Skip to content
Snippets Groups Projects
Select Git revision
0 results
Search by author
  • Any Author
0 authors
  1. Feb 24, 2025
  3. Feb 22, 2025
    • Greg Kroah-Hartman's avatar
      Merge tag 'android14-6.1.128_r00' into android14-6.1 · a624f97c
      Greg Kroah-Hartman authored 
      
This merges the android14-6.1.128_r00 tag into the android14-6.1 branch,
catching it up with the latest LTS releases.

It contains the following commits:

* 8ae119f6 ANDROID: hrtimers: revert mismerged commit in 6.1.127 LTS merge
*   e6d1ba54 Merge 6.1.128 into android14-6.1-lts
|\
| * 0cbb5f65 Linux 6.1.128
| * a9401cd5 drm/v3d: Assign job pointer to NULL before signaling the fence
| * 7d06d97e ASoC: samsung: midas_wm1811: Fix 'Headphone Switch' control creation
| * 44c49581 smb: client: fix NULL ptr deref in crypto_aead_setkey()
| * 4982cc83 Input: xpad - add support for wooting two he (arm)
| * b336f583 Input: xpad - add unofficial Xbox 360 wireless receiver clone
| * dd000518 Input: atkbd - map F23 key to support default copilot shortcut
| * 4631653d ALSA: usb-audio: Add delay quirk for USB Audio Device
| * 33233b06 Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
| * 4b9b41fa USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
| * bce96653 smb: client: fix UAF in async decryption
| * 49a27ee4 wifi: iwlwifi: add a few rate index validity checks
| * 182a4b7c scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
| * ce114240 ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
| * 13ea9547 ext4: fix access to uninitialised lock in fc replay path
| * 6bcb8a5b vfio/platform: check the bounds of read/write syscalls
| * 1a1b2b8c Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
| * 8476f842 block: fix integer overflow in BLKSECDISCARD
| * 1332c6ed net: sched: fix ets qdisc OOB Indexing
| * 74a37ce6 io_uring: fix waiters missing wake ups
| * 2a40a140 gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
| * 754df8c9 xfs: respect the stable writes flag on the RT device
| * bc4ad699 xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
| * 7880b1f0 xfs: dquot recovery does not validate the recovered dquot
| * df716416 xfs: clean up dqblk extraction
| * 318cac2b xfs: inode recovery does not validate the recovered inode
| * 6e782627 xfs: fix internal error from AGFL exhaustion
| * 323a7079 xfs: up(ic_sema) if flushing data device fails
| * 67c362b8 xfs: only remap the written blocks in xfs_reflink_end_cow_extent
| * b655ee7d xfs: abort intent items when recovery intents fail
| * 16cf312b xfs: factor out xfs_defer_pending_abort
| * 6685b885 xfs: allow read IO and FICLONE to run concurrently
| * 4eb3b579 xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
| * feb30fe4 xfs: introduce protection for drop nlink
| * 4d607041 xfs: make sure maxlen is still congruent with prod when rounding down
| * 34167d02 xfs: fix units conversion error in xfs_bmap_del_extent_delay
| * 91536449 xfs: rt stubs should return negative errnos when rt disabled
| * 9670abd1 xfs: prevent rt growfs when quota is enabled
| * 8ee604ac xfs: hoist freeing of rt data fork extent mappings
| * 79bdab54 xfs: bump max fsgeom struct version
| * f1bc5706 softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
| * d0ec61c9 ipv6: Fix soft lockups in fib6_select_path under high next hop churn
| * 9fdec478 regmap: detach regmap from dev on regmap_exit
| * 87d69690 ASoC: samsung: Add missing depends on I2C
| * 656100f6 ASoC: samsung: midas_wm1811: Map missing jack kcontrols
| * d2b4b39b irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
| * b7d24618 drm/amd/display: Use HW lock mgr for PSR1
| * 2104ad71 scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
| * 18cb5798 seccomp: Stub for !CONFIG_SECCOMP
| * b873c88b ASoC: samsung: Add missing selects for MFD_WM8994
| * 8cf587aa ASoC: wm8994: Add depends on MFD core
* | 979fb1d6 Revert "fs: fix missing declaration of init_files"
* | 42cbb802 Revert "net: add exit_batch_rtnl() method"
* | 5b18fc7e Revert "gtp: use exit_batch_rtnl() method"
* | da69d668 Revert "gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp()."
* | f3dfa826 Revert "gtp: Destroy device along with udp socket's netns dismantle."
* | 79f1b689 Merge 6.1.127 into android14-6.1-lts
|\|
| * 75cefdf1 Linux 6.1.127
| * be7c61ea net: fix data-races around sk->sk_forward_alloc
| * 060de371 x86/xen: fix SLS mitigation in xen_hypercall_iret()
| * 400fb0e9 nfsd: add list_head nf_gc to struct nfsd_file
| * 75a0a6dd erofs: handle NONHEAD !delta[1] lclusters gracefully
| * 6326a3dc erofs: tidy up EROFS on-disk naming
| * 6e5dbd1c wifi: ath10k: avoid NULL pointer error during sdio remove
| * cd862903 Revert "regmap: detach regmap from dev on regmap_exit"
| * 275b8347 scsi: sg: Fix slab-use-after-free read in sg_release()
| * 9e95518e RDMA/rxe: Fix the qp flush warnings in req
| * e7736037 Revert "drm/amdgpu: rework resume handling for display (v2)"
| * 1921fe7d block: fix uaf for flush rq while iterating tags
| * 05b1b339 drm/amdgpu: fix usage slab after free
| * 5bd410c2 drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
