kernel_xiaomi_sm8250

Author	SHA1	Message	Date
Michael Bestas	c22009ad76	Merge tag 'ASB-2025-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2025-01-01 * tag 'ASB-2025-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: (132 commits) Revert "UPSTREAM: unicode: Don't special case ignorable code points" Reapply "UPSTREAM: unicode: Don't special case ignorable code points" Revert "UPSTREAM: unicode: Don't special case ignorable code points" Linux 4.19.325 sh: intc: Fix use-after-free bug in register_intc_controller() modpost: remove incorrect code in do_eisa_entry() 9p/xen: fix release of IRQ 9p/xen: fix init sequence block: return unsigned int from bdev_io_min jffs2: fix use of uninitialized variable ubi: fastmap: Fix duplicate slab cache names while attaching ubifs: Correct the total block count by deducting journal reservation rtc: check if __rtc_read_time was successful in rtc_timer_do_work() NFSv4.0: Fix a use-after-free problem in the asynchronous open() um: Fix the return value of elf_core_copy_task_fpregs rpmsg: glink: Propagate TX failures in intentless mode as well NFSD: Prevent a potential integer overflow lib: string_helpers: silence snprintf() output truncation warning usb: dwc3: gadget: Fix checking for number of TRBs left media: wl128x: Fix atomicity violation in fmc_send_cmd() ... Conflicts: arch/arm64/boot/dts/vendor/bindings/clock/adi,axi-clkgen.yaml arch/arm64/boot/dts/vendor/bindings/clock/axi-clkgen.txt drivers/rpmsg/qcom_glink_native.c Change-Id: Iea6ddf20dfaa4419f6e0b2efcee1890bfa8e2554	2025-01-10 13:09:21 +02:00
Michael Bestas	4ea8fcca99	Merge tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-12-01 * tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common: (401 commits) Linux 4.19.324 9p: fix slab cache name creation for real net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition fs: Fix uninitialized value issue in from_kuid and from_kgid powerpc/powernv: Free name on error in opal_event_init() sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML bpf: use kvzmalloc to allocate BPF verifier environment HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad 9p: Avoid creating multiple slab caches with the same name ALSA: usb-audio: Add endianness annotations vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add custom mixer status quirks for RME CC devices ALSA: pcm: Return 0 when size < start_threshold in capture ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() irqchip/gic-v3: Force propagation of the active state with a read-back USB: serial: option: add Quectel RG650V USB: serial: option: add Fibocom FG132 0x0112 composition ... Conflicts: drivers/usb/dwc3/core.c drivers/usb/dwc3/core.h net/qrtr/qrtr.c Change-Id: I328847813eb875d25c4aa35dcc7ba58ad09b53ae	2024-12-16 01:21:42 +02:00
Greg Kroah-Hartman	874391c94e	Merge 4.19.325 into android-4.19-stable Changes in 4.19.325 netlink: terminate outstanding dump on socket close ocfs2: uncache inode which has failed entering the group nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint ocfs2: fix UBSAN warning in ocfs2_verify_volume() nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set kbuild: Use uname for LINUX_COMPILE_HOST detection mm: revert "mm: shmem: fix data-race in shmem_getattr()" ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet mac80211: fix user-power when emulating chanctx selftests/watchdog-test: Fix system accidentally reset after watchdog-test x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB net: usb: qmi_wwan: add Quectel RG650V proc/softirqs: replace seq_printf with seq_put_decimal_ull_width nvme: fix metadata handling in nvme-passthrough initramfs: avoid filename buffer overrun m68k: mvme147: Fix SCSI controller IRQ numbers m68k: mvme16x: Add and use "mvme16x.h" m68k: mvme147: Reinstate early console acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() s390/syscalls: Avoid creation of arch/arch/ directory hfsplus: don't query the device logical block size multiple times EDAC/fsl_ddr: Fix bad bit shift operations crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY crypto: cavium - Fix the if condition to exit loop after timeout crypto: bcm - add error check in the ahash_hmac_init function crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() time: Fix references to _msecs_to_jiffies() handling of values soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() mmc: mmc_spi: drop buggy snprintf() ARM: dts: cubieboard4: Fix DCDC5 regulator constraints regmap: irq: Set lockdep class for hierarchical IRQ domains firmware: arm_scpi: Check the DVFS OPP count returned by the firmware drm/mm: Mark drm_mm_interval_tree() functions with __maybe_unused wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() drm/omap: Fix locking in omap_gem_new_dmabuf() bpf: Fix the xdp_adjust_tail sample prog issue wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu drm/etnaviv: dump: fix sparse warnings drm/etnaviv: fix power register offset on GC300 drm/etnaviv: hold GPU lock across perfmon sampling net: rfkill: gpio: Add check for clk_enable() ALSA: us122l: Use snd_card_free_when_closed() at disconnection ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: 6fire: Release resources at card release netpoll: Use rcu_access_pointer() in netpoll_poll_lock trace/trace_event_perf: remove duplicate samples on the first tracepoint event powerpc/vdso: Flag VDSO64 entry points as functions mfd: da9052-spi: Change read-mask to write-mask cpufreq: loongson2: Unregister platform_driver on failure mtd: rawnand: atmel: Fix possible memory leak RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey mfd: rt5033: Fix missing regmap_del_irq_chip() scsi: bfa: Fix use-after-free in bfad_im_module_exit() scsi: fusion: Remove unused variable 'rc' scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() ocfs2: fix uninitialized value in ocfs2_file_read_iter() powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static fbdev/sh7760fb: Alloc DMA memory from hardware device fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format dt-bindings: clock: axi-clkgen: include AXI clk clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand clk: clk-axi-clkgen: make sure to enable the AXI bus clock perf probe: Correct demangled symbols in C++ program PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads PCI: cpqphp: Fix PCIBIOS_ return value confusion m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x m68k: coldfire/device.c: only build FEC when HW macros are defined rpmsg: glink: Add TX_DATA_CONT command while sending rpmsg: glink: Send READ_NOTIFY command in FIFO full case rpmsg: glink: Fix GLINK command prefix rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() vfio/pci: Properly hide first-in-list PCIe extended capability power: supply: core: Remove might_sleep() from power_supply_put() net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration marvell: pxa168_eth: fix call balance of pep->clk handling routines net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() USB: chaoskey: fail open after removal USB: chaoskey: Fix possible deadlock chaoskey_list_lock misc: apds990x: Fix missing pm_runtime_disable() apparmor: fix 'Do simple duplicate message elimination' usb: ehci-spear: fix call balance of sehci clk handling routines ext4: supress data-race warnings in ext4_free_inodes_{count,set}() ext4: fix FS_IOC_GETFSMAP handling jfs: xattr: check invalid xattr size more strictly ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() PCI: Fix use-after-free of slot->bus on hot remove tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Revert "usb: gadget: composite: fix OS descriptors w_value logic" serial: sh-sci: Clean sci_ports[0] after at earlycon exit Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" netfilter: ipset: add missing range check in bitmap_ip_uadt spi: Fix acpi deferred irq probe ubi: wl: Put source PEB into correct list if trying locking LEB failed um: ubd: Do not use drvdata in release um: net: Do not use drvdata in release serial: 8250: omap: Move pm_runtime_get_sync um: vector: Do not use drvdata in release sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled block: fix ordering between checking BLK_MQ_S_STOPPED request adding HID: wacom: Interpret tilt data from Intuos Pro BT as signed values media: wl128x: Fix atomicity violation in fmc_send_cmd() usb: dwc3: gadget: Fix checking for number of TRBs left lib: string_helpers: silence snprintf() output truncation warning NFSD: Prevent a potential integer overflow rpmsg: glink: Propagate TX failures in intentless mode as well um: Fix the return value of elf_core_copy_task_fpregs NFSv4.0: Fix a use-after-free problem in the asynchronous open() rtc: check if __rtc_read_time was successful in rtc_timer_do_work() ubifs: Correct the total block count by deducting journal reservation ubi: fastmap: Fix duplicate slab cache names while attaching jffs2: fix use of uninitialized variable block: return unsigned int from bdev_io_min 9p/xen: fix init sequence 9p/xen: fix release of IRQ modpost: remove incorrect code in do_eisa_entry() sh: intc: Fix use-after-free bug in register_intc_controller() Linux 4.19.325 Change-Id: I50250c8bd11f9ff4b40da75225c1cfb060e0c258 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-12-05 11:21:28 +00:00
Muchun Song	3e62d49f59	block: fix ordering between checking BLK_MQ_S_STOPPED request adding commit 96a9fe64bfd486ebeeacf1e6011801ffe89dae18 upstream. Supposing first scenario with a virtio_blk driver. CPU0 CPU1 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_request_bypass_insert() 1) store blk_mq_start_stopped_hw_queue() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load return __blk_mq_sched_dispatch_requests() Supposing another scenario. CPU0 CPU1 blk_mq_requeue_work() blk_mq_insert_request() 1) store virtblk_done() blk_mq_start_stopped_hw_queue() blk_mq_run_hw_queues() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load continue blk_mq_run_hw_queue() Both scenarios are similar, the full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list. Otherwise, either CPU will not rerun the hardware queue causing starvation of the request. The easy way to fix it is to add the essential full memory barrier into helper of blk_mq_hctx_stopped(). In order to not affect the fast path (hardware queue is not stopped most of the time), we only insert the barrier into the slow path. Actually, only slow path needs to care about missing of dispatching the request to the low-level device driver. Fixes: `320ae51fee` ("blk-mq: new multi-queue block IO queueing mechanism") Cc: stable@vger.kernel.org Cc: Muchun Song <muchun.song@linux.dev> Signed-off-by: Muchun Song <songmuchun@bytedance.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20241014092934.53630-4-songmuchun@bytedance.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-12-05 10:59:40 +01:00
Greg Kroah-Hartman	2d76dea417	Merge 4.19.323 into android-4.19-stable Changes in 4.19.323 staging: iio: frequency: ad9833: Get frequency value statically staging: iio: frequency: ad9833: Load clock using clock framework staging: iio: frequency: ad9834: Validate frequency parameter value usbnet: ipheth: fix carrier detection in modes 1 and 4 net: ethernet: use ip_hdrlen() instead of bit shift net: phy: vitesse: repair vsc73xx autonegotiation scripts: kconfig: merge_config: config files: add a trailing newline arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma net/mlx5: Update the list of the PCI supported devices net: ftgmac100: Enable TX interrupt to avoid TX timeout net: dpaa: Pad packets to ETH_ZLEN soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" selftests/vm: remove call to ksft_set_plan() selftests/kcmp: remove call to ksft_set_plan() ASoC: allow module autoloading for table db1200_pids pinctrl: at91: make it work with current gpiolib microblaze: don't treat zero reserved memory regions as error net: ftgmac100: Ensure tx descriptor updates are visible wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() gpio: prevent potential speculation leaks in gpio_device_get_desc() USB: serial: pl2303: add device id for Macrosilicon MS3020 ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() wifi: ath9k: fix parameter check in ath9k_init_debug() wifi: ath9k: Remove error checks when creating debugfs entries netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Bluetooth: btusb: Fix not handling ZPL/short-transfer block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() spi: ppc4xx: handle irq_of_parse_and_map() errors spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() hwmon: (max16065) Fix overflows seen when writing limits mtd: slram: insert break after errors in parsing the map hwmon: (ntc_thermistor) fix module autoloading power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() drm/amd: fix typo drm/amdgpu: Replace one-element array with flexible-array member drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: Replace one-element array with flexible-array member drm/radeon: properly handle vbios fake edid sizing drm/rockchip: vop: Allow 4096px width scaling drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets jfs: fix out-of-bounds in dbNextAG() and diAlloc() drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage ipmi: docs: don't advertise deprecated sysfs entries drm/msm: fix %s null argument error xen: use correct end address of kernel for conflict checking xen/swiotlb: simplify range_straddles_page_boundary() xen/swiotlb: add alignment check for dma buffers selftests/bpf: Fix error compiling test_lru_map.c xz: cleanup CRC32 edits from 2018 kthread: add kthread_work tracepoints kthread: fix task state in kthread worker if being frozen jbd2: introduce/export functions jbd2_journal_submit\|finish_inode_data_buffers() ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso ext4: avoid negative min_clusters in find_group_orlov() ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time perf time-utils: Fix 32-bit nsec parsing clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error PCI: xilinx-nwl: Fix register misspelling RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency pinctrl: single: fix missing error code in pcs_probe() clk: ti: dra7-atl: Fix leak of of_nodes pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function RDMA/cxgb4: Added NULL check for lookup_atid ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() nfsd: call cache_put if xdr_reserve_space returns NULL f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() f2fs: fix typo f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: reduce expensive checkpoint trigger frequency coresight: tmc: sg: Do not leak sg_table netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition tcp: introduce tcp_skb_timestamp_us() helper tcp: check skb is non-NULL in tcp_rto_delta_us() net: qrtr: Update packets cloning when broadcasting netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS crypto: aead,cipher - zeroize key buffer after use Remove .orig pattern from .gitignore soc: versatile: integrator: fix OF node leak in probe() error path USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer firmware_loader: Block path traversal tty: rp2: Fix reset with non forgiving PCIe host bridges drbd: Fix atomicity violation in drbd_uuid_set_bm() drbd: Add NULL check for net_conf to prevent dereference in state validation ACPI: sysfs: validate return type of _STR method f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() vfs: fix race between evice_inodes() and find_inode()&iput() fs: Fix file_set_fowner LSM hook inconsistencies nfs: fix memory leak in error path of nfs4_do_reclaim PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove usb: yurex: Replace snprintf() with the safer scnprintf() variant USB: misc: yurex: fix race between read and write pps: remove usage of the deprecated ida_simple_xx() API pps: add an error check in parport_attach i2c: aspeed: Update the stop sw state when the bus recovery occurs i2c: isch: Add missed 'else' usb: yurex: Fix inconsistent locking bug in yurex_read() mailbox: rockchip: fix a typo in module autoloading mailbox: bcm2835: Fix timeout during suspend mode ceph: remove the incorrect Fw reference check when dirtying pages netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED netfilter: nf_tables: prevent nf_skb_duplicated corruption r8152: Factor out OOB link list waits net: ethernet: lantiq_etop: fix memory disclosure net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() ipv4: ip_gre: Fix drops of small packets in ipgre_xmit sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin f2fs: Require FMODE_WRITE for atomic write ioctls wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: EC: Do not release locks during operation region accesses ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process ACPICA: iasl: handle empty connection_node wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() signal: Replace BUG_ON()s ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop fbdev: pxafb: Fix possible use after free in pxafb_task() power: reset: brcmstb: Do not go into infinite loop if reset fails ata: sata_sil: Rename sil_blacklist to sil_quirks jfs: UBSAN: shift-out-of-bounds in dbFindBits jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uninit-value access of new_ea in ea_buffer drm/amd/display: Check stream before comparing them drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/printer: Allow NULL data in devcoredump printer scsi: aacraid: Rearrange order of struct aac_srb_unit drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() ext4: ext4_search_dir should return a proper error ext4: fix i_data_sem unlock order in ext4_ind_migrate() spi: s3c64xx: fix timeout counters in flush_fifo selftests: breakpoints: use remaining time to check if suspend succeed selftests: vDSO: fix vDSO symbols lookup for powerpc64 i2c: xiic: Wait for TX empty to avoid missed TX NAKs spi: bcm63xx: Fix module autoloading perf/core: Fix small negative period being ignored parisc: Fix itlb miss handler for 64-bit programs ALSA: core: add isascii() check to card ID generator ext4: no need to continue when the number of entries is 1 ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() parisc: Fix 64-bit userspace syscall path of/irq: Support #msi-cells=<0> in of_msi_get_domain jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error ocfs2: fix the la space leak when unmounting an ocfs2 volume ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: reserve space for inline xattr before attaching reflink tree ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix null-ptr-deref when journal load failed. ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate riscv: define ILLEGAL_POINTER_VALUE for 64bit aoe: fix the potential use-after-free problem in more places clk: rockchip: fix error for unknown clocks media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags media: venus: fix use after free bug in venus_remove due to race condition iio: magnetometer: ak8975: Fix reading for ak099xx sensors tomoyo: fallback to realpath if symlink's pathname does not exist Input: adp5589-keys - fix adp5589_gpio_get_value() btrfs: wait for fixup workers before stopping cleaner kthread during umount gpio: davinci: fix lazy disable ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: update orig_path in ext4_find_extent() arm64: Add Cortex-715 CPU part definition arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more uprobes: fix kernel info leak via "[uprobes]" vma nfsd: use ktime_get_seconds() for timestamps nfsd: fix delegation_blocked() to block correctly for at least 30 seconds rtc: at91sam9: drop platform_data support rtc: at91sam9: fix OF node leak in probe() error path ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook ext4: fix inode tree inconsistency caused by ENOMEM net: ethernet: cortina: Drop TSO support tracing: Remove precision vsnprintf() check from print event drm: Move drm_mode_setcrtc() local re-init to failure path drm/crtc: fix uninitialized variable use even harder virtio_console: fix misc probe bugs Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal bpf: Check percpu map value size first s390/facility: Disable compile time optimization for decompressor code s390/mm: Add cond_resched() to cmm_alloc/free_pages() ext4: nested locking for xattr inode s390/cpum_sf: Remove WARN_ON_ONCE statements ktest.pl: Avoid false positives with grub2 skip regex clk: bcm: bcm53573: fix OF node leak in init i2c: i801: Use a different adapter-name for IDF adapters PCI: Mark Creative Labs EMU20k2 INTx masking as broken media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() usb: chipidea: udc: enable suspend interrupt after usb reset tools/iio: Add memory allocation failure check for trigger_name driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute fbdev: sisfb: Fix strbuf array overflow NFS: Remove print_overflow_msg() SUNRPC: Fix integer overflow in decode_rc_list() tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe netfilter: br_netfilter: fix panic with metadata_dst skb Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change gpio: aspeed: Add the flush write to ensure the write complete. clk: Add (devm_)clk_get_optional() functions clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks gpio: aspeed: Use devm_clk api to manage clock source igb: Do not bring the device up after non-fatal error net: ibm: emac: mal: fix wrong goto ppp: fix ppp_async_encode() illegal access net: ipv6: ensure we call ipv6_mc_down() at most once CDC-NCM: avoid overflow in sanity checking HID: plantronics: Workaround for an unexcepted opposite volume key Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" usb: xhci: Fix problem with xhci resume from suspend usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip net: Fix an unsafe loop on the list posix-clock: Fix missing timespec64 check in pc_clock_settime() arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr_literal() PCI: Add function 0 DMA alias quirk for Glenfly Arise chip fat: fix uninitialized variable KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() net: dsa: mv88e6xxx: Fix out-of-bound access s390/sclp_vt220: Convert newlines to CRLF instead of LFCR KVM: s390: Change virtual to physical address access in diag 0x258 handler x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET drm/vmwgfx: Handle surface check failure correctly iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() iio: light: opt3001: add missing full-scale range value Bluetooth: Remove debugfs directory on module init failure Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 xhci: Fix incorrect stream context type macro USB: serial: option: add support for Quectel EG916Q-GL USB: serial: option: add Telit FN920C04 MBIM compositions parport: Proper fix for array out-of-bounds access x86/apic: Always explicitly disarm TSC-deadline timer nilfs2: propagate directory read errors from nilfs_find_entry() clk: Fix pointer casting to prevent oops in devm_clk_release() clk: Fix slab-out-of-bounds error in devm_clk_release() RDMA/bnxt_re: Fix incorrect AVID type in WQE structure RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/bnxt_re: Return more meaningful error drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation macsec: don't increment counters for an unrelated SA net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() usb: typec: altmode should keep reference to parent Bluetooth: bnep: fix wild-memory-access in proto_unregister arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64: probes: Fix uprobes for big-endian kernels KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Check if guest address is in memslot udf: fix uninit-value use in udf_get_fileshortad jfs: Fix sanity check in dbMount net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() net: usb: usbnet: fix name regression posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() ALSA: hda/realtek: Update default depop procedure drm/amd: Guard against bad data for ATIF ACPI method ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue nilfs2: fix kernel bug due to missing clearing of buffer delay flag hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event selinux: improve error checking in sel_write_load() arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning xfrm: validate new SA's prefixlen using SA family when sel.family is unset usb: dwc3: remove generic PHY calibrate() calls usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc usb: dwc3: core: Stop processing of pending events if controller is halted cgroup: Fix potential overflow issue when checking max_depth wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys gtp: simplify error handling code in 'gtp_encap_enable()' gtp: allow -1 to be specified as file description from userspace net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT bpf: Fix out-of-bounds write in trie_get_next_key() net: support ip generic csum processing in skb_csum_hwoffload_help net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension netfilter: nft_payload: sanitize offset and length before calling skb_checksum() firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() net: amd: mvme147: Fix probe banner message misc: sgi-gru: Don't disable preemption in GRU driver usbip: tools: Fix detach_port() invalid port error path usb: phy: Fix API devm_usb_put_phy() can not release the phy xhci: Fix Link TRB DMA in command ring stopped completion event Revert "driver core: Fix uevent_show() vs driver detach race" wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower wifi: ath10k: Fix memory leak in management tx wifi: iwlegacy: Clear stale interrupts before resuming device nilfs2: fix potential deadlock with newly created symlinks ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow nilfs2: fix kernel bug due to missing clearing of checked flag mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Linux 4.19.323 Change-Id: I2348f834187153067ab46b3b48b8fe7da9cee1f1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-11-09 11:24:17 +00:00
Yu Kuai	9e81303359	block, bfq: don't break merge chain in bfq_split_bfqq() [ Upstream commit 42c306ed723321af4003b2a41bb73728cab54f85 ] Consider the following scenario: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ \| \| \| \-------------\ \-------------\ \--------------\\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 If Process 1 issue a new IO and bfqq2 is found, and then bfq_init_rq() decide to spilt bfqq2 by bfq_split_bfqq(). Howerver, procress reference of bfqq2 is 1 and bfq_split_bfqq() just clear the coop flag, which will break the merge chain. Expected result: caller will allocate a new bfqq for BIC1 Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) \| \| \| \-------------\ \--------------\\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 1 3 Since the condition is only used for the last bfqq4 when the previous bfqq2 and bfqq3 are already splited. Fix the problem by checking if bfqq is the last one in the merge chain as well. Fixes: `36eca89483` ("block, bfq: add Early Queue Merge (EQM)") Signed-off-by: Yu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20240902130329.3787024-4-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-11-08 16:19:04 +01:00
Yu Kuai	c463e673e1	block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() [ Upstream commit 0e456dba86c7f9a19792204a044835f1ca2c8dbb ] Consider the following merge chain: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ \| \| \| \--------------\ \-------------\ \-------------\\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 IO from Process 1 will get bfqf2 from BIC1 first, then bfq_setup_cooperator() will found bfqq2 already merged to bfqq3 and then handle this IO from bfqq3. However, the merge chain can be much deeper and bfqq3 can be merged to other bfqq as well. Fix this problem by iterating to the last bfqq in bfq_setup_cooperator(). Fixes: `36eca89483` ("block, bfq: add Early Queue Merge (EQM)") Signed-off-by: Yu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20240902130329.3787024-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-11-08 16:19:04 +01:00
Yu Kuai	a9bdd5b368	block, bfq: fix possible UAF for bfqq->bic with merge chain [ Upstream commit 18ad4df091dd5d067d2faa8fce1180b79f7041a7 ] 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) \| Λ \| Λ \| Λ \| \| \| \| \| \| V \| V \| V \| bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2) bfqq1 merged to bfqq2: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) \| \| \| Λ \--------------\\| \| \| V V \| bfqq1--------->bfqq2 bfqq3 process ref: 0 2 1 3) bfqq2 merged to bfqq3: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) here -> Λ \| \| \--------------\ \-------------\\| V V bfqq1--------->bfqq2---------->bfqq3 process ref: 0 1 3 In this case, IO from Process 1 will get bfqq2 from BIC1 first, and then get bfqq3 through merge chain, and finially handle IO by bfqq3. Howerver, current code will think bfqq2 is owned by BIC1, like initial state, and set bfqq2->bic to BIC1. bfq_insert_request -> by Process 1 bfqq = bfq_init_rq(rq) bfqq = bfq_get_bfqq_handle_split bfqq = bic_to_bfqq -> get bfqq2 from BIC1 bfqq->ref++ rq->elv.priv[0] = bic rq->elv.priv[1] = bfqq if (bfqq_process_refs(bfqq) == 1) bfqq->bic = bic -> record BIC1 to bfqq2 __bfq_insert_request new_bfqq = bfq_setup_cooperator -> get bfqq3 from bfqq2->new_bfqq bfqq_request_freed(bfqq) new_bfqq->ref++ rq->elv.priv[1] = new_bfqq -> handle IO by bfqq3 Fix the problem by checking bfqq is from merge chain fist. And this might fix a following problem reported by our syzkaller(unreproducible): ================================================================== BUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] BUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] BUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 Write of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595 CPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Workqueue: kblockd blk_mq_requeue_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0x10d/0x610 mm/kasan/report.c:475 kasan_report+0x8e/0xc0 mm/kasan/report.c:588 bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757 bfq_init_rq block/bfq-iosched.c:6876 [inline] bfq_insert_request block/bfq-iosched.c:6254 [inline] bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304 blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593 blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 </TASK> Allocated by task 20776: kasan_save_stack+0x20/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook mm/slab.h:763 [inline] slab_alloc_node mm/slub.c:3458 [inline] kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503 ioc_create_icq block/blk-ioc.c:370 [inline] ioc_find_get_icq+0x180/0xaa0 block/blk-ioc.c:436 bfq_prepare_request+0x39/0xf0 block/bfq-iosched.c:6812 blk_mq_rq_ctx_init.isra.7+0x6ac/0xa00 block/blk-mq.c:403 __blk_mq_alloc_requests+0xcc0/0x1070 block/blk-mq.c:517 blk_mq_get_new_requests block/blk-mq.c:2940 [inline] blk_mq_submit_bio+0x624/0x27c0 block/blk-mq.c:3042 __submit_bio+0x331/0x6f0 block/blk-core.c:624 __submit_bio_noacct_mq block/blk-core.c:703 [inline] submit_bio_noacct_nocheck+0x816/0xb40 block/blk-core.c:732 submit_bio_noacct+0x7a6/0x1b50 block/blk-core.c:826 xlog_write_iclog+0x7d5/0xa00 fs/xfs/xfs_log.c:1958 xlog_state_release_iclog+0x3b8/0x720 fs/xfs/xfs_log.c:619 xlog_cil_push_work+0x19c5/0x2270 fs/xfs/xfs_log_cil.c:1330 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 Freed by task 946: kasan_save_stack+0x20/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] __kasan_slab_free+0x12c/0x1c0 mm/kasan/common.c:244 kasan_slab_free include/linux/kasan.h:164 [inline] slab_free_hook mm/slub.c:1815 [inline] slab_free_freelist_hook mm/slub.c:1841 [inline] slab_free mm/slub.c:3786 [inline] kmem_cache_free+0x118/0x6f0 mm/slub.c:3808 rcu_do_batch+0x35c/0xe30 kernel/rcu/tree.c:2189 rcu_core+0x819/0xd90 kernel/rcu/tree.c:2462 __do_softirq+0x1b0/0x7a2 kernel/softirq.c:553 Last potentially related work creation: kasan_save_stack+0x20/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0xaf/0xc0 mm/kasan/generic.c:492 __call_rcu_common kernel/rcu/tree.c:2712 [inline] call_rcu+0xce/0x1020 kernel/rcu/tree.c:2826 ioc_destroy_icq+0x54c/0x830 block/blk-ioc.c:105 ioc_release_fn+0xf0/0x360 block/blk-ioc.c:124 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 Second to last potentially related work creation: kasan_save_stack+0x20/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0xaf/0xc0 mm/kasan/generic.c:492 __call_rcu_common kernel/rcu/tree.c:2712 [inline] call_rcu+0xce/0x1020 kernel/rcu/tree.c:2826 ioc_destroy_icq+0x54c/0x830 block/blk-ioc.c:105 ioc_release_fn+0xf0/0x360 block/blk-ioc.c:124 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 The buggy address belongs to the object at ffff888123839d68 which belongs to the cache bfq_io_cq of size 1360 The buggy address is located 336 bytes inside of freed 1360-byte region [ffff888123839d68, ffff88812383a2b8) The buggy address belongs to the physical page: page:ffffea00048e0e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88812383f588 pfn:0x123838 head:ffffea00048e0e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x17ffffc0000a40(workingset\|slab\|head\|node=0\|zone=2\|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000a40 ffff88810588c200 ffffea00048ffa10 ffff888105889488 raw: ffff88812383f588 0000000000150006 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888123839d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888123839e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888123839e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888123839f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888123839f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Fixes: `36eca89483` ("block, bfq: add Early Queue Merge (EQM)") Signed-off-by: Yu Kuai <yukuai3@huawei.com> Link: https://lore.kernel.org/r/20240902130329.3787024-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-11-08 16:19:04 +01:00
Michael Bestas	f8239b8b4e	Merge tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-10-01 * tag 'ASB-2024-10-05_4.19-stable' of https://android.googlesource.com/kernel/common: (99 commits) Linux 4.19.322 Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" netns: restore ops before calling ops_exit_list cx82310_eth: fix error return code in cx82310_bind() net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket rtmutex: Drop rt_mutex::wait_lock before scheduling drm/i915/fence: Mark debug_fence_free() with __maybe_unused drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused ACPI: processor: Fix memory leaks in error paths of processor_add() ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ila: call nf_unregister_net_hooks() sooner netns: add pre_exit method to struct pernet_operations nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: replace snprintf in show functions with sysfs_emit tracing: Avoid possible softlockup in tracing_iter_reset() ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() uprobes: Use kzalloc to allocate xol area clocksource/drivers/imx-tpm: Fix next event not taking effect sometime clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX VMCI: Fix use-after-free when removing resource in vmci_resource_remove() ... Conflicts: drivers/clk/qcom/clk-alpha-pll.c Change-Id: I79078f7d518fa7e6a2b373df48acbd6f9f9ba30b	2024-10-09 03:14:26 +03:00
Greg Kroah-Hartman	1b3964c5e0	Merge 4.19.322 into android-4.19-stable Changes in 4.19.322 net: usb: qmi_wwan: add MeiG Smart SRM825L usb: dwc3: st: Add of_node_put() before return in probe function usb: dwc3: st: add missing depopulate in probe error path drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu: fix overflowed array index read warning drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device apparmor: fix possible NULL pointer dereference usbip: Don't submit special requests twice smack: tcp: ipv4, fix incorrect labeling media: uvcvideo: Enforce alignment of frame and interval block: initialize integrity buffer to zero before writing it to media virtio_net: Fix napi_skb_cache_put warning udf: Limit file size to 4TB ALSA: usb-audio: Sanity checks for each pipe and EP types ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check sch/netem: fix use after free in netem_dequeue ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices ata: libata: Fix memory leak for error path in ata_host_alloc() mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K fuse: use unsigned type for getxattr/listxattr size truncation clk: qcom: clk-alpha-pll: Fix the pll post div mask nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function ALSA: hda: Add input value sanity checks to HDMI channel map controls smack: unix sockets: fix accept()ed socket label irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 af_unix: Remove put_pid()/put_cred() in copy_peercred(). netfilter: nf_conncount: fix wrong variable type udf: Avoid excessive partition lengths wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse pcmcia: Use resource_size function on resource object can: bcm: Remove proc entry when dev is unregistered. igb: Fix not clearing TimeSync interrupts for 82580 platform/x86: dell-smbios: Fix error path in dell_smbios_init() cx82310_eth: re-enable ethernet mode after router reboot drivers/net/usb: Remove all strcpy() uses net: usb: don't write directly to netdev->dev_addr usbnet: modern method to get random MAC rfkill: fix spelling mistake contidion to condition net: bridge: add support for sticky fdb entries bridge: switchdev: Allow clearing FDB entry offload indication net: bridge: fdb: convert is_local to bitops net: bridge: fdb: convert is_static to bitops net: bridge: fdb: convert is_sticky to bitops net: bridge: fdb: convert added_by_user to bitops net: bridge: fdb: convert added_by_external_learn to use bitops net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN net: dsa: vsc73xx: fix possible subblocks range of CAPT block iommu/vt-d: Handle volatile descriptor status read cgroup: Protect css->cgroup write under css_set_lock um: line: always fill *error_out in setup_one_line() devres: Initialize an uninitialized struct member pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete PCI: Add missing bridge lock to pci_bus_lock() btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Input: uinput - reject requests with unreasonable number of slots usbnet: ipheth: race between ipheth_close and error handling Squashfs: sanity check symbolic link size of/irq: Prevent device address out-of-bounds read in interrupt map walk ata: pata_macio: Use WARN instead of BUG iio: buffer-dmaengine: fix releasing dma channel on error iio: fix scale application in iio_convert_raw_to_processed_unlocked nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic VMCI: Fix use-after-free when removing resource in vmci_resource_remove() clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime uprobes: Use kzalloc to allocate xol area ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() tracing: Avoid possible softlockup in tracing_iter_reset() nilfs2: replace snprintf in show functions with sysfs_emit nilfs2: protect references to superblock parameters exposed in sysfs netns: add pre_exit method to struct pernet_operations ila: call nf_unregister_net_hooks() sooner ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused rtmutex: Drop rt_mutex::wait_lock before scheduling net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket cx82310_eth: fix error return code in cx82310_bind() netns: restore ops before calling ops_exit_list Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" Linux 4.19.322 Change-Id: I91163696e8593c077f8fe3d59348a68c76a2624b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-09-12 10:36:52 +00:00
Christoph Hellwig	9f4af4cf08	block: initialize integrity buffer to zero before writing it to media commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f upstream. Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. Fixes: `7ba1ba12ee` ("block: Block layer data integrity support") Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Kanchan Joshi <joshi.k@samsung.com> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Link: https://lore.kernel.org/r/20240613084839.1044015-2-hch@lst.de Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-09-12 11:02:50 +02:00
