* sm8250/lineage-20:
msm: vidc: fix error during debugfs init
Squashed revert of recent blk-mq changes
fixup! qcacld-3.0: Use freq hint in scan for ssid
Revert "macsec: use DEV_STATS_INC()"
Revert "net: add DEV_STATS_READ() helper"
Linux 4.19.300
net: sched: fix race condition in qdisc_graft()
iomap: Set all uptodate bits for an Uptodate page
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
drm/amdgpu: fix error handling in amdgpu_bo_list_get()
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: correct return value of ext4_convert_meta_bg
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: apply umask if ACL support is disabled
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
media: venus: hfi: add checks to handle capabilities from firmware
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: sharp: fix sharp encoding
media: lirc: drop trailing space from scancode transmit
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
net: dsa: lan9303: consequently nested-lock physical MDIO
tty: serial: meson: fix hard LOCKUP on crtscts mode
serial: meson: Use platform_get_irq() to get the interrupt
tty: serial: meson: retrieve port FIFO size from DT
serial: meson: remove redundant initialization of variable id
tty: serial: meson: if no alias specified use an available id
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
ALSA: info: Fix potential deadlock at disconnection
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc: Prevent booting 64-bit kernels on PA1.x machines
dmaengine: stm32-mdma: correct desc prep when channel running
mcb: fix error handling for different scenarios when parsing
quota: explicitly forbid quota files from being encrypted
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
PM: hibernate: Use __get_safe_page() rather than touching the list
mmc: vub300: fix an error code
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
parisc/pdc: Add width field to struct pdc_model
PCI: keystone: Don't discard .probe() callback
PCI: keystone: Don't discard .remove() callback
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
PCI/sysfs: Protect driver's D3cold preference from user space
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
audit: don't take task_lock() in audit_exe_compare() code path
KVM: x86: Ignore MSR_AMD64_TW_CFG access
randstruct: Fix gcc-plugin performance mode to stay in group
media: venus: hfi: add checks to perform sanity on queue pointers
cifs: spnego: add ';' in HOST_KEY_LEN
macvlan: Don't propagate promisc change to lower dev in passthru
net: ethernet: cortina: Fix MTU max setting
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix max RX frame define
ptp: annotate data-race around q->head and q->tail
xen/events: fix delayed eoi list handling
ppp: limit MRU to 64K
tipc: Fix kernel-infoleak due to uninitialized TLV value
tty: Fix uninit-value access in ppp_sync_receive()
ipvlan: add ipvlan_route_v6_outbound() helper
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
pwm: Fix double shift bug
drm/amd/display: Avoid NULL dereference of timing generator
gfs2: ignore negated quota changes
media: vivid: avoid integer overflow
media: gspca: cpia1: shift-out-of-bounds in set_flicker
i2c: sun6i-p2wi: Prevent potential division by zero
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
tty: vcc: Add check for kstrdup() in vcc_probe()
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
atm: iphase: Do PCI error checks on own line
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
ARM: 9320/1: fix stack depot IRQ stack filter
jfs: fix array-index-out-of-bounds in diAlloc
jfs: fix array-index-out-of-bounds in dbFindLeaf
fs/jfs: Add validity check for db_maxag and db_agpref
fs/jfs: Add check for negative db_l2nbperpage
RDMA/hfi1: Use FIELD_GET() to extract Link Width
crypto: pcrypt - Fix hungtask for PADATA_RESET
selftests/efivarfs: create-read: fix a resource leak
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
Bluetooth: Fix double free in hci_conn_cleanup
net: annotate data-races around sk->sk_dst_pending_confirm
net: annotate data-races around sk->sk_tx_queue_mapping
wifi: ath10k: fix clang-specific fortify warning
wifi: ath9k: fix clang-specific fortify warnings
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
perf/core: Bail out early if the request AUX area is out of bound
locking/ww_mutex/test: Fix potential workqueue corruption
Revert "ipvlan: properly track tx_errors"
ANDROID: fix up platform_device ABI break
Linux 4.19.299
btrfs: use u64 for buffer sizes in the tree search ioctls
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
fbdev: fsl-diu-fb: mark wr_reg_wa() static
fbdev: imsttfb: fix a resource leak in probe
fbdev: imsttfb: Fix error path of imsttfb_probe()
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
r8169: respect userspace disabling IFF_MULTICAST
tg3: power down device only on SYSTEM_POWER_OFF
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
net/smc: wait for pending work before clcsock release_sock
net/smc: postpone release of clcsock
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
r8169: improve rtl_set_rx_mode
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
llc: verify mac len before reading mac header
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: sti: Avoid conditional gotos
media: dvb-usb-v2: af9035: fix missing unlock
media: s3c-camif: Avoid inappropriate kfree()
media: bttv: fix use after free error due to btv->timeout timer
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: cs: fix possible hung task and memory leak pccardd()
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
USB: usbip: fix stub_dev hub disconnect
tools: iio: iio_generic_buffer ensure alignment
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: privatize globals and functions in iio_generic_buffer.c file
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
ledtrig-cpu: Limit to 8 CPUs
leds: pwm: Don't disable the PWM when the LED should be off
leds: pwm: convert to atomic PWM API
leds: pwm: simplify if condition
mfd: dln2: Fix double put in dln2_probe
ASoC: ams-delta.c: use component after check
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
sh: bios: Revive earlyprintk support
RDMA/hfi1: Workaround truncation compilation error
ext4: move 'ix' sanity check to corrent position
ARM: 9321/1: memset: cast the constant byte to unsigned char
hid: cp2112: Fix duplicate workqueue initialization
HID: cp2112: Use irqchip template
nd_btt: Make BTT lanes preemptible
sched/rt: Provide migrate_disable/enable() inlines
hwrng: geode - fix accessing registers
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
firmware: ti_sci: Mark driver as non removable
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
drm/radeon: possible buffer overflow
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
platform/x86: wmi: Fix opening of char device
platform/x86: wmi: remove unnecessary initializations
platform/x86: wmi: Fix probe failure when failing to register WMI devices
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: npcm7xx: Fix incorrect kfree
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
regmap: debugfs: Fix a erroneous check after snprintf()
ipvlan: properly track tx_errors
net: add DEV_STATS_READ() helper
macsec: use DEV_STATS_INC()
macsec: Fix traffic counters/statistics
ipv6: avoid atomic fragment on GSO packets
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
chtls: fix tp->rcv_tstamp initialization
thermal: core: prevent potential string overflow
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_restart(): don't crash kernel if carrier is OK
can: dev: move driver related infrastructure into separate subdir
wifi: rtlwifi: fix EDCA limit set by BT coexistence
tcp_metrics: do not create an entry from tcp_init_metrics()
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: add missing barriers on delete
i40e: fix potential memory leaks in i40e_remove()
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
vfs: fix readahead(2) on block devices
Linux 4.19.298
tty: 8250: Add support for Intashield IS-100
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Remove UC-257 and UC-431
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
remove the sx8 block driver
ata: ahci: fix enum constants for gcc-13
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
scsi: mpt3sas: Fix in error path
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
ASoC: rt5650: fix the wrong result of key button
netfilter: nfnetlink_log: silence bogus compiler warning
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
irqchip/stm32-exti: add missing DT IRQ flag translation
Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
ASoC: simple-card: fixup asoc_simple_probe() error handling
MAINTAINERS: r8169: Update path to the driver
x86: Fix .brk attribute in linker script
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
rpmsg: glink: Release driver_override
rpmsg: Fix calling device_lock() on non-initialized device
rpmsg: Fix kfree() of static memory on setting driver_override
rpmsg: Constify local variable in field store macro
driver: platform: Add helper for safer setting of driver_override
x86/mm: Fix RESERVE_BRK() for older binutils
x86/mm: Simplify RESERVE_BRK()
nfsd: lock_rename() needs both directories to live on the same fs
f2fs: fix to do sanity check on inode type during garbage collection
smbdirect: missing rc checks while waiting for rdma events
kobject: Fix slab-out-of-bounds in fill_kobj_path()
arm64: fix a concurrency issue in emulation_proc_handler()
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
ARM: 8933/1: replace Sun/Solaris style flag on section directive
NFS: Don't call generic_error_remove_page() while holding locks
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
iio: exynos-adc: request second interupt only when touchscreen mode is used
perf/core: Fix potential NULL deref
nvmem: imx: correct nregs for i.MX6UL
nvmem: imx: correct nregs for i.MX6SLL
i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
gtp: fix fragmentation needed check with gso
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
treewide: Spelling fix in comment
r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
r8169: rename r8169.c to r8169_main.c
virtio-mmio: fix memory leak of vm_dev
virtio_balloon: Fix endless deflation and inflation on arm64
mcb-lpc: Reallocate memory region to avoid memory overlapping
mcb: Return actual parsed size when reading chameleon table
selftests/ftrace: Add new test case which checks non unique symbol
mmc: core: sdio: hold retuning if sdio in 1-bit mode
mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume
BACKPORT: blk-mq: fix is_flush_rq
BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool
BACKPORT: blk-mq: clearing flush request reference in tags->rqs[]
BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
Change-Id: I77108c833458ca6e870e9a884b91af20b22b0928
https://source.android.com/docs/security/bulletin/2023-12-01
* tag 'ASB-2023-12-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Revert "macsec: use DEV_STATS_INC()"
Revert "net: add DEV_STATS_READ() helper"
Linux 4.19.300
net: sched: fix race condition in qdisc_graft()
iomap: Set all uptodate bits for an Uptodate page
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
drm/amdgpu: fix error handling in amdgpu_bo_list_get()
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: correct return value of ext4_convert_meta_bg
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: apply umask if ACL support is disabled
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
media: venus: hfi: add checks to handle capabilities from firmware
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: sharp: fix sharp encoding
media: lirc: drop trailing space from scancode transmit
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
net: dsa: lan9303: consequently nested-lock physical MDIO
tty: serial: meson: fix hard LOCKUP on crtscts mode
serial: meson: Use platform_get_irq() to get the interrupt
tty: serial: meson: retrieve port FIFO size from DT
serial: meson: remove redundant initialization of variable id
tty: serial: meson: if no alias specified use an available id
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
ALSA: info: Fix potential deadlock at disconnection
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc: Prevent booting 64-bit kernels on PA1.x machines
dmaengine: stm32-mdma: correct desc prep when channel running
mcb: fix error handling for different scenarios when parsing
quota: explicitly forbid quota files from being encrypted
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
PM: hibernate: Use __get_safe_page() rather than touching the list
mmc: vub300: fix an error code
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
parisc/pdc: Add width field to struct pdc_model
PCI: keystone: Don't discard .probe() callback
PCI: keystone: Don't discard .remove() callback
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
PCI/sysfs: Protect driver's D3cold preference from user space
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
audit: don't take task_lock() in audit_exe_compare() code path
KVM: x86: Ignore MSR_AMD64_TW_CFG access
randstruct: Fix gcc-plugin performance mode to stay in group
media: venus: hfi: add checks to perform sanity on queue pointers
cifs: spnego: add ';' in HOST_KEY_LEN
macvlan: Don't propagate promisc change to lower dev in passthru
net: ethernet: cortina: Fix MTU max setting
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix max RX frame define
ptp: annotate data-race around q->head and q->tail
xen/events: fix delayed eoi list handling
ppp: limit MRU to 64K
tipc: Fix kernel-infoleak due to uninitialized TLV value
tty: Fix uninit-value access in ppp_sync_receive()
ipvlan: add ipvlan_route_v6_outbound() helper
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
pwm: Fix double shift bug
drm/amd/display: Avoid NULL dereference of timing generator
gfs2: ignore negated quota changes
media: vivid: avoid integer overflow
media: gspca: cpia1: shift-out-of-bounds in set_flicker
i2c: sun6i-p2wi: Prevent potential division by zero
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
tty: vcc: Add check for kstrdup() in vcc_probe()
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
atm: iphase: Do PCI error checks on own line
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
ARM: 9320/1: fix stack depot IRQ stack filter
jfs: fix array-index-out-of-bounds in diAlloc
jfs: fix array-index-out-of-bounds in dbFindLeaf
fs/jfs: Add validity check for db_maxag and db_agpref
fs/jfs: Add check for negative db_l2nbperpage
RDMA/hfi1: Use FIELD_GET() to extract Link Width
crypto: pcrypt - Fix hungtask for PADATA_RESET
selftests/efivarfs: create-read: fix a resource leak
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
Bluetooth: Fix double free in hci_conn_cleanup
net: annotate data-races around sk->sk_dst_pending_confirm
net: annotate data-races around sk->sk_tx_queue_mapping
wifi: ath10k: fix clang-specific fortify warning
wifi: ath9k: fix clang-specific fortify warnings
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
perf/core: Bail out early if the request AUX area is out of bound
locking/ww_mutex/test: Fix potential workqueue corruption
Revert "ipvlan: properly track tx_errors"
ANDROID: fix up platform_device ABI break
Linux 4.19.299
btrfs: use u64 for buffer sizes in the tree search ioctls
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
fbdev: fsl-diu-fb: mark wr_reg_wa() static
fbdev: imsttfb: fix a resource leak in probe
fbdev: imsttfb: Fix error path of imsttfb_probe()
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
r8169: respect userspace disabling IFF_MULTICAST
tg3: power down device only on SYSTEM_POWER_OFF
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
net/smc: wait for pending work before clcsock release_sock
net/smc: postpone release of clcsock
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
r8169: improve rtl_set_rx_mode
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
llc: verify mac len before reading mac header
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: sti: Avoid conditional gotos
media: dvb-usb-v2: af9035: fix missing unlock
media: s3c-camif: Avoid inappropriate kfree()
media: bttv: fix use after free error due to btv->timeout timer
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: cs: fix possible hung task and memory leak pccardd()
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
USB: usbip: fix stub_dev hub disconnect
tools: iio: iio_generic_buffer ensure alignment
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: privatize globals and functions in iio_generic_buffer.c file
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
ledtrig-cpu: Limit to 8 CPUs
leds: pwm: Don't disable the PWM when the LED should be off
leds: pwm: convert to atomic PWM API
leds: pwm: simplify if condition
mfd: dln2: Fix double put in dln2_probe
ASoC: ams-delta.c: use component after check
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
sh: bios: Revive earlyprintk support
RDMA/hfi1: Workaround truncation compilation error
ext4: move 'ix' sanity check to corrent position
ARM: 9321/1: memset: cast the constant byte to unsigned char
hid: cp2112: Fix duplicate workqueue initialization
HID: cp2112: Use irqchip template
nd_btt: Make BTT lanes preemptible
sched/rt: Provide migrate_disable/enable() inlines
hwrng: geode - fix accessing registers
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
firmware: ti_sci: Mark driver as non removable
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
drm/radeon: possible buffer overflow
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
platform/x86: wmi: Fix opening of char device
platform/x86: wmi: remove unnecessary initializations
platform/x86: wmi: Fix probe failure when failing to register WMI devices
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: npcm7xx: Fix incorrect kfree
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
regmap: debugfs: Fix a erroneous check after snprintf()
ipvlan: properly track tx_errors
net: add DEV_STATS_READ() helper
macsec: use DEV_STATS_INC()
macsec: Fix traffic counters/statistics
ipv6: avoid atomic fragment on GSO packets
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
chtls: fix tp->rcv_tstamp initialization
thermal: core: prevent potential string overflow
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_restart(): don't crash kernel if carrier is OK
can: dev: move driver related infrastructure into separate subdir
wifi: rtlwifi: fix EDCA limit set by BT coexistence
tcp_metrics: do not create an entry from tcp_init_metrics()
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: add missing barriers on delete
i40e: fix potential memory leaks in i40e_remove()
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
vfs: fix readahead(2) on block devices
Linux 4.19.298
tty: 8250: Add support for Intashield IS-100
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Remove UC-257 and UC-431
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
remove the sx8 block driver
ata: ahci: fix enum constants for gcc-13
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
scsi: mpt3sas: Fix in error path
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
ASoC: rt5650: fix the wrong result of key button
netfilter: nfnetlink_log: silence bogus compiler warning
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
irqchip/stm32-exti: add missing DT IRQ flag translation
Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
ASoC: simple-card: fixup asoc_simple_probe() error handling
MAINTAINERS: r8169: Update path to the driver
x86: Fix .brk attribute in linker script
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
rpmsg: glink: Release driver_override
rpmsg: Fix calling device_lock() on non-initialized device
rpmsg: Fix kfree() of static memory on setting driver_override
rpmsg: Constify local variable in field store macro
driver: platform: Add helper for safer setting of driver_override
x86/mm: Fix RESERVE_BRK() for older binutils
x86/mm: Simplify RESERVE_BRK()
nfsd: lock_rename() needs both directories to live on the same fs
f2fs: fix to do sanity check on inode type during garbage collection
smbdirect: missing rc checks while waiting for rdma events
kobject: Fix slab-out-of-bounds in fill_kobj_path()
arm64: fix a concurrency issue in emulation_proc_handler()
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
ARM: 8933/1: replace Sun/Solaris style flag on section directive
NFS: Don't call generic_error_remove_page() while holding locks
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
iio: exynos-adc: request second interupt only when touchscreen mode is used
perf/core: Fix potential NULL deref
nvmem: imx: correct nregs for i.MX6UL
nvmem: imx: correct nregs for i.MX6SLL
i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
gtp: fix fragmentation needed check with gso
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
treewide: Spelling fix in comment
r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
r8169: rename r8169.c to r8169_main.c
virtio-mmio: fix memory leak of vm_dev
virtio_balloon: Fix endless deflation and inflation on arm64
mcb-lpc: Reallocate memory region to avoid memory overlapping
mcb: Return actual parsed size when reading chameleon table
selftests/ftrace: Add new test case which checks non unique symbol
mmc: core: sdio: hold retuning if sdio in 1-bit mode
mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume
Conflicts:
drivers/clk/qcom/clk-rcg2.c
drivers/leds/leds-pwm.c
drivers/mmc/core/sdio.c
drivers/rpmsg/qcom_glink_native.c
drivers/thermal/thermal_core.c
drivers/usb/gadget/function/f_ncm.c
Change-Id: I230a2c820e39dd863a874bfc0c7a411896b0ba9c
Changes in 4.19.299
vfs: fix readahead(2) on block devices
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
i40e: fix potential memory leaks in i40e_remove()
tcp_metrics: add missing barriers on delete
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: do not create an entry from tcp_init_metrics()
wifi: rtlwifi: fix EDCA limit set by BT coexistence
can: dev: move driver related infrastructure into separate subdir
can: dev: can_restart(): don't crash kernel if carrier is OK
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
thermal: core: prevent potential string overflow
chtls: fix tp->rcv_tstamp initialization
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
ipv6: avoid atomic fragment on GSO packets
macsec: Fix traffic counters/statistics
macsec: use DEV_STATS_INC()
net: add DEV_STATS_READ() helper
ipvlan: properly track tx_errors
regmap: debugfs: Fix a erroneous check after snprintf()
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: npcm7xx: Fix incorrect kfree
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
platform/x86: wmi: Fix probe failure when failing to register WMI devices
platform/x86: wmi: remove unnecessary initializations
platform/x86: wmi: Fix opening of char device
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
drm/radeon: possible buffer overflow
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
firmware: ti_sci: Mark driver as non removable
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
hwrng: geode - fix accessing registers
sched/rt: Provide migrate_disable/enable() inlines
nd_btt: Make BTT lanes preemptible
HID: cp2112: Use irqchip template
hid: cp2112: Fix duplicate workqueue initialization
ARM: 9321/1: memset: cast the constant byte to unsigned char
ext4: move 'ix' sanity check to corrent position
RDMA/hfi1: Workaround truncation compilation error
sh: bios: Revive earlyprintk support
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
ASoC: ams-delta.c: use component after check
mfd: dln2: Fix double put in dln2_probe
leds: pwm: simplify if condition
leds: pwm: convert to atomic PWM API
leds: pwm: Don't disable the PWM when the LED should be off
ledtrig-cpu: Limit to 8 CPUs
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
tools: iio: privatize globals and functions in iio_generic_buffer.c file
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: iio_generic_buffer ensure alignment
USB: usbip: fix stub_dev hub disconnect
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
pcmcia: cs: fix possible hung task and memory leak pccardd()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
media: bttv: fix use after free error due to btv->timeout timer
media: s3c-camif: Avoid inappropriate kfree()
media: dvb-usb-v2: af9035: fix missing unlock
pwm: sti: Avoid conditional gotos
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
llc: verify mac len before reading mac header
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
r8169: improve rtl_set_rx_mode
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
net/smc: postpone release of clcsock
net/smc: wait for pending work before clcsock release_sock
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
tg3: power down device only on SYSTEM_POWER_OFF
r8169: respect userspace disabling IFF_MULTICAST
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
fbdev: imsttfb: Fix error path of imsttfb_probe()
fbdev: imsttfb: fix a resource leak in probe
fbdev: fsl-diu-fb: mark wr_reg_wa() static
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
btrfs: use u64 for buffer sizes in the tree search ioctls
Linux 4.19.299
Change-Id: I130ef8f6fcd9ce2815d8b2493f96082376730758
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 7116c0af4b8414b2f19fdb366eea213cbd9d91c2 ]
Readahead was factored to call generic_fadvise. That refactor added an
S_ISREG restriction which broke readahead on block devices.
In addition to S_ISREG, this change checks S_ISBLK to fix block device
readahead. There is no change in behavior with any file type besides block
devices in this change.
Fixes: 3d8f761531 ("vfs: implement readahead(2) using POSIX_FADV_WILLNEED")
Signed-off-by: Reuben Hawkins <reubenhwk@gmail.com>
Link: https://lore.kernel.org/r/20231003015704.2415-1-reubenhwk@gmail.com
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
* sm8250/lineage-20:
UPSTREAM: net/sched: sch_hfsc: Ensure inner classes have fsc curve
UPSTREAM: net: sched: sch_qfq: Fix UAF in qfq_dequeue()
Linux 4.19.295
net/sched: Retire rsvp classifier
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
nfsd: fix change_info in NFSv4 RENAME replies
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
attr: block mode changes of symlinks
md/raid1: fix error: ISO C90 forbids mixed declarations
kobject: Add sanity check for kset->kobj.ktype in kset_register()
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
serial: cpm_uart: Avoid suspicious locking
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
media: pci: cx23885: replace BUG with error return
media: tuners: qt1010: replace BUG_ON with a regular error
iio: core: Use min() instead of min_t() to make code more robust
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
ext2: fix datatype of block number in ext2_xattr_set2()
md: raid1: fix potential OOB in raid1_remove_disk()
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
alx: fix OOB-read compiler warning
tpm_tis: Resend command to recover from data transfer errors
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
wifi: mwifiex: fix fortify warning
wifi: ath9k: fix printk specifier
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
btrfs: output extra debug info if we failed to find an inline backref
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
parisc: Drop loops_per_jiffy from per_cpu struct
drm/amd/display: Fix a bug when searching for insert_above_mpcc
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
ixgbe: fix timestamp configuration code
kcm: Fix memory leak in error path of kcm_sendmsg()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
perf hists browser: Fix hierarchy mode header
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix crash during the panic_write
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
ata: sata_gemini: Add missing MODULE_DESCRIPTION
netfilter: nfnetlink_osf: avoid OOB read
idr: fix param name in idr_alloc_cyclic() doc
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
kcm: Destroy mutex in kcm_exit_net()
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
af_unix: Fix data race around sk->sk_err.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around user->unix_inflight.
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
veth: Fixing transmit return status for dropped packets
igb: disable virtualization features on 82580
net: read sk->sk_family once in sk_mc_loop()
pwm: lpc32xx: Remove handling of PWM channels
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
kconfig: fix possible buffer overflow
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
soc: qcom: qmi_encdec: Restrict string length in decode
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
parisc: led: Reduce CPU overhead for disk & lan LED computation
parisc: led: Fix LAN receive and transmit LEDs
drm/ast: Fix DRAM init on AST2200
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: fix inconsistent TMF timeout
udf: initialize newblock to 0
usb: typec: tcpci: clear the fault status bit
serial: sc16is7xx: fix broken port 0 uart init
sc16is7xx: Set iobase to device index
PCI/ATS: Add inline to pci_prg_resp_pasid_required()
pstore/ram: Check start of empty przs during init
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
X.509: if signature is unsupported skip validation
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
crypto: stm32 - fix loop iterating through scatterlist for DMA
dccp: Fix out of bounds access in DCCP error handler
dlm: fix plock lookup when using multiple lockspaces
parisc: Fix /proc/cpuinfo output for lscpu
procfs: block chmod on /proc/thread-self/comm
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
ntb: Fix calculation ntb_transport_tx_free_entry()
ntb: Clean up tx tail index on link down
ntb: Drop packets when qp link is down
media: dvb: symbol fixup for dvb_attach()
backlight/lv5207lp: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/gpio_backlight: Compare against struct fb_info.device
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
ipmi_si: fix a memleak in try_smi_init()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
PM / devfreq: Fix leak in devfreq_dev_release()
igb: set max size RX buffer when store bad packet is enabled
skbuff: skb_segment, Call zero copy functions before using skbuff frags
netfilter: xt_sctp: validate the flag_info count
netfilter: xt_u32: validate user space input
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
um: Fix hostaudio build errors
arch: um: drivers: Kconfig: pedantic formatting
rpmsg: glink: Add check for kstrdup
HID: multitouch: Correct devm device reference for hidinput input_dev name
Revert "IB/isert: Fix incorrect release of isert connection"
amba: bus: fix refcount leak
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
cgroup:namespace: Remove unused cgroup_namespaces_init()
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Remove auto-gain and auto-exposure controls
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
USB: gadget: f_mass_storage: Fix unused variable warning
media: go7007: Remove redundant if statement
IB/uverbs: Fix an potential error pointer dereference
dma-buf/sync_file: Fix docs syntax
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qla4xxx: Add length check when parsing nlattrs
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
media: cx24120: Add retval check for cx24120_message_send()
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: dib7000p: Fix potential division by zero
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
media: Use of_node_name_eq for node name comparisons
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
fs: lockd: avoid possible wrong NULL parameter
jfs: validate max amount of blocks before allocation.
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
nfs/blocklayout: Use the passed in gfp flags
wifi: ath10k: Use RMW accessors for changing LNKCTL
drm/radeon: Use RMW accessors for changing LNKCTL
drm/radeon: Prefer pcie_capability_read_word()
drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/radeon: Correct Transmit Margin masks
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/amdgpu: Prefer pcie_capability_read_word()
drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/amdgpu: Correct Transmit Margin masks
PCI: Add #defines for Enter Compliance, Transmit Margin
PCI: Decode PCIe 32 GT/s link speed
PCI: Cleanup register definition width and whitespace
PCI/ATS: Add pci_prg_resp_pasid_required() interface.
PCI/ASPM: Use RMW accessors for changing LNKCTL
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
clk: sunxi-ng: Modify mismatched function name
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
ALSA: ac97: Fix possible error value of *rac97
of: unittest: Fix overlay type in apply/revert check
audit: fix possible soft lockup in __audit_inode_child()
smackfs: Prevent underflow in smk_set_cipso()
drm/msm/mdp5: Don't leak some plane state
drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
drm/tegra: Remove superfluous error messages around platform_get_irq()
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s3c64xx: align pinctrl with dtschema
ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
arm64: dts: msm8996: thermal: Add interrupt support
quota: fix dqput() to follow the guarantees dquot_srcu should provide
quota: add new helper dquot_active()
quota: rename dquot_active() to inode_quota_active()
quota: factor out dquot_write_dquot()
quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
quota: add dqi_dirty_list description to comment of Dquot List Management
netrom: Deny concurrent connect().
net/sched: sch_hfsc: Ensure inner classes have fsc curve
net: arcnet: Do not call kfree_skb() under local_irq_disable()
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
fs: ocfs2: namei: check return value of ocfs2_add_entry()
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
crypto: caam - fix unchecked return value error
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
mwifiex: switch from 'pci_' to 'dma_' API
mwifiex: drop 'set_consistent_dma_mask' log message
wifi: mwifiex: Fix OOB and integer underflow when rx packets
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
regmap: rbtree: Use alloc_flags for memory allocations
tcp: tcp_enter_quickack_mode() should be static
bpf: Clear the probe_addr for uprobe
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
fs: Fix error checking for d_hash_and_lookup()
netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
netfilter: nft_flow_offload: fix underflow in flowtable reference counter
new helper: lookup_positive_unlocked()
eventfd: prevent underflow for eventfd semaphores
eventfd: Export eventfd_ctx_do_read()
reiserfs: Check the return value from __getblk()
Revert "net: macsec: preserve ingress frame ordering"
udf: Handle error when adding extent to a file
udf: Check consistency of Space Bitmap Descriptor
powerpc/32s: Fix assembler warning about r0
powerpc/32: Include .branch_lt in data section
net: Avoid address overwrite in kernel_connect
ALSA: seq: oss: Fix racy open/close of MIDI devices
cifs: add a warning when the in-flight count goes negative
sctp: handle invalid error codes without calling BUG()
bnx2x: fix page fault following EEH recovery
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
net: usb: qmi_wwan: add Quectel EM05GV2
security: keys: perform capable check only on privileged operations
platform/x86: intel: hid: Always call BTNL ACPI method
ASoC: atmel: Fix the 8K sample parameter in I2SC master
ASoc: codecs: ES8316: Fix DMIC config
fs/nls: make load_nls() take a const parameter
s390/dasd: fix hanging device after request requeue
s390/dasd: use correct number of retries for ERP requests
m68k: Fix invalid .section syntax
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
ethernet: atheros: fix return value check in atl1c_tso_csum()
ASoC: da7219: Check for failure reading AAD IRQ events
ASoC: da7219: Flush pending AAD IRQ when suspending
9p: virtio: make sure 'offs' is initialized in zc_request
pinctrl: amd: Don't show `Invalid config param` errors
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
serial: sc16is7xx: fix bug when first setting GPIO direction
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
HID: wacom: remove the battery when the EKR is off
USB: serial: option: add FOXCONN T99W368/T99W373 product
USB: serial: option: add Quectel EM05G variant (0x030e)
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
mmc: au1xmmc: force non-modular build and remove symbol_get usage
ARM: pxa: remove use of symbol_get()
erofs: ensure that the post-EOF tails are all zeroed
dsp: add lock in ion free to avoid use after free
mdm: dataipa: increase the size of prefetch buffer
exec: Force single empty string when argv is empty
BACKPORT: FROMLIST: mm: protect free_pgtables with mmap_lock write lock in exit_mmap
ASoC: Resolve use after free in listen sound client
qseecom: Release ion buffer in case of keymaster TA
msm: camera: cci: Optimize the processing of CCI timeout
Change-Id: I76a47c3c280485aeb05172abf54bab87a424ae80
"LA.UM.9.12.r1-16200-SMxx50.QSSI12.0"
* tag 'LA.UM.9.12.r1-16200-SMxx50.QSSI12.0' of https://git.codelinaro.org/clo/la/kernel/msm-4.19:
mdm: dataipa: increase the size of prefetch buffer
exec: Force single empty string when argv is empty
BACKPORT: FROMLIST: mm: protect free_pgtables with mmap_lock write lock in exit_mmap
qseecom: Release ion buffer in case of keymaster TA
Change-Id: I599d46bee0c79200fd55ff0705dd8b5d51ecc2d8
* sm8250/lineage-20:
BACKPORT: qcacld-3.0: Ignore CSA request for invalid channel
Linux 4.19.294
Revert "ARM: ep93xx: fix missing-prototype warnings"
Revert "MIPS: Alchemy: fix dbdma2"
Linux 4.19.293
dma-buf/sw_sync: Avoid recursive lock during fence signal
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
scsi: core: raid_class: Remove raid_component_add()
scsi: snic: Fix double free in snic_tgt_create()
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
netfilter: nf_queue: fix socket leak
sched/rt: pick_next_rt_entity(): check list_entry
mmc: block: Fix in_flight[issue_type] value error
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Don't increase MTU when set by user
batman-adv: Trigger events for auto adjusted MTU
nfsd: Fix race to FREE_STATEID and cl_revoked
ibmveth: Use dcbf rather than dcbfl
ipvs: fix racy memcpy in proc_do_sync_threshold
ipvs: Improve robustness to the ipvs sysctl
bonding: fix macvlan over alb bond support
net: remove bond_slave_has_mac_rcu()
net/sched: fix a qdisc modification with ambiguous command request
igb: Avoid starting unnecessary workqueues
dccp: annotate data-races in dccp_poll()
sock: annotate data-races around prot->memory_pressure
tracing: Fix memleak due to race between current_tracer and trace
drm/amd/display: check TG is non-null before checking if enabled
drm/amd/display: do not wait for mpc idle if tg is disabled
regmap: Account for register length in SMBus I/O limits
dm integrity: reduce vmalloc space footprint on 32-bit architectures
dm integrity: increase RECALC_SECTORS to improve recalculate speed
powerpc: Fail build if using recordmcount with binutils v2.37
powerpc: remove leftover code of old GCC version checks
powerpc/32: add stack protector support
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
PCI: acpiphp: Reassign resources on bridge if necessary
net: phy: broadcom: stub c45 read/write for 54810
net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
virtio-net: set queues after driver_ok
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
test_firmware: prevent race conditions by a correct implementation of locking
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
cifs: Release folio lock on fscache read hit.
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
serial: 8250: Fix oops for port->pm on uart_change_pm()
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ASoC: rt5665: add missed regulator_bulk_disable
net: do not allow gso_size to be set to GSO_BY_FRAGS
sock: Fix misuse of sk_under_memory_pressure()
i40e: fix misleading debug logs
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
netfilter: nft_dynset: disallow object maps
selftests: mirror_gre_changes: Tighten up the TTL test match
xfrm: add NULL check in xfrm_update_ae_params
ip_vti: fix potential slab-use-after-free in decode_session6
ip6_vti: fix slab-use-after-free in decode_session6
xfrm: fix slab-use-after-free in decode_session6
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
net: af_key: fix sadb_x_filter validation
net: xfrm: Fix xfrm_address_filter OOB read
btrfs: fix BUG_ON condition in btrfs_cancel_balance
powerpc/rtas_flash: allow user copy to flash block cache objects
fbdev: mmp: fix value check in mmphw_probe()
virtio-mmio: don't break lifecycle of vm_dev
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: convert to devm_platform_ioremap_resource
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
block: fix signed int overflow in Amiga partition support
mmc: sunxi: fix deferred probing
mmc: bcm2835: fix deferred probing
mmc: Remove dev_err() usage after platform_get_irq()
mmc: tmio: move tmio_mmc_set_clock() to platform hook
mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock()
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
USB: dwc3: qcom: fix NULL-deref on suspend
usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
irqchip/mips-gic: Use raw spinlock for gic_lock
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
powerpc/64s/radix: Fix soft dirty tracking
powerpc: Move page table dump files in a dedicated subdirectory
powerpc/mm: dump block address translation on book3s/32
powerpc/mm: dump segment registers on book3s/32
powerpc/mm: Move pgtable_t into platform headers
powerpc/mm: move platform specific mmu-xxx.h in platform directories
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: adc: stx104: Implement and utilize register structures
iio: adc: stx104: Utilize iomap interface
iio: add addac subdirectory
IMA: allow/fix UML builds
drm/amdgpu: Fix potential fence use-after-free v2
Bluetooth: L2CAP: Fix use-after-free
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
gfs2: Fix possible data races in gfs2_show_options()
media: platform: mediatek: vpu: fix NULL ptr dereference
media: v4l2-mem2mem: add lock to protect parameter num_rdy
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
MIPS: dec: prom: Address -Warray-bounds warning
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
udf: Fix uninitialized array access for some pathnames
HID: add quirk for 03f0:464a HP Elite Presenter Mouse
quota: fix warning in dqgrab()
quota: Properly disable quotas when add_dquot_ref() fails
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
drm/radeon: Fix integer overflow in radeon_cs_parser_init
selftests: forwarding: tc_flower: Relax success criterion
lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
Revert "posix-timers: Ensure timer ID search-loop limit is valid"
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
Linux 4.19.292
sch_netem: fix issues in netem_change() vs get_dist_table()
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: core: Fix legacy /proc parsing buffer overflow
netfilter: nf_tables: report use refcount overflow
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
IB/hfi1: Fix possible panic during hotplug remove
drivers: net: prevent tun_build_skb() to exceed the packet size limit
dccp: fix data-race around dp->dccps_mss_cache
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net/packet: annotate data-races around tp->status
mISDN: Update parameter type of dsp_cmx_send()
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
usb: dwc3: Properly handle processing of pending events
usb-storage: alauda: Fix uninit-value in alauda_check_media()
binder: fix memory leak in binder_init()
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
radix tree test suite: fix incorrect allocation size for pthreads
drm/nouveau/gr: enable memory loads on helper invocation on all channels
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
ipv6: adjust ndisc_is_useropt() to also return true for PIO
mmc: moxart: read scr register without changing byte order
sparc: fix up arch_cpu_finalize_init() build breakage.
UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
Linux 4.19.291
drm/edid: fix objtool warning in drm_cvt_modes()
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
ARM: dts: imx6sll: fixup of operating points
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: Make ssi node name same as other platforms
PM: sleep: wakeirq: fix wake irq arming
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
powerpc/mm/altmap: Fix altmap boundary check
mtd: rawnand: omap_elm: Fix incorrect type in assignment
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
test_firmware: fix a memory leak with reqs buffer
ext2: Drop fragment support
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
fs/sysv: Null check to prevent null-ptr-deref bug
USB: zaurus: Add ID for A-300/B-500/C-700
libceph: fix potential hang in ceph_osdc_notify()
scsi: zfcp: Defer fc_rport blocking until after ADISC response
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: fix addr_same() helper
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net: add missing data-race annotation for sk_ll_usec
net: add missing data-race annotations around sk->sk_peek_off
net: sched: cls_u32: Fix match key mis-addressing
perf test uprobe_from_different_cu: Skip if there is no gcc
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
KVM: s390: fix sthyi error handling
word-at-a-time: use the same return type for has_zero regardless of endianness
loop: Select I/O scheduler 'none' from inside add_disk()
perf: Fix function pointer case
net/sched: cls_u32: Fix reference counter leak leading to overflow
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
drm/client: Fix memory leak in drm_client_target_cloned
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
s390/dasd: fix hanging device after quiesce/resume
virtio-net: fix race between set queues and probe
serial: 8250_dw: Preserve original value of DLF register
serial: 8250_dw: split Synopsys DesignWare 8250 common functions
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
tpm_tis: Explicitly check for error code
btrfs: check for commit error at btrfs_attach_transaction_barrier()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Documentation: security-bugs.rst: clarify CVE handling
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
usb: xhci-mtk: set the dma max_seg_size
USB: quirks: add quirk for Focusrite Scarlett
usb: ohci-at91: Fix the unhandle interrupt when resume
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
USB: serial: simple: sort driver entries
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: option: add Quectel EC200A module support
USB: serial: option: support Quectel EM060K_128
tracing: Fix warning in trace_buffered_event_disable()
ring-buffer: Fix wrong stat of cpu_buffer->read
ata: pata_ns87415: mark ns87560_tf_read static
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
block: Fix a source code comment in include/uapi/linux/blkzoned.h
ASoC: fsl_spdif: Silence output on stop
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
RDMA/mlx4: Make check for invalid flags stricter
benet: fix return value check in be_lancer_xmit_workarounds()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: refactor nlattr parsing to a separate function
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
team: reset team's flags when down link is P2P device
bonding: reset bond's flags when down link is P2P device
tcp: Reduce chance of collisions in inet6_hashfn().
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
ethernet: atheros: fix return value check in atl1e_tso_csum()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Check if pages were allocated before calling free_pages()
ftrace: Add information on number of page groups allocated
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
PCI/ASPM: Avoid link retraining race
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI: Rework pcie_retrain_link() wait loop
ext4: Fix reusing stale buffer heads from last failed mounting
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
btrfs: fix extent buffer leak after tree mod log failure at split_node()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
tcp: annotate data-races around fastopenq.max_qlen
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->linger2
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nf_tables: fix spurious set element insertion failure
llc: Don't drop packet from non-root netns.
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
net:ipv6: check return value of pskb_trim()
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
pinctrl: amd: Use amd_pinconf_set() for all config options
fbdev: imxfb: warn about invalid left/right margin
spi: bcm63xx: fix max prepend length
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
bpf: Address KCSAN report on bpf_lru_list
sched/fair: Don't balance task to its current running CPU
posix-timers: Ensure timer ID search-loop limit is valid
md/raid10: prevent soft lockup while flush writes
md: fix data corruption for raid456 when reshape restart while grow up
nbd: Add the maximum limit of allocated index in nbd_dev_add
debugobjects: Recheck debug_objects_enabled before reporting
ext4: correct inline offset when handling xattrs in inode body
can: bcm: Fix UAF in bcm_proc_show()
fuse: revalidate: don't invalidate if interrupted
perf probe: Add test for regression introduced by switch to die_get_decl_file()
tracing/histograms: Add histograms to hist_vars if they have referenced variables
drm/atomic: Fix potential use-after-free in nonblocking commits
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Wait for io return on terminate rport
xtensa: ISS: fix call to split_if_spec
ring-buffer: Fix deadloop issue on reading trace_pipe
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
Revert "8250: add support for ASIX devices with a FIFO bug"
meson saradc: fix clock divider mask length
ceph: don't let check_caps skip sending responses for revoke msgs
hwrng: imx-rngc - fix the timeout for init and self check
serial: atmel: don't enable IRQs prematurely
fs: dlm: return positive pid value for F_GETLK
md/raid0: add discard support for the 'original' layout
misc: pci_endpoint_test: Re-init completion for every test
misc: pci_endpoint_test: Free IRQs before removing the device
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
ext4: only update i_reserved_data_blocks on successful block allocation
ext4: fix wrong unit use in ext4_mb_clear_bb
perf intel-pt: Fix CYC timestamps after standalone CBR
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
pinctrl: amd: Only use special debounce behavior for GPIO 0
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Fix mistake in handling clearing pins at startup
net/sched: make psched_mtu() RTNL-less safe
wifi: airo: avoid uninitialized warning in airo_get_rate()
ipv6/addrconf: fix a potential refcount underflow for idev
NTB: ntb_tool: Add check for devm_kcalloc
NTB: ntb_transport: fix possible memory leak while device_register() fails
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: idt: Fix error handling in idt_pci_driver_init()
udp6: fix udp6_ehashfn() typo
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
vrf: Increment Icmp6InMsgs on the original netdev
net: mvneta: fix txq_map in case of txq_number==1
workqueue: clean up WORK_* constant types, clarify masking
net: lan743x: Don't sleep in atomic context
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nftables: add helper function to set the base sequence number
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: fix nat hook table deletion
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
ARM: orion5x: fix d2net gpio initialization
btrfs: fix race when deleting quota root from the dirty cow roots list
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
integrity: Fix possible multiple allocation in integrity_inode_get()
bcache: Remove unnecessary NULL point check in node allocations
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: core: disable TRIM on Kingston EMMC04G-M627
NFSD: add encoding of op_recall flag for write delegation
ALSA: jack: Fix mutex call in snd_jack_report()
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
sh: dma: Fix DMA channel offset calculation
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
tcp: annotate data races in __tcp_oow_rate_limited()
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
f2fs: fix error path handling in truncate_dnode()
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
mfd: stmpe: Only disable the regulators if they are enabled
mfd: intel-lpss: Add missing check for platform_get_resource
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: rt5033: Drop rt5033-battery sub-device
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
extcon: Fix kernel doc of property capability fields to avoid warnings
extcon: Fix kernel doc of property fields to avoid warnings
media: usb: siano: Fix warning due to null work_func_t function pointer
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: Check az6007_read() return value
sh: j2: Use ioremap() to translate device tree address into kernel memory
w1: fix loop in w1_fini()
block: change all __u32 annotations to __be32 in affs_hardblocks.h
USB: serial: option: add LARA-R6 01B PIDs
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARCv2: entry: avoid a branch
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: comments about hardware auto-save on taken interrupts
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
modpost: fix section mismatch message for R_ARM_ABS32
crypto: nx - fix build warnings when DEBUG_FS is not enabled
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
pinctrl: at91-pio4: check return value of devm_kasprintf()
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: cherryview: Return correct value if pin in push-pull mode
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/radeon: fix possible division-by-zero errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
soc/fsl/qe: fix usb.c build errors
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ARM: ep93xx: fix missing-prototype warnings
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Input: adxl34x - do not hardcode interrupt trigger type
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: drv260x - sleep between polling GO bit
radeon: avoid double free in ci_dpm_init()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
ipvlan: Fix return value of ipvlan_queue_xmit()
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
lib/ts_bm: reset initial match offset for every block of text
gtp: Fix use-after-free in __gtp_encap_destroy().
netlink: do not hard code device address lenth in fdb dumps
netlink: fix potential deadlock in netlink_set_err()
wifi: ath9k: convert msecs to jiffies where needed
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
memstick r592: make memstick_debug_get_tpc_name() static
kexec: fix a memory leak in crash_shrink_memory()
watchdog/perf: more properly prevent false positives with turbo modes
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wl3501_cs: use eth_hw_addr_set()
net: create netdev->dev_addr assignment helpers
wl3501_cs: Fix misspelling and provide missing documentation
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix a bunch of formatting issues related to function docs
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
nfc: constify several pointers to u8, char and sk_buff
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
evm: Complete description of evm_inode_setattr()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
PM: domains: fix integer overflow issues in genpd_parse_state()
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
clocksource/drivers: Unify the names to timer-* format
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
md/raid10: fix io loss while replacement replace rdev
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
treewide: Remove uninitialized_var() usage
drm/amdgpu: Validate VM ioctl flags.
scripts/tags.sh: Resolve gtags empty index generation
drm/edid: Fix uninitialized variable in drm_cvt_modes()
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
video: imsttfb: check for ioremap() failures
x86/smp: Use dedicated cache-line for mwait_play_dead()
gfs2: Don't deref jdesc in evict
dsp: q6lsm: Add check for payload buffer
dsp: q6lsm: Address use after free for mmap handle
ASoC: msm-pcm-host-voice: Check validity of session idx
Linux 4.19.290
x86: fix backwards merge of GDS/SRSO bit
xen/netback: Fix buffer overrun triggered by unusual packet
Documentation/x86: Fix backwards on/off logic about YMM support
x86/xen: Fix secondary processors' FPU initialization
KVM: Add GDS_NO support to KVM
x86/speculation: Add Kconfig option for GDS
x86/speculation: Add force option to GDS mitigation
x86/speculation: Add Gather Data Sampling mitigation
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
x86/fpu: Mark init functions __init
x86/fpu: Remove cpuinfo argument from init functions
init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
init: Invoke arch_cpu_finalize_init() earlier
init: Remove check_bugs() leftovers
um/cpu: Switch to arch_cpu_finalize_init()
sparc/cpu: Switch to arch_cpu_finalize_init()
sh/cpu: Switch to arch_cpu_finalize_init()
mips/cpu: Switch to arch_cpu_finalize_init()
m68k/cpu: Switch to arch_cpu_finalize_init()
ia64/cpu: Switch to arch_cpu_finalize_init()
ARM: cpu: Switch to arch_cpu_finalize_init()
x86/cpu: Switch to arch_cpu_finalize_init()
init: Provide arch_cpu_finalize_init()
soc: qcom: glink_probe: Notify on powerup failure
Linux 4.19.289
x86/cpu/amd: Add a Zenbleed fix
x86/cpu/amd: Move the errata checking functionality up
x86/microcode/AMD: Load late on both threads too
Change-Id: Iaecf8e8872558360a8565986e19b0a7279fe5969
https://source.android.com/docs/security/bulletin/2023-09-01
* tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.294
Revert "ARM: ep93xx: fix missing-prototype warnings"
Revert "MIPS: Alchemy: fix dbdma2"
Linux 4.19.293
dma-buf/sw_sync: Avoid recursive lock during fence signal
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
scsi: core: raid_class: Remove raid_component_add()
scsi: snic: Fix double free in snic_tgt_create()
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
netfilter: nf_queue: fix socket leak
sched/rt: pick_next_rt_entity(): check list_entry
mmc: block: Fix in_flight[issue_type] value error
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Don't increase MTU when set by user
batman-adv: Trigger events for auto adjusted MTU
nfsd: Fix race to FREE_STATEID and cl_revoked
ibmveth: Use dcbf rather than dcbfl
ipvs: fix racy memcpy in proc_do_sync_threshold
ipvs: Improve robustness to the ipvs sysctl
bonding: fix macvlan over alb bond support
net: remove bond_slave_has_mac_rcu()
net/sched: fix a qdisc modification with ambiguous command request
igb: Avoid starting unnecessary workqueues
dccp: annotate data-races in dccp_poll()
sock: annotate data-races around prot->memory_pressure
tracing: Fix memleak due to race between current_tracer and trace
drm/amd/display: check TG is non-null before checking if enabled
drm/amd/display: do not wait for mpc idle if tg is disabled
regmap: Account for register length in SMBus I/O limits
dm integrity: reduce vmalloc space footprint on 32-bit architectures
dm integrity: increase RECALC_SECTORS to improve recalculate speed
powerpc: Fail build if using recordmcount with binutils v2.37
powerpc: remove leftover code of old GCC version checks
powerpc/32: add stack protector support
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
PCI: acpiphp: Reassign resources on bridge if necessary
net: phy: broadcom: stub c45 read/write for 54810
net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
virtio-net: set queues after driver_ok
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
test_firmware: prevent race conditions by a correct implementation of locking
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
cifs: Release folio lock on fscache read hit.
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
serial: 8250: Fix oops for port->pm on uart_change_pm()
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ASoC: rt5665: add missed regulator_bulk_disable
net: do not allow gso_size to be set to GSO_BY_FRAGS
sock: Fix misuse of sk_under_memory_pressure()
i40e: fix misleading debug logs
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
netfilter: nft_dynset: disallow object maps
selftests: mirror_gre_changes: Tighten up the TTL test match
xfrm: add NULL check in xfrm_update_ae_params
ip_vti: fix potential slab-use-after-free in decode_session6
ip6_vti: fix slab-use-after-free in decode_session6
xfrm: fix slab-use-after-free in decode_session6
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
net: af_key: fix sadb_x_filter validation
net: xfrm: Fix xfrm_address_filter OOB read
btrfs: fix BUG_ON condition in btrfs_cancel_balance
powerpc/rtas_flash: allow user copy to flash block cache objects
fbdev: mmp: fix value check in mmphw_probe()
virtio-mmio: don't break lifecycle of vm_dev
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: convert to devm_platform_ioremap_resource
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
block: fix signed int overflow in Amiga partition support
mmc: sunxi: fix deferred probing
mmc: bcm2835: fix deferred probing
mmc: Remove dev_err() usage after platform_get_irq()
mmc: tmio: move tmio_mmc_set_clock() to platform hook
mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock()
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
USB: dwc3: qcom: fix NULL-deref on suspend
usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
irqchip/mips-gic: Use raw spinlock for gic_lock
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
powerpc/64s/radix: Fix soft dirty tracking
powerpc: Move page table dump files in a dedicated subdirectory
powerpc/mm: dump block address translation on book3s/32
powerpc/mm: dump segment registers on book3s/32
powerpc/mm: Move pgtable_t into platform headers
powerpc/mm: move platform specific mmu-xxx.h in platform directories
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: adc: stx104: Implement and utilize register structures
iio: adc: stx104: Utilize iomap interface
iio: add addac subdirectory
IMA: allow/fix UML builds
drm/amdgpu: Fix potential fence use-after-free v2
Bluetooth: L2CAP: Fix use-after-free
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
gfs2: Fix possible data races in gfs2_show_options()
media: platform: mediatek: vpu: fix NULL ptr dereference
media: v4l2-mem2mem: add lock to protect parameter num_rdy
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
MIPS: dec: prom: Address -Warray-bounds warning
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
udf: Fix uninitialized array access for some pathnames
HID: add quirk for 03f0:464a HP Elite Presenter Mouse
quota: fix warning in dqgrab()
quota: Properly disable quotas when add_dquot_ref() fails
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
drm/radeon: Fix integer overflow in radeon_cs_parser_init
selftests: forwarding: tc_flower: Relax success criterion
lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
Revert "posix-timers: Ensure timer ID search-loop limit is valid"
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
Linux 4.19.292
sch_netem: fix issues in netem_change() vs get_dist_table()
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: core: Fix legacy /proc parsing buffer overflow
netfilter: nf_tables: report use refcount overflow
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
IB/hfi1: Fix possible panic during hotplug remove
drivers: net: prevent tun_build_skb() to exceed the packet size limit
dccp: fix data-race around dp->dccps_mss_cache
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net/packet: annotate data-races around tp->status
mISDN: Update parameter type of dsp_cmx_send()
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
usb: dwc3: Properly handle processing of pending events
usb-storage: alauda: Fix uninit-value in alauda_check_media()
binder: fix memory leak in binder_init()
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
radix tree test suite: fix incorrect allocation size for pthreads
drm/nouveau/gr: enable memory loads on helper invocation on all channels
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
ipv6: adjust ndisc_is_useropt() to also return true for PIO
mmc: moxart: read scr register without changing byte order
sparc: fix up arch_cpu_finalize_init() build breakage.
UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
Linux 4.19.291
drm/edid: fix objtool warning in drm_cvt_modes()
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
ARM: dts: imx6sll: fixup of operating points
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: Make ssi node name same as other platforms
PM: sleep: wakeirq: fix wake irq arming
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
powerpc/mm/altmap: Fix altmap boundary check
mtd: rawnand: omap_elm: Fix incorrect type in assignment
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
test_firmware: fix a memory leak with reqs buffer
ext2: Drop fragment support
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
fs/sysv: Null check to prevent null-ptr-deref bug
USB: zaurus: Add ID for A-300/B-500/C-700
libceph: fix potential hang in ceph_osdc_notify()
scsi: zfcp: Defer fc_rport blocking until after ADISC response
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: fix addr_same() helper
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net: add missing data-race annotation for sk_ll_usec
net: add missing data-race annotations around sk->sk_peek_off
net: sched: cls_u32: Fix match key mis-addressing
perf test uprobe_from_different_cu: Skip if there is no gcc
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
KVM: s390: fix sthyi error handling
word-at-a-time: use the same return type for has_zero regardless of endianness
loop: Select I/O scheduler 'none' from inside add_disk()
perf: Fix function pointer case
net/sched: cls_u32: Fix reference counter leak leading to overflow
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
drm/client: Fix memory leak in drm_client_target_cloned
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
s390/dasd: fix hanging device after quiesce/resume
virtio-net: fix race between set queues and probe
serial: 8250_dw: Preserve original value of DLF register
serial: 8250_dw: split Synopsys DesignWare 8250 common functions
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
tpm_tis: Explicitly check for error code
btrfs: check for commit error at btrfs_attach_transaction_barrier()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Documentation: security-bugs.rst: clarify CVE handling
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
usb: xhci-mtk: set the dma max_seg_size
USB: quirks: add quirk for Focusrite Scarlett
usb: ohci-at91: Fix the unhandle interrupt when resume
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
USB: serial: simple: sort driver entries
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: option: add Quectel EC200A module support
USB: serial: option: support Quectel EM060K_128
tracing: Fix warning in trace_buffered_event_disable()
ring-buffer: Fix wrong stat of cpu_buffer->read
ata: pata_ns87415: mark ns87560_tf_read static
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
block: Fix a source code comment in include/uapi/linux/blkzoned.h
ASoC: fsl_spdif: Silence output on stop
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
RDMA/mlx4: Make check for invalid flags stricter
benet: fix return value check in be_lancer_xmit_workarounds()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: refactor nlattr parsing to a separate function
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
team: reset team's flags when down link is P2P device
bonding: reset bond's flags when down link is P2P device
tcp: Reduce chance of collisions in inet6_hashfn().
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
ethernet: atheros: fix return value check in atl1e_tso_csum()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Check if pages were allocated before calling free_pages()
ftrace: Add information on number of page groups allocated
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
PCI/ASPM: Avoid link retraining race
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI: Rework pcie_retrain_link() wait loop
ext4: Fix reusing stale buffer heads from last failed mounting
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
btrfs: fix extent buffer leak after tree mod log failure at split_node()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
tcp: annotate data-races around fastopenq.max_qlen
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->linger2
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nf_tables: fix spurious set element insertion failure
llc: Don't drop packet from non-root netns.
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
net:ipv6: check return value of pskb_trim()
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
pinctrl: amd: Use amd_pinconf_set() for all config options
fbdev: imxfb: warn about invalid left/right margin
spi: bcm63xx: fix max prepend length
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
bpf: Address KCSAN report on bpf_lru_list
sched/fair: Don't balance task to its current running CPU
posix-timers: Ensure timer ID search-loop limit is valid
md/raid10: prevent soft lockup while flush writes
md: fix data corruption for raid456 when reshape restart while grow up
nbd: Add the maximum limit of allocated index in nbd_dev_add
debugobjects: Recheck debug_objects_enabled before reporting
ext4: correct inline offset when handling xattrs in inode body
can: bcm: Fix UAF in bcm_proc_show()
fuse: revalidate: don't invalidate if interrupted
perf probe: Add test for regression introduced by switch to die_get_decl_file()
tracing/histograms: Add histograms to hist_vars if they have referenced variables
drm/atomic: Fix potential use-after-free in nonblocking commits
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Wait for io return on terminate rport
xtensa: ISS: fix call to split_if_spec
ring-buffer: Fix deadloop issue on reading trace_pipe
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
Revert "8250: add support for ASIX devices with a FIFO bug"
meson saradc: fix clock divider mask length
ceph: don't let check_caps skip sending responses for revoke msgs
hwrng: imx-rngc - fix the timeout for init and self check
serial: atmel: don't enable IRQs prematurely
fs: dlm: return positive pid value for F_GETLK
md/raid0: add discard support for the 'original' layout
misc: pci_endpoint_test: Re-init completion for every test
misc: pci_endpoint_test: Free IRQs before removing the device
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
ext4: only update i_reserved_data_blocks on successful block allocation
ext4: fix wrong unit use in ext4_mb_clear_bb
perf intel-pt: Fix CYC timestamps after standalone CBR
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
pinctrl: amd: Only use special debounce behavior for GPIO 0
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Fix mistake in handling clearing pins at startup
net/sched: make psched_mtu() RTNL-less safe
wifi: airo: avoid uninitialized warning in airo_get_rate()
ipv6/addrconf: fix a potential refcount underflow for idev
NTB: ntb_tool: Add check for devm_kcalloc
NTB: ntb_transport: fix possible memory leak while device_register() fails
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: idt: Fix error handling in idt_pci_driver_init()
udp6: fix udp6_ehashfn() typo
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
vrf: Increment Icmp6InMsgs on the original netdev
net: mvneta: fix txq_map in case of txq_number==1
workqueue: clean up WORK_* constant types, clarify masking
net: lan743x: Don't sleep in atomic context
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nftables: add helper function to set the base sequence number
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: fix nat hook table deletion
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
ARM: orion5x: fix d2net gpio initialization
btrfs: fix race when deleting quota root from the dirty cow roots list
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
integrity: Fix possible multiple allocation in integrity_inode_get()
bcache: Remove unnecessary NULL point check in node allocations
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: core: disable TRIM on Kingston EMMC04G-M627
NFSD: add encoding of op_recall flag for write delegation
ALSA: jack: Fix mutex call in snd_jack_report()
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
sh: dma: Fix DMA channel offset calculation
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
tcp: annotate data races in __tcp_oow_rate_limited()
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
f2fs: fix error path handling in truncate_dnode()
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
mfd: stmpe: Only disable the regulators if they are enabled
mfd: intel-lpss: Add missing check for platform_get_resource
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: rt5033: Drop rt5033-battery sub-device
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
extcon: Fix kernel doc of property capability fields to avoid warnings
extcon: Fix kernel doc of property fields to avoid warnings
media: usb: siano: Fix warning due to null work_func_t function pointer
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: Check az6007_read() return value
sh: j2: Use ioremap() to translate device tree address into kernel memory
w1: fix loop in w1_fini()
block: change all __u32 annotations to __be32 in affs_hardblocks.h
USB: serial: option: add LARA-R6 01B PIDs
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARCv2: entry: avoid a branch
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: comments about hardware auto-save on taken interrupts
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
modpost: fix section mismatch message for R_ARM_ABS32
crypto: nx - fix build warnings when DEBUG_FS is not enabled
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
pinctrl: at91-pio4: check return value of devm_kasprintf()
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: cherryview: Return correct value if pin in push-pull mode
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/radeon: fix possible division-by-zero errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
soc/fsl/qe: fix usb.c build errors
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ARM: ep93xx: fix missing-prototype warnings
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Input: adxl34x - do not hardcode interrupt trigger type
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: drv260x - sleep between polling GO bit
radeon: avoid double free in ci_dpm_init()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
ipvlan: Fix return value of ipvlan_queue_xmit()
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
lib/ts_bm: reset initial match offset for every block of text
gtp: Fix use-after-free in __gtp_encap_destroy().
netlink: do not hard code device address lenth in fdb dumps
netlink: fix potential deadlock in netlink_set_err()
wifi: ath9k: convert msecs to jiffies where needed
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
memstick r592: make memstick_debug_get_tpc_name() static
kexec: fix a memory leak in crash_shrink_memory()
watchdog/perf: more properly prevent false positives with turbo modes
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wl3501_cs: use eth_hw_addr_set()
net: create netdev->dev_addr assignment helpers
wl3501_cs: Fix misspelling and provide missing documentation
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix a bunch of formatting issues related to function docs
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
nfc: constify several pointers to u8, char and sk_buff
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
evm: Complete description of evm_inode_setattr()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
PM: domains: fix integer overflow issues in genpd_parse_state()
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
clocksource/drivers: Unify the names to timer-* format
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
md/raid10: fix io loss while replacement replace rdev
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
treewide: Remove uninitialized_var() usage
drm/amdgpu: Validate VM ioctl flags.
scripts/tags.sh: Resolve gtags empty index generation
drm/edid: Fix uninitialized variable in drm_cvt_modes()
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
video: imsttfb: check for ioremap() failures
x86/smp: Use dedicated cache-line for mwait_play_dead()
gfs2: Don't deref jdesc in evict
Linux 4.19.290
x86: fix backwards merge of GDS/SRSO bit
xen/netback: Fix buffer overrun triggered by unusual packet
Documentation/x86: Fix backwards on/off logic about YMM support
x86/xen: Fix secondary processors' FPU initialization
KVM: Add GDS_NO support to KVM
x86/speculation: Add Kconfig option for GDS
x86/speculation: Add force option to GDS mitigation
x86/speculation: Add Gather Data Sampling mitigation
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
x86/fpu: Mark init functions __init
x86/fpu: Remove cpuinfo argument from init functions
init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
init: Invoke arch_cpu_finalize_init() earlier
init: Remove check_bugs() leftovers
um/cpu: Switch to arch_cpu_finalize_init()
sparc/cpu: Switch to arch_cpu_finalize_init()
sh/cpu: Switch to arch_cpu_finalize_init()
mips/cpu: Switch to arch_cpu_finalize_init()
m68k/cpu: Switch to arch_cpu_finalize_init()
ia64/cpu: Switch to arch_cpu_finalize_init()
ARM: cpu: Switch to arch_cpu_finalize_init()
x86/cpu: Switch to arch_cpu_finalize_init()
init: Provide arch_cpu_finalize_init()
Conflicts:
drivers/mmc/core/block.c
drivers/mmc/host/sdhci-msm.c
drivers/usb/dwc3/core.c
drivers/usb/dwc3/gadget.c
Change-Id: Id2f4d5c8067f8e5eda39c0eaa5e59d54a394b4c7
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWBMYACgkQONu9yGCS
aT5fcw//f8IqgXhnM1RmdENWcj8Yttld1jY0L8+z2fRvkzmuqFJAnOuTEP/BV9Zk
iMNH6Hg5iZh/ajGyW4OxsWHvaDNyZtpPOgNtQkhHPPDq5tqAgg+8ZgPlZkmbvnGd
askxaSJE7OuJOfG193o/Uf0CR/boSIN1ioIu0vumqhrP2NUbe44/PLeSB239ZdGy
nIaBo1JXffOH8P7kSS4E9NSrfoA9MQEuJgcYPkc1c08W2FWO8MftM/hdQtXGwbNC
LCy4yGc3PN40MT7tOsXE0w3P+ZUXfP6g8NgHooRKuLimSiAYodLgCwnvELZ/Nsg+
w1TPDxbLD99te5J16GzlzhN4+9BUtf2qq9ZgiJQ8lmKaGc+hAMRKF2h2E5Qhla8R
TJubYFjD5yilANlRumVHMzNJZntROw0hG0ZIX6An/1QM5JAy7B736jI6jt+RZFSx
r08xhBXcO+m3s2Vc2OojJFKLot9i0ugiKkTuQBZsBFDfcOtSrUUarB6Vz6wZvCY8
sojQOS0eoYb+2GlKJ0UzTPLEHrCpusRkEnv3QMAPfTkw6vqvkrYACfOEbBujfT8e
TtC7wuS3beULYPKpObe9HrpCooOXX8YQFXyld5e5iBINXwt/UT4daDL85BbMsPEu
MPaSKrTMGXUsRoOWHiuPumT/MDE5LBSCqhyi41k90R9qRW6M+Wk=
=KuAb
-----END PGP SIGNATURE-----
Merge 4.19.291 into android-4.19-stable
Changes in 4.19.291
gfs2: Don't deref jdesc in evict
x86/smp: Use dedicated cache-line for mwait_play_dead()
video: imsttfb: check for ioremap() failures
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
drm/edid: Fix uninitialized variable in drm_cvt_modes()
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
treewide: Remove uninitialized_var() usage
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix io loss while replacement replace rdev
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
clocksource/drivers: Unify the names to timer-* format
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
evm: Complete description of evm_inode_setattr()
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
nfc: constify several pointers to u8, char and sk_buff
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wl3501_cs: Fix a bunch of formatting issues related to function docs
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix misspelling and provide missing documentation
net: create netdev->dev_addr assignment helpers
wl3501_cs: use eth_hw_addr_set()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: ath9k: convert msecs to jiffies where needed
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
gtp: Fix use-after-free in __gtp_encap_destroy().
lib/ts_bm: reset initial match offset for every block of text
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
Input: drv260x - sleep between polling GO bit
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: adxl34x - do not hardcode interrupt trigger type
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ASoC: es8316: Increment max value for ALC Capture Target Volume control
soc/fsl/qe: fix usb.c build errors
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
drm/radeon: fix possible division-by-zero errors
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
pinctrl: cherryview: Return correct value if pin in push-pull mode
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
hwrng: virtio - add an internal buffer
hwrng: virtio - don't wait on cleanup
hwrng: virtio - don't waste entropy
hwrng: virtio - always add a pending request
hwrng: virtio - Fix race on data_avail and actual data
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
ARCv2: entry: comments about hardware auto-save on taken interrupts
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: avoid a branch
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
USB: serial: option: add LARA-R6 01B PIDs
block: change all __u32 annotations to __be32 in affs_hardblocks.h
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
mfd: rt5033: Drop rt5033-battery sub-device
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: intel-lpss: Add missing check for platform_get_resource
mfd: stmpe: Only disable the regulators if they are enabled
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
sh: dma: Fix DMA channel offset calculation
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Don't try to handle more interrupt events after error
ALSA: jack: Fix mutex call in snd_jack_report()
NFSD: add encoding of op_recall flag for write delegation
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
bcache: Remove unnecessary NULL point check in node allocations
integrity: Fix possible multiple allocation in integrity_inode_get()
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
btrfs: fix race when deleting quota root from the dirty cow roots list
ARM: orion5x: fix d2net gpio initialization
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
netfilter: nf_tables: fix nat hook table deletion
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nftables: add helper function to set the base sequence number
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
net: lan743x: Don't sleep in atomic context
workqueue: clean up WORK_* constant types, clarify masking
net: mvneta: fix txq_map in case of txq_number==1
vrf: Increment Icmp6InMsgs on the original netdev
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
NTB: ntb_tool: Add check for devm_kcalloc
ipv6/addrconf: fix a potential refcount underflow for idev
wifi: airo: avoid uninitialized warning in airo_get_rate()
net/sched: make psched_mtu() RTNL-less safe
pinctrl: amd: Fix mistake in handling clearing pins at startup
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Only use special debounce behavior for GPIO 0
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
perf intel-pt: Fix CYC timestamps after standalone CBR
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Use u32 variable to access 32-bit registers
misc: pci_endpoint_test: Free IRQs before removing the device
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
serial: atmel: don't enable IRQs prematurely
hwrng: imx-rngc - fix the timeout for init and self check
ceph: don't let check_caps skip sending responses for revoke msgs
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Pointer may be dereferenced
drm/atomic: Fix potential use-after-free in nonblocking commits
tracing/histograms: Add histograms to hist_vars if they have referenced variables
perf probe: Add test for regression introduced by switch to die_get_decl_file()
fuse: revalidate: don't invalidate if interrupted
can: bcm: Fix UAF in bcm_proc_show()
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
sched/fair: Don't balance task to its current running CPU
bpf: Address KCSAN report on bpf_lru_list
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
wifi: iwlwifi: mvm: avoid baid size integer overflow
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
net:ipv6: check return value of pskb_trim()
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
netfilter: nf_tables: can't schedule in nft_chain_validate
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
tcp: annotate data-races around tp->linger2
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around fastopenq.max_qlen
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
btrfs: fix extent buffer leak after tree mod log failure at split_node()
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
ext4: Fix reusing stale buffer heads from last failed mounting
PCI: Rework pcie_retrain_link() wait loop
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Avoid link retraining race
dlm: cleanup plock_op vs plock_xop
dlm: rearrange async condition return
fs: dlm: interrupt posix locks only when process is killed
ftrace: Add information on number of page groups allocated
ftrace: Check if pages were allocated before calling free_pages()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
scsi: qla2xxx: Array index may go out of bound
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
net/sched: mqprio: refactor nlattr parsing to a separate function
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
benet: fix return value check in be_lancer_xmit_workarounds()
RDMA/mlx4: Make check for invalid flags stricter
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: ohci-at91: Fix the unhandle interrupt when resume
USB: quirks: add quirk for Focusrite Scarlett
usb: xhci-mtk: set the dma max_seg_size
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
Documentation: security-bugs.rst: clarify CVE handling
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
btrfs: check for commit error at btrfs_attach_transaction_barrier()
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
serial: 8250_dw: split Synopsys DesignWare 8250 common functions
serial: 8250_dw: Preserve original value of DLF register
virtio-net: fix race between set queues and probe
s390/dasd: fix hanging device after quiesce/resume
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
drm/client: Fix memory leak in drm_client_target_cloned
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: cls_u32: Fix reference counter leak leading to overflow
perf: Fix function pointer case
loop: Select I/O scheduler 'none' from inside add_disk()
word-at-a-time: use the same return type for has_zero regardless of endianness
KVM: s390: fix sthyi error handling
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
perf test uprobe_from_different_cu: Skip if there is no gcc
net: sched: cls_u32: Fix match key mis-addressing
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
scsi: zfcp: Defer fc_rport blocking until after ADISC response
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
ext2: Drop fragment support
test_firmware: fix a memory leak with reqs buffer
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
mtd: rawnand: omap_elm: Fix incorrect type in assignment
powerpc/mm/altmap: Fix altmap boundary check
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
PM: sleep: wakeirq: fix wake irq arming
ARM: dts: imx6sll: Make ssi node name same as other platforms
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: fixup of operating points
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
drm/edid: fix objtool warning in drm_cvt_modes()
Linux 4.19.291
Change-Id: I4f78e25efd18415989ecf5e227a17e05b0d6386c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream.
Using uninitialized_var() is dangerous as it papers over real bugs[1]
(or can in the future), and suppresses unrelated compiler warnings
(e.g. "unused variable"). If the compiler thinks it is uninitialized,
either simply initialize the variable or make compiler changes.
In preparation for removing[2] the[3] macro[4], remove all remaining
needless uses with the following script:
git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \
xargs perl -pi -e \
's/\buninitialized_var\(([^\)]+)\)/\1/g;
s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;'
drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid
pathological white-space.
No outstanding warnings were found building allmodconfig with GCC 9.3.0
for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64,
alpha, and m68k.
[1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
[2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
[3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
[4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/
Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5
Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB
Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers
Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
oom-reaper and process_mrelease system call should protect against
races with exit_mmap which can destroy page tables while they
walk the VMA tree. oom-reaper protects from that race by setting
MMF_OOM_VICTIM and by relying on exit_mmap to set MMF_OOM_SKIP
before taking and releasing mmap_write_lock. process_mrelease has
to elevate mm->mm_users to prevent such race. Both oom-reaper and
process_mrelease hold mmap_read_lock when walking the VMA tree.
The locking rules and mechanisms could be simpler if exit_mmap takes
mmap_write_lock while executing destructive operations such as
free_pgtables.
Change exit_mmap to hold the mmap_write_lock when calling
free_pgtables. Operations like unmap_vmas() and unlock_range() are not
destructive and could run under mmap_read_lock but for simplicity we
take one mmap_write_lock during almost the entire operation. Note
also that because oom-reaper checks VM_LOCKED flag, unlock_range()
should not be allowed to race with it.
In most cases this lock should be uncontended. Previously, Kirill
reported ~4% regression caused by a similar change [1]. We reran the
same test and although the individual results are quite noisy, the
percentiles show lower regression with 1.6% being the worst case [2].
The change allows oom-reaper and process_mrelease to execute safely
under mmap_read_lock without worries that exit_mmap might destroy page
tables from under them.