| * 64b79afd iio: adc: rockchip_saradc: fix information leak in triggered buffer
| * d3e25180 iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
| * f2e4823b iio: imu: inv_icm42600: fix spi burst write not supported
| * 479a42ee Revert "PCI: Use preserve_config in place of pci_flags"
| * 6603aca9 drm/i915/fb: Relax clear color alignment to 64 bytes
| * 3d41dbf8 hrtimers: Handle CPU state correctly on hotplug
| * d7b0e896 irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
| * e64612f8 irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
| * e1994d0f irqchip: Plug a OF node reference leak in platform_irqchip_probe()
| * 699cc10c pmdomain: imx8mp-blk-ctrl: add missing loop break condition
| * d38c49f7 gpiolib: cdev: Fix use after free in lineinfo_changed_notify
| * 65c367bd fs/proc: fix softlockup in __read_vmcore (part 2)
| * 80fc836f filemap: avoid truncating 64-bit offset to 32 bits
| * b52e50dd vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
| * cc586af3 vsock: reset socket state when de-assigning the transport
| * a3c9390f vsock/virtio: cancel close work in the destructor
| * 88244163 vsock/virtio: discard packets if the transport changes
| * 435349d4 net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
| * 9e1f5094 selftests: mptcp: avoid spurious errors on disconnect
| * 73411e09 mptcp: be sure to send ack when mptcp-level window re-opens
| * fe3de867 zram: fix potential UAF of zram table
| * f9830994 ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
| * 0b30238c x86/asm: Make serialize() always_inline
| * 3375bdf8 poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
| * 7ca4bd6b iomap: avoid avoid truncating 64-bit offset to 32 bits
| * a5045ca6 ACPI: resource: acpi_dev_irq_override(): Check DMI match last
| * bea2a4cf selftests: tc-testing: reduce rshift value
| * 435df80d scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers
| * f937130b cachefiles: Parse the "secctx" immediately
| * d8680dad kheaders: Ignore silly-rename files
| * bb00b119 fs: fix missing declaration of init_files
| * 19021857 hfs: Sanity check the root record
| * 41e4ca8a mac802154: check local interfaces before deleting sdata list
| * cce9254a nvmet: propagate npwg topology
| * 75505de0 i2c: rcar: fix NACK handling when being a target
| * 53336f33 i2c: mux: demux-pinctrl: check initial mux selection, too
| * 4c833c36 Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
| * 79fe53ed hwmon: (tmp513) Fix division of negative numbers
| * 2a1c88f7 drm/v3d: Ensure job pointer is set to NULL after job completion
| * efc92a26 net/mlx5: Clear port select structure when fail to create
| * edb43b46 net/mlx5: Fix RDMA TX steering prio
| * 207c81e2 net: xilinx: axienet: Fix IRQ coalescing packet count overflow
| * c385389a nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
| * efec287c gtp: Destroy device along with udp socket's netns dismantle.
| * c91e6946 gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
| * a3fdd5f3 gtp: use exit_batch_rtnl() method
| * 760f415e net: add exit_batch_rtnl() method
| * e5d24a70 pktgen: Avoid out-of-bounds access in get_imix_entries
| * ea9e9903 openvswitch: fix lockup on tx to unregistering netdev with carrier
| * d0a3b3d1 bpf: Fix bpf_sk_select_reuseport() memory leak
| * 07524817 net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
* | 766d61c1 Merge branch 'android14-6.1' into android14-6.1-lts
* | 12fe4482 Merge 6.1.126 into android14-6.1-lts
|\|
| * f4f67728 Linux 6.1.126
| * f6247d3e Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals
* | 3ad3cca3 Merge 6.1.125 into android14-6.1-lts
|\|
| * 60ceadf9 Linux 6.1.125
| * 9734fd7a xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
| * d2085719 drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
| * 90d4d271 drm: bridge: adv7511: use dev_err_probe in probe function
| * 2d431192 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
| * 18a1cd92 ocfs2: correct return value of ocfs2_local_free_info()
| * ad9ec26a of: address: Preserve the flags portion on 1:1 dma-ranges mapping
| * 007662f7 of: address: Store number of bus flag cells rather than bool
| * 7eb954ec of: address: Remove duplicated functions
| * 30eb1123 of: address: Fix address translation when address-size is greater than 2
| * 46dfdb0f of/address: Add support for 3 address cell bus
| * 57e3220c of: unittest: Add bus address range parsing tests
| * 40153aae arm64: dts: rockchip: add hevc power domain clock to rk3328
| * 2550149f block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
| * 64b0aebe ARM: dts: imxrt1050: Fix clocks for mmc
| * 6b63308c io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
| * 3e871c1d iio: adc: ad7124: Disable all channels at probe time
| * 6c92d6f2 iio: inkern: call iio_device_put() only on mapped devices
| * 25ef52f1 iio: adc: at91: call input_free_device() on allocated iio_dev
| * 26016d08 iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
| * 7bc7e9d6 iio: gyro: fxas21002c: Fix missing data update in trigger handler
| * ebe2672b iio: adc: ti-ads8688: fix information leak in triggered buffer
| * 6985ba44 iio: imu: kmx61: fix information leak in triggered buffer
