open()
drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
perf stat: Fix printing os->prefix in CSV metrics output
perf tools: Add the include/perf/ directory to .gitignore
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
net: nixge: disable napi when enable interrupts failed in nixge_open()
net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg
net/mlx5: Bridge, verify LAG state when adding bond to bridge
net/mlx5: Allow async trigger completion execution on single CPU systems
net/mlx5e: E-Switch, Fix comparing termination table instance
net: cpsw: disable napi in cpsw_ndo_open()
net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S
stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
mctp: Fix an error handling path in mctp_init()
cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting
stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe()
stmmac: dwmac-loongson: fix missing of_node_put() while module exiting
net: phy: mscc: macsec: clear encryption keys when freeing a flow
net: atlantic: macsec: clear encryption keys from the stack
ethernet: s2io: disable napi when start nic failed in s2io_card_up()
net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
ethernet: tundra: free irq when alloc ring failed in tsi108_open()
net: macvlan: fix memory leaks of macvlan_common_newlink
riscv: process: fix kernel info leakage
riscv: vdso: fix build with llvm
riscv: fix reserved memory setup
arm64: efi: Fix handling of misaligned runtime regions and drop warning
MIPS: jump_label: Fix compat branch range check
mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
ALSA: hda/hdmi - enable runtime pm for more AMD display audio
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
ALSA: hda: fix potential memleak in 'add_widget_node'
ALSA: hda/realtek: Add Positivo C6300 model quirk
ALSA: usb-audio: Yet more regression for for the delayed card registration
ALSA: usb-audio: Add quirk entry for M-Audio Micro
ALSA: usb-audio: Add DSD support for Accuphase DAC-60
vmlinux.lds.h: Fix placement of '.data..decrypted' section
ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
nilfs2: fix deadlock in nilfs_count_free_blocks()
nilfs2: fix use-after-free bug of ns_writer on remount
drm/i915/dmabuf: fix sg_table handling in map_dma_buf
drm/amdgpu: disable BACO on special BEIGE_GOBY card
platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update()
btrfs: fix match incorrectly in dev_args_match_device
btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
btrfs: zoned: initialize device's zone info for seeding
mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
mm/damon/dbgfs: check if rm_contexts input is for a real context
mm/memremap.c: map FS_DAX device memory as decrypted
mm/shmem: use page_mapping() to detect page cache for uffd continue
can: j1939: j1939_send_one(): fix missing CAN header initialization
cert host tools: Stop complaining about deprecated OpenSSL functions
dmaengine: at_hdmac: Fix at_lli struct definition
dmaengine: at_hdmac: Don't start transactions at tx_submit level
dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
dmaengine: at_hdmac: Protect atchan->status with the channel lock
dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
dmaengine: at_hdmac: Fix concurrency over descriptor
dmaengine: at_hdmac: Free the memset buf without holding the chan lock
dmaengine: at_hdmac: Fix concurrency over the active list
dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
dmaengine: at_hdmac: Fix impossible condition
dmaengine: at_hdmac: Check return code of dma_async_device_register
marvell: octeontx2: build error: unknown type name 'u64'
drm/amdkfd: Migrate in CPU page fault use current mm
net: tun: call napi_schedule_prep() to ensure we own a napi
x86/cpu: Restore AMD's DE_CFG MSR after resume
Linux 5.15.79
Change-Id: I6f77aa724b7aa43abcef3444af951c7c62d46303
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
6f88ababa4 |
Merge 5.15.77 into android13-5.15-lts
Changes in 5.15.77 NFSv4: Fix free of uninitialized nfs4_label on referral lookup. NFSv4: Add an fattr allocation to _nfs4_discover_trunking() can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() can: kvaser_usb: Fix possible completions during init_completion ALSA: Use del_timer_sync() before freeing timer ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 ALSA: au88x0: use explicitly signed char ALSA: rme9652: use explicitly signed char USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM usb: gadget: uvc: fix sg handling in error case usb: gadget: uvc: fix sg handling during video encode usb: dwc3: gadget: Stop processing more requests on IMI usb: dwc3: gadget: Don't set IMI for no_interrupt usb: bdc: change state when port disconnected usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller mtd: rawnand: marvell: Use correct logic for nand-keep-config xhci: Add quirk to reset host back to default state at shutdown xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices xhci: Remove device endpoints from bandwidth list when freeing the device tools: iio: iio_utils: fix digit calculation iio: light: tsl2583: Fix module unloading iio: temperature: ltc2983: allocate iio channels once iio: adxl372: Fix unsafe buffer attributes fbdev: smscufx: Fix several use-after-free bugs cpufreq: intel_pstate: Read all MSRs on the target CPU cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores fs/binfmt_elf: Fix memory leak in load_elf_binary() exec: Copy oldsighand->action under spin-lock mac802154: Fix LQI recording scsi: qla2xxx: Use transport-defined speed mask for supported_speeds drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume drm/msm/dsi: fix memory corruption with too many bridges drm/msm/hdmi: fix memory corruption with too many bridges drm/msm/dp: fix IRQ lifetime coresight: cti: Fix hang in cti_disable_hw() mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO mmc: core: Fix kernel panic when remove non-standard SDIO card mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus counter: microchip-tcb-capture: Handle Signal1 read and Synapse kernfs: fix use-after-free in __kernfs_remove pinctrl: Ingenic: JZ4755 bug fixes ARC: mm: fix leakage of memory allocated for PTE perf auxtrace: Fix address filter symbol name match for modules s390/futex: add missing EX_TABLE entry to __futex_atomic_op() s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() Revert "scsi: lpfc: Resolve some cleanup issues following SLI path refactoring" Revert "scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()" Revert "scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()" Revert "scsi: lpfc: SLI path split: Refactor SCSI paths" Revert "scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4" Revert "scsi: lpfc: SLI path split: Refactor lpfc_iocbq" mmc: block: Remove error check of hw_reset on reset ethtool: eeprom: fix null-deref on genl_info in dump net: ieee802154: fix error return code in dgram_bind() media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation media: atomisp: prevent integer overflow in sh_css_set_black_frame() drm/msm: Fix return type of mdp4_lvds_connector_mode_valid KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile perf: Fix missing SIGTRAPs sched/core: Fix comparison in sched_group_cookie_match() arc: iounmap() arg is volatile mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() tipc: fix a null-ptr-deref in tipc_topsrv_accept net: netsec: fix error handling in netsec_register_mdio() net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() net: hinic: fix memory leak when reading function table net: hinic: fix the issue of CMDQ memory leaks net: hinic: fix the issue of double release MBOX callback of VF net: macb: Specify PHY PM management done by MAC nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() x86/unwind/orc: Fix unreliable stack dump with gcov amd-xgbe: fix the SFP compliance codes check for DAC cables amd-xgbe: add the bit rate quirk for Molex cables drm/i915/dp: Reset frl trained flag before restarting FRL training atlantic: fix deadlock at aq_nic_stop kcm: annotate data-races around kcm->rx_psock kcm: annotate data-races around kcm->rx_wait net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY tcp: minor optimization in tcp_add_backlog() tcp: fix a signed-integer-overflow bug in tcp_add_backlog() tcp: fix indefinite deferral of RTO with SACK reneging net-memcg: avoid stalls when under memory pressure drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path PM: hibernate: Allow hybrid sleep to work with s2idle media: vivid: s_fbuf: add more sanity checks media: vivid: dev->bitmap_cap wasn't freed in all cases media: v4l2-dv-timings: add sanity checks for blanking values media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' media: vivid: set num_in/outputs to 0 if not supported perf vendor events power10: Fix hv-24x7 metric events ipv6: ensure sane device mtu in tunnels i40e: Fix ethtool rx-flow-hash setting for X722 i40e: Fix VF hang when reset is triggered on another VF i40e: Fix flow-type by setting GL_HASH_INSET registers net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() PM: domains: Fix handling of unavailable/disabled idle states perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics net: fec: limit register access on i.MX6UL net: ethernet: ave: Fix MAC to be in charge of PHY PM ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() ALSA: aoa: Fix I2S device accounting openvswitch: switch from WARN to pr_warn net: ehea: fix possible memory leak in ehea_register_port() net: bcmsysport: Indicate MAC is in charge of PHY PM nh: fix scope used to find saddr when adding non gw nh net: broadcom: bcm4908enet: remove redundant variable bytes net: broadcom: bcm4908_enet: update TX stats after actual transmission netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed net/mlx5e: Do not increment ESN when updating IPsec ESN state net/mlx5e: Extend SKB room check to include PTP-SQ net/mlx5: Fix possible use-after-free in async command interface net/mlx5: Print more info on pci error handlers net/mlx5: Update fw fatal reporter state on PCI handlers successful recover net/mlx5: Fix crash during sync firmware reset net: do not sense pfmemalloc status in skb_append_pagefrags() kcm: do not sense pfmemalloc status in kcm_sendpage() net: enetc: survive memory pressure without crashing arm64: Add AMPERE1 to the Spectre-BHB affected list scsi: sd: Revert "scsi: sd: Remove a local variable" can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive serial: core: move RS485 configuration tasks from drivers into core serial: Deassert Transmit Enable on probe in driver-specific way tcp/udp: Fix memory leak in ipv6_renew_options(). Linux 5.15.77 Change-Id: I12b819ae10adbb80730c67c40f5cf275d2865634 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d9d889009b |
ANDROID: properly copy the scm_io_uring field in struct sk_buff
When moving the scm_io_uring field in struct sk_buff to preserve the
kernel ABI, the variable also needs to be properly copied to a new
sk_buff in the __copy_skb_header() function.
Same thing needs to happen in wg_reset_packet() as the sk_buff is
initialized there too.
Bug: 259233216
Fixes:
|
||
|
Jiri Benc
|
ad25a115f5 |
net: gso: fix panic on frag_list with mixed head alloc types
[ Upstream commit 9e4b7a99a03aefd37ba7bb1f022c8efab5019165 ] Since commit |
||
|
Eric Dumazet
|
92b4c5c3fa |
net: do not sense pfmemalloc status in skb_append_pagefrags()
[ Upstream commit 228ebc41dfab5b5d34cd76835ddb0ca8ee12f513 ]
skb_append_pagefrags() is used by af_unix and udp sendpage()
implementation so far.
In commit 326140063946 ("tcp: TX zerocopy should not sense
pfmemalloc status") we explained why we should not sense
pfmemalloc status for pages owned by user space.
We should also use skb_fill_page_desc_noacc()
in skb_append_pagefrags() to avoid following KCSAN report:
BUG: KCSAN: data-race in lru_add_fn / skb_append_pagefrags
write to 0xffffea00058fc1c8 of 8 bytes by task 17319 on cpu 0:
__list_add include/linux/list.h:73 [inline]
list_add include/linux/list.h:88 [inline]
lruvec_add_folio include/linux/mm_inline.h:323 [inline]
lru_add_fn+0x327/0x410 mm/swap.c:228
folio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246
lru_add_drain_cpu+0x73/0x250 mm/swap.c:669
lru_add_drain+0x21/0x60 mm/swap.c:773
free_pages_and_swap_cache+0x16/0x70 mm/swap_state.c:311
tlb_batch_pages_flush mm/mmu_gather.c:59 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:256 [inline]
tlb_flush_mmu+0x5b2/0x640 mm/mmu_gather.c:263
tlb_finish_mmu+0x86/0x100 mm/mmu_gather.c:363
exit_mmap+0x190/0x4d0 mm/mmap.c:3098
__mmput+0x27/0x1b0 kernel/fork.c:1185
mmput+0x3d/0x50 kernel/fork.c:1207
copy_process+0x19fc/0x2100 kernel/fork.c:2518
kernel_clone+0x166/0x550 kernel/fork.c:2671
__do_sys_clone kernel/fork.c:2812 [inline]
__se_sys_clone kernel/fork.c:2796 [inline]
__x64_sys_clone+0xc3/0xf0 kernel/fork.c:2796
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read to 0xffffea00058fc1c8 of 8 bytes by task 17325 on cpu 1:
page_is_pfmemalloc include/linux/mm.h:1817 [inline]
__skb_fill_page_desc include/linux/skbuff.h:2432 [inline]
skb_fill_page_desc include/linux/skbuff.h:2453 [inline]
skb_append_pagefrags+0x210/0x600 net/core/skbuff.c:3974
unix_stream_sendpage+0x45e/0x990 net/unix/af_unix.c:2338
kernel_sendpage+0x184/0x300 net/socket.c:3561
sock_sendpage+0x5a/0x70 net/socket.c:1054
pipe_to_sendpage+0x128/0x160 fs/splice.c:361
splice_from_pipe_feed fs/splice.c:415 [inline]
__splice_from_pipe+0x222/0x4d0 fs/splice.c:559
splice_from_pipe fs/splice.c:594 [inline]
generic_splice_sendpage+0x89/0xc0 fs/splice.c:743
do_splice_from fs/splice.c:764 [inline]
direct_splice_actor+0x80/0xa0 fs/splice.c:931
splice_direct_to_actor+0x305/0x620 fs/splice.c:886
do_splice_direct+0xfb/0x180 fs/splice.c:974
do_sendfile+0x3bf/0x910 fs/read_write.c:1255
__do_sys_sendfile64 fs/read_write.c:1323 [inline]
__se_sys_sendfile64 fs/read_write.c:1309 [inline]
__x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1309
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x0000000000000000 -> 0xffffea00058fc188
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 17325 Comm: syz-executor.0 Not tainted 6.1.0-rc1-syzkaller-00158-g440b7895c990-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Fixes: 326140063946 ("tcp: TX zerocopy should not sense pfmemalloc status")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20221027040346.1104204-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
35fc902dbd |
Merge 5.15.68 into android13-5.15-lts
Changes in 5.15.68 net: wwan: iosm: remove pointless null check efi: libstub: Disable struct randomization efi: capsule-loader: Fix use-after-free in efi_capsule_write wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() fs: only do a memory barrier for the first set_buffer_uptodate() Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX scsi: megaraid_sas: Fix double kfree() drm/gem: Fix GEM handle release errors drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/radeon: add a force flush to delay work when radeon scsi: ufs: core: Reduce the power mode change timeout Revert "parisc: Show error if wrong 32/64-bit compiler is being used" parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level netfilter: conntrack: work around exceeded receive window cpufreq: check only freq_table in __resolve_freq() net/core/skbuff: Check the return value of skb_copy_bits() md: Flush workqueue md_rdev_misc_wq in md_alloc() fbdev: fbcon: Destroy mutex on freeing struct fb_info fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: usb-audio: Split endpoint setups for hw_params and prepare ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() tracing: Fix to check event_mutex is held while accessing trigger list btrfs: zoned: set pseudo max append zone limit in zone emulation mode vfio/type1: Unpin zero pages kprobes: Prohibit probes in gate area debugfs: add debugfs_lookup_and_remove() sched/debug: fix dentry leak in update_sched_domain_debugfs drm/amd/display: fix memory leak when using debugfs_lookup() nvmet: fix a use-after-free drm/i915: Implement WaEdpLinkRateDataReload scsi: mpt3sas: Fix use-after-free warning scsi: lpfc: Add missing destroy_workqueue() in error path NFS: Further optimisations for 'ls -l' NFS: Save some space in the inode NFS: Fix another fsync() issue after a server reboot cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock ASoC: qcom: sm8250: add missing module owner RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node soc: imx: gpcv2: Assert reset before ungating clock regulator: core: Clean up on enable failure tee: fix compiler warning in tee_shm_register() RDMA/cma: Fix arguments order in net device validation soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/hns: Fix supported page size RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift wifi: wilc1000: fix DMA on stack objects ARM: at91: pm: fix self-refresh for sama7g5 ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time netfilter: br_netfilter: Drop dst references before setting. netfilter: nf_tables: clean up hook list when offload flags check fails netfilter: nf_conntrack_irc: Fix forged IP logic RDMA/srp: Set scmnd->result only when scmnd is not NULL ALSA: usb-audio: Inform the delayed registration more properly ALSA: usb-audio: Register card again for iface over delayed_register option rxrpc: Fix ICMP/ICMP6 error handling rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() afs: Use the operation issue time instead of the reply time for callbacks Revert "net: phy: meson-gxl: improve link-up behavior" sch_sfb: Don't assume the skb is still around after enqueueing to child tipc: fix shift wrapping bug in map_get() net: introduce __skb_fill_page_desc_noacc tcp: TX zerocopy should not sense pfmemalloc status ice: use bitmap_free instead of devm_kfree i40e: Fix kernel crash during module removal iavf: Detach device during reset task xen-netback: only remove 'hotplug-status' when the vif is actually destroyed RDMA/siw: Pass a pointer to virt_to_page() ipv6: sr: fix out-of-bounds read when setting HMAC data. IB/core: Fix a nested dead lock as part of ODP flow RDMA/mlx5: Set local port to one when accessing counters erofs: fix pcluster use-after-free on UP platforms nvme-tcp: fix UAF when detecting digest errors nvme-tcp: fix regression that causes sporadic requests to time out tcp: fix early ETIMEDOUT after spurious non-SACK RTO nvmet: fix mar and mor off-by-one errors RDMA/irdma: Report the correct max cqes from query device RDMA/irdma: Return correct WC error for bind operation failure RDMA/irdma: Report RNR NAK generation in device caps sch_sfb: Also store skb len before calling child enqueue perf script: Fix Cannot print 'iregs' field for hybrid systems hwmon: (tps23861) fix byte order in resistance register ASoC: mchp-spdiftx: remove references to mchp_i2s_caps ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion MIPS: loongson32: ls1c: Fix hang during startup kbuild: disable header exports for UML in a straightforward way i40e: Refactor tc mqprio checks i40e: Fix ADQ rate limiting for PF swiotlb: avoid potential left shift overflow iommu/amd: use full 64-bit value in build_completion_wait() s390/boot: fix absolute zero lowcore corruption on boot hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors hwmon: (mr75203) fix voltage equation for negative source input hwmon: (mr75203) fix multi-channel voltage reading hwmon: (mr75203) enable polling for all VM channels Revert "arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"" arm64/bti: Disable in kernel BTI when cross section thunks are broken iommu/vt-d: Correctly calculate sagaw value of IOMMU arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly drm/bridge: display-connector: implement bus fmts callbacks perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency Linux 5.15.68 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie37701b41d9c35632876034bcdd0029594170af9 |
