hello world #1175
Closed
hello world #1175
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ Upstream commit 705e3ce ] Since commit 6d73572 ("usb: dwc3: core: Prevent phy suspend during init"), system suspend is broken on AM62 TI platforms. Before that commit, both DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY bits (hence forth called 2 SUSPHY bits) were being set during core initialization and even during core re-initialization after a system suspend/resume. These bits are required to be set for system suspend/resume to work correctly on AM62 platforms. Since that commit, the 2 SUSPHY bits are not set for DEVICE/OTG mode if gadget driver is not loaded and started. For Host mode, the 2 SUSPHY bits are set before the first system suspend but get cleared at system resume during core re-init and are never set again. This patch resovles these two issues by ensuring the 2 SUSPHY bits are set before system suspend and restored to the original state during system resume. Cc: stable@vger.kernel.org # v6.9+ Fixes: 6d73572 ("usb: dwc3: core: Prevent phy suspend during init") Link: https://lore.kernel.org/all/1519dbe7-73b6-4afc-bfe3-23f4f75d772f@kernel.org/ Signed-off-by: Roger Quadros <rogerq@kernel.org> Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com> Tested-by: Markus Schneider-Pargmann <msp@baylibre.com> Reviewed-by: Dhruva Gole <d-gole@ti.com> Link: https://lore.kernel.org/r/20241011-am62-lpm-usb-v3-1-562d445625b5@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
…active [ Upstream commit 0388a15 ] Convert status parameter for ->dcd_change() and uart_handle_dcd_change() to bool which matches to how the parameter is used. Rename status to active to better describe what the parameter means. Acked-by: Rodolfo Giometti <giometti@enneenne.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230117090358.4796-9-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Stable-dep-of: 40d7903 ("serial: imx: Update mctrl old_status on RTSD interrupt") Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 968d645 ] Convert uart_handle_cts_change() to bool which is more appropriate than unsigned int. Rename status to active to better describe what the parameter means. While at it, make the comment about the active parameter easier to parse. Cleanup callsites from operations that are not necessary with bool. Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20230117090358.4796-10-ilpo.jarvinen@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Stable-dep-of: 40d7903 ("serial: imx: Update mctrl old_status on RTSD interrupt") Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 40d7903 ] When sending data using DMA at high baudrate (4 Mbdps in local test case) to a device with small RX buffer which keeps asserting RTS after every received byte, it is possible that the iMX UART driver would not recognize the falling edge of RTS input signal and get stuck, unable to transmit any more data. This condition happens when the following sequence of events occur: - imx_uart_mctrl_check() is called at some point and takes a snapshot of UART control signal status into sport->old_status using imx_uart_get_hwmctrl(). The RTSS/TIOCM_CTS bit is of interest here (*). - DMA transfer occurs, the remote device asserts RTS signal after each byte. The i.MX UART driver recognizes each such RTS signal change, raises an interrupt with USR1 register RTSD bit set, which leads to invocation of __imx_uart_rtsint(), which calls uart_handle_cts_change(). - If the RTS signal is deasserted, uart_handle_cts_change() clears port->hw_stopped and unblocks the port for further data transfers. - If the RTS is asserted, uart_handle_cts_change() sets port->hw_stopped and blocks the port for further data transfers. This may occur as the last interrupt of a transfer, which means port->hw_stopped remains set and the port remains blocked (**). - Any further data transfer attempts will trigger imx_uart_mctrl_check(), which will read current status of UART control signals by calling imx_uart_get_hwmctrl() (***) and compare it with sport->old_status . - If current status differs from sport->old_status for RTS signal, uart_handle_cts_change() is called and possibly unblocks the port by clearing port->hw_stopped . - If current status does not differ from sport->old_status for RTS signal, no action occurs. This may occur in case prior snapshot (*) was taken before any transfer so the RTS is deasserted, current snapshot (***) was taken after a transfer and therefore RTS is deasserted again, which means current status and sport->old_status are identical. In case (**) triggered when RTS got asserted, and made port->hw_stopped set, the port->hw_stopped will remain set because no change on RTS line is recognized by this driver and uart_handle_cts_change() is not called from here to unblock the port->hw_stopped. Update sport->old_status in __imx_uart_rtsint() accordingly to make imx_uart_mctrl_check() detect such RTS change. Note that TIOCM_CAR and TIOCM_RI bits in sport->old_status do not suffer from this problem. Fixes: ceca629 ("[ARM] 2971/1: i.MX uart handle rts irq") Cc: stable <stable@kernel.org> Reviewed-by: Esben Haabendal <esben@geanix.com> Signed-off-by: Marek Vasut <marex@denx.de> Link: https://lore.kernel.org/r/20241002184133.19427-1-marex@denx.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 73aeab3 ] Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456db ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456db ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0d196e7 ] Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two commits: 633fb6a ("exec: move S_ISREG() check earlier") 0fd338b ("exec: move path_noexec() check earlier") Instead of being removed said checks are WARN_ON'ed instead, which has some debug value. However, the spurious path_noexec check is racy, resulting in unwarranted warnings should someone race with setting the noexec flag. One can note there is more to perm-checking whether execve is allowed and none of the conditions are guaranteed to still hold after they were tested for. Additionally this does not validate whether the code path did any perm checking to begin with -- it will pass if the inode happens to be regular. Keep the redundant path_noexec() check even though it's mindless nonsense checking for guarantee that isn't given so drop the WARN. Reword the commentary and do small tidy ups while here. Signed-off-by: Mateusz Guzik <mjguzik@gmail.com> Link: https://lore.kernel.org/r/20240805131721.765484-1-mjguzik@gmail.com [brauner: keep redundant path_noexec() check] Signed-off-by: Christian Brauner <brauner@kernel.org> [cascardo: keep exit label and use it] Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 013ff63 ] Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> CVE: CVE-2023-45896 Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
…th real VLA [ Upstream commit d92b90f ] Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240827104523.17442-1-hdegoede@redhat.com Signed-off-by: Sasha Levin <sashal@kernel.org>
… default regs values [ Upstream commit e249786 ] CDC_RX_BCL_VBAT_RF_PROC1 is listed twice and its default value is 0x2a which is overwriten by its next occurence in rx_defaults[]. The second one should be missing CDC_RX_BCL_VBAT_RF_PROC2 instead and its default value is expected 0x0. Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org> Link: https://patch.msgid.link/20240925043823.520218-2-alexey.klimov@linaro.org Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 72455e3 ] FCONT=1 means On FIFO error, the SAI will continue from the same word that caused the FIFO error to set after the FIFO warning flag has been cleared. Set FCONT bit in control register to avoid the channel swap issue after SAI xrun. Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com> Link: https://patch.msgid.link/1727676508-22830-1-git-send-email-shengjiu.wang@nxp.com Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9abe390 ] Certain portions of code always need to be position-independent regardless of CONFIG_RELOCATABLE, including code which is executed in an idmap or which is executed before relocations are applied. In some kernel configurations the LLD linker generates position-dependent veneers for such code, and when executed these result in early boot-time failures. Marc Zyngier encountered a boot failure resulting from this when building a (particularly cursed) configuration with LLVM, as he reported to the list: https://lore.kernel.org/linux-arm-kernel/86wmjwvatn.wl-maz@kernel.org/ In Marc's kernel configuration, the .head.text and .rodata.text sections end up more than 128MiB apart, requiring a veneer to branch between the two: | [mark@lakrids:~/src/linux]% usekorg 14.1.0 aarch64-linux-objdump -t vmlinux | grep -w _text | ffff800080000000 g .head.text 0000000000000000 _text | [mark@lakrids:~/src/linux]% usekorg 14.1.0 aarch64-linux-objdump -t vmlinux | grep -w primary_entry | ffff8000889df0e0 g .rodata.text 000000000000006c primary_entry, ... consequently, LLD inserts a position-dependent veneer for the branch from _stext (in .head.text) to primary_entry (in .rodata.text): | ffff800080000000 <_text>: | ffff800080000000: fa405a4 ccmp x18, #0x0, #0xd, pl // pl = nfrst | ffff800080000004: 14003ff b ffff800080010000 <__AArch64AbsLongThunk_primary_entry> ... | ffff800080010000 <__AArch64AbsLongThunk_primary_entry>: | ffff800080010000: 58000050 ldr x16, ffff800080010008 <__AArch64AbsLongThunk_primary_entry+0x8> | ffff800080010004: d61f0200 br x16 | ffff800080010008: 889df0e0 .word 0x889df0e0 | ffff80008001000c: ffff8000 .word 0xffff8000 ... and as this is executed early in boot before the kernel is mapped in TTBR1 this results in a silent boot failure. Fix this by passing '--pic-veneer' to the linker, which will cause the linker to use position-independent veneers, e.g. | ffff800080000000 <_text>: | ffff800080000000: fa405a4 ccmp x18, #0x0, #0xd, pl // pl = nfrst | ffff800080000004: 14003ff b ffff800080010000 <__AArch64ADRPThunk_primary_entry> ... | ffff800080010000 <__AArch64ADRPThunk_primary_entry>: | ffff800080010000: f004e3f0 adrp x16, ffff800089c8f000 <__idmap_text_start> | ffff800080010004: 91038210 add x16, x16, #0xe0 | ffff800080010008: d61f0200 br x16 I've opted to pass '--pic-veneer' unconditionally, as: * In addition to solving the boot failure, these sequences are generally nicer as they require fewer instructions and don't need to perform data accesses. * While the position-independent veneer sequences have a limited +/-2GiB range, this is not a new restriction. Even kernels built with CONFIG_RELOCATABLE=n are limited to 2GiB in size as we have several structues using 32-bit relative offsets and PPREL32 relocations, which are similarly limited to +/-2GiB in range. These include extable entries, jump table entries, and alt_instr entries. * GNU LD defaults to using position-independent veneers, and supports the same '--pic-veneer' option, so this change is not expected to adversely affect GNU LD. I've tested with GNU LD 2.30 to 2.42 inclusive and LLVM 13.0.1 to 19.1.0 inclusive, using the kernel.org binaries from: * https://mirrors.edge.kernel.org/pub/tools/crosstool/ * https://mirrors.edge.kernel.org/pub/tools/llvm/ Signed-off-by: Mark Rutland <mark.rutland@arm.com> Reported-by: Marc Zyngier <maz@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Will Deacon <will@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20240927101838.3061054-1-mark.rutland@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ee703a7 ] As Jan suggested in links below, refactor udf_current_aext() to differentiate between error, hit EOF and success, it now takes pointer to etype to store the extent type, return 1 when getting etype success, return 0 when hitting EOF and return -errno when err. Link: https://lore.kernel.org/all/20240912111235.6nr3wuqvktecy3vh@quack3/ Signed-off-by: Zhao Mengmeng <zhaomengmeng@kylinos.cn> Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Jan Kara <jack@suse.cz> Link: https://patch.msgid.link/20241001115425.266556-2-zhaomzhao@126.com Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 264db9d ] Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 Reported-by: syzbot+8901c4560b7ab5c2f9df@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df Tested-by: syzbot+8901c4560b7ab5c2f9df@syzkaller.appspotmail.com Suggested-by: Jan Kara <jack@suse.com> Signed-off-by: Gianfranco Trad <gianf.trad@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Link: https://patch.msgid.link/20240925074613.8475-3-gianf.trad@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b97bc06 ] Add "qcom,qrb4210-rb2-sndcard" to the list of recognizable devices. Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org> Link: https://patch.msgid.link/20241002022015.867031-3-alexey.klimov@linaro.org Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a561509 ] Alienware supports firmware-attributes and has its own OEM string. Signed-off-by: Crag Wang <crag_wang@dell.com> Link: https://lore.kernel.org/r/20241004152826.93992-1-crag_wang@dell.com Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit aa5e65d ] We can see that "Time namespaces are not supported" on LoongArch: (1) clone3 test # cd tools/testing/selftests/clone3 && make && ./clone3 ... # Time namespaces are not supported ok 18 # SKIP Skipping clone3() with CLONE_NEWTIME # Totals: pass:17 fail:0 xfail:0 xpass:0 skip:1 error:0 (2) timens test # cd tools/testing/selftests/timens && make && ./timens ... 1..0 # SKIP Time namespaces are not supported On LoongArch the current kernel does not support CONFIG_TIME_NS which depends on GENERIC_VDSO_TIME_NS, select GENERIC_VDSO_TIME_NS to enable CONFIG_TIME_NS to build kernel/time/namespace.c. Additionally, it needs to define some arch-dependent functions for the timens, such as __arch_get_timens_vdso_data(), arch_get_vdso_data() and vdso_join_timens(). At the same time, modify the layout of vvar to use one page size for generic vdso data, expand another page size for timens vdso data and assign LOONGARCH_VDSO_DATA_SIZE (maybe exceeds a page size if expand in the future) for loongarch vdso data, at last add the callback function vvar_fault() and modify stack_top(). With this patch under CONFIG_TIME_NS: (1) clone3 test # cd tools/testing/selftests/clone3 && make && ./clone3 ... ok 18 [739] Result (0) matches expectation (0) # Totals: pass:18 fail:0 xfail:0 xpass:0 skip:0 error:0 (2) timens test # cd tools/testing/selftests/timens && make && ./timens ... # Totals: pass:10 fail:0 xfail:0 xpass:0 skip:0 error:0 Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> Stable-dep-of: 134475a ("LoongArch: Don't crash in stack_top() for tasks without vDSO") Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 134475a ] Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL vdso pointer and crash. This can for example happen when using kunit: [<9000000000203874>] stack_top+0x58/0xa8 [<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220 [<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c [<90000000003c1fbc>] __kunit_add_resource+0x38/0x8c [<90000000003c2704>] kunit_vm_mmap+0x88/0xc8 [<9000000000410b14>] usercopy_test_init+0xbc/0x25c [<90000000003c1db4>] kunit_try_run_case+0x5c/0x184 [<90000000003c3d54>] kunit_generic_run_threadfn_adapter+0x24/0x48 [<900000000022e4bc>] kthread+0xc8/0xd4 [<9000000000200ce8>] ret_from_kernel_thread+0xc/0xa4 Fixes: 803b0fc ("LoongArch: Add process management") Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0b6e2e2 ] strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it. Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/ Fixes: dec65d7 ("tracing/probe: Check event name length correctly") Signed-off-by: Leo Yan <leo.yan@arm.com> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e509996 ] Preparation for adding more fields to dst lookup functions without changing their signatures. Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Stable-dep-of: b846972 ("xfrm: respect ip protocols rules criteria when performing dst lookups") Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b846972 ] The series in the "fixes" tag added the ability to consider L4 attributes in routing rules. The dst lookup on the outer packet of encapsulated traffic in the xfrm code was not adapted to this change, thus routing behavior that relies on L4 information is not respected. Pass the ip protocol information when performing dst lookups. Fixes: a25724b ("Merge branch 'fib_rules-support-sport-dport-and-proto-match'") Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Tested-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2cb3f56 ] The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Wang Hai <wanghai38@huawei.com> Reviewed-by: Simon Horman <horms@kernel.org> Message-ID: <20241015144148.7918-1-wanghai38@huawei.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e4dd8bf ] The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. Fixes: 760c295 ("be2net: Support for OS2BMC.") Signed-off-by: Wang Hai <wanghai38@huawei.com> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com> Message-ID: <20241015144802.12150-1-wanghai38@huawei.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f99cf99 ] Since commit 71ae2cb ("net: plip: Fix fall-through warnings for Clang") plip was not able to send any packets, this patch replaces one unintended break; with fallthrough; which was originally missed by commit 9525d69 ("net: plip: mark expected switch fall-throughs"). I have verified with a real hardware PLIP connection that everything works once again after applying this patch. Fixes: 71ae2cb ("net: plip: Fix fall-through warnings for Clang") Signed-off-by: Jakub Boehm <boehm.jakub@gmail.com> Reviewed-by: Simon Horman <horms@kernel.org> Message-ID: <20241015-net-plip-tx-fix-v1-1-32d8be1c7e0b@gmail.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit bd28df2 ] The common code with some packet and index manipulations is extracted and moved to newly implemented helper to make the code more readable and avoid duplication. This is a preparation for skb allocation failure handling. Found by Linux Verification Center (linuxtesting.org) with SVACE. Suggested-by: Simon Horman <horms@kernel.org> Suggested-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> Reviewed-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Stable-dep-of: eb59200 ("octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()") Signed-off-by: Sasha Levin <sashal@kernel.org>
…_rx() [ Upstream commit eb59200 ] build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If skb allocation fails, keep on pulling packets out of the Rx DMA queue: we shouldn't break the polling immediately and thus falsely indicate to the octep_napi_poll() that the Rx pressure is going down. As there is no associated skb in this case, don't process the packets and don't push them up the network stack - they are skipped. Helper function is implemented to unmmap/flush all the fragment buffers used by the dropped packet. 'alloc_failures' counter is incremented to mark the skb allocation error in driver statistics. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 37d79d0 ("octeon_ep: add Tx/Rx processing and interrupt support") Suggested-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> Reviewed-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 12bc149 ] mv88e6393x_port_set_policy doesn't correctly shift the ptr value when converting the policy format between the old and new styles, so the target register ends up with the ptr being written over the data bits. Shift the pointer to align with the format expected by mv88e6393x_port_policy_write(). Fixes: 6584b26 ("net: dsa: mv88e6xxx: implement .port_set_policy for Amethyst") Signed-off-by: Peter Rashleigh <peter@rashleigh.ca> Reviewed-by: Simon Horman <horms@kernel.org> Message-ID: <20241016040822.3917-1-peter@rashleigh.ca> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 306ed17 ] - There is no NFPROTO_IPV6 family for mark and NFLOG. - TRACE is also missing module autoload with NFPROTO_IPV6. This results in ip6tables failing to restore a ruleset. This issue has been reported by several users providing incomplete patches. Very similar to Ilya Katsnelson's patch including a missing chunk in the TRACE extension. Fixes: 0bfcb7b ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed") Reported-by: Ignat Korchagin <ignat@cloudflare.com> Reported-by: Ilya Katsnelson <me@0upti.me> Reported-by: Krzysztof Olędzki <ole@ans.pl> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 47dd544 ] The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as the oob fixed in commit b33fb5b ("net: qualcomm: rmnet: fix global oob in rmnet_policy"). ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 Read of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862 CPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x14f/0x750 mm/kasan/report.c:395 kasan_report+0x139/0x170 mm/kasan/report.c:495 validate_nla lib/nlattr.c:388 [inline] __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 __nla_parse+0x3c/0x50 lib/nlattr.c:700 nla_parse_nested_deprecated include/net/netlink.h:1269 [inline] __rtnl_newlink net/core/rtnetlink.c:3514 [inline] rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623 rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [inline] __do_sys_sendmsg net/socket.c:2591 [inline] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f67b19a24ad RSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad RDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004 RBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40 </TASK> The buggy address belongs to the variable: wwan_rtnl_policy+0x20/0x40 The buggy address belongs to the physical page: page:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9 ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 >ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== According to the comment of `nla_parse_nested_deprecated`, use correct size `IFLA_WWAN_MAX` here to fix this issue. Fixes: 88b7105 ("wwan: add interface creation support") Signed-off-by: Lin Ma <linma@zju.edu.cn> Reviewed-by: Loic Poulain <loic.poulain@linaro.org> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20241015131621.47503-1-linma@zju.edu.cn Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d2f5c68 ] driver.rst had a historical form of list of common problems. In the age os Sphinx and rendered documentation it's better to use the more usual title + text format. This will allow us to render kdoc into the output more naturally. No changes to the actual text. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Stable-dep-of: 95ecba6 ("net: fix races in netdev_tx_sent_queue()/dev_watchdog()") Signed-off-by: Sasha Levin <sashal@kernel.org>
Add hooks to capture various per-zone memory stats when a trigger threshold is hit. Bug: 379593530 Change-Id: Ia748b9525da3996366802f536e66eaa35af4416e Signed-off-by: Jing Wei <jing.wei5@transsion.com>
INFO: 1 function symbol(s) added 'unsigned long __alloc_pages_bulk(gfp_t, int, nodemask_t*, int, struct list_head*, struct page**)' refs #SWANDROID-14843 Bug: 379775015 Change-Id: I7834e0e8b49e568e4f517109d21000b7f1352b70 Signed-off-by: Pierre Couillaud <pierre@broadcom.com>
proc 699 context binder-test thread 699: l 00 need_return 0 tr 0 ref 25: desc 1 node 20 s 1 w 0 d 00000000c03e09a3 unknown work: type 11 proc 640 context binder-test thread 640: l 00 need_return 0 tr 0 ref 8: desc 1 node 3 s 1 w 0 d 000000002bb493e1 has cleared freeze notification Fixes: d579b04 ("binder: frozen notification") Cc: stable@vger.kernel.org Suggested-by: Alice Ryhl <aliceryhl@google.com> Signed-off-by: Carlos Llamas <cmllamas@google.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Acked-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20240926233632.821189-6-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 366003708 (cherry picked from commit 595ea72 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: Ic6311aaea2040aaf4534cdaa4cbfa378afe31869 Signed-off-by: Carlos Llamas <cmllamas@google.com>
Alice points out that binder_request_freeze_notification() should not return EINVAL when the relevant node is dead [1]. The node can die at any point even if the user input is valid. Instead, allow the request to be allocated but skip the initial notification for dead nodes. This avoids propagating unnecessary errors back to userspace. Fixes: d579b04 ("binder: frozen notification") Cc: stable@vger.kernel.org Suggested-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/all/CAH5fLghapZJ4PbbkC8V5A6Zay-_sgTzwVpwqk6RWWUNKKyJC_Q@mail.gmail.com/ [1] Signed-off-by: Carlos Llamas <cmllamas@google.com> Acked-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20240926233632.821189-7-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 366003708 (cherry picked from commit ca63c66 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: I03af1eedfeb194f5a775388cbb4e7487e4a5dfc0 Signed-off-by: Carlos Llamas <cmllamas@google.com>
If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION
before calling binder_freeze_notification_done(), then it is detached
from its reference (e.g. ref->freeze) but the work remains queued in
proc->delivered_freeze. This leads to a memory leak when the process
exits as any pending entries in proc->delivered_freeze are not freed:
unreferenced object 0xffff38e8cfa36180 (size 64):
comm "binder-util", pid 655, jiffies 4294936641
hex dump (first 32 bytes):
b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8..
0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K.....
backtrace (crc 95983b32):
[<000000000d0582cf>] kmemleak_alloc+0x34/0x40
[<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280
[<00000000313b1704>] binder_thread_write+0xdec/0x439c
[<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc
[<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190
[<00000000b439adee>] invoke_syscall+0x6c/0x254
[<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230
[<0000000084f72311>] do_el0_svc+0x40/0x58
[<000000008b872457>] el0_svc+0x38/0x78
[<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c
[<00000000a8ec61bf>] el0t_64_sync+0x190/0x194
This patch fixes the leak by ensuring that any pending entries in
proc->delivered_freeze are freed during binder_deferred_release().
Fixes: d579b04 ("binder: frozen notification")
Cc: stable@vger.kernel.org
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20240926233632.821189-8-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 366003708
(cherry picked from commit 1db76ec
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
char-misc-next)
Change-Id: Iafdec3421c521b4b591b94455deba7ee5102c8ca
[cmllamas: drop BINDER_STAT_FREEZE and use proc_wrapper()]
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Add the pending proc->delivered_freeze work to the debugfs output. This information was omitted in the original implementation of the freeze notification and can be valuable for debugging issues. Fixes: d579b04 ("binder: frozen notification") Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas@google.com> Acked-by: Todd Kjos <tkjos@google.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20240926233632.821189-9-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 366003708 (cherry picked from commit cb2aeb2 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next) Change-Id: Ifc9a22b52e38c35af661732486fa1f154adb34de [cmllamas: fix KMI break with proc_wrapper()] Signed-off-by: Carlos Llamas <cmllamas@google.com>
Add hook to record the reason for calling hw_protection_shutdown Bug: 380204228 Bug: 334006616 Change-Id: I9dce8056693c96f1d5f1fab9af02a2e68ed6ab91 Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com> (cherry picked from commit 70e95a1)
1 function symbol(s) added 'int __traceiter_android_rvh_hw_protection_shutdown(void*, const char*)' 1 variable symbol(s) added 'struct tracepoint __tracepoint_android_rvh_hw_protection_shutdown' Bug: 380204228 Change-Id: Ia2f4df5e3555feb420813cc92ab784fc58012fff Signed-off-by: zhengwei <zhengwei2@honor.com>
The tooling is configured to block any changes that has a chance to break ABI, including the possibly safe: * replacement of ANDROID_KABI_RESERVE with ANDROID_KABI_USE * changes to internal structures that are not accessible to modules * addition of enumerators These changes are difficult for the tooling to identify as definitively non-breaking, therefore, a human reviewer must check the change and approve it as non-breaking. This change adds a file to record the approval with the change that was marked as breaking. This allows the tooling to: * unblock presubmits for the change * don't block presubmits when it is cherry-picked to another branch * filter compatibility reports between a release branch and a tip of the development branch it was forked from The file is prefilled with all breaks that happened from the KMI freeze. Bug: 365521273 Change-Id: I63fbed5c364cb8c7bd149bf40d084d3d87533bf7 Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
Fix to support SEEK_DATA and SEEK_HOLE for compression files Bug: 325092012 Change-Id: Iba62c53e634682205f84c8dc3566ab8df9079158 Signed-off-by: Daeho Jeong <daehojeong@google.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit a94c7fd)
…_CHECK_FS is on This patch covers sanity check logic on cluster w/ CONFIG_F2FS_CHECK_FS, otherwise, there will be performance regression while querying cluster mapping info. Callers of f2fs_is_compressed_cluster() only care about whether cluster is compressed or not, rather than # of valid blocks in compressed cluster, so, let's adjust f2fs_is_compressed_cluster()'s logic according to caller's requirement. Bug: 325092012 Change-Id: Ie3ddef60c5a3cdb2b18b0261f7188d39b7147935 Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit 2aaea53)
This patch allows f2fs_ioc_{,de}compress_file() to be interrupted, so that,
userspace won't be blocked when manual {,de}compression on large file is
interrupted by signal.