| * 47d245be iio: light: vcnl4035: fix information leak in triggered buffer
| * b0642d9c iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
| * b7849f62 iio: pressure: zpa2326: fix information leak in triggered buffer
| * 82f60f36 usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
| * 9981c33a usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
| * dc51b66e usb: fix reference leak in usb_new_device()
| * c6f763b5 USB: core: Disable LPM only for non-suspended ports
| * 39219c26 USB: usblp: return error when setting unsupported protocol
| * 92a185bf usb: dwc3-am62: Disable autosuspend during remove
| * 3d730e87 usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
| * d26b9f0b misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config
| * 79aef618 misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling
| * ca47e933 topology: Keep the cpumask unchanged when printing cpumap
| * 20a57256 usb: dwc3: gadget: fix writing NYET threshold
| * 32af3bcc USB: serial: cp210x: add Phoenix Contact UPS Device
| * 65cb57b9 usb-storage: Add max sectors quirk for Nokia 208
| * 78e8abbd staging: iio: ad9832: Correct phase range check
| * 331e6e9f staging: iio: ad9834: Correct phase range check
| * c712fa61 USB: serial: option: add Neoway N723-EA support
| * fb946212 USB: serial: option: add MeiG Smart SRM815
* | afc952d5 Merge 43f4df33 ("bpf: Fix overloading of MEM_UNINIT's meaning") into android14-6.1-lts
|\|
| * 43f4df33 bpf: Fix overloading of MEM_UNINIT's meaning
* | 22d4625e Merge 2a72b2ce ("bpf: Add MEM_WRITE attribute") into android14-6.1-lts
|\|
| * 2a72b2ce bpf: Add MEM_WRITE attribute
* | b3b3e04d Merge 6bc6ee31 ("dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)") into android14-6.1-lts
|\|
| * 6bc6ee31 dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
| * e3ce913a drm/amd/display: increase MAX_SURFACES to the value supported by hw
| * abe587a4 ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
| * 88b9cf8f ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
| * c21df31f riscv: Fix sleeping in invalid context in die()
| * d0645e11 thermal: of: fix OF node leak in of_thermal_zone_find()
| * f3d1e406 drm/amd/display: Add check for granularity in dml ceil/floor helpers
| * 44ee8635 sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
| * e919197f sctp: sysctl: udp_port: avoid using current->nsproxy
| * 1b67030d sctp: sysctl: auth_enable: avoid using current->nsproxy
| * 4059507e sctp: sysctl: rto_min/max: avoid using current->nsproxy
| * 3cd0659d sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
* | c0e24516 Merge c0dde4a5 ("dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY") into android14-6.1-lts
|/
* c0dde4a5 dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
* 12771050 dm thin: make get_first_thin use rcu-safe list first function
* bb87b494 cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu
* 13e41c58 ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
* aabe47cf afs: Fix the maximum cell name length
* ee7e40f7 ksmbd: fix a missing return value check bug
* f05f5ab5 drm/mediatek: Add return value check when reading DPCD
* 4e674923 drm/mediatek: Fix mode valid issue for dp
* e0ad4b01 drm/mediatek: Fix YCbCr422 color format issue for DP
* 21c501e6 drm/mediatek: stop selecting foreign drivers
* f0a28087 net/mlx5: Fix variable not being completed when function returns
* a777e06d sched: sch_cake: add bounds checks to host bulk flow fairness counts
* 5552b4fd netfilter: conntrack: clamp maximum hashtable size to INT_MAX
* d470b925 netfilter: nf_tables: imbalance in flowtable binding
* 636d7b95 tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
* faa8a33e Bluetooth: hci_sync: Fix not setting Random Address when required
* ecb1356a tls: Fix tls_sw_sendmsg error handling
* 657a87c2 ice: fix incorrect PHY settings for 100 GB/s
* 8a7b73f1 cxgb4: Avoid removal of uninserted tid
* b9582838 bnxt_en: Fix possible memory leak when hwrm_req_replace fails
* 2011749c net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
* 2d230410 tcp/dccp: allow a connection when sk_max_ack_backlog is zero
* c0b0d9ae tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
* 0a5026be net: 802: LLC+SNAP OID:PID lookup on start of skb data
* 4589abf8 ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
* f6dce4dc ASoC: mediatek: disable buffer pre-allocation
* 939d239f scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
* d23f2621 exfat: fix the infinite loop in __exfat_free_cluster()
* 31beabd0 exfat: fix the infinite loop in exfat_readdir()
* 43c38c3b dm array: fix cursor index when skipping across block boundaries
* 956a74b2 dm array: fix unreleased btree blocks on closing a faulty array cursor
* e477021d dm array: fix releasing a faulty array block twice in dm_array_cursor_end
* 5af095cb jbd2: flush filesystem device before updating tail sequence
* 62834f5b jbd2: increase IO priority for writing revoke records
* 397383db sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* b79a0d1e bpf, sockmap: Fix race between element replace and close()
* e4b168c6 ceph: give up on paths longer than PATH_MAX

