Select Git revision
Search by author
- Any Author
- authors
-
72162444 72162444 gaochangning
-
Aakash Dave aakash.dave
-
Aaron Kim akim
-
Aaron Kloc akloc
-
Aaron Lan aaron.lan
-
Aaron Nabil aaronna
-
Aaron Pohle aaron.pohle
-
Abbott Chung chung.abbott
-
Abdallah Omar abdallah_omar
-
Abdessamii Chalbi abdessamii.chalbi
-
Abdul Hussain Sirajudeen abdul.hussain
-
Abdullah Alghamdi a.alghamdi
-
Abdullah Elmarghany abdullah_elmarghany
-
Abel Fang abel_fang
-
Abhijeet Badurkar abhijeet.badurkar
-
Abhijit Adsule adsule
-
Abhijit Murthy abhijit
-
Abhi Khanal akhanal
-
Abhilash Sahoo abhilashsahoo
-
Abhimanyu Raj abhimanyu.raj
- Mar 17, 2025
-
-
Qi Han authored
BACKPORT: f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks After release a file and subsequently reserve it, the FSCK flag is set when the file is deleted, as shown in the following backtrace: F2FS-fs (dm-48): Inconsistent i_blocks, ino:401231, iblocks:1448, sectors:1472 fs_rec_info_write_type+0x58/0x274 f2fs_rec_info_write+0x1c/0x2c set_sbi_flag+0x74/0x98 dec_valid_block_count+0x150/0x190 f2fs_truncate_data_blocks_range+0x2d4/0x3cc f2fs_do_truncate_blocks+0x2fc/0x5f0 f2fs_truncate_blocks+0x68/0x100 f2fs_truncate+0x80/0x128 f2fs_evict_inode+0x1a4/0x794 evict+0xd4/0x280 iput+0x238/0x284 do_unlinkat+0x1ac/0x298 __arm64_sys_unlinkat+0x48/0x68 invoke_syscall+0x58/0x11c For clusters of the following type, i_blocks are decremented by 1 and i_compr_blocks are incremented by 7 in release_compress_blocks, while updates to i_blocks and i_compr_blocks are skipped in reserve_compress_blocks. raw node: D D D D D D D D after compress: C D D D D D D D after reserve: C D D D D D D D Let's update i_blocks and i_compr_blocks properly in reserve_compress_blocks. Bug: 403145794 Bug: 404076730 Fixes: eb8fbaa5 ("f2fs: compress: fix to check unreleased compressed cluster") Change-Id: I596af62bbd54941bfc77f30e182db94e81cba59b Signed-off-by:
Qi Han <hanqi@vivo.com> Reviewed-by:
Chao Yu <chao@kernel.org> Signed-off-by:
Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit 26413ce1) (cherry picked from commit 90d49524) (cherry picked from commit 8b83b87a)
-
- Mar 11, 2025
-
-
Kamil Hampel authored
Symbol lists updated: serdev_device_write schedule_hrtimeout_range __serdev_device_driver_register serdev_device_open serdev_device_close serdev_device_write_wakeup serdev_device_set_baudrate serdev_device_set_flow_control serdev_device_set_parity skb_complete_tx_timestamp genphy_c45_pma_resume genphy_c45_pma_suspend Bug: 402315583 Bug: 380302167 Change-Id: Iacd45fb95486807a2d0501b467deda7f9ca82598 Signed-off-by:
Kamil Hampel <kamil.hampel@aptiv.corp-partner.google.com> (cherry picked from commit 99526711)
-
- Feb 25, 2025
-
-
Seiya Wang authored
11 function symbol(s) added 'void __media_device_usb_init(struct media_device *, struct usb_device *, const char *, const char *)' 'void __v4l2_ctrl_grab(struct v4l2_ctrl *, bool)' 'int ir_raw_encode_carrier(enum rc_proto)' 'int ir_raw_encode_scancode(enum rc_proto, u32, struct ir_raw_event *, unsigned int)' 'int snd_card_free_when_closed(struct snd_card *)' 'void v4l2_ctrl_activate(struct v4l2_ctrl *, bool)' 'const char * const * v4l2_ctrl_get_menu(u32)' 'void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *, const char *)' 'int v4l2_ctrl_query_fill(struct v4l2_queryctrl *, s32, s32, s32, s32)' 'bool v4l2_ctrl_radio_filter(const struct v4l2_ctrl *)' 'int v4l2_mc_create_media_graph(struct media_device *)' Bug: 398731050 Bug: 398988907 Change-Id: If684153a2bbeea51dcc29341e19c247a5de9ee8d Signed-off-by:Seiya Wang <seiya.wang@mediatek.com>
-
- Jan 14, 2025
-
-
Todd Kjos authored
Bug: 383669188 Signed-off-by:Todd Kjos <tkjos@google.com> Change-Id: I7724932c84aec0fd9e33494c630e3915f0fb5741
-
- Jan 13, 2025
-
-
Yosry Ahmed authored
Previous patches removed the only caller of cgroup_rstat_flush_atomic(). Remove the function and simplify the code. Link: https://lkml.kernel.org/r/20230421174020.2994750-6-yosryahmed@google.com Change-Id: I28939a92d4dcc6b8ad03dfaf7243e6d2b6af9100 Signed-off-by:
Yosry Ahmed <yosryahmed@google.com> Acked-by:
Shakeel Butt <shakeelb@google.com> Acked-by:
Tejun Heo <tj@kernel.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Jan Kara <jack@suse.cz> Cc: Jens Axboe <axboe@kernel.dk> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Michal Koutný <mkoutny@suse.com> Cc: Muchun Song <songmuchun@bytedance.com> Cc: Roman Gushchin <roman.gushchin@linux.dev> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0a2dc6ac) Bug: 322544714 Signed-off-by:
T.J. Mercier <tjmercier@google.com>
-
Yosry Ahmed authored
Previous patches removed all callers of mem_cgroup_flush_stats_atomic(). Remove the function and simplify the code. Link: https://lkml.kernel.org/r/20230421174020.2994750-5-yosryahmed@google.com Change-Id: Ieef476cf2c0aacb48af4e82e4bb96e5cc69292c5 Signed-off-by:
-
Yosry Ahmed authored
Currently, we approximate the root usage by adding the memcg stats for anon, file, and conditionally swap (for memsw). To read the memcg stats we need to invoke an rstat flush. rstat flushes can be expensive, they scale with the number of cpus and cgroups on the system. mem_cgroup_usage() is called by memcg_events()->mem_cgroup_threshold() with irqs disabled, so such an expensive operation with irqs disabled can cause problems. Instead, approximate the root usage from global state. This is not 100% accurate, but the root usage has always been ill-defined anyway. Link: https://lkml.kernel.org/r/20230421174020.2994750-4-yosryahmed@google.com Change-Id: Ifbc895f45fc119f3079c17fd8f5e3d87267428c4 Signed-off-by:
Michal Koutný <mkoutny@suse.com> Acked-by:
-
Yosry Ahmed authored
The previous patch moved the wb_over_bg_thresh()->mem_cgroup_wb_stats() code path in wb_writeback() outside the lock section. We no longer need to flush the stats atomically. Flush the stats non-atomically. Link: https://lkml.kernel.org/r/20230421174020.2994750-3-yosryahmed@google.com Change-Id: Ibbb2dd41fac7c26f1e18d0a984d7197b45294f6f Signed-off-by:
-
Yosry Ahmed authored
Patch series "cgroup: eliminate atomic rstat flushing", v5. A previous patch series [1] changed most atomic rstat flushing contexts to become non-atomic. This was done to avoid an expensive operation that scales with # cgroups and # cpus to happen with irqs disabled and scheduling not permitted. There were two remaining atomic flushing contexts after that series. This series tries to eliminate them as well, eliminating atomic rstat flushing completely. The two remaining atomic flushing contexts are: (a) wb_over_bg_thresh()->mem_cgroup_wb_stats() (b) mem_cgroup_threshold()->mem_cgroup_usage() For (a), flushing needs to be atomic as wb_writeback() calls wb_over_bg_thresh() with a spinlock held. However, it seems like the call to wb_over_bg_thresh() doesn't need to be protected by that spinlock, so this series proposes a refactoring that moves the call outside the lock criticial section and makes the stats flushing in mem_cgroup_wb_stats() non-atomic. For (b), flushing needs to be atomic as mem_cgroup_threshold() is called with irqs disabled. We only flush the stats when calculating the root usage, as it is approximated as the sum of some memcg stats (file, anon, and optionally swap) instead of the conventional page counter. This series proposes changing this calculation to use the global stats instead, eliminating the need for a memcg stat flush. After these 2 contexts are eliminated, we no longer need mem_cgroup_flush_stats_atomic() or cgroup_rstat_flush_atomic(). We can remove them and simplify the code. [1] https://lore.kernel.org/linux-mm/20230330191801.1967435-1-yosryahmed@google.com/ This patch (of 5): wb_over_bg_thresh() calls mem_cgroup_wb_stats() which invokes an rstat flush, which can be expensive on large systems. Currently, wb_writeback() calls wb_over_bg_thresh() within a lock section, so we have to do the rstat flush atomically. On systems with a lot of cpus and/or cgroups, this can cause us to disable irqs for a long time, potentially causing problems. Move the call to wb_over_bg_thresh() outside the lock section in preparation to make the rstat flush in mem_cgroup_wb_stats() non-atomic. The list_empty(&wb->work_list) check should be okay outside the lock section of wb->list_lock as it is protected by a separate lock (wb->work_lock), and wb_over_bg_thresh() doesn't seem like it is modifying any of wb->b_* lists the wb->list_lock is protecting. Also, the loop seems to be already releasing and reacquring the lock, so this refactoring looks safe. Link: https://lkml.kernel.org/r/20230421174020.2994750-1-yosryahmed@google.com Link: https://lkml.kernel.org/r/20230421174020.2994750-2-yosryahmed@google.com Change-Id: Id9dbfad96cfd32f1381d7640e1e2cf62c0a56189 Signed-off-by:
Jan Kara <jack@suse.cz> Acked-by:
-
Yosry Ahmed authored
In some situations, we may end up calling memcg_rstat_updated() with a value of 0, which means the stat was not actually updated. An example is if we fail to reclaim any pages in shrink_folio_list(). Do not add the cgroup to the rstat updated tree in this case, to avoid unnecessarily flushing it. Link: https://lkml.kernel.org/r/20230330191801.1967435-9-yosryahmed@google.com Change-Id: I8142aa6c2962e5af590a5e93f89fbf2313d4b741 Signed-off-by:
Johannes Weiner <hannes@cmpxchg.org> Acked-by:
Michal Hocko <mhocko@suse.com> Reviewed-by:
-
Yosry Ahmed authored
Memory reclaim is a sleepable context. Flushing is an expensive operaiton that scales with the number of cpus and the number of cgroups in the system, so avoid doing it atomically unnecessarily. This can slow down reclaim code if flushing stats is taking too long, but there is already multiple cond_resched()'s in reclaim code. Link: https://lkml.kernel.org/r/20230330191801.1967435-8-yosryahmed@google.com Change-Id: Ia0f0d42131e67a060dc7c9b868ef5247d78e05c8 Signed-off-by:
-
Yosry Ahmed authored
In workingset_refault(), we call mem_cgroup_flush_stats_atomic_ratelimited() to read accurate stats within an RCU read section and with sleeping disallowed. Move the call above the RCU read section to make it non-atomic. Flushing is an expensive operation that scales with the number of cpus and the number of cgroups in the system, so avoid doing it atomically where possible. Since workingset_refault() is the only caller of mem_cgroup_flush_stats_atomic_ratelimited(), just make it non-atomic, and rename it to mem_cgroup_flush_stats_ratelimited(). Link: https://lkml.kernel.org/r/20230330191801.1967435-7-yosryahmed@google.com Change-Id: Ia073b9bcef12dfced053ebea7a5da96ce942596c Signed-off-by:
-
Yosry Ahmed authored
Currently, all contexts that flush memcg stats do so with sleeping not allowed. Some of these contexts are perfectly safe to sleep in, such as reading cgroup files from userspace or the background periodic flusher. Flushing is an expensive operation that scales with the number of cpus and the number of cgroups in the system, so avoid doing it atomically where possible. Refactor the code to make mem_cgroup_flush_stats() non-atomic (aka sleepable), and provide a separate atomic version. The atomic version is used in reclaim, refault, writeback, and in mem_cgroup_usage(). All other code paths are left to use the non-atomic version. This includes callbacks for userspace reads and the periodic flusher. Since refault is the only caller of mem_cgroup_flush_stats_ratelimited(), change it to mem_cgroup_flush_stats_atomic_ratelimited(). Reclaim and refault code paths are modified to do non-atomic flushing in separate later patches -- so it will eventually be changed back to mem_cgroup_flush_stats_ratelimited(). Link: https://lkml.kernel.org/r/20230330191801.1967435-6-yosryahmed@google.com Change-Id: I9c28e852e1a37202fbd3ee419c72acf667d63404 Signed-off-by:
-
Yosry Ahmed authored
As Johannes notes in [1], stats_flush_lock is currently used to: (a) Protect updated to stats_flush_threshold. (b) Protect updates to flush_next_time. (c) Serializes calls to cgroup_rstat_flush() based on those ratelimits. However: 1. stats_flush_threshold is already an atomic 2. flush_next_time is not atomic. The writer is locked, but the reader is lockless. If the reader races with a flush, you could see this: if (time_after(jiffies, flush_next_time)) spin_trylock() flush_next_time = now + delay flush() spin_unlock() spin_trylock() flush_next_time = now + delay flush() spin_unlock() which means we already can get flushes at a higher frequency than FLUSH_TIME during races. But it isn't really a problem. The reader could also see garbled partial updates if the compiler decides to split the write, so it needs at least READ_ONCE and WRITE_ONCE protection. 3. Serializing cgroup_rstat_flush() calls against the ratelimit factors is currently broken because of the race in 2. But the race is actually harmless, all we might get is the occasional earlier flush. If there is no delta, the flush won't do much. And if there is, the flush is justified. So the lock can be removed all together. However, the lock also served the purpose of preventing a thundering herd problem for concurrent flushers, see [2]. Use an atomic instead to serve the purpose of unifying concurrent flushers. [1]https://lore.kernel.org/lkml/20230323172732.GE739026@cmpxchg.org/ [2]https://lore.kernel.org/lkml/20210716212137.1391164-2-shakeelb@google.com/ Link: https://lkml.kernel.org/r/20230330191801.1967435-5-yosryahmed@google.com Change-Id: I98e8344b440486162426186c4abdf21e02eebd43 Signed-off-by: -
Yosry Ahmed authored
Currently, the only context in which we can invoke an rstat flush from irq context is through mem_cgroup_usage() on the root memcg when called from memcg_check_events(). An rstat flush is an expensive operation that should not be done in irq context, so do not flush stats and use the stale stats in this case. Arguably, usage threshold events are not reliable on the root memcg anyway since its usage is ill-defined. Link: https://lkml.kernel.org/r/20230330191801.1967435-4-yosryahmed@google.com Change-Id: If230311168f126e3741afaeab1f20cb1949190f0 Signed-off-by:
-
Yosry Ahmed authored
mem_cgroup_flush_stats_delayed() suggests his is using a delayed_work, but this is actually sometimes flushing directly from the callsite. What it's doing is ratelimited calls. A better name would be mem_cgroup_flush_stats_ratelimited(). Link: https://lkml.kernel.org/r/20230330191801.1967435-3-yosryahmed@google.com Change-Id: Ib418ae17599d10c520b766f0c0e4396a43906256 Signed-off-by:
-
Yosry Ahmed authored
Patch series "memcg: avoid flushing stats atomically where possible", v3. rstat flushing is an expensive operation that scales with the number of cpus and the number of cgroups in the system. The purpose of this series is to minimize the contexts where we flush stats atomically. Patches 1 and 2 are cleanups requested during reviews of prior versions of this series. Patch 3 makes sure we never try to flush from within an irq context. Patches 4 to 7 introduce separate variants of mem_cgroup_flush_stats() for atomic and non-atomic flushing, and make sure we only flush the stats atomically when necessary. Patch 8 is a slightly tangential optimization that limits the work done by rstat flushing in some scenarios. This patch (of 8): cgroup_rstat_flush_irqsafe() can be a confusing name. It may read as "irqs are disabled throughout", which is what the current implementation does (currently under discussion [1]), but is not the intention. The intention is that this function is safe to call from atomic contexts. Name it as such. Link: https://lkml.kernel.org/r/20230330191801.1967435-1-yosryahmed@google.com Link: https://lkml.kernel.org/r/20230330191801.1967435-2-yosryahmed@google.com Change-Id: I7a030bc657b330ce700a29ded19f995e26f3aec1 Signed-off-by:
-
- Jan 06, 2025
-
-
Eduard Zingerman authored
commit e9bd9c49 upstream. Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). Bug: 376430403 Fixes: 75748837 ("bpf: Propagate scalar ranges through register assignments.") Reported-by:
Lonial Con <kongln9170@gmail.com> Signed-off-by:
Eduard Zingerman <eddyz87@gmail.com> Signed-off-by:
Andrii Nakryiko <andrii@kernel.org> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Shung-Hsi Yu <shung-hsi.yu@suse.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit bfe9446e) Signed-off-by:
Lee Jones <joneslee@google.com> Change-Id: I1e6c5b53e5ebfcae5300e7a1c692c7a6448e200c
-
- Jan 03, 2025
-
-
Dan Carpenter authored
commit f7d306b4 upstream. The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Bug: 382243530 Fixes: b909df18 ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable@kernel.org Signed-off-by:
Dan Carpenter <dan.carpenter@linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mountain Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Benoît Sevens <bsevens@google.com> Signed-off-by:
-
- Dec 27, 2024
-
-
zhangpeng authored
1 function symbol(s) added 'void tcp_cong_avoid_ai(struct tcp_sock *tp, u32 w, u32 acked)' Bug: 383007920 Change-Id: I6975f6a61fb5b01cde75ae96779ff6f570663e1c Signed-off-by:zhangpeng <zhangpeng9@oppo.com>
-
- Dec 26, 2024
-
-
Tvrtko Ursulin authored
Release all fence references if the output dma-fence-array could not be allocated. Bug: 379008999 Change-Id: I9d60f6f8b37e15926a40038b0278b70f4653ce51 Signed-off-by:
Tvrtko Ursulin <tvrtko.ursulin@igalia.com> Fixes: 245a4a7b ("dma-buf: generalize dma_fence unwrap & merging v3") Cc: Christian König <christian.koenig@amd.com> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: Gustavo Padovan <gustavo@padovan.org> Cc: Friedrich Vock <friedrich.vock@gmx.de> Cc: linux-media@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linaro-mm-sig@lists.linaro.org Cc: <stable@vger.kernel.org> # v6.0+ Reviewed-by:
Christian König <christian.koenig@amd.com> Signed-off-by:
-
Dan Carpenter authored
Smatch detected potential error pointer dereference. drivers/gpu/drm/drm_syncobj.c:888 drm_syncobj_transfer_to_timeline() error: 'fence' dereferencing possible ERR_PTR() The error pointer comes from dma_fence_allocate_private_stub(). One caller expected error pointers and one expected NULL pointers. Change it to return NULL and update the caller which expected error pointers, drm_syncobj_assign_null_handle(), to check for NULL instead. Bug: 379008999 Fixes: f781f661 ("dma-buf: keep the signaling time of merged fences v3") Change-Id: Iedc77bd8dcd22735f344bc90c7560a399d2e2690 Signed-off-by:Sumit Semwal <sumit.semwal@linaro.org> Signed-off-by:
-
Danilo Krummrich authored
In dma_fence_allocate_private_stub() set the signaling bit of the newly allocated private stub fence rather than the signaling bit of the shared dma_fence_stub. Bug: 379008999 Fixes: c85d00d4 ("dma-buf: set signaling bit for the stub fence") Reviewed-by:
Danilo Krummrich <dakr@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230126002844.339593-1-dakr@redhat.com (cherry picked from commit 851a4a77) Signed-off-by:
-
Arvind Yadav authored
Here's setting software signaling bit for the stub fence which is always signaled. If this fence signaling bit is not set then the AMD GPU scheduler will cause a GPU reset due to a GPU scheduler cleanup activity timeout. Bug: 379008999 Change-Id: Ie48c708d40a6612085326be3a16de386fcafd175 Signed-off-by:
Arvind Yadav <Arvind.Yadav@amd.com> Reviewed-by:
-
XueBing Chen authored
The strlcpy should not be used because it doesn't limit the source length. Preferred is strscpy. Bug: 379008999 Change-Id: If06d6be68025e6327c0cd9a890d3e99352dfe852 Signed-off-by:
XueBing Chen <chenxuebing@jari.cn> Signed-off-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/6aad3bff.d1a.181b982d1b1.Coremail.chenxuebing@jari.cn (cherry picked from commit bcfa6be2) Signed-off-by:
-
Christian König authored
Introduce a dma_fence_unwrap_merge() macro which allows to unwrap fences which potentially can be containers as well and then merge them back together into a flat dma_fence_array. v2: rename the function, add some more comments about how the wrapper is used, move filtering of signaled fences into the unwrap iterator, add complex selftest which covers more cases. v3: fix signaled fence filtering once more Bug: 379008999 Change-Id: I85a495735b4119fb45d16c465770735f13089d54 Signed-off-by: -
Christian König authored
Some Android CTS is testing if the signaling time keeps consistent during merges. v2: use the current time if the fence is still in the signaling path and the timestamp not yet available. v3: improve comment, fix one more case to use the correct timestamp Bug: 379008999 Change-Id: Ia29fbb61d7a2a3c32fecfc2dbf30fcb39eeff38f Signed-off-by:
Luben Tuikov <luben.tuikov@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230630120041.109216-1-christian.koenig@amd.com (cherry picked from commit f781f661) [kiyoshi: Resolved conflict regarding drivers/dma-buf/dma-fence-unwrap.c Added alternative function to avoid changing dma_fence_allocate_private_stub which is already exported] Signed-off-by:
Kiyoshi Konno <konno.kiyoshi@sharp.corp-partner.google.com> [TJ: Add dma-fence-unwrap.o to Makefile now that it has been adapted to work with our new dma_fence_allocate_private_stub_with_timestamp function in an ABI-stable way.] Signed-off-by:
-
Christian König authored
Move the code from the inline functions into exported functions. Bug: 379008999 Change-Id: Ib0d156faa7270a9a2bb4124cfc781c0a2fea9752 Signed-off-by:
-
Christian König authored
The selftests, fix the error handling, remove unused functions and stop leaking memory in failed tests. v2: fix the memory leak correctly. Bug: 379008999 Change-Id: I09e0d050979f8a19c7a1b87531ed1947e8df450e Signed-off-by:
-
Christian König authored
A bug inside the new sync-file merge code created empty dma_fence_array instances. Warn about that and handle those without crashing. Bug: 379008999 Change-Id: Ibcbcedca1842920e42334de04d92f00baf9fdd21 Signed-off-by:
Thomas Hellström <thomas.hellstrom@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220329070001.134180-2-christian.koenig@amd.com (cherry picked from commit c42ee39c) Signed-off-by:
-
- Dec 17, 2024
-
-
Takashi Iwai authored
commit a3dd4d63 upstream. The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. Bug: 382239029 Reported-by:
-
- Dec 16, 2024
-
-
Benoît Sevens authored
commit b909df18 upstream. A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration. Bug: 382243530 Signed-off-by:
-
- Dec 11, 2024
-
-
Greg Kroah-Hartman authored
This merges up to the 5.15.170 LTS release into the android13-5.15 branch. Changes included in here are: * 1f9202a6d83b UPSTREAM: ACPI: PRM: Clean up guid type in struct prm_handler_info * 74cdbb4051d6 Merge 0d0d55b3ee03 ("riscv: Remove duplicated GET_RM") into android13-5.15-lts |\ | * 0d0d55b3ee03 riscv: Remove duplicated GET_RM | * 6ad44aa8e11c riscv: Remove unused GENERATING_ASM_OFFSETS | * f6070925f469 riscv: Use '%u' to format the output of 'cpu' | * ddb04c81d129 riscv: efi: Set NX compat flag in PE/COFF header | * 1c54b0b0d72c riscv: vdso: Prevent the compiler from inserting calls to memset() | * 69548bb663fc nilfs2: fix potential deadlock with newly created symlinks | * 7a59817f68e7 iio: light: veml6030: fix microlux value calculation | * 4f588fffc307 iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() | * 2f39548f4569 staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() | * 8ac22fe1e2b1 wifi: iwlegacy: Clear stale