Bug: 325092012
Change-Id: I020026926732b184f227621cd64506dae92a00a1
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 3a2c0e5)
f2fs won't compress non-full cluster in tail of file, let's skip
dirtying and rewrite such cluster during f2fs_ioc_{,de}compress_file.
Bug: 325092012
Change-Id: I88e6b431b27b4768a312e0977ebe1c9e9cc23600
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 025b360)
…mpress In f2fs_do_write_data_page, when the data block is NULL_ADDR, it skips writepage considering that it has been already truncated. This results in an infinite loop as the PAGECACHE_TAG_TOWRITE tag is not cleared during the writeback process for a compressed file including NULL_ADDR in compress_mode=user. This is the reproduction process: 1. dd if=/dev/zero bs=4096 count=1024 seek=1024 of=testfile 2. f2fs_io compress testfile 3. dd if=/dev/zero bs=4096 count=1 conv=notrunc of=testfile 4. f2fs_io decompress testfile To prevent the problem, let's check whether the cluster is fully allocated before redirty its pages. Bug: 325092012 Fixes: 5fdb322 ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and F2FS_IOC_COMPRESS_FILE") Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com> Reviewed-by: Sunmin Jeong <s_min.jeong@samsung.com> Tested-by: Jaewook Kim <jw5454.kim@samsung.com> Change-Id: I0abb6bca0bb227f4f895c59e28b47b203ba0f280 Signed-off-by: Yeongjin Gil <youngjin.gil@samsung.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit f785cec)
…mp() [ Upstream commit b22db8b ] Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but found on a KASAN-enabled arm64 system when investigating https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa: [T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0 [T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024 [T15862] Call trace: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x4d8 [T15862] kasan_report+0xb8/0x1d4 [T15862] __asan_report_load4_noabort+0x20/0x2c [T15862] taprio_dump+0xa0c/0xbb0 [T15862] tc_fill_qdisc+0x540/0x1020 [T15862] qdisc_notify.isra.0+0x330/0x3a0 [T15862] tc_modify_qdisc+0x7b8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Allocated by task 15857: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_alloc_info+0x40/0x60 [T15862] __kasan_kmalloc+0xd4/0xe0 [T15862] __kmalloc_cache_noprof+0x194/0x334 [T15862] taprio_change+0x45c/0x2fe0 [T15862] tc_modify_qdisc+0x6a8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Freed by task 6192: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_free_info+0x4c/0x80 [T15862] poison_slab_object+0x110/0x160 [T15862] __kasan_slab_free+0x3c/0x74 [T15862] kfree+0x134/0x3c0 [T15862] taprio_free_sched_cb+0x18c/0x220 [T15862] rcu_core+0x920/0x1b7c [T15862] rcu_core_si+0x10/0x1c [T15862] handle_softirqs+0x2e8/0xd64 [T15862] __do_softirq+0x14/0x20 Bug: 377467434 Fixes: 18cdd2f ("net/sched: taprio: taprio_dump and taprio_change are protected by rtnl_mutex") Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Link: https://patch.msgid.link/20241018051339.418890-2-dmantipov@yandex.ru Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 5d28246) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I26f8129021be29645ae37f9aaea4644352b8154e
[ Upstream commit 2e95c43 ] In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. Fixes: 066a3b5 ("[NET_SCHED] sch_api: fix qdisc_tree_decrease_qlen() loop") Reported-by: Budimir Markovic <markovicbudimir@gmail.com> Suggested-by: Jamal Hadi Salim <jhs@mojatatu.com> Tested-by: Victor Nogueira <victor@mojatatu.com> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Simon Horman <horms@kernel.org> Bug: 377197048 Link: https://patch.msgid.link/20241024165547.418570-1-jhs@mojatatu.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 597cf97) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I4ef8bee1095f7c51e4d458b25cd331018188b3d6
1 function symbol(s) added 'int hci_cmd_sync_status(struct hci_dev*, u16, u32, const void*, u32)' Bug: 380913021 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> Change-Id: I80c88da3392ae2634672d21f5f64b853f359fbdd
After enable 16K page size, an infinite loop may occur in fiemap (fm_length=UINT64_MAX) on a file, such as the 16KB scratch.img during the remount operation in Android. The condition for whether fiemap continues to map is to check whether the number of bytes corresponding to the next map.m_lblk exceeds blks_to_bytes(inode,max_inode_blocks(inode)) if there are HOLE. The latter does not take into account the maximum size of a file with 16KB page size, so the loop cannot be jumped out. The following is the fail trace: When f2fs_map_blocks reaches map.m_lblk=3936, it needs to go to the first direct node block, so the map is 3936 + 4090 = 8026, The next map is the second direct node block, that is, 8026 + 4090 = 12116, The next map is the first indirect node block, that is, 12116 + 4090 * 4090 = 16740216, The next map is the second indirect node block, that is, 16740216 + 4090 * 4090 = 33468316, The next map is the first double indirect node block, that is, 33468316 + 4090 * 4090 * 4090 = 68451397316 Since map.m_lblk represents the address of a block, which is 32 bits, truncation will occur, that is, 68451397316 becomes 4026887876, and the number of bytes corresponding to the block number does not exceed blks_to_bytes(inode,max_inode_blocks(inode)), so the loop will not be jumped out. The next time, it will be considered that it should still be a double indirect node block, that is, 4026887876 + 4090 * 4090 * 4090 = 72444816876, which will be truncated to 3725340140, and the loop will not be jumped out. 156.374871: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 0, start blkaddr = 0x8e00, len = 0x200, flags = 2,seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.374916: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 512, start blkaddr = 0x0, len = 0x0, flags = 0 , seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.374920: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 513, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 ...... 156.385747: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3935, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385752: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3936, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385755: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 8026, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385758: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 12116, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385761: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 16740216, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385764: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 33468316, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385767: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 4026887876, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385770: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3725340140, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385772: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 4026887876, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 156.385775: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3725340140, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0 Commit a6a010f ("f2fs: Restrict max filesize for 16K f2fs") has set the maximum allowed file size to (U32_MAX + 1) * F2FS_BLKSIZE, so max_file_blocks should be used here to limit it, that is, maxbytes defined above. And the max_inode_blocks function is not called by other functions except here, so cleanup it. Signed-off-by: Xiuhong Wang <xiuhong.wang@unisoc.com> Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit a7a7c1d) Bug: 375052311 Test: fiemap_writer_test --gtest_filter=FiemapWriterTest.CreateUnalignedFile Signed-off-by: Daniel Rosenberg <drosen@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:fffd1d38a4e6b678e915859b77b50fe207ac0613) Merged-In: I9ac9e56550716bd118c832e5e092792b7d231097 Change-Id: I9ac9e56550716bd118c832e5e092792b7d231097
Merge up to the 6.1.115 LTS release into android14-6.1. Changes in here
include:
* 47a8b5f3edbe Merge 0d968ced7330 ("mm/page_alloc: treat RT tasks similar to __GFP_HIGH") into android14-6.1-lts
|\
| * 0d968ced7330 mm/page_alloc: treat RT tasks similar to __GFP_HIGH
* | 500bbbbd01d2 Merge 241398329abc ("mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE") into android14-6.1-lts
|\|
| * 241398329abc mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
* | ad46e48e1b6a Merge b5dc5b7de751 ("cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()") into android14-6.1-lts
|\|
| * b5dc5b7de751 cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
| * f70f7952270b cxl/acpi: Move rescan to the workqueue
| * 24aed1b462df riscv: Remove duplicated GET_RM
| * 02ab44d3c148 riscv: Remove unused GENERATING_ASM_OFFSETS
| * 25fe64922f79 riscv: Use '%u' to format the output of 'cpu'
| * 235eaacf5c3f riscv: efi: Set NX compat flag in PE/COFF header
| * d1b2d786e509 ALSA: hda/realtek: Limit internal Mic boost on Dell platform
| * 23304adf2981 riscv: vdso: Prevent the compiler from inserting calls to memset()
| * 71f14a9f5c7d cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
| * 25326b9c135d block: fix sanity checks in blk_rq_map_user_bvec
| * 58c7f44c7b9e nilfs2: fix potential deadlock with newly created symlinks
| * 55d01b652e74 iio: light: veml6030: fix microlux value calculation
| * f51343f346e6 iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
| * ccbc10647aaf staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
| * 23f9cef17ee3 wifi: iwlegacy: Clear stale interrupts before resuming device
| * ba392e1355ba wifi: cfg80211: clear wdev->cqm_config pointer on free
| * 6cc23898e6ba wifi: ath10k: Fix memory leak in management tx
| * 8f6cd4d5bb74 wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
| * 92d847a35e1e Revert "driver core: Fix uevent_show() vs driver detach race"
| * 042ef81f6f36 xhci: Use pm_runtime_get to prevent RPM on unsupported systems
| * b12b0948fb44 xhci: Fix Link TRB DMA in command ring stopped completion event
| * 88f8093a2af1 usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
| * 6bc6ac81ed10 usb: phy: Fix API devm_usb_put_phy() can not release the phy
| * 1bdd6270eaac usbip: tools: Fix detach_port() invalid port error path
| * 93bb7700b7ea ALSA: usb-audio: Add quirks for Dell WD19 dock
| * cf7ee2291da5 USB: gadget: dummy-hcd: Fix "task hung" problem
| * 102c4e5869e7 usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
| * 5b966c619243 usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
| * 8ffba8d917f4 usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
| * b946e7b44742 misc: sgi-gru: Don't disable preemption in GRU driver
| * 3c39d486bd48 NFS: remove revoked delegation from server's delegation list
| * 22713dcf33f5 net: amd: mvme147: Fix probe banner message
| * e479e547e3ec scsi: scsi_transport_fc: Allow setting rport state to current state
| * 14a23e15a5e8 fs/ntfs3: Additional check in ni_clear()
| * c8e7d3b72ee5 fs/ntfs3: Fix possible deadlock in mi_read
| * 7c5a0c1715a7 fs/ntfs3: Stale inode instead of bad
| * 0ef5f10d83b4 fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
| * 1b6bc5f72121 fs/ntfs3: Check if more than chunk-size bytes are written
| * 23039b4aaf1e ACPI: CPPC: Make rmw_lock a raw_spin_lock
| * bc795bc1aa24 afs: Fix missing subdir edit when renamed between parent dirs
| * 58d24f6b5105 afs: Automatically generate trace tag enums
| * aac8f6711bae firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
| * fdd1ee0ae122 kasan: Fix Software Tag-Based KASAN with GCC
| * df9552f272fa compiler-gcc: remove attribute support check for `__no_sanitize_address__`
| * 7c20cf5eb54e compiler-gcc: be consistent with underscores use for `no_sanitize`
| * c5316d04a980 iomap: turn iomap_want_unshare_iter into an inline function
* | 0df5dc7d73d9 Merge bdbc96c23197 ("fsdax: dax_unshare_iter needs to copy entire blocks") into android14-6.1-lts
|\|
| * bdbc96c23197 fsdax: dax_unshare_iter needs to copy entire blocks
| * a01987cd90fa fsdax: remove zeroing code from dax_unshare_iter
| * aa56ea3b7def iomap: share iomap_unshare_iter predicate code with fsdax
| * eb4c6fe20a30 iomap: don't bother unsharing delalloc extents
| * 50c2cffdcf21 iomap: improve shared block detection in iomap_unshare_iter
| * 6dffd7067d84 iomap: convert iomap_unshare_iter to use large folios
* | a566b71fed36 Merge d3217323525f ("netfilter: nft_payload: sanitize offset and length before calling skb_checksum()") into android14-6.1-lts
|\|
| * d3217323525f netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
| * d8f298eb6659 mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
| * 637edb11563e mlxsw: spectrum_ipip: Rename Spectrum-2 ip6gre operations
| * f068284cf187 mlxsw: spectrum_router: Add support for double entry RIFs