||
|
lily
|
0b7058067e |
net/core/skbuff: Check the return value of skb_copy_bits()
[ Upstream commit c624c58e08b15105662b9ab9be23d14a6b945a49 ] skb_copy_bits() could fail, which requires a check on the return value. Signed-off-by: Li Zhong <floridsleeves@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
889a0c39fe |
Merge 5.15.64 into android13-5.15-lts
Changes in 5.15.64 wifi: rtlwifi: remove always-true condition pointed out by GCC 12 eth: sun: cassini: remove dead code audit: fix potential double free on error path from fsnotify_add_inode_mark cgroup: Fix race condition at rebind_subsystems() parisc: Make CONFIG_64BIT available for ARCH=parisc64 only parisc: Fix exception handler for fldw and fstw instructions kernel/sys_ni: add compat entry for fadvise64_64 x86/entry: Move CLD to the start of the idtentry macro block: add a bdev_max_zone_append_sectors helper block: add bdev_max_segments() helper btrfs: zoned: revive max_zone_append_bytes btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size btrfs: convert count_max_extents() to use fs_info->max_extent_size Input: i8042 - move __initconst to fix code styling warning Input: i8042 - merge quirk tables Input: i8042 - add TUXEDO devices to i8042 quirk tables Input: i8042 - add additional TUXEDO devices to i8042 quirk tables drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist scsi: qla2xxx: Fix response queue handler reading stale packets scsi: qla2xxx: edif: Fix dropped IKE message btrfs: put initial index value of a directory in a constant btrfs: pass the dentry to btrfs_log_new_name() instead of the inode btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc() riscv: lib: uaccess: fold fixups into body riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit xfrm: fix refcount leak in __xfrm_policy_check() xfrm: clone missing x->lastused in xfrm_do_migrate af_key: Do not call xfrm_probe_algs in parallel xfrm: policy: fix metadata dst->dev xmit null pointer dereference fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts net: use eth_hw_addr_set() instead of ether_addr_copy() Revert "net: macsec: update SCI upon MAC address change." NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() NFSv4.2 fix problems with __nfs42_ssc_open SUNRPC: RPC level errors should set task->tk_rpc_status mm/smaps: don't access young/dirty bit if pte unpresent ntfs: fix acl handling rose: check NULL rose_loopback_neigh->loopback r8152: fix the units of some registers for RTL8156A r8152: fix the RX FIFO settings when suspending nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout ice: xsk: Force rings to be sized to power of 2 ice: xsk: prohibit usage of non-balanced queue id net/mlx5e: Properly disable vlan strip on non-UL reps net/mlx5: Avoid false positive lockdep warning by adding lock_class_key net/mlx5e: Fix wrong application of the LRO state net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off net: ipa: don't assume SMEM is page-aligned net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() net: moxa: get rid of asymmetry in DMA mapping/unmapping bonding: 802.3ad: fix no transmission of LACPDUs net: ipvtap - add __init/__exit annotations to module init/exit funcs netfilter: ebtables: reject blobs that don't provide all entry points bnxt_en: fix NQ resource accounting during vf creation on 57500 chips netfilter: nf_tables: disallow updates of implicit chain netfilter: nf_tables: make table handle allocation per-netns friendly netfilter: nft_payload: report ERANGE for too long offset and length netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nf_tables: do not leave chain stats enabled on error netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_tunnel: restrict it to netdev family netfilter: nf_tables: consolidate rule verdict trace call netfilter: nft_cmp: optimize comparison for 16-bytes netfilter: bitwise: improve error goto labels netfilter: nf_tables: upfront validation of data via nft_data_init() netfilter: nf_tables: disallow jump to implicit chain from set element netfilter: nf_tables: disallow binding to already bound chain netfilter: flowtable: add function to invoke garbage collection immediately netfilter: flowtable: fix stuck flows on cleanup due to pending work net: Fix data-races around sysctl_[rw]mem_(max|default). net: Fix data-races around weight_p and dev_weight_[rt]x_bias. net: Fix data-races around netdev_max_backlog. net: Fix data-races around netdev_tstamp_prequeue. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around sysctl_optmem_max. net: Fix a data-race around sysctl_tstamp_allow_data. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around netdev_budget. tcp: expose the tcp_mark_push() and tcp_skb_entail() helpers mptcp: stop relying on tcp_tx_skb_cache net: Fix data-races around sysctl_max_skb_frags. net: Fix a data-race around netdev_budget_usecs. net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. net: Fix data-races around sysctl_devconf_inherit_init_net. net: Fix a data-race around sysctl_somaxconn. ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter i40e: Fix incorrect address type for IPv6 flow rules rxrpc: Fix locking in rxrpc's sendmsg ionic: widen queue_lock use around lif init and deinit ionic: clear broken state on generation change ionic: fix up issues with handling EAGAIN on FW cmds ionic: VF initial random MAC address if no assigned mac net: stmmac: work around sporadic tx issue on link-up btrfs: fix silent failure when deleting root reference btrfs: replace: drop assert for suspended replace btrfs: add info when mount fails due to stale replace target btrfs: check if root is readonly while setting security xattr btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() perf/x86/lbr: Enable the branch type for the Arch LBR by default x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry x86/bugs: Add "unknown" reporting for MMIO Stale Data x86/nospec: Unwreck the RSB stuffing loop: Check for overflow while configuring loop writeback: avoid use-after-free after removing device asm-generic: sections: refactor memory_intersects mm/damon/dbgfs: avoid duplicate context directory creation s390/mm: do not trigger write fault when vma does not allow VM_WRITE bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem s390: fix double free of GS and RI CBs on fork() failure fbdev: fbcon: Properly revert changes when vc_resize() failed Revert "memcg: cleanup racy sum avoidance code" ACPI: processor: Remove freq Qos request for all CPUs nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf smb3: missing inode locks in punch hole xen/privcmd: fix error exit of privcmd_ioctl_dm_op() riscv: traps: add missing prototype io_uring: fix issue with io_write() not always undoing sb_start_write() Revert "usbnet: smsc95xx: Fix deadlock on runtime resume" Revert "usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling" mm/hugetlb: fix hugetlb not supporting softdirty tracking Revert "md-raid: destroy the bitmap after destroying the thread" md: call __md_stop_writes in md_stop mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 binder_alloc: add missing mmap_lock calls when using the VMA x86/nospec: Fix i386 RSB stuffing Documentation/ABI: Mention retbleed vulnerability info file for sysfs blk-mq: fix io hung due to missing commit_rqs perf python: Fix build when PYTHON_CONFIG is user supplied perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU perf/x86/intel/ds: Fix precise store latency handling perf stat: Clear evsel->reset_group for each stat run scsi: ufs: core: Enable link lost interrupt scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq bpf: Don't use tnum_range on array range checking for poke descriptors Linux 5.15.64 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iaba96c173ad668df1c20b3bee08ce0e34f1068e1 |
||
|
Kuniyuki Iwashima
|
f6b5be42ce |
net: Fix a data-race around sysctl_tstamp_allow_data.
[ Upstream commit d2154b0afa73c0159b2856f875c6b4fe7cf6a95e ]
While reading sysctl_tstamp_allow_data, it can be changed
concurrently. Thus, we need to add READ_ONCE() to its reader.
Fixes:
|
||
|
Greg Kroah-Hartman
|
6200d52476 |
ANDROID: bring back kfree_skb()
In commit |
||
|
Greg Kroah-Hartman
|
91021ef477 |
Merge 5.15.58 into android-5.15
Changes in 5.15.58 pinctrl: stm32: fix optional IRQ support to gpios riscv: add as-options for modules with assembly compontents mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication lockdown: Fix kexec lockdown bypass with ima policy drm/ttm: fix locking in vmap/vunmap TTM GEM helpers bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision bus: mhi: host: pci_generic: add Telit FN990 Revert "selftest/vm: verify remap destination address in mremap_test" Revert "selftest/vm: verify mmap addr in mremap_test" PCI: hv: Fix multi-MSI to allow more than one MSI vector PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() PCI: hv: Fix interrupt mapping for multi-MSI serial: mvebu-uart: correctly report configured baudrate value batman-adv: Use netif_rx_any_context() any. Revert "mt76: mt7921: Fix the error handling path of mt7921_pci_probe()" Revert "mt76: mt7921e: fix possible probe failure after reboot" mt76: mt7921: use physical addr to unify register access mt76: mt7921e: fix possible probe failure after reboot mt76: mt7921: Fix the error handling path of mt7921_pci_probe() xfs: fix maxlevels comparisons in the btree staging code xfs: fold perag loop iteration logic into helper function xfs: rename the next_agno perag iteration variable xfs: terminate perag iteration reliably on agcount xfs: fix perag reference leak on iteration race with growfs xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() r8152: fix a WOL issue ip: Fix data-races around sysctl_ip_default_ttl. xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe RDMA/irdma: Do not advertise 1GB page size for x722 RDMA/irdma: Fix sleep from invalid context BUG pinctrl: ralink: rename MT7628(an) functions to MT76X8 pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink pinctrl: ralink: Check for null return of devm_kcalloc perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() ipv4/tcp: do not use per netns ctl sockets net: tun: split run_ebpf_filter() and pskb_trim() into different "if statement" mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% sysctl: move some boundary constants from sysctl.c to sysctl_vals tcp: Fix data-races around sysctl_tcp_ecn. drm/amd/display: Support for DMUB HPD interrupt handling drm/amd/display: Add option to defer works of hpd_rx_irq drm/amd/display: Fork thread to offload work of hpd_rx_irq drm/amdgpu/display: add quirk handling for stutter mode drm/amd/display: Ignore First MST Sideband Message Return Error scsi: megaraid: Clear READ queue map's nr_queues scsi: ufs: core: Drop loglevel of WriteBoost message nvme: check for duplicate identifiers earlier nvme: fix block device naming collision e1000e: Enable GPT clock before sending message to CSME Revert "e1000e: Fix possible HW unit hang after an s0ix exit" igc: Reinstate IGC_REMOVED logic and implement it properly ip: Fix data-races around sysctl_ip_no_pmtu_disc. ip: Fix data-races around sysctl_ip_fwd_use_pmtu. ip: Fix data-races around sysctl_ip_fwd_update_priority. ip: Fix data-races around sysctl_ip_nonlocal_bind. ip: Fix a data-race around sysctl_ip_autobind_reuse. ip: Fix a data-race around sysctl_fwmark_reflect. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() tcp: Fix data-races around sysctl_tcp_l3mdev_accept. tcp: Fix data-races around sysctl_tcp_mtu_probing. tcp: Fix data-races around sysctl_tcp_base_mss. tcp: Fix data-races around sysctl_tcp_min_snd_mss. tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp: Fix a data-race around sysctl_tcp_probe_interval. net: stmmac: fix pm runtime issue in stmmac_dvr_remove() net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow mtd: rawnand: gpmi: validate controller clock rate mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times net: dsa: microchip: ksz_common: Fix refcount leak bug net: skb: introduce kfree_skb_reason() net: skb: use kfree_skb_reason() in tcp_v4_rcv() net: skb: use kfree_skb_reason() in __udp4_lib_rcv() net: socket: rename SKB_DROP_REASON_SOCKET_FILTER net: skb_drop_reason: add document for drop reasons net: netfilter: use kfree_drop_reason() for NF_DROP net: ipv4: use kfree_skb_reason() in ip_rcv_core() net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() i2c: mlxcpld: Fix register setting for 400KHz frequency i2c: cadence: Change large transfer count reset logic to be unconditional perf tests: Fix Convert perf time to TSC test for hybrid net: stmmac: fix dma queue left shift overflow issue net/tls: Fix race in TLS device down flow igmp: Fix data-races around sysctl_igmp_llm_reports. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_max_msf. tcp: Fix data-races around keepalive sysctl knobs. tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. tcp: Fix data-races around sysctl_tcp_syncookies. tcp: Fix data-races around sysctl_tcp_migrate_req. tcp: Fix data-races around sysctl_tcp_reordering. tcp: Fix data-races around some timeout sysctl knobs. tcp: Fix a data-race around sysctl_tcp_notsent_lowat. tcp: Fix a data-race around sysctl_tcp_tw_reuse. tcp: Fix data-races around sysctl_max_syn_backlog. tcp: Fix data-races around sysctl_tcp_fastopen. tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. iavf: Fix handling of dummy receive descriptors pinctrl: armada-37xx: Use temporary variable for struct device pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() pinctrl: armada-37xx: Convert to use dev_err_probe() pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context i40e: Fix erroneous adapter reinitialization during recovery process ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero net: stmmac: remove redunctant disable xPCS EEE call gpio: pca953x: only use single read/write for No AI mode gpio: pca953x: use the correct range when do regmap sync gpio: pca953x: use the correct register address when regcache sync during init be2net: Fix buffer overflow in be_get_module_eeprom net: dsa: sja1105: silent spi_device_id warnings net: dsa: vitesse-vsc73xx: silent spi_device_id warnings drm/imx/dcss: Add missing of_node_put() in fail path ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. ip: Fix data-races around sysctl_ip_prot_sock. udp: Fix a data-race around sysctl_udp_l3mdev_accept. tcp: Fix data-races around sysctl knobs related to SYN option. tcp: Fix a data-race around sysctl_tcp_early_retrans. tcp: Fix data-races around sysctl_tcp_recovery. tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. tcp: Fix a data-race around sysctl_tcp_retrans_collapse. tcp: Fix a data-race around sysctl_tcp_stdurg. tcp: Fix a data-race around sysctl_tcp_rfc1337. tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. tcp: Fix data-races around sysctl_tcp_max_reordering. gpio: gpio-xilinx: Fix integer overflow KVM: selftests: Fix target thread to be migrated in rseq_test spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers KVM: Don't null dereference ops->destroy mm/mempolicy: fix uninit-value in mpol_rebind_policy() bpf: Make sure mac_header was set before using it sched/deadline: Fix BUG_ON condition for deboosted tasks x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts dlm: fix pending remove if msg allocation fails x86/uaccess: Implement macros for CMPXCHG on user addresses x86/extable: Tidy up redundant handler functions x86/extable: Get rid of redundant macros x86/mce: Deduplicate exception handling x86/extable: Rework the exception table mechanics x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE bitfield.h: Fix "type of reg too small for mask" test x86/entry_32: Remove .fixup usage x86/extable: Extend extable functionality x86/msr: Remove .fixup usage x86/futex: Remove .fixup usage KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses xhci: dbc: refactor xhci_dbc_init() xhci: dbc: create and remove dbc structure in dbgtty driver. xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit xhci: Set HCD flag to defer primary roothub registration mt76: fix use-after-free by removing a non-RCU wcid pointer iwlwifi: fw: uefi: add missing include guards crypto: qat - set to zero DH parameters before free crypto: qat - use pre-allocated buffers in datapath crypto: qat - refactor submission logic crypto: qat - add backlog mechanism crypto: qat - fix memory leak in RSA crypto: qat - remove dma_free_coherent() for RSA crypto: qat - remove dma_free_coherent() for DH crypto: qat - add param check for RSA crypto: qat - add param check for DH crypto: qat - re-enable registration of algorithms exfat: fix referencing wrong parent directory information after renaming tracing: Have event format check not flag %p* on __get_dynamic_array() tracing: Place trace_pid_list logic into abstract functions tracing: Fix return value of trace_pid_write() um: virtio_uml: Allow probing from devicetree um: virtio_uml: Fix broken device handling in time-travel Bluetooth: Add bt_skb_sendmsg helper Bluetooth: Add bt_skb_sendmmsg helper Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Bluetooth: Fix passing NULL to PTR_ERR Bluetooth: SCO: Fix sco_send_frame returning skb->len Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks exfat: use updated exfat_chain directly during renaming drm/amd/display: Reset DMCUB before HW init drm/amd/display: Optimize bandwidth on following fast update drm/amd/display: Fix surface optimization regression on Carrizo x86/amd: Use IBPB for firmware calls x86/alternative: Report missing return thunk details watchqueue: make sure to serialize 'wqueue->defunct' properly tty: drivers/tty/, stop using tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drop tty_schedule_flip() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() net: usb: ax88179_178a needs FLAG_SEND_ZLP watch-queue: remove spurious double semicolon drm/amd/display: Don't lock connection_mutex for DMUB HPD drm/amd/display: invalid parameter check in dmub_hpd_callback x86/extable: Prefer local labels in .set directives KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() x86/entry_32: Fix segment exceptions drm/amd/display: Fix wrong format specifier in amdgpu_dm.c Linux 5.15.58 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id5d721199f6acc2bdaf37ef7d133904993d9160f |
||
|
Menglong Dong
|
5158e18225 |
net: skb: introduce kfree_skb_reason()
[ Upstream commit c504e5c2f9648a1e5c2be01e8c3f59d394192bd3 ] Introduce the interface kfree_skb_reason(), which is able to pass the reason why the skb is dropped to 'kfree_skb' tracepoint. Add the 'reason' field to 'trace_kfree_skb', therefor user can get more detail information about abnormal skb with 'drop_monitor' or eBPF. All drop reasons are defined in the enum 'skb_drop_reason', and they will be print as string in 'kfree_skb' tracepoint in format of 'reason: XXX'. ( Maybe the reasons should be defined in a uapi header file, so that user space can use them? ) Signed-off-by: Menglong Dong <imagedong@tencent.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Lina Wang
|
7140149849 |
net: fix wrong network header length