Michael Bestas	e8e6720b34	Merge tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-05-01 CVE-2023-4622 * tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "timers: Rename del_timer_sync() to timer_delete_sync()" Revert "geneve: make sure to pull inner header in geneve_rx()" Linux 4.19.312 amdkfd: use calloc instead of kzalloc to avoid integer overflow initramfs: fix populate_initrd_image() section mismatch ip_gre: do not report erspan version on GRE interface erspan: Check IFLA_GRE_ERSPAN_VER is set. VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Bluetooth: btintel: Fixe build regression x86/mm/pat: fix VM_PAT handling in COW mappings virtio: reenable config if freezing device failed drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc fbmon: prevent division by zero in fb_videomode_from_videomode() fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined tools: iio: replace seekdir() in iio_generic_buffer ktest: force $buildonly = 1 for 'make_warnings_file' test type Input: allocate keycode for Display refresh rate toggle block: prevent division by zero in blk_rq_stat_sum() SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int drm/amd/display: Fix nanosec stat overflow media: sta2x11: fix irq handler cast isofs: handle CDs with bad root inode but good Joliet root directory scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() sysv: don't call sb_bread() with pointers_lock held Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Bluetooth: btintel: Fix null ptr deref in btintel_read_version btrfs: send: handle path ref underflow in header iterate_inode_ref() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() arm64: dts: rockchip: fix rk3399 hdmi ports node VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: ath9k: fix LNA selection in ath_ant_try_scan() ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone ata: sata_mv: Fix PCI device ID table declaration compilation warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw erspan: make sure erspan_base_hdr is present in skb->head erspan: Add type I version 0 support. init: open /initrd.image with O_LARGEFILE initramfs: switch initramfs unpacking to struct file based APIs fs: add a vfs_fchmod helper fs: add a vfs_fchown helper initramfs: factor out a helper to populate the initrd image staging: vc04_services: fix information leak in create_component() staging: vc04_services: changen strncpy() to strscpy_pad() staging: mmal-vchiq: Fix client_component for 64 bit kernel staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Avoid use of bool in structures i40e: fix vf may be used uninitialized in this function warning ipv6: Fix infinite recursion in fib6_dump_done(). selftests: reuseaddr_conflict: add missing new line at the end of the output net: stmmac: fix rx queue priority assignment net/sched: act_skbmod: prevent kernel-infoleak netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() mm, vmscan: prevent infinite loop for costly GFP_NOIO \| __GFP_RETRY_MAYFAIL allocations Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." net/rds: fix possible cp null dereference netfilter: nf_tables: disallow timeout for anonymous sets Bluetooth: Fix TOCTOU in HCI debugfs implementation Bluetooth: hci_event: set the conn encrypted before conn establishes r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d tcp: properly terminate timers for kernel sockets mptcp: add sk_stop_timer_sync helper nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet USB: core: Fix deadlock in usb_deauthorize_interface() scsi: lpfc: Correct size for wqe for memset() x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: qla2xxx: Fix command flush on cable pull usb: udc: remove warning when queue disabled ep usb: dwc2: gadget: LPM flow fix usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix remote wakeup from hibernation loop: loop_set_status_from_info() check before assignment loop: Check for overflow while configuring loop loop: Factor out configuring loop from status powerpc: xor_vmx: Add '-mhard-float' to CFLAGS efivarfs: Request at most 512 bytes for variable names perf/core: Fix reentry problem in perf_output_read_group() loop: properly observe rotational flag of underlying device loop: Refactor loop_set_status() size calculation loop: Factor out setting loop device size loop: Remove sector_t truncation checks loop: Call loop_config_discard() only after new config is applied Revert "loop: Check for overflow while configuring loop" btrfs: allocate btrfs_ioctl_defrag_range_args on stack printk: Update @console_may_schedule in console_trylock_spinning() fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs usb: cdc-wdm: close race between read and workqueue exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes mm/migrate: set swap entry values of THP tail pages properly. mm/memory-failure: fix an incorrect use of tail pages vt: fix memory overlapping when deleting chars in the buffer vt: fix unicode buffer corruption when deleting characters tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled usb: port: Don't try to peer unused USB ports based on location usb: gadget: ncm: Fix handling of zero block length packets USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform xfrm: Avoid clang fortify warning in copy_to_user_tmpl() netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag comedi: comedi_test: Prevent timers rescheduling during deletion ahci: asm1064: asm1166: don't limit reported ports ahci: asm1064: correct count of reported ports x86/CPU/AMD: Update the Zenbleed microcode revisions nilfs2: prevent kernel bug at submit_bh_wbc() nilfs2: use a more common logging style nilfs2: fix failure to detect DAT corruption in btree and direct mappings memtest: use {READ,WRITE}_ONCE in memory scanning drm/vc4: hdmi: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() s390/zcrypt: fix reference counting on zcrypt card objects soc: fsl: qbman: Use raw spinlock for cgr_lock soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Always disable interrupts when taking cgr_lock vfio/platform: Disable virqfds on cleanup kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 speakup: Fix 8bit characters from direct synth slimbus: core: Remove usage of the deprecated ida_simple_xx() API ext4: fix corruption during on-line resize hwmon: (amc6821) add of_match table mmc: core: Fix switch on gp3 partition dm-raid: fix lockdep waring in "pers->hot_add_disk" Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" PCI/PM: Drain runtime-idle callbacks before driver removal PCI: Drop pci_device_remove() test of pci_dev->driver fuse: don't unhash root mmc: tmio: avoid concurrent runs of mmc_request_done() PM: sleep: wakeirq: fix wake irq warning in system suspend USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: add device ID for VeriFone adapter USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB powerpc/fsl: Fix mfpmr build errors with newer binutils clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays PM: suspend: Set mem_sleep_current during kernel command line setup parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix ip_fast_csum parisc: Do not hardcode registers in checksum functions ubi: correct the calculation of fastmap size ubi: Check for too small LEB size in VTBL code ubifs: Set page uptodate in the correct place fat: fix uninitialized field in nostale filehandles crypto: qat - resolve race condition during AER recovery crypto: qat - fix double free during reset sparc: vDSO: fix return value of __setup handler sparc64: NMI watchdog: fix return value of __setup handler KVM: Always flush async #PF workqueue when vCPU is being destroyed media: xc4000: Fix atomicity violation in xc4000_get_frequency arm: dts: marvell: Fix maxium->maxim typo in brownstone dts ARM: dts: mmp2-brownstone: Don't redeclare phandle references smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach timers: Rename del_timer_sync() to timer_delete_sync() timers: Use del_timer_sync() even on UP timers: Update kernel-doc for various functions timers: Prepare support for PREEMPT_RT timer/trace: Improve timer tracing timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps x86/bugs: Use sysfs_emit() x86/cpu: Support AMD Automatic IBRS Documentation/hw-vuln: Update spectre doc Linux 4.19.311 crypto: af_alg - Work around empty control messages without MSG_MORE crypto: af_alg - Fix regression on empty requests spi: spi-mt65xx: Fix NULL pointer access in interrupt handler net/bnx2x: Prevent access to a freed page in page_pool hsr: Handle failures in module init rds: introduce acquire/release ordering in acquire/release_in_xmit() hsr: Fix uninit-value access in hsr_get_node() net: hsr: fix placement of logical operator in a multi-line statement usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin staging: greybus: fix get_channel_from_mode() failure path serial: 8250_exar: Don't remove GPIO device on suspend rtc: mt6397: select IRQ_DOMAIN instead of depending on it kconfig: fix infinite loop when expanding a macro at the end of file tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT serial: max310x: fix syntax error in IRQ error message clk: qcom: gdsc: Add support to update GDSC transition delay NFS: Fix an off by one in root_nfs_cat() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn scsi: csiostor: Avoid function pointer casts ALSA: usb-audio: Stop parsing channels bits when all channels are found. sparc32: Fix section mismatch in leon_pci_grpci backlight: lp8788: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: lm3630a: Initialize backlight_properties on init powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip media: go7007: fix a memleak in go7007_load_encoder media: dvb-frontends: avoid stack overflow warnings with clang media: pvrusb2: fix uaf in pvr2_context_set_notify drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs mtd: rawnand: lpc32xx_mlc: fix irq handler prototype crypto: arm/sha - fix function cast warnings crypto: arm - Rename functions to avoid conflict with crypto/sha256.h mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref drm/tegra: put drm_gem_object ref on error in tegra_fb_create clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() PCI: Mark 3ware-9650SE Root Port Extended Tags as broken drm/mediatek: dsi: Fix DSI RGB666 formats and definitions clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface media: pvrusb2: fix pvr2_stream_callback casts media: go7007: add check of return value of go7007_read_addr() ALSA: seq: fix function cast warnings drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() quota: Fix rcu annotations of inode dquot pointers quota: Fix potential NULL pointer dereference quota: simplify drop_dquot_ref() quota: check time limit when back out space/inode change fs/quota: erase unused but set variable warning quota: code cleanup for __dquot_alloc_space() clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: support resetting multiple bits clk: qcom: reset: Allow specifying custom reset delay media: edia: dvbdev: fix a use-after-free media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvbdev: fix error logic at dvb_register_device() media: dvbdev: Fix memleak in dvb_register_device media: media/dvb: Use kmemdup rather than duplicating its implementation media: dvbdev: remove double-unlock media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: v4l2-tpg: fix some memleaks in tpg_alloc media: em28xx: annotate unchecked call to media_device_register() ABI: sysfs-bus-pci-devices-aer_stats uses an invalid tag perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() media: tc358743: register v4l2 async device only after successful setup drm/rockchip: lvds: do not print scary message when probing defer drm/rockchip: lvds: do not overwrite error code drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: inno_hdmi: Fix video timing drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Make use of the helper function dev_err_probe() gpu: host1x: mipi: Update tegra_mipi_request() to be node based drm/tegra: dsi: Add missing check for of_find_device_by_node dm: call the resume method on internal suspend dm raid: fix false positive for requeue needed during reshape nfp: flower: handle acti_netdevs allocation failure net/x25: fix incorrect parameter validation in the x25_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipv6: fib6_rules: flush route cache when rule is changed bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches sr9800: Add check for usbnet_get_endpoints Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: Remove superfluous call to hci_conn_check_pending() igb: Fix missing time sync events igb: move PEROUT and EXTTS isr logic to separate functions mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function SUNRPC: fix some memleaks in gssx_dec_option_array x86, relocs: Ignore relocations in .notes section ACPI: scan: Fix device check notification handling ARM: dts: arm: realview: Fix development chip ROM compatible value wifi: brcmsmac: avoid function pointer casts iommu/amd: Mark interrupt as managed bus: tegra-aconnect: Update dependency to ARCH_TEGRA ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). sock_diag: annotate data-races around sock_diag_handlers[family] wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() wifi: b43: Disable QoS for bcm4331 wifi: b43: Stop correct queue in DMA worker when QoS is disabled b43: main: Fix use true/false for bool type wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled b43: dma: Fix use true/false for bool type variable wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() timekeeping: Fix cross-timestamp interpolation for non-x86 timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation on counter wrap aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts md: Don't clear MD_CLOSING when the raid is about to stop md: implement ->set_read_only to hook into BLKROSET processing block: add a new set_read_only method md: switch to ->check_events for media change notifications fs/select: rework stack allocation hack for clang do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak crypto: algif_aead - Only wake up when ctx->more is zero crypto: af_alg - make some functions static crypto: algif_aead - fix uninitialized ctx->init ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet firewire: core: use long bus reset on gap count error Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security scsi: mpt3sas: Prevent sending diag_reset when the controller is ready dm-verity, dm-crypt: align "struct bvec_iter" correctly block: sed-opal: handle empty atoms when parsing response net/iucv: fix the allocation size of iucv_path_table array MIPS: Clear Cause.BD in instruction_pointer_set x86/xen: Add some null pointer checking to smp.c ASoC: rt5645: Make LattePanda board DMI match more precise Linux 4.19.310 selftests/vm: fix map_hugetlb length used for testing read and write selftests/vm: fix display of page size in map_hugetlb getrusage: use sig->stats_lock rather than lock_task_sighand() getrusage: use __for_each_thread() getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: add the "signal_struct sig" local variable y2038: rusage: use __kernel_old_timeval hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Make netvsc/VF binding check both MAC and serial number Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU um: allow not setting extra rpaths in the linux binary selftests: mm: fix map_hugetlb failure on 64K page size systems tools/selftest/vm: allow choosing mem size and page size in map_hugetlb btrfs: ref-verify: free ref cache before clearing mount opt netrom: Fix data-races around sysctl_net_busy_read netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix a data-race around sysctl_netrom_default_path_quality netfilter: nf_conntrack_h323: Add protection for bmp length out of range net/rds: fix WARNING in rds_conn_connect_if_down net/ipv6: avoid possible UAF in ip6_route_mpath_notify() geneve: make sure to pull inner header in geneve_rx() net: move definition of pcpu_lstats to header file net: lan78xx: fix runtime PM count underflow on link stop lan78xx: Fix race conditions in suspend/resume handling lan78xx: Fix partial packet errors on suspend/resume lan78xx: Add missing return code checks lan78xx: Fix white space and style issues net: usb: lan78xx: Remove lots of set but unused 'ret' variables Linux 4.19.309 gpio: 74x164: Enable output pins after registers are reset cachefiles: fix memory leak in cachefiles_add_cache() mmc: core: Fix eMMC initialization with 1-bit bus connection btrfs: dev-replace: properly validate device names wifi: nl80211: reject iftype change with mesh ID change gtp: fix use-after-free and null-ptr-deref in gtp_newlink() ALSA: Drop leftover snd-rtctimer stuff from Makefile power: supply: bq27xxx-i2c: Do not free non existing IRQ efi/capsule-loader: fix incorrect allocation size Bluetooth: Enforce validation on max value of connection interval Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: Avoid potential use-after-free in hci_error_reset net: usb: dm9601: fix wrong return value in dm9601_mdio_read lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected tun: Fix xdp_rxq_info's queue_index when detaching netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Linux 4.19.308 scripts/bpf: Fix xdp_md forward declaration typo fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() PCI/MSI: Prevent MSI hardware interrupt number truncation s390: use the correct count for __iowrite64_copy() packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin bpf, scripts: Correct GPL license name scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions RDMA/srpt: fix function pointer cast warnings RDMA/srpt: Make debug output more detailed RDMA/ulp: Use dev_name instead of ibdev->name RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/bnxt_re: Return error for SRQ resize IB/hfi1: Fix a memleak in init_credit_return usb: roles: don't get/set_role() when usb_role_switch is unregistered usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs ARM: ep93xx: Add terminator to gpiod_lookup_table l2tp: pass correct message length to ip6_append_data gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() dm-crypt: don't modify the data when using authenticated encryption mm: memcontrol: switch to rcu protection in drain_all_stock() IB/hfi1: Fix sdma.h tx->num_descs off-by-one error pmdomain: renesas: r8a77980-sysc: CR7 must be always on s390/qeth: Fix potential loss of L3-IP@ in case of network issues virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error hwmon: (coretemp) Enlarge per package core count limit regulator: pwm-regulator: Add validity checks in continuous .get_voltage ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ahci: asm1166: correct count of reported ports fbdev: sis: Error out if pixclock equals zero fbdev: savage: Error out if pixclock equals zero wifi: mac80211: fix race condition on enabling fast-xmit wifi: cfg80211: fix missing interfaces when dumping dmaengine: shdma: increase size of 'dev_id' scsi: target: core: Add TMF to tmr_list handling sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb nilfs2: replace WARN_ONs for invalid DAT metadata block requests memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() net: stmmac: fix notifier registration stmmac: no need to check return value of debugfs_create functions net/sched: Retire dsmark qdisc net/sched: Retire ATM qdisc net/sched: Retire CBQ qdisc Linux 4.19.307 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() lsm: new security_file_ioctl_compat() hook nilfs2: fix potential bug in end_buffer_async_write sched/membarrier: reduce the ability to hammer on sys_membarrier Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" pmdomain: core: Move the unused cleanup to a _sync initcall irqchip/irq-brcmstb-l2: Add write memory barrier before exit nfp: use correct macro for LengthSelect in BAR config nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nilfs2: fix data corruption in dsync block recovery for small block sizes ALSA: hda/conexant: Add quirk for SWS JS201D x86/mm/ident_map: Use gbpages only where full GB page should be mapped. x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 serial: max310x: improve crystal stable clock detection serial: max310x: set default value when reading clock ready bit ring-buffer: Clean ring_buffer_poll_wait() error return staging: iio: ad5933: fix type mismatch regression ext4: fix double-free of blocks due to wrong extents moved_len binder: signal epoll threads of self-work xen-netback: properly sync TX responses nfc: nci: free rx_data_reassembly skb on NCI device cleanup firewire: core: correct documentation of fw_csr_string() kernel API scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" usb: f_mass_storage: forbid async queue when shutdown happen USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT HID: wacom: Do not register input devices until after hid_hw_start HID: wacom: generic: Avoid reporting a serial of '0' to userspace mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again tracing/trigger: Fix to return error if failed to alloc snapshot i40e: Fix waiting for queues of all VSIs to be disabled MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler net: sysfs: Fix /sys/class/net/<iface> path for statistics Documentation: net-sysfs: describe missing statistics ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() spi: ppc4xx: Drop write-only variable btrfs: send: return EOPNOTSUPP on unknown flags btrfs: forbid creating subvol qgroups hrtimer: Report offline hrtimer enqueue vhost: use kzalloc() instead of kmalloc() followed by memset() Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID USB: serial: cp210x: add ID for IMST iM871A-USB USB: serial: option: add Fibocom FM101-GL variant USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e net/af_iucv: clean up a try_then_request_module() netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_compat: reject unused compat flag ppp_async: limit MRU to 64K tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() rxrpc: Fix response to PING RESPONSE ACKs to a dead call inet: read sk->sk_family once in inet_recv_error() hwmon: (coretemp) Fix bogus core_id to attr name mapping hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (aspeed-pwm-tacho) mutex for tach reading atm: idt77252: fix a memleak in open_card_ubr0 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV bonding: remove print in bond_verify_device_path HID: apple: Add 2021 magic keyboard FN key mapping HID: apple: Swap the Fn