| * 3067fd9c8a58 mlxsw: spectrum_ptp: Add missing verification before pushing Tx header
| * a84978a9cda6 net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
| * 5d9054b9f769 Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
| * 4f7b586aae53 netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
| * cb7c388b5967 netfilter: Fix use-after-free in get_info()
| * a035df0b98df bpf: Fix out-of-bounds write in trie_get_next_key()
| * bcba86e03b3a netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
| * 580b3189c197 net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
| * 88bc4fe48b1c gtp: allow -1 to be specified as file description from userspace
| * 72c0f482e39c ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
| * a3ff23f7c3f0 net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
| * 872932cf75cf macsec: Fix use-after-free while sending the offloading packet
| * 618ee79e812b ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
| * 64d63557ded6 wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
| * a9faac8818e3 wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
| * 76210223c22a RDMA/bnxt_re: synchronize the qp-handle table array
| * 14b45fa0cebf RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
| * c466415717c7 RDMA/cxgb4: Dump vendor specific QP details
| * a419868e8e4a wifi: brcm80211: BRCM_TRACING should depend on TRACING
| * d01040d82bb1 wifi: ath11k: Fix invalid ring usage in full monitor mode
| * 45eed27b88c9 wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
| * dd7a6c914c5c mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
| * 1159e77ccf3a wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
| * c22c7488340e cgroup: Fix potential overflow issue when checking max_depth
| * ce87f7240474 fs/proc/kcore.c: allow translation of physical memory addresses
| * 7f9b58a646ac fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions
| * 28327558b23d fs/proc/kcore: convert read_kcore() to read_kcore_iter()
| * 1f633ac7df85 fs/proc/kcore: avoid bounce buffer for ktext data
| * 731451a16a7e mm: remove kern_addr_valid() completely
| * f267bcb22eb8 selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test
| * 6c3d83878392 cpufreq: Avoid a bad reference count on CPU node
| * 380bcd5aa80f cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format
* | bb558c55a551 Revert "genetlink: hold RCU in genlmsg_mcast()"
* | c5efbe731b86 Revert "tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool active"
* | 3aee75909f84 Revert "serial: Make uart_handle_cts_change() status param bool active"
* | d82cacc62537 Revert "serial: imx: Update mctrl old_status on RTSD interrupt"
* | ca7ef58ce497 Revert "arm64:uprobe fix the uprobe SWBP_INSN in big-endian"
* | bfff915c97d5 Revert "arm64: probes: Fix uprobes for big-endian kernels"
* | 535085db57c2 Revert "arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning"
* | 983df5e9efe3 Revert "usb: gadget: Add function wakeup support"
* | 56f28f226937 Revert "XHCI: Separate PORT and CAPs macros into dedicated file"
* | fae9c0cd1af4 Revert "usb: dwc3: core: Fix system suspend on TI AM62 platforms"
* | 45a7ce8a2b6d ANDROID: GKI: fix up build break where timer_delete_sync() was used
* | a332a3d23d90 Merge 6.1.115 into android14-6.1-lts
|\|
| * 7c15117f9468 Linux 6.1.115
| * bce1afaa212e xfrm: validate new SA's prefixlen using SA family when sel.family is unset
| * 354b3847ead1 arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
| * 2c3766fac98c ACPI: PRM: Clean up guid type in struct prm_handler_info
| * fc35bb2e1f4f platform/x86: dell-wmi: Ignore suspend notifications
| * e19bf49e9033 ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
| * 61b8628cbbcc net: phy: dp83822: Fix reset pin definitions
| * d7b5876a6e74 serial: protect uart_port_dtr_rts() in uart_shutdown() too
| * 825109397143 selinux: improve error checking in sel_write_load()
| * 5660bcc4dd53 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
| * 4faa6e3e66b3 hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
| * dc2ad8e8818e xfrm: fix one more kernel-infoleak in algo dumping
| * 9bb6ec11751c LoongArch: Get correct cores_per_package for SMT systems
| * 22aba10069ad ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
| * 9df62691d354 KVM: arm64: Don't eagerly teardown the vgic on init error
| * 6876793907cb KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
| * 958f8343f4ad openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
| * 27524f65621f nilfs2: fix kernel bug due to missing clearing of buffer delay flag
| * 71edf620e335 ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue
| * 8ce081ad8425 ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
| * e7f56a30c505 ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
| * cd67af3c1762 drm/amd: Guard against bad data for ATIF ACPI method
| * deee4bd713f4 btrfs: zoned: fix zone unusable accounting for freed reserved extent
| * 8a43e8aed9a8 btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
| * bc5085816e8a cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
| * ff2a9c402904 cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
| * 31b55b2be4f3 ALSA: hda/realtek: Update default depop procedure
| * 796adf538df7 powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
| * d2826873db70 ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
| * 02753a90102c ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
| * a116e7c334b7 ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
| * 7a5c653ede64 bpf,perf: Fix perf_event_detach_bpf_prog error handling
| * 876ac72d535f Bluetooth: ISO: Fix UAF on iso_sock_timeout
| * 9ddda5d967e8 Bluetooth: SCO: Fix UAF on sco_sock_timeout
| * 5f063bbf1ee6 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
| * 3216a2bd61bb r8169: avoid unsolicited interrupts
| * fe371f084073 net: sched: fix use-after-free in taprio_change()
| * b72b1b4c9e01 net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers
| * d9edc3428c79 net: usb: usbnet: fix name regression
| * 114f412794d2 net: fix races in netdev_tx_sent_queue()/dev_watchdog()
| * 91b82cf8278a net/sched: adjust device watchdog timer to detect stopped queue at right time
| * 628e82e270b6 net: provide macros for commonly copied lockless queue stop/wake code
| * 1af2abd34237 docs: net: reformat driver.rst from a list to sections
| * 9683804e3666 net: wwan: fix global oob in wwan_rtnl_policy
| * 6ee5a1b7ce07 netfilter: xtables: fix typo causing some targets not to load on IPv6
| * 549f61968181 net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
| * 09ce491112bb octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
| * d48de29a707a octeon_ep: Implement helper for iterating packets in Rx queue
| * 1ba9c6fc9f06 net: plip: fix break; causing plip to never transmit
| * 4c5f170ef4f8 be2net: fix potential memory leak in be_xmit()
| * 1a17a4ac2d57 net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
| * 681fa845cc31 xfrm: respect ip protocols rules criteria when performing dst lookups
| * 3094585b5f50 xfrm: extract dst lookup parameters into a struct
| * f4ed40d1c669 tracing: Consider the NULL character when validating the event length
| * d52ac941fe7d jfs: Fix sanity check in dbMount
| * a67d4a02bf43 LoongArch: Don't crash in stack_top() for tasks without vDSO
| * eb3710efffce LoongArch: Add support to clone a time namespace
| * fa001d7e2c65 platform/x86: dell-sysman: add support for alienware products
| * d71a2d54fb11 ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
| * 72e445df65a0 udf: fix uninit-value use in udf_get_fileshortad
| * 487b24136d78 udf: refactor udf_current_aext() to handle error
| * 908263286e26 arm64: Force position-independent veneers
| * 95124c542935 ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
| * a548f8773e1b ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values
| * 7458a6cdaebb drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
| * 3dfd727873c3 fs/ntfs3: Add more attributes checks in mi_enum_attr()
| * 0bdf77be2330 exec: don't WARN for racy path_noexec check
| * 5258c70d0ba0 block, bfq: fix procress reference leakage for bfqq in merge chain
| * e1e87568a2c6 serial: imx: Update mctrl old_status on RTSD interrupt
| * 04de065652be serial: Make uart_handle_cts_change() status param bool active
| * 376d15bad7a5 tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool active
| * 85ca88f93162 usb: dwc3: core: Fix system suspend on TI AM62 platforms
| * e0deb60b16ad XHCI: Separate PORT and CAPs macros into dedicated file
| * e36d975b0408 usb: gadget: Add function wakeup support
| * fa6e2ee41404 usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
| * 193749e04ef8 usb: gadget: f_uac2: fix non-newline-terminated function name
| * 158833b519db usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
| * ec9b965459d7 xhci: dbc: honor usb transfer size boundaries.
| * 4049dee89876 xhci: dbgtty: use kfifo from tty_port struct
| * 3121da179f95 xhci: dbgtty: remove kfifo_out() wrapper
| * 14841bb7a531 arm64: probes: Fix uprobes for big-endian kernels
| * 63f9dae763a8 arm64:uprobe fix the uprobe SWBP_INSN in big-endian
| * 82da3aedc944 bpf: Fix iter/task tid filtering
| * 9c661caba15b riscv, bpf: Make BPF_CMPXCHG fully ordered
| * e58fb7ddbab6 net/mlx5: Unregister notifier on eswitch init failure
| * d1606090bb29 net/mlx5: Fix command bitmask initialization
| * 18c8ea940d25 net/mlx5: split mlx5_cmd_init() to probe and reload routines
| * 5cd775efbb55 net/mlx5: Remove redundant cmdif revision check
| * 03015b6329e6 Bluetooth: bnep: fix wild-memory-access in proto_unregister
| * 318ca89bc578 s390: Initialize psw mask in perf_arch_fetch_caller_regs()
| * bee1b68cb8bc usb: typec: altmode should keep reference to parent
| * 2ef632bfb888 smb: client: fix OOBs when building SMB2_IOCTL request
| * 895ab729425e scsi: target: core: Fix null-ptr-deref in target_alloc_device()
| * b3262e13e223 net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
| * 30e0906e0d62 ravb: Remove setting of RX software timestamp
| * ae53d09f11e5 genetlink: hold RCU in genlmsg_mcast()
| * 5071beb59ee4 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
| * 96972e08b7b5 drm/msm/dpu: don't always program merge_3d block
| * f9f7c872df9d drm/msm/dpu: Wire up DSC mask for active CTL configuration
| * 2d026274cd88 irqchip/renesas-rzg2l: Fix missing put_device
| * 218a0a49ea76 irqchip/renesas-rzg2l: Add support for suspend to RAM
| * a35ab82756f5 irqchip/renesas-rzg2l: Document structure members
| * 57419aaead2a irqchip/renesas-rzg2l: Align struct member names to tabs
| * 533d2f30aef2 net: systemport: fix potential memory leak in bcm_sysport_xmit()
| * f1ed2bded8b8 net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
| * 51ecd8e4a2d4 net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
| * 3e7b6d8c5813 net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
| * 24973f4b64f9 netdevsim: use cond_resched() in nsim_dev_trap_report_work()
| * 36ee799f4150 macsec: don't increment counters for an unrelated SA
| * a0c86f17fc7e drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
| * afb2159b7812 octeontx2-af: Fix potential integer overflows on integer shifts
| * a2458411a04f net: usb: usbnet: fix race in probe failure
| * 33053d901fc6 drm/msm: Allocate memory for disp snapshot with kvzalloc()
| * e8e9f2a12a62 drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
| * 4a14351a47a6 drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
| * 2cbcac6db8dd drm/msm/dpu: make sure phys resources are properly initialized
| * ea701c1849e7 RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
| * ff80a98104c4 RDMA/bnxt_re: Return more meaningful error
| * 081901129818 ipv4: give an IPv4 dev to blackhole_netdev
| * 63ce626d9886 RDMA/srpt: Make slab cache names unique
| * d22eca039990 RDMA/irdma: Fix misspelling of "accept*"
| * 0e5b2abae0ce RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
| * 21dc97d5086f ALSA: hda/cs8409: Fix possible NULL dereference
| * ea45f1e87ce7 selftests/bpf: Fix cross-compiling urandom_read
| * 81b23c8bb541 drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
| * 3e220b6f537b iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig
| * c947b337e5e4 iio: frequency: {admv4420,adrf6780}: format Kconfig entries
| * eb485fbdc2d0 bpf: fix kfunc btf caching for modules
| * dcc0685ab402 s390/pci: Handle PCI error codes other than 0x3a
| * 057b1165eb10 ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
| * 42ef45fee314 x86/resctrl: Avoid overflow in MB settings in bw_validate()
| * 76dd679c3b14 RDMA/bnxt_re: Add a check for memory allocation
| * 9dacff209b96 RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
| * 616e935d8a82 bpf: Fix memory leak in bpf_core_apply
| * a778fbe087c1 bpf: devmap: provide rxq after redirect
| * 314dbee9fe4f bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
| * 64f3b66c99ce iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.