Change-Id: Ia18514bdd4d67e9850b55a4637d0fbe4a138658f
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      a624f97c
  5. Feb 21, 2025
  7. Feb 14, 2025
  9. Feb 13, 2025
  11. Feb 10, 2025
  13. Feb 07, 2025
  15. Feb 06, 2025
    • Greg Kroah-Hartman's avatar
      Merge 6.1.128 into android14-6.1-lts · e6d1ba54
      Greg Kroah-Hartman authored 
      
Changes in 6.1.128
	ASoC: wm8994: Add depends on MFD core
	ASoC: samsung: Add missing selects for MFD_WM8994
	seccomp: Stub for !CONFIG_SECCOMP
	scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
	drm/amd/display: Use HW lock mgr for PSR1
	irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
	ASoC: samsung: midas_wm1811: Map missing jack kcontrols
	ASoC: samsung: Add missing depends on I2C
	regmap: detach regmap from dev on regmap_exit
	ipv6: Fix soft lockups in fib6_select_path under high next hop churn
	softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
	xfs: bump max fsgeom struct version
	xfs: hoist freeing of rt data fork extent mappings
	xfs: prevent rt growfs when quota is enabled
	xfs: rt stubs should return negative errnos when rt disabled
	xfs: fix units conversion error in xfs_bmap_del_extent_delay
	xfs: make sure maxlen is still congruent with prod when rounding down
	xfs: introduce protection for drop nlink
	xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
	xfs: allow read IO and FICLONE to run concurrently
	xfs: factor out xfs_defer_pending_abort
	xfs: abort intent items when recovery intents fail
	xfs: only remap the written blocks in xfs_reflink_end_cow_extent
	xfs: up(ic_sema) if flushing data device fails
	xfs: fix internal error from AGFL exhaustion
	xfs: inode recovery does not validate the recovered inode
	xfs: clean up dqblk extraction
	xfs: dquot recovery does not validate the recovered dquot
	xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
	xfs: respect the stable writes flag on the RT device
	gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
	io_uring: fix waiters missing wake ups
	net: sched: fix ets qdisc OOB Indexing
	block: fix integer overflow in BLKSECDISCARD
	Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
	vfio/platform: check the bounds of read/write syscalls
	ext4: fix access to uninitialised lock in fc replay path
	ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
	scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
	wifi: iwlwifi: add a few rate index validity checks
	smb: client: fix UAF in async decryption
	USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
	Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
	ALSA: usb-audio: Add delay quirk for USB Audio Device
	Input: atkbd - map F23 key to support default copilot shortcut
	Input: xpad - add unofficial Xbox 360 wireless receiver clone
	Input: xpad - add support for wooting two he (arm)
	smb: client: fix NULL ptr deref in crypto_aead_setkey()
	ASoC: samsung: midas_wm1811: Fix 'Headphone Switch' control creation
	drm/v3d: Assign job pointer to NULL before signaling the fence
	Linux 6.1.128

Change-Id: Ia1ddc5824b498862a5eb730dd99bd3a76dd16015
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      e6d1ba54
    • Greg Kroah-Hartman's avatar
      Revert "fs: fix missing declaration of init_files" · 979fb1d6
      Greg Kroah-Hartman authored 
      
This reverts commit bb00b119 which is
commit 2b2fc0be upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: Ib6926beda39531de3e1a1025b981b560535347a4
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      979fb1d6
    • Greg Kroah-Hartman's avatar
      Revert "net: add exit_batch_rtnl() method" · 42cbb802
      Greg Kroah-Hartman authored 
      
This reverts commit 760f415e which is
commit fd4f101e upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I7cd575ae9e9d99f5181fdc297649d7e9f96d56fc
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      42cbb802
    • Greg Kroah-Hartman's avatar
      Revert "gtp: use exit_batch_rtnl() method" · 5b18fc7e
      Greg Kroah-Hartman authored 
      
This reverts commit a3fdd5f3 which is
commit 6eedda01 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I6d0ce9375026632d6e27f9ec83c408fdee344963
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      5b18fc7e
    • Greg Kroah-Hartman's avatar
      Revert "gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp()." · da69d668
      Greg Kroah-Hartman authored 
      
