- 22 Mar, 2022 2 commits
-
-
Hangyu Hua authored
commit 501e38a5 upstream. dev->config and dev->hs_config and dev->dev need to be cleaned if dev_config fails to avoid UAF. Bug: 220261709 Acked-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
Hangyu Hua <hbh25y@gmail.com> Link: https://lore.kernel.org/r/20211231172138.7993-3-hbh25y@gmail.com Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Change-Id: I149a16bc8db7262c3ab9c2f72a0f10c6caebee83
-
Hangyu Hua authored
commit 89f3594d upstream. dev->buf does not need to be released if it already exists before executing dev_config. Bug: 220261709 Acked-by:
-
- 21 Mar, 2022 1 commit
-
-
Greg Kroah-Hartman authored
This is the merge of the upstream LTS release of 5.4.180 into the android11-5.4 branch. It contains the following commits: 20d2140d Merge 5.4.180 into android11-5.4-lts 7b3eb66d Linux 5.4.180 9d09cb11 ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE a2ed7b29 perf: Fix list corruption in perf_cgroup_switch() f79cbf75 scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled a1a018e2 hwmon: (dell-smm) Speed up setting of fan speed 1e30073c seccomp: Invalidate seccomp mode to catch death failures a3769078 USB: serial: cp210x: add CPI Bulk Coin Recycler id fade0cbf USB: serial: cp210x: add NCR Retail IO box id 697b9ed2 USB: serial: ch341: add support for GW Instek USB2.0-Serial devices ed4fddac USB: serial: option: add ZTE MF286D modem f729dfd3 USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 f297b610 usb: gadget: f_uac2: Define specific wTerminalType c9e95287 usb: gadget: rndis: check size of RNDIS_MSG_SET command 38fd68f5 USB: gadget: validate interface OS descriptor requests 3054dfef usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition 8f032eae usb: dwc3: gadget: Prevent core from processing stale TRBs 3a9953b2 usb: ulpi: Call of_node_put correctly 12ab57a2 usb: ulpi: Move of_node_put to ulpi_dev_release a0fd5492 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup 3937c354 eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX d4dc28db n_tty: wake up poll(POLLRDNORM) on receiving data 0e31f914 vt_ioctl: add array_index_nospec to VT_ACTIVATE ae3d5741 vt_ioctl: fix array_index_nospec in vt_setactivate 311c82a6 net: amd-xgbe: disable interrupts during pci removal b3e998a5 tipc: rate limit warning for received illegal binding update e7daad5c net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE c99e6635 veth: fix races around rq->rx_notify_masked a80817ad net: fix a memleak when uncloning an skb dst and its metadata 0b6087c6 net: do not keep the dst cache when uncloning an skb dst and its metadata 3f41ec8c nfp: flower: fix ida_idx not being released 16dcfde9 ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path 4bcfbec3 bonding: pair enable_port with slave_arr_updates e432f25c ixgbevf: Require large buffers for build_skb on 82599VF 4e6fd2b5 misc: fastrpc: avoid double fput() on failed usercopy c9fc422c usb: f_fs: Fix use-after-free for epfile 33622218 ARM: dts: imx6qdl-udoo: Properly describe the SD card detect 94888cf7 staging: fbtft: Fix error path in fbtft_driver_module_init() 2650ed47 ARM: dts: meson: Fix the UART compatible strings 4ccb639b perf probe: Fix ppc64 'perf probe add events failed' case b4a59eaf net: bridge: fix stale eth hdr pointer in br_dev_xmit b55a0cdb PM: s2idle: ACPI: Fix wakeup interrupts handling e37a2a6b ACPI/IORT: Check node revision for PMCG resources 153d0f35 nvme-tcp: fix bogus request completion when failing to send AER a44ca403 ARM: socfpga: fix missing RESET_CONTROLLER 8a0bad44 ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group 9d5e5832 riscv: fix build with binutils 2.38 c230f6ba bpf: Add kconfig knob for disabling unpriv bpf by default e2424c01 KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER a437c524 net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() 032065cc usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend 0863dedf PM: hibernate: Remove register_nosave_region_late() 5c5ceea0 scsi: myrs: Fix crash in error case 7cc32ff0 scsi: qedf: Fix refcount issue when LOGO is received during TMF c6a70771 scsi: target: iscsi: Make sure the np under each tpg is unique 9babdef2 net: sched: Clarify error message when qdisc kind is unknown 978264fb drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer 162e8d78 NFSv4 expose nfs_parse_server_name function 852c95db NFSv4 remove zero number of fs_locations entries error check 75e67eed NFSv4.1: Fix uninitialised variable in devicenotify 6efe3961 nfs: nfs4clinet: check the return value of kstrdup() 2acac498 NFSv4 only print the label when its queried 891c4ebf nvme: Fix parsing of ANA log page d7d345c8 NFSD: Fix offset type in I/O trace points 34217d77 NFSD: Clamp WRITE offsets 5fde7ca7 NFS: Fix initialisation of nfs_client cl_flags field 09295a98 net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs f84d17e6 net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs 60027834 mmc: sdhci-of-esdhc: Check for error num after setting mask 8a9511fd ima: Do not print policy rule with inactive LSM labels 89e51f2a ima: Allow template selection with ima_template[_fmt]= after ima_hash= 0939988b ima: Remove ima_policy file before directory ea58704f integrity: check the return value of audit_log_start() 82b6e178 Merge branch 'android11-5.4' into 'android11-5.4-lts' 58b36178 Merge 5.4.179 into android11-5.4-lts 52871671 Linux 5.4.179 d692e340 tipc: improve size validations for received domain records 3a0a7ec5 moxart: fix potential use-after-free on remove path 88fc697a Merge 5.4.178 into android11-5.4-lts 92070960 Merge 5.4.177 into android11-5.4-lts 76fd334f Linux 5.4.178 ed339069 cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning c8d7d7c5 ext4: fix error handling in ext4_restore_inline_data() f4a575ea EDAC/xgene: Fix deferred probing 0f1ca7ce EDAC/altera: Fix deferred probing 66c5aa57 rtc: cmos: Evaluate century appropriate 2ffe36c9 selftests: futex: Use variable MAKE instead of make c17a316f nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. 53e4f717 scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe bfba4e80 pinctrl: bcm2835: Fix a few error paths 71e60c17 ASoC: max9759: fix underflow in speaker_gain_control_put() e7e39632 ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name 7709133f ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes e51b323f ASoC: fsl: Add missing error handling in pcm030_fabric_probe 04698be8 drm/i915/overlay: Prevent divide by zero bugs in scaling 4a674b8e net: stmmac: ensure PTP time register reads are consistent 9afc0286 net: stmmac: dump gmac4 DMA registers correctly 77454c9a net: macsec: Verify that send_sci is on when setting Tx sci explicitly dc8c2f0d net: ieee802154: Return meaningful error codes from the netlink helpers 6f38d3a6 net: ieee802154: ca8210: Stop leaking skb's 859ded7a net: ieee802154: mcr20a: Fix lifs/sifs periods 13be1165 net: ieee802154: hwsim: Ensure proper channel selection at probe time 8cfa026a spi: meson-spicc: add IRQ check in meson_spicc_probe fe58eb96 spi: mediatek: Avoid NULL pointer crash in interrupt c9fc4851 spi: bcm-qspi: check for valid cs before applying chip select 6e0498e2 iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() 5c43d46d iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() cff7faba RDMA/mlx4: Don't continue event handler after memory allocation failure bc5d3e8b RDMA/siw: Fix broken RDMA Read Fence/Resume logic. 