interrupts before resuming device | * 705be2dc45c7 wifi: ath10k: Fix memory leak in management tx | * b2bcbe5450b2 wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower | * 4749d336170d Revert "driver core: Fix uevent_show() vs driver detach race" | * c4f90f09713f xhci: Use pm_runtime_get to prevent RPM on unsupported systems | * 78a6caa022de xhci: Fix Link TRB DMA in command ring stopped completion event | * 391884630fba usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() | * 14d1e39269a8 usb: phy: Fix API devm_usb_put_phy() can not release the phy | * f9889e5f7c7f usbip: tools: Fix detach_port() invalid port error path | * 057b5b971666 misc: sgi-gru: Don't disable preemption in GRU driver | * 9ce8e1d7ef45 NFS: remove revoked delegation from server's delegation list | * cb1711e65bff net: amd: mvme147: Fix probe banner message | * e1d57c29e473 scsi: scsi_transport_fc: Allow setting rport state to current state | * 60fb94ef46c2 fs/ntfs3: Additional check in ni_clear() | * 47e8a17491e3 fs/ntfs3: Fix possible deadlock in mi_read | * 759016b1f033 fs/ntfs3: Fix warning possible deadlock in ntfs_set_state | * e5ae78590086 fs/ntfs3: Check if more than chunk-size bytes are written | * c46d6b025880 ACPI: CPPC: Make rmw_lock a raw_spin_lock | * 564caf173b86 firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() | * b1d2de8a669f netfilter: nft_payload: sanitize offset and length before calling skb_checksum() | * 9f605135a5c0 net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension | * ba22ea013483 netfilter: Fix use-after-free in get_info() | * 86c8ebe02d88 bpf: Fix out-of-bounds write in trie_get_next_key() | * c2150f666c6f netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() | * 05df1b1dff8f net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT | * 86833e4e6131 gtp: allow -1 to be specified as file description from userspace | * 5edcb3fdb12c ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() | * ece593fc9c00 net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data | * 720be854fb6e ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() | * 3f45d590ccba wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() | * daa426f19aad wifi: iwlwifi: mvm: disconnect station vifs if recovery failed | * 120d8ce61073 mac80211: Add support to trigger sta disconnect on hardware restart | * 41c8acb33792 mac80211: do drv_reconfig_complete() before restarting all | * 730dc0818fb8 RDMA/bnxt_re: synchronize the qp-handle table array | * adf37466c383 RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down | * 15d3b1735ea4 RDMA/cxgb4: Dump vendor specific QP details | * 1c3beef55527 wifi: brcm80211: BRCM_TRACING should depend on TRACING | * e97b59cda228 wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys | * 52f47de44820 mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING | * a69d18e8029d cgroup: Fix potential overflow issue when checking max_depth | * 8df529295308 ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context | * 6ef99e50be2f ACPI: PRM: Change handler_addr type to void pointer | * 0a1b0b04aecd ACPI: PRM: Remove unnecessary blank lines | * 0f62358ce85b ksmbd: fix user-after-free from session log off | * 7bed977305af selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test * | 431fb5556be3 Merge 5.15.170 into android13-5.15-lts |\| | * 72244eab0dad Linux 5.15.170 | * 2d08a6c31c65 xfrm: validate new SA's prefixlen using SA family when sel.family is unset | * a8e691fe1894 ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() | * b5cd035ebb9b net: phy: dp83822: Fix reset pin definitions | * 399927f0f875 serial: protect uart_port_dtr_rts() in uart_shutdown() too | * fcfc61f63fbe selinux: improve error checking in sel_write_load() | * b7a396f76ada hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event | * 610d4cea9b44 xfrm: fix one more kernel-infoleak in algo dumping | * 385e2f3e0d83 ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 | * 58cb697d80e6 KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory | * dc39799f0cc2 openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) | * 822203f6355f nilfs2: fix kernel bug due to missing clearing of buffer delay flag | * 681c99175bb8 ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue | * c5a3aaa37713 ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] | * 6032287747f8 drm/amd: Guard against bad data for ATIF ACPI method | * df75b21af792 btrfs: zoned: fix zone unusable accounting for freed reserved extent | * 6c6774cd760d ALSA: hda/realtek: Update default depop procedure | * 7d4eb9e22131 ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() | * b4007d5fe386 bpf,perf: Fix perf_event_detach_bpf_prog error handling | * e56e0ec1b79f posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() | * b96eff3d8340 r8169: avoid unsolicited interrupts | * 999612996df2 net: sched: fix use-after-free in taprio_change() | * cc1c98da1338 net: usb: usbnet: fix name regression | * c9a0aed51977 net: wwan: fix global oob in wwan_rtnl_policy | * 90baa455aa7e netfilter: xtables: fix typo causing some targets not to load on IPv6 | * 7dbd5b9ff067 net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x | * 38eb59665643 net: plip: fix break; causing plip to never transmit | * 919ab6e23702 be2net: fix potential memory leak in be_xmit() | * 9c6ce55e6f0b net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() * | 252009836bae Merge 45cb99c5b95e ("xfrm: respect ip protocols rules criteria when performing dst lookups") into android13-5.15-lts |\| | * 45cb99c5b95e xfrm: respect ip protocols rules criteria when performing dst lookups | * 253843ec0c0a xfrm: extract dst lookup parameters into a struct * | 8f485cd2a27c Merge b86b0d6eea20 ("tracing: Consider the NULL character when validating the event length") into android13-5.15-lts |\| | * b86b0d6eea20 