[1] https://lore.kernel.org/all/20170725141723.ivukwhddk2voyhuc@node.shutemov.name/
[2] https://lore.kernel.org/all/CAJuCfpGC9-c9P40x7oy=jy5SphMcd0o0G_6U1-+JAziGKG6dGA@mail.gmail.com/
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Link: https://lore.kernel.org/all/20211124235906.14437-1-surenb@google.com/
Bug: 130172058
Bug: 189803002
Change-Id: Ic87272d09a0b68a1b0e968e8f1a1510fd6fc776a
Git-commit: 28358ebf2adb31117893813992fefcfd359a6a16
Git-repo: https://android.googlesource.com/kernel/common/
[quic_gkohli@quicinc.com: Resolved cherry-pick conflict in mm/mmap.c due
to mmap lock was implemented differently in older kernel, and
Although process_mrelease is not applicable in older kernel, but this
patch is required to take exclusive lock in exit_mmap path so that
SPF knows an isolated vma was freed from this path]
Signed-off-by: Gaurav Kohli <quic_gkohli@quicinc.com>
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
* sm8250/lineage-20:
arm64: configs: enable CONFIG_CPU_FREQ_STAT
Linux 4.19.288
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/exynos: vidi: fix a wrong error return
ASoC: nau8824: Add quirk to active-high jack-detect
s390/cio: unregister device when the only path is gone
usb: gadget: udc: fix NULL dereference in remove()
nfcsim.c: Fix error checking for debugfs_create_dir
media: cec: core: don't set last_initiator if tx in progress
arm64: Add missing Set/Way CMO encodings
HID: wacom: Add error check to wacom_parse_and_register()
scsi: target: iscsi: Prevent login threads from racing between each other
sch_netem: acquire qdisc lock in netem_change()
netfilter: nfnetlink_osf: fix module autoload
netfilter: nf_tables: disallow element updates of bound anonymous sets
be2net: Extend xmit workaround to BE3 chip
mmc: usdhi60rol0: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: omap: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: mvsdio: convert to devm_platform_ioremap_resource
mmc: mtk-sd: fix deferred probing
net: qca_spi: Avoid high load if QCA7000 is not available
xfrm: Linearize the skb after offloading if needed.
ieee802154: hwsim: Fix possible memory leaks
rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
cgroup: Do not corrupt task iteration when rebinding subsystem
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
nilfs2: fix buffer corruption due to concurrent device reads
ipmi: move message error checking to avoid deadlock
ipmi: Make the smi watcher be disabled immediately when not needed
x86/purgatory: remove PGO flags
nilfs2: reject devices with insufficient block count
serial: lantiq: add missing interrupt ack
serial: lantiq: Do not swap register read/writes
serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32
serial: lantiq: Change ltq_w32_mask to asc_update_bits
Linux 4.19.287
mmc: block: ensure error propagation for non-blk
powerpc: Fix defconfig choice logic when cross compiling
drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
neighbour: delete neigh_lookup_nodev as not used
net: Remove unused inline function dst_hold_and_use()
neighbour: Remove unused inline function neigh_key_eq16()
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
net: tipc: resize nlattr array to correct size
net: lapbether: only support ethernet devices
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/kms: Don't change EDID when it hasn't actually changed
drm/nouveau/dp: check for NULL nv_connector->native_mode
igb: fix nvm.ops.read() error handling
sctp: fix an error code in sctp_sf_eat_auth()
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
ping6: Fix send to link-local addresses with VRF.
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
usb: gadget: f_ncm: Fix NTP-32 support
usb: gadget: f_ncm: Add OS descriptor support
usb: dwc3: gadget: Reset num TRBs before giving back the request
USB: serial: option: add Quectel EM061KGL series
Remove DECnet support from kernel
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
xen/blkfront: Only check REQ_FUA for writes
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
power: supply: Fix logic checking if system is running from battery
irqchip/meson-gpio: Mark OF related data as maybe unused
regulator: Fix error checking for debugfs_create_dir
power: supply: Ratelimit no data debug output
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: ab8500: Fix external_power_changed race
Revert "tcp: deny tcp_disconnect() when threads are waiting"
Revert "tcp: deny tcp_disconnect() when threads are waiting"
ANDROID: GKI: update ABI xml for incrementalfs.ko
Linux 4.19.286
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
ext4: only check dquot_initialize_needed() when debugging
i2c: sprd: Delete i2c adapter in .remove's error path
pinctrl: meson-axg: add missing GPIOA_18 gpio group
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
ceph: fix use-after-free bug for inodes when flushing capsnaps
drm/amdgpu: fix xclk freq on CHIP_STONEY
Input: psmouse - fix OOB access in Elantech protocol
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
batman-adv: Broken sync while rescheduling delayed work
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net: sched: move rtm_tca_policy declaration to include file
rfs: annotate lockless accesses to RFS sock flow table
rfs: annotate lockless accesses to sk->sk_rxhash
Bluetooth: L2CAP: Add missing checks for invalid DCID
Bluetooth: Fix l2cap_disconnect_req deadlock
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
spi: qup: Request DMA before enabling clocks
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
UPSTREAM: cdc_ncm: Fix the build warning
UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT"
Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit"
Revert "tcp: factor out __tcp_close() helper"
Revert "tcp: add annotations around sk->sk_shutdown accesses"
ANDROID: fix abi break in 4.19.284 for cpuhotplug.h
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
ASoC: msm-pcm-voip: Avoid interger underflow
dsp: afe: check for param size before copying
dsp: q6core: validate payload size before access for AVCS
Linux 4.19.285
wifi: rtlwifi: 8192de: correct checking of IQK reload
scsi: dpt_i2o: Do not process completions with invalid addresses
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
regmap: Account for register length when chunking
fbcon: Fix null-ptr-deref in soft_cursor
ext4: add lockdep annotations for i_data_sem for ea_inode's
selinux: don't use make's grouped targets feature yet
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
rsi: Remove unnecessary boolean condition
regulator: da905{2,5}: Remove unnecessary array check
hwmon: (scmi) Remove redundant pointer check
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
lib/dynamic_debug.c: use address-of operator on section symbols
kernel/extable.c: use address-of operator on section symbols
eth: sun: cassini: remove dead code
gcc-12: disable '-Wdangling-pointer' warning for now
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
usb: gadget: f_fs: Add unbind event before functionfs_unbind
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
iio: dac: build ad5758 driver when AD5758 is selected
iio: dac: mcp4725: Fix i2c_master_send() return value handling
HID: wacom: avoid integer overflow in wacom_intuos_inout()
HID: google: add jewel USB id
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
ALSA: oss: avoid missing-prototype warnings
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
wifi: b43: fix incorrect __packed annotation
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
media: dvb-core: Fix use-after-free due on race condition at dvb_net
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb_demux: fix a bug for the continuity counter
ASoC: ssm2602: Add workaround for playback distortions
xfrm: Check if_id in inbound policy/secpath match
ASoC: dwc: limit the number of overrun messages
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
watchdog: menz069_wdt: fix watchdog initialisation
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
udp6: Fix race condition in udp6_sendmsg & connect
net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
net: sched: fix NULL pointer dereference in mq_attach
net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: sch_ingress: Only create under TC_H_INGRESS
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
tcp: deny tcp_disconnect() when threads are waiting
af_packet: do not use READ_ONCE() in packet_bind()
amd-xgbe: fix the false linkup in xgbe_phy_status
af_packet: Fix data-races of pkt_sk(sk)->num.
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
netfilter: ctnetlink: Support offloaded conntrack entry deletion
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
cdc_ncm: Fix the build warning
power: supply: bq24190: Call power_supply_changed() after updating input current
power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
cdc_ncm: Implement the 32-bit version of NCM Transfer Block
UPSTREAM: efi: rt-wrapper: Add missing include
BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
Linux 4.19.284
drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
3c589_cs: Fix an error handling path in tc589_probe()
forcedeth: Fix an error handling path in nv_probe()
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
power: supply: bq27xxx: Fix poll_interval handling and races on remove
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
power: supply: leds: Fix blink to LED on transition
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
net: fix skb leak in __skb_tstamp_tx()
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
USB: core: Add routines for endpoint checks in old drivers
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
btrfs: use nofs when cleaning up aborted transactions
parisc: Allow to reboot machine after system halt
m68k: Move signal frame following exception on 68020/030
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
vc_screen: rewrite vcs_size to accept vc, not inode
usb: gadget: u_ether: Fix host MAC address case
usb: gadget: u_ether: Convert prints to device prints
lib/string_helpers: Introduce string_upper() and string_lower() helpers
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
HID: wacom: Force pen out of prox if no events have been received in a while
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: stricter validation of element data
netfilter: nf_tables: allow up to 64 bytes in the set element data area
netfilter: nf_tables: add nft_setelem_parse_key()
netfilter: nf_tables: validate registers coming from userspace.
netfilter: nftables: statify nft_parse_register()
netfilter: nftables: add nft_parse_register_store() and use it
netfilter: nftables: add nft_parse_register_load() and use it
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
serial: Add support for Advantech PCI-1611U card
statfs: enforce statfs[64] structure initialization
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
usb-storage: fix deadlock when a scsi command timeouts more than once
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
media: netup_unidvb: fix use-after-free at del_timer()
erspan: get the proto with the md version for collect_md
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
ip6_gre: Make o_seqno start from 0 in native mode
ip6_gre: Fix skb_under_panic in __gre6_xmit()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
drivers: provide devm_platform_ioremap_resource()
vsock: avoid to close connected socket after the timeout
net: fec: Better handle pm_runtime_get() failing in .remove()
af_key: Reject optional tunnel/BEET mode templates in outbound policies
cpupower: Make TSC read per CPU for Mperf monitor
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
Input: xpad - add constants for GIP interface numbers
clk: tegra20: fix gcc-7 constant overflow warning
recordmcount: Fix memory leaks in the uwrite function
sched: Fix KCSAN noinstr violation
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
HID: wacom: generic: Set battery quirk only when we see battery data
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
f2fs: fix to drop all dirty pages during umount() if cp_error is set
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
ext4: set goal start correctly in ext4_mb_normalize_request
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
net: Catch invalid index in XPS mapping
net: pasemi: Fix return type of pasemi_mac_start_tx()
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
ACPI: EC: Fix oops when removing custom query handlers
firmware: arm_sdei: Fix sleep from invalid context BUG
memstick: r592: Fix UAF bug in r592_remove due to race condition
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
af_unix: Fix data races around sk->sk_shutdown.
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net: datagram: fix data-races in datagram_poll()
ipvlan:Fix out-of-bounds caused by unclear skb->cb
tcp: add annotations around sk->sk_shutdown accesses
tcp: factor out __tcp_close() helper
tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT
net: annotate sk->sk_err write from do_recvmmsg()
netlink: annotate accesses to nlk->cb_running
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
ANDROID: usb: f_accessory: Avoid bitfields for shared variables
qcedev: vote for crypto clocks during module close
msm-4.19: Compilation fix for SDLLVM toolchain 16.0
Makefile: Use Python2 for compilation
Linux 4.19.283
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: improve error recovery code paths in __ext4_remount()
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: fix WARNING in mb_find_extent
HID: wacom: Set a default resolution for older tablets
drm/panel: otm8009a: Set backlight parent to panel device
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: math-emu: fix macro redefined warning
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf vendor events power9: Remove UTF-8 characters from JSON files
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
drm/amdgpu: Add command to override the context priority.
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
rxrpc: Fix hard call timeout units
net/sched: act_mirred: Add carrier check
writeback: fix call of incorrect macro
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
relayfs: fix out-of-bounds access in relay_file_read
kernel/relay.c: fix read_pos error when multiple readers
dm verity: fix error handling for check_at_most_once on FEC
dm verity: skip redundant verity_handle_err() on I/O errors
ipmi: fix SSIF not responding under certain cond.
ipmi_ssif: Rename idle state and check
ipmi: Fix how the lower layers are told to watch for messages
ipmi: Fix SSIF flag requests
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
nohz: Add TICK_DEP_BIT_RCU
netfilter: nf_tables: deactivate anonymous set from preparation phase
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
dm flakey: fix a crash with invalid table line
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
s390/dasd: fix hanging blockdevice after request requeue
btrfs: scrub: reject unsupported scrub flags
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
wifi: rtl8xxxu: RTL8192EU always needs full init
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
dmaengine: at_xdmac: do not enable all cyclic channels
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
openrisc: Properly store r31 to pt_regs on unhandled exceptions
RDMA/mlx5: Use correct device num_ports when modify DC
SUNRPC: remove the maximum number of retries in call_bind_status
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
clk: add missing of_node_put() in "assigned-clocks" property parsing
power: supply: generic-adc-battery: fix unit scaling
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
RDMA/rdmavt: Delete unnecessary NULL check
perf/core: Fix hardlockup failure caused by perf throttle
powerpc/rtas: use memmove for potentially overlapping buffer copy
macintosh: via-pmu-led: requires ATA to be set
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
spmi: Add a check for remove callback when removing a SPMI driver
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
tty: serial: fsl_lpuart: adjust buffer length to the intended size
usb: chipidea: fix missing goto in `ci_hdrc_probe`
sh: sq: Fix incorrect element size for allocating bitmap buffer
uapi/linux/const.h: prefer ISO-friendly __typeof__
spi: cadence-quadspi: fix suspend-resume implementations
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
of: Fix modalias string generation
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
spi: qup: fix PM reference leak in spi_qup_remove()
linux/vt_buffer.h: allow either builtin or modular for macros
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
fpga: bridge: fix kernel-doc parameter description
usb: host: xhci-rcar: remove leftover quirk handling
pstore: Revert pmsg_lock back to a normal mutex
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net: amd: Fix link leak when verifying config failed
netlink: Use copy_to_user() for optval in netlink_getsockopt().
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
netfilter: nf_tables: don't write table validation state without mutex
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
md/raid10: fix memleak of md thread
md: update the optimal I/O size on reshape
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
bpftool: Fix bug for long instructions in program CFG dumps
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
rtlwifi: Replace RT_TRACE with rtl_dbg
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
net/packet: convert po->auxdata to an atomic flag
net/packet: convert po->origdev to an atomic flag
vlan: partially enable SIOCSHWTSTAMP in container
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
debugobject: Prevent init race with static objects
debugobjects: Move printk out of db->lock critical sections
debugobjects: Add percpu free pools
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
firmware: qcom_scm: Clear download bit during reboot
media: av7110: prevent underflow in write_ts_to_decoder()
media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
media: bdisp: Add missing check for create_workqueue
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
EDAC, skx: Move debugfs node under EDAC's hierarchy
drm/probe-helper: Cancel previous job before starting new one
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
selinux: ensure av_permissions.h is built when needed
selinux: fix Makefile dependencies of flask.h
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
i2c: omap: Fix standard mode false ACK readings
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
ring-buffer: Sync IRQ works before buffer destruction
pwm: meson: Fix axg ao mux parents
MIPS: fw: Allow firmware to pass a empty env
xhci: fix debugfs register accesses while suspended
debugfs: regset32: Add Runtime PM support
staging: iio: resolver: ads1210: fix config mode
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
USB: dwc3: fix runtime pm imbalance on unbind
stmmac: debugfs entry name is not be changed when udev rename device name.
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
USB: serial: option: add UNISOC vendor and TOZED LT70C product
bluetooth: Perform careful capability checks in hci_sock_ioctl()
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
soc: qcom: provide apis for pcode and feature string
defconfig: Enable pwm support for SCUBA
PWM: Add support for PWM driver
clk: qcom: gcc-scuba: Add gcc_pwm0_xo512_div_clk_src clk support
bindings: clock: qcom: Add gcc_pwm0_xo512_div_clk_src clock id
soc: qcom: socinfo: Add sku sysfs support
soc: qcom: socinfo: Add revision 16 support in socinfo structure
msm: camera: isp: Handle deferred bufdone and bubble cases
msm: adsprpc: Handle UAF in fastrpc internal munmap
msm: kgsl: Do not capture DTCM on gmu boot failure
sched/walt: don't panic for accounting issues
tap: tap_open(): correctly initialize socket uid
tun: tun_chr_open(): correctly initialize socket uid
net: add sock_init_data_uid()
msm: camera: smmu: Use get_file to increase ref count
disp: msm: clear platform device drvdata on msm_drm bind fail
disp: msm: add support to parse HDMI VSDB block
Change-Id: I58335acf2b2a2e1430edddcb8be9ecd0ca03c5a8
https://source.android.com/docs/security/bulletin/2023-07-01
CVE-2022-42703
CVE-2023-21255
CVE-2023-25012
* tag 'ASB-2023-07-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.288
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/exynos: vidi: fix a wrong error return
ASoC: nau8824: Add quirk to active-high jack-detect
s390/cio: unregister device when the only path is gone
usb: gadget: udc: fix NULL dereference in remove()
nfcsim.c: Fix error checking for debugfs_create_dir
media: cec: core: don't set last_initiator if tx in progress
arm64: Add missing Set/Way CMO encodings
HID: wacom: Add error check to wacom_parse_and_register()
scsi: target: iscsi: Prevent login threads from racing between each other
sch_netem: acquire qdisc lock in netem_change()
netfilter: nfnetlink_osf: fix module autoload
netfilter: nf_tables: disallow element updates of bound anonymous sets
be2net: Extend xmit workaround to BE3 chip
mmc: usdhi60rol0: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: omap: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: mvsdio: convert to devm_platform_ioremap_resource
mmc: mtk-sd: fix deferred probing
net: qca_spi: Avoid high load if QCA7000 is not available
xfrm: Linearize the skb after offloading if needed.
ieee802154: hwsim: Fix possible memory leaks
rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
cgroup: Do not corrupt task iteration when rebinding subsystem
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
nilfs2: fix buffer corruption due to concurrent device reads
ipmi: move message error checking to avoid deadlock
ipmi: Make the smi watcher be disabled immediately when not needed
x86/purgatory: remove PGO flags
nilfs2: reject devices with insufficient block count
serial: lantiq: add missing interrupt ack
serial: lantiq: Do not swap register read/writes
serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32
serial: lantiq: Change ltq_w32_mask to asc_update_bits
Linux 4.19.287
mmc: block: ensure error propagation for non-blk
powerpc: Fix defconfig choice logic when cross compiling
drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
neighbour: delete neigh_lookup_nodev as not used
net: Remove unused inline function dst_hold_and_use()
neighbour: Remove unused inline function neigh_key_eq16()
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
net: tipc: resize nlattr array to correct size
net: lapbether: only support ethernet devices
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/kms: Don't change EDID when it hasn't actually changed
drm/nouveau/dp: check for NULL nv_connector->native_mode
igb: fix nvm.ops.read() error handling
sctp: fix an error code in sctp_sf_eat_auth()
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
ping6: Fix send to link-local addresses with VRF.
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
usb: gadget: f_ncm: Fix NTP-32 support
usb: gadget: f_ncm: Add OS descriptor support
usb: dwc3: gadget: Reset num TRBs before giving back the request
USB: serial: option: add Quectel EM061KGL series
Remove DECnet support from kernel
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
xen/blkfront: Only check REQ_FUA for writes
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
power: supply: Fix logic checking if system is running from battery
irqchip/meson-gpio: Mark OF related data as maybe unused
regulator: Fix error checking for debugfs_create_dir
power: supply: Ratelimit no data debug output
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: ab8500: Fix external_power_changed race
Revert "tcp: deny tcp_disconnect() when threads are waiting"
Revert "tcp: deny tcp_disconnect() when threads are waiting"
ANDROID: GKI: update ABI xml for incrementalfs.ko
Linux 4.19.286
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
ext4: only check dquot_initialize_needed() when debugging
i2c: sprd: Delete i2c adapter in .remove's error path
pinctrl: meson-axg: add missing GPIOA_18 gpio group
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
ceph: fix use-after-free bug for inodes when flushing capsnaps
drm/amdgpu: fix xclk freq on CHIP_STONEY
Input: psmouse - fix OOB access in Elantech protocol
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
batman-adv: Broken sync while rescheduling delayed work
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net: sched: move rtm_tca_policy declaration to include file
rfs: annotate lockless accesses to RFS sock flow table
rfs: annotate lockless accesses to sk->sk_rxhash
Bluetooth: L2CAP: Add missing checks for invalid DCID
Bluetooth: Fix l2cap_disconnect_req deadlock
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
spi: qup: Request DMA before enabling clocks
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
UPSTREAM: cdc_ncm: Fix the build warning
UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT"
Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit"
Revert "tcp: factor out __tcp_close() helper"
Revert "tcp: add annotations around sk->sk_shutdown accesses"
ANDROID: fix abi break in 4.19.284 for cpuhotplug.h
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
Linux 4.19.285
wifi: rtlwifi: 8192de: correct checking of IQK reload
scsi: dpt_i2o: Do not process completions with invalid addresses
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
regmap: Account for register length when chunking
fbcon: Fix null-ptr-deref in soft_cursor
ext4: add lockdep annotations for i_data_sem for ea_inode's
selinux: don't use make's grouped targets feature yet
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
rsi: Remove unnecessary boolean condition
regulator: da905{2,5}: Remove unnecessary array check
hwmon: (scmi) Remove redundant pointer check
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
lib/dynamic_debug.c: use address-of operator on section symbols
kernel/extable.c: use address-of operator on section symbols
eth: sun: cassini: remove dead code
gcc-12: disable '-Wdangling-pointer' warning for now
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
usb: gadget: f_fs: Add unbind event before functionfs_unbind
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
iio: dac: build ad5758 driver when AD5758 is selected
iio: dac: mcp4725: Fix i2c_master_send() return value handling
HID: wacom: avoid integer overflow in wacom_intuos_inout()
HID: google: add jewel USB id
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
ALSA: oss: avoid missing-prototype warnings
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
wifi: b43: fix incorrect __packed annotation
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
media: dvb-core: Fix use-after-free due on race condition at dvb_net
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb_demux: fix a bug for the continuity counter
ASoC: ssm2602: Add workaround for playback distortions
xfrm: Check if_id in inbound policy/secpath match
ASoC: dwc: limit the number of overrun messages
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
watchdog: menz069_wdt: fix watchdog initialisation
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
udp6: Fix race condition in udp6_sendmsg & connect
net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
net: sched: fix NULL pointer dereference in mq_attach
net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: sch_ingress: Only create under TC_H_INGRESS
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
tcp: deny tcp_disconnect() when threads are waiting
af_packet: do not use READ_ONCE() in packet_bind()
amd-xgbe: fix the false linkup in xgbe_phy_status
af_packet: Fix data-races of pkt_sk(sk)->num.
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
netfilter: ctnetlink: Support offloaded conntrack entry deletion
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
cdc_ncm: Fix the build warning
power: supply: bq24190: Call power_supply_changed() after updating input current
power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
cdc_ncm: Implement the 32-bit version of NCM Transfer Block
UPSTREAM: efi: rt-wrapper: Add missing include
BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
Linux 4.19.284
drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
3c589_cs: Fix an error handling path in tc589_probe()
forcedeth: Fix an error handling path in nv_probe()
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
power: supply: bq27xxx: Fix poll_interval handling and races on remove
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
power: supply: leds: Fix blink to LED on transition
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
net: fix skb leak in __skb_tstamp_tx()
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
USB: core: Add routines for endpoint checks in old drivers
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
btrfs: use nofs when cleaning up aborted transactions
parisc: Allow to reboot machine after system halt
m68k: Move signal frame following exception on 68020/030
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
vc_screen: rewrite vcs_size to accept vc, not inode
usb: gadget: u_ether: Fix host MAC address case
usb: gadget: u_ether: Convert prints to device prints
lib/string_helpers: Introduce string_upper() and string_lower() helpers
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
HID: wacom: Force pen out of prox if no events have been received in a while
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: stricter validation of element data
netfilter: nf_tables: allow up to 64 bytes in the set element data area
netfilter: nf_tables: add nft_setelem_parse_key()
netfilter: nf_tables: validate registers coming from userspace.
netfilter: nftables: statify nft_parse_register()
netfilter: nftables: add nft_parse_register_store() and use it
netfilter: nftables: add nft_parse_register_load() and use it
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
serial: Add support for Advantech PCI-1611U card
statfs: enforce statfs[64] structure initialization
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
usb-storage: fix deadlock when a scsi command timeouts more than once
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
media: netup_unidvb: fix use-after-free at del_timer()
erspan: get the proto with the md version for collect_md
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
ip6_gre: Make o_seqno start from 0 in native mode
ip6_gre: Fix skb_under_panic in __gre6_xmit()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
drivers: provide devm_platform_ioremap_resource()
vsock: avoid to close connected socket after the timeout
net: fec: Better handle pm_runtime_get() failing in .remove()
af_key: Reject optional tunnel/BEET mode templates in outbound policies
cpupower: Make TSC read per CPU for Mperf monitor
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
Input: xpad - add constants for GIP interface numbers
clk: tegra20: fix gcc-7 constant overflow warning
recordmcount: Fix memory leaks in the uwrite function
sched: Fix KCSAN noinstr violation
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
HID: wacom: generic: Set battery quirk only when we see battery data
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
f2fs: fix to drop all dirty pages during umount() if cp_error is set
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
ext4: set goal start correctly in ext4_mb_normalize_request
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
net: Catch invalid index in XPS mapping
net: pasemi: Fix return type of pasemi_mac_start_tx()
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
ACPI: EC: Fix oops when removing custom query handlers
firmware: arm_sdei: Fix sleep from invalid context BUG
memstick: r592: Fix UAF bug in r592_remove due to race condition
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
af_unix: Fix data races around sk->sk_shutdown.
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net: datagram: fix data-races in datagram_poll()
ipvlan:Fix out-of-bounds caused by unclear skb->cb
tcp: add annotations around sk->sk_shutdown accesses
tcp: factor out __tcp_close() helper
tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT
net: annotate sk->sk_err write from do_recvmmsg()
netlink: annotate accesses to nlk->cb_running
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
Linux 4.19.283
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: improve error recovery code paths in __ext4_remount()
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: fix WARNING in mb_find_extent
HID: wacom: Set a default resolution for older tablets
drm/panel: otm8009a: Set backlight parent to panel device
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: math-emu: fix macro redefined warning
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf vendor events power9: Remove UTF-8 characters from JSON files
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
drm/amdgpu: Add command to override the context priority.
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
rxrpc: Fix hard call timeout units
net/sched: act_mirred: Add carrier check
writeback: fix call of incorrect macro
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
relayfs: fix out-of-bounds access in relay_file_read
kernel/relay.c: fix read_pos error when multiple readers
dm verity: fix error handling for check_at_most_once on FEC
dm verity: skip redundant verity_handle_err() on I/O errors
ipmi: fix SSIF not responding under certain cond.
ipmi_ssif: Rename idle state and check
ipmi: Fix how the lower layers are told to watch for messages
ipmi: Fix SSIF flag requests
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
nohz: Add TICK_DEP_BIT_RCU
netfilter: nf_tables: deactivate anonymous set from preparation phase
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
dm flakey: fix a crash with invalid table line
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
s390/dasd: fix hanging blockdevice after request requeue
btrfs: scrub: reject unsupported scrub flags
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
wifi: rtl8xxxu: RTL8192EU always needs full init
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
dmaengine: at_xdmac: do not enable all cyclic channels
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
openrisc: Properly store r31 to pt_regs on unhandled exceptions
RDMA/mlx5: Use correct device num_ports when modify DC
SUNRPC: remove the maximum number of retries in call_bind_status
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
clk: add missing of_node_put() in "assigned-clocks" property parsing
power: supply: generic-adc-battery: fix unit scaling
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
RDMA/rdmavt: Delete unnecessary NULL check
perf/core: Fix hardlockup failure caused by perf throttle
powerpc/rtas: use memmove for potentially overlapping buffer copy
macintosh: via-pmu-led: requires ATA to be set
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
spmi: Add a check for remove callback when removing a SPMI driver
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
tty: serial: fsl_lpuart: adjust buffer length to the intended size
usb: chipidea: fix missing goto in `ci_hdrc_probe`
sh: sq: Fix incorrect element size for allocating bitmap buffer
uapi/linux/const.h: prefer ISO-friendly __typeof__
spi: cadence-quadspi: fix suspend-resume implementations
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
of: Fix modalias string generation
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
spi: qup: fix PM reference leak in spi_qup_remove()
linux/vt_buffer.h: allow either builtin or modular for macros
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
fpga: bridge: fix kernel-doc parameter description
usb: host: xhci-rcar: remove leftover quirk handling
pstore: Revert pmsg_lock back to a normal mutex
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net: amd: Fix link leak when verifying config failed
netlink: Use copy_to_user() for optval in netlink_getsockopt().
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
netfilter: nf_tables: don't write table validation state without mutex
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
md/raid10: fix memleak of md thread
md: update the optimal I/O size on reshape
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
bpftool: Fix bug for long instructions in program CFG dumps
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
rtlwifi: Replace RT_TRACE with rtl_dbg
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
net/packet: convert po->auxdata to an atomic flag
net/packet: convert po->origdev to an atomic flag
vlan: partially enable SIOCSHWTSTAMP in container
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
debugobject: Prevent init race with static objects
debugobjects: Move printk out of db->lock critical sections
debugobjects: Add percpu free pools
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
firmware: qcom_scm: Clear download bit during reboot
media: av7110: prevent underflow in write_ts_to_decoder()
media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
media: bdisp: Add missing check for create_workqueue
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
EDAC, skx: Move debugfs node under EDAC's hierarchy
drm/probe-helper: Cancel previous job before starting new one
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
selinux: ensure av_permissions.h is built when needed
selinux: fix Makefile dependencies of flask.h
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
i2c: omap: Fix standard mode false ACK readings
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
ring-buffer: Sync IRQ works before buffer destruction
pwm: meson: Fix axg ao mux parents
MIPS: fw: Allow firmware to pass a empty env
xhci: fix debugfs register accesses while suspended
debugfs: regset32: Add Runtime PM support
staging: iio: resolver: ads1210: fix config mode
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
USB: dwc3: fix runtime pm imbalance on unbind
stmmac: debugfs entry name is not be changed when udev rename device name.
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
USB: serial: option: add UNISOC vendor and TOZED LT70C product
bluetooth: Perform careful capability checks in hci_sock_ioctl()
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
Conflicts:
drivers/media/dvb-core/dvb_demux.c
drivers/usb/dwc3/core.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_ncm.c
include/net/pkt_sched.h
Change-Id: I5081b8f3529f4df573736bf7d69201f777754b74
* sm8250/lineage-20:
UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ANDROID: incremental fs: Evict inodes before freeing mount data
Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
Change-Id: I11ca85d2bd2b578cd6cfaadded942b5fa602e887
https://source.android.com/docs/security/bulletin/2023-06-01
* tag 'ASB-2023-06-05_4.19-stable' of https://android.googlesource.com/kernel/common:
UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
ANDROID: incremental fs: Evict inodes before freeing mount data
Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
Change-Id: I050bde567586e4f21af411a4ded122f571f55c28
There was a report that a task is waiting at the
throttle_direct_reclaim. The pgscan_direct_throttle in vmstat was
increasing.
This is a bug where zone_watermark_fast returns true even when the free
is very low. The commit f27ce0e14088 ("page_alloc: consider highatomic
reserve in watermark fast") changed the watermark fast to consider
highatomic reserve. But it did not handle a negative value case which
can be happened when reserved_highatomic pageblock is bigger than the
actual free.
If watermark is considered as ok for the negative value, allocating
contexts for order-0 will consume all free pages without direct reclaim,
and finally free page may become depleted except highatomic free.
Then allocating contexts may fall into throttle_direct_reclaim. This
symptom may easily happen in a system where wmark min is low and other
reclaimers like kswapd does not make free pages quickly.
Handle the negative case by using MIN.
Link: https://lkml.kernel.org/r/20220725095212.25388-1-jaewon31.kim@samsung.com
Fixes: 936ae5bdf2 ("page_alloc: consider highatomic reserve in watermark fast")
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Reported-by: GyeongHwan Hong <gh21.hong@samsung.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Yong-Taek Lee <ytk.lee@samsung.com>
Cc: <stable@vger.kerenl.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Change-Id: I5ac94eb7703248dafc4c9c43dad3d9010c51b0bf
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRkmvoACgkQONu9yGCS
aT77dw/6A648P7TZgPEqBR5L4aG1u4GC4wE762PUb5YCK1XEWzgUdVPXrcRM6+r4
ntoKlSJxveJh3TYKLcUAJWvvIt2lbOEdQTb9BS2ALoZv35q5J8Npw/CUP148Vy47
52PQwr4M76+WTx8bfckrBeVPHyhgNjFtFjuwg1TLfIvo6pGrDPnuNYo57K1/O38m
Sid+eFrGBkOIjUVlfaStMIP9RVZTUHpPWHWp+cmqGTDK3B0m8BkoTMXM0hLu/fJH
HPivMQFnyRNa0ZZAe+iQVmUjiruSPbgqNOAGSqTr5FxxSrZ3ZUjvtI0BYTA7eo7q
BnPbRHpuRQ+YOnDK0Q+Ps96DDNALCz2j8bXXEjJePpOrqv8IoxU8kGx+GVcbnQiJ
Bd6bqZwXU3uPN8VLTR0KtfypEH6ELbBrCXjeeSw+RQqAgsdEGSbVSgfBtISo7UMt
iL/VFwl03qdm4Y+Ww544kNMrtDV+Qmq2MWeP6uHzx54ZH6ic5rFhLGamHEuIUg54
Ux/9dLoByzbVOEMS5SHaqaxcLd/Qx0FtUq02rhsHeV0IEFxviX4jPRet0kn2vVru
8o+Vh92K+gfNW+zT47GPeTCBRIK+YuH2cwsXJRucGkE7IyDccgyA/v1cchZO9xoD
oetofMcWiZi3QNY26EVuYA8SlIwURWkhb3yTbFoOx2+jQ6JER6k=
=VSYH
-----END PGP SIGNATURE-----
Merge 4.19.283 into android-4.19-stable
Changes in 4.19.283
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
bluetooth: Perform careful capability checks in hci_sock_ioctl()
USB: serial: option: add UNISOC vendor and TOZED LT70C product
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
stmmac: debugfs entry name is not be changed when udev rename device name.
USB: dwc3: fix runtime pm imbalance on unbind
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
staging: iio: resolver: ads1210: fix config mode
debugfs: regset32: Add Runtime PM support
xhci: fix debugfs register accesses while suspended
MIPS: fw: Allow firmware to pass a empty env
pwm: meson: Fix axg ao mux parents
ring-buffer: Sync IRQ works before buffer destruction
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
i2c: omap: Fix standard mode false ACK readings
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
ubifs: Fix memleak when insert_old_idx() failed
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Free memory for tmpfile name
selinux: fix Makefile dependencies of flask.h
selinux: ensure av_permissions.h is built when needed
drm/rockchip: Drop unbalanced obj unref
drm/vgem: add missing mutex_destroy
drm/probe-helper: Cancel previous job before starting new one
EDAC, skx: Move debugfs node under EDAC's hierarchy
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
media: bdisp: Add missing check for create_workqueue
media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
media: av7110: prevent underflow in write_ts_to_decoder()
firmware: qcom_scm: Clear download bit during reboot
drm/msm/adreno: Defer enabling runpm until hw_init()
drm/msm/adreno: drop bogus pm_runtime_set_active()
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: rcar_fdp1: Fix the correct variable assignments
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rc: gpio-ir-recv: Fix support for wake-up
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
debugobjects: Add percpu free pools
debugobjects: Move printk out of db->lock critical sections
debugobject: Prevent init race with static objects
wifi: ath6kl: minor fix for allocation size
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath6kl: reduce WARN to dev_dbg() in callback
tools: bpftool: Remove invalid \' json escape
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
vlan: partially enable SIOCSHWTSTAMP in container
net/packet: convert po->origdev to an atomic flag
net/packet: convert po->auxdata to an atomic flag
scsi: target: iscsit: Fix TAS handling during conn cleanup
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: Replace RT_TRACE with rtl_dbg
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
bpftool: Fix bug for long instructions in program CFG dumps
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto: drbg - Only fail when jent is unavailable in FIPS mode
md/raid10: fix leak of 'r10bio->remaining' for recovery
md/raid10: fix memleak for 'conf->bio_split'
md: update the optimal I/O size on reshape
md/raid10: fix memleak of md thread
wifi: iwlwifi: make the loop for card preparation effective
wifi: iwlwifi: mvm: check firmware response size
ixgbe: Allow flow hash to be set via ethtool
ixgbe: Enable setting RSS table to default values
netfilter: nf_tables: don't write table validation state without mutex
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
netlink: Use copy_to_user() for optval in netlink_getsockopt().
net: amd: Fix link leak when verifying config failed
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
pstore: Revert pmsg_lock back to a normal mutex
usb: host: xhci-rcar: remove leftover quirk handling
fpga: bridge: fix kernel-doc parameter description
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
linux/vt_buffer.h: allow either builtin or modular for macros
spi: qup: fix PM reference leak in spi_qup_remove()
spi: qup: Don't skip cleanup in remove's error path
spi: fsl-spi: Fix CPM/QE mode Litte Endian
vmci_host: fix a race condition in vmci_host_poll() causing GPF
of: Fix modalias string generation
ia64: mm/contig: fix section mismatch warning/error
ia64: salinfo: placate defined-but-not-used warning
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
spi: cadence-quadspi: fix suspend-resume implementations
uapi/linux/const.h: prefer ISO-friendly __typeof__
sh: sq: Fix incorrect element size for allocating bitmap buffer
usb: chipidea: fix missing goto in `ci_hdrc_probe`
tty: serial: fsl_lpuart: adjust buffer length to the intended size
serial: 8250: Add missing wakeup event reporting
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
spmi: Add a check for remove callback when removing a SPMI driver
macintosh/windfarm_smu_sat: Add missing of_node_put()
powerpc/mpc512x: fix resource printk format warning
powerpc/wii: fix resource printk format warnings
powerpc/sysdev/tsi108: fix resource printk format warnings
macintosh: via-pmu-led: requires ATA to be set
powerpc/rtas: use memmove for potentially overlapping buffer copy
perf/core: Fix hardlockup failure caused by perf throttle
RDMA/rdmavt: Delete unnecessary NULL check
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
power: supply: generic-adc-battery: fix unit scaling
clk: add missing of_node_put() in "assigned-clocks" property parsing
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
SUNRPC: remove the maximum number of retries in call_bind_status
RDMA/mlx5: Use correct device num_ports when modify DC
openrisc: Properly store r31 to pt_regs on unhandled exceptions
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Disable shadow registers before setting backlight values
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
dmaengine: at_xdmac: do not enable all cyclic channels
parisc: Fix argument pointer in real64_call_asm()
nilfs2: do not write dirty data after degenerating to read-only
nilfs2: fix infinite loop in nilfs_mdt_get_block()
md/raid10: fix null-ptr-deref in raid10_sync_request
wifi: rtl8xxxu: RTL8192EU always needs full init
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
btrfs: scrub: reject unsupported scrub flags
s390/dasd: fix hanging blockdevice after request requeue
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
dm flakey: fix a crash with invalid table line
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
perf auxtrace: Fix address filter entire kernel size
debugobject: Ensure pool refill (again)
netfilter: nf_tables: deactivate anonymous set from preparation phase
nohz: Add TICK_DEP_BIT_RCU
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
ipmi: Fix SSIF flag requests
ipmi: Fix how the lower layers are told to watch for messages
ipmi_ssif: Rename idle state and check
ipmi: fix SSIF not responding under certain cond.
dm verity: skip redundant verity_handle_err() on I/O errors
dm verity: fix error handling for check_at_most_once on FEC
kernel/relay.c: fix read_pos error when multiple readers
relayfs: fix out-of-bounds access in relay_file_read
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
writeback: fix call of incorrect macro
net/sched: act_mirred: Add carrier check
rxrpc: Fix hard call timeout units
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add command to override the context priority.
drm/amdgpu: add a missing lock for AMDGPU_SCHED
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
virtio_net: split free_unused_bufs()
virtio_net: suppress cpu stall when free_unused_bufs
perf vendor events power9: Remove UTF-8 characters from JSON files
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
btrfs: fix btrfs_prev_leaf() to not return the same key twice
btrfs: print-tree: parent bytenr must be aligned to sector size
cifs: fix pcchunk length type in smb2_copychunk_range
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
sh: math-emu: fix macro redefined warning
sh: init: use OF_EARLY_FLATTREE for early init
sh: nmi_debug: fix return value of __setup handler
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
ARM: dts: s5pv210: correct MIPI CSIS clock name
drm/panel: otm8009a: Set backlight parent to panel device
HID: wacom: Set a default resolution for older tablets
ext4: fix WARNING in mb_find_extent
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: improve error recovery code paths in __ext4_remount()
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
drbd: correctly submit flush bio on barrier
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
Linux 4.19.283
Change-Id: Id2f95d527f356c874a9e01e57f1d816b9fa34e8b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 1007843a91909a4995ee78a538f62d8665705b66 upstream.
syzbot is reporting circular locking dependency which involves
zonelist_update_seq seqlock [1], for this lock is checked by memory
allocation requests which do not need to be retried.