60af6e68 IB/rdmavt: Validate remote_addr during loopback atomic tests 4bbb6e6a memcg: charge fs_context and legacy_fs_context 2f837785 Revert "ASoC: mediatek: Check for error clk pointer" 95271778 block: bio-integrity: Advance seed correctly for larger interval sizes d3533ee2 mm/kmemleak: avoid scanning potential huge holes acc887ba drm/nouveau: fix off by one in BIOS boundary checking 26b3901d btrfs: fix deadlock between quota disable and qgroup rescan worker e680e4d3 ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows 7e59f055 ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) d8fbf567 ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks 66b5dd10 ALSA: hda/realtek: Add quirk for ASUS GU603 f2c5fde8 ALSA: usb-audio: Simplify quirk entries with a macro fd9a2331 ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() c33402b0 ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() 68fd7187 ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() 01baaf3b audit: improve audit queue handling when "audit=1" on cmdline 454e00ab Revert "net: fix information leakage in /proc/net/ptype" b8f53f91 Linux 5.4.177 4fc41403 af_packet: fix data-race in packet_setsockopt / packet_setsockopt db6c57d2 cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() bd43771e rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() b1d17e92 net: sched: fix use-after-free in tc_new_tfilter() 9892742f net: amd-xgbe: Fix skb data length underflow 28bdf65a net: amd-xgbe: ensure to reset the tx_timer_active flag f2a186a4 ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback 0e8283cb cgroup-v1: Require capabilities to set release_agent 2fd752ed psi: Fix uaf issue when psi trigger is destroyed while being polled 464da38b PCI: pciehp: Fix infinite loop in IRQ handler upon power fault 46c68a56 Merge 5.4.176 into android11-5.4-lts 2570bb27 Linux 5.4.176 5e2a4d02 mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() 6cbf4c73 block: Fix wrong offset in bio_truncate() 33a9ba52 fsnotify: invalidate dcache before IN_DELETE event b52103cb dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config e9131715 ipv4: remove sparse error in ip_neigh_gw4() c30ecdba ipv4: tcp: send zero IPID in SYNACK messages 51dde4ae ipv4: raw: lock the socket in raw_bind() 2d334469 net: hns3: handle empty unknown interrupt for VF 7afc09c8 yam: fix a memory leak in yam_siocdevprivate() 51edc483 drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy a15ed3e9 ibmvnic: don't spin in tasklet c09702f4 ibmvnic: init ->running_cap_crqs early 86217a4e hwmon: (lm90) Mark alert as broken for MAX6654 18684bb9 rxrpc: Adjust retransmission backoff f39027cb phylib: fix potential use-after-free 218cccb5 net: phy: broadcom: hook up soft_reset for BCM54616S 0d26470b netfilter: conntrack: don't increment invalid counter on NF_REPEAT abcb9d80 NFS: Ensure the server has an up to date ctime before renaming 30965c76 NFS: Ensure the server has an up to date ctime before hardlinking cdfaf8e9 ipv6: annotate accesses to fn->fn_sernum 581317b1 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable b3e3d584 drm/msm/dsi: Fix missing put_device() call in dsi_get_phy 4abd2a77 drm/msm: Fix wrong size calculation 9f0a6aca net-procfs: show net devices bound packet types 4fd45ff2 NFSv4: nfs_atomic_open() can race when looking up a non-regular file 0dfacee4 NFSv4: Handle case where the lookup of a directory fails c27abaa0 hwmon: (lm90) Reduce maximum conversion rate for G781 1f748455 ipv4: avoid using shared IP generator for connected sockets ca535577 ping: fix the sk_bound_dev_if match in ping_lookup 0b567a24 hwmon: (lm90) Mark alert as broken for MAX6680 b6303165 hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 e372ecd4 net: fix information leakage in /proc/net/ptype 20b7af41 ipv6_tunnel: Rate limit warning messages bf2bd892 scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() d380beb5 rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev da27b834 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev cb24af19 i40e: fix unsigned stat widths be6998f2 i40e: Fix queues reservation for XDP b16f1a07 i40e: Fix issue when maximum queues is exceeded f18aadbd i40e: Increase delay to 1 s after global EMP reset 7e945394 powerpc/32: Fix boot failure with GCC latent entropy plugin ff19d70b net: sfp: ignore disabled SFP node 5ede72d4 ucsi_ccg: Check DEV_INT bit only when starting CCG4 3922b6e1 usb: typec: tcpm: Do not disconnect while receiving VBUS off 9c61fce3 USB: core: Fix hang in usb_kill_urb by adding memory barriers 4fc6519b usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS 64e671a2 usb: common: ulpi: Fix crash in ulpi_match() d66dc656 usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge a06cba5a tty: Add support for Brainboxes UC cards. f5e6c946 tty: n_gsm: fix SW flow control encoding/handling 05b33011 serial: stm32: fix software flow control transfer 0b92eda2 serial: 8250: of: Fix mapped region size when using reg-offset property 2bf7dee6 netfilter: nft_payload: do not update layer 4 checksum when mangling fragments a6d58857 arm64: errata: Fix exec handling in erratum 1418040 workaround 5cbcd1f5 drm/etnaviv: relax submit size limits 5463cfd8 fsnotify: fix fsnotify hooks in pseudo filesystems 1614bd84 tracing: Don't inc err_log entry count if entry allocation fails 8a8878eb tracing/histogram: Fix a potential memory leak for kstrdup() 73578a9b PM: wakeup: simplify the output logic of pm_show_wakelocks() 31136e54 udf: Fix NULL ptr deref when converting from inline format 86bcc670 udf: Restore i_lenAlloc when inode expansion fails c54445af scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices 4d041e75 s390/hypfs: include z/VM guests with access control group set 835d3706 Bluetooth: refactor malicious adv data check 970ce66a Merge 5.4.175 into android11-5.4-lts a075d1be ANDROID: Fix CRC issue up with xfrm headers in 5.4.174 b3174205 Merge 5.4.174 into android11-5.4-lts 7cdf2951 Linux 5.4.175 84b1259f drm/vmwgfx: Fix stale file descriptors on failed usercopy 16895e4e select: Fix indefinitely sleeping task in poll_schedule_timeout() 53d5b08d mmc: sdhci-esdhc-imx: disable CMDQ support c3fa7ce4 ARM: dts: gpio-ranges property is now required 75278f1a pinctrl: bcm2835: Change init order for gpio hogs 0d006bb0 pinctrl: bcm2835: Add support for wake-up interrupts 08fd6274 pinctrl: bcm2835: Match BCM7211 compatible string ac3daf50 pinctrl: bcm2835: Add support for all GPIOs on BCM2711 e5237171 pinctrl: bcm2835: Refactor platform data 33e48b53 pinctrl: bcm2835: Drop unused define 75ca9c1d rcu: Tighten rcu_advance_cbs_nowake() checks 1b5553c7 drm/i915: Flush TLBs before releasing backing store 411d8da1 Linux 5.4.174 2c9650fa Revert "ia64: kprobes: Use generic kretprobe trampoline handler" d106693d mtd: nand: bbt: Fix corner case in bad block table handling 0c1b2038 lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test a836180f lib82596: Fix IRQ check in sni_82596_probe 3903f65a scripts/dtc: dtx_diff: remove broken example from help text b0e5b352 dt-bindings: display: meson-vpu: Add missing