tracing: Consider the NULL character when validating the event length | * cdf3ab1cf811 jfs: Fix sanity check in dbMount | * f9e6e1f00fcd platform/x86: dell-sysman: add support for alienware products | * 4b520c11d0f3 ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string | * 0e13fe4298a3 arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning | * e1ce098ea047 platform/x86: dell-wmi: Ignore suspend notifications | * 4fc0d8660e39 udf: fix uninit-value use in udf_get_fileshortad | * f952a33478b7 arm64: Force position-independent veneers | * 11db74f6a293 ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit | * 0bb2cb789349 ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values | * 34a422274b69 drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA | * b723f96407a0 exec: don't WARN for racy path_noexec check | * dd5db4078d12 block, bfq: fix procress reference leakage for bfqq in merge chain * | fa1d8b6c5d4d Merge 073530898ebf ("usb: dwc3: core: Fix system suspend on TI AM62 platforms") into android13-5.15-lts |\| | * 073530898ebf usb: dwc3: core: Fix system suspend on TI AM62 platforms | * 81213d2058ec XHCI: Separate PORT and CAPs macros into dedicated file | * c3f3926854b1 usb: gadget: Add function wakeup support * | 9efd694ed939 Revert "genetlink: hold RCU in genlmsg_mcast()" * | 41a431a7694c ANDROID: GKI: fix up build break where timer_delete_sync() was used * | 249b164cd374 Merge 6a5de8753c70 ("KVM: s390: gaccess: Check if guest address is in memslot") into android13-5.15-lts |\| | * 6a5de8753c70 KVM: s390: gaccess: Check if guest address is in memslot | * cbb31278711d KVM: s390: gaccess: Cleanup access to guest pages | * 567e7bcb10cc KVM: s390: gaccess: Refactor access address range check | * 1f1c1ccdcb50 KVM: s390: gaccess: Refactor gpa and length calculation | * cf60d19d4018 arm64: probes: Fix uprobes for big-endian kernels | * acfb32d42a31 arm64:uprobe fix the uprobe SWBP_INSN in big-endian | * fa58e23ea135 Bluetooth: bnep: fix wild-memory-access in proto_unregister | * 42d83e5fed3e s390: Initialize psw mask in perf_arch_fetch_caller_regs() | * 874744060568 usb: typec: altmode should keep reference to parent | * e07d05b7f5ad smb: client: fix OOBs when building SMB2_IOCTL request | * 39e02fa90323 scsi: target: core: Fix null-ptr-deref in target_alloc_device() | * 03ca631c07f3 genetlink: hold RCU in genlmsg_mcast() | * 8459d61fbf24 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). | * 5febfc545389 net: systemport: fix potential memory leak in bcm_sysport_xmit() | * 9e006c176f84 net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() | * 231145193175 net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid | * 1eaa58198c64 net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() | * 09839c24769f macsec: don't increment counters for an unrelated SA | * 75df8b53800c octeontx2-af: Fix potential integer overflows on integer shifts | * 213d1ff6c491 net: usb: usbnet: fix race in probe failure | * b340df745867 drm/msm: Allocate memory for disp snapshot with kvzalloc() | * 42cf045086fe drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() | * d125fbf1e128 drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation | * de5857fa7bcc RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages | * e810e6d46403 RDMA/bnxt_re: Return more meaningful error | * ca83bc311ab0 ipv4: give an IPv4 dev to blackhole_netdev | * 6a0c627cd76e RDMA/irdma: Fix misspelling of "accept*" | * 2e78ecb1220a RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP | * 4e19aca8db69 ALSA: hda/cs8409: Fix possible NULL dereference | * 208d3edea110 ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin | * e8143c069932 x86/resctrl: Avoid overflow in MB settings in bw_validate() | * 322a19baaaa2 RDMA/bnxt_re: Add a check for memory allocation | * 0a2430b146d6 RDMA/bnxt_re: Fix incorrect AVID type in WQE structure | * fe068afb8686 bpf: devmap: provide rxq after redirect | * 4e1e42853384 bpf: Make sure internal and UAPI bpf_redirect flags don't overlap * | 548ca9fbf844 BACKPORT: udf: Allocate name buffer in directory iterator on heap * | 1721891cc816 Merge 5.15.169 into android13-5.15-lts |/ * 74cdd62cb470 Linux 5.15.169 * f74847722133 ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 * eb817fe255e1 powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() * edf814605726 nilfs2: propagate directory read errors from nilfs_find_entry() * 5b88612ea5de mptcp: prevent MPC handshake on port-based signal endpoints * 353016364391 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow * 2b1281f9fd01 mptcp: fallback when MPTCP opts are dropped after 1st data * 9729010a0ac5 tcp: fix mptcp DSS corruption due to large pmtu xmit * 12c1676d598e mptcp: handle consistently DSS corruption * 6654efe264b0 mptcp: track and update contiguous data status * 755b9532c885 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE * 655f5d4662b9 pinctrl: ocelot: fix system hang on level based interrupts * b6400eb0b347 x86/entry_32: Clear CPU buffers after register restore in NMI return * a6f4701f8dcf x86/entry_32: Do not clobber user EFLAGS.ZF * 12dd888f4845 x86/apic: Always explicitly disarm TSC-deadline timer * 7861ca27f6bd x86/resctrl: Annotate get_mem_config() functions as __init * 440311903231 parport: Proper fix for array out-of-bounds access * 88a892071d22 USB: serial: option: add Telit FN920C04 MBIM compositions * d062bbc58f85 USB: serial: option: add support for Quectel EG916Q-GL * b6ae69ec6002 xhci: Mitigate failed set dequeue pointer commands * dca9429c307b xhci: Fix incorrect stream context type macro * 7c270acfc8ec Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 * 04bba4714f26 Bluetooth: Remove debugfs directory on module init failure * bb76a6ecf1b9 iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig * 7db9bcb846d1 iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig * c202eadbf9cc iio: light: opt3001: add missing full-scale range value * 50039aec43a8 iio: light: veml6030: fix IIO device retrieval from embedded device * cf95ce2cff8d iio: light: veml6030: fix ALS sensor resolution * 3cf71f6f21b2 iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() * 37be5d0d5443 iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig * e209a51ad215 iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig * 51a9a143448a iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig * 605c0d55dcf7 iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig * 572006a05eaa drm/vmwgfx: Handle surface check failure correctly * fda5dc80121b drm/radeon: Fix encoder->possible_clones * e8dd801362b3 io_uring/sqpoll: close race on waiting for sqring entries * 455a469758e5 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race * 0b263c2086ef x86/bugs: Do not use UNTRAIN_RET with IBPB on entry * 0cced32e21ef x86/bugs: Skip RSB fill at VMEXIT * e421c6839f69 x86/entry: Have entry_ibpb() invalidate return predictions * 1e0398acb650 x86/cpufeatures: Add a IBPB_NO_RET BUG flag * 43bdd2ea738e x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET * dad88f266f30 KVM: s390: Change virtual to physical address access in diag 0x258 handler * 41693253973e s390/sclp_vt220: Convert newlines to CRLF instead of LFCR * 0bd9a30c22af iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices * 07efbee2214c io_uring/sqpoll: do not put cpumask on stack * 939007d2a9fa io_uring/sqpoll: retain test for whether the CPU is valid * 592e7864e44c io_uring/sqpoll: do not allow pinning outside of cpuset * 3ae63a8c1685 drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) * 82bd728a06e5 KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() * b825e0f9d68c dm-crypt, dm-verity: disable tasklets * e8a834eb09bb wifi: mac80211: fix potential key use-after-free * d0ae6ffa1aeb secretmem: disable memfd_secret() if arch cannot set direct map * e41710f5a61a mm/swapfile: skip HugeTLB pages for unuse_vma * cc1102b5473e fat: fix uninitialized variable * 1043b6453914 irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 * c81dcaa9cd0b net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY * 659fae608501 arm64: probes: Fix simulate_ldr*_literal() * ad4bc35a6d22 arm64: probes: Remove broken LDR (literal) uprobe support * c8789fbe2bbf posix-clock: Fix missing timespec64 check in pc_clock_settime() * dcc7207483b2 net: enetc: add missing static descriptor and inline keyword * 6430aaaee5b0 net: enetc: remove xdp_drops statistic from enetc_xdp_drop() * 9c439311c13f udf: Fix bogus checksum computation in udf_rename() * 4a1d95fc9706 udf: Don't return bh from udf_expand_dir_adinicb() * dfb34bb97d4b udf: Handle error when expanding directory * cb2b0325b76c udf: Remove old directory iteration code * 0003d349614d udf: Convert udf_link() to new directory iteration code * 25815ac67179 udf: Convert udf_mkdir() to new directory iteration code * feeb42a744f2 udf: Convert udf_add_nondir() to new directory iteration * f3c2fe1dfcee udf: Implement adding of dir entries using new iteration code * 55b445b2fccb udf: Convert udf_unlink() to new directory iteration code * 8c32b93e7879 udf: Convert udf_rmdir() to new directory iteration code * 6decbe20362e udf: Convert empty_dir() to new directory iteration code * dd74f6d3ed6a udf: Convert udf_get_parent() to new directory iteration code * 8cd380c6dd90 udf: Convert udf_lookup() to use new directory iteration code * 39d52a113ef8 udf: Convert udf_readdir() to new directory iteration * 626860c470ff udf: Convert udf_rename() to new directory iteration code * e6355892ca87 udf: Provide function to mark entry as deleted using new directory iteration code * a48e84cc50e6 udf: Implement searching for directory entry using new iteration code * 7add383ba57d udf: Move udf_expand_dir_adinicb() to its callsite * 311192441cc8 udf: Convert udf_expand_dir_adinicb() to new directory iteration * de268ec62a15 udf: New directory iteration code * 46dcafa90dff ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 Change-Id: Ia3a5aae9de7eed202b824371a4f2dcf8b7e35642 Signed-off-by:Greg Kroah-Hartman <gregkh@google.com>
-
Todd Kjos authored
This reverts commit 62bbb08a. Reason for revert: b/382800956 Change-Id: Ic7a0cdbb060c12c1628a5859d795e78cd6b9341d Signed-off-by:
-
- Dec 09, 2024
-
-
Dan Carpenter authored
commit 3d1c6512 upstream. Clang 19 prints a warning when we pass &th->guid to efi_pa_va_lookup(): drivers/acpi/prmt.c:156:29: error: passing 1-byte aligned argument to 4-byte aligned parameter 1 of 'efi_pa_va_lookup' may result in an unaligned pointer access [-Werror,-Walign-mismatch] 156 | (void *)efi_pa_va_lookup(&th->guid, handler_info->handler_address); | ^ The problem is that efi_pa_va_lookup() takes a efi_guid_t and &th->guid is a regular guid_t. The difference between the two types is the alignment. efi_guid_t is a typedef. typedef guid_t efi_guid_t __aligned(__alignof__(u32)); It's possible that this a bug in Clang 19. Even though the alignment of &th->guid is not explicitly specified, it will still end up being aligned at 4 or 8 bytes. Anyway, as Ard points out, it's cleaner to change guid to efi_guid_t type and that also makes the warning go away. Fixes: 088984c8 ("ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context") Reported-by:
Linux Kernel Functional Testing <lkft@linaro.org> Suggested-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
Paul E. McKenney <paulmck@kernel.org> Acked-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> [nathan: Fix conflicts due to lack of e38abdab] Signed-off-by:
Nathan Chancellor <nathan@kernel.org> Signed-off-by:
-
Hyunwoo Kim authored
commit 6ca57537 upstream. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. Bug: 378870958 Cc: stable <stable@kernel.org> Fixes: 06a8fc78 ("VSOCK: Introduce virtio_vsock_common.ko") Signed-off-by:
Hyunwoo Kim <v4bel@theori.io> Signed-off-by:
Wongi Lee <qwerty@theori.io> Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
- Dec 06, 2024
-
-
Greg Kroah-Hartman authored
Steps on the way to 5.15.171 Resolves merge conflicts in: drivers/firmware/arm_sdei.c include/net/ip_tunnels.h Change-Id: I05844c8dee4587ec3be42906c73dafb523cd669b Signed-off-by:
-
- Dec 05, 2024
-
-
Greg Kroah-Hartman authored
Changes in 5.15.170 bpf: Make sure internal and UAPI bpf_redirect flags don't overlap bpf: devmap: provide rxq after redirect RDMA/bnxt_re: Fix incorrect AVID type in WQE structure RDMA/bnxt_re: Add a check for memory allocation x86/resctrl: Avoid overflow in MB settings in bw_validate() ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin ALSA: hda/cs8409: Fix possible NULL dereference RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/irdma: Fix misspelling of "accept*" ipv4: give an IPv4 dev to blackhole_netdev RDMA/bnxt_re: Return more meaningful error RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() drm/msm: Allocate memory for disp snapshot with kvzalloc() net: usb: usbnet: fix race in probe failure octeontx2-af: Fix potential integer overflows on integer shifts macsec: don't increment counters for an unrelated SA net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() net: systemport: fix potential memory leak in bcm_sysport_xmit() tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). genetlink: hold RCU in genlmsg_mcast() scsi: target: core: Fix null-ptr-deref in target_alloc_device() smb: client: fix OOBs when building SMB2_IOCTL request usb: typec: altmode should keep reference to parent s390: Initialize psw mask in perf_arch_fetch_caller_regs() Bluetooth: bnep: fix wild-memory-access in proto_unregister arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64: probes: Fix uprobes for big-endian kernels KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Check if guest address is in memslot usb: gadget: Add function wakeup support XHCI: Separate PORT and CAPs macros into dedicated file usb: dwc3: core: Fix system suspend on TI AM62 platforms block, bfq: fix procress reference leakage for bfqq in merge chain exec: don't WARN for racy path_noexec check drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit arm64: Force position-independent veneers udf: fix uninit-value use in udf_get_fileshortad platform/x86: dell-wmi: Ignore suspend notifications arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string platform/x86: dell-sysman: add support for alienware products jfs: Fix sanity check in dbMount tracing: Consider the NULL character when validating the event length xfrm: extract dst lookup parameters into a struct xfrm: respect ip protocols rules criteria when performing dst lookups net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() net: plip: fix break; causing plip to never transmit net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x netfilter: xtables: fix typo causing some targets not to load on IPv6 net: wwan: fix global oob in wwan_rtnl_policy net: usb: usbnet: fix name regression net: sched: fix use-after-free in taprio_change() r8169: avoid unsolicited interrupts posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() bpf,perf: Fix perf_event_detach_bpf_prog error handling ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() ALSA: hda/realtek: Update default depop procedure btrfs: zoned: fix zone unusable accounting for freed reserved extent drm/amd: Guard against bad data for ATIF ACPI method ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue nilfs2: fix kernel bug due to missing clearing of buffer delay flag openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 xfrm: fix one more kernel-infoleak in algo dumping hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event selinux: improve error checking in sel_write_load() serial: protect uart_port_dtr_rts() in uart_shutdown() too net: phy: dp83822: Fix reset pin definitions ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() xfrm: validate new SA's prefixlen using SA family when sel.family is unset Linux 5.15.170 Change-Id: I84f561807e0db33ca34fff5e4f924a4e5b8e6da9 Signed-off-by: -
Qi Han authored
UPSTREAM: f2fs: modify f2fs_is_checkpoint_ready logic to allow more data to be written with the CP disable When the free segment is used up during CP disable, many write or ioctl operations will get ENOSPC error codes, even if there are still many blocks available. We can reproduce it in the following steps: dd if=/dev/zero of=f2fs.img bs=1M count=65 mkfs.f2fs -f f2fs.img mount f2fs.img f2fs_dir -o checkpoint=disable:10% cd f2fs_dir i=1 ; while [[ $i -lt 50 ]] ; do (file_name=./2M_file$i ; dd \ if=/dev/random of=$file_name bs=1M count=2); i=$((i+1)); done sync i=1 ; while [[ $i -lt 50 ]] ; do (file_name=./2M_file$i ; truncate \ -s 1K $file_name); i=$((i+1)); done sync dd if=/dev/zero of=./file bs=1M count=20 In f2fs_need_SSR() function, it is allowed to use SSR to allocate blocks when CP is disabled, so in f2fs_is_checkpoint_ready function, can we judge the number of invalid blocks when free segment is not enough, and return ENOSPC only if the number of invalid blocks is also not enough. Signed-off-by:
Daniel Rosenberg <drosen@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:225caf3bdf7a4977ae50ba9b5c5470a16d480100) Merged-In: I41ad315f603cd764d0e9b8ef984447e7116b1514 Change-Id: I41ad315f603cd764d0e9b8ef984447e7116b1514
-
Chao Yu authored
There are very similar codes in inc_valid_block_count() and inc_valid_node_count() which is used for available user block count calculation. This patch introduces a new helper get_available_block_count() to include those common codes, and used it to clean up codes. Signed-off-by:
-