[ Upstream commit cf3ab8d4a797960b4be20565abb3bcd227b18a68 ] When clatd starts with ebpf offloaing, and NETIF_F_GRO_FRAGLIST is enable, several skbs are gathered in skb_shinfo(skb)->frag_list. The first skb's ipv6 header will be changed to ipv4 after bpf_skb_proto_6_to_4, network_header\transport_header\mac_header have been updated as ipv4 acts, but other skbs in frag_list didnot update anything, just ipv6 packets. udp_queue_rcv_skb will call skb_segment_list to traverse other skbs in frag_list and make sure right udp payload is delivered to user space. Unfortunately, other skbs in frag_list who are still ipv6 packets are updated like the first skb and will have wrong transport header length. e.g.before bpf_skb_proto_6_to_4,the first skb and other skbs in frag_list has the same network_header(24)& transport_header(64), after bpf_skb_proto_6_to_4, ipv6 protocol has been changed to ipv4, the first skb's network_header is 44,transport_header is 64, other skbs in frag_list didnot change.After skb_segment_list, the other skbs in frag_list has different network_header(24) and transport_header(44), so there will be 20 bytes different from original,that is difference between ipv6 header and ipv4 header. Just change transport_header to be the same with original. Actually, there are two solutions to fix it, one is traversing all skbs and changing every skb header in bpf_skb_proto_6_to_4, the other is modifying frag_list skb's header in skb_segment_list. Considering efficiency, adopt the second one--- when the first skb and other skbs in frag_list has different network_header length, restore them to make sure right udp payload is delivered to user space. Signed-off-by: Lina Wang <lina.wang@mediatek.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Lina Wang
|
60453867b1 |
FROMGIT: net: fix wrong network header length
When clatd starts with ebpf offloaing, and NETIF_F_GRO_FRAGLIST is enable, several skbs are gathered in skb_shinfo(skb)->frag_list. The first skb's ipv6 header will be changed to ipv4 after bpf_skb_proto_6_to_4, network_header\transport_header\mac_header have been updated as ipv4 acts, but other skbs in frag_list didnot update anything, just ipv6 packets. udp_queue_rcv_skb will call skb_segment_list to traverse other skbs in frag_list and make sure right udp payload is delivered to user space. Unfortunately, other skbs in frag_list who are still ipv6 packets are updated like the first skb and will have wrong transport header length. e.g.before bpf_skb_proto_6_to_4,the first skb and other skbs in frag_list has the same network_header(24)& transport_header(64), after bpf_skb_proto_6_to_4, ipv6 protocol has been changed to ipv4, the first skb's network_header is 44,transport_header is 64, other skbs in frag_list didnot change.After skb_segment_list, the other skbs in frag_list has different network_header(24) and transport_header(44), so there will be 20 bytes different from original,that is difference between ipv6 header and ipv4 header. Just change transport_header to be the same with original. Actually, there are two solutions to fix it, one is traversing all skbs and changing every skb header in bpf_skb_proto_6_to_4, the other is modifying frag_list skb's header in skb_segment_list. Considering efficiency, adopt the second one--- when the first skb and other skbs in frag_list has different network_header length, restore them to make sure right udp payload is delivered to user space. Signed-off-by: Lina Wang <lina.wang@mediatek.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit cf3ab8d4a797960b4be20565abb3bcd227b18a68 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master) Bug: 218157620 Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I36f2f329ec1a56bb0742141a7fa482cafa183ad3 |
||
|
Greg Kroah-Hartman
|
33f5d1daec |
Merge 5.15.34 into android13-5.15
Changes in 5.15.34
lib/logic_iomem: correct fallback config references
um: fix and optimize xor select template for CONFIG64 and timetravel mode
rtc: wm8350: Handle error for wm8350_register_irq
nbd: add error handling support for add_disk()
nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add
nbd: Fix hungtask when nbd_config_put
nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
kfence: count unexpectedly skipped allocations
kfence: move saving stack trace of allocations into __kfence_alloc()
kfence: limit currently covered allocations when pool nearly full
KVM: x86/pmu: Use different raw event masks for AMD and Intel
KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode()
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
KVM: x86/pmu: Fix and isolate TSX-specific performance event logic
KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
drm: Add orientation quirk for GPD Win Max
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
drm/amd/display: Add signal type check when verify stream backends same
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
drm/amd/display: Fix memory leak
drm/amd/display: Use PSR version selected during set_psr_caps
usb: gadget: tegra-xudc: Do not program SPARAM
usb: gadget: tegra-xudc: Fix control endpoint's definitions
usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value
ptp: replace snprintf with sysfs_emit
drm/amdkfd: Don't take process mutex for svm ioctls
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ath11k: fix kernel panic during unload/load ath11k modules
ath11k: pci: fix crash on suspend if board file is not found
ath11k: mhi: use mhi_sync_power_up()
net/smc: Send directly when TCP_CORK is cleared
drm/bridge: Add missing pm_runtime_put_sync
bpf: Make dst_port field in struct bpf_sock 16-bit wide
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
drm/v3d: fix missing unlock
power: supply: axp20x_battery: properly report current when discharging
mt76: mt7921: fix crash when startup fails.
mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
cfg80211: don't add non transmitted BSS to 6GHz scanned channels
libbpf: Fix build issue with llvm-readelf
ipv6: make mc_forwarding atomic
net: initialize init_net earlier
powerpc: Set crashkernel offset to mid of RMA region
drm/amdgpu: Fix recursive locking warning
scsi: smartpqi: Fix kdump issue when controller is locked up
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
usb: ehci: add pci device support for Aspeed platforms
PCI: endpoint: Fix alignment fault error in copy tests
tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
scsi: mpi3mr: Fix reporting of actual data transfer size
scsi: mpi3mr: Fix memory leaks
powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
power: supply: axp288-charger: Set Vhold to 4.4V
net/mlx5e: Disable TX queues before registering the netdev
usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks()
iwlwifi: mvm: Correctly set fragmented EBS
iwlwifi: mvm: move only to an enabled channel
drm/msm/dsi: Remove spurious IRQF_ONESHOT flag
ipv4: Invalidate neighbour for broadcast address upon address addition
dm ioctl: prevent potential spectre v1 gadget
dm: requeue IO if mapping table not yet available
drm/amdkfd: make CRAT table missing message informational only
vfio/pci: Stub vfio_pci_vga_rw when !CONFIG_VFIO_PCI_VGA
scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: pm8001: Fix task leak in pm8001_send_abort_all()
scsi: pm8001: Fix tag leaks on error
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU
powerpc/64s/hash: Make hash faults work in NMI context
mt76: mt7615: Fix assigning negative values to unsigned variable
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: hisi_sas: Free irq vectors in order for v3 HW
scsi: hisi_sas: Limit users changing debugfs BIST count value
net/smc: correct settings of RMB window update limit
mips: ralink: fix a refcount leak in ill_acc_of_setup()
macvtap: advertise link netns via netlink
tuntap: add sanity checks about msg_controllen in sendmsg
Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
Bluetooth: use memset avoid memory leaks
bnxt_en: Eliminate unintended link toggle during FW reset
PCI: endpoint: Fix misused goto label
MIPS: fix fortify panic when copying asm exception handlers
powerpc/64e: Tie PPC_BOOK3E_64 to PPC_FSL_BOOK3E
powerpc/secvar: fix refcount leak in format_show()
scsi: libfc: Fix use after free in fc_exch_abts_resp()
can: isotp: set default value for N_As to 50 micro seconds
can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len()
riscv: Fixed misaligned memory access. Fixed pointer comparison.
net: account alternate interface name memory
net: limit altnames to 64k total
net/mlx5e: Remove overzealous validations in netlink EEPROM query
net: sfp: add 2500base-X quirk for Lantech SFP module
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
mt76: fix monitor mode crash with sdio driver
xtensa: fix DTC warning unit_address_format
MIPS: ingenic: correct unit node address
Bluetooth: Fix use after free in hci_send_acl
netfilter: conntrack: revisit gc autotuning
netlabel: fix out-of-bounds memory accesses
ceph: fix inode reference leakage in ceph_get_snapdir()
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
lib/Kconfig.debug: add ARCH dependency for FUNCTION_ALIGN option
init/main.c: return 1 from handled __setup() functions
minix: fix bug when opening a file with O_DIRECT
clk: si5341: fix reported clk_rate when output divider is 2
staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances
staging: vchiq_core: handle NULL result of find_service_by_handle
phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use
phy: amlogic: meson8b-usb2: Use dev_err_probe()
phy: amlogic: meson8b-usb2: fix shared reset control use
clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568
cpufreq: CPPC: Fix performance/frequency conversion
opp: Expose of-node's name in debugfs
staging: wfx: fix an error handling in wfx_init_common()
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
NFSv4: Protect the state recovery thread against direct reclaim
habanalabs: fix possible memory leak in MMU DR fini
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
clk: ti: Preserve node in ti_dt_clocks_register()
clk: Enforce that disjoints limits are invalid
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
SUNRPC/xprt: async tasks mustn't block waiting for memory
SUNRPC: remove scheduling boost for "SWAPPER" tasks.
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
x86: Annotate call_on_stack()
x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
SUNRPC: Fix socket waits for write buffer space
NFS: nfsiod should not block forever in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempool_alloc()
selftests: net: Add tls config dependency for tls selftests
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
parisc: Fix patch code locking and flushing
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
rtc: mc146818-lib: change return values of mc146818_get_time()
rtc: Check return value from mc146818_get_time()
rtc: mc146818-lib: fix RTC presence check
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
Drivers: hv: vmbus: Fix potential crash on module unload
Revert "NFSv4: Handle the special Linux file open access mode"
NFSv4: fix open failure with O_ACCMODE flag
scsi: sr: Fix typo in CDROM(CLOSETRAY|EJECT) handling
scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
vdpa/mlx5: Rename control VQ workqueue to vdpa wq
vdpa/mlx5: Propagate link status from device to vdpa driver
vdpa: mlx5: prevent cvq work from hogging CPU
net: sfc: add missing xdp queue reinitialization
net/tls: fix slab-out-of-bounds bug in decrypt_internal
vrf: fix packet sniffing for traffic originating from ip tunnels
skbuff: fix coalescing for page_pool fragment recycling
ice: Clear default forwarding VSI during VSI release
mctp: Fix check for dev_hard_header() result
net: ipv4: fix route with nexthop object delete warning
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: imx-ldb: Check for null pointer after calling kmemdup
drm/imx: Fix memory leak in imx_pd_connector_get_modes
drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe
regulator: rtq2134: Fix missing active_discharge_on setting
regulator: atc260x: Fix missing active_discharge_on setting
arch/arm64: Fix topology initialization for core scheduling
bnxt_en: Synchronize tx when xdp redirects happen on same ring
bnxt_en: reserve space inside receive page for skb_shared_info
bnxt_en: Prevent XDP redirect from running when stopping TX queue
sfc: Do not free an empty page_ring
RDMA/mlx5: Don't remove cache MRs when a delay is needed
RDMA/mlx5: Add a missing update of cache->last_add
IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
sctp: count singleton chunks in assoc user stats
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
ice: Set txq_teid to ICE_INVAL_TEID on ring creation
ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
ipv6: Fix stats accounting in ip6_pkt_drop
ice: synchronize_rcu() when terminating rings
ice: xsk: fix VSI state check in ice_xsk_wakeup()
net: openvswitch: don't send internal clone attribute to the userspace.
net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()
net: openvswitch: fix leak of nested actions
rxrpc: fix a race in rxrpc_exit_net()
net: sfc: fix using uninitialized xdp tx_queue
net: phy: mscc-miim: reject clause 45 register accesses
qede: confirm skb is allocated before using
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
drbd: Fix five use after free bugs in get_initial_state
scsi: ufs: ufshpb: Fix a NULL check on list iterator
io_uring: nospec index for tags on files update
io_uring: don't touch scm_fp_list after queueing skb
SUNRPC: Handle ENOMEM in call_transmit_status()
SUNRPC: Handle low memory situations in call_status()
SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
iommu/omap: Fix regression in probe for NULL pointer dereference
perf: arm-spe: Fix perf report --mem-mode
perf tools: Fix perf's libperf_print callback
perf session: Remap buf if there is no space for event
arm64: Add part number for Arm Cortex-A78AE
scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
scsi: ufs: ufs-pci: Add support for Intel MTL
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmc: block: Check for errors after write on SPI
mmc: mmci: stm32: correctly check all elements of sg list
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
mmc: core: Fixup support for writeback-cache for eMMC and SD
lz4: fix LZ4_decompress_safe_partial read out of bound
highmem: fix checks in __kmap_local_sched_{in,out}
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
io_uring: don't check req->file in io_fsync_prep()
io_uring: defer splice/tee file validity check until command issue
io_uring: implement compat handling for IORING_REGISTER_IOWQ_AFF
io_uring: fix race between timeout flush and removal
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids
btrfs: fix qgroup reserve overflow the qgroup limit
btrfs: prevent subvol with swapfile from being deleted
spi: core: add dma_map_dev for __spi_unmap_msg()
arm64: patch_text: Fixup last cpu should be master
RDMA/hfi1: Fix use-after-free bug for mm struct
gpio: Restrict usage of GPIO chip irq members before initialization
x86/msi: Fix msi message data shadow struct
x86/mm/tlb: Revert retpoline avoidance approach
perf/x86/intel: Don't extend the pseudo-encoding to GP counters
ata: sata_dwc_460ex: Fix crash due to OOB write
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
perf/core: Inherit event_caps
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
fbdev: Fix unregistering of framebuffers without device
amd/display: set backlight only if required
SUNRPC: Prevent immediate close+reconnect
drm/panel: ili9341: fix optional regulator handling
drm/amdgpu/display: change pipe policy for DCN 2.1
drm/amdgpu/smu10: fix SoC/fclk units in auto mode
drm/amdgpu/vcn: Fix the register setting for vcn1
drm/nouveau/pmu: Add missing callbacks for Tegra devices
drm/amdkfd: Create file descriptor after client is added to smi_clients list
drm/amdgpu: don't use BACO for reset in S3
KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255
net/smc: send directly on setting TCP_NODELAY
Revert "selftests: net: Add tls config dependency for tls selftests"
bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide
selftests/bpf: Fix u8 narrow load checks for bpf_sk_lookup remote_port
rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
SUNRPC: Don't call connect() more than once on a TCP socket
Revert "nbd: fix possible overflow on 'first_minor' in nbd_dev_add()"
perf build: Don't use -ffat-lto-objects in the python feature test when building with clang-13
perf python: Fix probing for some clang command line options
tools build: Filter out options and warnings not supported by clang
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
Revert "net/mlx5: Accept devlink user input after driver initialization complete"
ubsan: remove CONFIG_UBSAN_OBJECT_SIZE
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
selftests: cgroup: Test open-time credential usage for migration checks
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
mm: don't skip swap entry even if zap_details specified
Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
x86/bug: Prevent shadowing in __WARN_FLAGS
sched: Teach the forced-newidle balancer about CPU affinity limitation.
x86,static_call: Fix __static_call_return0 for i386
irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling
powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S
irqchip/gic, gic-v3: Prevent GSI to SGI translations
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
static_call: Don't make __static_call_return0 static
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
stacktrace: move filter_irq_stacks() to kernel/stacktrace.c
Linux 5.15.34
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I98049d0d8ebd427296418d31085bfde482ad30e7
|
||
|
Greg Kroah-Hartman
|
b41a37c036 |
Merge 5.15.33 into android13-5.15
Changes in 5.15.33
Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
USB: serial: pl2303: add IBM device IDs
dt-bindings: usb: hcd: correct usb-device path
USB: serial: pl2303: fix GS type detection
USB: serial: simple: add Nokia phone driver
mm: kfence: fix missing objcg housekeeping for SLAB
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
HID: logitech-dj: add new lightspeed receiver id
HID: Add support for open wheel and no attachment to T300
xfrm: fix tunnel model fragmentation behavior
ARM: mstar: Select HAVE_ARM_ARCH_TIMER
virtio_console: break out of buf poll on remove
vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
tools/virtio: fix virtio_test execution
ethernet: sun: Free the coherent when failing in probing
gpio: Revert regression in sysfs-gpio (gpiolib.c)
spi: Fix invalid sgs value
net:mcf8390: Use platform_get_irq() to get the interrupt
Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
spi: Fix erroneous sgs value with min_t()
Input: zinitix - do not report shadow fingers
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
net: dsa: microchip: add spi_device_id tables
selftests: vm: fix clang build error multiple output files
locking/lockdep: Avoid potential access of invalid memory in lock_class
drm/amdgpu: move PX checking into amdgpu_device_ip_early_init
drm/amdgpu: only check for _PR3 on dGPUs
iommu/iova: Improve 32-bit free space estimate
virtio-blk: Use blk_validate_block_size() to validate block size
tpm: fix reference counting for struct tpm_chip
usb: typec: tipd: Forward plug orientation to typec subsystem
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
xhci: fix garbage USBSTS being logged in some cases
xhci: fix runtime PM imbalance in USB2 resume
xhci: make xhci_handshake timeout for xhci_reset() adjustable
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
mei: me: disable driver on the ign firmware
mei: me: add Alder Lake N device id.