| * 5eb34999d118 bpf: Use raw_spinlock_t in ringbuf
* | db64cb409e4f Revert "irqchip/gic-v4: Don't allow a VMOVP on a dying VPE"
* | 4d5ecb6e0319 Merge 6.1.114 into android14-6.1-lts
|\|
| * 7ec6f9fa3d97 Linux 6.1.114
| * d285ba6f22f5 udf: Avoid directory type conversion failure due to ENOMEM
| * 7089811e20d1 udf: Allocate name buffer in directory iterator on heap
| * 27bbab47ad74 ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2
| * 9470ac978697 powerpc/64: Add big-endian ELFv2 flavour to crypto VMX asm generation
| * 270a6f9df35f nilfs2: propagate directory read errors from nilfs_find_entry()
| * 6999328f2aa8 mptcp: prevent MPC handshake on port-based signal endpoints
| * ba8e65814e51 tcp: fix mptcp DSS corruption due to large pmtu xmit
| * b2a4a2dad31d irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
| * 64b12b061c54 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
| * 0a4d4dbef622 pinctrl: apple: check devm_kasprintf() returned value
| * 4a81800ef05b pinctrl: ocelot: fix system hang on level based interrupts
| * bf171b5e86e4 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
| * 43778de19d2e x86/entry_32: Clear CPU buffers after register restore in NMI return
| * 7f06caaae0cc x86/entry_32: Do not clobber user EFLAGS.ZF
| * 25636317e591 x86/apic: Always explicitly disarm TSC-deadline timer
| * cf9f26994c56 x86/resctrl: Annotate get_mem_config() functions as __init
| * fca048f222ce parport: Proper fix for array out-of-bounds access
| * d24a0b1a3085 usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
| * 9a6a518a9e2c USB: serial: option: add Telit FN920C04 MBIM compositions
| * 62d9b2ee0bad USB: serial: option: add support for Quectel EG916Q-GL
| * 894eee6f6af7 xhci: Mitigate failed set dequeue pointer commands
| * 8a3dc841e343 xhci: Fix incorrect stream context type macro
| * 8dfea4be20e1 Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
| * fa4b832c5a6e Bluetooth: ISO: Fix multiple init when debugfs is disabled
| * 9ec4db1b1853 Bluetooth: Remove debugfs directory on module init failure
| * 4af7ba39a1a0 Bluetooth: Call iso_exit() on module unload
| * fec9ec7dd996 iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * 5501bd8c1342 iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * 3e074e933621 iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * ee5192e144e1 iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * cdfc07bbf8b1 iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
| * 0ee119cf7d1f iio: light: opt3001: add missing full-scale range value
| * bcb90518ccd9 iio: light: veml6030: fix IIO device retrieval from embedded device
| * f8660a0b248e iio: light: veml6030: fix ALS sensor resolution
| * 3d96aec20c41 iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency()
| * f07f204deb07 iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
| * 104c86fd445b iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
| * 99d29d05ff77 iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
| * c9780268695b iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
| * dc79c24e5883 drm/amdgpu: prevent BO_HANDLES error from being overwritten
| * d18dba06f9f3 drm/amdgpu/swsmu: Only force workload setup on init
| * 3a3b2a29d063 drm/vmwgfx: Handle surface check failure correctly
| * c3cd27d85f07 drm/radeon: Fix encoder->possible_clones
| * 7de759fceacf scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
| * abb1c50afa1c io_uring/sqpoll: close race on waiting for sqring entries
| * b5e900a3612b blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
| * 231ced8a175e x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
| * e4f2043985d2 x86/bugs: Skip RSB fill at VMEXIT
| * e6f0abe6f19b x86/entry: Have entry_ibpb() invalidate return predictions
| * 72ec8fc23ef5 x86/cpufeatures: Add a IBPB_NO_RET BUG flag
| * bc114b2a0478 x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
| * 6328b4891bd3 KVM: s390: Change virtual to physical address access in diag 0x258 handler
| * ab09afbaeb28 KVM: s390: gaccess: Check if guest address is in memslot
| * 1ef44fb30b92 s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
| * 132800e37ba7 s390/sclp: Deactivate sclp after all its users
| * cbfa3a83eba0 iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
| * 2219e5f97244 drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
| * 7c7874977da9 maple_tree: correct tree corruption on spanning store
| * eff23e59b787 devlink: bump the instance index directly when iterating
| * 031f06fd75a2 devlink: drop the filter argument from devlinks_xa_find_get
| * 6ec0fe3756f9 mm/swapfile: skip HugeTLB pages for unuse_vma
| * f9ecda20885a fat: fix uninitialized variable
| * 9ca0d4513a62 irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
| * 831e19e565b5 net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY
| * a03143424382 arm64: probes: Fix simulate_ldr*_literal()
| * bae792617a7e arm64: probes: Remove broken LDR (literal) uprobe support
| * 27abbde44b6e posix-clock: Fix missing timespec64 check in pc_clock_settime()
| * 4486ec9417f4 net: enetc: add missing static descriptor and inline keyword
| * 63b0c9499235 net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
| * 097d24d5e72b udf: Don't return bh from udf_expand_dir_adinicb()
| * 701cabd26ab9 udf: Handle error when expanding directory
| * 15b41824972c udf: Remove old directory iteration code
| * 940fd9d7fc19 udf: Convert udf_link() to new directory iteration code
| * 32467238b11d udf: Convert udf_mkdir() to new directory iteration code
| * 1a086d4dae22 udf: Convert udf_add_nondir() to new directory iteration
| * 221aed914676 udf: Implement adding of dir entries using new iteration code
| * 4e52300d9c8f udf: Convert udf_unlink() to new directory iteration code
| * d2e664c66729 udf: Convert udf_rmdir() to new directory iteration code
| * ecf68d16c7de udf: Convert empty_dir() to new directory iteration code
| * 1e5f534121ae udf: Convert udf_get_parent() to new directory iteration code
| * 0f7fd745946d udf: Convert udf_lookup() to use new directory iteration code
| * 31f1ca5c4f7c udf: Convert udf_readdir() to new directory iteration
| * 9616d00140a1 udf: Convert udf_rename() to new directory iteration code
| * a4265251e742 udf: Provide function to mark entry as deleted using new directory iteration code
| * 507ab6a5bee9 udf: Implement searching for directory entry using new iteration code
| * 0621e30fd86a udf: Move udf_expand_dir_adinicb() to its callsite
| * 5f503315e122 udf: Convert udf_expand_dir_adinicb() to new directory iteration
| * 9353fb8225f5 udf: New directory iteration code
| * da3343bc0839 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
| * 5014a7c916df ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
| * a9839c37fd81 ksmbd: fix user-after-free from session log off
| * b37de9491f14 btrfs: fix uninitialized pointer free on read_alloc_one_name() error
| * 12cf028381aa btrfs: fix uninitialized pointer free in add_inode_ref()
* | edae6e6e3d29 Merge 6.1.113 into android14-6.1-lts
|\|
| * 54d90d17e8ce Linux 6.1.113
| * 2da76b4d08ae Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
| * de0456460f2a block, bfq: fix uaf for accessing waker_bfqq after splitting
| * 7c21e985399f perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
| * a3be020294eb net: ethernet: cortina: Restore TSO support
| * 5ea0b7af3875 secretmem: disable memfd_secret() if arch cannot set direct map
| * 8608196a155c kthread: unpark only parked kthread
| * 614bfb205098 nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
| * 9c4198dfdca8 device-dax: correct pgoff align in dax_set_mapping()
| * 409b7af29743 mptcp: pm: do not remove closing subflows
| * 35668f8ec84f mptcp: handle consistently DSS corruption
| * 3b196f475914 net: dsa: lan9303: ensure chip reset and wait for READY status
| * 5f03a7f601f3 net: Fix an unsafe loop on the list
| * b7d22a79ff4e net: explicitly clear the sk pointer, when pf->create fails
| * cd2b08a6de2b ata: libata: avoid superfluous disk spin down + spin up during hibernation
| * 71cc449287c4 mptcp: fallback when MPTCP opts are dropped after 1st data
| * 3afeceda855d scsi: wd33c93: Don't use stale scsi_pointer value
| * 75452da51e24 drm/vc4: Stop the active perfmon before being destroyed
| * 0c9e9a3a4873 drm/v3d: Stop the active perfmon before being destroyed
| * 957d6a2f28ef hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
| * 192d1b8d7a28 usb: gadget: core: force synchronous registration
| * 97c900e55cfc usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
| * 1132e0109001 usb: xhci: Fix problem with xhci resume from suspend
| * 759e9e87ad2b usb: dwc3: core: Stop processing of pending events if controller is halted
| * c619e923b3e1 Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
| * a925279e5ac4 HID: plantronics: Workaround for an unexcepted opposite volume key
| * 4cd9c5a0fcad HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
| * 80faf6afeb43 Revert "net: ibm/emac: allocate dummy net_device dynamically"
| * 9fae1a346f6e hwmon: (adt7470) Add missing dependency on REGMAP_I2C
| * 3287c0a8d71c hwmon: (adm9240) Add missing dependency on REGMAP_I2C
| * 4fbe3fca8555 hwmon: (tmp513) Add missing dependency on REGMAP_I2C
| * a2bb0c5d0086 wifi: mac80211: Avoid address calculations via out of bounds array indexing
| * 5005e2e159b3 net/mlx5: Always drain health in shutdown callback
| * af017667adb1 HID: multitouch: Add support for lenovo Y9000P Touchpad
| * 2d07a38ec94d rust: macros: provide correct provenance when constructing THIS_MODULE
| * ff5e0f895315 slip: make slhc_remember() more robust against malicious packets
| * ce249a4c68d0 ppp: fix ppp_async_encode() illegal access
| * d66c612c4004 mctp: Handle error of rtnl_register_module().
| * 438c8d7dfdcb vxlan: Handle error of rtnl_register_module().
| * 317c4c68eecd rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
* | 70c5eb7f3879 UPSTREAM: netfilter: xtables: fix typo causing some targets not to load on IPv6
* | ca877f130bb3 Merge 8f5ad212f44d ("net: ibm: emac: mal: add dcr_unmap to _remove") into android14-6.1
|\|
| * 8f5ad212f44d net: ibm: emac: mal: add dcr_unmap to _remove
| * 1aea6c057708 net: ibm/emac: allocate dummy net_device dynamically
| * 0f6dcaf4cd95 netfilter: fib: check correct rtable in vrf setups
| * 8f482bb7e27b netfilter: xtables: avoid NFPROTO_UNSPEC where needed
* | d90aa3b1e7db ANDROID: GKI: rexport __qdisc_calculate_pkt_len
* | f27c9aabfcea Merge 5de0b8ca7c2b ("sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start") into android14-6.1
|\|
| * 5de0b8ca7c2b sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
| * 8409539dbb93 btrfs: zoned: fix missing RCU locking in error message when loading zone info
| * b541831a5d1c net: ibm: emac: mal: fix wrong goto
| * 76feedc74b90 net/sched: accept TCA_STAB only for root qdisc
| * 6a39c8f5c8aa igb: Do not bring the device up after non-fatal error
| * 9a9747288ba0 i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
| * 94438143fed5 ice: Fix netif_is_ice() in Safe Mode
| * 75aa45ece3bd gpio: aspeed: Use devm_clk api to manage clock source
| * 563550b619e2 gpio: aspeed: Add the flush write to ensure the write complete.