and Left Control keys on Apple keyboards HID: apple: Add support for the 2021 Magic Keyboard net: sysfs: Fix /sys/class/net/<iface> path af_unix: fix lockdep positive in sk_diag_dump_icons() net: ipv4: fix a memleak in ip_setup_cork netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger llc: call sock_orphan() at release time ipv6: Ensure natural alignment of const ipv6 loopback and router addresses ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ixgbe: Refactor overtemp event handling ixgbe: Refactor returning internal error codes ixgbe: Remove non-inclusive language net: remove unneeded break scsi: isci: Fix an error code problem in isci_io_request_build() wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' ceph: fix deadlock or deadcode of misusing dget() blk-mq: fix IO hang from sbitmap wakeup race virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings libsubcmd: Fix memory leak in uniq() usb: hub: Replace hardcoded quirk value with BIT() macro PCI: Only override AMD USB controller if required mfd: ti_am335x_tscadc: Fix TI SoC dependencies um: net: Fix return type of uml_net_start_xmit() um: Don't use vfprintf() for os_info() um: Fix naming clash between UML and scheduler leds: trigger: panic: Don't register panic notifier if creating the trigger failed drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdgpu: Let KFD sync with VM fences clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() drm/msm/dpu: Ratelimit framedone timeout msgs media: ddbridge: fix an error code problem in ddb_probe IB/ipoib: Fix mcast list locking drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time ALSA: hda: Intel: add HDA_ARL PCI ID support PCI: add INTEL_HDA_ARL to pci_ids.h media: rockchip: rga: fix swizzling for RGB formats media: stk1160: Fixed high volume of stk1160_dbg messages drm/mipi-dsi: Fix detach call without attach drm/framebuffer: Fix use of uninitialized variable drm/drm_file: fix use of uninitialized variable RDMA/IPoIB: Fix error code return in ipoib_mcast_join fast_dput(): handle underflows gracefully ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument f2fs: fix to check return value of f2fs_reserve_new_block() wifi: cfg80211: free beacon_ies when overridden from hidden BSS wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices md: Whenassemble the array, consult the superblock of the freshest device ARM: dts: imx23/28: Fix the DMA controller node name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx1: Fix sram node ARM: dts: imx27: Fix sram node ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: rockchip: fix rk3036 hdmi ports node scsi: libfc: Fix up timeout error in fc_fcp_rec_error() scsi: libfc: Don't schedule abort twice bpf: Add map and need_defer parameters to .map_fd_put_ptr() wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() ARM: dts: imx7s: Fix nand-controller #size-cells ARM: dts: imx7s: Fix lcdif compatible bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk PCI: Add no PM reset quirk for NVIDIA Spectrum devices scsi: lpfc: Fix possible file string name overflow when updating firmware ext4: avoid online resizing failures due to oversized flex bg ext4: remove unnecessary check from alloc_flex_gd() ext4: unify the type of flexbg_size to unsigned int ext4: fix inconsistent between segment fstrim and full fstrim SUNRPC: Fix a suspicious RCU usage warning KVM: s390: fix setting of fpc register s390/ptrace: handle setting of fpc register correctly jfs: fix array-index-out-of-bounds in diNewExt rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server() crypto: stm32/crc32 - fix parsing list of devices pstore/ram: Fix crash when setting number of cpus to an odd number jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix slab-out-of-bounds Read in dtSearch UBSAN: array-index-out-of-bounds in dtSplitRoot FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree ACPI: extlog: fix NULL pointer dereference check PNP: ACPI: fix fortify warning ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop audit: Send netlink ACK before setting connection in auditd_set powerpc/lib: Validate size for vector operations powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix null-pointer dereference in pgtable_cache_add net/sched: cbs: Fix not adding cbs instance to list x86/entry/ia32: Ensure s32 is sign extended to s64 tick/sched: Preserve number of idle sleeps across CPU hotplug events mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan gpio: eic-sprd: Clear interrupt after set the interrupt type drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume drm/bridge: nxp-ptn3460: simplify some error checking drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm: Don't unref the same fb many times by mistake due to deadlock handling gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 netfilter: nf_tables: reject QUEUE/DROP verdict parameters btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't warn if discard range is not aligned to sector net: fec: fix the unhandled context fault from smmu fjes: fix memleaks in fjes_hw_setup netfilter: nf_tables: restrict anonymous set and map names to 16 bytes net/mlx5e: fix a double-free in arfs_create_groups net/mlx5: Use kfree(ft->g) in arfs_create_groups() netlink: fix potential sleeping issue in mqueue_flush_file Conflicts: include/linux/fs.h include/linux/timer.h init/initramfs.c kernel/time/timer.c mm/memory-failure.c mm/page_alloc.c net/core/sock.c scripts/Makefile.extrawarn Change-Id: I0ccfce4c1a43240cfb997b426ef9fc59e61e3c55	2024-05-07 22:02:57 +03:00
Michael Bestas	a8804204c0	Merge tag 'ASB-2024-04-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-04-01 * tag 'ASB-2024-04-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "Reapply "cred: switch to using atomic_long_t"" Reapply "cred: switch to using atomic_long_t" BACKPORT: net: core: enable SO_BINDTODEVICE for non-root users tcp: Add memory barrier to tcp_push() tracing: Ensure visibility when inserting an element into tracing_map net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv llc: Drop support for ETH_P_TR_802_2. llc: make llc_ui_sendmsg() more robust against bonding changes vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING net/smc: fix illegal rmb_desc access in SMC-D connection dump drivers: core: fix kernel-doc markup for dev_err_probe() driver code: print symbolic error code block: Remove special-casing of compound pages Revert "driver core: Annotate dev_err_probe() with __must_check" nouveau/vmm: don't set addr on the fail path to avoid warning driver core: Annotate dev_err_probe() with __must_check parisc/firmware: Fix F-extend for PDC addresses x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum rpmsg: virtio: Free driver_override when rpmsg_remove() powerpc: Use always instead of always-y in for crtsavres.o hwrng: core - Fix page fault dead lock on mmap-ed hwrng PM: hibernate: Enforce ordering during image compression/decompression crypto: api - Disallow identical driver names ext4: allow for the last group to be marked as trimmed serial: sc16is7xx: add check for unsupported SPI modes during probe spi: introduce SPI_MODE_X_MASK macro driver core: add device probe log helper serial: sc16is7xx: set safe default SPI clock frequency units: add the HZ macros units: change from 'L' to 'UL' units: Add Watt units include/linux/units.h: add helpers for kelvin to/from Celsius conversion PCI: mediatek: Clear interrupt status before dispatching handler Change-Id: I5a5f215e11cc4d2ae7ad65c53d50819f18988acf	2024-04-19 23:41:35 +03:00
Greg Kroah-Hartman	ec0ad95612	Merge 4.19.312 into android-4.19-stable Changes in 4.19.312 Documentation/hw-vuln: Update spectre doc x86/cpu: Support AMD Automatic IBRS x86/bugs: Use sysfs_emit() timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps timer/trace: Improve timer tracing timers: Prepare support for PREEMPT_RT timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() ARM: dts: mmp2-brownstone: Don't redeclare phandle references arm: dts: marvell: Fix maxium->maxim typo in brownstone dts media: xc4000: Fix atomicity violation in xc4000_get_frequency KVM: Always flush async #PF workqueue when vCPU is being destroyed sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler crypto: qat - fix double free during reset crypto: qat - resolve race condition during AER recovery fat: fix uninitialized field in nostale filehandles ubifs: Set page uptodate in the correct place ubi: Check for too small LEB size in VTBL code ubi: correct the calculation of fastmap size parisc: Do not hardcode registers in checksum functions parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds PM: suspend: Set mem_sleep_current during kernel command line setup clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays powerpc/fsl: Fix mfpmr build errors with newer binutils USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB USB: serial: add device ID for VeriFone adapter USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M PM: sleep: wakeirq: fix wake irq warning in system suspend mmc: tmio: avoid concurrent runs of mmc_request_done() fuse: don't unhash root PCI: Drop pci_device_remove() test of pci_dev->driver PCI/PM: Drain runtime-idle callbacks before driver removal Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" dm-raid: fix lockdep waring in "pers->hot_add_disk" mmc: core: Fix switch on gp3 partition hwmon: (amc6821) add of_match table ext4: fix corruption during on-line resize slimbus: core: Remove usage of the deprecated ida_simple_xx() API speakup: Fix 8bit characters from direct synth kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 vfio/platform: Disable virqfds on cleanup soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock s390/zcrypt: fix reference counting on zcrypt card objects drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() memtest: use {READ,WRITE}_ONCE in memory scanning nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: use a more common logging style nilfs2: prevent kernel bug at submit_bh_wbc() x86/CPU/AMD: Update the Zenbleed microcode revisions ahci: asm1064: correct count of reported ports ahci: asm1064: asm1166: don't limit reported ports comedi: comedi_test: Prevent timers rescheduling during deletion netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout xfrm: Avoid clang fortify warning in copy_to_user_tmpl() ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command usb: gadget: ncm: Fix handling of zero block length packets usb: port: Don't try to peer unused USB ports based on location tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled vt: fix unicode buffer corruption when deleting characters vt: fix memory overlapping when deleting chars in the buffer mm/memory-failure: fix an incorrect use of tail pages mm/migrate: set swap entry values of THP tail pages properly. wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() usb: cdc-wdm: close race between read and workqueue ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion printk: Update @console_may_schedule in console_trylock_spinning() btrfs: allocate btrfs_ioctl_defrag_range_args on stack Revert "loop: Check for overflow while configuring loop" loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: properly observe rotational flag of underlying device perf/core: Fix reentry problem in perf_output_read_group() efivarfs: Request at most 512 bytes for variable names powerpc: xor_vmx: Add '-mhard-float' to CFLAGS loop: Factor out configuring loop from status loop: Check for overflow while configuring loop loop: loop_set_status_from_info() check before assignment usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix usb: udc: remove warning when queue disabled ep scsi: qla2xxx: Fix command flush on cable pull x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: lpfc: Correct size for wqe for memset() USB: core: Fix deadlock in usb_deauthorize_interface() nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet mptcp: add sk_stop_timer_sync helper tcp: properly terminate timers for kernel sockets r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Bluetooth: hci_event: set the conn encrypted before conn establishes Bluetooth: Fix TOCTOU in HCI debugfs implementation netfilter: nf_tables: disallow timeout for anonymous sets net/rds: fix possible cp null dereference Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." mm, vmscan: prevent infinite loop for costly GFP_NOIO \| __GFP_RETRY_MAYFAIL allocations netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() net/sched: act_skbmod: prevent kernel-infoleak net: stmmac: fix rx queue priority assignment selftests: reuseaddr_conflict: add missing new line at the end of the output ipv6: Fix infinite recursion in fib6_dump_done(). i40e: fix vf may be used uninitialized in this function warning staging: mmal-vchiq: Avoid use of bool in structures staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel staging: vc04_services: changen strncpy() to strscpy_pad() staging: vc04_services: fix information leak in create_component() initramfs: factor out a helper to populate the initrd image fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs init: open /initrd.image with O_LARGEFILE erspan: Add type I version 0 support. erspan: make sure erspan_base_hdr is present in skb->head ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ata: sata_mv: Fix PCI device ID table declaration compilation warning ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone wifi: ath9k: fix LNA selection in ath_ant_try_scan() VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() arm64: dts: rockchip: fix rk3399 hdmi ports node tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Bluetooth: btintel: Fix null ptr deref in btintel_read_version Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails sysv: don't call sb_bread() with pointers_lock held scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() isofs: handle CDs with bad root inode but good Joliet root directory media: sta2x11: fix irq handler cast drm/amd/display: Fix nanosec stat overflow SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int block: prevent division by zero in blk_rq_stat_sum() Input: allocate keycode for Display refresh rate toggle ktest: force $buildonly = 1 for 'make_warnings_file' test type tools: iio: replace seekdir() in iio_generic_buffer usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 fbmon: prevent division by zero in fb_videomode_from_videomode() tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings Bluetooth: btintel: Fixe build regression VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() erspan: Check IFLA_GRE_ERSPAN_VER is set. ip_gre: do not report erspan version on GRE interface initramfs: fix populate_initrd_image() section mismatch amdkfd: use calloc instead of kzalloc to avoid integer overflow Linux 4.19.312 Change-Id: Ic4c50de6afb4c88c8011be6cc93f960d2dc968e0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-04-16 10:08:42 +00:00
Greg Kroah-Hartman	32e0a5db51	Merge 4.19.311 into android-4.19-stable Changes in 4.19.311 ASoC: rt5645: Make LattePanda board DMI match more precise x86/xen: Add some null pointer checking to smp.c MIPS: Clear Cause.BD in instruction_pointer_set net/iucv: fix the allocation size of iucv_path_table array block: sed-opal: handle empty atoms when parsing response dm-verity, dm-crypt: align "struct bvec_iter" correctly scsi: mpt3sas: Prevent sending diag_reset when the controller is ready Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security firewire: core: use long bus reset on gap count error ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll crypto: algif_aead - fix uninitialized ctx->init crypto: af_alg - make some functions static crypto: algif_aead - Only wake up when ctx->more is zero do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak fs/select: rework stack allocation hack for clang md: switch to ->check_events for media change notifications block: add a new set_read_only method md: implement ->set_read_only to hook into BLKROSET processing md: Don't clear MD_CLOSING when the raid is about to stop aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() b43: dma: Fix use true/false for bool type variable wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled b43: main: Fix use true/false for bool type wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() sock_diag: annotate data-races around sock_diag_handlers[family] af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() bus: tegra-aconnect: Update dependency to ARCH_TEGRA iommu/amd: Mark interrupt as managed wifi: brcmsmac: avoid function pointer casts ARM: dts: arm: realview: Fix development chip ROM compatible value ACPI: scan: Fix device check notification handling x86, relocs: Ignore relocations in .notes section SUNRPC: fix some memleaks in gssx_dec_option_array mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function igb: move PEROUT and EXTTS isr logic to separate functions igb: Fix missing time sync events Bluetooth: Remove superfluous call to hci_conn_check_pending() Bluetooth: hci_core: Fix possible buffer overflow sr9800: Add check for usbnet_get_endpoints bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches ipv6: fib6_rules: flush route cache when rule is changed tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function nfp: flower: handle acti_netdevs allocation failure dm raid: fix false positive for requeue needed during reshape dm: call the resume method on internal suspend drm/tegra: dsi: Add missing check for of_find_device_by_node gpu: host1x: mipi: Update tegra_mipi_request() to be node based drm/tegra: dsi: Make use of the helper function dev_err_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/rockchip: inno_hdmi: Fix video timing drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer media: tc358743: register v4l2 async device only after successful setup perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() ABI: sysfs-bus-pci-devices-aer_stats uses an invalid tag media: em28xx: annotate unchecked call to media_device_register() media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: dvbdev: remove double-unlock media: media/dvb: Use kmemdup rather than duplicating its implementation media: dvbdev: Fix memleak in dvb_register_device media: dvbdev: fix error logic at dvb_register_device() media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: edia: dvbdev: fix a use-after-free clk: qcom: reset: Allow specifying custom reset delay clk: qcom: reset: support resetting multiple bits clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion quota: code cleanup for __dquot_alloc_space() fs/quota: erase unused but set variable warning quota: check time limit when back out space/inode change quota: simplify drop_dquot_ref() quota: Fix potential NULL pointer dereference quota: Fix rcu annotations of inode dquot pointers perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() ALSA: seq: fix function cast warnings media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: fix pvr2_stream_callback casts firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times drm/mediatek: dsi: Fix DSI RGB666 formats and definitions PCI: Mark 3ware-9650SE Root Port Extended Tags as broken clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() drm/tegra: put drm_gem_object ref on error in tegra_fb_create mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref crypto: arm - Rename functions to avoid conflict with crypto/sha256.h crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() media: pvrusb2: fix uaf in pvr2_context_set_notify media: dvb-frontends: avoid stack overflow warnings with clang media: go7007: fix a memleak in go7007_load_encoder drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe sparc32: Fix section mismatch in leon_pci_grpci ALSA: usb-audio: Stop parsing channels bits when all channels are found. scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() clk: qcom: gdsc: Add support to update GDSC transition delay serial: max310x: fix syntax error in IRQ error message tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT kconfig: fix infinite loop when expanding a macro at the end of file rtc: mt6397: select IRQ_DOMAIN instead of depending on it serial: 8250_exar: Don't remove GPIO device on suspend staging: greybus: fix get_channel_from_mode() failure path usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin net: hsr: fix placement of logical operator in a multi-line statement hsr: Fix uninit-value access in hsr_get_node() rds: introduce acquire/release ordering in acquire/release_in_xmit() hsr: Handle failures in module init net/bnx2x: Prevent access to a freed page in page_pool spi: spi-mt65xx: Fix NULL pointer access in interrupt handler crypto: af_alg - Fix regression on empty requests crypto: af_alg - Work around empty control messages without MSG_MORE Linux 4.19.311 Change-Id: I034e9a44b6dec1a7b5c600b3cd77aabc401044d7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-04-16 10:07:50 +00:00