mei: avoid iterator usage outside of list_for_each_entry
bus: mhi: pci_generic: Add mru_default for Quectel EM1xx series
bus: mhi: Fix MHI DMA structure endianness
docs: sphinx/requirements: Limit jinja2<3.1
coresight: Fix TRCCONFIGR.QE sysfs interface
coresight: syscfg: Fix memleak on registration failure in cscfg_create_device
iio: afe: rescale: use s64 for temporary scale calculations
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
greybus: svc: fix an error handling bug in gb_svc_hello()
clk: rockchip: re-add rational best approximation algorithm to the fractional divider
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
cifs: fix handlecache and multiuser
cifs: we do not need a spinlock around the tree access during umount
KEYS: fix length validation in keyctl_pkey_params_get_2()
KEYS: asymmetric: enforce that sig algo matches key algo
KEYS: asymmetric: properly validate hash_algo and encoding
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
firmware: stratix10-svc: add missing callback parameter on RSU
firmware: sysfb: fix platform-device leak in error path
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR
NFSD: prevent underflow in nfssvc_decode_writeargs()
NFSD: prevent integer overflow on 32 bit systems
f2fs: fix to unlock page correctly in error path of is_alive()
f2fs: quota: fix loop condition at f2fs_quota_sync()
f2fs: fix to do sanity check on .cp_pack_total_block_count
remoteproc: Fix count check in rproc_coredump_write()
mm/mlock: fix two bugs in user_shm_lock()
pinctrl: ingenic: Fix regmap on X series SoCs
pinctrl: samsung: drop pin banks references on error paths
net: bnxt_ptp: fix compilation error
spi: mxic: Fix the transmit path
mtd: rawnand: protect access to rawnand devices while in suspend
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
can: m_can: m_can_tx_handler(): fix use after free of skb
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm: fs: fix lru_cache_disabled race in bh_lru
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mm: invalidate hwpoison page cache page in fault path
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: core: sd: Add silence_suspend flag to suppress some PM messages
scsi: ufs: Fix runtime PM messages never-ending cycle
scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
riscv: dts: canaan: Fix SPI3 bus width
riscv: Fix fill_callchain return value
riscv: Increase stack size under KASAN
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
cifs: prevent bad output lengths in smb2_ioctl_query_info()
cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
ALSA: cs4236: fix an incorrect NULL check on list iterator
ALSA: hda: Avoid unsol event during RPM suspending
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
rtc: mc146818-lib: fix locking in mc146818_set_time
rtc: pl031: fix rtc features null pointer dereference
ocfs2: fix crash when mount with quota enabled
drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels
mm: madvise: skip unmapped vma holes passed to process_madvise
mm: madvise: return correct bytes advised with process_madvise
Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
mm,hwpoison: unmap poisoned page before invalidation
mm/kmemleak: reset tag when compare object pointer
dm stats: fix too short end duration_ns when using precise_timestamps
dm: fix use-after-free in dm_cleanup_zoned_dev()
dm: interlock pending dm_io and dm_wait_for_bios_completion
dm: fix double accounting of flush with data
dm integrity: set journal entry unused when shrinking device
tracing: Have trace event string test handle zero length strings
drbd: fix potential silent data corruption
powerpc/kvm: Fix kvm_use_magic_page
PCI: fu740: Force 2.5GT/s for initial device probe
arm64: signal: nofpsimd: Do not allocate fp/simd context when not available
arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones
arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2
arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"
ACPI: properties: Consistently return -ENOENT if there are no more references
coredump: Also dump first pages of non-executable ELF libraries
ext4: fix ext4_fc_stats trace point
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
ext4: make mb_optimize_scan performance mount option work with extents
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
samples/landlock: Fix path_list memory leak
landlock: Use square brackets around "landlock-ruleset"
mailbox: tegra-hsp: Flush whole channel
block: limit request dispatch loop duration
block: don't merge across cgroup boundaries if blkcg is enabled
drm/edid: check basic audio support on CEA extension block
fbdev: Hot-unplug firmware fb devices on forced removal
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
rfkill: make new event layout opt-in
ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
mgag200 fix memmapsl configuration in GCTL6 register
carl9170: fix missing bit-wise or operator for tx_params
pstore: Don't use semaphores in always-atomic-context code
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
exec: Force single empty string when argv is empty
crypto: rsa-pkcs1pad - only allow with rsa
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
crypto: rsa-pkcs1pad - restore signature length check
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
bcache: fixup multiple threads crash
PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
DEC: Limit PMAX memory probing to R3k systems
media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3
media: venus: venc: Fix h264 8x8 transform control
media: davinci: vpif: fix unbalanced runtime PM get
media: davinci: vpif: fix unbalanced runtime PM enable
btrfs: zoned: mark relocation as writing
btrfs: extend locking to all space_info members accesses
btrfs: verify the tranisd of the to-be-written dirty extent buffer
xtensa: define update_mmu_tlb function
xtensa: fix stop_machine_cpuslocked call in patch_text
xtensa: fix xtensa_wsr always writing 0
drm/syncobj: flatten dma_fence_chains on transfer
drm/nouveau/backlight: Fix LVDS backlight detection on some laptops
drm/nouveau/backlight: Just set all backlight types as RAW
drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
brcmfmac: pcie: Declare missing firmware files in pcie.c
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: pcie: Fix crashes due to early IRQs
drm/i915/opregion: check port number bounds for SWSCI display power state
drm/i915/gem: add missing boundary check in vm_access
PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
PCI: pciehp: Clear cmd_busy bit in polling mode
PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
regulator: qcom_smd: fix for_each_child.cocci warnings
selinux: access superblock_security_struct in LSM blob way
selinux: check return value of sel_make_avc_files
crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked()
hwrng: cavium - Check health status while reading random data
hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
crypto: sun8i-ss - really disable hash on A80
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
selinux: Fix selinux_sb_mnt_opts_compat()
thermal: int340x: Check for NULL after calling kmemdup()
crypto: octeontx2 - remove CONFIG_DM_CRYPT check
spi: tegra114: Add missing IRQ check in tegra_spi_probe
spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe
stack: Constrain and fix stack offset randomization with Clang builds
arm64/mm: avoid fixmap race condition when create pud mapping
blk-cgroup: set blkg iostat after percpu stat aggregation
selftests/x86: Add validity check and allow field splitting
selftests/sgx: Treat CC as one argument
crypto: rockchip - ECB does not need IV
audit: log AUDIT_TIME_* records only from rules
EVM: fix the evm= __setup handler return value
crypto: ccree - don't attempt 0 len DMA mappings
crypto: hisilicon/sec - fix the aead software fallback for engine
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
nvme: cleanup __nvme_check_ids
nvme: fix the check for duplicate unique identifiers
block: don't delete queue kobject before its children
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
hwrng: atmel - disable trng on failure path
crypto: sun8i-ss - call finalize with bh disabled
crypto: sun8i-ce - call finalize with bh disabled
crypto: amlogic - call finalize with bh disabled
crypto: gemini - call finalize with bh disabled
crypto: vmx - add missing dependencies
clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix
clocksource/drivers/exynos_mct: Refactor resources allocation
clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts
clocksource/drivers/timer-microchip-pit64b: Use notrace
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
arm64: prevent instrumentation of bp hardening callbacks
KEYS: trusted: Fix trusted key backends when building as module
KEYS: trusted: Avoid calling null function trusted_key_exit
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: ccree - Fix use after free in cc_cipher_exit()
hwrng: nomadik - Change clk_disable to clk_disable_unprepare
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
io_uring: don't check unrelated req->open.how in accept request
io_uring: terminate manual loop iterator loop correctly for non-vecs
watch_queue: Fix NULL dereference in error cleanup
watch_queue: Actually free the watch
f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
sched/core: Export pelt_thermal_tp
sched/uclamp: Fix iowait boost escaping uclamp restriction
rseq: Remove broken uapi field layout on 32-bit little endian
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
sched/fair: Improve consistency of allowed NUMA balance calculations
f2fs: fix missing free nid in f2fs_handle_failed_inode
nfsd: more robust allocation failure handling in nfsd_file_cache_init
sched/cpuacct: Fix charge percpu cpuusage
sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race
f2fs: fix to avoid potential deadlock
btrfs: fix unexpected error path when reflinking an inline extent
f2fs: fix compressed file start atomic write may cause data corruption
selftests, x86: fix how check_cc.sh is being invoked
drivers/base/memory: add memory block to memory group after registration succeeded
kunit: make kunit_test_timeout compatible with comment
pinctrl: samsung: Remove EINT handler for Exynos850 ALIVE and CMGP gpios
media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size
media: camss: csid-170: fix non-10bit formats
media: camss: csid-170: don't enable unused irqs
media: camss: csid-170: set the right HALT_CMD when disabled
media: camss: vfe-170: fix "VFE halt timeout" error
media: staging: media: imx: imx7-mipi-csis: Make subdev name unique
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
media: mtk-vcodec: potential dereference of null pointer
media: imx: imx8mq-mipi-csi2: remove wrong irq config write operation
media: imx: imx8mq-mipi_csi2: fix system resume
media: bttv: fix WARNING regression on tunerless devices
media: atmel: atmel-sama7g5-isc: fix ispck leftover
ASoC: sh: rz-ssi: Drop calling rz_ssi_pio_recv() recursively
ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
ASoC: simple-card-utils: Set sysclk on all components
media: coda: Fix missing put_device() call in coda_get_vdoa_data
media: meson: vdec: potential dereference of null pointer
media: hantro: Fix overfill bottom register field name
media: ov6650: Fix set format try processing path
media: v4l: Avoid unaligned access warnings when printing 4cc modifiers
media: ov5648: Don't pack controls struct
media: aspeed: Correct value for h-total-pixels
video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen
video: fbdev: controlfb: Fix COMPILE_TEST build
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
ARM: dts: Fix OpenBMC flash layout label addresses
firmware: qcom: scm: Remove reassignment to desc following initializer
ARM: dts: qcom: ipq4019: fix sleep clock
soc: qcom: rpmpd: Check for null return of devm_kcalloc
soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
arm64: dts: qcom: sdm845: fix microphone bias properties and values
arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema
arm64: dts: broadcom: bcm4908: use proper TWD binding
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc
firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: sun8i: v3s: Move the csi1 block to follow address order
vsprintf: Fix potential unaligned access
ARM: dts: imx: Add missing LVDS decoder on M53Menlo
media: mexon-ge2d: fixup frames size in registers
media: video/hdmi: handle short reads of hdmi info frame.
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
media: em28xx: initialize refcount before kref_get
media: usb: go7007: s2250-board: fix leak in probe()
media: cedrus: H265: Fix neighbour info buffer size
media: cedrus: h264: Fix neighbour info buffer size
ASoC: codecs: rx-macro: fix accessing compander for aux
ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
ASoC: codecs: wcd938x: fix kcontrol max values
ASoC: codecs: wcd934x: fix kcontrol max values
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
media: v4l2-core: Initialize h264 scaling matrix
media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated
selftests/lkdtm: Add UBSAN config
lib: uninline simple_strntoull() as well
vsprintf: Fix %pK with kptr_restrict == 0
uaccess: fix nios2 and microblaze get_user_8()
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
soc: mediatek: pm-domains: Add wakeup capacity support in power domain
mmc: sdhci_am654: Fix the driver data of AM64 SoC
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: dwc-i2s: Handle errors for clk_enable
ASoC: soc-compress: prevent the potentially use of null pointer
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
media: vidtv: Check for null return of vzalloc
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
media: saa7134: fix incorrect use to determine if list is empty
ivtv: fix incorrect device_caps for ivtvfb
ASoC: atmel: Fix error handling in snd_proto_probe
ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe
ASoC: SOF: Add missing of_node_put() in imx8m_probe
ASoC: mediatek: use of_device_get_match_data()
ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe
ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: fsl_spdif: Disable TX clock when stop
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: SOF: Intel: enable DMI L1 for playback streams
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mmc: davinci_mmc: Handle error for clk_enable
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
ASoC: amd: Fix reference to PCM buffer address
ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS
ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx
drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx()
drm/meson: split out encoder from meson_dw_hdmi
drm/meson: Fix error handling when afbcd.ops->init fails
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
drm: bridge: adv7511: Fix ADV7535 HPD enablement
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
drm/v3d/v3d_drv: Check for error num after setting mask
drm/panfrost: Check for error num after setting mask
libbpf: Fix possible NULL pointer dereference when destroying skeleton
bpftool: Only set obj->skeleton on complete success
udmabuf: validate ubuf->pagecount
bpf: Fix UAF due to race between btf_try_get_module and load_module
drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode
selftests: bpf: Fix bind on used port
Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products
Bluetooth: hci_serdev: call init_rwsem() before p->open()
mtd: onenand: Check for error irq
mtd: rawnand: gpmi: fix controller timings setting
drm/edid: Don't clear formats if using deep color
drm/edid: Split deep color modes between RGB and YUV444
ionic: fix type complaint in ionic_dev_cmd_clean()
ionic: start watchdog after all is setup
ionic: Don't send reset commands if FW isn't running
drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
net: phy: at803x: move page selection fix to config_init
selftests/bpf: Normalize XDP section names in selftests
selftests/bpf/test_xdp_redirect_multi: use temp netns for testing
ath9k_htc: fix uninit value bugs
RDMA/core: Set MR type in ib_reg_user_mr
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
selftests/net: timestamping: Fix bind_phc check
i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
i40e: respect metadata on XSK Rx to skb
igc: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly
ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
ixgbe: respect metadata on XSK Rx to skb
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch
KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
powerpc/perf: Don't use perf_hw_context for trace IMC PMU
mt76: connac: fix sta_rec_wtbl tag len
mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
mt76: mt7921: fix a leftover race in runtime-pm
mt76: mt7615: fix a leftover race in runtime-pm
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
ptp: unregister virtual clocks when unregistering physical clock.