amlogic,canvas property e3e56170 dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property 810d3fac net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() e81d42e5 bcmgenet: add WOL IRQ check 3bd7629e net_sched: restore "mpu xxx" handling 918b3dbf arm64: dts: qcom: msm8996: drop not documented adreno properties 1e0e01eb dmaengine: at_xdmac: Fix at_xdmac_lld struct definition ca48aa7d dmaengine: at_xdmac: Fix lld view setting 0366901b dmaengine: at_xdmac: Fix concurrency over xfers_list d56e1fcb dmaengine: at_xdmac: Print debug message after realeasing the lock 7163076f dmaengine: at_xdmac: Don't start transactions at tx_submit level 9fbe8ea8 perf script: Fix hex dump character output e7e3f963 libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() 91e58091 gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst() 1e06cb37 xfrm: Don't accidentally set RTO_ONLINK in decode_session4() d6bfcc8d netns: add schedule point in ops_exit_list() 577d3c52 inet: frags: annotate races around fqdir->dead and fqdir->high_thresh 967ec4b0 rtc: pxa: fix null pointer dereference 1623e00e net: axienet: increase default TX ring size to 128 88d77277 net: axienet: fix number of TX ring slots for available check d2765d89 net: axienet: limit minimum TX ring size 2612e356 clk: si5341: Fix clock HW provider cleanup 7a831993 af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress fdc1ce97 f2fs: fix to reserve space for IO align feature f852afb6 parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries d25fe9c2 net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module 682a1e0e ipv4: avoid quadratic behavior in netns dismantle e6669fba bpftool: Remove inclusion of utilities.mak from Makefiles 9e5a74b6 powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses 461aedcf powerpc/cell: Fix clang -Wimplicit-fallthrough warning 261f9917 Revert "net/mlx5: Add retry mechanism to the command entry index allocation" 6926d427 dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK d2d45394 RDMA/rxe: Fix a typo in opcode name 1a3f263e RDMA/hns: Modify the mapping attribute of doorbell to device 0cb05af4 scsi: core: Show SCMD_LAST in text form 59c7ff95 Documentation: fix firewire.rst ABI file path error dafbd79e Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization 2ecbe50b Documentation: ACPI: Fix data node reference documentation 49daee55 Documentation: dmaengine: Correctly describe dmatest with channel unset 05594394 media: rcar-csi2: Optimize the selection PHTW register 547ea2d2 firmware: Update Kconfig help text for Google firmware 515ca9f5 of: base: Improve argument length mismatch error 227afbfe drm/radeon: fix error handling in radeon_driver_open_kms d820cb63 ext4: don't use the orphan list when migrating an inode 85c121cf ext4: Fix BUG_ON in ext4_bread when write quota data b985c852 ext4: set csum seed in tmp inode while migrating to extents 6e23e0bb ext4: make sure quota gets properly shutdown on error 86be63ae ext4: make sure to reset inode lockdep class when quota enabling fails e5999c49 btrfs: respect the max size in the header when activating swap file 85dc4aac btrfs: check the root node for uptodate before returning it eeec77bb btrfs: fix deadlock between quota enable and other quota operations e8951408 xfrm: fix policy lookup for ipv6 gre packets 09af1495 PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device e904b460 PCI: pci-bridge-emul: Correctly set PCIe capabilities ab57ac72 PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space db531b57 drm/bridge: analogix_dp: Make PSR-exit block less 17d492d3 drm/nouveau/kms/nv04: use vzalloc for nv04_display 0d0e56a1 drm/etnaviv: limit submit sizes 72a953ef s390/mm: fix 2KB pgtable release race da4e1fac iwlwifi: mvm: Increase the scan timeout guard to 30 seconds 11604a3a tracing/kprobes: 'nmissed' not showed correctly for kretprobe ae2e0b2f cputime, cpuacct: Include guest time in user time in cpuacct.stat c526d53e serial: Fix incorrect rs485 polarity on uart open 19a61f92 fuse: Pass correct lend value to filemap_write_and_wait_range() 8130a1c0 ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers 011024b0 crypto: caam - replace this_cpu_ptr with raw_cpu_ptr 97366929 crypto: stm32/crc32 - Fix kernel BUG triggered in probe() 0c0fd11c crypto: omap-aes - Fix broken pm_runtime_and_get() usage b728b529 rpmsg: core: Clean up resources on announce_create failure. 9e2c8bd7 power: bq25890: Enable continuous conversion for ADC at charging f16a5bce ASoC: mediatek: mt8173: fix device_node leak 5d635c25 scsi: sr: Don't use GFP_DMA 1785538d MIPS: Octeon: Fix build errors using clang bb7d1de6 i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters 6abdf672 MIPS: OCTEON: add put_device() after of_find_device_by_node() 2a8870f5 powerpc: handle kdump appropriately with crash_kexec_post_notifiers option 2dbb618e ALSA: seq: Set upper limit of processed events 1ad4f946 scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup 73ed9127 w1: Misuse of get_user()/put_user() reported by sparse b8e5376c KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST aecdb1d2 powerpc/powermac: Add missing lockdep_register_key() 2c146cf9 clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB e441d3cb i2c: mpc: Correct I2C reset procedure f231d1d2 powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING aca56c29 i2c: i801: Don't silently correct invalid transfer size aea9d368 powerpc/watchdog: Fix missed watchdog reset due to memory ordering race 5a3cda54 powerpc/btext: add missing of_node_put fd0135fc powerpc/cell: add missing of_node_put 67329fb6 powerpc/powernv: add missing of_node_put 5bea763a powerpc/6xx: add missing of_node_put ecfe73ae parisc: Avoid calling faulthandler_disabled() twice 5e126f68 random: do not throw away excess input to crng_fast_load 8f6cecff serial: core: Keep mctrl register state and cached copy in sync 6f7bd9f7 serial: pl010: Drop CR register reset on set_termios c5e156a6 regulator: qcom_smd: Align probe function with rpmh-regulator 4a55b02b net: gemini: allow any RGMII interface mode 4bee2316 net: phy: marvell: configure RGMII delays for 88E1118 b3fbe756 dm space map common: add bounds check to sm_ll_lookup_bitmap() 052f6401 dm btree: add a defensive bounds check to insert_at() aaefb183 mac80211: allow non-standard VHT MCS-10/11 5253794b net: mdio: Demote probed message to debug print 8508caeb btrfs: remove BUG_ON(!eie) in find_parent_nodes 7d4f4075 btrfs: remove BUG_ON() in find_parent_nodes() ba72fa2c ACPI: battery: Add the ThinkPad "Not Charging" quirk 7c366d75 drm/amdgpu: fixup bad vram size on gmc v8 88b5abc0 ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 de85f586 ACPICA: Fix wrong interpretation of PCC address 1fa8e71d ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() aee78b66 ACPICA: Utilities: Avoid deleting the same object twice in a row a4c6cde2 ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions 56c308c7 jffs2: GC deadlock reading a page that is used in jffs2_write_begin() c02454b3 um: registers: Rename function names to avoid conflicts and build problems 51b44e9b iwlwifi: mvm: Fix calculation of frame length 95017cf0 iwlwifi: remove module loading failure message 0446cafa iwlwifi: fix leaks/bad data after failed firmware load c8fe499c ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream 46fdba26 usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 8ac2cf02 cpufreq: Fix initialization of min and max frequency QoS requests bfcc1e9c arm64: tegra: Adjust length of CCPLEX cluster MMIO region 65816c10 arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus dcf1d9f7 audit: ensure userspace is penalized the same as the kernel when under pressure 5cc8a367 mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO 3a7f37eb media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() 71b6d05d media: igorplugusb: receiver overflow should be reported 1af9e1d4 HID: quirks: Allow inverting the absolute X/Y values 75f7885d bpf: Do not WARN in bpf_warn_invalid_xdp_action() 086181b0 net: bonding: debug: avoid printing debug logs when bond is not notifying peers fcd7e8cc x86/mce: Mark mce_read_aux() noinstr a0d17139 x86/mce: Mark mce_end() noinstr bca5aa92 x86/mce: Mark mce_panic() noinstr 2481ee0c gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock 743911a2 net: phy: prefer 1000baseT over 1000baseKX a5d8e618 net-sysfs: update the queue counts in the unregistration path d08cc022 ath10k: Fix tx hanging 054281b3 iwlwifi: mvm: synchronize with FW after multicast commands fe791612 media: m920x: don't use stack on USB reads a821532c media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() b867a9c3 media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. ff867910 x86/mm: Flush global TLB when switching to trampoline page-table 16f2ef98 floppy: Add max size check for user space request 3ad5c9e5 usb: uhci: add aspeed ast2600 uhci support c27a5232 rsi: Fix out-of-bounds read in rsi_read_pkt() 51ad4c44 rsi: Fix use-after-free in rsi_rx_done_handler() ae56c552 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() 4ff69cf3 HSI: core: Fix return freed object in hsi_new_client 009d6d9f gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use 50ad94f8 drm/bridge: megachips: Ensure both bridges are probed before registration c640dc45 mlxsw: pci: Add shutdown method in PCI driver f6b65094 EDAC/synopsys: Use the quirk for version instead of ddr version 2134ebc2 media: b2c2: Add missing check in flexcop_pci_isr: 2933aa51 HID: apple: Do not reset quirks when the Fn key is not found a6252398 drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L 0cba42c0 usb: gadget: f_fs: Use stream_open() for endpoint files c7e4004b batman-adv: allow netlink usage in unprivileged containers c93a934f ARM: shmobile: rcar-gen2: Add missing of_node_put() c9ec3d85 drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR 36424938 ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply c7186605 drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y 58cddfe6 fs: dlm: filter user dlm messages for kernel locks fa4ca508 Bluetooth: Fix debugfs entry leak in hci_register_dev() 2b09cb8d of: base: Fix phandle argument length mismatch error message f88ccfb3 RDMA/cxgb4: Set queue pair state when being queried 38d97204 mips: bcm63xx: add support for clk_set_parent() d12b5cfa mips: lantiq: add support for clk_set_parent() 770e92db misc: lattice-ecp3-config: Fix task hung when firmware load failed 458c253b ASoC: samsung: idma: Check of ioremap return value 8b894d50 ASoC: mediatek: Check for error clk pointer 41d2dc91 phy: uniphier-usb3ss: fix unintended writing zeros to PHY register dc03527c iommu/iova: Fix race between FQ timeout and teardown 86233ee4 dmaengine: pxa/mmp: stop referencing config->slave_id 741a26cf clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell 35d7be24 ASoC: rt5663: Handle device_property_read_u32_array error codes 200f0038 RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry 6314e22a RDMA/core: Let ib_find_gid() continue search even after empty entry 2e89a39f powerpc/powermac: Add additional missing lockdep_register_key() 9367675e PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() 27a90275 scsi: ufs: Fix race conditions related to driver data b9b691de iommu/io-pgtable-arm: Fix table descriptor paddr formatting 48fc8eeb binder: fix handling of error during copy f3c2c7f3 char/mwave: Adjust io port register size e607cd71 ALSA: oss: fix compile error when OSS_DEBUG is enabled 5daf3925 ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA 7e2ce332 powerpc/prom_init: Fix improper check of prom_getprop() 506184de clk: imx8mn: Fix imx8mn_clko1_sels 852f447c RDMA/hns: Validate the pkey index 9927848b ALSA: hda: Add missing rwsem around snd_ctl_remove() calls 79b89d3a ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls 86fecb7f ALSA: jack: Add missing rwsem around snd_ctl_remove() calls 970d9082 ext4: avoid trim error on fs with small groups 2e5f08a5 net: mcs7830: handle usb read errors properly ff09d595 pcmcia: fix setting of kthread task states f56b423b can: xilinx_can: xcan_probe(): check for error irq 58533bbd can: softing: softing_startstop(): fix set but not used variable warning 13af3a9b tpm: add request_locality before write TPM_INT_ENABLE 5d5223be spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe 74dd4512 net/mlx5: Set command entry semaphore up once got index free 2b7816b1 Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" 2f2336ca net/mlx5e: Don't block routes with nexthop objects in SW fca92bb2 debugfs: lockdown: Allow reading debugfs files that are not world readable 46541f21 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad f6fbc6a0 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init 1f660b3f HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc 3f4823c6 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init 1b7443f4 Bluetooth: hci_bcm: Check for error irq 4ceb3190 fsl/fman: Check for null pointer after calling devm_ioremap e2e1ceb8 staging: greybus: audio: Check null pointer b7847357 rocker: fix a sleeping in atomic bug 385b8fe3 ppp: ensure minimum packet size in ppp_write() c7a99af4 bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt(). 4e830720 netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() ad667456 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() 17162e26 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() 6cdbf5b6 ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes d49992de x86/mce/inject: Avoid out-of-bounds write when setting flags a259c73d bpftool: Enable line buffering for stdout eb599bf3 selinux: fix potential memleak in selinux_add_opt() 8fe5e6ed mmc: meson-mx-sdio: add IRQ check db6eb2f9 ARM: dts: armada-38x: Add generic compatible to UART nodes 1b10eb46 usb: ftdi-elan: fix memory leak on device disconnect 3f8edc28 ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding 25dfc85f xfrm: state and policy should fail if XFRMA_IF_ID 0 b34fadb5 xfrm: interface with if_id 0 should return error ba7d5b3e media: hantro: Fix probe func error path 26cf595a drm/bridge: ti-sn65dsi86: Set max register for regmap a6d40845 drm/msm/dpu: fix safe status debugfs file 036fcde6 media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes 7089b97b media: msi001: fix possible null-ptr-deref in msi001_probe() 04691afd media: dw2102: Fix use after free b153346f ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors 4c667178 crypto: stm32/cryp - fix lrw chaining mode 46d85cdd crypto: stm32/cryp - fix