One deadlock scenario is kmalloc(GFP_ATOMIC) from an interrupt handler.
CPU0
----
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount odd
// e.g. timer interrupt handler runs at this moment
some_timer_func() {
kmalloc(GFP_ATOMIC) {
__alloc_pages_slowpath() {
read_seqbegin(&zonelist_update_seq) {
// spins forever because zonelist_update_seq.seqcount is odd
}
}
}
}
// e.g. timer interrupt handler finishes
write_sequnlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount even
}
This deadlock scenario can be easily eliminated by not calling
read_seqbegin(&zonelist_update_seq) from !__GFP_DIRECT_RECLAIM allocation
requests, for retry is applicable to only __GFP_DIRECT_RECLAIM allocation
requests. But Michal Hocko does not know whether we should go with this
approach.
Another deadlock scenario which syzbot is reporting is a race between
kmalloc(GFP_ATOMIC) from tty_insert_flip_string_and_push_buffer() with
port->lock held and printk() from __build_all_zonelists() with
zonelist_update_seq held.
CPU0 CPU1
---- ----
pty_write() {
tty_insert_flip_string_and_push_buffer() {
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq);
build_zonelists() {
printk() {
vprintk() {
vprintk_default() {
vprintk_emit() {
console_unlock() {
console_flush_all() {
console_emit_next_record() {
con->write() = serial8250_console_write() {
spin_lock_irqsave(&port->lock, flags);
tty_insert_flip_string() {
tty_insert_flip_string_fixed_flag() {
__tty_buffer_request_room() {
tty_buffer_alloc() {
kmalloc(GFP_ATOMIC | __GFP_NOWARN) {
__alloc_pages_slowpath() {
zonelist_iter_begin() {
read_seqbegin(&zonelist_update_seq); // spins forever because zonelist_update_seq.seqcount is odd
spin_lock_irqsave(&port->lock, flags); // spins forever because port->lock is held
}
}
}
}
}
}
}
}
spin_unlock_irqrestore(&port->lock, flags);
// message is printed to console
spin_unlock_irqrestore(&port->lock, flags);
}
}
}
}
}
}
}
}
}
write_sequnlock(&zonelist_update_seq);
}
}
}
This deadlock scenario can be eliminated by
preventing interrupt context from calling kmalloc(GFP_ATOMIC)
and
preventing printk() from calling console_flush_all()
while zonelist_update_seq.seqcount is odd.
Since Petr Mladek thinks that __build_all_zonelists() can become a
candidate for deferring printk() [2], let's address this problem by
disabling local interrupts in order to avoid kmalloc(GFP_ATOMIC)
and
disabling synchronous printk() in order to avoid console_flush_all()
.
As a side effect of minimizing duration of zonelist_update_seq.seqcount
being odd by disabling synchronous printk(), latency at
read_seqbegin(&zonelist_update_seq) for both !__GFP_DIRECT_RECLAIM and
__GFP_DIRECT_RECLAIM allocation requests will be reduced. Although, from
lockdep perspective, not calling read_seqbegin(&zonelist_update_seq) (i.e.
do not record unnecessary locking dependency) from interrupt context is
still preferable, even if we don't allow calling kmalloc(GFP_ATOMIC)
inside
write_seqlock(&zonelist_update_seq)/write_sequnlock(&zonelist_update_seq)
section...
Link: https://lkml.kernel.org/r/8796b95c-3da3-5885-fddd-6ef55f30e4d3@I-love.SAKURA.ne.jp
Fixes: 3d36424b3b58 ("mm/page_alloc: fix race condition between build_all_zonelists and page allocation")
Link: https://lkml.kernel.org/r/ZCrs+1cDqPWTDFNM@alley [2]
Reported-by: syzbot <syzbot+223c7461c58c58a4cb10@syzkaller.appspotmail.com>
Link: https://syzkaller.appspot.com/bug?extid=223c7461c58c58a4cb10 [1]
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Petr Mladek <pmladek@suse.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Cc: John Ogness <john.ogness@linutronix.de>
Cc: Patrick Daly <quic_pdaly@quicinc.com>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 4f35cec76058557d9eaec0d501d03c7657eb56b4 and does so
in an abi-safe way.
This is done by adding the new fields only to the end of the structure
and this structure is only passed around to other functions as a
pointer, the internal structure layout is only touched by the core
kernel, so adding it to the end is safe.
ABI differences manually updated:
Leaf changes summary: 1 artifact changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct anon_vma at rmap.h:29:1' changed:
type size changed from 704 to 832 (in bits)
2 data member insertions:
'unsigned long int num_children', at offset 704 (in bits) at rmap.h:70:1
'unsigned long int num_active_vmas', at offset 768 (in bits) at rmap.h:72:1
761 impacted interfaces
Bug: 260678056
Bug: 253167854
Change-Id: Ib1d45625cbc2e0b21330ca3dc2aa7aff34666d31
Signed-off-by: Lee Jones <joneslee@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
(cherry picked from commit d3e1a50cba092fa9c56fc642ee74f360c4b40a17)
* sm8250/lineage-20:
Linux 4.19.282
ASN.1: Fix check for strdup() success
iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
sctp: Call inet6_destroy_sock() via sk->sk_destruct().
dccp: Call inet6_destroy_sock() via sk->sk_destruct().
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
x86/purgatory: Don't generate debug info for purgatory.ro
memstick: fix memory leak if card device is never registered
nilfs2: initialize unused bytes in segment summary blocks
xen/netback: use same error messages for same errors
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
net: dsa: b53: mmap: add phy ops
scsi: core: Improve scsi_vpd_inquiry() checks
scsi: megaraid_sas: Fix fw_crash_buffer_show()
selftests: sigaltstack: fix -Wuninitialized
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
e1000e: Disable TSO on i219-LM card to increase speed
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
virtio_net: bugfix overflow inside xdp_linearize_page()
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Linux 4.19.281
arm64: KVM: Fix system register enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
KVM: arm64: Factor out core register ID enumeration
KVM: nVMX: add missing consistency checks for CR0 and CR4
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
ubi: Fix deadlock caused by recursively holding work_sem
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
scsi: ses: Handle enclosure with just a primary component gracefully
verify_pefile: relax wrapper length check
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: imx-lpi2c: clean rx/tx buffers upon new message
power: supply: cros_usbpd: reclassify "default case!" as debug
udp6: fix potential access to stale information
net: macb: fix a memory corruption in extended buffer descriptor mode
sctp: fix a potential overflow in sctp_ifwdtsn_skip
qlcnic: check pci_reset_function result
niu: Fix missing unwind goto in niu_alloc_channels()
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
mtdblock: tolerate corrected bit-flips
Bluetooth: Fix race condition in hidp_session_thread
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: emu10k1: fix capture interrupt handler unlinking
Revert "pinctrl: amd: Disable and mask interrupts on resume"
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
ALSA: hda/realtek: Add quirk for Clevo X370SNW
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
gpio: davinci: Add irq chip flag to skip set wake
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
sctp: check send stream number after wait_for_sndbuf
net: don't let netpoll invoke NAPI if in xmit context
icmp: guard against too small mtu
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
pwm: cros-ec: Explicitly set .polarity in .get_state()
NFSv4: Fix hangs when recovering open state after a server reboot
NFSv4: Check the return value of update_open_stateid()
NFSv4: Convert struct nfs4_state to use refcount_t
pinctrl: amd: Disable and mask interrupts on resume
pinctrl: amd: disable and mask interrupts on probe
pinctrl: amd: Use irqchip template
pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
techpack: audio: Remove build timestamp injection
Revert "dm thin: fix deadlock when swapping to thin device"
Linux 4.19.280
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
net: sched: cbq: dont intepret cls results when asked to drop
gfs2: Always check inode size of inline inodes
firmware: arm_scmi: Fix device node validation for mailbox transport
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
usb: host: ohci-pxa27x: Fix and & vs | typo
s390/uaccess: add missing earlyclobber annotations to __clear_user()
drm/etnaviv: fix reference leak when mmaping imported buffer
ALSA: usb-audio: Fix regression on detection of Roland VS-100
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
pinctrl: at91-pio4: fix domain name assignment
xen/netback: don't do grant copy across page boundary
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
cifs: prevent infinite recursion in CIFSGetDFSRefer()
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
net: mvneta: make tx buffer array agnostic
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
i40e: fix registers dump after run ethtool adapter self test
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
scsi: megaraid_sas: Fix crash after a double completion
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
fbdev: au1200fb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: nvidia: Fix potential divide by zero
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
fbdev: tgafb: Fix potential divide by zero
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
ALSA: asihpi: check pao in control_message()
md: avoid signed overflow in slot_store()
bus: imx-weim: fix branch condition evaluates to a garbage value
ocfs2: fix data corruption after failed write
tun: avoid double free in tun_free_netdev
sched/fair: Sanitize vruntime of entity being migrated
sched/fair: sanitize vruntime of entity being placed
dm crypt: add cond_resched() to dmcrypt_write()
dm stats: check for and propagate alloc_percpu failure
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
usb: chipidea: core: fix possible concurrent when switch role
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
usb: gadget: u_audio: don't let userspace block driver unbind
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
cifs: empty interface list when server doesn't support query interfaces
sh: sanitize the flags on sigreturn
net: usb: qmi_wwan: add Telit 0x1080 composition
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: target: iscsi: Fix an error message in iscsi_check_key()
m68k: Only force 030 bus error if PC not in exception table
ca8210: fix mac_len negative array access
riscv: Bump COMMAND_LINE_SIZE value to 1024
thunderbolt: Use const qualifier for `ring_interrupt_index`
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
net: mdio: thunder: Add missing fwnode_handle_put()
hvc/xen: prevent concurrent accesses to the shared ring
net/sonic: use dma_mapping_error() for error check
erspan: do not use skb_mac_header() in ndo_start_xmit()
atm: idt77252: fix kmemleak when rmmod idt77252
net/mlx5: Read the TC mapping of all priorities on ETS query
bpf: Adjust insufficient default bpf_jit_limit
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
net: usb: smsc95xx: Limit packet length to skb->len
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
i2c: imx-lpi2c: check only for enabled interrupt flags
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: diet and reformat
intel-ethernet: rename i40evf to iavf
i40evf: Change a VF mac without reloading the VF driver
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
msm: vidc: If QP_value is invalid,assign default_QP
msm: kgsl: Keep postamble packets in a privileged buffer
ANDROID: mm/filemap: Fix missing put_page() for speculative page fault
soc: qcom: qsee_ipc_irq_bridge: Remove redundant cleanup
fw-api: CL 22203883 - update fw common interface files
fw-api: CL 22203879 - update fw common interface files
fw-api: CL 22186584 - update fw common interface files
fw-api: CL 22164863 - update fw common interface files
fw-api: CL 22156324 - update fw common interface files
fw-api: Add HW header files for WCN6450
fw-api: remove banned words
fw-api: Make changes to support Big endian
fw-api: CL 22114305 - update fw common interface files
fw-api: CL 22096085 - update fw common interface files
fw-api: CL 22074527 - update fw common interface files
ANDROID: Re-enable fast mremap and fix UAF with SPF
ANDROID: mm: fix invalid backport in speculative page fault path
ANDROID: mm: assert that mmap_lock is taken exclusively in vm_write_begin
ANDROID: mm: remove sequence counting when mmap_lock is not exclusively owned
ANDROID: mm/khugepaged: add missing vm_write_{begin|end}
BACKPORT: FROMLIST: mm: implement speculative handling in filemap_fault()
fw-api: CL 22046875 - update fw common interface files
ANDROID: mm: prevent reads of unstable pmd during speculation
ANDROID: mm: prevent speculative page fault handling for in do_swap_page()
ANDROID: mm: skip pte_alloc during speculative page fault
fw-api: CL 22021621 - update fw common interface files
fw-api: CL 22011590 - update fw common interface files
fw-api: CL 22011543 - update fw common interface files
fw-api: CL 21987591 - update fw common interface files
fw-api: CL 21987565 - update fw common interface files
fw-api: CL 21882670 - update fw common interface files.
fw-api: CL 21863023 - update fw common interface files
fw-api: add REO2SW1_RING_MISC_1 in wcss_seq_hwioumac_reg.h
fw-api: CL 21817763 - update fw common interface files
fw-api: CL 21803370 - update fw common interface files
fw-api: CL 21801844 - update fw common interface files
fw-api: CL 21775737 - update fw common interface files
fw-api: CL 21774881 - update fw common interface files
fw-api: CL 21752010 - update fw common interface files
fw-api: CL 21737959 - update fw common interface files
fw-api: CL 21716559 - update fw common interface files
fw-api: CL 21708534 - update fw common interface files
fw-api: CL 21708530 - update fw common interface files
fw-api: CL 21693223 - update fw common interface files
fw-api: CL 21678453 - update fw common interface files
fw-api: CL 21675975 - update fw common interface files
fw-api: CL 21673808 - update fw common interface files
fw-api: CL 21672613 - update fw common interface files
fw-api: CL 21666405 - update fw common interface files
fw-api: CL 21666402 - update fw common interface files
fw-api: CL 21636648 - update fw common interface files
fw-api: CL 21636521 - update fw common interface files
fw-api: CL 21636491 - update fw common interface files
fw-api: CL 21624235 - update fw common interface files
fw-api: CL 21624232 - update fw common interface files
fw-api: CL 21615080 - update fw common interface files
fw-api: CL 21615063 - update fw common interface files
fw-api: CL 21614996 - update fw common interface files
fw-api: CL 21602542 - update fw common interface files
fw-api: CL 21599461 - update fw common interface files
fw-api: CL 21557799 - update fw common interface files
fw-api: CL 21552073 - update fw common interface files
fw-api: CL 21545735 - update fw common interface files
fw-api: CL 21541123 - update fw common interface files
fw-api: CL 21506382 - update fw common interface files
fw-api: CL 21503143 - update fw common interface files
fw-api: CL 21482490 - update fw common interface files
fw-api: CL 21473564 - update fw common interface files
fw-api: CL 21462084 - update fw common interface files
fw-api: CL 21416528 - update fw common interface files
fw-api: CL 21416524 - update fw common interface files
fw-api: CL 21399770 - update fw common interface files
fw-api: CL 21399742 - update fw common interface files
fw-api: CL 21398997 - update fw common interface files
fw-api: CL 21373891 - update fw common interface files
fw-api: CL 21373889 - update fw common interface files
fw-api: CL 21355920 - update fw common interface files
serial: msm_geni_serial: Avoid UAF memory access in exit path
mfd: qcom-spmi-pmic: Add remove API
Conflicts:
techpack/audio/asoc/codecs/Kbuild
Change-Id: Ib8d500530c7ea9358374a379624b06717ae684c3
https://source.android.com/docs/security/bulletin/2023-05-01
CVE-2023-21102
CVE-2023-21106
CVE-2023-0266
* tag 'ASB-2023-05-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.282
ASN.1: Fix check for strdup() success
iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
sctp: Call inet6_destroy_sock() via sk->sk_destruct().
dccp: Call inet6_destroy_sock() via sk->sk_destruct().
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
x86/purgatory: Don't generate debug info for purgatory.ro
memstick: fix memory leak if card device is never registered
nilfs2: initialize unused bytes in segment summary blocks
xen/netback: use same error messages for same errors
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
net: dsa: b53: mmap: add phy ops
scsi: core: Improve scsi_vpd_inquiry() checks
scsi: megaraid_sas: Fix fw_crash_buffer_show()
selftests: sigaltstack: fix -Wuninitialized
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
e1000e: Disable TSO on i219-LM card to increase speed
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
virtio_net: bugfix overflow inside xdp_linearize_page()
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Linux 4.19.281
arm64: KVM: Fix system register enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
KVM: arm64: Factor out core register ID enumeration
KVM: nVMX: add missing consistency checks for CR0 and CR4
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
ubi: Fix deadlock caused by recursively holding work_sem
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
scsi: ses: Handle enclosure with just a primary component gracefully
verify_pefile: relax wrapper length check
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: imx-lpi2c: clean rx/tx buffers upon new message
power: supply: cros_usbpd: reclassify "default case!" as debug
udp6: fix potential access to stale information
net: macb: fix a memory corruption in extended buffer descriptor mode
sctp: fix a potential overflow in sctp_ifwdtsn_skip
qlcnic: check pci_reset_function result
niu: Fix missing unwind goto in niu_alloc_channels()
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
mtdblock: tolerate corrected bit-flips
Bluetooth: Fix race condition in hidp_session_thread
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: emu10k1: fix capture interrupt handler unlinking
Revert "pinctrl: amd: Disable and mask interrupts on resume"
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
ALSA: hda/realtek: Add quirk for Clevo X370SNW
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
gpio: davinci: Add irq chip flag to skip set wake
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
sctp: check send stream number after wait_for_sndbuf
net: don't let netpoll invoke NAPI if in xmit context
icmp: guard against too small mtu
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
pwm: cros-ec: Explicitly set .polarity in .get_state()
NFSv4: Fix hangs when recovering open state after a server reboot
NFSv4: Check the return value of update_open_stateid()
NFSv4: Convert struct nfs4_state to use refcount_t
pinctrl: amd: Disable and mask interrupts on resume
pinctrl: amd: disable and mask interrupts on probe
pinctrl: amd: Use irqchip template
pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
Revert "dm thin: fix deadlock when swapping to thin device"
Linux 4.19.280
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
net: sched: cbq: dont intepret cls results when asked to drop
gfs2: Always check inode size of inline inodes
firmware: arm_scmi: Fix device node validation for mailbox transport
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
usb: host: ohci-pxa27x: Fix and & vs | typo
s390/uaccess: add missing earlyclobber annotations to __clear_user()
drm/etnaviv: fix reference leak when mmaping imported buffer
ALSA: usb-audio: Fix regression on detection of Roland VS-100
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
pinctrl: at91-pio4: fix domain name assignment
xen/netback: don't do grant copy across page boundary
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
cifs: prevent infinite recursion in CIFSGetDFSRefer()
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
net: mvneta: make tx buffer array agnostic
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
i40e: fix registers dump after run ethtool adapter self test
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
scsi: megaraid_sas: Fix crash after a double completion
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
fbdev: au1200fb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: nvidia: Fix potential divide by zero
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
fbdev: tgafb: Fix potential divide by zero
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
ALSA: asihpi: check pao in control_message()
md: avoid signed overflow in slot_store()
bus: imx-weim: fix branch condition evaluates to a garbage value
ocfs2: fix data corruption after failed write
tun: avoid double free in tun_free_netdev
sched/fair: Sanitize vruntime of entity being migrated
sched/fair: sanitize vruntime of entity being placed
dm crypt: add cond_resched() to dmcrypt_write()
dm stats: check for and propagate alloc_percpu failure
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
usb: chipidea: core: fix possible concurrent when switch role
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
usb: gadget: u_audio: don't let userspace block driver unbind
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
cifs: empty interface list when server doesn't support query interfaces
sh: sanitize the flags on sigreturn
net: usb: qmi_wwan: add Telit 0x1080 composition
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: target: iscsi: Fix an error message in iscsi_check_key()
m68k: Only force 030 bus error if PC not in exception table
ca8210: fix mac_len negative array access
riscv: Bump COMMAND_LINE_SIZE value to 1024
thunderbolt: Use const qualifier for `ring_interrupt_index`
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
net: mdio: thunder: Add missing fwnode_handle_put()
hvc/xen: prevent concurrent accesses to the shared ring
net/sonic: use dma_mapping_error() for error check
erspan: do not use skb_mac_header() in ndo_start_xmit()
atm: idt77252: fix kmemleak when rmmod idt77252
net/mlx5: Read the TC mapping of all priorities on ETS query
bpf: Adjust insufficient default bpf_jit_limit
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
net: usb: smsc95xx: Limit packet length to skb->len
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
i2c: imx-lpi2c: check only for enabled interrupt flags
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: diet and reformat
intel-ethernet: rename i40evf to iavf
i40evf: Change a VF mac without reloading the VF driver
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
Conflicts:
kernel/cgroup/cpuset.c
Change-Id: Ic09017614f20bff94eb0b913bb7fb5b9656dc272
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRBDkEACgkQONu9yGCS
aT6QQRAAuMXhQqInTov+2CjNyHlBGEIdl4F+ydPRkJdr+3ISZ/ocqxXu5ta59RJW
ohyDRW7B/kHRomHxeh/g3fkR2EhfaigKgSdohUL1e1CUJgmAYqh3wWio8MH2NZKy
MdNOB5oYKk7BPSBY01v3jLAd1B4Lz5HrvlagbQ5onasnk4+pNQKxG+TjfVPthWX+
3PZRS4t7rlVXCqPt09fbpaxG2Xr7OjelmZe3KtUFYfy0f+bZyQcvY4wn/jSZL9uy
zIHQLCUevYwndgIpswjt6dJl1JittV/977hyEdu9nS1bcqVttLLRriLqpefjciza
jHNwrWBkFl7G+KeTA7baYW9k0TOmpIr4ROjyeto6u9TEIlULvGzApAZfm57/zSt/
CzRjkL9pSF9KP1VWDC4Wyx7JRUliBYB34esPVxqXUjW+idj4RII8ZxbacdzoICXT
U+Je93RR9gQ9Lsp6ESBj3CnkjqGGWsKGZ+JUw0XXzurKqg2SCcHmIkIQ+2EFNJ4P
28FTlfnISxhvmvJnLXbecKQvL0qacWD+5Y8JidqlB9QCzGhN+T+4CRe3rjL7TKv/
INzPF8h67VCA986vafDpUXLWRwhdWjea5gXOhukUsYfKbt1k1yjKNdr3dbkNMnsh
3tfJB7xgVcvd49sMDTwCN6fpJTLbj9kgVYpZcW0sHFQyLuztDZs=
=TJcb
-----END PGP SIGNATURE-----
Merge 4.19.281 into android-4.19-stable
Changes in 4.19.281
pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
pinctrl: amd: Use irqchip template
pinctrl: amd: disable and mask interrupts on probe
pinctrl: amd: Disable and mask interrupts on resume
NFSv4: Convert struct nfs4_state to use refcount_t
NFSv4: Check the return value of update_open_stateid()
NFSv4: Fix hangs when recovering open state after a server reboot
pwm: cros-ec: Explicitly set .polarity in .get_state()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
icmp: guard against too small mtu
net: don't let netpoll invoke NAPI if in xmit context
sctp: check send stream number after wait_for_sndbuf
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
gpio: davinci: Add irq chip flag to skip set wake
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
ALSA: hda/realtek: Add quirk for Clevo X370SNW
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
Revert "pinctrl: amd: Disable and mask interrupts on resume"
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
mtdblock: tolerate corrected bit-flips
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
niu: Fix missing unwind goto in niu_alloc_channels()
qlcnic: check pci_reset_function result
sctp: fix a potential overflow in sctp_ifwdtsn_skip
net: macb: fix a memory corruption in extended buffer descriptor mode
udp6: fix potential access to stale information
power: supply: cros_usbpd: reclassify "default case!" as debug
i2c: imx-lpi2c: clean rx/tx buffers upon new message
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
verify_pefile: relax wrapper length check
scsi: ses: Handle enclosure with just a primary component gracefully
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix deadlock caused by recursively holding work_sem
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
KVM: nVMX: add missing consistency checks for CR0 and CR4
KVM: arm64: Factor out core register ID enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
arm64: KVM: Fix system register enumeration
Linux 4.19.281
Change-Id: I1883ac62812715a59cfcef066451a70fa7803b2e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6fe7d6b992113719e96744d974212df3fcddc76c upstream.
The si->lock must be held when deleting the si from the available list.
Otherwise, another thread can re-add the si to the available list, which
can lead to memory corruption. The only place we have found where this
happens is in the swapoff path. This case can be described as below:
core 0 core 1
swapoff
del_from_avail_list(si) waiting
try lock si->lock acquire swap_avail_lock
and re-add si into
swap_avail_head
acquire si->lock but missing si already being added again, and continuing
to clear SWP_WRITEOK, etc.
It can be easily found that a massive warning messages can be triggered
inside get_swap_pages() by some special cases, for example, we call
madvise(MADV_PAGEOUT) on blocks of touched memory concurrently, meanwhile,
run much swapon-swapoff operations (e.g. stress-ng-swap).
However, in the worst case, panic can be caused by the above scene. In
swapoff(), the memory used by si could be kept in swap_info[] after
turning off a swap. This means memory corruption will not be caused
immediately until allocated and reset for a new swap in the swapon path.
A panic message caused: (with CONFIG_PLIST_DEBUG enabled)
------------[ cut here ]------------
top: 00000000e58a3003, n: 0000000013e75cda, p: 000000008cd4451a
prev: 0000000035b1e58a, n: 000000008cd4451a, p: 000000002150ee8d
next: 000000008cd4451a, n: 000000008cd4451a, p: 000000008cd4451a
WARNING: CPU: 21 PID: 1843 at lib/plist.c:60 plist_check_prev_next_node+0x50/0x70
Modules linked in: rfkill(E) crct10dif_ce(E)...
CPU: 21 PID: 1843 Comm: stress-ng Kdump: ... 5.10.134+
Hardware name: Alibaba Cloud ECS, BIOS 0.0.0 02/06/2015
pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : plist_check_prev_next_node+0x50/0x70
lr : plist_check_prev_next_node+0x50/0x70
sp : ffff0018009d3c30
x29: ffff0018009d3c40 x28: ffff800011b32a98
x27: 0000000000000000 x26: ffff001803908000
x25: ffff8000128ea088 x24: ffff800011b32a48
x23: 0000000000000028 x22: ffff001800875c00
x21: ffff800010f9e520 x20: ffff001800875c00
x19: ffff001800fdc6e0 x18: 0000000000000030
x17: 0000000000000000 x16: 0000000000000000
x15: 0736076307640766 x14: 0730073007380731
x13: 0736076307640766 x12: 0730073007380731
x11: 000000000004058d x10: 0000000085a85b76
x9 : ffff8000101436e4 x8 : ffff800011c8ce08
x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff0017df9ed338 x4 : 0000000000000001
x3 : ffff8017ce62a000 x2 : ffff0017df9ed340
x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
plist_check_prev_next_node+0x50/0x70
plist_check_head+0x80/0xf0
plist_add+0x28/0x140
add_to_avail_list+0x9c/0xf0
_enable_swap_info+0x78/0xb4
__do_sys_swapon+0x918/0xa10
__arm64_sys_swapon+0x20/0x30
el0_svc_common+0x8c/0x220
do_el0_svc+0x2c/0x90
el0_svc+0x1c/0x30
el0_sync_handler+0xa8/0xb0
el0_sync+0x148/0x180
irq event stamp: 2082270
Now, si->lock locked before calling 'del_from_avail_list()' to make sure
other thread see the si had been deleted and SWP_WRITEOK cleared together,
will not reinsert again.
This problem exists in versions after stable 5.10.y.
Link: https://lkml.kernel.org/r/20230404154716.23058-1-rongwei.wang@linux.alibaba.com
Fixes: a2468cc9bf ("swap: choose swap device according to numa node")
Tested-by: Yongchen Yin <wb-yyc939293@alibaba-inc.com>
Signed-off-by: Rongwei Wang <rongwei.wang@linux.alibaba.com>
Cc: Bagas Sanjaya <bagasdotme@gmail.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Aaron Lu <aaron.lu@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
hawao push for android 12
* tag 'MMI-S2SE32.28-28-4' of https://github.com/MotorolaMobilityLLC/kernel-msm: (4348 commits)
Hawaii+ OLED: sim1+sim2+sd fast plugGing cause phone hang
kernel/config: hawao: usb: sim1+sim2+sd fast plugGing cause phone hang
shmem becomes bigger and bigger when launch apps
driver/power: Add debug logs
Hawao: Fix NFC power consumption in sleep mode.
devon:charger bring up
lib/iov_iter: initialize "flags" in new pipe_buffer
BACKPORT: dmabuf: fix use-after-free of dmabuf's file->f_inode
kernel:add bc12 detect channel definition
Revert "(CR): drm: mipi: Disable the MIPI DSI commands 0x2E and 0x3E"
devon4g: camera flash bringup
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
sctp: add size validation when walking chunks
sctp: validate from_addr_param return
aio: fix use-after-free due to missing POLLFREE handling
aio: keep poll requests on waitqueue until completed
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
FROMGIT: binder: fix test regression due to sender_euid change
UPSTREAM: binder: use cred instead of task for getsecid
BACKPORT: binder: use cred instead of task for selinux checks
UPSTREAM: binder: use euid from cred instead of using task
arm64/defconfig: add devon extra configs
USB: gadget: bRequestType is a bitfield, not a enum
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
hawao: devconfig: enable CHACHA20 crypto configs
rhode: devconfig: enable CHACHA20 crypto configs
regulator: Force shutdown all regulators when system power off.
arm64: defconfig: Flash compatible
TZ: Distinguishes encrypted and unencrypted TZ logs interfaces.
TZ: Fix build err
Hawaii+OLED:remove CONFIG_QCOM_FSA4480_I2C
defconfig: Disable SLAB_MERGE.
arm64/config:Enable Zram writeback on hawao
Enable LZ4 on Rhode4G and Hawao
dts: rhode: remove CONFIG_QCOM_FSA4480_I2C
mm: zram: fix build error when zram wb disabled
mm : zram fix swapcached issue on Zram Writeback
fs:proc:abort reclaim once process goes to foreground
ip_gre: add validation for csum_start
arm64/config:Enable Zram writeback on Rhode
kernel:add charger termination definition
rhode:kernel: add wt6670 get firmware num node
kernel/config:hawao:remove FTS TP config to use module
kernel/input:hawao:update to use TP module ko
kernel: remove wt6670 isp macro definition for user version
kernel/config:hawao: add new FTS config to fix build error
input/touchscreen: add ft3519 source config
input/ft3519: hawao touch driver bringup
Revert "(CR) hawaii OLED: visionox ft3519 touch drvier bringup"
kernel: add wt6670 macro definition to control i2c nack
QC3P:add iio channel definition
Rhode: define CONFIG_CAMERA_FLASH_PWM
display: Modify LDO driver initialization voltage compatibility
Hawao: NFC Bringup(4) - driver
hawaii OLED: visionox ft3519 touch drvier bringup
kernel: qc3p wt6760 isp download function
kernel:add ADC_GPIO3_DIV3 adc channel
display/config: Add LDO driver config into the kernel.
display: Load the regulator driver directly into the kernel.
kernel: use orderly_poweroff when usb plugged out
tty:diag:Move tty_flip_buffer_push out of spinlock
Revert "tty:revert the tty update from qcom for moto tty_diag driver"
kernel:dwc3 delay extcon module registeration
ANDROID: xt_quota2: set usersize in xt_match registration object
ANDROID: xt_quota2: clear quota2_log message before sending
ANDROID: xt_quota2: remove trailing junk which might have a digit in it
arm/defconfig: add hawao extra config
usb:diag:revert the f_diag update from qcom for moto tty_diag driver
tty:revert the tty update from qcom for moto tty_diag driver
Enable samsung NFC driver
integrate samsung RN4V NFC driver
Rhode4G: wide camera bring up
kernel: add charger gki
kernel: change spi gpio for i2c gpio for charger
Remove gpio3 from reserve list for rhode4g
arm/defconfig: add rhode extra config
[PATCH] f2fs: flush data when enabling checkpoint back
[PATCH] f2fs: flush data when enabling checkpoint back
Revert "(CR) guamp: emmc add ffu"
Removing debug config
[PATCH] qseecom: Call INIT_WORK() before flush_work()
guamp: emmc add ffu
Caprip: modify the actuator noise reduction work flow.
Caprip: modify the actuator noise reduction work flow.
APP data lost after first R upgrade
Porting of (CR) replace WARN with pr_debug for IPA api
(CR) Make NCM driver compatible with windows
disable CONFIG_SLUB_DEBUG for user builds
disable CONFIG_DEBUG_PANIC_ON_OOM in userdebug builds
Include inlinecrypt at config.gz to fix Q->R upgrade
usb: add xhci-hw-lpm-disable dt property support
kernel:ram overwritten by TZ logs to cause random panics
Caprip: Add start/stop vibrating notification to actuator.
arm64: defconfig: Actuator noise reduction.
kernel: driver/vibrator: diff vol for long/short vib
skip ipa assert for debug build (patch 2)
skip ipa assert for debug build
limit ion cache size
Revert "(CR) power: Add wakeup source in battery historian logGing"
power: print active wakeup source before suspend.
alarmtimer: add debug to identify alarmtimers
charger:driver:fix non power off issue for factory kill.
arm64/defconfig: Capri: open nfc driver for Capri
arm64/defconfig: disable debug fs on user build
charger:support typec high 2A current at non-turbo product
arm/defconfig: enable CONFIG_DEBUG_LIST on R
soc: qcom: service-locator: enlarge timeout value
arm/defconfig: Caprip: init kernel deconfig
arm/defconfig: Capri: init kernel deconfig
Revert "Revert "msm: media: uapi: Redefine NV12 format with different alignment""
Revert "msm: media: uapi: Redefine NV12 format with different alignment"
clear SDAM for new battery profile loading.
disable DEBUG_PANIC_ON_OOM on 3G ram device
driver:qg:enale QG_DEBUG_SOC.