Greg Kroah-Hartman	45df1db3d3	Merge 4.19.307 into android-4.19-stable Changes in 4.19.307 PCI: mediatek: Clear interrupt status before dispatching handler include/linux/units.h: add helpers for kelvin to/from Celsius conversion units: Add Watt units units: change from 'L' to 'UL' units: add the HZ macros serial: sc16is7xx: set safe default SPI clock frequency driver core: add device probe log helper spi: introduce SPI_MODE_X_MASK macro serial: sc16is7xx: add check for unsupported SPI modes during probe ext4: allow for the last group to be marked as trimmed crypto: api - Disallow identical driver names PM: hibernate: Enforce ordering during image compression/decompression hwrng: core - Fix page fault dead lock on mmap-ed hwrng rpmsg: virtio: Free driver_override when rpmsg_remove() parisc/firmware: Fix F-extend for PDC addresses nouveau/vmm: don't set addr on the fail path to avoid warning block: Remove special-casing of compound pages powerpc: Use always instead of always-y in for crtsavres.o x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum driver core: Annotate dev_err_probe() with __must_check Revert "driver core: Annotate dev_err_probe() with __must_check" driver code: print symbolic error code drivers: core: fix kernel-doc markup for dev_err_probe() net/smc: fix illegal rmb_desc access in SMC-D connection dump vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING llc: make llc_ui_sendmsg() more robust against bonding changes llc: Drop support for ETH_P_TR_802_2. net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv tracing: Ensure visibility when inserting an element into tracing_map tcp: Add memory barrier to tcp_push() netlink: fix potential sleeping issue in mqueue_flush_file net/mlx5: Use kfree(ft->g) in arfs_create_groups() net/mlx5e: fix a double-free in arfs_create_groups netfilter: nf_tables: restrict anonymous set and map names to 16 bytes fjes: fix memleaks in fjes_hw_setup net: fec: fix the unhandled context fault from smmu btrfs: don't warn if discard range is not aligned to sector btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args netfilter: nf_tables: reject QUEUE/DROP verdict parameters gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 drm: Don't unref the same fb many times by mistake due to deadlock handling drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm/bridge: nxp-ptn3460: simplify some error checking drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume gpio: eic-sprd: Clear interrupt after set the interrupt type mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan tick/sched: Preserve number of idle sleeps across CPU hotplug events x86/entry/ia32: Ensure s32 is sign extended to s64 net/sched: cbs: Fix not adding cbs instance to list powerpc/mm: Fix null-pointer dereference in pgtable_cache_add powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc/lib: Validate size for vector operations audit: Send netlink ACK before setting connection in auditd_set ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop PNP: ACPI: fix fortify warning ACPI: extlog: fix NULL pointer dereference check FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree UBSAN: array-index-out-of-bounds in dtSplitRoot jfs: fix slab-out-of-bounds Read in dtSearch jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix uaf in jfs_evict_inode pstore/ram: Fix crash when setting number of cpus to an odd number crypto: stm32/crc32 - fix parsing list of devices afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() jfs: fix array-index-out-of-bounds in diNewExt s390/ptrace: handle setting of fpc register correctly KVM: s390: fix setting of fpc register SUNRPC: Fix a suspicious RCU usage warning ext4: fix inconsistent between segment fstrim and full fstrim ext4: unify the type of flexbg_size to unsigned int ext4: remove unnecessary check from alloc_flex_gd() ext4: avoid online resizing failures due to oversized flex bg scsi: lpfc: Fix possible file string name overflow when updating firmware PCI: Add no PM reset quirk for NVIDIA Spectrum devices bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7s: Fix nand-controller #size-cells wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() bpf: Add map and need_defer parameters to .map_fd_put_ptr() scsi: libfc: Don't schedule abort twice scsi: libfc: Fix up timeout error in fc_fcp_rec_error() ARM: dts: rockchip: fix rk3036 hdmi ports node ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx27: Fix sram node ARM: dts: imx1: Fix sram node ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx23/28: Fix the DMA controller node name md: Whenassemble the array, consult the superblock of the freshest device wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: cfg80211: free beacon_ies when overridden from hidden BSS f2fs: fix to check return value of f2fs_reserve_new_block() ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument fast_dput(): handle underflows gracefully RDMA/IPoIB: Fix error code return in ipoib_mcast_join drm/drm_file: fix use of uninitialized variable drm/framebuffer: Fix use of uninitialized variable drm/mipi-dsi: Fix detach call without attach media: stk1160: Fixed high volume of stk1160_dbg messages media: rockchip: rga: fix swizzling for RGB formats PCI: add INTEL_HDA_ARL to pci_ids.h ALSA: hda: Intel: add HDA_ARL PCI ID support drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time IB/ipoib: Fix mcast list locking media: ddbridge: fix an error code problem in ddb_probe drm/msm/dpu: Ratelimit framedone timeout msgs clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() drm/amdgpu: Let KFD sync with VM fences drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' leds: trigger: panic: Don't register panic notifier if creating the trigger failed um: Fix naming clash between UML and scheduler um: Don't use vfprintf() for os_info() um: net: Fix return type of uml_net_start_xmit() mfd: ti_am335x_tscadc: Fix TI SoC dependencies PCI: Only override AMD USB controller if required usb: hub: Replace hardcoded quirk value with BIT() macro libsubcmd: Fix memory leak in uniq() virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings blk-mq: fix IO hang from sbitmap wakeup race ceph: fix deadlock or deadcode of misusing dget() drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update scsi: isci: Fix an error code problem in isci_io_request_build() net: remove unneeded break ixgbe: Remove non-inclusive language ixgbe: Refactor returning internal error codes ixgbe: Refactor overtemp event handling ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ipv6: Ensure natural alignment of const ipv6 loopback and router addresses llc: call sock_orphan() at release time netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger net: ipv4: fix a memleak in ip_setup_cork af_unix: fix lockdep positive in sk_diag_dump_icons() net: sysfs: Fix /sys/class/net/<iface> path HID: apple: Add support for the 2021 Magic Keyboard HID: apple: Swap the Fn and Left Control keys on Apple keyboards HID: apple: Add 2021 magic keyboard FN key mapping bonding: remove print in bond_verify_device_path dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP atm: idt77252: fix a memleak in open_card_ubr0 hwmon: (aspeed-pwm-tacho) mutex for tach reading hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping inet: read sk->sk_family once in inet_recv_error() rxrpc: Fix response to PING RESPONSE ACKs to a dead call tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() ppp_async: limit MRU to 64K netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 net/af_iucv: clean up a try_then_request_module() USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e USB: serial: option: add Fibocom FM101-GL variant USB: serial: cp210x: add ID for IMST iM871A-USB Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID vhost: use kzalloc() instead of kmalloc() followed by memset() hrtimer: Report offline hrtimer enqueue btrfs: forbid creating subvol qgroups btrfs: send: return EOPNOTSUPP on unknown flags spi: ppc4xx: Drop write-only variable ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Documentation: net-sysfs: describe missing statistics net: sysfs: Fix /sys/class/net/<iface> path for statistics MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler i40e: Fix waiting for queues of all VSIs to be disabled tracing/trigger: Fix to return error if failed to alloc snapshot mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again HID: wacom: generic: Avoid reporting a serial of '0' to userspace HID: wacom: Do not register input devices until after hid_hw_start USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT usb: f_mass_storage: forbid async queue when shutdown happen scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" firewire: core: correct documentation of fw_csr_string() kernel API nfc: nci: free rx_data_reassembly skb on NCI device cleanup xen-netback: properly sync TX responses binder: signal epoll threads of self-work ext4: fix double-free of blocks due to wrong extents moved_len staging: iio: ad5933: fix type mismatch regression ring-buffer: Clean ring_buffer_poll_wait() error return serial: max310x: set default value when reading clock ready bit serial: max310x: improve crystal stable clock detection x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 x86/mm/ident_map: Use gbpages only where full GB page should be mapped. ALSA: hda/conexant: Add quirk for SWS JS201D nilfs2: fix data corruption in dsync block recovery for small block sizes nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nfp: use correct macro for LengthSelect in BAR config irqchip/irq-brcmstb-l2: Add write memory barrier before exit pmdomain: core: Move the unused cleanup to a _sync initcall Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" sched/membarrier: reduce the ability to hammer on sys_membarrier nilfs2: fix potential bug in end_buffer_async_write lsm: new security_file_ioctl_compat() hook netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Linux 4.19.307 Change-Id: Ib05aec445afe9920e2502bcfce1c52db76e27139 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-04-15 10:17:13 +00:00
Roman Smirnov	6a55dab4ac	block: prevent division by zero in blk_rq_stat_sum() [ Upstream commit 93f52fbeaf4b676b21acfe42a5152620e6770d02 ] The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace. Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru> Link: https://lore.kernel.org/r/20240305134509.23108-1-r.smirnov@omp.ru Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-04-13 12:50:16 +02:00
Christoph Hellwig	f28658bc8a	block: add a new set_read_only method [ Upstream commit e00adcadf3af7a8335026d71ab9f0e0a922191ac ] Add a new method to allow for driver-specific processing when setting or clearing the block device read-only state. This allows to replace the cumbersome and error-prone override of the whole ioctl implementation. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Stable-dep-of: 9674f54e41ff ("md: Don't clear MD_CLOSING when the raid is about to stop") Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-03-26 18:22:34 -04:00
Christoph Hellwig	dc51c01a3d	md: switch to ->check_events for media change notifications [ Upstream commit a564e23f0f99759f453dbefcb9160dec6d99df96 ] md is the last driver using the legacy media_changed method. Switch it over to (not so) new ->clear_events approach, which also removes the need for the ->revalidate_disk method. Signed-off-by: Christoph Hellwig <hch@lst.de> [axboe: remove unused 'bdops' variable in disk_clear_events()] Signed-off-by: Jens Axboe <axboe@kernel.dk> Stable-dep-of: 9674f54e41ff ("md: Don't clear MD_CLOSING when the raid is about to stop") Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-03-26 18:22:34 -04:00
Greg Joyce	72da7347f4	block: sed-opal: handle empty atoms when parsing response [ Upstream commit 5429c8de56f6b2bd8f537df3a1e04e67b9c04282 ] The SED Opal response parsing function response_parse() does not handle the case of an empty atom in the response. This causes the entry count to be too high and the response fails to be parsed. Recognizing, but ignoring, empty atoms allows response handling to succeed. Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com> Link: https://lore.kernel.org/r/20240216210417.3526064-2-gjoyce@linux.ibm.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-03-26 18:22:33 -04:00
Greg Kroah-Hartman	038c0dcdcd	Merge `d2d0b95ca1` ("block: Remove special-casing of compound pages") into android-mainline Steps on the way to 4.19.307 Change-Id: Ia57840d96d36c5c4a67be2f7c69807e449728406 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2024-03-07 15:04:35 +00:00
Ming Lei	9525b38180	blk-mq: fix IO hang from sbitmap wakeup race [ Upstream commit 5266caaf5660529e3da53004b8b7174cab6374ed ] In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can't get driver tag successfully. This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop. modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4 dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter/host/target//block/* \| head -1 \| xargs basename` fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \ --runtime=100 --numjobs=40 --time_based --name=test \ --ioengine=libaio Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which is just fine in case of running out of tag. Cc: Jan Kara <jack@suse.cz> Cc: Kemeng Shi <shikemeng@huaweicloud.com> Reported-by: Changhui Zhong <czhong@redhat.com> Signed-off-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20240112122626.4181044-1-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2024-02-23 08:12:51 +01:00
Matthew Wilcox (Oracle)	d2d0b95ca1	block: Remove special-casing of compound pages commit 1b151e2435fc3a9b10c8946c6aebe9f3e1938c55 upstream. The special casing was originally added in pre-git history; reproducing the commit log here: > commit a318a92567d77 > Author: Andrew Morton <akpm@osdl.org> > Date: Sun Sep 21 01:42:22 2003 -0700 > > [PATCH] Speed up direct-io hugetlbpage handling > > This patch short-circuits all the direct-io page dirtying logic for > higher-order pages. Without this, we pointlessly bounce BIOs up to > keventd all the time. In the last twenty years, compound pages have become used for more than just hugetlb. Rewrite these functions to operate on folios instead of pages and remove the special case for hugetlbfs; I don't think it's needed any more (and if it is, we can put it back in as a call to folio_test_hugetlb()). This was found by inspection; as far as I can tell, this bug can lead to pages used as the destination of a direct I/O read not being marked as dirty. If those pages are then reclaimed by the MM without being dirtied for some other reason, they won't be written out. Then when they're faulted back in, they will not contain the data they should. It'll take a pretty unusual setup to produce this problem with several races all going the wrong way. This problem predates the folio work; it could for example have been triggered by mmaping a THP in tmpfs and using that as the target of an O_DIRECT read. Fixes: `800d8c63b2` ("shmem: add huge pages support") Cc: <stable@vger.kernel.org> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-23 08:12:40 +01:00
Michael Bestas	5419dea4e7	Merge tag 'LA.UM.9.12.r1-18100-SMxx50.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19 into android13-4.19-kona "LA.UM.9.12.r1-18100-SMxx50.QSSI14.0" * tag 'LA.UM.9.12.r1-18100-SMxx50.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19: msm: kgsl: Do not release dma and anon buffers if unmap fails mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC usb: phy: Enable clock before accessing EUD register space loop: Select I/O scheduler 'none' from inside add_disk() BACKPORT: loop: Fix missing discard support when using LOOP_CONFIGURE UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE loop: Check for overflow while configuring loop BACKPORT: loop: Set correct device size when using LOOP_CONFIGURE cnss2: Add support for configuring calibration duration block: delete part_round_stats and switch to less precise counting BACKPORT: media: venus: hfi_parser: Add check for number of codecs BACKPORT: media: venus: hfi: add checks in capabilities from firmware BACKPORT: media: venus: hfi: fix the check in session buffer requirement BACKPORT: media: venus: hfi: add checks to perform sanity on queue pointers vidc_3x: venc: Add missing level in h263 msm: kgsl: Do not free sharedmem if it cannot be unmapped vidc_3x: Return EBUSY if mbpf check fails soc: qcom: qmi_encdec: out of bound check for input buffer Conflicts: drivers/media/platform/qcom/venus/hfi_parser.c drivers/media/platform/qcom/venus/hfi_venus.c Change-Id: I79781403e7d2e6417196eda9f67015c998d1e8d4	2024-02-10 19:44:46 +02:00
Michael Bestas	bfc560ed37	Merge tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-01-01 * tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.304 block: Don't invalidate pagecache for invalid falloc modes dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() scsi: bnx2fc: Remove set but not used variable 'oxid' Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() pinctrl: at91-pio4: use dedicated lock class for IRQ net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Revert "cred: switch to using atomic_long_t" Linux 4.19.303 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" cred: switch to using atomic_long_t Revert "PCI: acpiphp: Reassign resources on bridge if necessary" appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" ANDROID: Snapshot Mainline's version of checkpatch.pl Linux 4.19.302 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work IB/isert: Fix unaligned immediate-data handling tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() packet: Move reference count in packet_sock to atomic_long_t ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket netfilter: xt_owner: Add supplementary groups option net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier media: davinci: vpif_capture: fix potential double free spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. spi: imx: correct wml as the last sg length spi: imx: move wml setting to later than setup_transfer spi: imx: add a device specific prepare_message callback Linux 4.19.301 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded ravb: Fix races between ravb_tx_timeout_work() and net related ops ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address powerpc: Don't clobber f0/vs0 during fp\|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration USB: dwc3: qcom: fix wakeup after probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields MIPS: KVM: Fix a build warning about variable set but not used net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links Conflicts: drivers/mmc/host/cqhci.c drivers/net/usb/ax88179_178a.c drivers/usb/dwc3/core.c scripts/checkpatch.pl Change-Id: I571c71df4f4c1c612d4101c9b9c2b901b4408103	2024-01-13 21:09:02 +02:00
Greg Kroah-Hartman	db2162fa05	Merge 4.19.303 into android-4.19-stable Changes in 4.19.303 qca_debug: Prevent crash on TX ring changes qca_debug: Fix ethtool -G iface tx behavior qca_spi: Fix reset behavior atm: solos-pci: Fix potential deadlock on &cli_queue_lock atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: Fix Use-After-Free in do_vcc_ioctl net/rose: Fix Use-After-Free in rose_ioctl qed: Fix a potential use-after-free in qed_cxt_tables_alloc net: Remove acked SYN flag from packet in the transmit queue correctly sign-file: Fix incorrect return values check vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() net: stmmac: Handle disabled MDIO busses from devicetree appletalk: Fix Use-After-Free in atalk_ioctl Revert "PCI: acpiphp: Reassign resources on bridge if necessary" cred: switch to using atomic_long_t blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" bcache: avoid oversize memory allocation by small stripe_size bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid NULL checking to c->root in run_cache_set() platform/x86: intel_telemetry: Fix kernel doc descriptions HID: add ALWAYS_POLL quirk for Apple kb HID: hid-asus: reset the backlight brightness level on resume HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation net: usb: qmi_wwan: claim interface 4 for ZTE MF290 HID: hid-asus: add const to read-only outgoing usb buffer perf: Fix perf_event_validate_size() lockdep splat ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify team: Fix use-after-free when an option instance allocation fails ring-buffer: Fix memory leak of free page mmc: block: Be sure to wait while busy in CQE error recovery powerpc/ftrace: Create a dummy stackframe to fix stack unwind powerpc/ftrace: Fix stack teardown in ftrace_no_trace Linux 4.19.303 Change-Id: I209240976b6ff49ae89b0a77e777041e376416d9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2023-12-21 13:48:38 +00:00