net: dsa: mv88e6xxx: Enable port policy support on 6097
mac80211: Remove a couple of obsolete TODO
mac80211: limit bandwidth in HE capabilities
scripts/dtc: Call pkg-config POSIXly correct
livepatch: Fix build failure on 32 bits processors
net: asix: add proper error handling of usb read errors
i2c: bcm2835: Use platform_get_irq() to get the interrupt
i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()'
mtd: mchp23k256: Add SPI ID table
mtd: mchp48l640: Add SPI ID table
igc: avoid kernel warning when changing RX ring parameters
igb: refactor XDP registration
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
RDMA/rxe: Check the last packet by RXE_END_MASK
libbpf: Fix signedness bug in btf_dump_array_data()
cxl/core: Fix cxl_probe_component_regs() error message
cxl/regs: Fix size of CXL Capability Header Register
net:enetc: allocate CBD ring data memory using DMA coherent methods
libbpf: Fix compilation warning due to mismatched printf format
drm/bridge: dw-hdmi: use safe format when first in bridge chain
libbpf: Use dynamically allocated buffer when receiving netlink messages
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iommu/ipmmu-vmsa: Check for error num after setting mask
drm/bridge: anx7625: Fix overflow issue on reading EDID
bpftool: Fix the error when lookup in no-btf maps
drm/amd/pm: enable pm sysfs write for one VF mode
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
libbpf: Fix memleak in libbpf_netlink_recv()
IB/cma: Allow XRC INI QPs to set their local ACK timeout
dax: make sure inodes are flushed before destroy cache
selftests: mptcp: add csum mib check for mptcp_connect
iwlwifi: mvm: Don't call iwl_mvm_sta_from_mac80211() with NULL sta
iwlwifi: mvm: don't iterate unadded vifs when handling FW SMPS req
iwlwifi: mvm: align locking in D3 test debugfs
iwlwifi: yoyo: remove DBGI_SRAM address reset writing
iwlwifi: Fix -EIO error code that is never returned
iwlwifi: mvm: Fix an error code in iwl_mvm_up()
mtd: rawnand: pl353: Set the nand chip node as the flash node
drm/msm/dp: populate connector of struct dp_panel
drm/msm/dp: stop link training after link training 2 failed
drm/msm/dp: always add fail-safe mode into connector mode list
drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent
drm/msm/dsi/phy: fix 7nm v4.0 settings for C-PHY mode
drm/msm/dpu: add DSPP blocks teardown
drm/msm/dpu: fix dp audio condition
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
vfio/pci: fix memory leak during D3hot to D0 transition
vfio/pci: wake-up devices around reset functions
scsi: fnic: Fix a tracing statement
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config()
scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
scsi: pm8001: Fix NCQ NON DATA command task initialization
scsi: pm8001: Fix NCQ NON DATA command completion handling
scsi: pm8001: Fix abort all task initialization
RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
drm/amd/display: Remove vupdate_int_entry definition
TOMOYO: fix __setup handlers return values
power: supply: sbs-charger: Don't cancel work that is not initialized
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
scsi: hisi_sas: Change permission of parameter prot_mask
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
bpf, arm64: Call build_prologue() first in first JIT pass
bpf, arm64: Feed byte-offset into bpf line info
xsk: Fix race at socket teardown
RDMA/irdma: Fix netdev notifications for vlan's
RDMA/irdma: Fix Passthrough mode in VM
RDMA/irdma: Remove incorrect masking of PD
gpu: host1x: Fix a memory leak in 'host1x_remove()'
libbpf: Skip forward declaration when counting duplicated type names
powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
hv_balloon: rate-limit "Unhandled message" warning
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
IB/hfi1: Allow larger MTU without AIP
RDMA/core: Fix ib_qp_usecnt_dec() called when error
PCI: Reduce warnings on possible RW1C corruption
net: axienet: fix RX ring refill allocation failure handling
drm/msm/a6xx: Fix missing ARRAY_SIZE() check
mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
MIPS: Sanitise Cavium switch cases in TLB handler synthesizers
powerpc/sysdev: fix incorrect use to determine if list is empty
powerpc/64s: Don't use DSISR for SLB faults
mfd: mc13xxx: Add check for mc13xxx_irq_request
libbpf: Unmap rings when umem deleted
selftests/bpf: Make test_lwt_ip_encap more stable and faster
platform/x86: huawei-wmi: check the return value of device_create_file()
scsi: mpt3sas: Fix incorrect 4GB boundary check
powerpc: 8xx: fix a return value error in mpc8xx_pic_init
vxcan: enable local echo for sent CAN frames
ath10k: Fix error handling in ath10k_setup_msa_resources
mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
MIPS: RB532: fix return value of __setup handler
MIPS: pgalloc: fix memory leak caused by pgd_free()
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
power: ab8500_chargalg: Use CLOCK_MONOTONIC
RDMA/irdma: Prevent some integer underflows
Revert "RDMA/core: Fix ib_qp_usecnt_dec() called when error"
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
bpf, sockmap: Fix memleak in sk_psock_queue_msg
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix more uncharged while msg has more_data
bpf, sockmap: Fix double uncharge the mem of sk_msg
samples/bpf, xdpsock: Fix race when running for fix duration of time
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
drm/i915/display: Fix HPD short pulse handling for eDP
netfilter: flowtable: Fix QinQ and pppoe support for inet table
mt76: mt7921: fix mt7921_queues_acq implementation
can: isotp: sanitize CAN ID checks in isotp_bind()
can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
can: isotp: support MSG_TRUNC flag when reading from socket
bareudp: use ipv6_mod_enabled to check if IPv6 enabled
ibmvnic: fix race between xmit and reset
af_unix: Fix some data-races around unix_sk(sk)->oob_skb.
selftests/bpf: Fix error reporting from sock_fields programs
Bluetooth: hci_uart: add missing NULL check in h5_enqueue
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
af_netlink: Fix shift out of bounds in group mask calculation
i2c: meson: Fix wrong speed use from probe
netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
powerpc/pseries: Fix use after free in remove_phb_dynamic()
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
PCI: Avoid broken MSI on SB600 USB devices
net: bcmgenet: Use stronger register read/writes to assure ordering
tcp: ensure PMTU updates are processed during fastopen
openvswitch: always update flow key after nat
net: dsa: fix panic on shutdown if multi-chip tree failed to probe
tipc: fix the timer expires after interval 100ms
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
ice: fix 'scheduling while atomic' on aux critical err interrupt
ice: don't allow to run ice_send_event_to_aux() in atomic ctx
drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool
kernel/resource: fix kfree() of bootmem memory again
staging: r8188eu: convert DBG_88E_LEVEL call in hal/rtl8188e_hal_init.c
staging: r8188eu: release_firmware is not called if allocation fails
mxser: fix xmit_buf leak in activate when LSR == 0xff
fsi: scom: Fix error handling
fsi: scom: Remove retries in indirect scoms
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
pps: clients: gpio: Propagate return value from pps_gpio_probe
fsi: Aspeed: Fix a potential double free
misc: alcor_pci: Fix an error handling path
cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
soundwire: intel: fix wrong register name in intel_shim_wake
clk: qcom: ipq8074: fix PCI-E clock oops
dmaengine: idxd: check GENCAP config support for gencfg register
dmaengine: idxd: change bandwidth token to read buffers
dmaengine: idxd: restore traffic class defaults after wq reset
iio: mma8452: Fix probe failing when an i2c_device_id is used
serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
pinctrl: renesas: checker: Fix miscalculation of number of states
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
phy: phy-brcm-usb: fixup BCM4908 support
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250_lpss: Balance reference count for PCI DMA device
NFS: Use of mapping_set_error() results in spurious errors
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
habanalabs: Add check for pci_enable_device
NFS: Return valid errors from nfs2/3_decode_dirent()
staging: r8188eu: fix endless loop in recv_func
dma-debug: fix return value of __setup handlers
clk: imx7d: Remove audio_mclk_root_clk
clk: imx: off by one in imx_lpcg_parse_clks_from_dt()
clk: at91: sama7g5: fix parents of PDMCs' GCLK
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
clk: qcom: clk-rcg2: Update the frac table for pixel clock
dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
nvdimm/region: Fix default alignment for small regions
clk: actions: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
clk: hisilicon: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: Fix clk_hw_get_clk() when dev is NULL
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
mailbox: imx: fix crash in resume on i.mx8ulp
NFS: remove unneeded check in decode_devicenotify_args()
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
staging: mt7621-dts: fix formatting
staging: mt7621-dts: fix pinctrl properties for ethernet
staging: mt7621-dts: fix GB-PC2 devicetree
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
pinctrl: mediatek: paris: Fix pingroup pin config state readback
pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs
pinctrl: microchip sgpio: use reset driver
pinctrl: microchip-sgpio: lock RMW access
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
serial: 8250: fix XOFF/XON sending when DMA is used
virt: acrn: obtain pa from VMA with PFNMAP flag
virt: acrn: fix a memory leak in acrn_dev_ioctl()
kgdbts: fix return value of __setup handler
firmware: google: Properly state IOMEM dependency
driver core: dd: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
SUNRPC don't resend a task on an offlined transport
NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
kdb: Fix the putarea helper function
perf stat: Fix forked applications enablement of counters
clk: qcom: gcc-msm8994: Fix gpll4 width
vsock/virtio: initialize vdev->priv before using VQs
vsock/virtio: read the negotiated features before using VQs
vsock/virtio: enable VQs early on probe
clk: Initialize orphan req_rate
xen: fix is_xen_pmu()
net: enetc: report software timestamping via SO_TIMESTAMPING
net: hns3: fix bug when PF set the duplicate MAC address for VFs
net: hns3: fix port base vlan add fail when concurrent with reset
net: hns3: add vlan list lock to protect vlan list
net: hns3: format the output of the MAC address
net: hns3: refine the process when PF set VF VLAN
net: phy: broadcom: Fix brcm_fet_config_init()
selftests: test_vxlan_under_vrf: Fix broken test case
NFS: Don't loop forever in nfs_do_recoalesce()
net: hns3: clean residual vf config after disable sriov
net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
net: sparx5: switchdev: fix possible NULL pointer dereference
octeontx2-af: initialize action variable
net: prefer nf_ct_put instead of nf_conntrack_put
net/sched: act_ct: fix ref leak when switching zones
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
fs: fd tables have to be multiples of BITS_PER_LONG
lib/test: use after free in register_test_dev_kmod()
fs: fix fd table size alignment properly
LSM: general protection fault in legacy_parse_param
regulator: rpi-panel: Handle I2C errors/timing to the Atmel
crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos
gcc-plugins/stackleak: Exactly match strings instead of prefixes
pinctrl: npcm: Fix broken references to chip->parent_device
rcu: Mark writes to the rcu_segcblist structure's ->flags field
block/bfq_wf2q: correct weight to ioprio
crypto: xts - Add softdep on ecb
crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3
block, bfq: don't move oom_bfqq
selinux: use correct type for context length
arm64: module: remove (NOLOAD) from linker script
selinux: allow FIOCLEX and FIONCLEX with policy capability
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/qcom-pdc: Fix broken locking
irqchip/nvic: Release nvic_base upon failure
fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
bfq: fix use-after-free in bfq_dispatch_request
ACPICA: Avoid walking the ACPI Namespace if it is not there
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
Revert "Revert "block, bfq: honor already-setup queue merges""
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
parisc: Fix handling off probe non-access faults
nvme-tcp: lockdep: annotate in-kernel sockets
spi: tegra20: Use of_device_get_match_data()
atomics: Fix atomic64_{read_acquire,set_release} fallbacks
locking/lockdep: Iterate lock_classes directly when reading lockdep files
ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
sched/tracing: Report TASK_RTLOCK_WAIT tasks as TASK_UNINTERRUPTIBLE
ext4: don't BUG if someone dirty pages without asking ext4 first
f2fs: fix to do sanity check on curseg->alloc_type
NFSD: Fix nfsd_breaker_owns_lease() return values
f2fs: don't get FREEZE lock in f2fs_evict_inode in frozen fs
btrfs: harden identification of a stale device
btrfs: make search_csum_tree return 0 if we get -EFBIG
f2fs: use spin_lock to avoid hang
f2fs: compress: fix to print raw data size in error path of lz4 decompression
Adjust cifssb maximum read size
ntfs: add sanity check on allocation size
media: staging: media: zoran: move videodev alloc
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
media: staging: media: zoran: fix various V4L2 compliance errors
media: atmel: atmel-isc-base: report frame sizes as full supported range
media: ir_toy: free before error exiting
ASoC: sh: rz-ssi: Make the data structures available before registering the handlers
ASoC: SOF: Intel: match sdw version on link_slaves_found
media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers
media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has
media: iommu/mediatek: Return ENODEV if the device is NULL
media: iommu/mediatek: Add device_link between the consumer and the larb devices
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ASoC: madera: Add dependencies on MFD
media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards
media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
ARM: ftrace: avoid redundant loads or clobbering IP
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
arm64: defconfig: build imx-sdma as a module
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
ARM: dts: bcm2711: Add the missing L1/L2 cache information
ASoC: soc-core: skip zero num_dai component in searching dai name
media: imx-jpeg: fix a bug of accessing array out of bounds
media: cx88-mpeg: clear interrupt status register before streaming video
uaccess: fix type mismatch warnings from access_ok()
lib/test_lockup: fix kernel pointer check for separate address spaces
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
ASoC: amd: vg: fix for pm resume callback sequence
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: i2c: ov5648: Fix lockdep error
media: Revert "media: em28xx: add missing em28xx_close_extension"
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13"
tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: atomisp: fix bad usage at error handling logic
ALSA: hda/realtek: Add alc256-samsung-headphone fixup
KVM: x86: Reinitialize context if host userspace toggles EFER.LME
KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root()
KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb()
KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls
KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
powerpc/kasan: Fix early region not updated correctly
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
powerpc: Add set_memory_{p/np}() and remove set_memory_attr()
powerpc: Fix build errors with newer binutils
drm/dp: Fix off-by-one in register cache size
drm/i915: Treat SAGV block time 0 as SAGV disabled
drm/i915: Fix PSF GV point mask when SAGV is not possible
drm/i915: Reject unsupported TMDS rates on ICL+
scsi: qla2xxx: Refactor asynchronous command initialization
scsi: qla2xxx: Implement ref count for SRB
scsi: qla2xxx: Fix stuck session in gpdb
scsi: qla2xxx: Fix warning message due to adisc being flushed
scsi: qla2xxx: Fix scheduling while atomic
scsi: qla2xxx: Fix premature hw access after PCI error
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Fix device reconnect in loop topology
scsi: qla2xxx: edif: Fix clang warning
scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters
scsi: qla2xxx: Add devids and conditionals for 28xx
scsi: qla2xxx: Check for firmware dump already collected
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
scsi: qla2xxx: Fix disk failure to rediscover
scsi: qla2xxx: Fix incorrect reporting of task management failure
scsi: qla2xxx: Fix hang due to session stuck
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
scsi: qla2xxx: Fix N2N inconsistent PLOGI
scsi: qla2xxx: Fix stuck session of PRLI reject
scsi: qla2xxx: Reduce false trigger to login
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
platform: chrome: Split trace include file
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
KVM: Prevent module exit until all VMs are freed
KVM: x86: fix sending PV IPI
KVM: SVM: fix panic on out-of-bounds guest IRQ
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: Rename whiteout atomically
ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work
ubifs: Rectify space amount budget for mkdir/tmpfile operations
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: Fix to add refcount once page is set private
ubifs: rename_whiteout: correct old_dir size computing
nvme: allow duplicate NSIDs for private namespaces
nvme: fix the read-only state for zoned namespaces with unsupposed features
wireguard: queueing: use CFI-safe ptr_ring cleanup function
wireguard: socket: free skb in send6 when ipv6 is disabled
wireguard: socket: ignore v6 endpoints when ipv6 is disabled
XArray: Fix xas_create_range() when multi-order entry present
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value
XArray: Update the LRU list in xas_split()
modpost: restore the warning message for missing symbol versions
rtc: check if __rtc_read_time was successful
gfs2: gfs2_setattr_size error path fix
gfs2: Make sure FITRIM minlen is rounded up to fs block size
net: hns3: fix the concurrency between functions reading debugfs
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
rxrpc: fix some null-ptr-deref bugs in server_key.c
rxrpc: Fix call timer start racing with call destruction
mailbox: imx: fix wakeup failure from freeze mode
crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
watch_queue: Free the page array when watch_queue is dismantled
pinctrl: pinconf-generic: Print arguments for bias-pull-*
watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function
net: sparx5: uses, depends on BRIDGE or !BRIDGE
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ARM: iop32x: offset IRQ numbers by 1
block: Fix the maximum minor value is blk_alloc_ext_minor()
io_uring: fix memory leak of uid in files registration
riscv module: remove (NOLOAD)
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
vhost: handle error while adding split ranges to iotlb
spi: Fix Tegra QSPI example
platform/chrome: cros_ec_typec: Check for EC device
can: isotp: restore accidentally removed MSG_PEEK feature
proc: bootconfig: Add null pointer check
drm/connector: Fix typo in documentation
scsi: qla2xxx: Add qla2x00_async_done() for async routines
staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet
arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition
ASoC: soc-compress: Change the check for codec_dai
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
tracing: Have type enum modifications copy the strings
net: add skb_set_end_offset() helper
net: preserve skb_end_offset() in skb_unclone_keeptruesize()
mm/mmap: return 1 from stack_guard_gap __setup() handler
ARM: 9187/1: JIVE: fix return value of __setup handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/usercopy: return 1 from hardened_usercopy __setup() handler
af_unix: Support POLLPRI for OOB.
bpf: Adjust BPF stack helper functions to accommodate skip > 0
bpf: Fix comment for helper bpf_current_task_under_cgroup()
mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM
dt-bindings: mtd: nand-controller: Fix the reg property description
dt-bindings: mtd: nand-controller: Fix a comment in the examples
dt-bindings: spi: mxic: The interrupt property is not mandatory
dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167
dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV
ASoC: topology: Allow TLV control to be either read or write
perf vendor events: Update metrics for SkyLake Server
media: ov6650: Add try support to selection API operations
media: ov6650: Fix crop rectangle affected by set format
spi: mediatek: support tick_delay without enhance_timing
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
arm64: dts: ls1043a: Update i2c dma properties
arm64: dts: ls1046a: Update i2c node dma properties
um: Fix uml_mconsole stop/go
docs: sysctl/kernel: add missing bit to panic_print
openvswitch: Fixed nd target mask field in the flow dump.
torture: Make torture.sh help message match reality
n64cart: convert bi_disk to bi_bdev->bd_disk fix build
mmc: rtsx: Let MMC core handle runtime PM
mmc: rtsx: Fix build errors/warnings for unused variable
KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
iommu/dma: Skip extra sync during unmap w/swiotlb
iommu/dma: Fold _swiotlb helpers into callers
iommu/dma: Check CONFIG_SWIOTLB more broadly
swiotlb: Support aligned swiotlb buffers
iommu/dma: Account for min_align_mask w/swiotlb
coredump: Snapshot the vmas in do_coredump
coredump: Remove the WARN_ON in dump_vma_snapshot
coredump/elf: Pass coredump_params into fill_note_info
coredump: Use the vma snapshot in fill_files_note
PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
Linux 5.15.33
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id62bd8a22d0bfa7c2096539d253ffce804bed017
|
||
|
Jean-Philippe Brucker
|
ba965e8605 |
skbuff: fix coalescing for page_pool fragment recycling
[ Upstream commit 1effe8ca4e34c34cdd9318436a4232dcb582ebf4 ]
Fix a use-after-free when using page_pool with page fragments. We
encountered this problem during normal RX in the hns3 driver:
(1) Initially we have three descriptors in the RX queue. The first one
allocates PAGE1 through page_pool, and the other two allocate one
half of PAGE2 each. Page references look like this:
RX_BD1 _______ PAGE1
RX_BD2 _______ PAGE2
RX_BD3 _________/
(2) Handle RX on the first descriptor. Allocate SKB1, eventually added
to the receive queue by tcp_queue_rcv().