| * bc16154fde8c net: dsa: b53: fix jumbo frames on 10/100 ports
| * 40081f210766 net: dsa: b53: allow lower MTUs on BCM5325/5365
| * deec6368c052 net: dsa: b53: fix max MTU for BCM5325/BCM5365
| * c43068b2555d net: dsa: b53: fix max MTU for 1g switches
| * 22deeb6a70b2 net: dsa: b53: fix jumbo frame mtu check
| * e4340fef8848 net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo()
| * 2a2d6b24f01c Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
| * b4ab78f4adea thermal: intel: int340x: processor: Fix warning during module unload
| * 49c0fbd5e7d5 thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add
| * 30c3d3d9b7ae net: phy: bcm84881: Fix some error handling paths
| * ced98072d351 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
| * 6e39646d7a13 selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test
| * 78ed917133b1 netfilter: br_netfilter: fix panic with metadata_dst skb
| * ed36591af26f tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
| * dc566bf54b12 tcp: fix to allow timestamp undo if no retransmits were sent
| * c1944b425364 net: phy: dp83869: fix memory corruption when enabling fiber
| * 632344b9efa0 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
| * ae315bcc30cc SUNRPC: Fix integer overflow in decode_rc_list()
| * 8ef4af06713b ice: fix VLAN replay after reset
| * 7cfc972acb0d NFSD: Mark filecache "down" if init fails
* | 4d9f717a6fc7 Merge fc2f4a5a718c ("drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066") into android14-6.1
|\|
| * fc2f4a5a718c drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
| * de3120b8f232 drm/rockchip: vop: limit maximum resolution to hardware capabilities
| * 889304120ecb fbdev: sisfb: Fix strbuf array overflow
| * 8266ae6eafdc fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
| * 97a79933fb08 drm/amd/display: Check null pointer before dereferencing se
| * 0857b1c573c0 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
| * 78fa420e23f2 scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd()
| * b80d8c2c55e5 driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute
| * 737e75df3a75 staging: vme_user: added bound check to geoid
| * 6dad158fbb03 tools/iio: Add memory allocation failure check for trigger_name
| * 6a5ca0ab94e1 virtio_pmem: Check device status before requesting flush
| * 4dab65aafbfa netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
| * b52f1fbb068b LoongArch: Fix memleak in pci_acpi_scan_root()
| * c66562408c0c comedi: ni_routing: tools: Check when the file could not be opened
| * 4d49102c2479 usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario
| * 0a27f6cb3b83 usb: chipidea: udc: enable suspend interrupt after usb reset
| * 11ceb17e6f07 clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
| * 1d750606fedc remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
| * 9496004146fa media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
| * ea15b254ad7b riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown
| * 0a2cfe7a891e RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
| * 3ae45be84924 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
| * a2493904e95c io_uring: check if we need to reschedule during overflow flush
| * b6fdfd6f8dc1 RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t
| * a4babb895c8e PCI: Mark Creative Labs EMU20k2 INTx masking as broken
| * 7600bc3a6849 i2c: i801: Use a different adapter-name for IDF adapters
| * 9af86455eb34 PCI: Add ACS quirk for Qualcomm SA8775P
| * 1d4359411d7b clk: bcm: bcm53573: fix OF node leak in init
| * b5d407666446 RDMA/rtrs-srv: Avoid null pointer deref during path establishment
| * 90be6ffc6ae0 PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
| * e80eadb3604a RDMA/mad: Improve handling of timed out WRs of mad agent
| * ec5b06acbe93 ktest.pl: Avoid false positives with grub2 skip regex
* | 2a9237e80dac Revert "perf,x86: avoid missing caller address in stack traces captured in uprobe"
* | 07d3db81051a Revert "i2c: create debugfs entry per adapter"
* | a521ff214196 Revert "i2c: core: Lock address during client device instantiation"
* | ff83a68a27b2 Merge beff507e9e9d ("s390/cpum_sf: Remove WARN_ON_ONCE statements") into android14-6.1-lts
|\|
| * beff507e9e9d s390/cpum_sf: Remove WARN_ON_ONCE statements
| * 2d1f754329e3 ext4: nested locking for xattr inode
| * 4061e07f040a ext4: don't set SB_RDONLY after filesystem errors
| * d730f53bf521 bpf, x64: Fix a jit convergence issue
| * 93c574989c0b s390/mm: Add cond_resched() to cmm_alloc/free_pages()
| * 5ff787ebd0d3 s390/facility: Disable compile time optimization for decompressor code
| * 39b5ecc9278b bpf: Check percpu map value size first
| * bc26503532ef Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
| * b2e1167d2109 virtio_console: fix misc probe bugs
| * 9fcade799c26 fs/ntfs3: Refactor enum_rstbl to suppress static checker
| * ec84214a3467 fs/ntfs3: Fix sparse warning in ni_fiemap
| * 609bdfae6faa fs/ntfs3: Do not call file_modified if collapse range failed
| * 3a38e3084972 Bluetooth: Fix usage of __hci_cmd_sync_status
| * 345788c464ba selftests: net: Remove executable bits from library scripts
| * 54adbacfa16e libsubcmd: Don't free the usage string
| * bfe95355a608 perf sched: Move curr_pid and cpu_last_switched initialization to perf_sched__{lat|map|replay}()
| * 5a708abb7dff perf sched: Move curr_thread initialization to perf_sched__map()
| * b942e1b57279 perf sched: Fix memory leak in perf_sched__map()
| * e6cdd72aa523 perf sched: Move start_work_mutex and work_done_wait_mutex initialization to perf_sched__replay()
| * aba6841a6c52 perf sched: Avoid large stack allocations
| * 4d9a5864c320 perf lock: Dynamically allocate lockhash_table
| * 5c6cfbc539ef bootconfig: Fix the kerneldoc of _xbc_exit()
| * e780662c8c3c tracing: Have saved_cmdlines arrays all in one allocation
| * b8421b2a3d4b drm/crtc: fix uninitialized variable use even harder
| * 8e1cb8b75d8e ALSA: hda/realtek: cs35l41: Fix device ID / model name
| * 86872f5a764e ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
| * 71e1a9912fc5 tracing: Remove precision vsnprintf() check from print event
| * 4d58b0e90dd0 net: ethernet: cortina: Drop TSO support
| * 21526498d25e unicode: Don't special case ignorable code points
| * a23f0ea8dd68 fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
| * bea229ba8b10 fsdax: dax_unshare_iter() should return a valid length
| * acebeb375fc7 perf report: Fix segfault when 'sym' sort key is not used
| * ace9c778a214 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
| * ec134c1855c8 erofs: fix incorrect symlink detection in fast symlink
| * 38c561839041 erofs: set block size to the on-disk block size
| * 351912b9d623 erofs: avoid hardcoded blocksize for subpage block support
| * 7b33d69a08b8 erofs: get rid of z_erofs_do_map_blocks() forward declaration
| * 808ccede87c3 erofs: get rid of erofs_inode_datablocks()
| * 2544abf6b667 Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings"
| * ca1fb7942a28 ACPI: battery: Fix possible crash when unregistering a battery hook
| * fc474e3fa04c ACPI: battery: Simplify battery hook locking
| * d01053f910dc clk: qcom: gcc-sc8180x: Add GPLL9 support
| * fe44b3bfbf0c r8169: add tally counter fields added with RTL8125
| * affd54d4f484 r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
| * d47234b07e3f clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
| * cfecad07c198 clk: samsung: exynos7885: do not define number of clocks in bindings
| * 4fab87aa79fa dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
| * 3e166c012160 dt-bindings: clock: qcom: Add missing UFS QREF clocks
| * 928aed032a34 remoteproc: k3-r5: Delay notification of wakeup event
| * 3c80f64414e3 remoteproc: k3-r5: Acquire mailbox handle during probe routine
| * fb4c3e7120f2 media: imx335: Fix reset-gpio handling
| * 1f66f0292904 media: i2c: imx335: Enable regulator supplies
| * f429f85e4c4f sched: psi: fix bogus pressure spikes from aggregation race
| * 6fddf325fa41 delayacct: improve the average delay precision of getdelay tool to microsecond
| * 2760bafc1ad0 docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
| * 84887f4c1c3a lib/buildid: harden build ID parsing logic
| * fee9e01333aa build-id: require program headers to be right after ELF header
| * 5639cd069d47 drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
| * 327b83370866 mm: z3fold: deprecate CONFIG_Z3FOLD
| * 24141df5a861 uprobes: fix kernel info leak via "[uprobes]" vma
| * 5a306c8641f4 io_uring/net: harden multishot termination case for recv
| * fd7c4608cad2 arm64: errata: Expand speculative SSBS workaround once more
| * 24cb24b49cb4 arm64: cputype: Add Neoverse-N3 definitions
| * ae50bfa1f35a arm64: Add Cortex-715 CPU part definition
| * c5c70e1dca2d spi: bcm63xx: Fix missing pm_runtime_disable()
| * 463cd7ebebba dt-bindings: clock: exynos7885: Fix duplicated binding
| * 8f32f6cf92fc i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
| * 73733d8ca9c9 i2c: xiic: Use devm_clk_get_enabled()
| * e2852a02469f i2c: core: Lock address during client device instantiation
| * e2a268b0f512 i2c: create debugfs entry per adapter
| * 064debdc4127 kconfig: qconf: fix buffer overflow in debug links
| * 90ebc392ade3 cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
| * 722d2d8fc423 drm/amd/display: Fix system hang while resume with TBT monitor
| * 8e40fef1d88f drm/sched: Add locking to drm_sched_entity_modify_sched
| * a412e21243ed drm/i915/gem: fix bitwise and logical AND mixup
| * 38121696431a close_range(): fix the logics in descriptor table trimming
| * ce25f33ba89d tracing/timerlat: Fix a race during cpuhp processing
| * 9e9e80e4e7d0 tracing/hwlat: Fix a race during cpuhp processing
| * 643233560652 ceph: fix cap ref leak via netfs init_request
| * d17c631ba04e Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
| * 3d7ecc91fe2d gpio: davinci: fix lazy disable
| * 9da40aea63f8 btrfs: wait for fixup workers before stopping cleaner kthread during umount
| * c71eb38a046e btrfs: send: fix invalid clone operation for file that got its size decreased
| * d13249c0df7a btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
| * 89797d918c0e ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
| * 5fece930c0e0 ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
| * d32ff64c872d cachefiles: fix dentry leak in cachefiles_open_file()
| * 01e7ba68c845 Input: adp5589-keys - fix adp5589_gpio_get_value()
| * 34e304cc53ae Input: adp5589-keys - fix NULL pointer dereference
| * 3257b50bb019 rtc: at91sam9: fix OF node leak in probe() error path
| * 5d43e1ad4567 net: stmmac: Fix zero-division error when disabling tc cbs
| * 5153497611cd tomoyo: fallback to realpath if symlink's pathname does not exist
| * 080e6c9a3908 gso: fix udp gso fraglist segmentation after pull from frag_list
| * 9c9a0ba06f3c iio: magnetometer: ak8975: Fix reading for ak099xx sensors
| * dd63542298b8 smb: client: use actual path when queryfs
| * 28936dec3498 clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
| * 2f5f0cbacd4a clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
| * c34fbb1a28b0 media: qcom: camss: Fix ordering of pm_runtime_enable
| * 43173b7fb3e7 clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
| * 2a541fcc0bd2 media: venus: fix use after free bug in venus_remove due to race condition
| * 65b03123d8e8 clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
| * 4f2de6dc51b3 clk: qcom: clk-rpmh: Fix overflow in BCM vote
| * 885e7b5e23ce media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
| * 1620ca51c414 clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
| * 17f7db9e6be1 media: sun4i_csi: Implement link validate for sun4i_csi subdev
| * 3a4e2f113ce2 clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
| * 87ab3af74477 remoteproc: k3-r5: Fix error handling when power-up failed
| * f057579a67b6 clk: rockchip: fix error for unknown clocks
| * bc2cbf7525ac aoe: fix the potential use-after-free problem in more places
| * f07c20c6eeb0 NFSD: Fix NFSv4's PUTPUBFH operation
| * 6fe058502f88 nfsd: map the EBADMSG to nfserr_io to avoid warning
| * 137f67208515 nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
| * 8bcec93396e5 perf hist: Update hist symbol when updating maps
| * 4e1813e52f86 exfat: fix memory leak in exfat_load_bitmap()
| * 732b16ea771c riscv: define ILLEGAL_POINTER_VALUE for 64bit
| * 01cb2e751cc6 ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
| * 82dfdd1e31e7 ocfs2: fix null-ptr-deref when journal load failed.