Ming Lei	6c97b28b01	blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" [ Upstream commit 27b13e209ddca5979847a1b57890e0372c1edcee ] Inside blkg_for_each_descendant_pre(), both css_for_each_descendant_pre() and blkg_lookup() requires RCU read lock, and either cgroup_assert_mutex_or_rcu_locked() or rcu_read_lock_held() is called. Fix the warning by adding rcu read lock. Reported-by: Changhui Zhong <czhong@redhat.com> Signed-off-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20231117023527.3188627-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2023-12-20 15:38:02 +01:00
Michael Bestas	693180eebb	Squashed revert of recent blk-mq changes Revert "BACKPORT: blk-mq: fix is_flush_rq" This reverts commit `09de4ca5ab`. Revert "BACKPORT: blk-mq: clearing flush request reference in tags->rqs[]" This reverts commit `bcf59d6f28`. Revert "BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter" This reverts commit `66b99c5dad`. Reason for revert: According to the following links, those changes are not needed. Our kernel already has the proper version of "BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool" and the remaining changes break compilation, so just revert them. https://android-review.googlesource.com/c/kernel/common/+/2502118/ https://android-review.googlesource.com/c/kernel/common/+/2502120/ https://android-review.googlesource.com/c/kernel/common/+/2502121/ Change-Id: I368ab4b975089b5efc08bd7c8c19976b3934412a	2023-12-14 13:15:09 +02:00
Michael Bestas	930923679e	Merge tag 'LA.UM.9.12.r1-17600.04-SMxx50.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19 into android13-4.19-kona "LA.UM.9.12.r1-17600.04-SMxx50.QSSI14.0" * tag 'LA.UM.9.12.r1-17600.04-SMxx50.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19: BACKPORT: blk-mq: fix is_flush_rq BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool BACKPORT: blk-mq: clearing flush request reference in tags->rqs[] BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter Conflicts: block/blk-mq-tag.c block/blk-mq-tag.h block/blk-mq.c Change-Id: I7d9036406b384ced9b64346fc4107b23f8893f34	2023-12-14 13:14:59 +02:00
Mikulas Patocka	e75f2ca433	block: delete part_round_stats and switch to less precise counting We want to convert to per-cpu in_flight counters. The function part_round_stats needs the in_flight counter every jiffy, it would be too costly to sum all the percpu variables every jiffy, so it must be deleted. part_round_stats is used to calculate two counters - time_in_queue and io_ticks. time_in_queue can be calculated without part_round_stats, by adding the duration of the I/O when the I/O ends (the value is almost as exact as the previously calculated value, except that time for in-progress I/Os is not counted). io_ticks can be approximated by increasing the value when I/O is started or ended and the jiffies value has changed. If the I/Os take less than a jiffy, the value is as exact as the previously calculated value. If the I/Os take more than a jiffy, io_ticks can drift behind the previously calculated value. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>. Change-Id: I39ed139e8059dc7cc6dff95eb797f1cee4cef0fb Git-commit: 5b18b5a737600fd20ba2045f320d5926ebbf341a Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>	2023-12-11 15:30:00 +05:30
Michael Bestas	51fc2f7bdb	Merge tag 'LA.UM.9.12.r1-17400-SMxx50.QSSI13.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19 into android13-4.19-kona "LA.UM.9.12.r1-17400-SMxx50.QSSI13.0" * tag 'LA.UM.9.12.r1-17400-SMxx50.QSSI13.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19: dwc3-msm-core: Remove usage of DWC31_LINK_GDBGLTSSM with POR defconfig: kona: Fix for SonyDualSenseEdge cts failures defconfig: kona: Fix for SonyDualSenseEdge cts failures usb: dwc3-msm-core: Set pipectl susphy in conndone interrupt BACKPORT: bpf: add bpf_ktime_get_boot_ns() bus: mhi: fix potential out-of-bound access usb: dwc3: gadget: Bail out in pullup if soft reset timeout happens msm: kgsl: Limit the syncpoint count for AUX commands msm: kgsl: Prevent wrap around during user address mapping bt: Unset multi channel bit for 44.1/88.2Khz A2DP Rx BACKPORT: bpf: add bpf_ktime_get_boot_ns() iommu: Fix missing return check of arm_lpae_init_pte block: ratelimit handle_bad_sector() message securemsm-kernel: Fix multiple listener registration on same fd Change-Id: I37201afb12aba0a082bdce6acb461839ed3a77b8	2023-11-09 14:42:07 +02:00
Linux Build Service Account	fe3f71bc42	Merge "BACKPORT: blk-mq: fix is_flush_rq" into kernel.lnx.4.19.r3	2023-11-06 03:27:00 -08:00
Linux Build Service Account	24f31eadf0	Merge "BACKPORT: blk-mq: clearing flush request reference in tags->rqs[]" into kernel.lnx.4.19.r3	2023-11-06 03:01:15 -08:00
Ming Lei	09de4ca5ab	BACKPORT: blk-mq: fix is_flush_rq is_flush_rq() is called from bt_iter()/bt_tags_iter(), and runs the following check: hctx->fq->flush_rq == req but the passed hctx from bt_iter()/bt_tags_iter() may be NULL because: 1) memory re-order in blk_mq_rq_ctx_init(): rq->mq_hctx = data->hctx; ... refcount_set(&rq->ref, 1); OR 2) tag re-use and ->rqs[] isn't updated with new request. Fix the issue by re-writing is_flush_rq() as: return rq->end_io == flush_end_io; which turns out simpler to follow and immune to data race since we have ordered WRITE rq->end_io and refcount_set(&rq->ref, 1). Fixes: 2e315dc07df0 ("blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter") Cc: "Blank-Burian, Markus, Dr." <blankburian@uni-muenster.de> Cc: Yufen Yu <yuyufen@huawei.com> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: I4c19fc2c7d39235b0e95a622f26646a353a19ee9 [Upstream: cherry picked from commit a9ed27a764156929efe714033edb3e9023c5f321] [Pradeep: Resolved conflicts in block/blk.h] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Git-commit: ec1b6ab9fe80cf689780c9ee3b2cdb04cc11895e Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> (cherry picked from commit `49724e13eb`) Change-Id: I866184c8fb0d5708fc582c1aff0c4084a911a291 Signed-off-by: Surapusetty Naresh Babu <snareshb@qti.qualcomm.com>	2023-11-06 03:00:13 -08:00
Ming Lei	70249194f9	BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool refcount_inc_not_zero() in bt_tags_iter() still may read one freed request. Fix the issue by the following approach: 1) hold a per-tags spinlock when reading ->rqs[tag] and calling refcount_inc_not_zero in bt_tags_iter() 2) clearing stale request referred via ->rqs[tag] before freeing request pool, the per-tags spinlock is held for clearing stale ->rq[tag] So after we cleared stale requests, bt_tags_iter() won't observe freed request any more, also the clearing will wait for pending request reference. The idea of clearing ->rqs[] is borrowed from John Garry's previous patch and one recent David's patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: David Jeffery <djeffery@redhat.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: If49478d7b05d3f5b0a26966ddf9ae764cf2fb6b0 [Upstream: cherry picked from commit bd63141d585bef14f4caf111f6d0e27fe2300ec6] [Todd: refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> Git-commit: bb96e7f45dc6ac1d6ec12190f1f286e3014fb068 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> (cherry picked from commit `02c9fbde9b`) Change-Id: I58693eddf77156f574a80542f719bd132906f0cc Signed-off-by: Surapusetty Naresh Babu <snareshb@qti.qualcomm.com>	2023-11-06 02:30:55 -08:00
Ming Lei	bcf59d6f28	BACKPORT: blk-mq: clearing flush request reference in tags->rqs[] Before we free request queue, clearing flush request reference in tags->rqs[], so that potential UAF can be avoided. Based on one patch written by David Jeffery. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: David Jeffery <djeffery@redhat.com> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: I9600626e807a4eed546c21be808fabed2a9db9b1 [Upstream: cherry picked from commit 364b61818f65045479e42e76ed8dd6f051778280] [Todd: refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> Git-commit: c9a3b51b07a03d515e15e0f79d1d1185e341b8f8 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> (cherry picked from commit `20042399e9`) Change-Id: Ic727c468ba88f754d79393d9dced45f7bca55733 Signed-off-by: Surapusetty Naresh Babu <snareshb@qti.qualcomm.com>	2023-11-05 23:40:12 -08:00
Ming Lei	66b99c5dad	BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter Grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter(), and this way will prevent the request from being re-used when ->fn is running. The approach is same as what we do during handling timeout. Fix request use-after-free(UAF) related with completion race or queue releasing: - If one rq is referred before rq->q is frozen, then queue won't be frozen before the request is released during iteration. - If one rq is referred after rq->q is frozen, refcount_inc_not_zero() will return false, and we won't iterate over this request. However, still one request UAF not covered: refcount_inc_not_zero() may read one freed request, and it will be handled in next patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: Ib80fe8b9f1d76d2489e41f3365fbd12d68a3b097 [Pradeep: Resolved conflicts in block/blk-mq-tag.c] Git-commit: a5d38e7c26ca21a544635732a711176017663168 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com> (cherry picked from commit `f3b26aea99`) Change-Id: I88aed73876e4126b1144604a66c61c0f79f40116 Signed-off-by: Surapusetty Naresh Babu <snareshb@qti.qualcomm.com>	2023-11-05 23:23:35 -08:00
Ming Lei	49724e13eb	BACKPORT: blk-mq: fix is_flush_rq is_flush_rq() is called from bt_iter()/bt_tags_iter(), and runs the following check: hctx->fq->flush_rq == req but the passed hctx from bt_iter()/bt_tags_iter() may be NULL because: 1) memory re-order in blk_mq_rq_ctx_init(): rq->mq_hctx = data->hctx; ... refcount_set(&rq->ref, 1); OR 2) tag re-use and ->rqs[] isn't updated with new request. Fix the issue by re-writing is_flush_rq() as: return rq->end_io == flush_end_io; which turns out simpler to follow and immune to data race since we have ordered WRITE rq->end_io and refcount_set(&rq->ref, 1). Fixes: 2e315dc07df0 ("blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter") Cc: "Blank-Burian, Markus, Dr." <blankburian@uni-muenster.de> Cc: Yufen Yu <yuyufen@huawei.com> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: I4c19fc2c7d39235b0e95a622f26646a353a19ee9 [Upstream: cherry picked from commit a9ed27a764156929efe714033edb3e9023c5f321] [Pradeep: Resolved conflicts in block/blk.h] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Git-commit: ec1b6ab9fe80cf689780c9ee3b2cdb04cc11895e Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>	2023-10-24 22:17:09 -07:00
Ming Lei	20042399e9	BACKPORT: blk-mq: clearing flush request reference in tags->rqs[] Before we free request queue, clearing flush request reference in tags->rqs[], so that potential UAF can be avoided. Based on one patch written by David Jeffery. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: David Jeffery <djeffery@redhat.com> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: I9600626e807a4eed546c21be808fabed2a9db9b1 [Upstream: cherry picked from commit 364b61818f65045479e42e76ed8dd6f051778280] [Todd: refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> Git-commit: c9a3b51b07a03d515e15e0f79d1d1185e341b8f8 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>	2023-10-24 22:16:48 -07:00
Ming Lei	02c9fbde9b	BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool refcount_inc_not_zero() in bt_tags_iter() still may read one freed request. Fix the issue by the following approach: 1) hold a per-tags spinlock when reading ->rqs[tag] and calling refcount_inc_not_zero in bt_tags_iter() 2) clearing stale request referred via ->rqs[tag] before freeing request pool, the per-tags spinlock is held for clearing stale ->rq[tag] So after we cleared stale requests, bt_tags_iter() won't observe freed request any more, also the clearing will wait for pending request reference. The idea of clearing ->rqs[] is borrowed from John Garry's previous patch and one recent David's patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: David Jeffery <djeffery@redhat.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: If49478d7b05d3f5b0a26966ddf9ae764cf2fb6b0 [Upstream: cherry picked from commit bd63141d585bef14f4caf111f6d0e27fe2300ec6] [Todd: refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> Git-commit: bb96e7f45dc6ac1d6ec12190f1f286e3014fb068 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>	2023-10-24 22:16:17 -07:00
Ming Lei	f3b26aea99	BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter Grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter(), and this way will prevent the request from being re-used when ->fn is running. The approach is same as what we do during handling timeout. Fix request use-after-free(UAF) related with completion race or queue releasing: - If one rq is referred before rq->q is frozen, then queue won't be frozen before the request is released during iteration. - If one rq is referred after rq->q is frozen, refcount_inc_not_zero() will return false, and we won't iterate over this request. However, still one request UAF not covered: refcount_inc_not_zero() may read one freed request, and it will be handled in next patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com>. Bug: 197804811 Change-Id: Ib80fe8b9f1d76d2489e41f3365fbd12d68a3b097 [Pradeep: Resolved conflicts in block/blk-mq-tag.c] Git-commit: a5d38e7c26ca21a544635732a711176017663168 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Pradeep P V K <quic_pragalla@quicinc.com>	2023-10-25 10:33:40 +05:30
Michael Bestas	1b59618ce4	Merge tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.294 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.19.293 dma-buf/sw_sync: Avoid recursive lock during fence signal clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable rtnetlink: Reject negative ifindexes in RTM_NEWLINK netfilter: nf_queue: fix socket leak sched/rt: pick_next_rt_entity(): check list_entry mmc: block: Fix in_flight[issue_type] value error x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Don't increase MTU when set by user batman-adv: Trigger events for auto adjusted MTU nfsd: Fix race to FREE_STATEID and cl_revoked ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl bonding: fix macvlan over alb bond support net: remove bond_slave_has_mac_rcu() net/sched: fix a qdisc modification with ambiguous command request igb: Avoid starting unnecessary workqueues dccp: annotate data-races in dccp_poll() sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: do not wait for mpc idle if tg is disabled regmap: Account for register length in SMBus I/O limits dm integrity: reduce vmalloc space footprint on 32-bit architectures dm integrity: increase RECALC_SECTORS to improve recalculate speed powerpc: Fail build if using recordmcount with binutils v2.37 powerpc: remove leftover code of old GCC version checks powerpc/32: add stack protector support fbdev: fix potential OOB read in fast_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: Improve performance of sys_imageblit() tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" MIPS: cpu-features: Use boot_cpu_type for CPU type based features MIPS: cpu-features: Enable octeon_cache by cpu_type fs: dlm: fix mismatch of plock results from userspace fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: change plock interrupted message to debug again fs: dlm: add pid to debug log dlm: replace usage of found with dedicated list iterator variable dlm: improve plock logging if interrupted PCI: acpiphp: Reassign resources on bridge if necessary net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled virtio-net: set queues after driver_ok af_unix: Fix null-ptr-deref in unix_stream_sendpage(). netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. serial: 8250: Fix oops for port->pm on uart_change_pm() ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: rt5665: add missed regulator_bulk_disable net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps selftests: mirror_gre_changes: Tighten up the TTL test match xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 xfrm: fix slab-use-after-free in decode_session6 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read btrfs: fix BUG_ON condition in btrfs_cancel_balance powerpc/rtas_flash: allow user copy to flash block cache objects fbdev: mmp: fix value check in mmphw_probe() virtio-mmio: don't break lifecycle of vm_dev virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: convert to devm_platform_ioremap_resource nfsd: Remove incorrect check in nfsd4_validate_stateid nfsd4: kill warnings on testing stateids with mismatched clientids block: fix signed int overflow in Amiga partition support mmc: sunxi: fix deferred probing mmc: bcm2835: fix deferred probing mmc: Remove dev_err() usage after platform_get_irq() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: meson-gx: remove useless lock USB: dwc3: qcom: fix NULL-deref on suspend usb: dwc3: qcom: Add helper functions to enable,disable wake irqs irqchip/mips-gic: Use raw spinlock for gic_lock irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms powerpc/64s/radix: Fix soft dirty tracking powerpc: Move page table dump files in a dedicated subdirectory powerpc/mm: dump block address translation on book3s/32 powerpc/mm: dump segment registers on book3s/32 powerpc/mm: Move pgtable_t into platform headers powerpc/mm: move platform specific mmu-xxx.h in platform directories iio: addac: stx104: Fix race condition when converting analog-to-digital iio: addac: stx104: Fix race condition for stx104_write_raw() iio: adc: stx104: Implement and utilize register structures iio: adc: stx104: Utilize iomap interface iio: add addac subdirectory IMA: allow/fix UML builds drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames HID: add quirk for 03f0:464a HP Elite Presenter Mouse quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init selftests: forwarding: tc_flower: Relax success criterion lib/mpi: Eliminate unused umul_ppmm definitions for MIPS Revert "posix-timers: Ensure timer ID search-loop limit is valid" UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.19.292 sch_netem: fix issues in netem_change() vs get_dist_table() alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush btrfs: don't stop integrity writeback too early ibmvnic: Handle DMA unmapping of login buffs in release functions wifi: cfg80211: fix sband iftype data lookup for AP_VLAN IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status mISDN: Update parameter type of dsp_cmx_send() drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() binder: fix memory leak in binder_init() iio: cros_ec: Fix the allocation size for cros_ec_command nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads drm/nouveau/gr: enable memory loads on helper invocation on all channels dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free Linux 4.19.291 drm/edid: fix objtool warning in drm_cvt_modes() arm64: dts: stratix10: fix incorrect I2C property for SCL signal drivers core: Use sysfs_emit and sysfs_emit_at for show(device ...) functions ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node ARM: dts: imx6sll: fixup of operating points ARM: dts: imx: add usb alias ARM: dts: imx6sll: Make ssi node name same as other platforms PM: sleep: wakeirq: fix wake irq arming PM / wakeirq: support enabling wake-up irq after runtime_suspend called powerpc/mm/altmap: Fix altmap boundary check mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() scsi: zfcp: Defer fc_rport blocking until after ADISC response tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off net: sched: cls_u32: Fix match key mis-addressing perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() KVM: s390: fix sthyi error handling word-at-a-time: use the same return type for has_zero regardless of endianness loop: Select I/O scheduler 'none' from inside add_disk() perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow ASoC: cs42l51: fix driver to properly autoload with automatic module loading net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume virtio-net: fix race between set queues and probe serial: 8250_dw: Preserve original value of DLF register serial: 8250_dw: split Synopsys DesignWare 8250 common functions irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code btrfs: check for commit error at btrfs_attach_transaction_barrier() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: clarify CVE handling Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size USB: quirks: add quirk for Focusrite Scarlett usb: ohci-at91: Fix the unhandle interrupt when resume usb: dwc3: don't reset device side if dwc3 was configured as host-only usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() RDMA/mlx4: Make check for invalid flags stricter benet: fix return value check in be_lancer_xmit_workarounds() net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 net/sched: mqprio: add extack to mqprio_parse_nlattr() net/sched: mqprio: refactor nlattr parsing to a separate function platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() ftrace: Store the order of pages allocated in ftrace_page ftrace: Check if pages were allocated before calling