(3) Handle RX on the second descriptor. Allocate SKB2 and pass it to
netif_receive_skb():
netif_receive_skb(SKB2)
ip_rcv(SKB2)
SKB3 = skb_clone(SKB2)
SKB2 and SKB3 share a reference to PAGE2 through
skb_shinfo()->dataref. The other ref to PAGE2 is still held by
RX_BD3:
SKB2 ---+- PAGE2
SKB3 __/ /
RX_BD3 _________/
(3b) Now while handling TCP, coalesce SKB3 with SKB1:
tcp_v4_rcv(SKB3)
tcp_try_coalesce(to=SKB1, from=SKB3) // succeeds
kfree_skb_partial(SKB3)
skb_release_data(SKB3) // drops one dataref
SKB1 _____ PAGE1
\____
SKB2 _____ PAGE2
/
RX_BD3 _________/
In skb_try_coalesce(), __skb_frag_ref() takes a page reference to
PAGE2, where it should instead have increased the page_pool frag
reference, pp_frag_count. Without coalescing, when releasing both
SKB2 and SKB3, a single reference to PAGE2 would be dropped. Now
when releasing SKB1 and SKB2, two references to PAGE2 will be
dropped, resulting in underflow.
(3c) Drop SKB2:
af_packet_rcv(SKB2)
consume_skb(SKB2)
skb_release_data(SKB2) // drops second dataref
page_pool_return_skb_page(PAGE2) // drops one pp_frag_count
SKB1 _____ PAGE1
\____
PAGE2
/
RX_BD3 _________/
(4) Userspace calls recvmsg()
Copies SKB1 and releases it. Since SKB3 was coalesced with SKB1, we
release the SKB3 page as well:
tcp_eat_recv_skb(SKB1)
skb_release_data(SKB1)
page_pool_return_skb_page(PAGE1)
page_pool_return_skb_page(PAGE2) // drops second pp_frag_count
(5) PAGE2 is freed, but the third RX descriptor was still using it!
In our case this causes IOMMU faults, but it would silently corrupt
memory if the IOMMU was disabled.
Change the logic that checks whether pp_recycle SKBs can be coalesced.
We still reject differing pp_recycle between 'from' and 'to' SKBs, but
in order to avoid the situation described above, we also reject
coalescing when both 'from' and 'to' are pp_recycled and 'from' is
cloned.
The new logic allows coalescing a cloned pp_recycle SKB into a page
refcounted one, because in this case the release (4) will drop the right
reference, the one taken by skb_try_coalesce().
Fixes:
|
||
|
Eric Dumazet
|
23629b673b |
net: preserve skb_end_offset() in skb_unclone_keeptruesize()
commit 2b88cba55883eaafbc9b7cbff0b2c7cdba71ed01 upstream.
syzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len)
in skb_try_coalesce() [1]
I was able to root cause the issue to kfence.
When kfence is in action, the following assertion is no longer true:
int size = xxxx;
void *ptr1 = kmalloc(size, gfp);
void *ptr2 = kmalloc(size, gfp);
if (ptr1 && ptr2)
ASSERT(ksize(ptr1) == ksize(ptr2));
We attempted to fix these issues in the blamed commits, but forgot
that TCP was possibly shifting data after skb_unclone_keeptruesize()
has been used, notably from tcp_retrans_try_collapse().
So we not only need to keep same skb->truesize value,
we also need to make sure TCP wont fill new tailroom
that pskb_expand_head() was able to get from a
addr = kmalloc(...) followed by ksize(addr)
Split skb_unclone_keeptruesize() into two parts:
1) Inline skb_unclone_keeptruesize() for the common case,
when skb is not cloned.
2) Out of line __skb_unclone_keeptruesize() for the 'slow path'.
WARNING: CPU: 1 PID: 6490 at net/core/skbuff.c:5295 skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295
Modules linked in:
CPU: 1 PID: 6490 Comm: syz-executor161 Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_try_coalesce+0x1235/0x1560 net/core/skbuff.c:5295
Code: bf 01 00 00 00 0f b7 c0 89 c6 89 44 24 20 e8 62 24 4e fa 8b 44 24 20 83 e8 01 0f 85 e5 f0 ff ff e9 87 f4 ff ff e8 cb 20 4e fa <0f> 0b e9 06 f9 ff ff e8 af b2 95 fa e9 69 f0 ff ff e8 95 b2 95 fa
RSP: 0018:ffffc900063af268 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000ffffffd5 RCX: 0000000000000000
RDX: ffff88806fc05700 RSI: ffffffff872abd55 RDI: 0000000000000003
RBP: ffff88806e675500 R08: 00000000ffffffd5 R09: 0000000000000000
R10: ffffffff872ab659 R11: 0000000000000000 R12: ffff88806dd554e8
R13: ffff88806dd9bac0 R14: ffff88806dd9a2c0 R15: 0000000000000155
FS: 00007f18014f9700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002000 CR3: 000000006be7a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
tcp_try_coalesce net/ipv4/tcp_input.c:4651 [inline]
tcp_try_coalesce+0x393/0x920 net/ipv4/tcp_input.c:4630
tcp_queue_rcv+0x8a/0x6e0 net/ipv4/tcp_input.c:4914
tcp_data_queue+0x11fd/0x4bb0 net/ipv4/tcp_input.c:5025
tcp_rcv_established+0x81e/0x1ff0 net/ipv4/tcp_input.c:5947
tcp_v4_do_rcv+0x65e/0x980 net/ipv4/tcp_ipv4.c:1719
sk_backlog_rcv include/net/sock.h:1037 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2779
release_sock+0x54/0x1b0 net/core/sock.c:3311
sk_wait_data+0x177/0x450 net/core/sock.c:2821
tcp_recvmsg_locked+0xe28/0x1fd0 net/ipv4/tcp.c:2457
tcp_recvmsg+0x137/0x610 net/ipv4/tcp.c:2572
inet_recvmsg+0x11b/0x5e0 net/ipv4/af_inet.c:850
sock_recvmsg_nosec net/socket.c:948 [inline]
sock_recvmsg net/socket.c:966 [inline]
sock_recvmsg net/socket.c:962 [inline]
____sys_recvmsg+0x2c4/0x600 net/socket.c:2632
___sys_recvmsg+0x127/0x200 net/socket.c:2674
__sys_recvmsg+0xe2/0x1a0 net/socket.c:2704
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: c4777efa751d ("net: add and use skb_unclone_keeptruesize() helper")
Fixes:
|
||
|
Eric Dumazet
|
51e458fc0c |
net: add skb_set_end_offset() helper
commit 763087dab97547230a6807c865a6a5ae53a59247 upstream. We have multiple places where this helper is convenient, and plan using it in the following patch. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
acd0c09fbb |
Revert "Revert "net-timestamp: convert sk->sk_tskey to atomic_t""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
16f06ae351 |
Merge 5.15.27 into android-5.15
Changes in 5.15.27
mac80211_hwsim: report NOACK frames in tx_status
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
i2c: bcm2835: Avoid clock stretching timeouts
ASoC: rt5668: do not block workqueue if card is unbound
ASoC: rt5682: do not block workqueue if card is unbound
regulator: core: fix false positive in regulator_late_cleanup()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
btrfs: get rid of warning on transaction commit when using flushoncommit
KVM: arm64: vgic: Read HW interrupt pending state from the HW
block: loop:use kstatfs.f_bsize of backing file to set discard granularity
tipc: fix a bit overflow in tipc_crypto_key_rcv()
cifs: do not use uninitialized data in the owner/group sid
cifs: fix double free race when mount fails in cifs_get_root()
HID: amd_sfh: Handle amd_sfh work buffer in PM ops
HID: amd_sfh: Add functionality to clear interrupts
HID: amd_sfh: Add interrupt handler to process interrupts
cifs: modefromsids must add an ACE for authenticated users
selftests/seccomp: Fix seccomp failure by adding missing headers
drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby
selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
dmaengine: shdma: Fix runtime PM imbalance on error
i2c: cadence: allow COMPILE_TEST
i2c: imx: allow COMPILE_TEST
i2c: qup: allow COMPILE_TEST
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
usb: gadget: don't release an existing dev->buf
usb: gadget: clear related members when goto fail
exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
exfat: fix i_blocks for files truncated over 4 GiB
tracing: Add test for user space strings when filtering on string pointers
arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
serial: stm32: prevent TDR register overwrite when sending x_char
ext4: drop ineligible txn start stop APIs
ext4: simplify updating of fast commit stats
ext4: fast commit may not fallback for ineligible commit
ext4: fast commit may miss file actions
sched/fair: Fix fault in reweight_entity
ata: pata_hpt37x: fix PCI clock detection
drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
tracing: Add ustring operation to filtering string pointers
ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment()
NFSD: Fix zero-length NFSv3 WRITEs
io_uring: fix no lock protection for ctx->cq_extra
tools/resolve_btf_ids: Close ELF file on error
mtd: spi-nor: Fix mtd size for s3an flashes
MIPS: fix local_{add,sub}_return on MIPS64
signal: In get_signal test for signal_group_exit every time through the loop
PCI: mediatek-gen3: Disable DVFSRC voltage request
PCI: rcar: Check if device is runtime suspended instead of __clk_is_enabled()
PCI: dwc: Do not remap invalid res
PCI: aardvark: Fix checking for MEM resource type
KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest
KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU
KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
KVM: X86: Ensure that dirty PDPTRs are loaded
KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg
KVM: x86: Exit to userspace if emulation prepared a completion callback
i3c: fix incorrect address slot lookup on 64-bit
i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
tracing: Do not let synth_events block other dyn_event systems during create
Input: ti_am335x_tsc - set ADCREFM for X configuration
Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
PCI: mvebu: Check for errors from pci_bridge_emul_init() call
PCI: mvebu: Do not modify PCI IO type bits in conf_write
PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge
PCI: mvebu: Setup PCIe controller to Root Complex mode
PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge
PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge
NFSD: Fix verifier returned in stable WRITEs
Revert "nfsd: skip some unnecessary stats in the v4 case"
nfsd: fix crash on COPY_NOTIFY with special stateid
x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi()
drm/i915: don't call free_mmap_offset when purging
SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point
SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points
drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode
ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
ntb_hw_switchtec: Fix bug with more than 32 partitions
drm/amdkfd: Check for null pointer after calling kmemdup
drm/amdgpu: use spin_lock_irqsave to avoid deadlock by local interrupt
i3c: master: dw: check return of dw_i3c_master_get_free_pos()
dma-buf: cma_heap: Fix mutex locking section
tracing/uprobes: Check the return value of kstrdup() for tu->filename
tracing/probes: check the return value of kstrndup() for pbuf
mm: defer kmemleak object creation of module_alloc()
kasan: fix quarantine conflicting with init_on_free
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting
hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
drm/amdgpu/display: Only set vblank_disable_immediate when PSR is not enabled
drm/amdgpu: filter out radeon PCI device IDs
drm/amdgpu: filter out radeon secondary ids as well
drm/amd/display: Use adjusted DCN301 watermarks
drm/amd/display: move FPU associated DSC code to DML folder
ethtool: Fix link extended state for big endian
octeontx2-af: Optimize KPU1 processing for variable-length headers
octeontx2-af: Reset PTP config in FLR handler
octeontx2-af: cn10k: RPM hardware timestamp configuration
octeontx2-af: cn10k: Use appropriate register for LMAC enable
octeontx2-af: Adjust LA pointer for cpt parse header
octeontx2-af: Add KPU changes to parse NGIO as separate layer
net/mlx5e: IPsec: Refactor checksum code in tx data path
net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic
bpf: Use u64_stats_t in struct bpf_prog_stats
bpf: Fix possible race in inc_misses_counter
drm/amd/display: Update watermark values for DCN301
drm: mxsfb: Set fallback bus format when the bridge doesn't provide one
drm: mxsfb: Fix NULL pointer dereference
riscv/mm: Add XIP_FIXUP for phys_ram_base
drm/i915/display: split out dpt out of intel_display.c
drm/i915/display: Move DRRS code its own file
drm/i915: Disable DRRS on IVB/HSW port != A
gve: Recording rx queue before sending to napi
net: dsa: ocelot: seville: utilize of_mdiobus_register
net: dsa: seville: register the mdiobus under devres
ibmvnic: don't release napi in __ibmvnic_open()
of: net: move of_net under net/
net: ethernet: litex: Add the dependency on HAS_IOMEM
drm/mediatek: mtk_dsi: Reset the dsi0 hardware
cifs: protect session channel fields with chan_lock
cifs: fix confusing unneeded warning message on smb2.1 and earlier
drm/amd/display: Fix stream->link_enc unassigned during stream removal
bnxt_en: Fix occasional ethtool -t loopback test failures
drm/amd/display: For vblank_disable_immediate, check PSR is really used
PCI: mvebu: Fix device enumeration regression
net: of: fix stub of_net helpers for CONFIG_NET=n
ALSA: intel_hdmi: Fix reference to PCM buffer address
ucounts: Fix systemd LimitNPROC with private users regression
riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
riscv: Fix config KASAN && DEBUG_VIRTUAL
iwlwifi: mvm: check debugfs_dir ptr before use
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
iommu/amd: Recover from event log overflow
drm/i915: s/JSP2/ICP2/ PCH
drm/amd/display: Reduce dmesg error to a debug print
xen/netfront: destroy queues before real_num_tx_queues is zeroed
thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
mac80211: fix EAPoL rekey fail in 802.3 rx path
blktrace: fix use after free for struct blk_trace
ntb: intel: fix port config status offset for SPR
mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
xfrm: fix MTU regression
netfilter: fix use-after-free in __nf_register_net_hook()
bpf, sockmap: Do not ignore orig_len parameter
xfrm: fix the if_id check in changelink
xfrm: enforce validity of offload input flags
e1000e: Correct NVM checksum verification flow
net: fix up skbs delta_truesize in UDP GRO frag_list
netfilter: nf_queue: don't assume sk is full socket
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: handle socket prefetch
batman-adv: Request iflink once in batadv-on-batadv check
batman-adv: Request iflink once in batadv_get_real_netdevice
batman-adv: Don't expect inter-netns unique iflink indices
net: ipv6: ensure we call ipv6_mc_down() at most once
net: dcb: flush lingering app table entries for unregistered devices
net: ipa: add an interconnect dependency
net/smc: fix connection leak
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range
mac80211: fix forwarded mesh frames AC & queue selection
net: stmmac: fix return value of __setup handler
mac80211: treat some SAE auth steps as final
iavf: Fix missing check for running netdev
net: sxgbe: fix return value of __setup handler
ibmvnic: register netdev after init of adapter
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
iavf: Fix deadlock in iavf_reset_task
efivars: Respect "block" flag in efivar_entry_set_safe()
auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
firmware: arm_scmi: Remove space in MODULE_ALIAS name
ASoC: cs4265: Fix the duplicated control name
auxdisplay: lcd2s: Fix memory leak in ->remove()
auxdisplay: lcd2s: Use proper API to free the instance of charlcd object
can: gs_usb: change active_channels's type from atomic_t to u8
iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
igc: igc_read_phy_reg_gpy: drop premature return
ARM: Fix kgdb breakpoint for Thumb2
mips: setup: fix setnocoherentio() boolean setting
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
selftests: mlxsw: tc_police_scale: Make test more robust
pinctrl: sunxi: Use unique lockdep classes for IRQs
igc: igc_write_phy_reg_gpy: drop premature return
ibmvnic: free reset-work-item when flushing
memfd: fix F_SEAL_WRITE after shmem huge page allocated
s390/extable: fix exception table sorting
sched: Fix yet more sched_fork() races
arm64: dts: juno: Remove GICv2m dma-range
iommu/amd: Fix I/O page table memory leak
MIPS: ralink: mt7621: do memory detection on KSEG1
ARM: dts: switch timer config to common devkit8000 devicetree
ARM: dts: Use 32KiHz oscillator on devkit8000
soc: fsl: guts: Revert commit
|
||
|
Greg Kroah-Hartman
|
0e189b0893 |
Revert "net-timestamp: convert sk->sk_tskey to atomic_t"
This reverts commit |
||
|
Greg Kroah-Hartman
|
26481b5161 |
Merge 5.15.26 into android13-5.15
Changes in 5.15.26
mm/filemap: Fix handling of THPs in generic_file_buffered_read()
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
cgroup-v1: Correct privileges check in release_agent writes
x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing
btrfs: tree-checker: check item_size for inode_item
btrfs: tree-checker: check item_size for dev_item
clk: jz4725b: fix mmc0 clock gating
io_uring: don't convert to jiffies for waiting on timeouts
io_uring: disallow modification of rsrc_data during quiesce
selinux: fix misuse of mutex_is_locked()
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
parisc/unaligned: Fix ldw() and stw() unalignment handlers
KVM: x86/mmu: make apf token non-zero to fix bug
drm/amd/display: Protect update_bw_bounding_box FPU code.