Charge: fix slab out of bounds risk
charge: qc2.0 adapter charge slow
charge: Handle QC2.0 charger vbus rise 12V
BCL: Enable charge bcl feature
arm: setup: support mem= memory limit
arm: call idle notifiers in CPU idle
charger:improve micro-b input current to 1.9A per HW
Capri bring up
kernel:distinguish type-c and microb cdp input setting
disable SPLIT_RSS_COUNTING to fix zero RSS issue
charger:add battery test mode support for cebu.
spi: disable_depth > 0 when pm runtime get sync
driver/spi: spi driver suspend changes
kernel: panel_notifier: Add new panel notify event type
mmc:host:sdhci:Fix host->claimer NULL pointer problem
Change ION fill mark from 100M to 16M to reduce the Lost RAM
arm/defconfig: cebu: init kernel deconfig
NFC VEN pin startup and shutdown sequence
disable watermark boost
charge:Config DCP 2A charge current
tune memory configs
charger:limit typec high to medium when hvdcp disabled
charger:support 2A dcp charger
arm64/defconfig: enable external usb camera
power: reset: Use warm reset for dload mode
Update kernel config of userdebug on Guam/GuamP to improve performance
charger:duplicated apsd detection at pmi632
expose ssr_reason to ss_ramdump
SD: print SD interrupt log
charger:SW_ICL do not used at moto
charger:factory image charGing soc over 75%
usb audio: Let the usb sound card index from 1
kernel:USB DRP connect debug accessory test
charge: config: config batt NTC for bornr NA
Kernel: add sys node for panel supplier
gpu/drm: Create panelRegDA sysfs to expose panel's reg
pwrkey: change printk level to output to console
Reboot: trigger warm reset when receive hw_warmreset cmd
disable CONFIG_DEBUG_CONSOLE_UNHASHED_POINTERS for sts test
Revert (CR): power: smb5: Clear HDC AICL
arm/defconfig: borneo: init kernel deconfig
guam serials: remove kernel config for PASR
Revert "mm, vmstat: hide /proc/pagetypeinfo from normal users"
arm/defconfig: guam: init kernel deconfig
arm/defconfig: add 32bit debug config
defconfig.mk: add arch specific debug
enable psi for guam guamp
Revert "defconfig: disable MEMCG for bengal 32"
Fix QC rebase issue for dual role sysfs access issue
ion: display ion total size in debufs node
ion: dmabuf improve debugfs
kernel:support huawei p10 5A cable
bengal:Enable dual role usb interface
smb5:Add dual role class support in smb5
usb:Add dual role class support
sdcardfs: don't depend on reserved_mb to check free space
sdcardfs: check the free space before creating files
sdcardfs: copy inode size while getting attributes
remove nfc function for guam
charger:allow APSD re-run at factory usb detection
CONFIG_FPR_FPC disable for rebase fingerprint fix
defconfig.mk: Don't force make defconfig
gitignore: ignore dts link
guamp: arm64/dtsi enable regulator_fixed_voltage
power: Add wakeup source in battery historian logGing
arm64/defconfig: enable softlockup panic for debug
arm64/defconfig : enable NFC
kernel:add OCP charger current limitation
guam: add touch module support
Revert "(CR): config: disable CONFIG_PANIC_ON_REFCOUNT_ERROR"
arm64/defconfig: disable debug config
config: disable CONFIG_PANIC_ON_REFCOUNT_ERROR
arm64/configs: sm4250: Enable USB console
tty: msm_geni_serial: Support the match() callback
printk: Keep boot console on if enabled
arm64/config: support UAS of usb storage
arm64/defconfig: enable usbnet drivers
usb:configfs:Set udc_name NULL if attach failed
usb/dwc3: msm: Enable all Debug Logs
gadget: bcdUSB version back to 2.0 when not SuperSpeed
usb: configfs: synchronize the secure and udc_name state
usb: configfs: skip unregister gadget in secure
usb: gadget: f_mtp: Return error if count is negative
usb: gadget: storage: Support READ_TOC for MacOS
usb: configfs: Implement secure attribute
usb: configfs: Reset the use_os_desc flag
usb: mass_storage: Add support for SC_REBOOT
usb: f_mtp: Handle OS descriptors only when bound
config:remove unused smb1355 config
guam: input add touch class support
arm64/config: enable DIAG_OVER_TTY
drivers: tty: add tty diag module
char: diag: add write done sync function
panel_notify: add api for touch state
guam: defconfig: enable panel notifications
video: Add panel_notifier framework
drm: mipi: disable Elvss dim of HBM for MIPI DSI
Add new macro MIPI_DSI_MSG_READ
gpu/drm: Create sysfs to expose panel vendor infor
drm: mipi: Disable the MIPI DSI commands 0x2E and 0x3E
drm/dsi: Implement DCS set disp brightness 2bytes
guam: input add drm support
defconfig: bengal: enable pstore
power: Add function to show active wakelocks
power: suspend: Save snapshot of gpio, vreg when suspend
PM/Suspend: Print wall time at suspend entry and exit
- Do not unload prov TZ app.
add system restart warm and panic mode
printk: increase log buffer size to 2k
qpnp-power-on: Print system timestamp on Power key event
regulator: core: Add sysfs node for debug
pinctrl: msm: Add sysfs node for debug
watchdog_v2: export watchdog trigger
pinctrl: pinctrl-msm: do not dump unallocated GPIOs
of: conditional status property
arm64/dt add kpanic modules
kernel:moto charger/battery driver enable
config:battery 10k ntc enable
guamp: input add touch support
input add touch support
kernel:JK50 NTC 10K report wrong temp
arm/defconfig: update debug option
defconfig: enable CONFIG_MEMCG config
defconfig: bengal: Add moto defconfigs
msm-poweroff: Store restart reason
power: pmic-voter: Export Interfaces
Do not build moto config while building MSI
kernel/config: Add Moto ext_config feature
soc: qcom: kconfig opt to build moto dtbs
msm: kgsl: Zap performance counters across context switches
msm: kgsl: Add a sysfs node to control performance counter reads
soc: qcom: socinfo: Add soc information for KhajeP and KhajeQ
spi: spi-msm-geni: Put device to suspend if PM status is active
cnss2: Handle event processing after shutdown
cfg80211: Add support to advertize OCV support
i2c: i2c-msm-v2: Set frequency parameters to INT and validate
drivers: thermal: validate cdev sysfs state request before using it
USB: f_fs: Fix disconnect check during ongoing IO
msm: diag: fix copyright
diag: Validate the dci client before sending dci packet
drivers: soc: qcom: Initialize blocking notifier as per lockdep
usb: gadget: u_audio: fix race condition on endpoint stop
usb: gadget: u_audio: Free requests only after callback
defconfig: Enable usb peripheral audio on SXR2130
msm: ADSPRPC: Fix to avoid Use after free in fastrpc_init_process
clk: qcom: vdd-level: Update the vdd level for CX on Khaje
msm: ipa3: Fix to validate the NAT table entries during NAT table init
msm: synx: fix copyright
clk: qcom: gpucc: Update the vdd level for CX on Khaje
diag: Ensure dci entry is valid before sending the packet
usb: pd: Process request message as soon as it is received
mmc: sdhci-msm: Update the MGPI SW check to avoid irq timeout
msm: kgsl: Perform cache flush on the pages obtained using get_user_pages()
dfc: reset tx queue
clk: qcom: gpucc: Add support for higher frequency for Khaje
msm: ipa3: fix to cleanup the dma allocation
clk: qcom: vdd-level: Update the VDD levels for Bengal/Khaje
include: qcom,rpm-smd-regulator.h: Add SUPER_TURBO corner
usb: gadget: qdss: Don't clear debug_inface_enabled upon unbind
msm: adsprpc: Handle UAF in fastrpc debugfs read
usb: gadget: f_hid: Fix unbind issues
usb: gadget: f_uvc: Fix unbind issues
msm: synx: remove synx handle details from logging
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
msm: kgsl: Fix gpuaddr_in_range() to check upper bound
clk: qcom: clk-alpha-pll: Update the steps to slew the Lucid PLL
spi: spi-msm-geni: Protect from register access in suspend state
spi: spi-msm-geni: Keep device to suspend if PM call fails
regulator: qcom_pm8008-regulator: Avoid deadlock in OCP handling
usb: gadget: f_uac1: Add support for UAC1 function
tzlog: update struct to get normal and fatal diag logs
firmware: qcom: Remove garbage characters from qsee log
firmware: qcom: add enlarged qsee log support
firmware: qcom: encrypted tz and qsee log support
input: misc: qcom-power-on: Add support to log KPDPWR status
tzlog: update struct to get normal and fatal diag logs
firmware: qcom: Remove garbage characters from qsee log
firmware: qcom: add enlarged qsee log support
firmware: qcom: encrypted tz and qsee log support
fs: crypto: Maintain reference count for class keys
usb: pd: always log when state machine work is queued
leds: qti-tri-led: remove LED_KEEP_TRIGGER flag
usb: pd: add usbpd_dbg() in pd_send_msg()
diag: Update log and event mask code ranges
usb: gadget: Clear string index for RMNET
drivers: usb: enable SET_REPORT through EP0 feature
clk: qcom: debugcc: Remove gcc_pcnoc_mpu_cfg_ahb_clk for QM215
clk: qcom: debugcc: Remove im_sleep/xo_div4 for QM215
af_unix: fix garbage collect vs MSG_PEEK
net: split out functions related to registering inflight socket files
uapi: sound: add bt external sink delay parameter
mhi: core: Increase RDDM timeout to 350ms
msm: npu: remove asynchronous network execution support
usb: max-3421: Prevent corruption of freed memory
mmc: host: Add recovery_finish crypto vops
seq_file: disallow extremely large seq buffer allocations
dfc: hold wakelock while powersave timer is running
diag: Avoid possible out of bound access while sending masks
diag: Sanitize non-hdlc pkt length against buffer capacity
diag: Allow DCI packets to be copied separately
msm: gsi: Stop Channel support when in Flow Control State
msm: kgsl: Signal fence only if last fence refcount was not put
media: v4l2: Allow ioctl type of "U" for video devices like usb camera
msm: adsprpc: Handle UAF in process shell memory
cnss2: Check if firmware asserts before power off for CBC
usb: gadget: cdev: Add single packet and dynamic buffer support for Rx path
net: qrtr: Use radix_tree_iter_delete to delete tx flow
ipa: Null persistent pointers after free
net: qrtr: Cleanup flow control during DEL proc
qdss_bridge: handle usb write done event
net: qrtr: Cleanup flow control during remote socket release
leds: qpnp-flash-v2: Add support for dynamic torch current update
thermal: Update copyright info for ADC_TM driver
net: qrtr: Converting DEL_PROC command to BYE command
defconfig: Enable SPMI TEMP ALARM driver for SPF targets
msm: ipa3: Fix to NULL terminate the header pointer in proc header table
usb: dwc3: Prevent deadlock when wakeup happens through pwr event irq
thermal: Read raw values for ADC_TM calibration channels
qdss_bridge: fix stuck issue when driver remove
media: uvcvideo: Use cached memory for USB transfers
defconfig: Enable Novatek NT36xxx Touch for tron target
cnss2: Dump PCIE SOC scratch registers along with mhi reg dumps
ANDROID: mm: use raw seqcount variants in vm_write_*
msm: kgsl: Update the IFPC power up reglist
msm: ipa3: Add wait queue for the adpl
msm: ipa3: Fix to unlock mutex before return
cnss2: Update bound checks for sbl reg dumps to SRAM mem range
cnss2: Fix the pbl log sram start address for QCA6490
defconfig: arm: msm: 8937-Turn on coresight configs
arm: msm: Add support for coresight etr for 32 bit
soc: qcom: memory_dump: Support ETB/ETR register dump
defconfig: arm64: msm: 8937-Turn on coresight configs
drivers: thermal: Update a variable type in QMI encode logic
BACKPORT: dma-buf: Move dma_buf_release() from fops to dentry_ops
power: smb1398-charger: Toggle UVLO for Slave CP on USB removal
msm: npu: handle system shutdown/reboot event properly
dma-mapping-fast: Fix iova address leak with non-zero scatterlist offset
net: qrtr: Change error logging in callback
defconfig: Enable PMIC related configs for MSM8937_32
defconfig: Enable PMIC related configs for MSM8937_64
defconfig: Enable Charger/LED/RTC configs for MSM8937_32go
power: linear-charger: Report the correct battery status at SOC=0
power: charger/fg: Add charger/fg/bms drivers for QM215
defconfig: Enable ADC thermal and SPMI configs for SPF targets
thermal: Modify qpnp_adc_tm driver for IIO framework
thermal: qpnp-adc: Add snapshot of qpnp-adc-tm driver
msm: ipa3: Queue nop desc again if it fails
diag: Drop packets to avoid memory exhaustion
msm-ipa: fix use-after-free of rt_tbl
net: qualcomm: rmnet: enable support for cksumv3
serial: msm_geni_serial: Avoid port pointer access for earlyconsole case
rpmsg: glink: Change error logging to avoid throttling
USB: gadget: f_uvc: Enable more controls for CT and PU
serial: msm_geni_serial: Reduce stale delay added in stop_rx_sequencer
msm: kgsl: Add timeline traces
msm: kgsl: Add software timelines
serial: msm_geni_serial: Reduce stale delay added in stop_rx_sequencer
usb: f_mtp: Limit MTP Tx req length to 16k for ChipIdea
fuse: give wakeup hints to the scheduler
wait: add wake_up_sync()
msm: ipa: Fix to free up all pending EOB pages
msm: kgsl: Add the user API definition for timelines
Add support for new HSP version
usb: dwc3: dwc3-msm: optimize perf vote work
i2c: i2c-qcom-geni: Change the high and low time for SCL
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
tty: Fix ->session locking
msm: ipa3: increasing the uC interrupt timeout value
msm: kgsl: Fix out of bound write in adreno_profile_submit_time
diag: Update log and event mask code ranges
soc: qcom: Set QOS only to silver cluster
dwc3-msm: Move override usb speed functionality outside edev check
cnss2: Update board data file name for certain RF chip ID
platform: qpnp-revid: Add REVID support for PM8010
regulator: qcom_pm8008-regulator: add support for PMIC PM8010
regulator: qcom_pm8008: allow multiple PM8008 instances with unique names
block: pm: Fix possible unbalanced nr_pending
usb: f_mtp: Don't handle OS descriptors from MTP driver
power: supply: qpnp-smb5: specify different ICL for QC2 9V/12V level
phy: msm: usb: Check VBUS state before accessing registers in suspend
phy: msm: usb: Fail suspend if psy_type is USB or USB_CDP
USB: phy: msm: Apply DP pulse for CDP during bootup from sm_work
msm: adsprpc: Allocate buffer taking NULL byte into consideration
clk: qcom: debugcc: Remove the gcc_camss_camnoc clocks
fbdev: msm: Avoid runtime sus/res for DP/HDMI
uapi: Add UAPI headers for slatecom_interface driver
soc: qcom: smsm: Add wakeup capable flags to SMSM IRQ
f2fs: don't sleep while grabing nat_tree_lock
Ignore -106 error while opening channel
byte-cntr: Don't write csr register when byte-cntr is disabled
arm64: defconfig: Set qrtr wakeup for lito
net: qrtr: Make wakeup timeout configurable
mhi: core: Avoid race condition mhi channel prepare and M0 event
msm: synx: acquire ref of synx handle in each function
msm: ipa3: Fix to handle zero length frag skb packet
cnss_utils: Update the copyright years of file to 2017, 2019-2021
FM: mutex changes modified
Revert "qseecom: Add shmbrdige to allocate memory"
Revert "ANDROID: net: ipv4: sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size"
Revert "RFC: ANDROID: net: ipv4: sysfs_net_ipv4: Fix TCP window size controlling knobs"
ANDROID: xt_qtaguid: fix UAF race
coresight: byte-cntr: Add ETR status check in bypass notifier
clk: qcom: debugcc: Remove the gcc_camss_camnoc clocks
usb: f_fs: Avoid invalid pointer access in ffs_fs_get_tree
serial: msm_geni_serial: Enable SW flow on in runtime suspend
defconfig: msm: Enable RPM SMD cooling device driver for KHAJE
defconfig: Enable CONFIG_ION_SYSTEM_HEAP for bengal
f2fs: fix the periodic wakeups of discard thread
f2fs: allow to change discard policy based on cached discard cmds
coresight: byte-cnter: limit error log output
coresight: byte-cnter: Add ETR status check in bypass notifier
msm: synx: fix synx_release_core race condition
irqchip: mpm: Add mpm mapping for Khaje
f2fs: change to use rwsem for cp_mutex
cnss2: Assert on FW memory allocation failure
msm: kgsl: Keep the context alive until its fences signal
soc: qcom: secure_buffer: Fix the parameter passing to dmac_flush_range
cnss_utils: Increase unsafe channel max num for 6G
clk: qcom: gpucc: Update voltage fmax table for GPU clock for KHAJE
msm: ipa3: Enable hardbyte limit for WAN consumer pipe
dma-mapping-fast: Fix sg-list length calculation in fast_smmu_unmap_sg()
qseecom: Add shmbrdige to allocate memory
msm: kgsl: Use worker to put refcount on mem entry
usb: phy: qusb: Add wrapper function for phy reset
usb: pd: Clear vdm_tx if SVDM message is sent on SOP'
drivers: thermal: virtual-sensor: Add new virtual sensor for MSM8917
defconfig: Enable CONFIG_ION_SYSTEM_HEAP for bengal
futex: Handle faults correctly for PI futexes
f2fs: fix the periodic wakeups of discard thread
f2fs: allow to change discard policy based on cached discard cmds
futex: Simplify fixup_pi_state_owner()
futex: Provide and use pi_state_update_owner()
usb: phy: Reset PHY while disabling dpdm regulator
futex: Replace pointless printk in fixup_owner()
soc: qcom: smem: Update size of legacy partition
USB: diag: Add check for ctxt in usb_diag_request_size()
driver: Fix compilation error with new sdclang 12
msm: ipa3: Changes to check disconnect in progress while sending data
msm: adsprpc: Protect maps using map mutex
USB: f_diag: Report Max request size as 16k for ChipIdea
defconfig: Enable thermal emergency poweroff delay
mmc: sdhci-msm: Switch to required pad voltage for vbias bypass
mmc: sdhci-msm: Add vbias bypass specific hw WA flag
Revert "mmc: sdhci-msm: Add support to vote for vdd io parent regulator"
defconfig: kona: Add CONFIG_AQFWD for RB5 board
clk: qcom: gpucc-khaje: Remove NOM_L1 fmax corner
mmc: sdhci: Avoid dumping registers when SD card removed
FM: Fix for no sound issue in FM Audio
usb: gadget: Do not disconnect unregistered dev
HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
defconfig: kona: Make configs required to pass CTS tests mandatory
UPSTREAM: HID: playstation: Add DualSense player LED support
UPSTREAM: HID: playstation: Add microphone mute support for DualSense
UPSTREAM: HID: playstation: Add initial DualSense lightbar support
UPSTREAM: HID: playstation: Fix unused variable in ps_battery_get_property
UPSTREAM: HID: playstation: Fix array size comparison (off-by-one)
BACKPORT: HID: playstation: Report DualSense hardware and firmware version
UPSTREAM: HID: playstation: Add DualSense accelerometer and gyroscope
BACKPORT: HID: playstation: Add DualSense classic rumble support
msm: adsprpc: Lock list before removing node
msm: pcie: Add ASM2806 PCIe device and vendor id
TREAM: HID: playstation: Track devices in list
UPSTREAM: HID: playstation: Add DualSense touchpad support
UPSTREAM: HID: playstation: Add DualSense battery support
UPSTREAM: HID: playstation: Add DualSense Bluetooth support
UPSTREAM: HID: playstation: Use DualSense MAC address as unique identifier
defconfig: arm64: msm: Enable CTI_SAVE_DISABLE for SDM660
UPSTREAM: HID: playstation: Initial DualSense USB support
defconfig: Enable smb1394 driver for khaje
coresight-tmc-etr: remove mem_lock when call usb_qdss_close
soc: qcom: socinfo: Add support for kona iot soc-id
defconfig: sdm660: Add defconfig changes for camera
usb: f_qdss: Flush connect_work in qdss close
clk: qcom: gpucc: Update the post div ops for GPUCC PLL for KHAJE
clk: qcom: clk-alpha-pll: Update implementation for Zonda PLL
coresight: tmc: fix spinlock bad magic/usb_qdss_close
scsi: ufs-qcom: fix the issue of get wrong ufs clk status from sysfs node
futex: Ensure the correct return value from futex_lock_pi()
defconfig: arm: msm: Enable debugcc config for SDM439
dt-bindings: Add gpr header required for AR on kona
clk: qcom: gpucc: Update the post div ops for GPUCC PLL for KHAJE
clk: qcom: clk-alpha-pll: Update implementation for Zonda PLL
drivers: thermal: Add support for RPM SMD cooling device
diag: Avoid reallocating if buffer supports hdlc max pkt size
mhi: core: Fix find_last_bit() usage
diag: Update log and event mask code ranges
drivers: rpmh: Always bug_on() upon timeout in rpmh_write_batch()
clk: qcom: mdss: Fix flicker issue at early boot of kernel
drivers: can: mcp25xxfd: Remove return 0 for void function
Revert "kbuild: force to build vmlinux if CONFIG_MODVERSION=y"
msm: ipa3: Enabling the HOLB on USB consumer pipe for APQ target
soc: qcom: dcc: Avoid dcc_sram_writel overflow
qxr-stdalonevwr: changes for oracle mic bias
soc: qcom: dcc: Avoid huge memory allcation
defconfig: msm8937_64: Update the defconfigs
soc: qcom: dcc: Use sscanf instead of strlcpy
power: qpnp-qg: Fix a DT property name
mmc: host: OTA upgrade scenario support for multi fs combination
drivers: cpuidle: lpm-levels: Correct missing list initialize
serial: msm_geni_serial: Reset UART error code to default during shutdown
serial: msm_geni_serial: Add Workqueue to dump the registers
cnss2: Add code to do PCIe L2 suspend during shutdown
pinctrl: Update reserved gpio list for Khaje
config: enable dcc driver
soc: qcom: dcc: Add snapshot of qcom-dcc driver
serial: msm_geni_serial: Bailout from suspend if RX data is pending
diag: Update log and event mask code ranges
usb: f_fs: Free descriptors in func_unbind
clk: qcom: alpha-pll: Update Alpha PLL width for Zonda PLL
usb: gadget: f_rndis: Add 'wceis' flag to indicate 'Wireless' RNDIS
clk: qcom: khaje: Update clock changes for GCC/GPUCC/DISPCC
clk: qcom: cpu: Add support to L2 PC latency for SDM429/39
clk: qcom: cpu-sdm: Add cpu clock driver for SDM439
dt-bindings: clock: Add support for CPUCC clock ids for SDM439
clk: qcom: Add LPM Latency support for CPU clocks
clk: qcom: clk-pll: Add support for SPM event in PLL
serial: msm_geni_serial: Reduce wait for transfer delay
usb: f_fs: Avoid use-after-free of ffs_data
include: uapi: Add support for 128x32 alignment of NV12
defconfig: Enable refgen regulator driver for khaje
clk: qcom: rcg2: Force enable the RCG before update for GFX
mhi: core: Notify all mhi client's for PCIe link down recovery
power: smblite: Fix max_limit_ma for smblite
msm: ipa3: Fix to prevent Integer Overflow
dcc_v2: Control the cti trigger of each link list individually
msm: kgsl: Fix memory leak for anonymous buffers
defconfig: Enable remaining defconfigs
clk: qcom: debugcc: Add cpucc debugcc support for SDM439
clk: qcom: gcc: Correct the frequencies in freq_tbl for SDM439
clk: qcom: gcc: Add GPLL6 fixed factor support for qm215
cnss2: Add code to notify mhi about link down
defconfig: disable per-cgroup pressure tracking
defconfig: arm64: msm: Enable MSM_DEBUG_LAR_UNLOCK for msm8937
defconfig: arm: msm: Enable MSM_DEBUG_LAR_UNLOCK for msm8937
soc: mem_dump: Enable MSM_DEBUG_LAR_UNLOCK for MSM8937
defconfig: sdm660: Add missing coresight configs
From bbfaa7d36c1eb465f120f2a3dfe25c1fe022195d Mon Sep 17 00:00:00 2001 From: KaiChieh Chuang <kaichieh.chuang@mediatek.com> Date: Thu, 7 Mar 2019 07:51:09 +0800 Subject: [PATCH] ASoC: dpcm: prevent snd_soc_dpcm use after free
soc: qcom: Return correct error code when program_key fails fails
msm: ADSPRPC: Fix deadlock during SSR
soc: qcom: bam_dmux: Skip disconnect call on bootup
usb: dwc3: Use pwr_evt_irq to wakeup if dp/dm directly connected to GIC
BACKPORT: cgroup: make per-cgroup pressure stall tracking configurable
usb: dwc3-msm: Enable pwr_evt_irq for wakeup after LPM is done
power: qpnp-qg: Add support to clear soh upon first profile load
msm: kgsl: Make sure gpu-speed-bin-vectors has the correct size
msm: kgsl: Add multiple fuses based speed bin
Change the subprocess argument to fix the build issue
include: uapi: Add QBG UAPI headers
defconfig: Enable AW2016 LED driver for khaje
clk: qcom: gcc: Add halt check for MSS clocks for SDM660
msm: adsprpc: Handle UAF in process shell memory
msm: camera: Add gpio based flash driver support
leds: aw2016: update breath sysfs node name
Use environment variable to find unifdef tool
kernel_headers: Explicitly run headers_install under 'sh'
dt-bindings: msm: Add bindings for flash type
clk: qcom: mmcc: Change halt to halt_voted for SDM660
msm: kgsl: Keep private intact until last refcount is put
clk: qcom: khaje: Update freq_tbl and pll configurations
defconfig: Enable power delivery on Khaje
coresight-tmc-etr: Fix deadlock issue while switching mode
defconfig: Enable memory cgroup config
leds: add initial driver for AW2016 LED device
pinctrl: Update PINCTRL macro definition for Khaje
input: touchscreen: nt36xxx: Add Chip id and firmware
ANDROID: Incremental fs: Set credentials before reading/writing
pinctrl: Add wakeup GPIO register and bit information for khaje
defconfig: khaje: Enable khaje pinctrl
pinctrl: msm: add range of reserved gpio for Khaje
defconfig: disable debug configs
ANDROID: Incremental fs: fix up attempt to copy structures with READ/WRITE_ONCE
mmc: cqhci: Handle cqhci crypto configurations correctly
disp: uapi: drm: Add fsc format modifier
Revert "clk: qcom: Add enable_safe_config for gfx3d_clk_src"
mhi: core: Prevent doorbell with invalid tre
msm: adsprpc: Remove bad ioctl log
pinctrl: qcom: Add support for Khaje SoC pin control
dt-bindings: msm: Add bindings for flash type
msm: ipa: Fix array out of bound and use after NULL check
msm: ipa: Fix to check only reset IPA stats can have data as NULL
msm: ipa: Fix pointer checked for NULL may be used
msm: kgsl: Remove sysfs entries after releasing memory
msm: kgsl: Remove debugfs directory inside lock
leds: led-class: Retain the latest user brightness request
leds: led-class: add support for max_brightness store
mmc: core: Add at least 3 mclk cycle delay before next command after ACMD41
FM: Reduce high scan time
soc: qcom: Add check to handle out of bound access
defconfig: Enable CONFIG_MSM_TZ_LOG for 8937-perf
HID: make arrays usage and value to be the same
md: dm-default-key: Override dun value for selected bios
defconfig: khaje: Add support for clock controllers
clk: qcom: debugcc: Add support for Debugcc for KHAJE
fbdev: msm: Avoid race condition while iommu mapping from DSI flow
md: dm-default-key: Fix IV with set_dun flag defined
cnss2: Log SW_CTRL GPIO value if PCIe link training fails
diag: Update log and event mask code ranges
camera: smmu: fix for incorrect populated sids
msm: npu: Use spinlock for ipc write to avoid context switch
msm: kgsl: Fix nr_removed calculation while reducing pools
Avoid fatal error if ICE registers are not defined
rpmsg: qcom_smd: Return error if receive callback is not present
clk: qcom: dispcc: Add support for dispcc driver for KHAJE
phy-msm-usb: Add mutex for protecting msm_otg_reset
wil6210: Drop unicast sub frame if part of a multicast amsdu
clk: qcom: gpucc: Add Graphics Clock controller for KHAJE
clk: qcom: gcc-khaje: Add GCC support for KHAJE
dt-bindings: clock: gcc-khaje: Add support for USB3 MUX and BCR
msm: ipa3: Fix to change the tag process timeout value in cleanup
usb: dt-bindings: Add USB QMP PHY registers definition for Khaje
power: supply: smb1398-charger: disable WIN_OV deglitch for SMB1394
serial: msm_geni_serial: Add ioctl for sending uart error codes to BT host
defconfig: Enable SDM429 configs
mmc: cmdq_hci: Notify sdhci for enhanced strobe
mmc: sdhci-msm: Skip PWRSAVE_DLL setting for sdcc minor verion 0x4D
clk: qcom: Add enable_safe_config for gfx3d_clk_src
fbdev: msm: Increment commit count during null commit
msm: mdss: clear fences in ESD panel dead scenario
defconfig: Add HSUSB PHY configurations to Khaje
defconfig: Enable SDM429 configs
diag: Add debug logs while reading masks into userspace
tty: serial: msm: Add suspend resume support
defconfig: Enable config CONFIG_UTS_NS for msm8937_32
f_uac2: increase number of requests to 32 for UAC2
defconfig: Enable SDM429 configs
USB: dwc3: gadget: Queue data for 16 micro frames ahead in future
USB: uvc: Fix video quality issues for streaming video over USB
USB: dwc3: gadget: Increase TX fifo size for isochronous endpoint
power: smb1398: Add support for SMB1394
clk: qcom: mdss: fix blank / un-blank issue for DSI 12nm pll
msm: camera: Add reset logic for snps phy
msm: ipa: Fix considering prefetch buf size when mapping
usb_bam: Set default BAM type as DWC3 if not specified
dt-bindings: clock: Add support for KHAJE clock ids
msm: drm: uapi: add rounded corner uapi
USB: gadget: f_uvc: Enable required controls for CT and PU
vidc_3x: Change to avoid unloading firmware
msm: camera: Update SDM439 csiphy driver
ipa: Remove overwrite copy
Add support for new comanche 1.3 soc ID
wil6210: check integrity of received AMSDU packets
wil6210: Drop plaintext frames on secure network
wil6210: AP should not forward eapol packets
netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
vidc_3x: Use static table governor for bus voting
usb: f_qdss: Avoid wait_for_completion if qdss_disable is called
msm: ipa2: free the skb
defconfig: Enable ARCH_KHAJE
msm: Add initial support for Khaje in Kconfig platform
soc: qcom: socinfo: Add soc information for khaje
defconfig: Enable config CONFIG_DEBUG_FS for msm8937_64
clk: qcom: clk-alpha-pll: Add support for FSM legacy mode
sysfs: ufs-qcom: Add sysfs entries for flashpvl
scsi: ufs-qcom: Add one vendor specific sysfs group
msm: ipa3: Fix to copy num of rules from user space
defconfig: remove CONFIG_SECURITY_PERF_EVENTS_RESTRICT
msm: kgsl: Fix snapshot collection for ib1
input: qti-haptics: ensure valid pointer when calling kfree
msm: kgsl: Avoid flooding kernel log with invalid ioctl errors
rpmsg: qcom_smd: Add check for remote state in send api
msm: kgsl: Flush mem workqueue and retry if failed to find SVM region
msm: camera: Update csiphy data rate
icnss2: Add support for MHI state info
soc: qcom: ssr: Enable the irqs before powering up subsystems
icnss2: Add new ipc context to log smp2p related logs
diag: Update log and msg mask code ranges
ARM: defconfig: Enable config for msm8937_32go
usb: gadget: f_cdev: Fix use after free of port in f_cdev
defconfig: arm64: Enable CONFIG_HID_NINTENDO for QM215
defconfig: arm: Enable CONFIG_HID_NINTENDO for QM215
defconfig: Enable config for msm8937_32
fbdev: msm: Handle rotator init failure correctly
tty: Fix ->pgrp locking in tiocspgrp()
max31760: add support for additional registers
Revert "ANDROID: security,perf: Allow further restriction of perf_event_open"
USB: composite: Increase the IN endpoint buffer allocation
USB: f_fs: Avoid NULL pointer dereference during epfile_io()
USB: gadget: f_fs: Allocate extra buffer for IN endpoint
USB: f_serial/f_acm: Increase the IN endpoint buffer allocation
USB: f_fs: Increase the IN endpoint buffer allocation
leds: qpnp-flash-v2: Add support to control flash ramp time
msm: vidc_3x: Correct the arguments type to align with format string
msm: vidc_3x: correct the flags set for bus mode
defconfig: msm8937_32: Disable BUILD_ARM64_APPENDED_DTB_IMAGE flag
defconfig: msm8937_64: Disable BUILD_ARM64_APPENDED_DTB_IMAGE flag
soc: qcom: pil: Reuse carveout region for mdt header
clk: qcom: gcc: Change rate max values for SDM439
defconfig: msm8937_32go: Disable BUILD_ARM64_APPENDED_DTB_IMAGE flag
qseecom: Update correct parameters before sending to smcinvoke
msm: ADSPRPC: Add extra checks for Unsigned request
msm: camera: QM215 delay during power up sequence
config: enable rmnet_data, msm_rmnet_bam driver
msm: kgsl: Add A504 GPU support for SDM429
defconfig: Enable MSM8937 and SDM439 config
defconfig: Enable SDM439 config
defconfig: Enable MSM8937 and SDM439 config
defconfig: Enable default-key driver for msm8937_32
defconfig: Enable default-key driver for msm8937_64
defconfig: Add Radio_IRIS related config parameter
defconfig: Add Radio_IRIS related config parameter
cnss2: Add CNSS_BUS_EVENT to report bus info
cnss2: Add update_uevent API to notify CNSS event
rpmsg: qcom_smd: Ensure ordering of channel info updates
defconfig: Enable WCNSS configs
soc: qcom: bam_dmux: Abort open/close cmd during SSR
diag: Use valid data_source for a valid token
Add support for new HSP version
mmc: sdio: Retune sdio after resume
diag: Copy length and buffer locally to send to userspace client
diag: Update log mask code ranges
config: enable new rmnet_data driver
regulator: qpnp-lcdb: Add n_voltages property for LCDB regulators
spi: spi-geni-qcom: Set IOEB for MHI on SPI RX only case
diag: Prevent out of bound write while sending dci pkt to remote
drivers: rpmsg: fix to avoid dump stack in rpm-smd driver
msm: kgsl: Enable content protection for A505 GPU
serial: msm_geni_serial: Bypass Flow control lines from termios
defconfig: Enable config for msm8937_64
iommu/arm-smmu: add option to enable halt/resume of SMMU
config: enable new rmnet_data driver
usb: gadget: Add snapshot of USB RMNET Function driver
extcon: Initialize blocking notifier while registering
clk: qcom: gcc: Add GCC driver node support for SDM429
icnss: Avoid qmi register/unregister in case of qmi failure
icnss2: Avoid qmi register/unregister in case of qmi failure
tcp: adjust rto_base in retransmits_timed_out()
tcp: retry more conservatively on local congestion
tcp: create a helper to model exponential backoff
tcp: always set retrans_stamp on recovery
tcp: address problems caused by EDT misshaps
cnss2: Add sysfs support for configuring qtimer sync interval
iommu/arm-smmu: Allocate non-coherent memory for secure pagetables
defconfig: msm: Enable dm-snapshot for msm8937_32go
defconfig: msm: Enable dm-snapshot for msm8937_32
defconfig: msm: Enable dm-snapshot for msm8937_64
clk: qcom: clk-pll: Round off req_rate in determine rate
include: uapi: Add charger specific headers for QM215
clk: qcom: smd-rpm: Add RPM-SMD clock support for SDM429
defconfig: Enable USB BAM and SMD configs
mhi: dev: netdev: Set the mac header to 0 for skbs
msm: adsprpc: overflow vulnerability by race condition in adsprpc driver
defconfig: Enable USB BAM and SMD configs
defconfig: Enable default-key driver for msm8937_32go
signal: Avoid corrupting si_pid and si_uid in do_notify_parent
defconfig: Enable MDSS PLL for msm8937
defconfig: Initial defconfig files for MSM8937_64
ice: add return value for functions where ICE is disabled
cnss2: Check for BT Enable GPIO in QCA6390
soc: qcom: Enable MSM_TZ_SMMU msm8937
usb: gadget: Setup DMA ops for OTG's gadget devices
fbdev: msm: Enable mdss rotator driver
defconfig: Enable MDSS PLL config for msm8937_32
defconfig: Add Radio_IRIS related config parameter
cnss2: Use unified API to get RDDM and recovery timeouts
cnss2: Add new API to get QMI related timeouts
cnss2: Add support to populate device memory information
iommu: Update function for ARM_MSM_SECURE io pagetable type
Don't use gpio_free() for output gpios
clk: qcom: gcc: Add gcc-mdss driver node support for QM215
RPMSG driver changes for FM in msm-4.19
defconfig: Enable USB BAM configs
defconfig: Initial defconfig files for MSM8937_32
cnss2: Add CNSS wrapper function for msm_pcie_reg_dump()
clk: qcom: gcc: Add GPLL3 derived frequencies for qm215
iio: spmi-vadc: Add option to specify scale-fn-type in devicetree
iio: adc: spmi-vadc: Add adc support for SPF targets
cfg80211: Adjust 6 GHz frequency to channel conversion
iommu: Do not set COHERENT flag for secure pagetable allocation
soc: qcom: smp2p: Add proper retrigger detection
drivers: soc: qcom: Fix compilation errors
clk: qcom: mdss: Update VCO Clk enums for mdss-dsi-28lpm
dt-bindings: clock: Add mdss-28nm-pll-clk for legacy targets
drivers: soc: qcom: Add bam dmux smem state handling
net: ethernet: Add snapshot of RMNET BAM driver
scsi: ufs: Fix IOCTL error checking for input buffer
clk: qcom: mdss: fix blank / unblank for DSI 28nm pll
soc: qcom: Add support for MSM_TZ_SMMU
iommu/arm-smmu: Do not write to slave side protected context banks
net/sched: fix race between deactivation and dequeue for NOLOCK qdisc
uio: msm_sharedmem: By pass failure for hyp_assign_phys
defconfig: enable PSI config for MSM8937_32go
spmi: spmi-pmic-arb-debug: replace ioremap_resource with ioremap
qcom-geni-se: Avoid dumping of GENI registers in console
dm verity: skip verity work on I/O errors when system is shutting down
Return Immediately if failed to set to reset gpio state
msm: adsprpc: Clean DMA handles maps in case of error
diag: Prevent possible out of bound copy to userspace
ARM: decompressor: avoid speculative prefetch from protected regions
power: smb5-lib: Fix race conditions for typec power role
msm: mdss: update the DSI 12nm PHY programming sequence