| * 81aba693b129 ocfs2: remove unreasonable unlock in ocfs2_read_blocks
| * bbf41277df8b ocfs2: cancel dqi_sync_work before freeing oinfo
| * 5c2072f02c0d ocfs2: reserve space for inline xattr before attaching reflink tree
| * 0d1b94b3c4dc ocfs2: fix uninit-value in ocfs2_get_block()
| * 24cf79398f92 ocfs2: fix the la space leak when unmounting an ocfs2 volume
| * f8767d10bcbc mm: krealloc: consider spare memory for __GFP_ZERO
| * 6e5a48afb175 jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
| * 70bae48377a2 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
| * 4b90d2eb451b resource: fix region_intersects() vs add_memory_driver_managed()
| * f37a1d9e5e22 drm: omapdrm: Add missing check for alloc_ordered_workqueue
| * afa0b75ad9b8 of/irq: Support #msi-cells=<0> in of_msi_get_domain
| * b049894eb1b4 drm/rockchip: vop: clear DMA stop bit on RK3066
| * b1a661d9cc48 parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
| * a304414f3996 parisc: Fix 64-bit userspace syscall path
| * b1dd2ea55fc8 ext4: mark fc as ineligible using an handle in ext4_xattr_set()
| * ca083a08a67c ext4: use handle to mark fc as ineligible in __track_dentry_update()
| * 5f6192108252 ext4: fix fast commit inode enqueueing during a full journal commit
| * 354835cea9ea ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list()
| * 6d9fd7e74ea0 ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
| * 6801ed129820 ext4: update orig_path in ext4_find_extent()
| * 78bbc3d15b6f ext4: fix double brelse() the buffer of the extents path
| * 51db04892a99 ext4: aovid use-after-free in ext4_ext_insert_extent()
| * 6367d3f04c69 ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
| * bd87b99ef3fa ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
| * abfaa876b948 ext4: dax: fix overflowing extents beyond inode size when partially writing
| * 10d3eb28b1ce ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
| * 2060abdede3a ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
| * a5401d4c3e2a ext4: fix slab-use-after-free in ext4_split_extent_at()
| * 7b30d0b9f5cd ext4: correct encrypted dentry name hash when not casefolded
| * a02d7f5b2419 ext4: no need to continue when the number of entries is 1
| * 8be8578e6bd0 ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
| * 44c11fc535a4 ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
| * ba34b0e9d513 ALSA: line6: add hw monitor volume control to POD HD500X
| * b5abf22ca428 ALSA: usb-audio: Add native DSD support for Luxman D-08u
| * 80863d80ccd5 ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
| * 97bea9f57b36 ALSA: core: add isascii() check to card ID generator
| * fed2d3a225ed drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
| * 1e013f9a44c9 parisc: Fix itlb miss handler for 64-bit programs
| * 65e5ebb915c3 perf/core: Fix small negative period being ignored
| * bda702a43921 power: supply: hwmon: Fix missing temp1_max_alarm attribute
| * 381aac94734c spi: bcm63xx: Fix module autoloading
| * a763af9f5d62 firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
| * 9f08876d7667 media: i2c: ar0521: Use cansleep version of gpiod_set_value()
| * 55a629c52001 i2c: xiic: Wait for TX empty to avoid missed TX NAKs
| * bb4b446d8782 i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
| * c2024b1a583a i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
| * cdd03afcb6ed platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
| * 757823c13597 Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
| * 9e89f4de79e8 selftests: vDSO: fix vdso_config for s390
| * ecbdbe513244 selftests: vDSO: fix ELF hash table entry size for s390x
| * 3c9f0c9d5968 powerpc/vdso: Fix VDSO data access when running in a non-root time namespace
| * eba34000e711 selftests/mm: fix charge_reserved_hugetlb.sh test
| * 07b532e80288 selftests: vDSO: fix vDSO symbols lookup for powerpc64
| * 998dacca5a88 selftests: vDSO: fix vdso_config for powerpc
| * 114b399e108d selftests: vDSO: fix vDSO name for powerpc
| * 5c2d773d8151 selftests: breakpoints: use remaining time to check if suspend succeed
| * 7ac43c97c9b2 spi: s3c64xx: fix timeout counters in flush_fifo
| * 0a88cd8aab3b spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
| * 2d7e7cf9d553 blk-integrity: register sysfs attributes on struct device
| * ee48f16aac78 blk-integrity: convert to struct device_attribute
| * 4a30ad89a6a8 blk-integrity: use sysfs_emit
| * e3aa99b13a99 iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release
| * 9fedf51ab8cf ext4: fix i_data_sem unlock order in ext4_ind_migrate()
| * 2eba3b0cc5b8 ext4: avoid use-after-free in ext4_ext_show_leaf()
| * fc19e8a7c4e1 ext4: ext4_search_dir should return a proper error
| * cf1bf89d2952 powerpc/pseries: Use correct data types from pseries_hp_errorlog struct
| * 97dce490401f of/irq: Refer to actual buffer size in of_irq_parse_one()
| * fd5f4ac1a986 drm/amd/pm: ensure the fw_info is not null before using it
| * 1e7ba299de3e drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
| * 8cc0a1b7683a scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
| * 03bba4aefe9e drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
| * 7bcba0a48c55 scsi: lpfc: Update PRLO handling in direct attached topology
| * 1d08cb350f9c scsi: aacraid: Rearrange order of struct aac_srb_unit
| * bd0449700389 perf,x86: avoid missing caller address in stack traces captured in uprobe
| * c0c58a52d782 drm/printer: Allow NULL data in devcoredump printer
| * a23d6029e730 drm/amd/display: Initialize get_bytes_per_element's default to 1
| * 0f1e222a4b41 drm/amd/display: Fix index out of bounds in DCN30 color transformation
| * 2495c8e272d8 drm/amd/display: Fix index out of bounds in degamma hardware format translation
| * f3ccd855b439 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
| * e8da54b7f8a1 drm/amd/display: Check stream before comparing them
| * d5a50e048f7c drm/stm: ltdc: reset plane transparency after plane disable
| * 39f4286104ce platform/x86: touchscreen_dmi: add nanote-next quirk
| * 6d771ae094a7 HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
| * 3462d8e2bc35 drm/amdkfd: Fix resource leak in criu restore queue
| * 85088df7a5c5 drm/amdgpu: enable gfxoff quirk on HP 705G4
| * 74f904c03012 drm/amdgpu: add raven1 gfxoff quirk
| * 6041536d18c5 jfs: Fix uninit-value access of new_ea in ea_buffer
| * 8f7c724a5beb scsi: smartpqi: correct stream detection
| * 058aa89b3318 jfs: check if leafidx greater than num leaves per dmap tree
| * 0c238da83f56 jfs: Fix uaf in dbFreeBits
| * 4c36edf51f8a jfs: UBSAN: shift-out-of-bounds in dbFindBits
| * bd0e24e5e608 drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
| * a2773e0a4b79 drm/amd/display: Check null pointers before using dc->clk_mgr
| * c4b699b93496 drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
| * e479157f9f14 ata: sata_sil: Rename sil_blacklist to sil_quirks
| * b4f201e05ba6 ata: pata_serverworks: Do not use the term blacklist
| * 40193ff73630 drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
| * 0ed438e52cfe drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
| * d02611ff0014 drm/stm: Avoid use-after-free issues with crtc and plane
| * e03f00aa4a6c iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count
| * cfc1def24b0a iommu/vt-d: Always reserve a domain ID for identity setup
| * e0cf57612a3a power: reset: brcmstb: Do not go into infinite loop if reset fails
| * 85b778bc2554 iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
| * bc4da4cf2b8b rcuscale: Provide clear error when async specified without primitives
| * 3c0d416eb4be fbdev: pxafb: Fix possible use after free in pxafb_task()
| * 1553085fe990 x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
| * 0a13f60c95a4 selftests/nolibc: avoid passing NULL to printf("%s")
| * 9bf125a138f6 ALSA: hdsp: Break infinite MIDI input flush loop
| * e658227d9d4f ALSA: asihpi: Fix potential OOB array access
| * 10f502d2d787 x86/kexec: Add EFI config table identity mapping for kexec kernel
| * 198314189f46 tools/x86/kcpuid: Protect against faulty "max subleaf" values
| * dfec74d68564 ASoC: codecs: wsa883x: Handle reading version failure
| * 759d02ea182a ALSA: usb-audio: Add logitech Audio profile quirk
| * 779c0e63f2a0 ALSA: usb-audio: Replace complex quirk lines with macros
| * b3dcf220c913 ALSA: usb-audio: Define macros for quirk table entries
| * ec862cd843fa x86/ioapic: Handle allocation failures gracefully
| * 95b901dc34cf ALSA: usb-audio: Add input value sanity checks for standard types
| * 99fcb5518074 nfp: Use IRQF_NO_AUTOEN flag in request_irq()
| * 17199b69a847 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
| * 0f78947e4d39 wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
| * ca5ef2759daa proc: add config & param to block forcing mem writes
| * 7f570d6729a2 ACPICA: iasl: handle empty connection_node
| * b0b2dc1eaa7e wifi: mac80211: fix RCU list iterations
| * 465d3bad19c4 tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
| * a3dde0782166 crypto: simd - Do not call crypto_alloc_tfm during registration
| * 2738388d9586 net: atlantic: Avoid warning about potential string truncation
| * 8cbda4172740 ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
| * af79fa5f9844 wifi: rtw89: correct base HT rate mask for firmware
| * 75aa1df311be ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
| * 12bc48a1115a bnxt_en: Extend maximum length of version string by 1 byte
| * 25c764f87fe7 net: mvpp2: Increase size of queue_name buffer
| * 80c0be7bcf94 tipc: guard against string buffer overrun
| * f282db38953a ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
| * de6a9bb884e5 ACPI: EC: Do not release locks during operation region accesses
| * bc51ebfd9bc7 wifi: rtw88: select WANT_DEV_COREDUMP
| * 73e235728e51 wifi: ath11k: fix array out-of-bound access in SoC stats
| * 0087dc9e7016 nvme-pci: qdepth 1 quirk
| * 59121bb38fdc blk_iocost: fix more out of bound shifts
| * 0fe5621176a0 ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
| * cf4e0b68ae85 Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
| * cad3093a9fd6 net: sched: consistently use rcu_replace_pointer() in taprio_change()
| * 89fbb0d2bc31 wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
| * 5bc1ee87f4ca ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
| * 55076cdb8698 ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
| * 68a599da16eb ACPI: PAD: fix crash in exit_round_robin()
| * c80a203364b7 net: hisilicon: hns_mdio: fix OF node leak in probe()
| * 2bb3368d3c59 net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
| * 933e7f90e0f3 net: hisilicon: hip04: fix OF node leak in probe()
| * efcff6ce7467 net/xen-netback: prevent UAF in xenvif_flush_hash()
| * 95f32191e50b wifi: cfg80211: Set correct chandef when starting CAC
* | 0eefe2e6a14f Merge c6cbefd65ade ("wifi: iwlwifi: mvm: Fix a race in scan abort flow") into android14-6.1-lts
|\|
| * c6cbefd65ade wifi: iwlwifi: mvm: Fix a race in scan abort flow
| * 7fc56eee602b ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node()
| * 6a8752206704 wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
| * 83793aa9b18f wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
| * 32f348ecc149 f2fs: Require FMODE_WRITE for atomic write ioctls
| * f3a0893ceae8 ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
| * 5dcde464dad0 ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
| * 1bd4ef8e1c65 ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
| * f1420f2358ec ALSA: hda/realtek: Fix the push button function for the ALC257
| * 4d6f08974835 ALSA: mixer_oss: Remove some incorrect kfree_const() usages
| * 589be647489b ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized
| * bdd82c47b22a media: usbtv: Remove useless locks in usbtv_video_free()
| * 781f3a97a38a Bluetooth: hci_sock: Fix not validating setsockopt user input
| * dd8118ed4305 loop: don't set QUEUE_FLAG_NOMERGES
| * 4f3ea50d84a3 i2c: xiic: Try re-initialization on bus busy timeout
| * 0d8ca4c1ee18 i2c: xiic: improve error message when transfer fails to start
| * 9230a59eda08 sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
| * fcb8a66d83c4 iomap: constrain the file range passed to iomap_file_unshare
| * 1bec6782a25c fsdax,xfs: port unshare to fsdax
| * 635deca1800a ppp: do not assume bh is held in ppp_channel_bridge_input()
| * 0cabf388ef62 ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
| * c029de15fab1 net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
| * 27a8fabc54d2 net: add more sanity checks to qdisc_pkt_len_init()
| * d6114993e0a8 net: avoid potential underflow in qdisc_pkt_len_init() with UFO
| * 2bf4c101d7c9 net: ethernet: lantiq_etop: fix memory disclosure
| * 19c62981b23a Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
| * b40b027a0c0c netfilter: nf_tables: prevent nf_skb_duplicated corruption
| * a07bd453b189 selftests: netfilter: Fix nft_audit.sh for newer nft binaries
| * dd50c5f3cabe net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
| * 6b289c556809 net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
| * 58c2a66ad334 netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
| * b48ee5bb25c0 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
| * 87a8e15d3ee2 net/mlx5: Added cond_resched() to crdump collection
| * fc357e781769 net/mlx5: Fix error path in multi-packet WQE transmit
| * 523a1f3420e1 net: sparx5: Fix invalid timestamps
| * d3c09281ba48 ieee802154: Fix build error
| * ea98284fc4fb ceph: remove the incorrect Fw reference check when dirtying pages
| * 90320cfc07b7 mailbox: bcm2835: Fix timeout during suspend mode
| * d8696bc7afb2 mailbox: rockchip: fix a typo in module autoloading
* | bf1467582216 Merge 71446b65c0f7 ("scsi: pm8001: Do not overwrite PCI queue mapping") into android14-6.1-lts
|\|
| * 71446b65c0f7 scsi: pm8001: Do not overwrite PCI queue mapping
| * 842d9156be56 jump_label: Fix static_key_slow_dec() yet again
| * 0f05d6c3376b jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
| * ea2cdf4da093 static_call: Replace pointless WARN_ON() in static_call_module_notify()
| * b566c7d8a2de static_call: Handle module init failure correctly in static_call_del_module()
* | fbffc4367fca Revert "icmp: Add counters for rate limits"
* | da033087166f Revert "icmp: change the order of rate limits"
* | d181caa76bd0 Merge dffe86df26ae ("wifi: mt76: do not run mt76_unregister_device() on unregistered hw") into android14-6.1-lts
|\|
| * dffe86df26ae wifi: mt76: do not run mt76_unregister_device() on unregistered hw
| * 25703a3c980e x86/tdx: Fix "in-kernel MMIO" check
| * 04ca17fbc809 PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
| * 6d5124a2b14a powerpc: Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
| * 97ab36524367 iio: magnetometer: ak8975: Fix 'Unexpected device' error
| * 85045e51c730 perf/arm-cmn: Fail DTC counter allocation correctly
| * 0cf462ae2a02 usb: yurex: Fix inconsistent locking bug in yurex_read()
| * 5d96aca28626 i2c: isch: Add missed 'else'
| * f0649991642a i2c: aspeed: Update the stop sw state when the bus recovery occurs
| * 417a4714540c mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock
| * f7f78d7b0a5f module: Fix KCOV-ignored file name
| * 1c19a8ae09f9 mm: only enforce minimum stack gap size if it's sensible
| * a28711c53e3b lockdep: fix deadlock issue between lockdep and rcu
| * f6633a3e1e9b bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
| * 997ba8889611 icmp: change the order of rate limits
| * 3ff50bc627aa icmp: Add counters for rate limits
| * fa47f96ee750 mm/filemap: optimize filemap folio adding
| * 3714f62ecb2b lib/xarray: introduce a new helper xas_get_order
| * 0e7877d1bb51 mm/filemap: return early if failed to allocate memory for split
| * e01c8c1d395c x86/entry: Remove unwanted instrumentation in common_interrupt()
| * 970d6010f85c x86/idtentry: Incorporate definitions/declarations of the FRED entries
| * 8f925510ce3d pps: add an error check in parport_attach
| * 73c007575b6b pps: remove usage of the deprecated ida_simple_xx() API
* | 25281a36af92 Revert "Merge 71147efd6862 ("usb: xhci: fix loss of data on Cadence xHC") into android14-6.1-lts"
* | d2e4c7790d8a Merge 71147efd6862 ("usb: xhci: fix loss of data on Cadence xHC") into android14-6.1-lts
|\|
| * 71147efd6862 usb: xhci: fix loss of data on Cadence xHC
| * 72b2ef7bb392 xhci: Add a quirk for writing ERST in high-low order
| * 66cffb20a0d3 xhci: Preserve RsvdP bits in ERSTBA register correctly
| * 7cc626f64d16 xhci: Refactor interrupter code for initial multi interrupter support.