drm/amd/pm: fix some OEM SKU specific stability issues
drm/amd: Check if ASPM is enabled from PCIe subsystem
drm/amdgpu: disable MMHUB PG for Picasso
drm/amdgpu: do not enable asic reset for raven2
drm/i915: Widen the QGV point mask
drm/i915: Correctly populate use_sagv_wm for all pipes
drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
sr9700: sanity check for packet length
USB: zaurus: support another broken Zaurus
CDC-NCM: avoid overflow in sanity checking
netfilter: xt_socket: fix a typo in socket_mt_destroy()
netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES dependency
netfilter: nf_tables_offload: incorrect flow offload action array size
tee: export teedev_open() and teedev_close_context()
optee: use driver internal tee_context for some rpc
ping: remove pr_err from ping_lookup
Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
gpu: host1x: Always return syncpoint value when waiting
perf evlist: Fix failed to use cpu list for uncore events
perf data: Fix double free in perf_session__delete()
mptcp: fix race in incoming ADD_ADDR option processing
mptcp: add mibs counter for ignored incoming options
selftests: mptcp: fix diag instability
selftests: mptcp: be more conservative with cookie MPJ limits
bnx2x: fix driver load from initrd
bnxt_en: Fix active FEC reporting to ethtool
bnxt_en: Fix offline ethtool selftest with RDMA enabled
bnxt_en: Fix incorrect multicast rx mask setting when not requested
hwmon: Handle failure to register sensor with thermal zone correctly
net/mlx5: Fix tc max supported prio for nic mode
ice: check the return of ice_ptp_gettimex64
ice: initialize local variable 'tlv'
net/mlx5: Update the list of the PCI supported devices
bpf: Fix crash due to incorrect copy_map_value
bpf: Do not try bpf_msg_push_data with len 0
selftests: bpf: Check bpf_msg_push_data return value
bpf: Fix a bpf_timer initialization issue
bpf: Add schedule points in batch ops
io_uring: add a schedule point in io_add_buffers()
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
tipc: Fix end of loop tests for list_for_each_entry()
gso: do not skip outer ip header in case of ipip and net_failover
net: mv643xx_eth: process retval from of_get_mac_address
openvswitch: Fix setting ipv6 fields causing hw csum failure
drm/edid: Always set RGB444
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/vc4: crtc: Fix runtime_pm reference counting
drm/i915/dg2: Print PHY name properly on calibration error
net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
net: ll_temac: check the return value of devm_kmalloc()
net: Force inlining of checksum functions in net/checksum.h
netfilter: nf_tables: unregister flowtable hooks on netns exit
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
net: mdio-ipq4019: add delay after clock enable
netfilter: nf_tables: fix memory leak during stateful obj update
net/smc: Use a mutex for locking "struct smc_pnettable"
surface: surface3_power: Fix battery readings on batteries without a serial number
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
net/mlx5: DR, Cache STE shadow memory
ibmvnic: schedule failover only if vioctl fails
net/mlx5: DR, Don't allow match on IP w/o matching on full ethertype/ip_version
net/mlx5: Fix possible deadlock on rule deletion
net/mlx5: Fix wrong limitation of metadata match on ecpf
net/mlx5: DR, Fix the threshold that defines when pool sync is initiated
net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
net/mlx5: Update log_max_qp value to be 17 at most
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
gpio: rockchip: Reset int_bothedge when changing trigger
regmap-irq: Update interrupt clear register for proper reset
net-timestamp: convert sk->sk_tskey to atomic_t
RDMA/rtrs-clt: Fix possible double free in error case
RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
bnxt_en: Increase firmware message response DMA wait time
configfs: fix a race in configfs_{,un}register_subsystem()
RDMA/ib_srp: Fix a deadlock
tracing: Dump stacktrace trigger to the corresponding instance
tracing: Have traceon and traceoff trigger honor the instance
iio:imu:adis16480: fix buffering for devices with no burst mode
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
iio: adc: tsc2046: fix memory corruption by preventing array overflow
iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
iio: accel: fxls8962af: add padding to regmap for SPI
iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
iio: Fix error handling for PM
sc16is7xx: Fix for incorrect data being transmitted
ata: pata_hpt37x: disable primary channel on HPT371
Revert "USB: serial: ch341: add new Product ID for CH341A"
usb: gadget: rndis: add spinlock for rndis response list
USB: gadget: validate endpoint index for xilinx udc
tracefs: Set the group ownership in apply_options() not parse_options()
USB: serial: option: add support for DW5829e
USB: serial: option: add Telit LE910R1 compositions
usb: dwc2: drd: fix soft connect when gadget is unconfigured
usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
xhci: re-initialize the HC during resume if HCE was set
xhci: Prevent futile URB re-submissions due to incorrect return value.
nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property
mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios property
driver core: Free DMA range map when device is released
btrfs: prevent copying too big compressed lzo segment
RDMA/cma: Do not change route.addr.src_addr outside state checks
thermal: int340x: fix memory leak in int3400_notify()
staging: fbtft: fb_st7789v: reset display before initialization
tps6598x: clear int mask on probe failure
IB/qib: Fix duplicate sysfs directory name
riscv: fix nommu_k210_sdcard_defconfig
riscv: fix oops caused by irqsoff latency tracer
tty: n_gsm: fix encoding of control signal octet bit DV
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix NULL pointer access due to DLCI release
tty: n_gsm: fix wrong tty control line for flow control
tty: n_gsm: fix wrong modem processing in convergence layer type 2
tty: n_gsm: fix deadlock in gsmtty_open()
pinctrl: fix loop in k210_pinconf_get_drive()
pinctrl: k210: Fix bias-pull-up
gpio: tegra186: Fix chip_data type confusion
memblock: use kfree() to release kmalloced memblock regions
ice: Fix race conditions between virtchnl handling and VF ndo ops
ice: fix concurrent reset and removal of VFs
Linux 5.15.26
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied0cc9bd48b7af71a064107676f37b0dd39ce3cf
|
||
|
lena wang
|
3a65b82b1e |
net: fix up skbs delta_truesize in UDP GRO frag_list
commit 224102de2ff105a2c05695e66a08f4b5b6b2d19c upstream.
The truesize for a UDP GRO packet is added by main skb and skbs in main
skb's frag_list:
skb_gro_receive_list
p->truesize += skb->truesize;
The commit
|
||
|
Eric Dumazet
|
ff999198ec |
net-timestamp: convert sk->sk_tskey to atomic_t
[ Upstream commit a1cdec57e03a1352e92fbbe7974039dda4efcec0 ]
UDP sendmsg() can be lockless, this is causing all kinds
of data races.
This patch converts sk->sk_tskey to remove one of these races.
BUG: KCSAN: data-race in __ip_append_data / __ip_append_data
read to 0xffff8881035d4b6c of 4 bytes by task 8877 on cpu 1:
__ip_append_data+0x1c1/0x1de0 net/ipv4/ip_output.c:994
ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg net/socket.c:725 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2413
___sys_sendmsg net/socket.c:2467 [inline]
__sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
__do_sys_sendmmsg net/socket.c:2582 [inline]
__se_sys_sendmmsg net/socket.c:2579 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff8881035d4b6c of 4 bytes by task 8880 on cpu 0:
__ip_append_data+0x1d8/0x1de0 net/ipv4/ip_output.c:994
ip_make_skb+0x13f/0x2d0 net/ipv4/ip_output.c:1636
udp_sendmsg+0x12bd/0x14c0 net/ipv4/udp.c:1249
inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg net/socket.c:725 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2413
___sys_sendmsg net/socket.c:2467 [inline]
__sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
__do_sys_sendmmsg net/socket.c:2582 [inline]
__se_sys_sendmmsg net/socket.c:2579 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x0000054d -> 0x0000054e
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8880 Comm: syz-executor.5 Not tainted 5.17.0-rc2-syzkaller-00167-gdcb85f85fa6f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes:
|
||
|
Eric Dumazet
|
6f2e0ae12a |
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
commit ef527f968ae05c6717c39f49c8709a7e2c19183a upstream.
Whenever one of these functions pull all data from an skb in a frag_list,
use consume_skb() instead of kfree_skb() to avoid polluting drop
monitoring.
Fixes:
|
||
|
Greg Kroah-Hartman
|
bbc1b6a8a4 |
Merge 5.15.11 into android13-5.15
Changes in 5.15.11 reset: tegra-bpmp: Revert Handle errors in BPMP response KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE KVM: downgrade two BUG_ONs to WARN_ON_ONCE x86/kvm: remove unused ack_notifier callbacks KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() mac80211: fix rate control for retransmitted frames mac80211: fix regression in SSN handling of addba tx mac80211: mark TX-during-stop for TX in in_reconfig mac80211: send ADDBA requests using the tid/queue of the aggregation session mac80211: validate extended element ID is present firmware: arm_scpi: Fix string overflow in SCPI genpd driver bpf: Fix kernel address leakage in atomic fetch bpf, selftests: Add test case for atomic fetch on spilled pointer bpf: Fix signed bounds propagation after mov32 bpf: Make 32->64 bounds propagation slightly more robust bpf, selftests: Add test case trying to taint map value pointer bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer vduse: fix memory corruption in vduse_dev_ioctl() vduse: check that offset is within bounds in get_config() virtio_ring: Fix querying of maximum DMA mapping size for virtio device vdpa: check that offsets are within bounds s390/entry: fix duplicate tracking of irq nesting level recordmcount.pl: look for jgnop instruction as well as bcrl on s390 arm64: dts: ten64: remove redundant interrupt declaration for gpio-keys ceph: fix up non-directory creation in SGID directories dm btree remove: fix use after free in rebalance_children() audit: improve robustness of the audit queue handling btrfs: convert latest_bdev type to btrfs_device and rename btrfs: use latest_dev in btrfs_show_devname btrfs: update latest_dev when we create a sprout device btrfs: remove stale comment about the btrfs_show_devname scsi: ufs: core: Retry START_STOP on UNIT_ATTENTION drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() pinctrl: amd: Fix wakeups when IRQ is shared with SCI arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply arm64: dts: rockchip: fix audio-supply for Rock Pi 4 arm64: dts: rockchip: fix poweroff on helios64 dmaengine: idxd: add halt interrupt support dmaengine: idxd: fix calling wq quiesce inside spinlock mac80211: track only QoS data frames for admission control tee: amdtee: fix an IS_ERR() vs NULL bug ceph: fix duplicate increment of opened_inodes metric ceph: initialize pathlen variable in reconnect_caps_cb ARM: socfpga: dts: fix qspi node compatible arm64: dts: imx8mq: remove interconnect property from lcdif clk: Don't parent clks until the parent is fully registered soc: imx: Register SoC device only on i.MX boards iwlwifi: mvm: don't crash on invalid rate w/o STA virtio: always enter drivers/virtio/ virtio/vsock: fix the transport to work with VMADDR_CID_ANY vdpa: Consider device id larger than 31 Revert "drm/fb-helper: improve DRM fbdev emulation device names" selftests: net: Correct ping6 expected rc from 2 to 1 s390/kexec_file: fix error handling when applying relocations sch_cake: do not call cake_destroy() from cake_init() inet_diag: fix kernel-infoleak for UDP sockets netdevsim: don't overwrite read only ethtool parms selftests: icmp_redirect: pass xfail=0 to log_test() net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg net: hns3: fix race condition in debugfs selftests: Add duplicate config only for MD5 VRF tests selftests: Fix raw socket bind tests with VRF selftests: Fix IPv6 address bind tests dmaengine: idxd: fix missed completion on abort path dmaengine: st_fdma: fix MODULE_ALIAS drm: simpledrm: fix wrong unit with pixel clock net/sched: sch_ets: don't remove idle classes from the round-robin list selftests/net: toeplitz: fix udp option net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() selftest/net/forwarding: declare NETIFS p9 p10 mptcp: never allow the PM to close a listener subflow drm/ast: potential dereference of null pointer drm/i915/display: Fix an unsigned subtraction which can never be negative. mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock cfg80211: Acquire wiphy mutex on regulatory work mac80211: fix lookup when adding AddBA extension element net: stmmac: fix tc flower deletion for VLAN priority Rx steering flow_offload: return EOPNOTSUPP for the unsupported mpls action type rds: memory leak in __rds_conn_create() ice: Use div64_u64 instead of div_u64 in adjfine ice: Don't put stale timestamps in the skb drm/amd/display: Set exit_optimized_pwr_state for DCN31 drm/amd/pm: fix a potential gpu_metrics_table memory leak mptcp: remove tcp ulp setsockopt support mptcp: clear 'kern' flag from fallback sockets mptcp: fix deadlock in __mptcp_push_pending() soc/tegra: fuse: Fix bitwise vs. logical OR warning igb: Fix removal of unicast MAC filters of VFs igbvf: fix double free in `igbvf_probe` igc: Fix typo in i225 LTR functions ixgbe: Document how to enable NBASE-T support ixgbe: set X550 MDIO speed before talking to PHY netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc net/packet: rx_owner_map depends on pg_vec net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup sfc_ef100: potential dereference of null pointer dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED net: Fix double 0x prefix print in SKB dump net/smc: Prevent smc_release() from long blocking net: systemport: Add global locking for descriptor lifecycle sit: do not call ipip6_dev_free() from sit_init_net() afs: Fix mmap arm64: kexec: Fix missing error code 'ret' warning in load_other_segments() bpf: Fix extable fixup offset. bpf, selftests: Fix racing issue in btf_skc_cls_ingress test powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n USB: gadget: bRequestType is a bitfield, not a enum Revert "usb: early: convert to readl_poll_timeout_atomic()" KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error PCI/MSI: Mask MSI-X vectors only on success usb: xhci-mtk: fix list_del warning when enable list debug usb: xhci: Extend support for runtime power management for AMD's Yellow carp. usb: cdnsp: Fix incorrect status for control request usb: cdnsp: Fix incorrect calling of cdnsp_died function usb: cdnsp: Fix issue in cdnsp_log_ep trace event usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore usb: typec: tcpm: fix tcpm unregister port but leave a pending timer usb: gadget: u_ether: fix race in setting MAC address in setup phase USB: serial: cp210x: fix CP2105 GPIO registration USB: serial: option: add Telit FN990 compositions selinux: fix sleeping function called from invalid context btrfs: fix memory leak in __add_inode_ref() btrfs: fix double free of anon_dev after failure to create subvolume btrfs: check WRITE_ERR when trying to read an extent buffer btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() zonefs: add MODULE_ALIAS_FS iocost: Fix divide-by-zero on donation from low hweight cgroup serial: 8250_fintek: Fix garbled text for console timekeeping: Really make sure wall_to_monotonic isn't positive cifs: sanitize multiple delimiters in prepath locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner() riscv: dts: unleashed: Add gpio card detect to mmc-spi-slot riscv: dts: unmatched: Add gpio card detect to mmc-spi-slot perf inject: Fix segfault due to close without open perf inject: Fix segfault due to perf_data__fd() without open libata: if T_LENGTH is zero, dma direction should be DMA_NONE powerpc/module_64: Fix livepatching for RO modules drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE drm/amdgpu: don't override default ECO_BITs setting drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC Revert "can: m_can: remove support for custom bit timing" can: m_can: make custom bittiming fields const can: m_can: pci: use custom bit timings for Elkhart Lake ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name xsk: Do not sleep in poll() when need_wakeup set mptcp: add missing documented NL params bpf, x64: Factor out emission of REX byte in more cases bpf: Fix extable address check. USB: core: Make do_proc_control() and do_proc_bulk() killable media: mxl111sf: change mutex_init() location fuse: annotate lock in fuse_reverse_inval_entry() ovl: fix warning in ovl_create_real() scsi: scsi_debug: Don't call kcalloc() if size arg is zero scsi: scsi_debug: Fix type in min_t to avoid stack OOB scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() io-wq: remove spurious bit clear on task_work addition io-wq: check for wq exit after adding new worker task_work rcu: Mark accesses to rcu_state.n_force_qs io-wq: drop wqe lock before creating new worker bus: ti-sysc: Fix variable set but not used warning for reinit_modules selftests/damon: test debugfs file reads/writes with huge count Revert "xsk: Do not sleep in poll() when need_wakeup set" xen/blkfront: harden blkfront against event channel storms xen/netfront: harden netfront against event channel storms xen/console: harden hvc_xen against event channel storms xen/netback: fix rx queue stall detection xen/netback: don't queue unlimited number of packages Linux 5.15.11 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I20c400f64f45729c6f833c31ee18eb4b92f5ed89 |
||
|
Gal Pressman
|
ff3d58592b |
net: Fix double 0x prefix print in SKB dump
[ Upstream commit 8a03ef676ade55182f9b05115763aeda6dc08159 ]
When printing netdev features %pNF already takes care of the 0x prefix,
remove the explicit one.