msm: mdss: update the power down sequence for DSI 12nm PHY
msm: ice: Fix stack-out-of-bound erros on kasan builds
clk: qcom: debugcc: Add cpucc debugcc support for QM215
msm: ipa: Fix use-after-free in ipa3_alloc_counter_id
msm: ipa: correct the pointer in idr for FnR stats counter
fbdev: msm: update event callback function to perform ESD check
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
clk: qcom: mdss: update dsi 12nm clock driver
msm: ipa: fix race condition on PM vote on sys pipes
msm: ipa3: Fix to null pointer access
radio: iris: Add snapshot of iris FM radio support
defconfig: Add WCNSS related config parameter
wcnss: Update pm wake api's for 4.19 kernel
qtee_shmbridge: update copyright
diag: Update event and log mask code ranges
arm-smmu: add bitmap for secure context banks
iommu/arm-smmu: override writel_relaxed in smmu global address space
qseecom: Add flush_work based on flag
icnss2: Add handler for SMMU faults
wcnss: Add wcnss snapshot to msm-4.19
mm: cma: Print correct request pages
defconfig: Add clock controller support for QM215
clk: qcom: cpu-sdm: Add cpu clock driver for SDM
dt-bindings: iio: Add scale function for QM215 batt therm
platform: msm: Add USB BAM support to ChipIdea/RMNET
leds: vibrator: Add snapshot of vibrator driver
tty: serial: msm_geni_serial: Resolve race btw stop rx and cancel rx
msm: kgsl: Access map_count only if entry is successfully allocated
tty: serial: msm_geni_serial: Fix timeout for Rx abort
defconfig: Enable chipidea USB controller configs
msm: sde: Update rotator OT settings for sdm660
msm: mdss: dsi: set backlight handle to NULL in error case
clk: qcom: mdss: Add check to read the gdsc status
msm: npu: Don't send interrupt if command has been consumed
msm: ipa: Send actual DL flt rule length to Q6
sde: rotator: use shared lock while accessing vbif
clk: qcom: clk-pll: Add support for HF PLL Ops
clk: qcom: Add enable/disable to clk_regmap_mux_div_ops
clk: qcom: Update parent map to use parent_map struct
qseecom: Update the error val check
ARM: qcom: add board config support for sdm439 and sdm429
ARM: qcom: Add board config support for msm8937
Set the default slot for Full Disk Encryption key to 31
msm: ipa: Enable wdi3 API in ipa3 config
iio: ch101: Return -ENODEV when get expander GPIO failed
USB: EHCI: Add MSM Host Controller driver
usb: gadget: Add snapshot of ChipIdea driver
usb: phy: Add snapshot of PHY msm usb driver
qdss_bridge: fix kfree issue
rpmsg: glink: do not break from interrupt handler
msm: kgsl: Set correct values for SMMU protect register for A3xx
clk: qcom: clk-debug: Add support to dump GDSC registers
usb: dwc3: gadget: Prevent double free scenario for cancelled_list
diag: Enable graceful transfer of transport
diag: Enable diag over rpmsg communication for adsp
drivers: char: Fix compilation error for smd pkt driver
defconfig: msm: Enable smd pkt driver for QM215/SDM429/439
clk: qcom: mdss: update mdss-dsi-28lpm clk names
rtc: rtc-pm8xxx: add support for PM8916 RTC
msm: mdss: Fix race condition while iommu mapping from DSI flow
defconfig: enable MDSS PLL config for MSM8937_32go
msm: ipa: fix potential race condition ioctls
dt-bindings: clock: Add support for CPUCC clock ids for QM215
Add support for new versions for BT chip
smcinvoke: Update the correct parameters and result from qseecom
misc: add qrc ioctl functions
misc: add qrc_core and qrc_uart
diag: Sanitize the mempools with pool data size check
socinfo: Add socinfo support for sdm450
socinfo: Add socinfo support for msm8953
ARM: qcom: Add board config support for sdm450
ARM: qcom: Add board config support for msm8953
usb: dwc3: Enable parkmode for Gen1 controllers
msm: camera: Fix for HFR120 crash while
msm: gsi: Using kzalloc instead of devm_kzalloc
clk: qcom: debugcc: Add debugcc support for QM215
clk: qcom: gcc: Add support for GCC clock driver
usb: f_diag: Replace ERROR with pr_err
clk: qcom: mdss: add dsi phy 12nm clock
dt-bindings: clock: Add 12nm clock device tree bindings
rpmsg: qcom_smd: Add NO_SUSPEND flag for smd edge irq
rpmsg: qcom_smd: Read data of size equal to fifo size
rpmsg: qcom_smd: Read data of size greater than fifo size
rpmsg: qcom_smd: Add ipc logging for smd driver
msm: kgsl: Change start variable type to int in kgsl_iommu_add_global
rpmsg: smd: Signal the TX channel that smd driver read data
rpmsg: qcom_smd: Add GET/SET signal support
rpmsg: qcom_smd: increase bounce buffer size
drivers: rpmsg: Add smd driver module at post core init
kona_defconfig: Enable hidraw config
usb: misc: nb7vpq904m: update suspend and resume function
msm: kgsl: Use pid struct to find the process to reclaim
mm: process_reclaim: pass pid struct instead of tgid
msm: kgsl: Change vma->vm_file to shmem file
mm: process_reclaim: skip target_vma
iio: qcom-rradc: Update logic to monitor health of RRADC peripheral
cfg80211: export regulatory_hint_user() API
msm: mdss: update MDSS DSI ULPS configuration
fbdev: msm: call pxl clk unprepare during suspend
msm: mdss: add support to handle LP_RX_TO/BTA_TO errors for DSI 12nm PHY
msm: mdss: perform DSI PHY s/w reset for 12nm PHY during unblank
msm: mdss: update the MDSS DSI ULPS exit sequence
msm: mdss: add support to program of HSTX drivers for DSI 12nm PHY
msm: mdss: update DSI ULPS entry/exit sequence
msm: mdss: add support for DSI 12nm PHY in DSI driver
net: qrtr: Excessive logging casuing boot failure
defconfig: msm: enable thermal efuse driver for kona iot
drivers: thermal: qcom: Add driver to modify thermal zone based on efuse
mmc: core: Set cqe_enabled flag correctly
serial: msm_geni_serial: Fix false warning for reset failure
Kconfig: enable default config of cpu freq qcom for msm8953
msm: Add initial support for sdm450 Kconfig platform
msm: Add initial support for msm8953 Kconfig platform
Revert "cnss2: Dump mhi debug regs on receiving mhi WAKE event cb"
msm: pcie: Restore BME for RC after link_down recovery on SBR
msm: ADSPRPC: Substitute vfs check with flags
icnss: Allow register/unregister driver execution in serial manner
drivers: char: reset signal support for smd channels
drivers: char: add stream like read support
crypto: Fix possible stack out-of-bound error
drivers: irqchip: qcom: Add MSM8953 pin data for MPM
defconfig: Enable EXT4 configs
drivers: iio: enable compile for TDK sensor
power: smb2: Enable read/writing of Type-C Rp value
usb: gadget: f_mass_storage: Remove runtime async resume
drivers: iio: add Makefile and Kconfig for TDK chirp sensor
backlight: qcom-wled: Add "qcom,sync-dly" device tree property
usb: dwc3: Issue ENDTRANSFER cmd on ep0 unconditionally
coresight: disable the path when enable source link fail
qcom: fg-memif: correct timeout condition for memory grant
power: qpnp-fg-gen3: Add a property to reset FG BCL device
power_supply: Add FG_RESET_CLOCK property
qseecom: Check error when allocating coherent buffer
defconfig: Enable CPR Regulator for msm8937go
diag: Acquire spinlock for list delete operation
rpm-smd: Remove redundant spinlocks which are not required
regulator: qpnp-lcdb: Disable step voltage ramp for PM8150L V3
power: smb5-lib: Query POWER_SUPPLY_PROP_VOLTAGE_MAX_DESIGN
defconfig: Enable Incremental FS support for msm8937_32go
media/dvb: Deregister dma buffers fom shmbridge
msm: kgsl: Show max gpu temperature
USB: pd: Add support for enabling PD2.0 only as source
usb: gadget: Clear transfer started flag if endxfer cmd times out
backlight: qcom-spmi-wled: Change the SYNC toggle sequence
USB: pd: Restart host mode in high speed if no usb3 & dp concurrency
defconfig: Initial defconfig files for MSM8937_32go
TDK-Robotics-RB5 drivers source code files
diag: Update event and log mask code latest range
clk: qcom: smd-rpm: Add RPM-SMD clock support for QM215
fs: crypto: Add support for legacy pfk based FBE
fastrpc : fastrpc porting for kernel 4.19 SPF targets
qdss_bridge: fix memory leak issue
bindings: clock: qcom: Add support for clock IDs for QM215
drivers: char: msm_smd_pkt: Return error in case driver is not ready
kernel: driver: Added support msm_smd_pkt driver
dt-bindings: clock: Add support for GCC clock ids for SDM429
wigig_sensing: treat data ready as deep sleep exit when needed
usb: dwc3: gadget: Replace dev with its parent sysdev in ep_disable
usb: dwc3: gadget: Check controller status with endpoint enable/disable
coresight: Make coresight functions as inline
cnss2: WAR to trigger self-recovery for link recover callback
net: qrtr: Excessive logging casuing boot failure
pinctrl: Add support for msm8917 pinctrl
pinctrl: Add support for msm8937 pinctrl
msm: pcie : Extend link recovery for config space access failure
cnss_prealloc: Add a 128kB to prealloc pool
rpmsg: qcom_smd: allow smd create device if remote state is closing
usb: pd: Add support to disable pps capability
nl80211: add error messages to nl80211_parse_chandef()
cnss2: Increase prealloc table to satisfy latest driver requirement
power: smb5-lib: Add additional check to exit charge-termination WA
cnss2: Dump mhi debug registers on receiving mhi WAKE event cb
msm:ADSPRPC :Fix to avoid Use after free in fastrpc_internal_munmap
qseecom: Add boundary checks between two subsequent fields
diag: Read from USB without holding spinlock
serial:msm_geni_serial: Handling the cts counter in uart driver
arm64: fix bootloader_memory_limit
usb: phy: qusb2: Update tune value for host mode
coresight: cti: Solve boot up issue
cnss2: retry mhi suspend in case packets are pending in MHI layer
clk: qcom: mdss: Enable mdss 28lpm pll driver
msm: pcie : Notify client driver on reading FF's
msm: kgsl: Use pid struct to find the process to reclaim
mm: process_reclaim: pass pid struct instead of tgid
msm: kgsl: Change vma->vm_file to shmem file
qcom: step-chg-jeita: Add support for jeita fcc scaling
mm: process_reclaim: skip target_vma
mhi: core: Check PCIe link status before accessing MHI registers
power: qpnp-smb5: Add DT option to enable JEITA-ARB handling
power: smb5-lib: Improve the charge-termination WA handling
msm: pci: print PCIE LTSSM state at DRV suspend and resume
msm: kgsl: Deregister gpu address on memdesc_sg_virt failure
diag: Handle drops for diag over rpmsg
diag: Enable diag over rpmsg communication for modem
diag: Enable diag over rpmsg communication for wcnss
usb: gadget: gsi: Ensure the doorbell is blocked before suspend
drivers: irqchip: qcom: Add MSM8937 pin data for MPM
ARM: qcom: Add board config support for qm215
soc: qcom: socinfo: Add supprot for QM215 QRD soc-id
soc: qcom: socinfo: Add support for msm8917 soc-id
soc: qcom: socinfo: add support for sdm429 and sdm439
soc: qcom: socinfo: Add support for msm8937 soc-id
arm/arm64: Kconfig: Add support for qm215
ARM: qcom: Add board config support for msm8917
arm64: Kconfig: Add ARCH_SDM439 and ARCH_SDM429 support
arm64: Kconfig: Add support for msm8937 on msm-4.9
msm: adsprpc: null pointer check for sctx
regulator: qpnp-lcdb: fix race between SC interrupt and lcdb enable
msm: kgsl: Protect the memdesc->gpuaddr in SVM use cases
msm: kgsl: Stop using memdesc->usermem
net: sch_generic: fix the missing new qdisc assignment
usb: gadget: composite: Add spinlock protection for usb string descriptor
msm: kgsl: add condition to check gpuhtw_llc support
icnss: Add code to send qdss mode and sysfs interface for qdss
icnss: Add code to downdload qdss trace config
leds: qpnp-flash-v2: Fix out-of-bound array access
mm: skip speculative path for non-anonymous COW faults
ARM: msm: Add board config support for 32 bit bengal apq iot
cnss2: Add code to fix a print error in update timestamp api
icnss2: change to avoid device crash if RF card is not present
mmc: sdhci-msm: read this reg IPCAT_MINOR_MASK to sdhc host
pci: msm: Add support for linkdown recovery on hot reset
net: qrtr: print error case for qrtr receive
spi: spi-geni-qcom: Calculate transfer timeout dynamically
spi: spi-geni-qcom: Configure DFS index and clk before doing set rate
cnss2: Add delay for pci link training retries
Revert "msm: kgsl: Add GPUCC register dumps to A6xx GPU snapshot"
cnss2: Add code to handle idle-restart failure gracefully
icnss2: Clear SMP2P data during SSR
Revert "msm: kgsl: Add GPUCC register dumps to A6xx GPU snapshot"
net: qualcomm: rmnet: memset before sending genl response
diag: Add support for querying diagid for wpss subsystem
wil6210: add ability to help debug tx latency
regulator: cpr: add snapshot of cpr-regulator driver
scsi: ufshcd: Fix double release of hba
walt: Add window rollover trace event
msm: kgsl: Correct the refcount on current process PID
USB: gadget: Add support for superspeed plus for UAC2 & UVC
serial: msm_geni_serial: Perform Abort sequence for cancel failure
serial: msm_geni_serial: Correct start rx sequence
serial: msm_geni_serial: Pull RFR before stop_rx for uart
Revert "nl80211: fix non-split wiphy information"
qseecom: use legacy command for slateapp
USB: f_uac2: Update terminal types as mic and speaker
defconfig: kona: Enable USB UVC drivers
usb: gadget: f_uvc: Fix video streaming quality issues
usb: gadget: f_uvc: Fix crash on disconnect/connect during streaming
msm: npu: Prevent unpaired power vote/unvote via sysfs node
qdss_bridge: fix use-after-free is on cdev_put
defconfig: set CONFIG_HZ = 250 for Bengal
USB: uvc_video: Check for return value before halt bulk endpoint
USB: configfs: Clear deactivation flag in configfs_composite_unbind()
msm: ADSPRPC: Add check to avoid out of bound scenario
uapi: ipa: Support uc header proc ctx for DSCP insertion
usb: dwc3: core: Destroy ipc log context on remove
msm: ipa: add check to see if pm client is not NULL
cnss2: Fix KW issues for pointer check and variable init
ANDROID: vfs: d_canonical_path for stacked FS
msm: ipa3: Add change to increase timeout value
defconfig: arm64: msm: enable CONFIG_RB5_GPIOS_ENABLE
msm: driver: Add driver to enable RB5 GPIOs
msm: ADSPRPC: Reset debug buffer allocation check flag
power: smb1355: Extend minoff-time and dead-time for SMB1355
defconfig: arm64: msm: enable CONFIG_RB5_FAN_CONTROLLER
msm: fan: Add driver to control fan on RB5
HID: qvr: Remove device pointer on disconnect
usb: gadget: uvc: Update frame size as per frame type
usb: gadget: f_uvc: Fix incorrect frame indexing
usb: gadget: uvc: Add support for UVC 1.5
usb: gadget: Add support for UVC function
f2fs: prepare a waiter before entering io_schedule
f2fs: fix deadlock between quota writes and checkpoint
cnss2: Add api to get pci reg dump for hang data
power: smb1398-charger: Toggle UVLO-config on USB removal and shutdown
msm: ipa3: Add support PM api in ipav3
fs: crypto: support IV_INO_LBLK_32 for legacy (V1) format
msm: ipa3: Fix to unmap LOW LAT consumer pipe buffers
msm: pcie: Dump PCIe registers for hang event
trace: Fix race in trace_open and buffer resize call
msm: ipa4: Add change to stop netdev
msm: fbdev: dp: send video notiification after audio teardown
msm: kgsl: Poll a6x crashdumper register memory for status
usb: dwc3-msm: Rectify 64 bit dma address programming for GSI
msm: ADSPRPC: Enable ram dumps collection
f2fs: should avoid inode eviction in synchronous path
i3c: i3c-master-qcom-geni: Add HW and FW version read support
msm: ipa3: Add check to validate rule_cnt
i3c: i3c-master-qcom-geni: Manage driver suspend in late PM stage
net: qrtr: Use cyclic idr allocator for port assignment
mmc: core: change judgement for card busy detection
msm: ADSPRPC: Handle third party applications
msm:ipa4: Fix race condition
msm: kgsl: Check for gmu prealloc failure only in case of prealloc request
msm: ipa: Use kvfree instead of kfree
scsi : ufs-qcom: Add provision to set qcom specific supplies in LPM
fbdev: msm: update fb_release sequence
mhi: core: Increase RSC credit to 10
HID: qvr: wake up after acknowledgment from viewer
icnss: Update FW_INIT_DONE QMI indication with hang event params
wil6210: add max_mcs attribute
cnss2: Check link status before setting wlaon_pwr_ctrl registers
defconfig: arm64: msm: Enable USB RMNET & RNDIS using IPA over BAM2BAM
msm: kgsl: Add apb_pclk to the clock list and increase max clock count
usb: gadget: Add snapshot of USB RMNET Function driver
drivers: soc: qcom: Add usb bam changes
usb: gadget: f_qc_rndis: Add RNDIS support using IPA over BAM2BAM
serial: msm_geni_serial: Add enable/disable of dma irq bits
serial: msm_geni_serial: Don't queue the rx dma buffer in stop rx
msm: kgsl: Allow I/O coherency on imported buffers if we can
drivers: phy: ufs: Remove the condition check to calibrate UFS Phy
Reverting usb changes
defconfig: Sync with Android-4.19 configs
clk: qcom: gcc: Update the halt flags for clocks on SDM660
power: qpnp-qg: Expose CHARGE_COUNTER_SHADOW power supply property
cnss2: Check for BT Enable GPIO in QCA6490 & QCA6390
icnss2: Avoid race between soc wake release threads
icnss2: Add code for SSR dump collection feature for moselle
nl80211: fix NL80211_ATTR_HE_6GHZ_CAPABILITY usage
cfg80211: Indicate support 6GHz band in kernel
cfg80211: treat 6 GHz channels as valid regardless of capability
cfg80211: require HE capabilities for 6 GHz band
cfg80211: reject HT/VHT capabilities on 6 GHz band
cfg80211: add and expose HE 6 GHz band capabilities
cfg80211: handle 6 GHz capability of new station
ieee80211: add HE ext EIDs and 6 GHz capability defines
ieee80211: add code to obtain and parse 6 GHz operation field
cfg80211: add a helper to identify 6 GHz PSCs
cfg80211: adapt to new channelization of the 6GHz band
cfg80211: fix 6 GHz frequencies to kHz
ieee80211: update HE IEs to D4.0 spec
mac80211: update HE IEs to D3.3
mac80211: update HE operation fields to D3.0
ieee80211: remove redundant leading zeroes
iwlwifi: split HE capabilities between AP and STA
netlink: add ethernet address policy types
netlink: add NLA_REJECT policy type
wireless: align to draft 11ax D3.0
mac80211: Add he_capa debugfs entry
cfg80211: express channels with a KHz component
cfg80211: Add support for 60GHz band channels 5 and 6
cfg80211: apply same mandatory rate flags for 5GHz and 6GHz
cfg80211: ibss: use 11a mandatory rates for 6GHz band operation
clk: qcom: gpucc: Add support for new clock frequency for Lagoon
soc: qcom: minidump: Change the way to locate log_buf
qcom-cpufreq: Removing lmh-dcvs parsing in ready callback
usb: dwc3: msm: allow suspend in host mode
icnss2: Add support for host triggered recovery
Bluetooth: Implement a minimum off-time for AON discharge issue
defconfig: sdm660: Enable CONFIG_HID_NINTENDO for sdm660
defconfig: For support api_30 kernel changes
defconfig: Sync with Android-4.19 configs
defconfig: Disable CRYPTO_MD4 config
defconfig: Enable VETH config
msm:adsprpc: Prevent use after free in fastrpc_set_process_info
Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple"
Correct the FM port numbers for Chk 3.x
net/ipv4: always honour route mtu during forwarding
usb: dwc3: Ensure blocking_sync waits until host mode starts or stops
usb: dwc3: gadget: Fix double add due to cleanup_cancelled_request
ANDROID: fuse: Add support for d_canonical_path
ANDROID: vfs: add d_canonical_path for stacked filesystem support
clk: qcom: clk-debug: Add support for debug clock API's
cfg80211: use same IR permissive rules for 6GHz band
cfg80211: add 6GHz in code handling array with NUM_NL80211_BANDS entries
cfg80211: extend ieee80211_operating_class_to_band() for 6GHz
cfg80211: util: add 6GHz channel to freq conversion and vice versa
cfg80211: add 6GHz UNII band definitions
nl80211: add 6GHz band definition to enum nl80211_band
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
msm: ipa3: Add debug logs to check unregister netdev completion time
Revert "clk: Evict unregistered clks from parent caches"
ANDROID: GKI: Enable DEBUG_INFO_DWARF4
timekeeping/vsyscall: Prevent math overflow in BOOTTIME update
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
ANDROID: Publish uncompressed Image on aarch64
FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian
msm: ipa: fix the use-after-free on qmi framework in ssr scenario
fscrypt: Handle support for v1 encryption policy
ANDROID: GKI: update the ABI xml
spi: spi_qsd: Add ipc logging for spi driver
qbt_handler: Memset userspace struct to zero
drivers: soc: qcom: Port bam dmux driver
drivers: soc: qcom: Add bam dmux driver support
msm: kgsl: Compare pid pointer instead of TGID for a new process
power: qpnp-smb5: Update legacy cable detection logic in bootup
spi: spi_qsd: Add Shared EE property check for spi
soc: qcom: Correct the module description for llcc-orchid
usb: dwc3: core: Add ipc logs when sg lists are used
icnss2: Send power save enter/exit via SMP2P
ANDROID: clang: update to 11.0.5
FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
defconfig: Enable CONFIG_LEGACY_ENERGY_MODEL_DT for sdm660
scsi: ufs: Increase fDeviceInit flag poll time to 5sec
msm: pcie: update with link power on check for user PCIe resume
scsi: ufs: Fix ufshcd_hold dead loop issue if error recovery is handing
defconfig: arm64: msm: enable CONFIG_FORCE_ALLOC_FROM_DMA_ZONE
ANDROID: GKI: enable CONFIG_WIREGUARD
UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation
UPSTREAM: wireguard: noise: take lock when removing handshake entry from table
UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol
UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices
UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP
UPSTREAM: wireguard: device: avoid circular netns references
UPSTREAM: wireguard: noise: do not assign initiation time in if condition
UPSTREAM: wireguard: noise: separate receive counter from send counter
UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing
UPSTREAM: wireguard: noise: read preshared key while taking lock
UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10
UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing
UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning
UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers
UPSTREAM: wireguard: socket: remove errant restriction on looping to self
UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64
UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings
UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init
UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker
UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config
UPSTREAM: wireguard: receive: remove dead code from default packet type case
UPSTREAM: wireguard: queueing: account for skb->protocol==0
UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h>
UPSTREAM: wireguard: socket: remove extra call to synchronize_net
UPSTREAM: wireguard: send: account for mtu=0 devices
UPSTREAM: wireguard: receive: reset last_under_load to zero
UPSTREAM: wireguard: selftests: reduce complexity and fix make races
UPSTREAM: wireguard: device: use icmp_ndo_send helper
UPSTREAM: wireguard: selftests: tie socket waiting to target pid
UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation
UPSTREAM: wireguard: noise: reject peers with low order public keys
UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists
UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking
UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro
UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header
UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code
UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu()
UPSTREAM: wireguard: main: remove unused include <linux/version.h>
UPSTREAM: wireguard: global: fix spelling mistakes in comments
UPSTREAM: wireguard: Kconfig: select parent dependency for crypto
UPSTREAM: wireguard: selftests: import harness makefile for test suite
UPSTREAM: net: WireGuard secure network tunnel
UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor
UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors
UPSTREAM: icmp: introduce helper for nat'd source address in network device context
UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32
UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32
UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h>
UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables
UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array
UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration
UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files
UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register
UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation
UPSTREAM: crypto: arm64/chacha - correctly walk through blocks
UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support
UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input
UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled
UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself
UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking
UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo
UPSTREAM: crypto: curve25519 - Fix selftest build error
UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit
UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel
UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation
UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions
UPSTREAM: crypto: lib/curve25519 - re-add selftests
UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function
UPSTREAM: crypto: chacha - fix warning message in header file
UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code
UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt()
UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered
UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions
UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc
UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation
UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations
UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue
UPSTREAM: crypto: curve25519 - implement generic KPP driver
UPSTREAM: crypto: curve25519 - add kpp selftest
UPSTREAM: crypto: curve25519 - generic C library implementations
UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
UPSTREAM: crypto: blake2s - implement generic shash driver
UPSTREAM: crypto: testmgr - add test cases for Blake2s
UPSTREAM: crypto: blake2s - generic C library implementation and selftest
UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
i3c: i3c-master-qcom-geni: Handle timeout for DMA FSM reset
UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
i3c: i3c-master-qcom-geni: Save master device info to debug list
UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library
UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash
UPSTREAM: crypto: poly1305 - expose init/update/final library interface
UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code
UPSTREAM: crypto: poly1305 - move core routines into a separate library
UPSTREAM: crypto: chacha - unexport chacha_generic routines
UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc
UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function
UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver
UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function
UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed
UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs
UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function
UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: chacha - move existing library code into lib/crypto
UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
UPSTREAM: crypto: chacha - constify ctx and iv arguments
UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
i3c: i3c-master-qcom-geni: Log error if DMA mode fails
defcong: sdm660 : Adding support to IPA driver
msm: ipa: Add ipa rm support for ipa_v2
UPSTREAM: crypto: xchacha20 - fix comments for test vectors
UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC
UPSTREAM: crypto: arm64/chacha - add XChaCha12 support
UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
UPSTREAM: crypto: x86/chacha - yield the FPU occasionally
UPSTREAM: crypto: x86/chacha - add XChaCha12 support
UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant
msm: ipa3: Add low-level IPA client support
net: support __alloc_skb to always use GFP_DMA
msm: ipa2: Add changes compatible to kernel-4.19
msm: ipa2: Add change to fix ipa padding
msm: ipa: Add Kconfig changes of IPA2 driver
msm: ipa2: Add changes compatible to kernel-4.14
i3c: i3c-master-qcom-geni: Fix DMA and FIFO mode timeout scenario
ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES
msm: ipa: Add support of IPA2 driver
scsi: ufs: reomove Rst_N pulling up action in ufshcd_resume()
serial: msm_geni_serial: Add new UART IPC log file in DMA mode
serial: msm_geni_serial: Add delay for rx invalid transfer
msm_geni_serial: Add ioctl for adding new IPC log in uart
msm: kgsl: Don't allow re-importing memory owned by KGSL
serial: msm_geni_serial: memset RX buffer to Zero
icnss2: Avoid race between SOC WAKE REQ/RESP
ANDROID: GKI: Enable CONFIG_X86_X2APIC
i3c: i3c-master-qcom-geni: Manage probe time resources
fbdev: msm: disable cpu sync during dma_buf_map_attachment
scsi: ufs: Add back a missing sanity check to ufshcd_read_desc_param()
icnss: check SKIP_QMI test bit for exported qmi messages
ANDROID: move builds to use gas prebuilts
i3c: i3c-master-qcom-geni: Force the xfer mode as DMA mode
msm: ipa3: Fix to use proper clock timer
i3c: i3c-master-qcom-geni: Fix IBI and Hot join related issues
msm: ipa3: Add change to not reset HOLB timer
UPSTREAM: binder: fix UAF when releasing todo list
cnss2: Add support for PCIE gen switch
FROMLIST: arm64: vdso32: Allow ld.lld to properly link the VDSO
mmc: core: Fix clk scaling when card max freq below 50MHz
msm: ipa3: Send enable force clear only for producer pipe
sched/tune: Fix improper accounting of tasks
usb: dwc3: Stop active transfer on control endpoints
Add support for block disk encryption
mmc: host: Use right parameter for ext4 plus eMMC
mmc: host: reprogram the key to cover the invalid config case
Fix OTA issue with vts fixes for new fbe framework
msm: kgsl: Remove dev_err() from fenced write loop
uapi: sound: Fix compilation error
defconfig: msm: Enable FS related configs for Android R
net:sockev: hold file reference till the sock event is sent
net_sched: Add flow control support to prio qdisc
msm: camera: Fix for memory leak
defconfig: kona: Enable dm-crypt driver
soc: qcom: Fix memcpy operations in ramdump_read
md: dm-default-key: Use system sector size for SDHCI devices
defconfig: msm: Enable CONFIG_STATIC_USERMODEHELPER for bengal_32
fdt: Update CRC check for rng-seed
usb: phy: snps: Enable auto resume feature only in host mode
msm: ipa: Fix rndis client disconnection gracefully
icnss: reject idle restart if wlan driver unregistered
soc: qcom: Add LLCC driver for Orchid
icnss2: Decrement soc wake ref count
fbdev: msm: remove mappings before iommu detach
clk: qcom: mdss: Update dfps data struct for FB targets
usb: pd: Register typec partner in case AAA is connected
binder: update low_latency selection for binder transactions
sched/walt: Improve the scheduler
msm: kgsl: Use regulator_is_enabled api when gpu-quirk-cx-gdsc is defined
icnss2: Send enter power save after driver suspend
mmc: host: Update HS400 timing mode before performing tuning
defconfig: Enable CONFIG_UTS_NS for sdm660
trace: f2fs: Fix kasan slab-out-of-bounds
ANDROID: use arm-linux-androidkernel- for CROSS_COMPILE_COMPAT
ANDROID: build.config.common: enable LLVM=1
NFC: Add support for core init command
icnss2: Fix race condition during SOC wake req/release
msm: kgsl: Don't wait for room in context queue when context is invalidated
dt-bindings: msm: Add bindings for MP limit fuse support
fbdev: msm: set smmu cb domain attached during probe
defconfig: enable SDE rotator
mm/Kconfig: forcing allocators to return ZONE_DMA32 memory
power: smb5: Fix LPD flag for PMI632
ANDROID: GKI: prevent removal of monitored symbols
firmware: qcom: Fix hyp_log issue
soc: qcom: Fix smcinvoke_obj->fd assignment
drm: increase max limit of drm open count to 128
scsi: ufs: Fix unexpected values get from ufshcd_read_desc_param()
usb: gadget: Don't giveback request if ep command times out
icnss2: Avoid calibration during SSR of WCN6750
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-98bbf30d
edac: improve gold CPU cache way parsing
msm: kgsl: Update clk_set_rate() sequence for bimc_gpu_clk
scsi: ufs: Fix ufs power down/on specs violation in suspend/resume path
defconfig: msm: Enable CONFIG_STATIC_USERMODEHELPER for bengal_32
fdt: Update CRC check for rng-seed
defconfig: Enable blk-crypto-fallback to handle sw crypto request
md: dm-default-key: Use system sector size for SDHCI devices
msm: sde: rotator: enable sde rotator
msm: pcie: provide client the ability to control PCIe target_link_speed
qcom: qpnp-fg-gen3: Continue fg_gen3_probe() when !DEBUG_FS
dcc_v2: fix 1 write 1 read register configuration fail issue
leds: qpnp-flash-v2: Acquire the bms_psy handle at runtime
regulator: qpnp-labibb: Don't handle LAB_VREG_OK in TTW mode for pmi8998
regulator: qpnp-labibb: Add sysfs class to enable/disable the irq
regulator: qpnp-lcdb: Disable the SC irq only for PM660L V1.1 and below
regulator: qpnp-lcdb: Add sysfs class to enable/disable the irq
cnss2: Enable self-recovery only when host driver detects linkdown
ANDROID: drop KERNEL_DIR setting in build.config.common
cnss2: Release qmi handle after server exit
UPSTREAM: driver core: Avoid deferred probe due to fw_devlink_pause/resume()
UPSTREAM: driver core: Rename dev_links_info.defer_sync to defer_hook
UPSTREAM: driver core: Don't do deferred probe in parallel with kernel_init thread
msm: cvp: Avoid releasing non-existent ARP buffer
cnss_utils: Update wlfw power save enter/exit qmi message
msm: mink: Fix copy_to_user issue
crypto: Fix possible stack out of bound error
mhi: core: Extend mhi_device_get_sync_atomic() for panic cases
cnss2: Log a message after assert/de-assert WLAN_EN GPIO
cnss2: Assert when power on retry reaches maximum
usb: dwc3: gadget: Properly handle failed kick_transfer
f2fs: remove blk_plugging in block_operations
power: smblite-lib: Reduce the ICL immediately when flash is active
qseecom: Propagate correct return value from TZ
mmc: Remove unused code
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-1dca710a
irqchip: gic-v3: Add support to get pending irqs
serial: msm_geni_serial: Don't use WARN_ON for console uart
mmc: core: Fix issue of no clk scaling upon previous scaling failure
power: smb1390: Fix taper condition for VPH configuration
cnss2: Change to add prints on link down callback
dm-crypt: Skip encryption if bio is fscrypto or blk-crypto encrypted
power: smblite-lib/smb5-lib: Add partner registration for microusb otg
clk: qcom: rpmh: Update new clocks support on LitoMagnus
arm: dma-mapping.c: add cpu sync in map_sg and unmap_sg
defconfig: Enable blk-crypto-fallback to handle sw crypto request
dt-bindings: clock: qcom: Add support for RPMH clocks
msm: ipa4: fix the unclock gsi IPA register access
clk: qcom: Add BIMC logging support during kernel panic
dt-bindings: clock: Add support for BIMC clock
usb: core: Don't wait for completion of urbs
msm: kgsl: Enable process reclaim for A610
fuse: fix page dereference after free
msm: media: uapi: Redefine NV12 format with different alignment
sched/walt: Fix a potential accounting issue during window size change
UPSTREAM: arm64: vdso: Build vDSO with -ffixed-x18
mhi: core: Add checks for bhie offsets
ANDROID: KMI symbol lists: migrate section name
usb: phy: qusb: Set the voltage to regulator according to soc capacity
cnss2: Collect shadow registers for RDDM scenario
mm: slub: Add debugfs interface to capture slub allocs owner
msm: kgsl: Don't skip gmufw preallocations during firmware read
icnss2: Export API to host driver to exit power save
msm: ipa: stay in NAPI mode when default pipe has low credits
vidc_3x: Fix crash in user build
msm: mink: Fix copy_to_user issue
msm: ipa: update the iommu mapping for WDI rings
mmc: Port changes for supporting SDIO functionality to 4.19 kernel
ANDROID: ABI: refresh with latest libabigail 94f5d4ae
...