free_pages() ftrace: Add information on number of page groups allocated fs: dlm: interrupt posix locks only when process is killed dlm: rearrange async condition return dlm: cleanup plock_op vs plock_xop PCI/ASPM: Avoid link retraining race PCI/ASPM: Factor out pcie_wait_for_retrain() PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() PCI: Rework pcie_retrain_link() wait loop ext4: Fix reusing stale buffer heads from last failed mounting ext4: rename journal_dev to s_journal_dev inside ext4_sb_info btrfs: fix extent buffer leak after tree mod log failure at split_node() bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set gpio: tps68470: Make tps68470_gpio_output() always set the initial value tracing/histograms: Return an error if we fail to add histogram to hist_vars list tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->linger2 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Revert "tcp: avoid the lookup process failing to get sk in ehash table" net:ipv6: check return value of pskb_trim() net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: iwlwifi: mvm: avoid baid size integer overflow wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() tracing/histograms: Add histograms to hist_vars if they have referenced variables drm/atomic: Fix potential use-after-free in nonblocking commits scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length ceph: don't let check_caps skip sending responses for revoke msgs hwrng: imx-rngc - fix the timeout for init and self check serial: atmel: don't enable IRQs prematurely fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test misc: pci_endpoint_test: Free IRQs before removing the device PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() net: bcmgenet: Ensure MDIO unregistration has clocks enabled tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_tool: Add check for devm_kcalloc NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). vrf: Increment Icmp6InMsgs on the original netdev net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_ constant types, clarify masking net: lan743x: Don't sleep in atomic context netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: use net_generic infra for transaction data netfilter: add helper function to set up the nfnetlink header and use it netfilter: nftables: add helper function to set the base sequence number netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: fix nat hook table deletion spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() bcache: Remove unnecessary NULL point check in node allocations mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation ALSA: jack: Fix mutex call in snd_jack_report() i2c: xiic: Don't try to handle more interrupt events after error i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y f2fs: fix error path handling in truncate_dnode() mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard ARCv2: entry: rewrite to enable use of double load/stores LDD/STD ARCv2: entry: avoid a branch ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE ARCv2: entry: comments about hardware auto-save on taken interrupts modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled hwrng: virtio - Fix race on data_avail and actual data hwrng: virtio - always add a pending request hwrng: virtio - don't waste entropy hwrng: virtio - don't wait on cleanup hwrng: virtio - add an internal buffer pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). ipvlan: Fix return value of ipvlan_queue_xmit() netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: ray_cs: Drop useless status variable in parse_addr() wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wl3501_cs: use eth_hw_addr_set() net: create netdev->dev_addr assignment helpers wl3501_cs: Fix misspelling and provide missing documentation wl3501_cs: Remove unnecessary NULL check wl3501_cs: Fix a bunch of formatting issues related to function docs wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() nfc: constify several pointers to u8, char and sk_buff wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() samples/bpf: Fix buffer overflow in tcp_basertt wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() ARM: 9303/1: kprobes: avoid missing-declaration warnings PM: domains: fix integer overflow issues in genpd_parse_state() clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe clocksource/drivers/cadence-ttc: Use ttc driver as platform driver clocksource/drivers: Unify the names to timer-* format irqchip/jcore-aic: Fix missing allocation of IRQ descriptors irqchip/jcore-aic: Kill use of irq_create_strict_mappings() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay md/raid10: check slab-out-of-bounds in md_bitmap_get_counter treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe video: imsttfb: check for ioremap() failures x86/smp: Use dedicated cache-line for mwait_play_dead() gfs2: Don't deref jdesc in evict Linux 4.19.290 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/mmc/core/block.c drivers/mmc/host/sdhci-msm.c drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c Change-Id: Id2f4d5c8067f8e5eda39c0eaa5e59d54a394b4c7	2023-09-19 18:11:03 +03:00
Tetsuo Handa	22a5b9ed3b	block: ratelimit handle_bad_sector() message [ Upstream commit f4ac712e4fe009635344b9af5d890fe25fcc8c0d ] syzbot is reporting unkillable task [1], for the caller is failing to handle a corrupted filesystem image which attempts to access beyond the end of the device. While we need to fix the caller, flooding the console with handle_bad_sector() message is unlikely useful. [1] https://syzkaller.appspot.com/bug?id=f1f49fb971d7a3e01bd8ab8cff2ff4572ccf3092 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> Git-commit: b3a0ed411008c921cc009e5d613f92d6e09bd269 Git-repo: https://android.googlesource.com/kernel/common/ Change-Id: I7ea4c8794a0ad7baeb093b468ba0a49ecfef38af Signed-off-by: Saranya R <quic_sarar@quicinc.com>	2023-09-13 15:02:56 +05:30
Greg Kroah-Hartman	ab7141647e	Merge 4.19.293 into android-4.19-stable Changes in 4.19.293 lib/mpi: Eliminate unused umul_ppmm definitions for MIPS selftests: forwarding: tc_flower: Relax success criterion drm/radeon: Fix integer overflow in radeon_cs_parser_init ALSA: emu10k1: roll up loops in DSP setup code for Audigy quota: Properly disable quotas when add_dquot_ref() fails quota: fix warning in dqgrab() HID: add quirk for 03f0:464a HP Elite Presenter Mouse udf: Fix uninitialized array access for some pathnames fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev MIPS: dec: prom: Address -Warray-bounds warning FS: JFS: Fix null-ptr-deref Read in txBegin FS: JFS: Check for read-only mounted filesystem in txBegin media: v4l2-mem2mem: add lock to protect parameter num_rdy media: platform: mediatek: vpu: fix NULL ptr dereference gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() Bluetooth: L2CAP: Fix use-after-free drm/amdgpu: Fix potential fence use-after-free v2 IMA: allow/fix UML builds iio: add addac subdirectory iio: adc: stx104: Utilize iomap interface iio: adc: stx104: Implement and utilize register structures iio: addac: stx104: Fix race condition for stx104_write_raw() iio: addac: stx104: Fix race condition when converting analog-to-digital powerpc/mm: move platform specific mmu-xxx.h in platform directories powerpc/mm: Move pgtable_t into platform headers powerpc/mm: dump segment registers on book3s/32 powerpc/mm: dump block address translation on book3s/32 powerpc: Move page table dump files in a dedicated subdirectory powerpc/64s/radix: Fix soft dirty tracking x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() irqchip/mips-gic: Use raw spinlock for gic_lock usb: dwc3: qcom: Add helper functions to enable,disable wake irqs USB: dwc3: qcom: fix NULL-deref on suspend mmc: meson-gx: remove useless lock mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: Remove dev_err() usage after platform_get_irq() mmc: bcm2835: fix deferred probing mmc: sunxi: fix deferred probing block: fix signed int overflow in Amiga partition support nfsd4: kill warnings on testing stateids with mismatched clientids nfsd: Remove incorrect check in nfsd4_validate_stateid virtio-mmio: convert to devm_platform_ioremap_resource virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: don't break lifecycle of vm_dev fbdev: mmp: fix value check in mmphw_probe() powerpc/rtas_flash: allow user copy to flash block cache objects btrfs: fix BUG_ON condition in btrfs_cancel_balance net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c xfrm: fix slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params selftests: mirror_gre_changes: Tighten up the TTL test match netfilter: nft_dynset: disallow object maps team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves i40e: fix misleading debug logs sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS ASoC: rt5665: add missed regulator_bulk_disable ASoC: meson: axg-tdm-formatter: fix channel slot allocation serial: 8250: Fix oops for port->pm on uart_change_pm() ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. mmc: wbsd: fix double mmc_free_host() in wbsd_init() test_firmware: prevent race conditions by a correct implementation of locking netfilter: set default timeout to 3 secs for sctp shutdown send and recv state af_unix: Fix null-ptr-deref in unix_stream_sendpage(). virtio-net: set queues after driver_ok net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: phy: broadcom: stub c45 read/write for 54810 PCI: acpiphp: Reassign resources on bridge if necessary dlm: improve plock logging if interrupted dlm: replace usage of found with dedicated list iterator variable fs: dlm: add pid to debug log fs: dlm: change plock interrupted message to debug again fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: fix mismatch of plock results from userspace MIPS: cpu-features: Enable octeon_cache by cpu_type MIPS: cpu-features: Use boot_cpu_type for CPU type based features Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" tty: serial: fsl_lpuart: add earlycon for imx8ulp platform fbdev: Improve performance of sys_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: fix potential OOB read in fast_imageblit() powerpc/32: add stack protector support powerpc: remove leftover code of old GCC version checks powerpc: Fail build if using recordmcount with binutils v2.37 dm integrity: increase RECALC_SECTORS to improve recalculate speed dm integrity: reduce vmalloc space footprint on 32-bit architectures regmap: Account for register length in SMBus I/O limits drm/amd/display: do not wait for mpc idle if tg is disabled drm/amd/display: check TG is non-null before checking if enabled tracing: Fix memleak due to race between current_tracer and trace sock: annotate data-races around prot->memory_pressure dccp: annotate data-races in dccp_poll() igb: Avoid starting unnecessary workqueues net/sched: fix a qdisc modification with ambiguous command request net: remove bond_slave_has_mac_rcu() bonding: fix macvlan over alb bond support ipvs: Improve robustness to the ipvs sysctl ipvs: fix racy memcpy in proc_do_sync_threshold ibmveth: Use dcbf rather than dcbfl nfsd: Fix race to FREE_STATEID and cl_revoked batman-adv: Trigger events for auto adjusted MTU batman-adv: Don't increase MTU when set by user batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Fix TT global entry leak when client roamed back batman-adv: Fix batadv_v_ogm_aggr_send memory leak lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels media: vcodec: Fix potential array out-of-bounds in encoder queue_setup PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 mmc: block: Fix in_flight[issue_type] value error sched/rt: pick_next_rt_entity(): check list_entry netfilter: nf_queue: fix socket leak rtnetlink: Reject negative ifindexes in RTM_NEWLINK irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable scsi: snic: Fix double free in snic_tgt_create() scsi: core: raid_class: Remove raid_component_add() clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' dma-buf/sw_sync: Avoid recursive lock during fence signal Linux 4.19.293 Change-Id: Idd55c28550596932baf6645b788c48b548cc6271 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2023-08-30 16:38:16 +00:00
Michael Schmitz	e9ecde030c	block: fix signed int overflow in Amiga partition support [ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ] The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB. Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD. This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow <jdow@earthlink.net>. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that). Reported-by: Martin Steigerwald <Martin@lichtvoll.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: `1da177e4c3` ("Linux-2.6.12-rc2") Message-ID: <201206192146.09327.Martin@lichtvoll.de> Cc: <stable@vger.kernel.org> # 5.2 Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> Tested-by: Martin Steigerwald <Martin@lichtvoll.de> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2023-08-30 16:31:46 +02:00
Michael Bestas	e4b3323f61	Merge tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2023-04-01 CVE-2022-4696 CVE-2023-20941 * tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool Linux 4.19.279 HID: uhid: Over-ride the default maximum data buffer value with our own HID: core: Provide new max_buffer_size attribute to over-ride the default serial: 8250_em: Fix UART port type drm/i915: Don't use stolen memory for ring buffers with LLC x86/mm: Fix use of uninitialized buffer in sme_enable() fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks ftrace: Fix invalid address access in lookup_rec() when index is 0 tracing: Make tracepoint lockdep check actually test something tracing: Check field value in hist_field_name() sh: intc: Avoid spurious sizeof-pointer-div warning drm/amdkfd: Fix an illegal memory access ext4: fix task hung in ext4_xattr_delete_inode ext4: fail ext4_iget if special inode unallocated jffs2: correct logic when creating a hole in jffs2_write_begin mmc: atmel-mci: fix race between stop command and start of next command media: m5mols: fix off-by-one loop termination error hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (adt7475) Display smoothing attributes in correct order ethernet: sun: add check for the mdesc_grab() net/iucv: Fix size of interrupt data net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull ipv4: Fix incorrect table ID in IOCTL path block: sunvdc: add check for mdesc_grab() returning NULL nvmet: avoid potential UAF in nvmet_req_complete() net: usb: smsc75xx: Limit packet length to skb->len nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails net: tunnels: annotate lockless accesses to dev->needed_headroom qed/qed_dev: guard against a possible division by zero nfc: pn533: initialize struct pn533_out_arg properly tcp: tcp_make_synack() can be called from process context clk: HI655X: select REGMAP instead of depending on it fs: sysfs_emit_at: Remove PAGE_SIZE alignment check ext4: fix cgroup writeback accounting with fs-layer encryption UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems Linux 4.19.278 ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties net: caif: Fix use-after-free in cfusbl_device_notify() drm/i915: Don't use BAR mappings for ring buffers with LLC tipc: improve function tipc_wait_for_cond() media: ov5640: Fix analogue gain control PCI: Add SolidRun vendor ID macintosh: windfarm: Use unsigned type for 1-bit bitfields alpha: fix R_ALPHA_LITERAL reloc for large modules MIPS: Fix a compilation issue Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()" scsi: core: Remove the /proc/scsi/${proc_name} directory earlier kbuild: generate modules.order only in directories visited by obj-y/m kbuild: fix false-positive need-builtin calculation udf: Detect system inodes linked into directory hierarchy udf: Preserve link count of system files udf: Remove pointless union in udf_inode_info udf: reduce leakage of blocks related to named streams udf: Explain handling of load_nls() failure nfc: change order inside nfc_se_io error path ext4: zero i_disksize when initializing the bootloader inode ext4: fix WARNING in ext4_update_inline_data ext4: move where set the MAY_INLINE_DATA flag is set ext4: fix another off-by-one fsmap error on 1k block filesystems ext4: fix RENAME_WHITEOUT handling for inline directories x86/CPU/AMD: Disable XSAVES on AMD family 0x17 fs: prevent out-of-bounds array speculation when closing a file descriptor Linux 4.19.277 staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" Linux 4.19.276 thermal: intel: powerclamp: Fix cur_state for multi package system f2fs: fix cgroup writeback accounting with fs-layer encryption media: uvcvideo: Fix race condition with usb_kill_urb media: uvcvideo: Provide sync and async uvc_ctrl_status_event tcp: Fix listen() regression in 4.19.270 s390/setup: init jump labels before command line parsing s390/maccess: add no DAT mode to kernel_write Bluetooth: hci_sock: purge socket queues in the destruct() callback phy: rockchip-typec: Fix unsigned comparison with less than zero usb: uvc: Enumerate valid values for color matching USB: ene_usb6250: Allocate enough memory for full object usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() tools/iio/iio_utils:fix memory leak mei: bus-fixup:upon error print return values of send and receive tty: serial: fsl_lpuart: disable the CTS when send break signal tty: fix out-of-bounds access in tty_driver_lookup_tty() media: uvcvideo: Silence memcpy() run-time false positive warnings media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Handle cameras with invalid descriptors firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 tracing: Add NULL checks for buffer in ring_buffer_free_read_page() thermal: intel: quark_dts: fix error pointer dereference scsi: ipr: Work around fortify-string warning vc_screen: modify vcs_size() handling in vcs_read() tcp: tcp_check_req() can be called from process context ARM: dts: spear320-hmi: correct STMPE GPIO compatible nfc: fix memory leak of se_io context in nfc_genl_se_io 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 9p/xen: fix connection sequence 9p/xen: fix version parsing net: fix __dev_kfree_skb_any() vs drop monitor netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: Fix kmemleak in watchdog_cdev_register watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: Re-statistic cleaned znode count if commit failed ubi: Fix possible null-ptr-deref in ubi_free_volume() ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix use-after-free when volume resizing failed ubifs: Reserve one leb for each journal head while doing budget ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Fix wrong dirty space budget for dirty inode ubifs: Rectify space budget for ubifs_xrename() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubi: ensure that VID header offset + VID header size <= alloc, size um: vector: Fix memory leak in vector_config pwm: stm32-lp: fix the check on arr and cmp registers update fs/jfs: fix shift exponent db_agl2size negative net/sched: Retire tcindex classifier kbuild: Port silent mode detection to future gnu make. wifi: ath9k: use proper statements in conditionals drm/radeon: Fix eDP for single-display iMac11,2 PCI: Avoid FLR for AMD FCH AHCI adapters scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Don't attach if enclosure has no components scsi: qla2xxx: Fix erroneous link down scsi: qla2xxx: Fix link failure in NPIV environment ktest.pl: Add RUN_TIMEOUT option with default unlimited ktest.pl: Fix missing "end_monitor" when machine check fails ktest.pl: Give back console on Ctrt^C on monitor media: ipu3-cio2: Fix PM runtime usage_count in driver unbind mips: fix syscall_get_nr alpha: fix FEN fault handling rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails ARM: dts: exynos: correct TMU phandle in Odroid XU ARM: dts: exynos: correct TMU phandle in Exynos4 dm flakey: don't corrupt the zero page dm flakey: fix logic when corrupting a bio wifi: cfg80211: Fix use after free for wext wifi: rtl8xxxu: Use a longer retry limit of 48 ext4: refuse to create ea block when umounted ext4: optimize ea_inode block expansion ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() irqdomain: Drop bogus fwspec-mapping error handling irqdomain: Fix disassociation race irqdomain: Fix association race ima: Align ima_file_mmap() parameters with mmap_file LSM hook Documentation/hw-vuln: Document the interaction between IBRS and STIBP x86/speculation: Allow enabling STIBP with legacy IBRS x86/microcode/AMD: Fix mixed steppings support x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/reboot: Disable virtualization in an emergency if SVM is supported x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) udf: Fix file corruption when appending just after end of preallocated extent udf: Do not update file length for failed writes to inline files udf: Do not bother merging very long extents udf: Truncate added extents on failed expansion ocfs2: fix non-auto defrag