| * b994e205c073 xhci: remove xhci_test_trb_in_td_math early development check
| * 82f1eb02deb6 xhci: fix event ring segment table related masks and variables in header
* | 27d626695a76 Merge 732413d5ae09 ("USB: misc: yurex: fix race between read and write") into android14-6.1-lts
|\|
| * 732413d5ae09 USB: misc: yurex: fix race between read and write
| * f8a29300150e usb: yurex: Replace snprintf() with the safer scnprintf() variant
| * ed8fe130e558 powerpc/atomic: Use YZ constraints for DS-form instructions
| * 9eb76d5168c1 powerpc/64: Add support to build with prefixed instructions
| * 8b9f7d8d71bf powerpc/64: Option to build big-endian with ELFv2 ABI
* | b7ad70d2c500 Merge b986ec200f9f ("soc: versatile: realview: fix soc_dev leak during device remove") into android14-6.1-lts
|\|
| * b986ec200f9f soc: versatile: realview: fix soc_dev leak during device remove
| * 0d8cce74eafd soc: versatile: realview: fix memory leak during device remove
| * ab205e1c3846 padata: use integer wrap around to prevent deadlock on seq_nr overflow
| * 41fbdd452460 EDAC/igen6: Fix conversion of system address to physical memory address
| * b2d1ef31ecd6 nfs: fix memory leak in error path of nfs4_do_reclaim
| * 1524f792e076 fs: Fix file_set_fowner LSM hook inconsistencies
| * 540fb13120c9 vfs: fix race between evice_inodes() and find_inode()&iput()
| * e972e1aa2a88 arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity
| * 245f11d10d45 arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
| * 85868884298a hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
| * 489f52759d54 hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
| * 8e7bc5030f27 hwrng: mtk - Use devm_pm_runtime_enable
| * 26b07bd2e1f1 f2fs: fix to check atomic_file in f2fs ioctl interfaces
| * d59222286cc4 f2fs: avoid potential int overflow in sanity_check_area_boundary()
| * b11d62de8fec f2fs: prevent possible int overflow in dir_block_index()
| * e0ae93934ce8 f2fs: fix several potential integer overflows in file offsets
| * 6a53f877c4f1 debugobjects: Fix conditions in fill_pool()
| * efbc1e1164d1 wifi: mt76: mt7615: check devm_kasprintf() returned value
| * bd1412948f6f wifi: rtw88: 8822c: Fix reported RX band width
| * 89debcc2aac7 perf/x86/intel/pt: Fix sampling synchronization
| * 5b22c038fb27 efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
| * 5410d1529047 ACPI: resource: Add another DMI match for the TongFang GMxXGxx
| * 5c8d007c14ae ACPI: sysfs: validate return type of _STR method
| * ca6ed002a9dd drbd: Add NULL check for net_conf to prevent dereference in state validation
| * 019d9a9caa04 drbd: Fix atomicity violation in drbd_uuid_set_bm()
| * 612dcc892cfe crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
| * 57d47886d474 xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
* | fe72cb35ddfa Merge branch 'android14-6.1' into android14-6.1-lts
* | 8221be475402 ANDROID: add __pskb_copy_fclone to db845c symbol list
* | 6c5b621ff455 Merge bdefb8ce7cb6 ("tty: rp2: Fix reset with non forgiving PCIe host bridges") into android14-6.1-lts
|\|
| * bdefb8ce7cb6 tty: rp2: Fix reset with non forgiving PCIe host bridges
| * 3d2411f4edcb firmware_loader: Block path traversal
| * 5400fb4b3a1b bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
| * bd3f77037b6c bus: integrator-lm: fix OF node leak in probe()
| * 79388644fcb9 usb: dwc2: drd: fix clock gating on USB role switch
| * bf2425de2a7c usb: cdnsp: Fix incorrect usb_request status
| * 06326a8da694 USB: class: CDC-ACM: fix race between get_serial and set_serial
| * 5f00218ce509 USB: misc: cypress_cy7c63: check for short transfer
| * ec9b165aac78 USB: appledisplay: close race between probe and completion handler
| * edca00ad79aa arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
| * 869caa8de8cb usbnet: fix cyclical race on disconnect with work queue
| * 0d945405aeed scsi: mac_scsi: Disallow bus errors during PDMA send
| * 26a4cb9898b3 scsi: mac_scsi: Refactor polling loop
| * 4fe1c955b2af scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
| * 60312ae7392f scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
| * d1b2d2a9c912 ksmbd: handle caseless file creation
| * 5fb2b18be973 ksmbd: allow write with FILE_APPEND_DATA
| * da7f1b85e165 ksmbd: make __dir_empty() compatible with POSIX
| * 12aea49495d9 fs: Create a generic is_dot_dotdot() utility
| * 3322fa8f2aa4 KEYS: prevent NULL pointer dereference in find_asymmetric_key()
| * 571a9f0529ca drm/amd/display: Validate backlight caps are sane
| * cec9d5035cc1 drm/amd…
There are multiple pKVM memory transitions where the state of a page is not cross-checked from the completer's PoV for performance reasons. For example, if a page is PKVM_PAGE_OWNED from the initiator's PoV, we should be guaranteed by construction that it is PKVM_NOPAGE for everybody else, hence allowing us to save a page-table lookup. When it was introduced, hyp_ack_unshare() followed that logic and bailed out without checking the PKVM_PAGE_SHARED_BORROWED state in the hypervisor's stage-1. This was correct as we could safely assume that all host-initiated shares were directed at the hypervisor at the time. But with the introduction of other types of shares (e.g. for FF-A or non-protected guests), it is now very much required to cross check this state to prevent the host from running __pkvm_host_unshare_hyp() on a page shared with TZ or a non-protected guest. Thankfully, if an attacker were to try this, the hyp_unmap() call from hyp_complete_unshare() would fail, hence causing to WARN() from __do_unshare() with the host lock held, which is fatal. But this is fragile at best, and can hardly be considered a security measure. Let's just do the right thing and always check the state from hyp_ack_unshare(). Bug: 381409114 Link: https://lore.kernel.org/kvmarm/20241128154406.602875-1-qperret@google.com/ Change-Id: Id3bbd1fc3c75df506b0919f4d6f7be74b6f013f3 Signed-off-by: Quentin Perret <qperret@google.com>
Similar to how we failed to cross-check the state from the completer's PoV on the hyp_ack_unshare() path, we fail to do so from host_ack_unshare(). This shouldn't cause problems in practice as this can only be called on the guest_unshare_host() path, and guest currently don't have the ability to share their pages with anybody other than the host. But this again is rather fragile, so let's simply do the proper check -- it isn't very costly thanks to the hyp_vmemmap optimisation. Bug: 381409114 Change-Id: I3770b7db55c579758863e41f50ab30f6a8bb4a0c Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 380360698 Signed-off-by: Todd Kjos <tkjos@google.com> Change-Id: I71aeaa612f23804e376a3d9ebe33ac991e62e3b6
[ Upstream commit 177f25d ] Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. Bug: 380395346 Fixes: 27ce405 ("HID: fix data access in implement()") Reported-by: Benoît Sevens <bsevens@google.com> Acked-by: Benjamin Tissoires <bentiss@kernel.org> Signed-off-by: Jiri Kosina <jkosina@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 9d9f5c7) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I31f64f2745347137bbc415eb35b7fab5761867f3
5 function symbol(s) added 'void* devm_memremap_pages(struct device*, struct dev_pagemap*)' 'int rproc_detach(struct rproc*)' 'struct socket* tun_get_socket(struct file*)' 'struct ptr_ring* tun_get_tx_ring(struct file*)' 'void tun_ptr_free(void*)' Bug: 3812845 Bug: 384396059 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> Change-Id: I593a5dd82f5b7fde7bb3ebbd74fead839fcfdf9f (cherry picked from commit cdea241)
1 function symbol(s) added 'int snd_pcm_format_set_silence(snd_pcm_format_t, void*, unsigned int)' Bug: 382303912 Bug: 384396059 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> Change-Id: I7de7c367b52114b9770697cf3eaeb47008a0e52b (cherry picked from commit c276c53)
1 function symbol(s) added 'unsigned int tty_buffer_space_avail(struct tty_port*)' Bug: 383039133 Bug: 384396059 Change-Id: Ic92096ecc482c120b8cda325a7f2ae44f99e8527 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> (cherry picked from commit d8ccecb)
… sources commit a3dd4d6 upstream. The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. Bug: 382239029 Reported-by: Benoît Sevens <bsevens@google.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 74cb86e) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I13e916ffd46fce6fd08f7b9f96cea82bb4bc475d
|
Hi @jsbsamsara! Thanks for your contribution to the Linux kernel! Linux kernel development happens on mailing lists, rather than on GitHub - this GitHub repository is a read-only mirror that isn't used for accepting contributions. So that your change can become part of Linux, please email it to us as a patch. Sending patches isn't quite as simple as sending a pull request, but fortunately it is a well documented process. Here's what to do:
How do I format my contribution?The Linux kernel community is notoriously picky about how contributions are formatted and sent. Fortunately, they have documented their expectations. Firstly, all contributions need to be formatted as patches. A patch is a plain text document showing the change you want to make to the code, and documenting why it is a good idea. You can create patches with Secondly, patches need 'commit messages', which is the human-friendly documentation explaining what the change is and why it's necessary. Thirdly, changes have some technical requirements. There is a Linux kernel coding style, and there are licensing requirements you need to comply with. Both of these are documented in the Submitting Patches documentation that is part of the kernel. Note that you will almost certainly have to modify your existing git commits to satisfy these requirements. Don't worry: there are many guides on the internet for doing this. Where do I send my contribution?The Linux kernel is composed of a number of subsystems. These subsystems are maintained by different people, and have different mailing lists where they discuss proposed changes. If you don't already know what subsystem your change belongs to, the
Make sure that your list of recipients includes a mailing list. If you can't find a more specific mailing list, then LKML - the Linux Kernel Mailing List - is the place to send your patches. It's not usually necessary to subscribe to the mailing list before you send the patches, but if you're interested in kernel development, subscribing to a subsystem mailing list is a good idea. (At this point, you probably don't need to subscribe to LKML - it is a very high traffic list with about a thousand messages per day, which is often not useful for beginners.) How do I send my contribution?Use For more information about using How do I get help if I'm stuck?Firstly, don't get discouraged! There are an enormous number of resources on the internet, and many kernel developers who would like to see you succeed. Many issues - especially about how to use certain tools - can be resolved by using your favourite internet search engine. If you can't find an answer, there are a few places you can turn:
If you get really, really stuck, you could try the owners of this bot, @daxtens and @ajdlinux. Please be aware that we do have full-time jobs, so we are almost certainly the slowest way to get answers! I sent my patch - now what?You wait. You can check that your email has been received by checking the mailing list archives for the mailing list you sent your patch to. Messages may not be received instantly, so be patient. Kernel developers are generally very busy people, so it may take a few weeks before your patch is looked at. Then, you keep waiting. Three things may happen:
Further information
Happy hacking! This message was posted by a bot - if you have any questions or suggestions, please talk to my owners, @ajdlinux and @daxtens, or raise an issue at https://github.com/ajdlinux/KernelPRBot. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.