This reverts commit c91e6946 which is
commit 46841c70 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I1b6ed883c57437964fcfbcb2479ecf19f6a167f7
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      da69d668
    • Greg Kroah-Hartman's avatar
      Revert "gtp: Destroy device along with udp socket's netns dismantle." · f3dfa826
      Greg Kroah-Hartman authored 
      
This reverts commit efec287c which is
commit eb28fd76 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I8f64380576053dce28f0f73ef06ccf0a27469ed1
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      f3dfa826
    • Greg Kroah-Hartman's avatar
      Merge 6.1.127 into android14-6.1-lts · 79f1b689
      Greg Kroah-Hartman authored 
      
Changes in 6.1.127
	net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
	bpf: Fix bpf_sk_select_reuseport() memory leak
	openvswitch: fix lockup on tx to unregistering netdev with carrier
	pktgen: Avoid out-of-bounds access in get_imix_entries
	net: add exit_batch_rtnl() method
	gtp: use exit_batch_rtnl() method
	gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
	gtp: Destroy device along with udp socket's netns dismantle.
	nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
	net: xilinx: axienet: Fix IRQ coalescing packet count overflow
	net/mlx5: Fix RDMA TX steering prio
	net/mlx5: Clear port select structure when fail to create
	drm/v3d: Ensure job pointer is set to NULL after job completion
	hwmon: (tmp513) Fix division of negative numbers
	Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
	i2c: mux: demux-pinctrl: check initial mux selection, too
	i2c: rcar: fix NACK handling when being a target
	nvmet: propagate npwg topology
	mac802154: check local interfaces before deleting sdata list
	hfs: Sanity check the root record
	fs: fix missing declaration of init_files
	kheaders: Ignore silly-rename files
	cachefiles: Parse the "secctx" immediately
	scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers
	selftests: tc-testing: reduce rshift value
	ACPI: resource: acpi_dev_irq_override(): Check DMI match last
	iomap: avoid avoid truncating 64-bit offset to 32 bits
	poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
	x86/asm: Make serialize() always_inline
	ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
	zram: fix potential UAF of zram table
	mptcp: be sure to send ack when mptcp-level window re-opens
	selftests: mptcp: avoid spurious errors on disconnect
	net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
	vsock/virtio: discard packets if the transport changes
	vsock/virtio: cancel close work in the destructor
	vsock: reset socket state when de-assigning the transport
	vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
	filemap: avoid truncating 64-bit offset to 32 bits
	fs/proc: fix softlockup in __read_vmcore (part 2)
	gpiolib: cdev: Fix use after free in lineinfo_changed_notify
	pmdomain: imx8mp-blk-ctrl: add missing loop break condition
	irqchip: Plug a OF node reference leak in platform_irqchip_probe()
	irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
	irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
	hrtimers: Handle CPU state correctly on hotplug
	drm/i915/fb: Relax clear color alignment to 64 bytes
	Revert "PCI: Use preserve_config in place of pci_flags"
	iio: imu: inv_icm42600: fix spi burst write not supported
	iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
	iio: adc: rockchip_saradc: fix information leak in triggered buffer
	drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
	drm/amdgpu: fix usage slab after free
	block: fix uaf for flush rq while iterating tags
	Revert "drm/amdgpu: rework resume handling for display (v2)"
	RDMA/rxe: Fix the qp flush warnings in req
	scsi: sg: Fix slab-use-after-free read in sg_release()
	Revert "regmap: detach regmap from dev on regmap_exit"
	wifi: ath10k: avoid NULL pointer error during sdio remove
	erofs: tidy up EROFS on-disk naming
	erofs: handle NONHEAD !delta[1] lclusters gracefully
	nfsd: add list_head nf_gc to struct nfsd_file
	x86/xen: fix SLS mitigation in xen_hypercall_iret()
	net: fix data-races around sk->sk_forward_alloc
	Linux 6.1.127

Change-Id: I5621f4287b21d7fbcc2f19d46e02d97afe5f0451
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
      79f1b689
  17. Feb 04, 2025
    • Michal Pecio's avatar
      BACKPORT: usb: xhci: Fix NULL pointer dereference on certain command aborts · 7658169f
      Michal Pecio authored 
      If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.

If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.

Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.

This is probably Bug 219532, but no confirmation has been received.

The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532


Fixes: c311e391 ("xhci: rework command timeout and cancellation,")
CC: stable@vger.kernel.org
Signed-off-by: default avatarMichal Pecio <michal.pecio@gmail.com>
Signed-off-by: default avatarMathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.intel.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 393469846
(cherry picked from commit 1e0a1991)
[Sriram: Resolved minor conflict drivers/usb/host/xhci-ring.c ]

Change-Id: I0228fb40e139eb06b9ab68fd3e66ca3444da7077
Signed-off-by: default avatarSriram Dash <quic_sriramd@quicinc.com>
      ASB-2025-02-05_14-6.1
      7658169f
    • Isaac Manjarres's avatar
      ANDROID: OPP: Fix incorrectly backported logic in _set_opp_level() · 4033df20
      Isaac Manjarres authored and Isaac Manjarres's avatar Isaac Manjarres committed 
      
Commit b50a013d ("BACKPORT: OPP: Extend support for the opp-level
beyond required-opps") used dev_pm_genpd_set_performance_state()
as a substitute for dev_pm_domain_set_performance_state(), since
introducing dev_pm_domain_set_performance_state() required breaking the
ABI on this branch.