double pm exit 17bb0971 crypto: stm32/cryp - fix xts and race condition in crypto_engine requests fe211ebe xfrm: fix a small bug in xfrm_sa_len() b3e50e04 mwifiex: Fix possible ABBA deadlock 236399a6 rcu/exp: Mark current CPU as exp-QS in IPI loop second pass b6788105 sched/rt: Try to restart rt period timer when rt runtime exceeded a26a338f media: si2157: Fix "warm" tuner state detection dc3b4b60 media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() f39bd290 media: dib8000: Fix a memleak in dib8000_init() 62bff2a8 Bluetooth: btmtksdio: fix resume failure 80f81e4b staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() 9f49cf51 staging: rtl8192e: return error code from rtllib_softmac_init() 84e56853 floppy: Fix hang in watchdog when disk is ejected 6a4160c9 serial: amba-pl011: do not request memory region twice 96591a7e tty: serial: uartlite: allow 64 bit address d3aee433 arm64: dts: ti: k3-j721e: Fix the L2 cache sets 15115464 drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() 46ec86ea drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() 77af47f2 ACPI: EC: Rework flushing of EC work while suspended to idle f996dab1 arm64: dts: qcom: msm8916: fix MMC controller aliases 54b5ab45 netfilter: bridge: add support for pppoe filtering 04bb89f5 media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' 8034d6c4 media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released f77b9034 media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() a3c5386a media: imx-pxp: Initialize the spinlock prior to using it 0410f7ac media: rcar-csi2: Correct the selection of hsfreqrange 62866d65 tty: serial: atmel: Call dma_async_issue_pending() cd867ffa tty: serial: atmel: Check return code of dmaengine_submit() 06d6f696 arm64: dts: ti: k3-j721e: correct cache-sets info ac718d92 crypto: qce - fix uaf on qce_ahash_register_one be6ee09c media: dmxdev: fix UAF when dvb_register_device() fails da0b42d1 tee: fix put order in teedev_close_context() 24161b9c Bluetooth: stop proccessing malicious adv data 50a98174 arm64: dts: meson-gxbb-wetek: fix missing GPIO binding e48e1d3e arm64: dts: meson-gxbb-wetek: fix HDMI in early boot 1221b3ad media: aspeed: Update signal status immediately to ensure sane hw state 15df887c media: em28xx: fix memory leak in em28xx_init_dev 58f08f02 media: aspeed: fix mode-detect always time out at 2nd run dc644dd8 media: videobuf2: Fix the size printk format e51b0099 wcn36xx: Release DMA channel descriptor allocations 2aa2da3f wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND 457b05f3 clk: bcm-2835: Remove rounding up the dividers aac1ed30 clk: bcm-2835: Pick the closest clock rate ba4cc496 Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails 141a9a9c drm/rockchip: dsi: Fix unbalanced clock on probe error bcd6bfe1 drm/panel: innolux-p079zca: Delete panel on attach() failure 4c255e98 drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure 5cc7480e drm/rockchip: dsi: Reconfigure hardware on resume() 0620aabe drm/rockchip: dsi: Hold pm-runtime across bind/unbind 6264d0fe shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode 9d8fb273 mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages 7ad30080 mm_zone: add function to check if managed dma zone exists c4212d52 PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller 9e5bb22b dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() e12f983c iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure 81a026b9 lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() 3cead5b7 can: softing_cs: softingcs_probe(): fix memleak on registration failure 38e28033 media: stk1160: fix control-message timeouts 0ac3d5f6 media: pvrusb2: fix control-message timeouts d1c57f55 media: redrat3: fix control-message timeouts 7a9d34be media: dib0700: fix undefined behavior in tuner shutdown f64b379b media: s2255: fix control-message timeouts 3a49cd73 media: cpia2: fix control-message timeouts c9ef6e1d media: em28xx: fix control-message timeouts c89df039 media: mceusb: fix control-message timeouts 22325141 media: flexcop-usb: fix control-message timeouts 7458b018 media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE 023357dd rtc: cmos: take rtc_lock while reading from CMOS 9a82bfb4 tools/nolibc: fix incorrect truncation of exit code 2e83886c tools/nolibc: i386: fix initial stack alignment aca2988e tools/nolibc: x86-64: Fix startup code bug a4b5d9af x86/gpu: Reserve stolen memory for first integrated Intel GPU f55dbf72 mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 29218853 mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings ba2539b5 nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() eb116c89 f2fs: fix to do sanity check in is_alive() bf9e52c0 HID: wacom: Avoid using stale array indicies to read contact count 5d1023f3 HID: wacom: Ignore the confidence flag when a touch is removed 60257988 HID: wacom: Reset expected and received contact counts at the same time 898e69ca HID: uhid: Fix worker destroying device without any protection 5d500544 Merge 5.4.173 into android11-5.4-lts 4aa2e739 Linux 5.4.173 e245aaef ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD d40f6eea mtd: fixup CFI on ixp4xx 1451deb1 ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows 7b98f61b KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all 5c69ba9e firmware: qemu_fw_cfg: fix kobject leak in probe error path 1cc36ed5 firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries b543e414 firmware: qemu_fw_cfg: fix sysfs information leak b25e9ef2 rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled 8716657b media: uvcvideo: fix division by zero at stream start 70ae85ca KVM: s390: Clarify SIGP orders versus STOP/RESTART 9b45f200 perf: Protect perf_guest_cbs with RCU bd2aed04 vfs: fs_context: fix up param length parsing in legacy_parse_param c2f067d4 orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() 5d6af673 devtmpfs regression fix: reconfigure on each mount c117b116 kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test ed177b55 Merge branch 'android11-5.4' into 'android11-5.4-lts' 1b6f3f27 Merge 5.4.172 into android11-5.4-lts b7f70762 Linux 5.4.172 f4154095 staging: greybus: fix stack size warning with UBSAN 65c2e717 drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() 86ded7a6 staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() a459686f media: Revert "media: uvcvideo: Set unique vdev name based in type" 7e07beda random: fix crash on multiple early calls to add_bootloader_randomness() 517ab153 random: fix data race on crng init time 90ceecda random: fix data race on crng_node_pool a4fa4377 can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} e90a7524 can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data 9e9241d3 drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions ada3805f mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() d08a0a88 veth: Do not record rx queue hint in veth_xmit a6722b49 mmc: sdhci-pci: Add PCI ID for Intel ADL 1199f092 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status 43aac501 USB: core: Fix bug in resuming hub's handling of wakeup requests ed5c2683 Bluetooth: bfusb: fix division by zero in send path 784e873a Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() ad07b608 