Conflicts:
.gitignore
Documentation/arm64/tagged-address-abi.rst
Makefile
android/abi_gki_aarch64
android/abi_gki_aarch64.xml
android/abi_gki_aarch64_cuttlefish
android/abi_gki_aarch64_qcom
arch/Kconfig
arch/arm/Kconfig
arch/arm/configs/vendor/msm8937-perf_defconfig
arch/arm/configs/vendor/msm8937_32go-perf_defconfig
arch/arm/configs/vendor/msm8937_32go_defconfig
arch/arm/configs/vendor/msm8937_defconfig
arch/arm/crypto/curve25519-core.S
arch/arm/crypto/poly1305-glue.c
arch/arm64/Kconfig
arch/arm64/boot/dts/vendor/bindings/bus/ti-sysc.txt
arch/arm64/boot/dts/vendor/bindings/display/mediatek/mediatek,dpi.txt
arch/arm64/boot/dts/vendor/bindings/iio/multiplexer/io-channel-mux.txt
arch/arm64/boot/dts/vendor/bindings/net/fsl-fman.txt
arch/arm64/boot/dts/vendor/bindings/sound/wm8994.txt
arch/arm64/boot/dts/vendor/bindings/usb/dwc3.txt
arch/arm64/configs/gki_defconfig
arch/arm64/configs/vendor/bengal-perf_defconfig
arch/arm64/configs/vendor/bengal_defconfig
arch/arm64/configs/vendor/kona-perf_defconfig
arch/arm64/configs/vendor/kona_defconfig
arch/arm64/configs/vendor/lito-perf_defconfig
arch/arm64/configs/vendor/lito_defconfig
arch/arm64/configs/vendor/sdm660-perf_defconfig
arch/arm64/configs/vendor/sdm660_defconfig
arch/arm64/crypto/poly1305-glue.c
arch/arm64/include/asm/alternative.h
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/lse.h
arch/arm64/include/asm/vdso/compat_barrier.h
arch/arm64/include/asm/vdso/compat_gettimeofday.h
arch/arm64/kernel/asm-offsets.c
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/vdso.c
arch/arm64/kernel/vdso/Makefile
arch/arm64/kernel/vdso32/Makefile
arch/arm64/mm/mmu.c
arch/mips/crypto/Makefile
arch/mips/crypto/poly1305-glue.c
arch/mips/vdso/Makefile
arch/x86/configs/gki_defconfig
arch/x86/crypto/Makefile
arch/x86/crypto/blake2s-glue.c
arch/x86/crypto/poly1305_glue.c
arch/x86/include/asm/vgtod.h
arch/x86/kernel/cpu/common.c
build.config.aarch64
build.config.common
build.config.gki_kasan
build.config.x86_64
crypto/Kconfig
crypto/Makefile
crypto/blake2s_generic.c
crypto/testmgr.c
crypto/testmgr.h
drivers/android/binder_internal.h
drivers/android/binderfs.c
drivers/base/core.c
drivers/base/power/wakeup_stats.c
drivers/block/loop.c
drivers/char/Kconfig
drivers/char/adsprpc.c
drivers/char/diag/diagfwd_peripheral.c
drivers/char/random.c
drivers/clk/qcom/clk-debug.c
drivers/crypto/msm/qcedev.c
drivers/devfreq/governor_gpubw_mon.c
drivers/dma-buf/dma-buf.c
drivers/firmware/qcom/tz_log.c
drivers/gpu/drm/drm_connector.c
drivers/gpu/drm/drm_mipi_dsi.c
drivers/gpu/drm/drm_prime.c
drivers/gpu/drm/virtio/virtgpu_ioctl.c
drivers/gpu/msm/adreno_debugfs.c
drivers/gpu/msm/kgsl.c
drivers/gpu/msm/kgsl_device.h
drivers/gpu/msm/kgsl_drawobj.c
drivers/gpu/msm/kgsl_pool.c
drivers/gpu/msm/kgsl_pwrctrl.c
drivers/gpu/msm/kgsl_pwrctrl.h
drivers/gpu/msm/kgsl_reclaim.c
drivers/gpu/msm/kgsl_sharedmem.c
drivers/gpu/msm/kgsl_timeline.c
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
drivers/hwtracing/coresight/coresight-etm-perf.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-etm4x.h
drivers/hwtracing/coresight/coresight-tmc-etr.c
drivers/i2c/busses/i2c-qcom-geni.c
drivers/md/dm-crypt.c
drivers/md/dm-table.c
drivers/md/dm-verity-target.c
drivers/media/platform/msm/sde/rotator/sde_rotator_sync.c
drivers/media/platform/msm/synx/synx.c
drivers/media/platform/msm/synx/synx_debugfs.c
drivers/media/platform/msm/synx/synx_util.c
drivers/misc/Kconfig
drivers/misc/Makefile
drivers/misc/qseecom.c
drivers/mmc/core/Kconfig
drivers/mmc/core/block.c
drivers/mmc/host/cqhci-crypto-qti.c
drivers/mmc/host/sdhci-msm.c
drivers/mmc/host/sdhci.c
drivers/net/Kconfig
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
drivers/net/wireguard/Makefile
drivers/net/wireguard/allowedips.c
drivers/net/wireguard/allowedips.h
drivers/net/wireguard/device.c
drivers/net/wireguard/device.h
drivers/net/wireguard/main.c
drivers/net/wireguard/peer.c
drivers/net/wireguard/peer.h
drivers/net/wireguard/queueing.c
drivers/net/wireguard/queueing.h
drivers/net/wireguard/ratelimiter.c
drivers/net/wireguard/receive.c
drivers/net/wireguard/selftest/allowedips.c
drivers/net/wireguard/send.c
drivers/net/wireguard/socket.c
drivers/net/wireless/cnss2/pci.c
drivers/net/wireless/mac80211_hwsim.c
drivers/of/platform.c
drivers/of/property.c
drivers/pinctrl/qcom/pinctrl-khaje.c
drivers/platform/msm/ipa/ipa_v3/ipa.c
drivers/platform/msm/ipa/ipa_v3/ipa_client.c
drivers/platform/msm/ipa/ipa_v3/ipa_qmi_service.c
drivers/power/supply/power_supply_sysfs.c
drivers/power/supply/qcom/Makefile
drivers/power/supply/qcom/qg-reg.h
drivers/power/supply/qcom/qpnp-qg.c
drivers/power/supply/qcom/qpnp-smb5.c
drivers/power/supply/qcom/smb1398-charger.c
drivers/power/supply/qcom/smb5-lib.c
drivers/scsi/ufs/ufshcd-crypto.c
drivers/soc/qcom/crypto-qti-tz.c
drivers/soc/qcom/icnss2/qmi.c
drivers/soc/qcom/icnss_private.h
drivers/soc/qcom/qmi_rmnet.c
drivers/soc/qcom/qmi_rmnet_i.h
drivers/soc/qcom/smcinvoke.c
drivers/soc/qcom/socinfo.c
drivers/soc/qcom/subsys-pil-tz.c
drivers/spi/spi-geni-qcom.c
drivers/staging/android/ion/ion.c
drivers/tty/serial/msm_geni_serial.c
drivers/usb/dwc3/dwc3-msm.c
drivers/usb/dwc3/gadget.c
drivers/usb/dwc3/gadget.h
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
drivers/usb/gadget/function/f_uac1.c
drivers/usb/misc/ssusb-redriver-nb7vpq904m.c
drivers/usb/musb/Kconfig
drivers/usb/musb/mediatek.c
drivers/usb/pd/policy_engine.c
drivers/usb/phy/phy-msm-qusb.c
drivers/usb/typec/bus.c
drivers/usb/typec/mux.c
drivers/video/fbdev/msm/mdss_sync.c
fs/crypto/fscrypt_private.h
fs/crypto/inline_crypt.c
fs/crypto/keysetup.c
fs/crypto/policy.c
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/namei.c
fs/ext4/page-io.c
fs/f2fs/super.c
fs/incfs/data_mgmt.h
fs/incfs/main.c
fs/incfs/vfs.c
include/crypto/blake2s.h
include/crypto/chacha.h
include/crypto/internal/blake2s.h
include/crypto/internal/poly1305.h
include/crypto/poly1305.h
include/drm/drm_mipi_dsi.h
include/linux/android_kabi.h
include/linux/bits.h
include/linux/diagchar.h
include/linux/dma-buf.h
include/linux/icmpv6.h
include/linux/ipv6.h
include/linux/page-flags-layout.h
include/linux/power_supply.h
include/linux/random.h
include/linux/sched.h
include/linux/usb/gadget.h
include/net/icmp.h
include/net/ndisc.h
include/net/sock.h
include/soc/qcom/icnss.h
include/soc/qcom/socinfo.h
include/trace/events/f2fs.h
include/trace/events/random.h
include/uapi/linux/android/binderfs.h
include/uapi/linux/v4l2-controls.h
include/uapi/linux/virtio_ids.h
include/uapi/media/msm_camsensor_sdk.h
include/uapi/media/msm_media_info.h
include/vdso/bits.h
include/vdso/datapage.h
kernel/bpf/helpers.c
kernel/cgroup/cgroup.c
kernel/fork.c
kernel/futex.c
kernel/panic.c
kernel/power/wakelock.c
kernel/sched/core.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/sched.h
kernel/sched/topology.c
kernel/sched/walt.h
kernel/time/vsyscall.c
lib/Kconfig.kasan
lib/crypto/Kconfig
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s-selftest.c
lib/crypto/blake2s.c
lib/crypto/poly1305-donna32.c
lib/crypto/poly1305-donna64.c
lib/crypto/poly1305.c
lib/strnlen_user.c
lib/test_meminit.c
lib/test_stackinit.c
mm/kasan/common.c
mm/page_alloc.c
mm/page_io.c
net/core/filter.c
net/ipv4/icmp.c
net/ipv6/ip6_icmp.c
net/sctp/input.c
net/unix/scm.c
net/wireless/core.c
net/xfrm/xfrm_compat.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
scripts/adjust_autoksyms.sh
scripts/generate_initcall_order.pl
scripts/setlocalversion
scripts/tools-support-relr.sh
security/Kconfig.hardening
security/selinux/hooks.c
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/nlmsgtab.c
security/selinux/ss/mls.c
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h
security/selinux/ss/services.c
tools/testing/selftests/wireguard/netns.sh
tools/testing/selftests/wireguard/qemu/kernel.config
Change-Id: I5992ee11f94595fd75ea4cf60b15fe7eee0f28ad
find_get_page() returns a page with increased refcount, assuming a page
exists at the given index. Ensure this refcount is dropped on error.
Bug: 271079833
Fixes: 59d4d125 ("BACKPORT: FROMLIST: mm: implement speculative handling in filemap_fault()")
Change-Id: Idc7b9e3f11f32a02bed4c6f4e11cec9200a5c790
Signed-off-by: Patrick Daly <quic_pdaly@quicinc.com>
(cherry picked from commit 6232eecfa7ca0d8d0ca088da6d0edb2c3a879ff9)
Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com>
Git-commit: 1d05213028b6dbdb8801e20f29b6a6f91c216033
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
SPF attempts page faults without taking the mmap lock, but takes the
PTL. If there is a concurrent fast mremap (at PMD/PUD level), this
can lead to a UAF as fast mremap will only take the PTL locks at the
PMD/PUD level. SPF cannot take the PTL locks at the larger subtree
granularity since this introduces much contention in the page fault
paths.
To address the race:
1) Only try fast mremaps if there are no users of the VMA. Android
is concerned with this optimization in the context of
GC stop-the-world pause. So there are no other threads active
and this should almost always succeed.
2) Speculative faults detect ongoing fast mremaps and fallback
to conventional fault handling (taking mmap read lock).
Bug: 263177905
Change-Id: I23917e493ddc8576de19883cac053dfde9982b7f
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Git-commit: 529351c4c8202aa7f5bc4a8a100e583a70ab6110
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve merge conflicts. Not applying
mremap changes due to absence of applicable configs for race.]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
In a number of cases vm_write_{begin|end} is called while mmap_lock is
not owned exclusively. This is unnecessary and can affect correctness of
the sequence counting protecting speculative page fault handlers. Remove
extra calls.
Bug: 257443051
Change-Id: I1278638a0794448e22fbdab5601212b3b2eaebdc
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Git-commit: bfdcf47ca34dc3b7b63ca16b0a1856e57c57ee47
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve trivial merge conflicts]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Speculative page fault handler needs to detect concurrent pmd changes
and relies on vma seqcount for that. pmdp_collapse_flush(), set_huge_pmd() and collapse_and_free_pmd() can modify a pmd.
vm_write_{begin|end} are needed in the paths which can call these
functions for page fault handler to detect pmd changes.
Bug: 257443051
Change-Id: Ieb784b5f44901b66a594f61b9e7c91190ff97f80
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Git-commit: 5ed391bd8ad8481d82c1bbb05a35f5538966dce9
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve trivial merge conflicts]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Extend filemap_fault() to handle speculative faults.
In the speculative case, we will only be fishing existing pages out of
the page cache. The logic we use mirrors what is done in the
non-speculative case, assuming that pages are found in the page cache,
are up to date and not already locked, and that readahead is not
necessary at this time. In all other cases, the fault is aborted to be
handled non-speculatively.
Signed-off-by: Michel Lespinasse <michel@lespinasse.org>
Link: https://lore.kernel.org/all/20210407014502.24091-26-michel@lespinasse.org/
Conflicts:
mm/filemap.c
1. Added back file_ra_state variable used by SPF path.
2. Updated comment for filemap_fault to reflect SPF locking rules.
Bug: 161210518
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I82eba7fcfc81876245c2e65bc5ae3d33ddfcc368
Git-commit: 59d4d125b7d0108b54860ea8584679d514ef07b0
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve trivial merge conflicts]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Checks of pmd during speculative page fault handling are racy because
pmd is unprotected and might be modified or cleared. This might cause
use-after-free reads from speculative path, therefore prevent such
checks. At the beginning of speculation pmd is checked to be valid and
if it's changed before page fault is handled, the change will be detected
and page fault will be retried under mmap_lock protection.
Bug: 257443051
Change-Id: I0cbd3b0b44e8296cf0d6cb298fae48c696580068
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Git-commit: 2bb39b912175c3c087978ae5547e277a8422c601
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve merge conflicts]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Speculative page fault checks pmd to be valid before starting to handle
the page fault and pte_alloc() should do nothing if pmd stays valid.
If pmd gets changed during speculative page fault, we will detect the
change later and retry with mmap_lock. Therefore pte_alloc() can be
safely skipped and this prevents the racy pmd_lock() call which can
access pmd->ptl after pmd was cleared.
Bug: 257443051
Change-Id: Iec57df5530dba6e0e0bdf9f7500f910851c3d3fd
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Git-commit: 1169f70f8f15ea4378ecadb9baba8791824c8b2a
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
https://source.android.com/docs/security/bulletin/2023-03-01
CVE-2021-33655
* tag 'ASB-2023-03-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.275
USB: core: Don't hold device lock while reading the "descriptors" sysfs file
USB: serial: option: add support for VW/Skoda "Carstick LTE"
dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
vc_screen: don't clobber return value in vcs_read
net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
IB/hfi1: Assign npages earlier
btrfs: send: limit number of clones and allocated memory size
ACPI: NFIT: fix a potential deadlock during NFIT teardown
ARM: dts: rockchip: add power-domains property to dp node on rk3288
UPSTREAM: selinux: check return value of sel_make_avc_files
UPSTREAM: lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
UPSTREAM: wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
UPSTREAM: wireguard: receive: drop handshakes if queue lock is contended
UPSTREAM: wireguard: receive: use ring buffer for incoming handshakes
UPSTREAM: wireguard: device: reset peer src endpoint when netns exits
UPSTREAM: wireguard: selftests: actually test for routing loops
UPSTREAM: kasan: fix tag for large allocations when using CONFIG_SLAB
UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it
UPSTREAM: driver core: Reject pointless SYNC_STATE_ONLY device links
BACKPORT: PM: EM: Fix inefficient states detection
UPSTREAM: cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
UPSTREAM: thermal/core: Fix thermal_cooling_device_register() prototype
UPSTREAM: PM: EM: Increase energy calculation precision
UPSTREAM: lib/test_stackinit: Fix static initializer test
BACKPORT: userfaultfd: do not untag user pointers
UPSTREAM: net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
UPSTREAM: sched/uclamp: Ignore max aggregation if rq is idle
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: f2fs: Advertise encrypted casefolding in sysfs
UPSTREAM: fuse: ignore PG_workingset after stealing
BACKPORT: loop: Fix missing discard support when using LOOP_CONFIGURE
BACKPORT: nvmem: core: add a missing of_node_put
UPSTREAM: usb: typec: mux: Fix copy-paste mistake in typec_mux_match
Linux 4.19.274
bpf: add missing header file include
ext4: Fix function prototype mismatch for ext4_feat_ktype
wifi: mwifiex: Add missing compatible string for SD8787
uaccess: Add speculation barrier to copy_from_user()
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
alarmtimer: Prevent starvation by small intervals and SIG_IGN
powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
random: always mix cycle counter in add_latent_entropy()
powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
wifi: rtl8xxxu: gen2: Turn on the rate control
BACKPORT: fscrypt: fix derivation of SipHash keys on big endian CPUs
UPSTREAM: wireguard: allowedips: free empty intermediate nodes when removing single node
BACKPORT: wireguard: allowedips: allocate nodes in kmem_cache
Linux 4.19.273
net: phy: meson-gxl: Add generic dummy stubs for MMD register access
nilfs2: fix underflow in second superblock position calculations
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
i40e: Add checking for null for nlmsg_find_attr()
ipv6: Fix tcp socket connection with DSCP.
ipv6: Fix datagram socket connection with DSCP.
net: mpls: fix stale pointer if allocation fails during device rename
net: stmmac: Restrict warning on disabling DMA store and fwd mode
bnxt_en: Fix mqprio and XDP ring checking logic
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
net: bgmac: fix BCM5358 support by setting correct flags
i40e: add double of VLAN header when computing the max MTU
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
hugetlb: check for undefined shift on 32 bit architectures
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda/conexant: add a new hda codec SN6180
mmc: sdio: fix possible resource leaks in some error paths
Revert "x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN"
netfilter: nft_tproxy: restrict to prerouting hook
aio: fix mremap after fork null-deref
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
net/rose: Fix to not accept on connected socket
tools/virtio: fix the vringh test for virtio ring changes
ASoC: cs42l56: fix DT probe
migrate: hugetlb: check for hugetlb shared PMD in node migration
bpf: Always return target ifindex in bpf_fib_lookup
arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
usb: typec: altmodes/displayport: Fix probe pin assign check
usb: core: add quirk for Alcor Link AK9563 smartcard reader
net: USB: Fix wrong-direction WARNING in plusb.c
pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
pinctrl: intel: Convert unsigned to unsigned int
pinctrl: single: fix potential NULL dereference
pinctrl: aspeed: Fix confusing types in return value
ALSA: pci: lx6464es: fix a debug loop
selftests: forwarding: lib: quote the sysctl values
rds: rds_rm_zerocopy_callback() use list_first_entry()
net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
net: phy: meson-gxl: add g12a support
net: phy: add macros for PHYID matching
IB/hfi1: Restore allocated resources on failed copyout
ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
btrfs: limit device extents to the device size
iio:adc:twl6030: Enable measurement of VAC
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
serial: 8250_dma: Fix DMA Rx rearm race
serial: 8250_dma: Fix DMA Rx completion race
Squashfs: fix handling and sanity checking of xattr_ids count
mm/swapfile: add cond_resched() in get_swap_pages()
mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
riscv: disable generation of unwind tables
parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
parisc: Fix return code of pdc_iodc_print()
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
iio: adc: berlin2-adc: Add missing of_node_put() in error path
iio: hid: fix the retval in accel_3d_capture_sample
efi: Accept version 2 of memory attributes table
watchdog: diag288_wdt: fix __diag288() inline assembly
watchdog: diag288_wdt: do not use stack buffers for hardware data
fbcon: Check font dimension limits
thermal: intel: int340x: Protect trip temperature from concurrent updates
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
KVM: VMX: Move VMX specific files to a "vmx" subdirectory
nVMX x86: Check VMX-preemption timer controls on vmentry of L2 guests
Input: i8042 - add Clevo PCX0DX to i8042 quirk table
Input: i8042 - add TUXEDO devices to i8042 quirk tables
Input: i8042 - merge quirk tables
Input: i8042 - move __initconst to fix code styling warning
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
usb: dwc3: qcom: enable vbus override when in OTG dr-mode
usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
iio: adc: stm32-dfsdm: fill module aliases
net/x25: Fix to not accept on connected socket
i2c: rk3x: fix a bunch of kernel-doc warnings
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
scsi: target: core: Fix warning on RT kernels
net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
ata: libata: Fix sata_down_spd_limit() when no link speed is reported
squashfs: harden sanity check in squashfs_read_xattr_id_table
netrom: Fix use-after-free caused by accept on already connected socket
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
UPSTREAM: wireguard: allowedips: remove nodes in O(1)
UPSTREAM: wireguard: allowedips: initialize list head in selftest
UPSTREAM: wireguard: use synchronize_net rather than synchronize_rcu
UPSTREAM: wireguard: do not use -O3
UPSTREAM: wireguard: selftests: make sure rp_filter is disabled on vethc
BACKPORT: wireguard: selftests: remove old conntrack kconfig value
BACKPORT: usb: typec: mux: Fix matching with typec_altmode_desc
UPSTREAM: sched/uclamp: Fix locking around cpu_util_update_eff()
UPSTREAM: sched/uclamp: Fix wrong implementation of cpu.uclamp.min
UPSTREAM: usb: musb: Fix an error message
UPSTREAM: arm64: doc: Add brk/mmap/mremap() to the Tagged Address ABI Exceptions
BACKPORT: selinux: add proper NULL termination to the secclass_map permissions
UPSTREAM: crypto: arm/curve25519 - Move '.fpu' after '.arch'
UPSTREAM: libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
UPSTREAM: of: property: fw_devlink: do not link ".*,nr-gpios"
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: wireguard: selftests: test multiple parallel streams
UPSTREAM: crypto: mips: add poly1305-core.S to .gitignore
BACKPORT: arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
UPSTREAM: crypto: mips/poly1305 - enable for all MIPS processors
UPSTREAM: kbuild: do not include include/config/auto.conf from adjust_autoksyms.sh
UPSTREAM: wireguard: kconfig: use arm chacha even with no neon
UPSTREAM: wireguard: queueing: get rid of per-peer ring buffers
UPSTREAM: wireguard: device: do not generate ICMP for non-IP packets
BACKPORT: mac80211_hwsim: notify wmediumd of used MAC addresses
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
BACKPORT: perf_event_open: switch to copy_struct_from_user()
BACKPORT: sched_setattr: switch to copy_struct_from_user()
Conflicts:
kernel/power/energy_model.c
net/wireless/scan.c
Change-Id: I55c29a161fd214642259ddfb19fb749a416babb2
If an object is allocated on a tail page of a multi-page slab, kasan
will get the wrong tag because page->s_mem is NULL for tail pages. I'm
not quite sure what the user-visible effect of this might be.
Bug: 254441685
Link: https://lkml.kernel.org/r/20211001024105.3217339-1-willy@infradead.org
Fixes: 7f94ffbc4c6a ("kasan: add hooks implementation for tag-based mode")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Acked-by: Marco Elver <elver@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 820a1e6e87ccaa6c0c77ac7d79d05beec3f8cb88)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I1e9c12a04670ad52498e09ae85430e497f3d7816
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmP2ANYACgkQONu9yGCS
aT6oNBAArmqskeKikeebAGPOtU1quHBGnnbpSOd0SFZVTLi0N9YD9SjVpJ8RoMTT
PCPz1yc8qw+1nFL0DQ+nJ/hx7SK9mfGpBB5CP8ZNjI35Hpf7RMmftwXGvEp1FAMX
1xTUEB2dS2YH9fp8mZYAEjFAQ76XZ8u5fXntVPCcclJIbxMkcgvdRUKtWkPwK4vd
rJytrqPYEe9UyPWU3Gw0OyRNNFpZcNB11ZbOWeCpe+G31naZWHiqcjzi7hF9IGsA
lzElk9pWpMW/WxpPfNkxyJEW5NfnEJTwjaHoV5LF9jONOX6lV5e4hRr10KkrdnxM
rQB82kN9JC1+r+5Zbkz1Zy8Tmas/aI1Gk1oJmZufi2nhP06uxsRVV06bqdg8MM0U
z7giLCwj7+gIk7LXm/kmVLvTVuTGMXdhfUaVG1OKxcp9WjLIwpkDJS7raEZ2Iyy3
5/IkvICt+cINpc/s/eO3u9CaRZVCb2vUYVRxY4sc9j/+P8U9j/N3DmbIqYD8b3ty
sO20M/DvD2Ra0PD11QofMqg0fegZTTCvhl9hFPu41gXHTKUlM9d5QqTZPC/JoJ3f
vd/BoSvXuzxJHyljsQ2W5BUoEyOKbM12EBnbiuxPwospfy/U6y/nENe9v463bWFf
DuZfaWx6+I3WW5mZeaWA7IMKVmfFazhjhztZqzhd1yUCkVINN70=
=5lII
-----END PGP SIGNATURE-----
Merge 4.19.273 into android-4.19-stable
Changes in 4.19.273
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
netrom: Fix use-after-free caused by accept on already connected socket
squashfs: harden sanity check in squashfs_read_xattr_id_table
ata: libata: Fix sata_down_spd_limit() when no link speed is reported
net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
scsi: target: core: Fix warning on RT kernels
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
i2c: rk3x: fix a bunch of kernel-doc warnings
net/x25: Fix to not accept on connected socket
iio: adc: stm32-dfsdm: fill module aliases
usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
usb: dwc3: qcom: enable vbus override when in OTG dr-mode
usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
Input: i8042 - move __initconst to fix code styling warning
Input: i8042 - merge quirk tables
Input: i8042 - add TUXEDO devices to i8042 quirk tables
Input: i8042 - add Clevo PCX0DX to i8042 quirk table
nVMX x86: Check VMX-preemption timer controls on vmentry of L2 guests
KVM: VMX: Move VMX specific files to a "vmx" subdirectory
KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
thermal: intel: int340x: Protect trip temperature from concurrent updates
fbcon: Check font dimension limits
watchdog: diag288_wdt: do not use stack buffers for hardware data
watchdog: diag288_wdt: fix __diag288() inline assembly
efi: Accept version 2 of memory attributes table
iio: hid: fix the retval in accel_3d_capture_sample
iio: adc: berlin2-adc: Add missing of_node_put() in error path
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
parisc: Fix return code of pdc_iodc_print()
parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
riscv: disable generation of unwind tables
mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
mm/swapfile: add cond_resched() in get_swap_pages()
Squashfs: fix handling and sanity checking of xattr_ids count
serial: 8250_dma: Fix DMA Rx completion race
serial: 8250_dma: Fix DMA Rx rearm race
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
iio:adc:twl6030: Enable measurement of VAC
btrfs: limit device extents to the device size
ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
IB/hfi1: Restore allocated resources on failed copyout
net: phy: add macros for PHYID matching
net: phy: meson-gxl: add g12a support
net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
rds: rds_rm_zerocopy_callback() use list_first_entry()
selftests: forwarding: lib: quote the sysctl values
ALSA: pci: lx6464es: fix a debug loop
pinctrl: aspeed: Fix confusing types in return value
pinctrl: single: fix potential NULL dereference
pinctrl: intel: Convert unsigned to unsigned int
pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
net: USB: Fix wrong-direction WARNING in plusb.c
usb: core: add quirk for Alcor Link AK9563 smartcard reader
usb: typec: altmodes/displayport: Fix probe pin assign check
riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
bpf: Always return target ifindex in bpf_fib_lookup
migrate: hugetlb: check for hugetlb shared PMD in node migration
ASoC: cs42l56: fix DT probe
tools/virtio: fix the vringh test for virtio ring changes
net/rose: Fix to not accept on connected socket
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
aio: fix mremap after fork null-deref
netfilter: nft_tproxy: restrict to prerouting hook
Revert "x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN"
mmc: sdio: fix possible resource leaks in some error paths
ALSA: hda/conexant: add a new hda codec SN6180
ALSA: hda/realtek - fixed wrong gpio assigned
hugetlb: check for undefined shift on 32 bit architectures
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
i40e: add double of VLAN header when computing the max MTU
net: bgmac: fix BCM5358 support by setting correct flags
dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
bnxt_en: Fix mqprio and XDP ring checking logic
net: stmmac: Restrict warning on disabling DMA store and fwd mode
net: mpls: fix stale pointer if allocation fails during device rename
ipv6: Fix datagram socket connection with DSCP.
ipv6: Fix tcp socket connection with DSCP.
i40e: Add checking for null for nlmsg_find_attr()
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
nilfs2: fix underflow in second superblock position calculations
net: phy: meson-gxl: Add generic dummy stubs for MMD register access
Linux 4.19.273
Change-Id: Id9b61e7d5d9399a46dc2d52a392eacf5cbe30248
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 73bdf65ea74857d7fb2ec3067a3cec0e261b1462 upstream.
migrate_pages/mempolicy semantics state that CAP_SYS_NICE is required to
move pages shared with another process to a different node. page_mapcount
> 1 is being used to determine if a hugetlb page is shared. However, a
hugetlb page will have a mapcount of 1 if mapped by multiple processes via
a shared PMD. As a result, hugetlb pages shared by multiple processes and
mapped with a shared PMD can be moved by a process without CAP_SYS_NICE.
To fix, check for a shared PMD if mapcount is 1. If a shared PMD is found
consider the page shared.
Link: https://lkml.kernel.org/r/20230126222721.222195-3-mike.kravetz@oracle.com
Fixes: e2d8cf4055 ("migrate: add hugepage migration code to migrate_pages()")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Peter Xu <peterx@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: James Houghton <jthoughton@google.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Naoya Horiguchi <naoya.horiguchi@linux.dev>
Cc: Vishal Moola (Oracle) <vishal.moola@gmail.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7717fc1a12f88701573f9ed897cc4f6699c661e3 upstream.
The softlockup still occurs in get_swap_pages() under memory pressure. 64
CPU cores, 64GB memory, and 28 zram devices, the disksize of each zram
device is 50MB with same priority as si. Use the stress-ng tool to
increase memory pressure, causing the system to oom frequently.
The plist_for_each_entry_safe() loops in get_swap_pages() could reach tens
of thousands of times to find available space (extreme case:
cond_resched() is not called in scan_swap_map_slots()). Let's add
cond_resched() into get_swap_pages() when failed to find available space
to avoid softlockup.
Link: https://lkml.kernel.org/r/20230128094757.1060525-1-xialonglong1@huawei.com
Signed-off-by: Longlong Xia <xialonglong1@huawei.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Cc: Chen Wandun <chenwandun@huawei.com>
Cc: Huang Ying <ying.huang@intel.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Nanyong Sun <sunnanyong@huawei.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
https://source.android.com/docs/security/bulletin/2023-02-01
CVE-2022-39189
CVE-2022-39842
CVE-2022-41222
CVE-2023-20937
CVE-2023-20938
CVE-2022-0850
* tag 'ASB-2023-02-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.272
usb: host: xhci-plat: add wakeup entry at sysfs
ipv6: ensure sane device mtu in tunnels
exit: Use READ_ONCE() for all oops/warn limit reads
docs: Fix path paste-o for /sys/kernel/warn_count
panic: Expose "warn_count" to sysfs
panic: Introduce warn_limit
panic: Consolidate open-coded panic_on_warn checks
exit: Allow oops_limit to be disabled
exit: Expose "oops_count" to sysfs
exit: Put an upper limit on how often we can oops
ia64: make IA64_MCA_RECOVERY bool instead of tristate
h8300: Fix build errors from do_exit() to make_task_dead() transition
hexagon: Fix function name in die()
objtool: Add a missing comma to avoid string concatenation
exit: Add and use make_task_dead.
panic: unset panic_on_warn inside panic()
sysctl: add a new register_sysctl_init() interface
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
ARM: dts: imx: Fix pca9547 i2c-mux node name
x86/entry/64: Add instruction suffix to SYSRET
x86/asm: Fix an assembler warning with current binutils
drm/i915/display: fix compiler warning about array overrun
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: ravb: Fix possible hang if RIS2_QFF1 happen
sctp: fail if no bound addresses can be used for a given scope
netrom: Fix use-after-free of a listening socket.
netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
netlink: annotate data races around sk_state
netlink: annotate data races around dst_portid and dst_group
netlink: annotate data races around nlk->portid
netlink: remove hash::nelems check in netlink_insert
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
net: fix UaF in netns ops registration error path
EDAC/device: Respect any driver-supplied workqueue polling value
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
smbd: Make upper layer decide when to destroy the transport
trace_events_hist: add check for return value of 'create_hist_field'
tracing: Make sure trace_printk() can output as soon as it can be used
module: Don't wait for GOING modules
scsi: hpsa: Fix allocation size for scsi_host_alloc()
Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
fs: reiserfs: remove useless new_opts in reiserfs_remount
perf env: Do not return pointers to local variables
block: fix and cleanup bio_check_ro
netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
tcp: avoid the lookup process failing to get sk in ehash table
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: commonize DMA copy size calculation
HID: betop: check shape of output reports
net: macb: fix PTP TX timestamp failure due to packet padding
dmaengine: Fix double increment of client_count in dma_chan_get()
net: mlx5: eliminate anonymous module_init & module_exit
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
HID: check empty report_list in hid_validate_values()
net: mdio: validate parameter addr in mdiobus_get_phy()
net: usb: sr9700: Handle negative len
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: nfc: Fix use-after-free in local_cleanup()
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
amd-xgbe: Delay AN timeout during KR training
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
affs: initialize fsdata in affs_truncate()
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Reject a zero-length user expected buffer
tomoyo: fix broken dependency on *.conf.default
EDAC/highbank: Fix memory leak in highbank_mc_probe()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
UPSTREAM: tcp: fix tcp_rmem documentation
UPSTREAM: nvmem: core: skip child nodes not matching binding
BACKPORT: nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
UPSTREAM: sched/eas: Don't update misfit status if the task is pinned
BACKPORT: arm64: link with -z norelro for LLD or aarch64-elf
UPSTREAM: driver: core: Fix list corruption after device_del()
UPSTREAM: coresight: tmc-etr: Fix barrier packet insertion for perf buffer
UPSTREAM: f2fs: fix double free of unicode map
BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
UPSTREAM: scsi: ufs: Fix missing brace warning for old compilers
UPSTREAM: arm64: vdso32: make vdso32 install conditional
UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
BACKPORT: drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
BACKPORT: sched/uclamp: Protect uclamp fast path code with static key
BACKPORT: sched/uclamp: Fix initialization of struct uclamp_rq
UPSTREAM: coresight: etmv4: Fix CPU power management setup in probe() function
UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
UPSTREAM: drm/virtio: fix a wait_event condition
BACKPORT: sched/topology: Don't try to build empty sched domains
BACKPORT: binder: prevent UAF read in print_binder_transaction_log_entry()
BACKPORT: copy_process(): don't use ksys_close() on cleanups
BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
UPSTREAM: locking/lockdep, cpu/hotplug: Annotate AP thread
Revert "xhci: Add a flag to disable USB3 lpm on a xhci root port level."
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
BACKPORT: mac80211_hwsim: add frame transmission support over virtio This allows communication with external entities.