However, directly invoking dev_pm_genpd_set_performance_state() is not
equivalent to dev_pm_domain_set_performance_state(), as the latter
only invokes a PM domain's set_performance_state callback if the device
it is invoked on uses a PM domain, and if that PM domain supports that
callback. If that check fails, then the invocation is simply a nop, and
no error code is returned.

In contrast, dev_pm_genpd_set_performance_state() checks to ensure that the
device uses a PM domain, and that the PM domain is a generic PM domain.
If that is not the case, then the invocation returns an error which is
then propagated up the call chain.

Therefore, fix _set_opp_level() to function as a nop for devices without
PM domains to align it to its original intent.

Bug: 394178898
Fixes: b50a013d ("BACKPORT: OPP: Extend support for the opp-level beyond required-opps")
Change-Id: I664d45168404d62aecf59a0afcd2e001d6b7a247
Signed-off-by: default avatarIsaac J. Manjarres <isaacmanjarres@google.com>
      4033df20
  19. Feb 03, 2025
  21. Feb 01, 2025
    • Greg Kroah-Hartman's avatar
      Linux 6.1.128 · 0cbb5f65
      Greg Kroah-Hartman authored 
      Link: https://lore.kernel.org/r/20250130140133.825446496@linuxfoundation.org


Tested-by: default avatarMark Brown <broonie@kernel.org>
Tested-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
Tested-by: default avatarSalvatore Bonaccorso <carnil@debian.org>
Tested-by: default avatarJon Hunter <jonathanh@nvidia.com>
Tested-by: default avatarPavel Machek (CIP) <pavel@denx.de>
Tested-by: default avatarRon Economos <re@w6rz.net>
Tested-by: default avatarLinux Kernel Functional Testing <lkft@linaro.org>
Tested-by: default avatarkernelci.org bot <bot@kernelci.org>
Tested-by: default avatarPeter Schneider <pschneider1968@googlemail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      v6.1.128
      0cbb5f65
    • Maíra Canal's avatar
      drm/v3d: Assign job pointer to NULL before signaling the fence · a9401cd5
      Maíra Canal authored 
      
commit 6e64d6b3 upstream.

In commit e4b5ccd3 ("drm/v3d: Ensure job pointer is set to NULL
after job completion"), we introduced a change to assign the job pointer
to NULL after completing a job, indicating job completion.

However, this approach created a race condition between the DRM
scheduler workqueue and the IRQ execution thread. As soon as the fence is
signaled in the IRQ execution thread, a new job starts to be executed.
This results in a race condition where the IRQ execution thread sets the
job pointer to NULL simultaneously as the `run_job()` function assigns
a new job to the pointer.

This race condition can lead to a NULL pointer dereference if the IRQ
execution thread sets the job pointer to NULL after `run_job()` assigns
it to the new job. When the new job completes and the GPU emits an
interrupt, `v3d_irq()` is triggered, potentially causing a crash.

[  466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
[  466.318928] Mem abort info:
[  466.321723]   ESR = 0x0000000096000005
[  466.325479]   EC = 0x25: DABT (current EL), IL = 32 bits
[  466.330807]   SET = 0, FnV = 0
[  466.333864]   EA = 0, S1PTW = 0
[  466.337010]   FSC = 0x05: level 1 translation fault
[  466.341900] Data abort info:
[  466.344783]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[  466.350285]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[  466.355350]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[  466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000
[  466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[  466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[  466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6
[  466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G         C         6.13.0-v8+ #18
[  466.467336] Tainted: [C]=CRAP
[  466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[  466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]
[  466.487258] lr : __handle_irq_event_percpu+0x60/0x228
[  466.492327] sp : ffffffc080003ea0
[  466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000
[  466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200
[  466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000
[  466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000
[  466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000
[  466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[  466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0
[  466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
[  466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70
[  466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000
[  466.567263] Call trace:
[  466.569711]  v3d_irq+0x118/0x2e0 [v3d] (P)
[  466.573826]  __handle_irq_event_percpu+0x60/0x228
[  466.578546]  handle_irq_event+0x54/0xb8
[  466.582391]  handle_fasteoi_irq+0xac/0x240
[  466.586498]  generic_handle_domain_irq+0x34/0x58
[  466.591128]  gic_handle_irq+0x48/0xd8
[  466.594798]  call_on_irq_stack+0x24/0x58
[  466.598730]  do_interrupt_handler+0x88/0x98
[  466.602923]  el0_interrupt+0x44/0xc0
[  466.606508]  __el0_irq_handler_common+0x18/0x28
[  466.611050]  el0t_64_irq_handler+0x10/0x20
[  466.615156]  el0t_64_irq+0x198/0x1a0
[  466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018)
[  466.624853] ---[ end trace 0000000000000000 ]---
[  466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[  466.636384] SMP: stopping secondary CPUs
[  466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000
[  466.646259] PHYS_OFFSET: 0x0
[  466.649141] CPU features: 0x100,00000170,00901250,0200720b
[  466.654644] Memory Limit: none
[  466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---

Fix the crash by assigning the job pointer to NULL before signaling the
fence. This ensures that the job pointer is cleared before any new job
starts execution, preventing the race condition and the NULL pointer
dereference crash.