workqueue: Fix unbind_workers() VS wq_worker_running() race e4310132 UPSTREAM: x86/pci: Fix the function type for check_reserved_t 22411ee1 Merge 5.4.171 into android11-5.4-lts 0a4ce497 Linux 5.4.171 0101f118 mISDN: change function names to avoid conflicts 34821931 atlantic: Fix buff_ring OOB in aq_ring_rx_clean 44065cc1 net: udp: fix alignment problem in udp4_seq_show() 0ad45bae ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate 8b36aa5a scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() 6a3ffcc9 usb: mtu3: fix interval value for intr and isoc f0e57098 ipv6: Do cleanup if attribute validation fails in multipath route c94999cf ipv6: Continue processing multipath route even if gateway attribute is invalid 2a6a811a phonet: refcount leak in pep_sock_accep db0c834a rndis_host: support Hytera digital radios 72eb522a power: reset: ltc2952: Fix use of floating point literals 159eaafe power: supply: core: Break capacity loop 102af6ed xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate 10f2c336 net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 c0db2e1e sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc bcbfc778 batman-adv: mcast: don't send link-local multicast to mcast routers 76936ddb lwtunnel: Validate RTA_ENCAP_TYPE attribute length 2ebd7775 ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route a02d2be7 ipv6: Check attribute length for RTA_GATEWAY in multipath route 34224e93 ipv4: Check attribute length for RTA_FLOW in multipath route 125d91f0 ipv4: Check attribute length for RTA_GATEWAY in multipath route 1f467218 i40e: Fix incorrect netdev's real number of RX/TX queues f98acd3b i40e: Fix for displaying message regarding NVM version c340d451 i40e: fix use-after-free in i40e_sync_filters_subtask() 38fbb156 mac80211: initialize variable have_higher_than_11mbit 7646a340 RDMA/uverbs: Check for null return of kmalloc_array 5eb5d9c6 RDMA/core: Don't infoleak GRH fields 415fc3f5 iavf: Fix limit of total number of queues to active queues of VF 23ebe9cf ieee802154: atusb: fix uninit value in atusb_set_extended_addr aa171d74 tracing: Tag trace_percpu_buffer as a percpu pointer db50ad6e tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() cbbed133 selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() 6904679c Input: touchscreen - Fix backport of a02dcde5 6e80d2ee f2fs: quota: fix potential deadlock 7ada0835 Merge 5.4.170 into android11-5.4-lts 047dedaa Linux 5.4.170 2c3920c5 perf script: Fix CPU filtering of a script's switch events fe5838c2 net: fix use-after-free in tw_timer_handler 46556c4e Input: spaceball - fix parsing of movement data packets 975774ea Input: appletouch - initialize work before device registration 436f6d00 scsi: vmw_pvscsi: Set residual data length conditionally 103b16a8 binder: fix async_free_space accounting for empty parcels 98cde4dd usb: mtu3: set interval of FS intr and isoc endpoint 585e2b24 usb: mtu3: fix list_head check warning 50434eb6 usb: mtu3: add memory barrier before set GPD's HWO 240fc586 usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. 20d80640 xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. b364fcef uapi: fix linux/nfc.h userspace compilation errors 245c5e43 nfc: uapi: use kernel size_t to fix user-space builds 9e4a3f47 i2c: validate user data in compat ioctl a7d3a1c6 fsl/fman: Fix missing put_device() call in fman_port_probe 2dc95e93 net/ncsi: check for error return from call to nla_put_u32 ef01d631 selftests/net: udpgso_bench_tx: fix dst ip argument 20f68967 net/mlx5e: Fix wrong features assignment in case of error b85f87d3 ionic: Initialize the 'lif->dbid_inuse' bitmap 1cd4063d NFC: st21nfca: Fix memory leak in device probe and remove 44cd64aa net: lantiq_xrx200: fix statistics of received bytes 3477f4b6 net: usb: pegasus: Do not drop long Ethernet frames 831de271 sctp: use call_rcu to free endpoint 3218d6bd selftests: Calculate udpgso segment count without header adjustment 0a2e9f6a udp: using datalen to cap ipv6 udp max gso segments db484d35 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources cc926b8f scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() 44937652 selinux: initialize proto variable in selinux_ip_postroute_compat() b536e357 recordmcount.pl: fix typo in s390 mcount regex 8d86b486 memblock: fix memblock_phys_alloc() section mismatch error 4606bfda platform/x86: apple-gmux: use resource_size() with res 930d4986 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok(). 7978ddae Input: i8042 - enable deferred probe quirk for ASUS UM325UA f93d5dca Input: i8042 - add deferred probe support 940e68e5 tee: handle lookup of shm with reference count 0 4b38b120 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option 2bee9bd5 Merge 5.4.169 into android11-5.4-lts 4ca2eaf1 Linux 5.4.169 48c76fc5 phonet/pep: refuse to enable an unbound pipe a5c6a13e hamradio: improve the incomplete fix to avoid NPD ef5f7bfa hamradio: defer ax25 kfree after unregister_netdev df8f79bc ax25: NPD bug when detaching AX25 device 0333eaf3 hwmon: (lm90) Do not report 'busy' status bit as alarm bf260ff4 hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 f373298e pinctrl: mediatek: fix global-out-of-bounds issue bf04afb6 mm: mempolicy: fix THP allocations escaping mempolicy restrictions f5db6bc9 KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state 06c13e03 usb: gadget: u_ether: fix race in setting MAC address in setup phase b0406b5e f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() 806142c8 tee: optee: Fix incorrect page free bug 5478b902 ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling 1c3d4122 mmc: core: Disable card detect during shutdown e9db8fc6 mmc: sdhci-tegra: Fix switch to HS400ES mode d9031ce0 pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines c7b2e585 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT ddc1d49e parisc: Correct completer in lws start 8467c8cb ipmi: fix initialization when workqueue allocation fails 8efd6a33 ipmi: ssif: initialize ssif_info->client early cd24bafe ipmi: bail out if init_srcu_struct fails 5525d80d Input: atmel_mxt_ts - fix double free in mxt_read_info_block 737a98d9 ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 8df036be ALSA: drivers: opl3: Fix incorrect use of vp->state fdaf4197 ALSA: jack: Check the return value of kstrdup() 44c743f6 hwmon: (lm90) Drop critical attribute support for MAX6654 4615c974 hwmon: (lm90) Introduce flag indicating extended temperature support c2242478 hwmon: (lm90) Add basic support for TI TMP461 d939660e hwmon: (lm90) Add max6654 support to lm90 driver 055ca98d hwmon: (lm90) Fix usage of CONFIG2 register in detect function a7f95328 Input: elantech - fix stack out of bound access in elantech_change_report_id() e12dcd4a sfc: falcon: Check null pointer of rx_queue->page_ring c11a41e2 drivers: net: smc911x: Check for error irq 5d556b14 fjes: Check for error irq d7024080 bonding: fix ad_actor_system option setting to default 992649b8 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module 2460d96c net: skip virtio_net_hdr_set_proto if protocol already set 621d5536 net: accept UFOv6 packages in virtio_net_hdr_to_skb 0b01c51c qlcnic: potential dereference null pointer of rx_queue->page_ring 685fc8d2 netfilter: fix regression in