Fixes:
|
||
|
Greg Kroah-Hartman
|
966869fb2a |
Merge 5.15.5 into android13-5.15
Changes in 5.15.5
arm64: zynqmp: Do not duplicate flash partition label property
arm64: zynqmp: Fix serial compatible string
clk: sunxi-ng: Unregister clocks/resets when unbinding
ARM: dts: sunxi: Fix OPPs node name
arm64: dts: allwinner: h5: Fix GPU thermal zone node name
arm64: dts: allwinner: a100: Fix thermal zone node name
staging: wfx: ensure IRQ is ready before enabling it
ARM: dts: BCM5301X: Fix nodes names
ARM: dts: BCM5301X: Fix MDIO mux binding
ARM: dts: NSP: Fix mpcore, mmc node names
arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus
scsi: pm80xx: Fix memory leak during rmmod
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
ASoC: mediatek: mt8195: Add missing of_node_put()
arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
arm64: dts: hisilicon: fix arm,sp805 compatible string
RDMA/bnxt_re: Check if the vlan is valid before reporting
bus: ti-sysc: Add quirk handling for reinit on context lost
bus: ti-sysc: Use context lost quirk for otg
usb: musb: tusb6010: check return value after calling platform_get_resource()
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
ARM: dts: ux500: Skomer regulator fixes
staging: rtl8723bs: remove possible deadlock when disconnect (v2)
staging: rtl8723bs: remove a second possible deadlock
staging: rtl8723bs: remove a third possible deadlock
ARM: BCM53016: Specify switch ports for Meraki MR32
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
arm64: dts: qcom: ipq8074: Fix qcom,controlled-remotely property
arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property
arm64: dts: freescale: fix arm,sp805 compatible string
arm64: dts: ls1012a: Add serial alias for ls1012a-rdb
RDMA/rxe: Separate HW and SW l/rkeys
ASoC: SOF: Intel: hda-dai: fix potential locking issue
scsi: core: Fix scsi_mode_sense() buffer length handling
ALSA: usb-audio: disable implicit feedback sync for Behringer UFX1204 and UFX1604
clk: imx: imx6ul: Move csi_sel mux to correct base register
ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
scsi: advansys: Fix kernel pointer leak
scsi: smartpqi: Add controller handshake during kdump
arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY
ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec
ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single amp
ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45
firmware_loader: fix pre-allocated buf built-in firmware use
HID: multitouch: disable sticky fingers for UPERFECT Y
ALSA: usb-audio: Add support for the Pioneer DJM 750MK2 Mixer/Soundcard
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ASoC: rt5682: fix a little pop while playback
ARM: dts: ls1021a: move thermal-zones node out of soc/
ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
ALSA: ISA: not for M68K
iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
RDMA/core: Use kvzalloc when allocating the struct ib_port
scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
scsi: lpfc: Fix link down processing to address NULL pointer dereference
scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss
memory: tegra20-emc: Add runtime dependency on devfreq governor module
powerpc/5200: dts: fix memory node unit name
ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
arm64: dts: qcom: Fix node name of rpm-msg-ram device nodes
ALSA: gus: fix null pointer dereference on pointer block
ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
clk: at91: sama7g5: remove prescaler part of master clock
iommu/dart: Initialize DART_STREAMS_ENABLE
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
f2fs: fix up f2fs_lookup tracepoints
f2fs: fix to use WHINT_MODE
f2fs: fix wrong condition to trigger background checkpoint correctly
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: math-emu: drop unused functions
sh: define __BIG_ENDIAN for math-emu
f2fs: compress: disallow disabling compress on non-empty compressed file
f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
clk: ingenic: Fix bugs with divided dividers
clk/ast2600: Fix soc revision for AHB
clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
KVM: arm64: Fix host stage-2 finalization
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
MIPS: boot/compressed/: add __bswapdi2() to target for ZSTD decompression
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
sched/fair: Prevent dead task groups from regaining cfs_rq's
perf/x86/vlbr: Add c->flags to vlbr event constraints
blkcg: Remove extra blkcg_bio_issue_init
tracing/histogram: Do not copy the fixed-size char array field over the field size
perf bpf: Avoid memory leak from perf_env__insert_btf()
perf bench futex: Fix memory leak of perf_cpu_map__new()
perf tests: Remove bash construct from record+zstd_comp_decomp.sh
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
bpf: Fix inner map state pruning regression.
samples/bpf: Fix summary per-sec stats in xdp_sample_user
samples/bpf: Fix incorrect use of strlen in xdp_redirect_cpu
selftests: net: switch to socat in the GSO GRE test
net/ipa: ipa_resource: Fix wrong for loop range
tcp: Fix uninitialized access in skb frags array for Rx 0cp.
tracing: Add length protection to histogram string copies
nl80211: fix radio statistics in survey dump
mac80211: fix monitor_sdata RCU/locking assertions
net: ipa: HOLB register sometimes must be written twice
net: ipa: disable HOLB drop when updating timer
selftests: gpio: fix gpio compiling error
net: bnx2x: fix variable dereferenced before check
bnxt_en: reject indirect blk offload when hw-tc-offload is off
tipc: only accept encrypted MSG_CRYPTO msgs
sock: fix /proc/net/sockstat underflow in sk_clone_lock()
net/smc: Make sure the link_id is unique
NFSD: Fix exposure in nfsd4_decode_bitmap()
iavf: Fix return of set the new channel count
iavf: check for null in iavf_fix_features
iavf: free q_vectors before queues in iavf_disable_vf
iavf: don't clear a lock we don't hold
iavf: Fix failure to exit out from last all-multicast mode
iavf: prevent accidental free of filter structure
iavf: validate pointers
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: Fix for setting queues to 0
iavf: Restore VLAN filters after link down
bpf: Fix toctou on read-only map's constant scalar tracking
MIPS: generic/yamon-dt: fix uninitialized variable error
mips: bcm63xx: add support for clk_get_parent()
mips: lantiq: add support for clk_get_parent()
gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
platform/x86: think-lmi: Abort probe on analyze failure
udp: Validate checksum in udp_read_sock()
btrfs: make 1-bit bit-fields of scrub_page unsigned int
RDMA/core: Set send and receive CQ before forwarding to the driver
net/mlx5e: kTLS, Fix crash in RX resync flow
net/mlx5e: Wait for concurrent flow deletion during neigh/fib events
net/mlx5: E-Switch, Fix resetting of encap mode when entering switchdev
net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
net/mlx5: Update error handler for UCTX and UMEM
net/mlx5: E-Switch, rebuild lag only when needed
net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
net/mlx5: Lag, update tracker when state change event received
net/mlx5: E-Switch, return error if encap isn't supported
scsi: ufs: core: Improve SCSI abort handling
scsi: core: sysfs: Fix hang when device state is set via sysfs
scsi: ufs: core: Fix task management completion timeout race
scsi: ufs: core: Fix another task management completion race
net: mvmdio: fix compilation warning
net: sched: act_mirred: drop dst for the direction from egress to ingress
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
net: virtio_net_hdr_to_skb: count transport header in UFO
i40e: Fix correct max_pkt_size on VF RX queue
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix ping is lost after configuring ADq on VF
RDMA/mlx4: Do not fail the registration on port stats
i40e: Fix warning message and call stack during rmmod i40e driver
i40e: Fix creation of first queue by omitting it if is not power of two
i40e: Fix display error code in dmesg
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
NFC: add NCI_UNREG flag to eliminate the race
e100: fix device suspend/resume
ptp: ocp: Fix a couple NULL vs IS_ERR() checks
tools build: Fix removal of feature-sync-compare-and-swap feature detection
riscv: fix building external modules
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
powerpc: clean vdso32 and vdso64 directories
powerpc/pseries: rename numa_dist_table to form2_distances
powerpc/pseries: Fix numa FORM2 parsing fallback code
pinctrl: qcom: sdm845: Enable dual edge errata
pinctrl: qcom: sm8350: Correct UFS and SDC offsets
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
s390/kexec: fix return code handling
blk-cgroup: fix missing put device in error path from blkg_conf_pref()
dmaengine: remove debugfs #ifdef
tun: fix bonding active backup with arp monitoring
Revert "mark pstore-blk as broken"
pstore/blk: Use "%lu" to format unsigned long
hexagon: export raw I/O routines for modules
hexagon: clean up timer-regs.h
tipc: check for null after calling kmemdup
ipc: WARN if trying to remove ipc object which is absent
shm: extend forced shm destroy to support objects from several IPC nses
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
hugetlb, userfaultfd: fix reservation restore on userfaultfd error
kmap_local: don't assume kmap PTEs are linear arrays in memory
mm/damon/dbgfs: use '__GFP_NOWARN' for user-specified size buffer allocation
mm/damon/dbgfs: fix missed use of damon_dbgfs_lock
x86/boot: Pull up cmdline preparation and early param parsing
x86/sgx: Fix free page accounting
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
KVM: x86: Assume a 64-bit hypercall for guests with protected state
KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap()
KVM: x86/mmu: include EFER.LMA in extended mmu role
KVM: x86/xen: Fix get_attr of KVM_XEN_ATTR_TYPE_SHARED_INFO
powerpc/signal32: Fix sigset_t copy
powerpc/xive: Change IRQ domain to a tree domain
powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"
Revert "parisc: Reduce sigreturn trampoline to 3 instructions"
ata: libata: improve ata_read_log_page() error message
ata: libata: add missing ata_identify_page_supported() calls
scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c'
s390/setup: avoid reserving memory above identity mapping
s390/boot: simplify and fix kernel memory layout setup
s390/vdso: filter out -mstack-guard and -mstack-size
s390/kexec: fix memory leak of ipl report buffer
s390/dump: fix copying to user-space of swapped kdump oldmem
block: Check ADMIN before NICE for IOPRIO_CLASS_RT
fbdev: Prevent probing generic drivers if a FB is already registered
KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created vCPUs
KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load
drm/cma-helper: Release non-coherent memory with dma_free_noncoherent()
printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces
udf: Fix crash after seekdir
spi: fix use-after-free of the add_lock mutex
net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform
Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size
btrfs: fix memory ordering between normal and ordered work functions
fs: handle circular mappings correctly
net: stmmac: Fix signed/unsigned wreckage
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
mac80211: fix radiotap header generation
mac80211: drop check for DONT_REORDER in __ieee80211_select_queue
drm/amd/display: Update swizzle mode enums
drm/amd/display: Limit max DSC target bpp for specific monitors
drm/i915/guc: Fix outstanding G2H accounting
drm/i915/guc: Don't enable scheduling on a banned context, guc_id invalid, not registered
drm/i915/guc: Workaround reset G2H is received after schedule done G2H
drm/i915/guc: Don't drop ce->guc_active.lock when unwinding context
drm/i915/guc: Unwind context requests in reverse order
drm/udl: fix control-message timeout
drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
drm/nouveau: Add a dedicated mutex for the clients list
drm/nouveau: use drm_dev_unplug() during device removal
drm/nouveau: clean up all clients on device removal
drm/i915/dp: Ensure sink rate values are always valid
drm/i915/dp: Ensure max link params are always valid
drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/amd/pm: avoid duplicate powergate/ungate setting
signal: Implement force_fatal_sig
exit/syscall_user_dispatch: Send ordinary signals on failure
signal/powerpc: On swapcontext failure force SIGSEGV
signal/s390: Use force_sigsegv in default_trap_handler
signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails
signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig
signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
signal/x86: In emulate_vsyscall force a signal instead of calling do_exit
signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
signal: Don't always set SA_IMMUTABLE for forced signals
signal: Replace force_fatal_sig with force_exit_sig when in doubt
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
RDMA/netlink: Add __maybe_unused to static inline in C file
bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs
selinux: fix NULL-pointer dereference when hashtab allocation fails
ASoC: DAPM: Cover regression by kctl change notification fix
ASoC: rsnd: fixup DMAEngine API
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ice: Fix VF true promiscuous mode
ice: Delete always true check of PF pointer
fs: export an inode_update_time helper
btrfs: update device path inode time instead of bd_inode
net: add and use skb_unclone_keeptruesize() helper
x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
ALSA: hda: hdac_ext_stream: fix potential locking issues
ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
Linux 5.15.5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If86a02ba2cf9af765d9838ada3b9a2cbcea9a08d
|
||
|
Eric Dumazet
|
fa5f860635 |
net: add and use skb_unclone_keeptruesize() helper
commit c4777efa751d293e369aec464ce6875e957be255 upstream. While commit |
||
|
Greg Kroah-Hartman
|
d1a66e7942 |
Merge tag 'v5.15' into android-mainline
Linux 5.15 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I81d96ada6b66bcf73d192ddde9018f1804e7d90b |
||
|
Vasily Averin
|
7f678def99 |
skb_expand_head() adjust skb->truesize incorrectly
Christoph Paasch reports [1] about incorrect skb->truesize after skb_expand_head() call in ip6_xmit. This may happen because of two reasons: - skb_set_owner_w() for newly cloned skb is called too early, before pskb_expand_head() where truesize is adjusted for (!skb-sk) case. - pskb_expand_head() does not adjust truesize in (skb->sk) case. In this case sk->sk_wmem_alloc should be adjusted too. [1] https://lkml.org/lkml/2021/8/20/1082 Fixes: |
||
|
Greg Kroah-Hartman
|
ab9ab647e5 |
Merge 626bf91a29 ("Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") into android-mainline
Steps on the way to 5.15-rc1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I679be256fdc4432bdd97eba340694176ce403109 |
||
|
Greg Kroah-Hartman
|
bc2f6edebd |
Merge 9e9fb7655e ("Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next") into android-mainline
Steps on the way to 5.15-rc1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I49577d606b2710975407eae3fee60bc331397810 |
||
|
Colin Ian King
|
c645fe9bf6 |
skbuff: clean up inconsistent indenting
There is a statement that is indented one character too deeply, clean this up. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Changbin Du
|
afa79d08c6 |
net: in_irq() cleanup
Replace the obsolete and ambiguos macro in_irq() with new macro in_hardirq(). Signed-off-by: Changbin Du <changbin.du@gmail.com> Link: https://lore.kernel.org/r/20210813145749.86512-1-changbin.du@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Paolo Abeni
|
af352460b4 |
net: fix GRO skb truesize update
commit |
||
|
Vasily Averin
|
f1260ff15a |
skbuff: introduce skb_expand_head()
Like skb_realloc_headroom(), new helper increases headroom of specified skb. Unlike skb_realloc_headroom(), it does not allocate a new skb if possible; copies skb->sk on new skb when as needed and frees original skb in case of failures. This helps to simplify ip[6]_finish_output2() and a few other similar cases. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Paolo Abeni
|
5e10da5385 |
skbuff: allow 'slow_gro' for skb carring sock reference
This change leverages the infrastructure introduced by the previous patches to allow soft devices passing to the GRO engine owned skbs without impacting the fast-path. It's up to the GRO caller ensuring the slow_gro bit validity before invoking the GRO engine. The new helper skb_prepare_for_gro() is introduced for that goal. On slow_gro, skbs are aggregated only with equal sk. Additionally, skb truesize on GRO recycle and free is correctly updated so that sk wmem is not changed by the GRO processing. rfc-> v1: - fixed bad truesize on dev_gro_receive NAPI_FREE - use the existing state bit Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Paolo Abeni
|
9efb4b5baf |
net: optimize GRO for the common case.
After the previous patches, at GRO time, skb->slow_gro is usually 0, unless the packets comes from some H/W offload slowpath or tunnel. We can optimize the GRO code assuming !skb->slow_gro is likely. This remove multiple conditionals in the most common path, at the price of an additional one when we hit the above "slow-paths". Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Paolo Abeni
|
b0999f385a |
sk_buff: track extension status in slow_gro
Similar to the previous one, but tracking the active_extensions field status. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Greg Kroah-Hartman
|
e9975a8f2e |
Merge tag 'v5.14-rc3' into android-mainline
Linux 5.14-rc3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5db742d6b8faf7b40efe1cb3b5beae486010f3fd |
||
|
Lee Jones
|
946e465c81 |
Merge tag 'v5.14-rc2' into android-mainline
Linux 5.14-rc2 Signed-off-by: Lee Jones <lee.jones@linaro.org> Change-Id: Ia2131de59daa96610741f5a0ff267b0d08697023 |
||
|
Pravin B Shelar
|
a17ad09617 |
net: Fix zero-copy head len calculation.
In some cases skb head could be locked and entire header data is pulled from skb. When skb_zerocopy() called in such cases, following BUG is triggered. This patch fixes it by copying entire skb in such cases. This could be optimized incase this is performance bottleneck. ---8<--- kernel BUG at net/core/skbuff.c:2961! invalid opcode: 0000 [#1] SMP PTI CPU: 2 PID: 0 Comm: swapper/2 Tainted: G OE 5.4.0-77-generic #86-Ubuntu Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:skb_zerocopy+0x37a/0x3a0 RSP: 0018:ffffbcc70013ca38 EFLAGS: 00010246 Call Trace: <IRQ> queue_userspace_packet+0x2af/0x5e0 [openvswitch] ovs_dp_upcall+0x3d/0x60 [openvswitch] ovs_dp_process_packet+0x125/0x150 [openvswitch] ovs_vport_receive+0x77/0xd0 [openvswitch] netdev_port_receive+0x87/0x130 [openvswitch] netdev_frame_hook+0x4b/0x60 [openvswitch] __netif_receive_skb_core+0x2b4/0xc90 __netif_receive_skb_one_core+0x3f/0xa0 __netif_receive_skb+0x18/0x60 process_backlog+0xa9/0x160 net_rx_action+0x142/0x390 __do_softirq+0xe1/0x2d6 irq_exit+0xae/0xb0 do_IRQ+0x5a/0xf0 common_interrupt+0xf/0xf Code that triggered BUG: int skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen) { int i, j = 0; int plen = 0; /* length of skb->head fragment */ int ret; struct page *page; unsigned int offset; BUG_ON(!from->head_frag && !hlen); Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> |