Cc: stable@vger.kernel.org
Fixes: e4b5ccd3 ("drm/v3d: Ensure job pointer is set to NULL after job completion")
Signed-off-by: default avatarMaíra Canal <mcanal@igalia.com>
Reviewed-by: default avatarJose Maria Casanova Crespo <jmcasanova@igalia.com>
Reviewed-by: default avatarIago Toral Quiroga <itoral@igalia.com>
Tested-by: default avatarPhil Elwell <phil@raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250123012403.20447-1-mcanal@igalia.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a9401cd5
    • Marek Szyprowski's avatar
      ASoC: samsung: midas_wm1811: Fix 'Headphone Switch' control creation · 7d06d97e
      Marek Szyprowski authored 
      
commit 48c6253f upstream.

'Headphone Switch' control is already registered from
sound/soc/codecs/wm_hubs.c:479, so duplicating it in midas_wm1811
causes following probe failure:

midas-audio sound: control 2:0:0:Headphone Switch:0 is already present
midas-audio sound: ASoC: Failed to add Headphone Switch: -16
midas-audio sound: Failed to register card: -16
midas-audio: probe of sound failed with error -16

Fix this by dropping duplicated control.

Fixes: d27224a4 ("ASoC: samsung: midas_wm1811: Map missing jack kcontrols")
Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20230809100446.2105825-1-m.szyprowski@samsung.com


Signed-off-by: default avatarMark Brown <broonie@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7d06d97e
    • Paulo Alcantara's avatar
      smb: client: fix NULL ptr deref in crypto_aead_setkey() · 44c49581
      Paulo Alcantara authored 
      
commit 4bdec0d1 upstream.

Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so
when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,
the client uses AES-128-CCM as the default cipher.  See MS-SMB2
3.3.5.4.

Commit b0abcd65 ("smb: client: fix UAF in async decryption") added
a @server->cipher_type check to conditionally call
smb3_crypto_aead_allocate(), but that check would always be false as
@server->cipher_type is unset for SMB3.02.

Fix the following KASAN splat by setting @server->cipher_type for
SMB3.02 as well.

mount.cifs //srv/share /mnt -o vers=3.02,seal,...

BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130
Read of size 8 at addr 0000000000000020 by task mount.cifs/1095
CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41
04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x5d/0x80
 ? crypto_aead_setkey+0x2c/0x130
 kasan_report+0xda/0x110
 ? crypto_aead_setkey+0x2c/0x130
 crypto_aead_setkey+0x2c/0x130
 crypt_message+0x258/0xec0 [cifs]
 ? __asan_memset+0x23/0x50
 ? __pfx_crypt_message+0x10/0x10 [cifs]
 ? mark_lock+0xb0/0x6a0
 ? hlock_class+0x32/0xb0
 ? mark_lock+0xb0/0x6a0
 smb3_init_transform_rq+0x352/0x3f0 [cifs]
 ? lock_acquire.part.0+0xf4/0x2a0
 smb_send_rqst+0x144/0x230 [cifs]
 ? __pfx_smb_send_rqst+0x10/0x10 [cifs]
 ? hlock_class+0x32/0xb0
 ? smb2_setup_request+0x225/0x3a0 [cifs]
 ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs]
 compound_send_recv+0x59b/0x1140 [cifs]
 ? __pfx_compound_send_recv+0x10/0x10 [cifs]
 ? __create_object+0x5e/0x90
 ? hlock_class+0x32/0xb0
 ? do_raw_spin_unlock+0x9a/0xf0
 cifs_send_recv+0x23/0x30 [cifs]
 SMB2_tcon+0x3ec/0xb30 [cifs]
 ? __pfx_SMB2_tcon+0x10/0x10 [cifs]
 ? lock_acquire.part.0+0xf4/0x2a0
 ? __pfx_lock_release+0x10/0x10
 ? do_raw_spin_trylock+0xc6/0x120
 ? lock_acquire+0x3f/0x90
 ? _get_xid+0x16/0xd0 [cifs]
 ? __pfx_SMB2_tcon+0x10/0x10 [cifs]
 ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
 cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
 ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs]
 ? cifs_get_tcp_session+0xaa0/0xca0 [cifs]
 cifs_mount_get_session+0x8a/0x210 [cifs]
 dfs_mount_share+0x1b0/0x11d0 [cifs]
 ? __pfx___lock_acquire+0x10/0x10
 ? __pfx_dfs_mount_share+0x10/0x10 [cifs]
 ? lock_acquire.part.0+0xf4/0x2a0
 ? find_held_lock+0x8a/0xa0
 ? hlock_class+0x32/0xb0
 ? lock_release+0x203/0x5d0
 cifs_mount+0xb3/0x3d0 [cifs]
 ? do_raw_spin_trylock+0xc6/0x120
 ? __pfx_cifs_mount+0x10/0x10 [cifs]
 ? lock_acquire+0x3f/0x90
 ? find_nls+0x16/0xa0
 ? smb3_update_mnt_flags+0x372/0x3b0 [cifs]
 cifs_smb3_do_mount+0x1e2/0xc80 [cifs]
 ? __pfx_vfs_parse_fs_string+0x10/0x10
 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs]
 smb3_get_tree+0x1bf/0x330 [cifs]
 vfs_get_tree+0x4a/0x160
 path_mount+0x3c1/0xfb0
 ? kasan_quarantine_put+0xc7/0x1d0
 ? __pfx_path_mount+0x10/0x10
 ? kmem_cache_free+0x118/0x3e0
 ? user_path_at+0x74/0xa0
 __x64_sys_mount+0x1a6/0x1e0
 ? __pfx___x64_sys_mount+0x10/0x10
 ? mark_held_locks+0x1a/0x90
 do_syscall_64+0xbb/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Cc: Tom Talpey <tom@talpey.com>
Reported-by: default avatarJianhong Yin <jiyin@redhat.com>
Cc: stable@vger.kernel.org # v6.12
Fixes: b0abcd65 ("smb: client: fix UAF in async decryption")
Signed-off-by: default avatarPaulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      44c49581
    • Jack Greiner's avatar
      Input: xpad - add support for wooting two he (arm) · 4982cc83
      Jack Greiner authored 
      