BACKPORT: driver core: Skip unnecessary work when device doesn't have sync_state()
Linux 4.19.271
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
Revert "ext4: generalize extents status tree search functions"
Revert "ext4: add new pending reservation mechanism"
Revert "ext4: fix reserved cluster accounting at delayed write time"
Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline"
gsmi: fix null-deref in gsmi_get_variable
serial: atmel: fix incorrect baudrate setup
serial: pch_uart: Pass correct sg to dma_unmap_sg()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: typec: altmodes/displayport: Add pin assignment helper
usb: host: ehci-fsl: Fix module alias
USB: serial: cp210x: add SCALANCE LPE-9000 device id
cifs: do not include page data when checking signature
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
comedi: adv_pci1760: Fix PWM instruction handling
usb: core: hub: disable autosuspend for TI TUSB8041
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
USB: serial: option: add Quectel EM05CN modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (GR) modem
prlimit: do_prlimit needs to have a speculation check
xhci: Add a flag to disable USB3 lpm on a xhci root port level.
xhci: Fix null pointer dereference when host dies
usb: xhci: Check endpoint is valid before dereferencing it
xhci-pci: set the dma max_seg_size
nilfs2: fix general protection fault in nilfs_btree_insert()
Add exception protection processing for vd in axi_chan_handle_err function
f2fs: let's avoid panic if extent_tree is not created
RDMA/srp: Move large values to a new enum for gcc13
net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
pNFS/filelayout: Fix coalescing test for single DS
ANDROID: usb: f_accessory: Check buffer size when initialised via composite
Linux 4.19.270
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
serial: tegra: Only print FIFO error message when an error occurs
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
efi: fix NULL-deref in init error path
arm64: cmpxchg_double*: hazard against entire exchange variable
drm/virtio: Fix GEM handle creation UAF
x86/resctrl: Fix task CLOSID/RMID update race
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5: Rename ptp clock info
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
hvc/xen: lock console list traversal
regulator: da9211: Use irq handler when ready
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: fix reserved cluster accounting at delayed write time
ext4: add new pending reservation mechanism
ext4: generalize extents status tree search functions
ext4: fix uninititialized value in 'ext4_evict_inode'
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: lost matching-pair of trace in ext4_truncate
ext4: fix bug_on in __es_tree_search caused by bad quota inode
quota: Factor out setup of quota inode
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl: Fix incorrect reboot for grub2bls
ktest: introduce grub2bls REBOOT_TYPE option
ktest: cleanup get_grub_index
ktest: introduce _get_grub_index
ktest: Add support for meta characters in GRUB_MENU
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
wifi: wilc1000: sdio: fix module autoloading
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
cifs: Fix uninitialized memory read for smb311 posix symlink create
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
net/ulp: prevent ULP without clone op from entering the LISTEN status
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
perf auxtrace: Fix address filter duplicate symbol selection
docs: Fix the docs build with Sphinx 6.0
net: sched: disallow noqueue for qdisc classes
driver core: Fix bus_type.match() error handling in __driver_attach()
parisc: Align parisc MADV_XXX constants with all other architectures
mbcache: Avoid nesting of cache->c_list_lock under bit locks
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
hfs/hfsplus: use WARN_ON for sanity check
ext4: don't allow journal inode to have encrypt flag
riscv: uaccess: fix type of 0 variable on error in get_user()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
x86/bugs: Flush IBP in ib_prctl_set()
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
udf: Fix extension of the last extent in the file
caif: fix memory leak in cfctrl_linkup_request()
usb: rndis_host: Secure rndis_query check against int overflow
net: sched: atm: dont intepret cls results when asked to drop
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: amd-xgbe: add missed tasklet_kill
nfc: Fix potential resource leaks
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
bpf: pull before calling skb_postpull_rcsum()
SUNRPC: ensure the matching upcall is in-flight upon downcall
ext4: fix deadlock due to mbcache entry corruption
mbcache: automatically delete entries from cache on freeing
ext4: fix race when reusing xattr blocks
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: remove EA inode entry from mbcache on inode eviction
mbcache: add functions to delete entry if unused
mbcache: don't reclaim used entries
ext4: use kmemdup() to replace kmalloc + memcpy
ext4: correct inconsistent error msg in nojournal mode
ext4: goto right label 'failed_mount3a'
driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
ravb: Fix "failed to switch device to config mode" message during unbind
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
dm thin: resume even if in FAIL mode
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
btrfs: replace strncpy() with strscpy()
btrfs: send: avoid unnecessary backref lookups when finding clone source
ext4: allocate extended attribute value in vmalloc area
ext4: avoid unaccounted block allocation when expanding inode
ext4: initialize quota before expanding inode in setproject ioctl
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: avoid BUG_ON when creating xattrs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: add helper to check quota inums
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
drm/vmwgfx: Validate the box size for the snooped cursor
drm/connector: send hotplug uevent on connector cleanup
device_cgroup: Roll back to original exceptions after copy failure
parisc: led: Fix potential null-ptr-deref in start_task()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
crypto: n2 - add missing hash statesize
PCI/sysfs: Fix double free in error path
PCI: Fix pci_device_is_present() for VFs by checking PF
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix long wait in unload when IPMI disconnect
md/bitmap: Fix bitmap chunk size overflow issues
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
x86/microcode/intel: Do not retry microcode reloading on the APs
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm thin: Fix UAF in run_timer_softirq()
dm thin: Use last transaction's pmd->root when commit failed
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
binfmt: Fix error return code in load_elf_fdpic_binary()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
selftests: Use optional USERCFLAGS and USERLDFLAGS
ARM: ux500: do not directly dereference __iomem
ktest.pl minconfig: Unset configs instead of just removing them
soc: qcom: Select REMAP_MMIO for LLCC driver
media: stv0288: use explicitly signed char
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
md: fix a crash in mempool_free
pnode: terminate at peers of source
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
HID: plantronics: Additional PIDs for double volume key presses quirk
powerpc/rtas: avoid scheduling in rtas_os_term()
powerpc/rtas: avoid device tree lookups in rtas_os_term()
ata: ahci: Fix PCS quirk application for suspend
media: dvbdev: fix refcnt bug
media: dvbdev: fix build warning due to comments
gcov: add support for checksum field
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
reiserfs: Add missing calls to reiserfs_security_free()
HID: wacom: Ensure bootloader PID is usable in hidraw mode
usb: dwc3: core: defer probe on ulpi_read_id timeout
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
ASoC: rt5670: Remove unbalanced pm_runtime_put()
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
clk: st: Fix memory leak in st_of_quadfs_setup()
media: si470x: Fix use-after-free in si470x_int_in_callback()
mmc: f-sdh30: Add quirks for broken timeout clock capability
regulator: core: fix use_count leakage when handling boot-on
blk-mq: fix possible memleak when register 'hctx' failed
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-frontends: fix leak of memory fw
ppp: associate skb with a device at tx
mrp: introduce active flags to prevent UAF when applicant uninit
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
drm/sti: Use drm_mode_copy()
s390/lcs: Fix return type of lcs_start_xmit()
s390/netiucv: Fix return type of netiucv_tx()
s390/ctcm: Fix return type of ctc{mp,}m_tx()
drm/amdgpu: Fix type of second parameter in trans_msg() callback
igb: Do not free q_vector unless new one was allocated
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
bpf: make sure skb->len != 0 when redirecting to a tunneling device
ipmi: fix memleak when unload ipmi driver
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
wifi: ath9k: verify the expected usb_endpoints are present
hfs: fix OOB Read in __hfs_brec_find
acct: fix potential integer overflow in encode_comp_t()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
ACPICA: Fix error code path in acpi_ds_call_control_method()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbAllocAG
binfmt_misc: fix shift-out-of-bounds in check_special_flags
net: stream: purge sk_error_queue in sk_stream_kill_queues()
myri10ge: Fix an error handling path in myri10ge_probe()
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
skbuff: Account for tail adjustment during pull operations
openvswitch: Fix flow lookup to use unmasked key
rtc: mxc_v2: Add missing clk_disable_unprepare()
r6040: Fix kmemleak in probe and remove
nfc: pn533: Clear nfc_target before being used
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
selftests/powerpc: Fix resource leaks
powerpc/hv-gpci: Fix hv_gpci event list
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/52xx: Fix a resource leak in an error handling path
macintosh/macio-adb: check the return value of ioremap()
macintosh: fix possible memory leak in macio_add_one_device()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
iommu/amd: Fix pci device refcount leak in ppr_notifier()
rtc: snvs: Allow a time difference on clock register read
include/uapi/linux/swab: Fix potentially missing __always_inline
HSI: omap_ssi_core: Fix error handling in ssi_init()
perf symbol: correction while adjusting symbol
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
fbdev: vermilion: decrease reference count in error path
fbdev: via: Fix error in via_core_init()
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: ssd1307fb: Drop optional dependency
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
tracing/hist: Fix issue of losting command info in error_log
usb: storage: Add check for kcalloc
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
vme: Fix error not catched in fake_init()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
staging: rtl8192u: Fix use after free in ieee80211_rx()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
chardev: fix error handling in cdev_device_add()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
drivers: mcb: fix resource leak in mcb_probe()
usb: gadget: f_hid: fix refcount leak on error path
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
test_firmware: fix memory leak in test_firmware_init()
serial: sunsab: Fix error handling in sunsab_init()
serial: altera_uart: fix locking in polling mode
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: amba-pl011: avoid SBSA UART accessing DMACR register
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: fotg210-udc: Fix ages old endianness issues
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
vfio: platform: Do not pass return buffer to ACPI _RST method
class: fix possible memory leak in __class_register()
serial: tegra: Read DMA status before terminating
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Add PIO mode support
serial: tegra: report clk rate errors
serial: tegra: add support to adjust baud rate
serial: tegra: add support to use 8 bytes trigger
serial: tegra: set maximum num of uart ports to 8
serial: tegra: check for FIFO mode enabled status
serial: tegra: avoid reg access when clk disabled
drivers: dio: fix possible memory leak in dio_init()
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
hwrng: geode - Fix PCI device refcount leak
hwrng: amd - Fix PCI device refcount leak
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hfi1: Fix error return code in parse_platform_config()
scsi: snic: Fix possible UAF in snic_tgt_create()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
scsi: hpsa: use local workqueues instead of system workqueues
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hfi: Decrease PCI device reference count in error path
PCI: Check for alloc failure in pci_request_irq()
scsi: scsi_debug: Fix a warning in resp_write_scat()
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
f2fs: fix normal discard process
apparmor: Fix abi check to include v8 abi
apparmor: fix lockdep warning when removing a namespace
apparmor: fix a memleak in multi_transaction_new()
stmmac: fix potential division by 0
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
net: lan9303: Fix read error execution path
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: amd-xgbe: Fix logic around active and passive cables
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: farsync: Fix kmemleak when rmmods farsync
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
net: defxx: Fix missing err handling in dfx_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: clk-pll: Remove unused variable 'rc'
blktrace: Fix output non-blktrace event when blk_classic option enabled
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
rtl8xxxu: add enumeration for channel bandwidth
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
media: coda: Add check for kmalloc
media: coda: Add check for dcoda_iram_alloc
media: c8sectpfe: Add of_node_put() when breaking out of loop
mmc: mmci: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
NFSv4.x: Fail client initialisation if state manager thread can't run
SUNRPC: Fix missing release socket in rpc_sockname()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
media: saa7164: fix missing pci_disable_device()
regulator: core: fix module refcount leak in set_supply()
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
bonding: uninitialized variable in bond_miimon_inspect()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
ALSA: asihpi: fix missing pci_disable_device()
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFSv4.2: Fix a memory stomp in decode_attr_security_label
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
pinctrl: pinconf-generic: add missing of_node_put()
media: imon: fix a race condition in send_packet()
drbd: remove call to memset before free device/resource/connection
mtd: maps: pxa2xx-flash: fix memory leak in probe
bonding: Export skip slave logic to function
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
HID: hid-sensor-custom: set fixed size for custom attributes
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Input: elants_i2c - properly handle the reset GPIO when power is off
mtd: lpddr2_nvm: Fix possible null-ptr-deref
wifi: ath10k: Fix return value in ath10k_pci_init()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ASoC: pxa: fix null-pointer dereference in filter()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
media: camss: Clean up received buffers on failed start of streaming
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
mtd: Fix device name leak when register device failed in add_mtd_device()
media: vivid: fix compose size exceed boundary
spi: Update reference to struct spi_controller
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: do not increase tx statistics when sending error message frames
media: i2c: ad5820: Fix error path
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
wifi: rtl8xxxu: Fix reading the vendor of combo chips
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
rapidio: devices: fix missing put_device in mport_cdev_open
hfs: Fix OOB Write in hfs_asc2mac
relay: fix type mismatch when allocating memory in relay_create_buf()
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
rapidio: fix possible UAF when kfifo_alloc() fails
fs: sysv: Fix sysv_nblocks() returns wrong value
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
PM: runtime: Do not call __rpm_callback() from rpm_idle()
PM: runtime: Improve path in rpm_idle() when no callback
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
x86/xen: Fix memory leak in xen_init_lock_cpu()
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
rapidio: rio: fix possible name leak in rio_register_mport()
rapidio: fix possible name leaks when rio_add_device() fails
debugfs: fix error when writing negative value to atomic_t debugfs file
lib/notifier-error-inject: fix error when writing -errno to debugfs file
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
PNP: fix name memory leak in pnp_alloc_dev()
MIPS: vpe-cmp: fix possible memory leak while module exiting
MIPS: vpe-mt: fix possible memory leak while module exiting
ocfs2: fix memory leak in ocfs2_stack_glue_init()
proc: fixup uptime selftest
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
perf: Fix possible memleak in pmu_dev_alloc()
selftests/ftrace: event_triggers: wait longer for test_event_enable
fs: don't audit the capability check in simple_xattr_list()
alpha: fix syscall entry in !AUDUT_SYSCALL case
cpuidle: dt: Return the correct numbers of parsed idle states
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
ARM: mmp: fix timer_read delay
pstore/ram: Fix error return code in ramoops_probe()
ARM: dts: turris-omnia: Add switch port 6 node
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
arm: dts: spear600: Fix clcd interrupt
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
ARM: dts: qcom: apq8064: fix coresight compatible
usb: musb: remove extra check in musb_gadget_vbus_draw
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
Bluetooth: L2CAP: Fix u8 overflow
igb: Initialize mailbox message for VF reset
USB: serial: f81534: fix division by zero on line-speed change
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: option: add Quectel EM05-G modem
usb: gadget: uvc: Prevent buffer overflow in setup handler
udf: Fix extending file within last block
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix preallocation discarding at indirect extent boundary
udf: Discard preallocation before extending file with a hole
perf script python: Remove explicit shebang from tests/attr.c
ASoC: ops: Correct bounds check for second channel on SX controls
can: mcba_usb: Fix termination command argument
can: sja1000: fix size of OCR_MODE_MASK define
pinctrl: meditatek: Startup with the IRQs disabled
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
nfp: fix use-after-free in area_cache_get()
block: unhash blkdev part inode when the part is deleted
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
mm/khugepaged: fix GUP-fast interaction by sending IPI
ANDROID: Add more hvc devices for virtio-console.
Conflicts:
drivers/base/core.c
drivers/edac/edac_device.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/net/wireless/mac80211_hwsim.c
drivers/scsi/ufs/ufshcd-crypto.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
Change-Id: Ied998db07e927ccb3376a78f044df36088d9e3b8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPgoxsACgkQONu9yGCS
aT7P4hAAiY1TIECbi0kriTeuRmi/cGkU1eo8ODV+5h0x31cEObCZnsvU6v2LeqOJ
X0H8U3MwjxyVYoK1L1SUBClgPXqBq0jI4+CrjVSQcl8kWGKhUm/JXzjcOC6wAlB7
M2BRD2z7M+K4Mem1Q6eV7UEuEBPteLquP4xPlaXKkRAoeWKXcbiRM3ns5h20Acmi
igDqhzLUAiAIhL429vPAOp34aNDmaZzLXiMt9p0mYkDFP7I904FrlBAsceJV8NZ9
6oxxQspkoCf8MjBGrV6JcFwNgHjCHM+zXHWhROCE9WL7rknCJidttQKsOtzNE6Gx
pFF60qFRx6JVsvm0D2lJpEW+ExdlcQ/aacByy3fXajkdyrsl9sTajiw0+1f6P4Oq
hX8U+HianG4G1HgpOAUeZZBcTn7k7+pdTcogLaQW5Csch2RHMmmnPMZlZqudGUxD
yJiyd9dRIEPOa8CAdCzI4/xgjEgogS1snS9jRhJ0rwRtSqL3lLrSRdeFWbVjgA54
HAF9dR76Y4sbmWv4MbUPK+lvROvWv/NtLeiHXCJCGsxWdcOYQTw8ASenaK2IQRUF
1ows0gRXX3Xzm6R8CvpJqT80ta1rUfD3INycV4kUHeRUlVsrBtu48KX325+ZUXD9
Lvcbips57QvMMigROx6HpQHbmA1fe/42mZfhf36sgzycAmIzThA=
=yuwn
-----END PGP SIGNATURE-----
Merge 4.19.272 into android-4.19-stable
Changes in 4.19.272
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
EDAC/highbank: Fix memory leak in highbank_mc_probe()
tomoyo: fix broken dependency on *.conf.default
IB/hfi1: Reject a zero-length user expected buffer
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Fix expected receive setup error exit issues
affs: initialize fsdata in affs_truncate()
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
amd-xgbe: Delay AN timeout during KR training
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
net: nfc: Fix use-after-free in local_cleanup()
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: usb: sr9700: Handle negative len
net: mdio: validate parameter addr in mdiobus_get_phy()
HID: check empty report_list in hid_validate_values()
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
net: mlx5: eliminate anonymous module_init & module_exit
dmaengine: Fix double increment of client_count in dma_chan_get()
net: macb: fix PTP TX timestamp failure due to packet padding
HID: betop: check shape of output reports
dmaengine: xilinx_dma: commonize DMA copy size calculation
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
tcp: avoid the lookup process failing to get sk in ehash table
w1: fix deadloop in __w1_remove_master_device()
w1: fix WARNING after calling w1_process()
netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
block: fix and cleanup bio_check_ro
perf env: Do not return pointers to local variables
fs: reiserfs: remove useless new_opts in reiserfs_remount
Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
scsi: hpsa: Fix allocation size for scsi_host_alloc()
module: Don't wait for GOING modules
tracing: Make sure trace_printk() can output as soon as it can be used
trace_events_hist: add check for return value of 'create_hist_field'
smbd: Make upper layer decide when to destroy the transport
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
EDAC/device: Respect any driver-supplied workqueue polling value
net: fix UaF in netns ops registration error path
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
netlink: remove hash::nelems check in netlink_insert
netlink: annotate data races around nlk->portid
netlink: annotate data races around dst_portid and dst_group
netlink: annotate data races around sk_state
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
netrom: Fix use-after-free of a listening socket.
sctp: fail if no bound addresses can be used for a given scope
net: ravb: Fix possible hang if RIS2_QFF1 happen
net/tg3: resolve deadlock in tg3_reset_task() during EEH
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
drm/i915/display: fix compiler warning about array overrun
x86/asm: Fix an assembler warning with current binutils
x86/entry/64: Add instruction suffix to SYSRET
ARM: dts: imx: Fix pca9547 i2c-mux node name
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
sysctl: add a new register_sysctl_init() interface
panic: unset panic_on_warn inside panic()
exit: Add and use make_task_dead.
objtool: Add a missing comma to avoid string concatenation
hexagon: Fix function name in die()
h8300: Fix build errors from do_exit() to make_task_dead() transition
ia64: make IA64_MCA_RECOVERY bool instead of tristate
exit: Put an upper limit on how often we can oops
exit: Expose "oops_count" to sysfs
exit: Allow oops_limit to be disabled
panic: Consolidate open-coded panic_on_warn checks
panic: Introduce warn_limit
panic: Expose "warn_count" to sysfs
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
ipv6: ensure sane device mtu in tunnels
usb: host: xhci-plat: add wakeup entry at sysfs
Linux 4.19.272
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4f9ddce1e108e81409d47e00fdeef2bc0d34f793
commit 79cc1ba7badf9e7a12af99695a557e9ce27ee967 upstream.
Several run-time checkers (KASAN, UBSAN, KFENCE, KCSAN, sched) roll
their own warnings, and each check "panic_on_warn". Consolidate this
into a single function so that future instrumentation can be added in
a single location.
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ben Segall <bsegall@google.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
Cc: Valentin Schneider <vschneid@redhat.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: David Gow <davidgow@google.com>
Cc: tangmeng <tangmeng@uniontech.com>
Cc: Jann Horn <jannh@google.com>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
Cc: kasan-dev@googlegroups.com
Cc: linux-mm@kvack.org
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Marco Elver <elver@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Link: https://lore.kernel.org/r/20221117234328.594699-4-keescook@chromium.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPHynkACgkQONu9yGCS
aT5AtBAAsdmYCYkmKZsRcS1EUTqdwKVN7FDILDcdMjfmrSp4ZDliaD1dUc0EmDRl
yy+aNGCrhbuYACk9WdQsSUrUIh1dK0H5VsioB1m0cjCgifbNjsYqjYWK5ewXKUyX
yjc+NmY1HVUFQDLnYHJxSbnB/o+nobWjts8nGuWHwQmoh7UmFe7lvMqZg753x6Bw
wCiaC1DrU3aKHYK7IirdWgOiDiGia8DX1nX6PmLi6JTsXj+Io0i8PXKkFzANDf/p
/rOyg7j8NOXIQPZGN0Zu88QiMWsNk7u2bOORZgtFbwo7r9BFbzXfWk/x8QxzDX1B
iH1p02XQvBwm44xGJZKiWEY2nZdw4mpyzLXZNOL8V7vn9xhT6HDksVAPnyIkU8Dh
wsij2r27x18VI9H7sstvAHvIyg6ihmq2E6WuC4W74tUcys7MXxCFc2DuJzMMocf0
7LMTmx3/oUHvuM1riJ9STo9mzXbTmfNd6hnqRnFgGKiGGhOE+pX//RHfupaXRieQ
Rq51ODFKcJdDIM7hxeyPdACYF/kso8sNEODCgQ5/+3opel1mzLdBJ1T2bV12DpQe
ZhTsESPCVSoUAjCnC9Jje3g0u3qztClYq1faHOXtnjykn9mHmmedVwvdfJL/sOsr
ec7NgqzM9xvMQVe4CNf0mouugaLpn2m6uQDTu+GWswRfEKuCx2Q=
=ksam
-----END PGP SIGNATURE-----
Merge 4.19.270 into android-4.19-stable
Changes in 4.19.270
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
block: unhash blkdev part inode when the part is deleted
nfp: fix use-after-free in area_cache_get()
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
pinctrl: meditatek: Startup with the IRQs disabled
can: sja1000: fix size of OCR_MODE_MASK define
can: mcba_usb: Fix termination command argument
ASoC: ops: Correct bounds check for second channel on SX controls
perf script python: Remove explicit shebang from tests/attr.c
udf: Discard preallocation before extending file with a hole
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: option: add Quectel EM05-G modem
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: f81534: fix division by zero on line-speed change
igb: Initialize mailbox message for VF reset
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
usb: musb: remove extra check in musb_gadget_vbus_draw
ARM: dts: qcom: apq8064: fix coresight compatible
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
fs: don't audit the capability check in simple_xattr_list()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
debugfs: fix error when writing negative value to atomic_t debugfs file
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
xen/events: only register debug interrupt for 2-level events
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: i2c: ad5820: Fix error path
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
spi: Update reference to struct spi_controller
media: vivid: fix compose size exceed boundary
mtd: Fix device name leak when register device failed in add_mtd_device()
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
bonding: Export skip slave logic to function
mtd: maps: pxa2xx-flash: fix memory leak in probe
drbd: remove call to memset before free device/resource/connection
media: imon: fix a race condition in send_packet()
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
bonding: uninitialized variable in bond_miimon_inspect()
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
regulator: core: fix module refcount leak in set_supply()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
rtl8xxxu: add enumeration for channel bandwidth
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
f2fs: fix normal discard process
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
scsi: scsi_debug: Fix a warning in resp_write_scat()
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: use local workqueues instead of system workqueues
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/hfi1: Fix error return code in parse_platform_config()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
serial: tegra: avoid reg access when clk disabled
serial: tegra: check for FIFO mode enabled status
serial: tegra: set maximum num of uart ports to 8
serial: tegra: add support to use 8 bytes trigger
serial: tegra: add support to adjust baud rate
serial: tegra: report clk rate errors
serial: tegra: Add PIO mode support
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
rtc: mxc_v2: Add missing clk_disable_unprepare()
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
drm/amdgpu: Fix type of second parameter in trans_msg() callback
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
gcov: add support for checksum field
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
ata: ahci: Fix PCS quirk application for suspend
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
ktest.pl minconfig: Unset configs instead of just removing them
ARM: ux500: do not directly dereference __iomem
selftests: Use optional USERCFLAGS and USERLDFLAGS
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
binfmt: Fix error return code in load_elf_fdpic_binary()
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
x86/microcode/intel: Do not retry microcode reloading on the APs
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
md/bitmap: Fix bitmap chunk size overflow issues
ipmi: fix long wait in unload when IPMI disconnect
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add helper to check quota inums
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
btrfs: send: avoid unnecessary backref lookups when finding clone source
btrfs: replace strncpy() with strscpy()
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
dm thin: resume even if in FAIL mode
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
ravb: Fix "failed to switch device to config mode" message during unbind
driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: sched: atm: dont intepret cls results when asked to drop
usb: rndis_host: Secure rndis_query check against int overflow
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
riscv: uaccess: fix type of 0 variable on error in get_user()
ext4: don't allow journal inode to have encrypt flag
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
parisc: Align parisc MADV_XXX constants with all other architectures
driver core: Fix bus_type.match() error handling in __driver_attach()
net: sched: disallow noqueue for qdisc classes
docs: Fix the docs build with Sphinx 6.0
perf auxtrace: Fix address filter duplicate symbol selection
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
cifs: Fix uninitialized memory read for smb311 posix symlink create
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
wifi: wilc1000: sdio: fix module autoloading
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
ktest: Add support for meta characters in GRUB_MENU
ktest: introduce _get_grub_index
ktest: cleanup get_grub_index
ktest: introduce grub2bls REBOOT_TYPE option
ktest.pl: Fix incorrect reboot for grub2bls
kest.pl: Fix grub2 menu handling for rebooting
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
quota: Factor out setup of quota inode
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: lost matching-pair of trace in ext4_truncate
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix uninititialized value in 'ext4_evict_inode'
ext4: generalize extents status tree search functions
ext4: add new pending reservation mechanism
ext4: fix reserved cluster accounting at delayed write time
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
regulator: da9211: Use irq handler when ready
hvc/xen: lock console list traversal
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
net/mlx5: Rename ptp clock info
net/mlx5: Fix ptp max frequency adjustment range
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
x86/resctrl: Fix task CLOSID/RMID update race
drm/virtio: Fix GEM handle creation UAF
arm64: cmpxchg_double*: hazard against entire exchange variable
efi: fix NULL-deref in init error path
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
serial: tegra: Only print FIFO error message when an error occurs
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
Linux 4.19.270
Change-Id: Ieb5e7f318a7e06effcc51e5f93751ec02dbb50c4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f268f6cf875f3220afc77bdd0bf1bb136eb54db9 upstream.
Any codepath that zaps page table entries must invoke MMU notifiers to
ensure that secondary MMUs (like KVM) don't keep accessing pages which
aren't mapped anymore. Secondary MMUs don't hold their own references to
pages that are mirrored over, so failing to notify them can lead to page
use-after-free.
I'm marking this as addressing an issue introduced in commit f3f0e1d215
("khugepaged: add support of collapse for tmpfs/shmem pages"), but most of
the security impact of this only came in commit 27e1f8273113 ("khugepaged:
enable collapse pmd for pte-mapped THP"), which actually omitted flushes
for the removal of present PTEs, not just for the removal of empty page
tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-3-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-3-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-3-jannh@google.com
Fixes: f3f0e1d215 ("khugepaged: add support of collapse for tmpfs/shmem pages")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[manual backport: this code was refactored from two copies into a common
helper between 5.15 and 6.0;
pmd collapse for PTE-mapped THP was only added in 5.4;
MMU notifier API changed between 4.19 and 5.4]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2ba99c5e08812494bc57f319fb562f527d9bacd8 upstream.
Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP
collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to
ensure that the page table was not removed by khugepaged in between.
However, lockless_pages_from_mm() still requires that the page table is
not concurrently freed. Fix it by sending IPIs (if the architecture uses
semi-RCU-style page table freeing) before freeing/reusing page tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-2-jannh@google.com
Fixes: ba76149f47 ("thp: khugepaged")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[manual backport: two of the three places in khugepaged that can free
ptes were refactored into a common helper between 5.15 and 6.0;
TLB flushing was refactored between 5.4 and 5.10;
TLB flushing was refactored between 4.19 and 5.4;
pmd collapse for PTE-mapped THP was only added in 5.4;
ugly hack needed in <=4.19 for s390 and arm]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
https://source.android.com/docs/security/bulletin/2022-12-01
CVE-2022-23960
# By Yang Yingliang (18) and others
# Via Greg Kroah-Hartman
* tag 'ASB-2022-12-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.268
ipc/sem: Fix dangling sem_array access in semtimedop race
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
tcp/udp: Fix memory leak in ipv6_renew_options().
Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
parisc: Increase FRAME_WARN to 2048 bytes on parisc
xtensa: increase size of gcc stack frame check
parisc: Increase size of gcc stack frame check
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
ASoC: ops: Fix bounds check for _sx controls
mm: Fix '.data.once' orphan section warning
arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
pinctrl: intel: Save and restore pins in "direct IRQ" mode
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
error-injection: Add prompt for function error injection
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net: tun: Fix use-after-free in tun_detach()
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
net: phy: fix null-ptr-deref while probe() failed
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
of: property: decrement node refcount in of_fwnode_get_reference_args()
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
scripts/faddr2line: Fix regression in name resolution on ppc64le
iio: light: rpr0521: add missing Kconfig dependencies
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
iio: health: afe4403: Fix oob read in afe4403_read_raw
Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"
v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
proc: proc_skip_spaces() shouldn't think it is working on C strings
proc: avoid integer type confusion in get_proc_long
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
btrfs: free btrfs_path before copying inodes to userspace
drm/amdgpu: always register an MMU notifier for userptr
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
btrfs: free btrfs_path before copying subvol info to userspace
btrfs: free btrfs_path before copying fspath to userspace
btrfs: free btrfs_path before copying root refs to userspace
dm integrity: flush the journal on suspend
net: usb: qmi_wwan: add Telit 0x103a composition
tcp: configurable source port perturb table size
platform/x86: hp-wmi: Ignore Smart Experience App event
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
xen/platform-pci: add missing free_irq() in error path
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
ceph: avoid putting the realm twice when decoding snaps fails
ceph: do not update snapshot context when there is no new snapshot
iio: pressure: ms5611: fixed value compensation bug
iio: ms5611: Simplify IO callback parameters
nios2: add FORCE for vmlinuz.gz
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
iio: light: apds9960: fix wrong register for gesture gain
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
s390/crashdump: fix TOD programmable field size
net: thunderx: Fix the ACPI memory leak
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
s390/dasd: fix no record found for raw_track_access
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
NFC: nci: fix memory leak in nci_rx_data_packet()
xfrm: Fix ignored return value in xfrm6_init()
tipc: check skb_linearize() return value in tipc_disc_rcv()
tipc: add an extra conn_get in tipc_conn_alloc
tipc: set con sock in tipc_conn_alloc
net/mlx5: Fix FW tracer timestamp calculation
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
net: pch_gbe: fix pci device refcount leak while module exiting
net/qla3xxx: fix potential memleak in ql3xxx_send()
net/mlx4: Check retval of mlx4_bitmap_init
ARM: mxs: fix memory leak in mxs_machine_init()
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
nfc/nci: fix race with opening and closing
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
bus: sunxi-rsb: Support atomic transfers
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
af_key: Fix send_acquire race with pfkey_register
MIPS: pic32: treat port as signed integer
RISC-V: vdso: Do not add missing symbols to version section in linker script
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
wifi: mac80211: Fix ack frame idr leak when mesh has no route
audit: fix undefined behavior in bit shift for AUDIT_BIT
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
Linux 4.19.267
ntfs: check overflow when iterating ATTR_RECORDs
ntfs: fix out-of-bounds read in ntfs_attr_find()
ntfs: fix use-after-free in ntfs_attr_find()
mm: fs: initialize fsdata passed to write_begin/write_end interface
9p/trans_fd: always use O_NONBLOCK read/write
gfs2: Switch from strlcpy to strscpy
gfs2: Check sb_bsize_shift after reading superblock
9p: trans_fd/p9_conn_cancel: drop client lock earlier
kcm: close race conditions on sk_receive_queue
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
kcm: avoid potential race in kcm_tx_work
tcp: cdg: allow tcp_cdg_release() to be called multiple times
macvlan: enforce a consistent minimal mtu
serial: 8250: Flush DMA Rx on RLSI
Input: i8042 - fix leaking of platform device on module removal
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
docs: update mediator contact information in CoC doc
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
mmc: core: properly select voltage range without power cycle
serial: 8250_lpss: Configure DMA also w/o DMA filter
serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
dm ioctl: fix misbehavior if list_versions races with module loading
iio: pressure: ms5611: changed hardcoded SPI speed to value limited
iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
usb: chipidea: fix deadlock in ci_otg_del_timer
usb: add NO_LPM quirk for Realforce 87U Keyboard
USB: serial: option: add Fibocom FM160 0x0111 composition
USB: serial: option: add u-blox LARA-L6 modem
USB: serial: option: add u-blox LARA-R6 00B modem
USB: serial: option: remove old LARA-R6 PID
USB: serial: option: add Sierra Wireless EM9191
speakup: fix a segfault caused by switching consoles
slimbus: stream: correct presence rate frequencies
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
ring_buffer: Do not deactivate non-existant pages
ftrace: Fix null pointer dereference in ftrace_add_mod()
ftrace: Optimize the allocation for mcount entries
ftrace: Fix the possible incorrect kernel message
net: thunderbolt: Fix error handling in tbnet_init()
cifs: Fix wrong return value checking when GETFLAGS
net/x25: Fix skb leak in x25_lapb_receive_frame()
drbd: use after free in drbd_create_device()
xen/pcpu: fix possible memory leak in register_pcpu()
bnxt_en: Remove debugfs when pci_register_driver failed
net: caif: fix double disconnect client in chnl_net_open()
mISDN: fix misuse of put_device() in mISDN_register_device()
mISDN: fix possible memory leak in mISDN_dsp_element_register()
net: bgmac: Drop free_netdev() from bgmac_enet_remove()
ata: libata-transport: fix double ata_host_put() in ata_tport_add()
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
parport_pc: Avoid FIFO port location truncation
siox: fix possible memory leak in siox_device_add()
block: sed-opal: kmalloc the cmd/resp buffers
ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
serial: imx: Add missing .thaw_noirq hook
serial: 8250: omap: Flush PM QOS work on remove
serial: 8250_omap: remove wait loop from Errata i202 workaround
ASoC: core: Fix use-after-free in snd_soc_exit()
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
btrfs: remove pointless and double ulist frees in error paths of qgroup tests
drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
NFSv4: Retry LOCK on OLD_STATEID during delegation return
selftests/intel_pstate: fix build for ARCH=x86_64
selftests/futex: fix build for clang
spi: intel: Fix the offset to get the 64K erase opcode
ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
x86/cpu: Restore AMD's DE_CFG MSR after resume
net: tun: call napi_schedule_prep() to ensure we own a napi
dmaengine: at_hdmac: Check return code of dma_async_device_register
dmaengine: at_hdmac: Fix impossible condition
dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
dmaengine: at_hdmac: Don't start transactions at tx_submit level
dmaengine: at_hdmac: Fix at_lli struct definition
cert host tools: Stop complaining about deprecated OpenSSL functions
udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
drm/i915/dmabuf: fix sg_table handling in map_dma_buf
nilfs2: fix use-after-free bug of ns_writer on remount
nilfs2: fix deadlock in nilfs_count_free_blocks()
vmlinux.lds.h: Fix placement of '.data..decrypted' section
ALSA: usb-audio: Add DSD support for Accuphase DAC-60
ALSA: usb-audio: Add quirk entry for M-Audio Micro
ALSA: hda: fix potential memleak in 'add_widget_node'
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
arm64: efi: Fix handling of misaligned runtime regions and drop warning
riscv: process: fix kernel info leakage
net: macvlan: fix memory leaks of macvlan_common_newlink
net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
ethernet: s2io: disable napi when start nic failed in s2io_card_up()
net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
net: nixge: disable napi when enable interrupts failed in nixge_open()
drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
hamradio: fix issue of dev reference count leakage in bpq_device_event()
net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
net: fman: Unregister ethernet device on removal
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
net: tun: Fix memory leaks of napi_get_frags
net: gso: fix panic on frag_list with mixed head alloc types
HID: hyperv: fix possible memory leak in mousevsc_probe()
wifi: cfg80211: fix memory leak in query_regdb_file()
phy: stm32: fix an error code in probe
Linux 4.19.266
x86/speculation: Add RSB VM Exit protections
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/speculation: Disable RRSBA behavior
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
intel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/entry: Remove skip_r11rcx
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Add AMD retbleed= boot parameter
x86/bugs: Report AMD retbleed vulnerability
x86/cpufeatures: Move RETPOLINE flags to word 11
x86/cpu: Add a steppings field to struct x86_cpu_id
x86/cpu: Add consistent CPU match macros
x86/devicetable: Move x86 specific macro out of generic code
x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
x86/cpufeature: Add facility to check for min microcode revisions
Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
Revert "x86/speculation: Add RSB VM Exit protections"
ANDROID: preserve CRC for some DRM functions
Revert "tcp/udp: Make early_demux back namespacified."
Linux 4.19.265
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
KVM: x86: emulator: update the emulation mode after CR0 write
KVM: x86: emulator: introduce emulator_recalc_and_set_mode
KVM: x86: emulator: em_sysexit should update ctxt->mode
KVM: x86: Mask off reserved bits in CPUID.80000008H
ext4: fix warning in 'ext4_da_release_space'
parisc: Avoid printing the hardware path twice
parisc: Export iosapic_serial_irq() symbol for serial port driver
parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
efi: random: reduce seed size to 32 bytes
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
tracing/histogram: Update document for KEYS_MAX size
kprobe: reverse kp->flags when arm_kprobe failed
tcp/udp: Make early_demux back namespacified.
btrfs: fix type of parameter generation in btrfs_get_dentry
block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
Bluetooth: L2CAP: Fix attempting to access uninitialized memory
i2c: xiic: Add platform module alias
HID: saitek: add madcatz variant of MMO7 mouse device ID
media: dvb-frontends/drxk: initialize err to 0
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
ipv6: fix WARNING in ip6_route_net_exit_late()
net, neigh: Fix null-ptr-deref in neigh_table_clear()
net: mdio: fix undefined behavior in bit shift for __mdiobus_register
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
btrfs: fix ulist leaks in error paths of qgroup self tests
btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
isdn: mISDN: netjet: fix wrong check of device registration
mISDN: fix possible memory leak in mISDN_register_device()
rose: Fix NULL pointer dereference in rose_send_frame()
ipvs: fix WARNING in ip_vs_app_net_cleanup()
ipvs: fix WARNING in __ip_vs_cleanup_batch()
ipvs: use explicitly signed chars
net: tun: fix bugs for oversize packet when napi frags enabled
net: sched: Fix use after free in red_enqueue()
ata: pata_legacy: fix pdc20230_set_piomode()
net: fec: fix improper use of NETDEV_TX_BUSY
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
net: dsa: Fix possible memory leaks in dsa_loop_init()
nfs4: Fix kmemleak when allocate slot failed
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l
BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro
Conflicts:
drivers/mmc/host/sdhci.c
drivers/slimbus/stream.c
Change-Id: Ic112be181f3558a83f85d01fb4e25444f14c7548
commit 4a7ba45b1a435e7097ca0f79a847d0949d0eb088 upstream.
memcg_write_event_control() accesses the dentry->d_name of the specified
control fd to route the write call. As a cgroup interface file can't be
renamed, it's safe to access d_name as long as the specified file is a
regular cgroup file. Also, as these cgroup interface files can't be
removed before the directory, it's safe to access the parent too.
Prior to 347c4a8747 ("memcg: remove cgroup_event->cft"), there was a
call to __file_cft() which verified that the specified file is a regular
cgroupfs file before further accesses. The cftype pointer returned from
__file_cft() was no longer necessary and the commit inadvertently dropped
the file type check with it allowing any file to slip through. With the
invarients broken, the d_name and parent accesses can now race against
renames and removals of arbitrary files and cause use-after-free's.
Fix the bug by resurrecting the file type check in __file_cft(). Now that
cgroupfs is implemented through kernfs, checking the file operations needs
to go through a layer of indirection. Instead, let's check the superblock
and dentry type.
Link: https://lkml.kernel.org/r/Y5FRm/cfcKPGzWwl@slm.duckdns.org
Fixes: 347c4a8747 ("memcg: remove cgroup_event->cft")
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jann Horn <jannh@google.com>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org> [3.14+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Michael Bestas
Greg Kroah-Hartman
Reuben Hawkins
Kees Cook
Suren Baghdasaryan
Jaewon Kim
Tetsuo Handa
Lee Jones
Rongwei Wang
Patrick Daly
Kalesh Singh
Michel Lespinasse
Matthew Wilcox (Oracle)
Mike Kravetz
Longlong Xia
Jann Horn
Tejun Heo