path not working issue ocfs2: fix defrag path triggering jbd2 ASSERT f2fs: fix information leak in f2fs_move_inline_dirents() fs: hfsplus: fix UAF issue in hfsplus_put_super hfs: fix missing hfs_bnode_get() in __hfs_bnode_create ARM: dts: exynos: correct HDMI phy compatible in Exynos4 s390/kprobes: fix current_kprobe never cleared after kprobes reenter s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390: discard .interp section rtc: pm8xxx: fix set-alarm race firmware: coreboot: framebuffer: Ignore reserved pixel color bits wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu dm cache: add cond_resched() to various workqueue loops dm thin: add cond_resched() to various workqueue loops pinctrl: at91: use devm_kasprintf() to avoid potential leaks regulator: s5m8767: Bounds check id indexing into arrays regulator: max77802: Bounds check regulator id against opmode ASoC: kirkwood: Iterate over array indexes instead of using pointer math docs/scripts/gdb: add necessary make scripts_gdb step drm/msm/dsi: Add missing check for alloc_ordered_workqueue drm/radeon: free iio for atombios when driver shutdown drm/amd/display: Fix potential null-deref in dm_resume net/mlx5: fw_tracer: Fix debug print ACPI: video: Fix Lenovo Ideapad Z570 DMI match m68k: Check syscall_trace_enter() return code net: bcmgenet: Add a check for oversized packets ACPI: Don't build ACPICA with '-Os' inet: fix fast path in __inet_hash_connect() wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds x86/bugs: Reset speculation control settings on init timers: Prevent union confusion from unexpected restart_syscall() thermal: intel: Fix unsigned comparison with less than zero rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy udf: Define EFSCORRUPTED error code rpmsg: glink: Avoid infinite loop on intent for missing channel media: usb: siano: Fix use after free bugs caused by do_submit_urb media: i2c: ov7670: 0 instead of -EINVAL was returned media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: i2c: ov772x: Fix memleak in ov772x_probe() powerpc: Remove linker flag from KBUILD_AFLAGS media: platform: ti: Add missing check for devm_regulator_get MIPS: vpe-mt: drop physical_memsize powerpc/rtas: ensure 4KB alignment for rtas_data_buf powerpc/rtas: make all exports GPL powerpc/pseries/lparcfg: add missing RTAS retry status handling clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Input: ads7846 - don't check penirq immediately for 7845 Input: ads7846 - don't report pressure for ads7845 mtd: rawnand: sunxi: Fix the size of the last OOB region mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() selftests/ftrace: Fix bash specific "==" operator sparc: allow PM configs for sparc32 COMPILE_TEST perf tools: Fix auto-complete on aarch64 perf llvm: Fix inadvertent file creation gfs2: jdata writepage fix cifs: Fix warning and UAF when destroy the MR list cifs: Fix lost destroy smbd connection when MR allocate failed nfsd: fix race to check ls_layouts dm: remove flush_scheduled_work() during local_exit() hwmon: (mlxreg-fan) Return zero speed for broken fan spi: bcm63xx-hsspi: Fix multi-bit mode setting spi: bcm63xx-hsspi: fix pm_runtime scsi: aic94xx: Add missing check for dma_map_single() hwmon: (ltc2945) Handle error case in ltc2945_value_store gpio: vf610: connect GPIO label to dev name ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() drm/mediatek: Clean dangling pointer on bind error path drm/mediatek: Drop unbalanced obj unref gpu: host1x: Don't skip assigning syncpoints to channels drm/msm/dpu: Add check for pstates drm/msm: use strscpy instead of strncpy drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness ALSA: hda/ca0132: minor fix for allocation size pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours drm/msm/hdmi: Add missing check for alloc_ordered_workqueue gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/vc4: dpi: Fix format mapping for RGB565 drm/vc4: dpi: Add option for inverting pixel clock and output enable drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA\|SYNC)_* macros drm/bridge: megachips: Fix error handling in i2c_register_driver() drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS \|\| ARCH_MXC selftest: fib_tests: Always cleanup before exit irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error wifi: mac80211: make rate u32 in sta_set_rate_info_rx() crypto: crypto4xx - Call dma_unmap_page when done wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() wifi: iwl4965: Add missing check for create_singlethread_workqueue() wifi: iwl3945: Add missing check for create_singlethread_workqueue RISC-V: time: initialize hrtimer based broadcast clock event device m68k: /proc/hardware should depend on PROC_FS crypto: rsa-pkcs1pad - Use akcipher_request_complete rds: rds_rm_zerocopy_callback() correct order for list_add_tail() libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Bluetooth: L2CAP: Fix potential user-after-free irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains net/mlx5: Enhance debug print in page allocation failure powercap: fix possible name leak in powercap_register_zone() crypto: seqiv - Handle EBUSY correctly ACPI: battery: Fix missing NUL-termination with large strings wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails ath9k: htc: clean up statistics macros ath9k: hif_usb: simplify if-if to if-else wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function wifi: orinoco: check return value of hermes_write_wordrec() ACPICA: nsrepair: handle cases without a return value correctly lib/mpi: Fix buffer overrun when SG is too long genirq: Fix the return type of kstat_cpu_irqs_sum() ACPICA: Drop port I/O validation for some regions wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() ipw2x00: switch from 'pci_' to 'dma_' API wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() rtlwifi: fix -Wpointer-sign warning wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: libertas: fix memory leak in lbs_init_adapter() wifi: rsi: Fix memory leak in rsi_coex_attach() block: bio-integrity: Copy flags when bio_integrity_payload is cloned blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name arm64: dts: meson-axg: enable SCPI arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name ARM: imx: Call ida_simple_remove() for ida_simple_get ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address arm64: dts: meson-gx: Fix Ethernet MAC address unit name ARM: zynq: Fix refcount leak in zynq_early_slcr_init ARM: OMAP2+: Fix memory leak in realtime_counter_init() HID: asus: use spinlock to safely schedule workers HID: asus: use spinlock to protect concurrent accesses HID: asus: Remove check for same LED brightness on set Change-Id: Ie09175b59aef5de140e476316d94097cac7a3031	2023-04-06 14:00:28 +03:00
Ming Lei	f198e0a1af	BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool refcount_inc_not_zero() in bt_tags_iter() still may read one freed request. Fix the issue by the following approach: 1) hold a per-tags spinlock when reading ->rqs[tag] and calling refcount_inc_not_zero in bt_tags_iter() 2) clearing stale request referred via ->rqs[tag] before freeing request pool, the per-tags spinlock is held for clearing stale ->rq[tag] So after we cleared stale requests, bt_tags_iter() won't observe freed request any more, also the clearing will wait for pending request reference. The idea of clearing ->rqs[] is borrowed from John Garry's previous patch and one recent David's patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: David Jeffery <djeffery@redhat.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com> Bug: 197804811 Change-Id: If49478d7b05d3f5b0a26966ddf9ae764cf2fb6b0 (cherry picked from commit bd63141d585bef14f4caf111f6d0e27fe2300ec6) [ refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> (cherry picked from commit bb96e7f45dc6ac1d6ec12190f1f286e3014fb068) Signed-off-by: Lee Jones <joneslee@google.com>	2023-04-03 10:25:13 +00:00
Greg Kroah-Hartman	24d8cfe9e4	Merge 4.19.276 into android-4.19-stable Changes in 4.19.276 HID: asus: Remove check for same LED brightness on set HID: asus: use spinlock to protect concurrent accesses HID: asus: use spinlock to safely schedule workers ARM: OMAP2+: Fix memory leak in realtime_counter_init() ARM: zynq: Fix refcount leak in zynq_early_slcr_init arm64: dts: meson-gx: Fix Ethernet MAC address unit name arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato ARM: imx: Call ida_simple_remove() for ida_simple_get arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name arm64: dts: meson-axg: enable SCPI arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx block: bio-integrity: Copy flags when bio_integrity_payload is cloned wifi: rsi: Fix memory leak in rsi_coex_attach() wifi: libertas: fix memory leak in lbs_init_adapter() wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() rtlwifi: fix -Wpointer-sign warning wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() ipw2x00: switch from 'pci_' to 'dma_' API wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() ACPICA: Drop port I/O validation for some regions genirq: Fix the return type of kstat_cpu_irqs_sum() lib/mpi: Fix buffer overrun when SG is too long ACPICA: nsrepair: handle cases without a return value correctly wifi: orinoco: check return value of hermes_write_wordrec() wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function ath9k: hif_usb: simplify if-if to if-else ath9k: htc: clean up statistics macros wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() ACPI: battery: Fix missing NUL-termination with large strings crypto: seqiv - Handle EBUSY correctly powercap: fix possible name leak in powercap_register_zone() net/mlx5: Enhance debug print in page allocation failure irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe Bluetooth: L2CAP: Fix potential user-after-free libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() rds: rds_rm_zerocopy_callback() correct order for list_add_tail() crypto: rsa-pkcs1pad - Use akcipher_request_complete m68k: /proc/hardware should depend on PROC_FS RISC-V: time: initialize hrtimer based broadcast clock event device wifi: iwl3945: Add missing check for create_singlethread_workqueue wifi: iwl4965: Add missing check for create_singlethread_workqueue() wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() crypto: crypto4xx - Call dma_unmap_page when done wifi: mac80211: make rate u32 in sta_set_rate_info_rx() can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts selftest: fib_tests: Always cleanup before exit drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS \|\| ARCH_MXC drm/bridge: megachips: Fix error handling in i2c_register_driver() drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA\|SYNC)_* macros drm/vc4: dpi: Add option for inverting pixel clock and output enable drm/vc4: dpi: Fix format mapping for RGB565 gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/msm/hdmi: Add missing check for alloc_ordered_workqueue pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups ALSA: hda/ca0132: minor fix for allocation size drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness drm/msm: use strscpy instead of strncpy drm/msm/dpu: Add check for pstates gpu: host1x: Don't skip assigning syncpoints to channels drm/mediatek: Drop unbalanced obj unref drm/mediatek: Clean dangling pointer on bind error path ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() gpio: vf610: connect GPIO label to dev name hwmon: (ltc2945) Handle error case in ltc2945_value_store scsi: aic94xx: Add missing check for dma_map_single() spi: bcm63xx-hsspi: fix pm_runtime spi: bcm63xx-hsspi: Fix multi-bit mode setting hwmon: (mlxreg-fan) Return zero speed for broken fan dm: remove flush_scheduled_work() during local_exit() nfsd: fix race to check ls_layouts cifs: Fix lost destroy smbd connection when MR allocate failed cifs: Fix warning and UAF when destroy the MR list gfs2: jdata writepage fix perf llvm: Fix inadvertent file creation perf tools: Fix auto-complete on aarch64 sparc: allow PM configs for sparc32 COMPILE_TEST selftests/ftrace: Fix bash specific "==" operator mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() mtd: rawnand: sunxi: Fix the size of the last OOB region Input: ads7846 - don't report pressure for ads7845 Input: ads7846 - don't check penirq immediately for 7845 powerpc/powernv/ioda: Skip unallocated resources when mapping to PE clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/pseries/lparcfg: add missing RTAS retry status handling powerpc/rtas: make all exports GPL powerpc/rtas: ensure 4KB alignment for rtas_data_buf MIPS: vpe-mt: drop physical_memsize media: platform: ti: Add missing check for devm_regulator_get powerpc: Remove linker flag from KBUILD_AFLAGS media: i2c: ov772x: Fix memleak in ov772x_probe() media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: i2c: ov7670: 0 instead of -EINVAL was returned media: usb: siano: Fix use after free bugs caused by do_submit_urb rpmsg: glink: Avoid infinite loop on intent for missing channel udf: Define EFSCORRUPTED error code ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() thermal: intel: Fix unsigned comparison with less than zero timers: Prevent union confusion from unexpected restart_syscall() x86/bugs: Reset speculation control settings on init wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds inet: fix fast path in __inet_hash_connect() ACPI: Don't build ACPICA with '-Os' net: bcmgenet: Add a check for oversized packets m68k: Check syscall_trace_enter() return code ACPI: video: Fix Lenovo Ideapad Z570 DMI match net/mlx5: fw_tracer: Fix debug print drm/amd/display: Fix potential null-deref in dm_resume drm/radeon: free iio for atombios when driver shutdown drm/msm/dsi: Add missing check for alloc_ordered_workqueue docs/scripts/gdb: add necessary make scripts_gdb step ASoC: kirkwood: Iterate over array indexes instead of using pointer math regulator: max77802: Bounds check regulator id against opmode regulator: s5m8767: Bounds check id indexing into arrays pinctrl: at91: use devm_kasprintf() to avoid potential leaks dm thin: add cond_resched() to various workqueue loops dm cache: add cond_resched() to various workqueue loops wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu firmware: coreboot: framebuffer: Ignore reserved pixel color bits rtc: pm8xxx: fix set-alarm race s390: discard .interp section s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390/kprobes: fix current_kprobe never cleared after kprobes reenter ARM: dts: exynos: correct HDMI phy compatible in Exynos4 hfs: fix missing hfs_bnode_get() in __hfs_bnode_create fs: hfsplus: fix UAF issue in hfsplus_put_super f2fs: fix information leak in f2fs_move_inline_dirents() ocfs2: fix defrag path triggering jbd2 ASSERT ocfs2: fix non-auto defrag path not working issue udf: Truncate added extents on failed expansion udf: Do not bother merging very long extents udf: Do not update file length for failed writes to inline files udf: Fix file corruption when appending just after end of preallocated extent x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/reboot: Disable virtualization in an emergency if SVM is supported x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/AMD: Fix mixed steppings support x86/speculation: Allow enabling STIBP with legacy IBRS Documentation/hw-vuln: Document the interaction between IBRS and STIBP ima: Align ima_file_mmap() parameters with mmap_file LSM hook irqdomain: Fix association race irqdomain: Fix disassociation race irqdomain: Drop bogus fwspec-mapping error handling ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() ext4: optimize ea_inode block expansion ext4: refuse to create ea block when umounted wifi: rtl8xxxu: Use a longer retry limit of 48 wifi: cfg80211: Fix use after free for wext dm flakey: fix logic when corrupting a bio dm flakey: don't corrupt the zero page ARM: dts: exynos: correct TMU phandle in Exynos4 ARM: dts: exynos: correct TMU phandle in Odroid XU rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails alpha: fix FEN fault handling mips: fix syscall_get_nr media: ipu3-cio2: Fix PM runtime usage_count in driver unbind ktest.pl: Give back console on Ctrt^C on monitor ktest.pl: Fix missing "end_monitor" when machine check fails ktest.pl: Add RUN_TIMEOUT option with default unlimited scsi: qla2xxx: Fix link failure in NPIV environment scsi: qla2xxx: Fix erroneous link down scsi: ses: Don't attach if enclosure has no components scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() PCI: Avoid FLR for AMD FCH AHCI adapters drm/radeon: Fix eDP for single-display iMac11,2 wifi: ath9k: use proper statements in conditionals kbuild: Port silent mode detection to future gnu make. net/sched: Retire tcindex classifier fs/jfs: fix shift exponent db_agl2size negative pwm: stm32-lp: fix the check on arr and cmp registers update um: vector: Fix memory leak in vector_config ubi: ensure that VID header offset + VID header size <= alloc, size ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubifs: Rectify space budget for ubifs_xrename() ubifs: Fix wrong dirty space budget for dirty inode ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Reserve one leb for each journal head while doing budget ubi: Fix use-after-free when volume resizing failed ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix possible null-ptr-deref in ubi_free_volume() ubifs: Re-statistic cleaned znode count if commit failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path watchdog: Fix kmemleak in watchdog_cdev_register watchdog: pcwd_usb: Fix attempting to access uninitialized memory netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() net: fix __dev_kfree_skb_any() vs drop monitor 9p/xen: fix version parsing 9p/xen: fix connection sequence 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() nfc: fix memory leak of se_io context in nfc_genl_se_io ARM: dts: spear320-hmi: correct STMPE GPIO compatible tcp: tcp_check_req() can be called from process context vc_screen: modify vcs_size() handling in vcs_read() scsi: ipr: Work around fortify-string warning thermal: intel: quark_dts: fix error pointer dereference tracing: Add NULL checks for buffer in ring_buffer_free_read_page() firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 media: uvcvideo: Handle cameras with invalid descriptors media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Silence memcpy() run-time false positive warnings tty: fix out-of-bounds access in tty_driver_lookup_tty() tty: serial: fsl_lpuart: disable the CTS when send break signal mei: bus-fixup:upon error print return values of send and receive tools/iio/iio_utils:fix memory leak iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math USB: ene_usb6250: Allocate enough memory for full object usb: uvc: Enumerate valid values for color matching phy: rockchip-typec: Fix unsigned comparison with less than zero Bluetooth: hci_sock: purge socket queues in the destruct() callback s390/maccess: add no DAT mode to kernel_write s390/setup: init jump labels before command line parsing tcp: Fix listen() regression in 4.19.270 media: uvcvideo: Provide sync and async uvc_ctrl_status_event media: uvcvideo: Fix race condition with usb_kill_urb f2fs: fix cgroup writeback accounting with fs-layer encryption thermal: intel: powerclamp: Fix cur_state for multi package system Linux 4.19.276 Change-Id: Iaca469bb6e616eafeac4e834dad816acc2fe0f34 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2023-03-12 15:41:32 +00:00
Martin K. Petersen	c51759f105	block: bio-integrity: Copy flags when bio_integrity_payload is cloned [ Upstream commit b6a4bdcda430e3ca43bbb9cb1d4d4d34ebe15c40 ] Make sure to copy the flags when a bio_integrity_payload is cloned. Otherwise per-I/O properties such as IP checksum flag will not be passed down to the HBA driver. Since the integrity buffer is owned by the original bio, the BIP_BLOCK_INTEGRITY flag needs to be masked off to avoid a double free in the completion path. Fixes: `aae7df5019` ("block: Integrity checksum flag") Fixes: `b1f0138857` ("block: Relocate bio integrity flags") Reported-by: Saurav Kashyap <skashyap@marvell.com> Tested-by: Saurav Kashyap <skashyap@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Link: https://lore.kernel.org/r/20230215171801.21062-1-martin.petersen@oracle.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2023-03-11 16:31:33 +01:00
Kemeng Shi	1c13779dc0	blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx [ Upstream commit c31e76bcc379182fe67a82c618493b7b8868c672 ] Commit `97889f9ac2` ("blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set()") remove handle of TAG_SHARED in restart, then shared_hctx_restart counted for how many hardware queues are marked for restart is removed too. Remove the stale comment that we still count hardware queues need restart. Fixes: `97889f9ac2` ("blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set()") Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>	2023-03-11 16:31:33 +01:00

1 2 3 4 5 ...

4374 Commits