commit 222f3390 upstream.

Add Wooting Two HE (ARM) to the list of supported devices.

Signed-off-by: default avatarJack Greiner <jack@emoss.org>
Signed-off-by: default avatarPavel Rojtberg <rojtberg@gmail.com>
Link: https://lore.kernel.org/r/20250107192830.414709-3-rojtberg@gmail.com


Cc: stable@vger.kernel.org
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4982cc83
    • Nilton Perim Neto's avatar
      Input: xpad - add unofficial Xbox 360 wireless receiver clone · b336f583
      Nilton Perim Neto authored 
      
commit e4940fe6 upstream.

Although it mimics the Microsoft's VendorID, it is in fact a clone.
Taking into account that the original Microsoft Receiver is not being
manufactured anymore, this drive can solve dpad issues encontered by
those who still use the original 360 Wireless controller
but are using a receiver clone.

Signed-off-by: default avatarNilton Perim Neto <niltonperimneto@gmail.com>
Signed-off-by: default avatarPavel Rojtberg <rojtberg@gmail.com>
Link: https://lore.kernel.org/r/20250107192830.414709-12-rojtberg@gmail.com


Cc: stable@vger.kernel.org
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b336f583
    • Mark Pearson's avatar
      Input: atkbd - map F23 key to support default copilot shortcut · dd000518
      Mark Pearson authored 
      commit 907bc926 upstream.

Microsoft defined Meta+Shift+F23 as the Copilot shortcut instead of a
dedicated keycode, and multiple vendors have their keyboards emit this
sequence in response to users pressing a dedicated "Copilot" key.
Unfortunately the default keymap table in atkbd does not map scancode
0x6e (F23) and so the key combination does not work even if userspace
is ready to handle it.

Because this behavior is common between multiple vendors and the
scancode is currently unused map 0x6e to keycode 193 (KEY_F23) so that
key sequence is generated properly.

MS documentation for the scan code:
https://learn.microsoft.com/en-us/windows/win32/inputdev/about-keyboard-input#scan-codes


Confirmed on Lenovo, HP and Dell machines by Canonical.
Tested on Lenovo T14s G6 AMD.

Signed-off-by: default avatarMark Pearson <mpearson-lenovo@squebb.ca>
Link: https://lore.kernel.org/r/20250107034554.25843-1-mpearson-lenovo@squebb.ca


Cc: stable@vger.kernel.org
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dd000518
    • Lianqin Hu's avatar
      ALSA: usb-audio: Add delay quirk for USB Audio Device · 4631653d
      Lianqin Hu authored 
      
commit ad5b205f upstream.

Audio control requests that sets sampling frequency sometimes fail on
this card. Adding delay between control messages eliminates that problem.

usb 1-1: New USB device found, idVendor=0d8c, idProduct=0014
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-1: Product: USB Audio Device
usb 1-1: Manufacturer: C-Media Electronics Inc.

Signed-off-by: default avatarLianqin Hu <hulianqin@vivo.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/TYUPR06MB6217E94D922B9BF422A73F32D2192@TYUPR06MB6217.apcprd06.prod.outlook.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4631653d