looped (broad|multi)cast's MAC handling 79dcbd81 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() 78874bca spi: change clk_disable_unprepare to clk_unprepare 0c0ac254 arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode 6fa4e299 HID: holtek: fix mouse probing 2712816c serial: 8250_fintek: Fix garbled text for console 51c925a9 net: usb: lan78xx: add Allied Telesis AT29M2-AF 3cd0728e Merge 5.4.168 into android11-5.4-lts 8f843cf5 Linux 5.4.168 0d99b3c6 xen/netback: don't queue unlimited number of packages 8bfcd038 xen/netback: fix rx queue stall detection 560e6441 xen/console: harden hvc_xen against event channel storms 3e68d099 xen/netfront: harden netfront against event channel storms 4ed9f5c5 xen/blkfront: harden blkfront against event channel storms 192fe573 Revert "xsk: Do not sleep in poll() when need_wakeup set" e281b719 net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info 96a1550a mac80211: fix regression in SSN handling of addba tx 66aba15a rcu: Mark accesses to rcu_state.n_force_qs b847ecff scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() f9f300a9 ovl: fix warning in ovl_create_real() ba2a9d8f fuse: annotate lock in fuse_reverse_inval_entry() 96f182c9 media: mxl111sf: change mutex_init() location 095ad396 xsk: Do not sleep in poll() when need_wakeup set 29e9fdf7 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name f6e9e7be Input: touchscreen - avoid bitwise vs logical OR warning 3d45573d mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO a19cf684 mac80211: validate extended element ID is present e070c0c9 drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE c9ee8144 libata: if T_LENGTH is zero, dma direction should be DMA_NONE 62889094 timekeeping: Really make sure wall_to_monotonic isn't positive 241d3621 USB: serial: option: add Telit FN990 compositions d2bb4378 USB: serial: cp210x: fix CP2105 GPIO registration bae7f080 usb: xhci: Extend support for runtime power management for AMD's Yellow carp. 3dc6b5f2 PCI/MSI: Mask MSI-X vectors only on success c520e7cf PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error ed31692a USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) aae3448b USB: gadget: bRequestType is a bitfield, not a enum ad0ed314 sit: do not call ipip6_dev_free() from sit_init_net() c675256a net: systemport: Add global locking for descriptor lifecycle 2bf888fa net/smc: Prevent smc_release() from long blocking 56a6ffea net: Fix double 0x prefix print in SKB dump 027a1397 net/packet: rx_owner_map depends on pg_vec 699e794c netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc a97e7dd4 ixgbe: set X550 MDIO speed before talking to PHY 8addba6c igbvf: fix double free in `igbvf_probe` 36844e25 igb: Fix removal of unicast MAC filters of VFs bca4a53e soc/tegra: fuse: Fix bitwise vs. logical OR warning 166f0adf rds: memory leak in __rds_conn_create() 9cb405ee flow_offload: return EOPNOTSUPP for the unsupported mpls action type 066a637d net: sched: lock action when translating it to flow_action infra e7660f95 mac80211: fix lookup when adding AddBA extension element f363af7c mac80211: accept aggregation sessions on 6 GHz 1e652614 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock ceb30f48 mac80211: agg-tx: refactor sending addba eeaf9c06 selftest/net/forwarding: declare NETIFS p9 p10 2252220d dmaengine: st_fdma: fix MODULE_ALIAS 18203fe1 selftests: Fix IPv6 address bind tests b46f0afa selftests: Fix raw socket bind tests with VRF 7b5596e5 inet_diag: fix kernel-infoleak for UDP sockets 2c589cf0 inet_diag: use jiffies_delta_to_msecs() 0d80462f sch_cake: do not call cake_destroy() from cake_init() 2fba53cc s390/kexec_file: fix error handling when applying relocations b380bf01 selftests: net: Correct ping6 expected rc from 2 to 1 ec5c00be clk: Don't parent clks until the parent is fully registered f83ed203 ARM: socfpga: dts: fix qspi node compatible 46b9e29d mac80211: track only QoS data frames for admission control a6f18191 arm64: dts: rockchip: fix audio-supply for Rock Pi 4 86f2789e arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply 4bb01424 arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge e0759696 nfsd: fix use-after-free due to delegation race 7243aa71 iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda 0d3277ea audit: improve robustness of the audit queue handling 501ecd90 dm btree remove: fix use after free in rebalance_children() b25e2135 recordmcount.pl: look for jgnop instruction as well as bcrl on s390 c0954f10 virtio_ring: Fix querying of maximum DMA mapping size for virtio device 802a1a85 firmware: arm_scpi: Fix string overflow in SCPI genpd driver 33f0dfab mac80211: send ADDBA requests using the tid/queue of the aggregation session 873e664a mac80211: mark TX-during-stop for TX in in_reconfig ff3e3fdc KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE 5ba00044 Merge 5.4.167 into android11-5.4-lts e8ef9403 Linux 5.4.167 c9757958 arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM 6026d403 arm: extend pfn_valid to take into account freed memory map alignment 492f4d3c memblock: ensure there is no overflow in memblock_overlaps_region() bdca9647 memblock: align freed memory map on pageblock boundaries with SPARSEMEM 60111b30 memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER 3e8e2728 hwmon: (dell-smm) Fix warning on /proc/i8k creation error f6f1d191 bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc b06b1f46 selinux: fix race condition when computing ocontext SIDs 2fb8e426 KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req 46735995 tracing: Fix a kmemleak false positive in tracing_map fb8cd2b3 drm/amd/display: add connector type check for CRC source set 8fc2f28e drm/amd/display: Fix for the no Audio bug with Tiled Displays c0315e93 net: netlink: af_netlink: Prevent empty skb by adding a check on len. 7ff666e6 i2c: rk3x: Handle a spurious start completion interrupt flag 409ecd02 parisc/agp: Annotate parisc agp init functions with __init 4233fbd4 net/mlx4_en: Update reported link modes for 1/10G b6158d96 drm/msm/dsi: set default num_data_lanes d731ecc6 nfc: fix segfault in nfc_genl_dump_devices_done 4a68bf48 Merge 5.4.166 into android11-5.4-lts c32c40ff Linux 5.4.166 eb1b5eaa netfilter: selftest: conntrack_vrf.sh: fix file permission a91f4fe2 Merge 5.4.165 into android11-5.4-lts 7f70428f Linux 5.4.165 3a99b4ba bpf: Add selftests to cover packet access corner cases b8a2c49a misc: fastrpc: fix improper packet size calculation 8f9a25e4 irqchip: nvic: Fix offset for Interrupt Priority Offsets 61981e5f irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL fc20091b irqchip/armada-370-xp: Fix support for Multi-MSI interrupts a3689e69 irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() 8c163a14 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove 20f0fb41 iio: ad7768-1: Call iio_trigger_notify_done() on error b68f4482 iio: adc: axp20x_adc: fix charging current reporting on AXP22x e79d86de iio: at91-sama5d2: Fix incorrect sign extension 5f3d932f iio: dln2: Check return value of devm_iio_trigger_register() 7447f045 iio: dln2-adc: Fix lockdep complaint 4c0fa7ed iio: itg3200: Call iio_trigger_notify_done() on error e67d60c5 iio: kxsd9: Don't return error code in trigger handler f143cfdc iio: ltr501: Don't return error code in trigger handler acf0088a iio: mma8452: Fix trigger reference couting 02553e97 iio: stk3310: Don't return error code in interrupt handler 1374297c iio: trigger: stm32-timer: fix MODULE_ALIAS 1dadba28 iio: trigger: Fix reference counting ec0cddcc xhci: avoid race between disable slot command and host runtime suspend 8d45969c usb: core: config: using bit mask instead of individual bits d1eee0a3 xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending d2f242d7 usb: core: config: fix validation of wMaxPacketValue entries 9978777c USB: gadget: zero allocate endpoint 0 buffers fd6de5a0 USB: gadget: detect too-big endpoint 0 requests 46d3477c selftests/fib_tests: Rework fib_rp_filter_test() caff29d1 net/qla3xxx: fix an error code in ql_adapter_up() 4aa28ac9 net, neigh: clear whole pneigh_entry at alloc time f23f60e8 net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() 05bc4d26 net: altera: set a couple error code in probe() 84a890d6 net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero e9ca63a0 tools build: Remove needless libpython-version feature check that breaks test-all fast path 49e59d51 dt-bindings: net: Reintroduce PHY no lane swap binding b78a27fa mtd: rawnand: fsmc: Fix timing computation 7596d0de mtd: rawnand: fsmc: Take instruction delay into account 9f88ca26 i40e: Fix pre-set max number of queues for VF 171527da i40e: Fix failed opcode appearing if handling messages from VF ee8bfa62 ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer 43dcb79c qede: validate non LSO skb length 727858a9 block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) 9ba5635c tracefs: Set all files to the same group ownership as the mount option 4105e6a1 aio: fix use-after-free due to missing POLLFREE handling 38018511 aio: keep poll requests on waitqueue until completed aac81516 signalfd: use wake_up_pollfree() 1a478a05 binder: use wake_up_pollfree() e0c03d15 wait: add wake_up_pollfree() 6db0db16 libata: add horkage for ASMedia 1092 050ac9da x86/sme: Explicitly map new EFI memmap table as encrypted 9f5b334e can: m_can: Disable and ignore ELO interrupt abb4eff3 can: pch_can: pch_can_rx_normal: fix use after free 291a164a drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. f53b7395 clk: qcom: regmap-mux: fix parent clock lookup e871f89e tracefs: Have new files inherit the ownership of their parent f5734b17 nfsd: Fix nsfd startup race (again) 412498e9 btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling aa4740bc btrfs: clear extent buffer uptodate when we fail to write it 434927e9 ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() 76f19e4c ALSA: pcm: oss: Limit the period size to 16MB f12c8a75 ALSA: pcm: oss: Fix negative period/buffer sizes 5b06fa0c ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform caaea6bd ALSA: ctl: Fix copy of updated id with element read/write a7ea5c09 mm: bdi: initialize bdi_min_ratio when bdi is unregistered b8a79804 IB/hfi1: Correct guard on eager buffer deallocation ab1be91c iavf: Fix reporting when setting descriptor count c21bb711 iavf: restore MSI state on reset c8ae8c81 udp: using datalen to cap max gso segments ef8804e4 seg6: fix the iif in the IPv6 socket control block 2e0e072e nfp: Fix memory leak in nfp_cpp_area_cache_add() 3db64825 bonding: make tx_rebalance_counter an atomic 143ceb9b ice: ignore dropped packets during init 4174bd42 bpf: Fix the off-by-two error in range markings 15f98747 vrf: don't run conntrack on vrf with !dflt qdisc 8d3563ec selftests: netfilter: add a vrf+conntrack testcase 48fcd08f nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done 1a295fea can: sja1000: fix use after free in ems_pcmcia_add_card() fbcb12bc can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter 68daa476 can: kvaser_usb: get CAN clock frequency from device a7944962 HID: check for valid USB device for many HID drivers e9114b9d HID: wacom: fix problems when device is not a valid USB device 8e0ceff6 HID: bigbenff: prevent null pointer dereference 31520ec1 HID: add USB_HID dependancy on some USB HID drivers f8a65385 HID: add USB_HID dependancy to hid-chicony ee8477d1 HID: add USB_HID dependancy to hid-prodikeys 6e1e0a01 HID: add hid_is_usb() function to make it simpler for USB detection 1e8db541 HID: google: add eel USB id cb7b13c9 HID: quirks: Add quirk for the Microsoft Surface 3 type-cover f99b2013 ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type eb246f58 serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 b2d37d09 Merge branch 'android11-5.4' into 'android11-5.4-lts' 0bbf0a06 ANDROID: GKI: fix up abi breakage in fib_rules.h 4872cb8f Merge 5.4.164 into android11-5.4-lts e3c95128 Linux 5.4.164 5df7d6a0 ipmi: msghandler: Make symbol 'remove_work_wq' static 5d1e83ff net/tls: Fix authentication failure in CCM mode cffd7583 parisc: Mark cr16 CPU clocksource unstable on all SMP machines 23b40ede iwlwifi: mvm: retry init flow if failed 8d6e4b42 serial: 8250_pci: rewrite pericom_do_set_divisor() 181cf762 serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array c5da8aa4 serial: core: fix transmit-buffer reset and memleak 7ed4a98a serial: pl011: Add ACPI SBSA UART match id 9e16682c tty: serial: msm_serial: Deactivate RX DMA for polling support b5dd5a46 x86/64/mm: Map all kernel memory into trampoline_pgd 72736a3b x86/tsc: Disable clocksource watchdog for TSC on qualified platorms fe3cd484 x86/tsc: Add a timer to make sure TSC_adjust is always checked 957a203f usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect 7fbde744 USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub 095a39a2 xhci: Fix commad ring abort, write all 64 bits to CRCR register. caedb12c vgacon: Propagate console boot parameters before calling `vc_resize' a4294468 parisc: Fix "make install" on newer debian releases fbe7eaca parisc: Fix KBUILD_IMAGE for self-extracting kernel c6a9060b sched/uclamp: Fix rq->uclamp_max not set on first enqueue 8ae8ccd2 KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register ee38eb8c ipv6: fix memory leak in fib6_rule_suppress 9d159628 drm/msm: Do hw_init() before capturing GPU state 10bad5a1 net/smc: Keep smc_close_final rc during active close 3f2a23fd net/rds: correct socket tunable error in rds_tcp_tune() 01c60b3f ipv4: convert fib_num_tclassid_users to atomic_t efb07398 net: annotate data-races on txq->xmit_lock_owner bfec04c6 net: marvell: mvpp2: Fix the computation of shared CPUs d4034bb9 net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available 3e70e3a7 rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() ae8a253f selftests: net: Correct case name e461a981 net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() af120fcf siphash: use _unaligned version by default f70c6281 net: mpls: Fix notifications when deleting a device bbeb0325 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() 49ab3362 natsemi: xtensa: fix section mismatch warnings 063d2233 i2c: cbus-gpio: set atomic transfer callback f5d7bd03 i2c: stm32f7: stop dma transfer in case of NACK 9fce2ead i2c: stm32f7: recover the bus on access timeout bc0215cb i2c: stm32f7: flush TX FIFO upon transfer errors 742a5ae1 sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl 77393806 sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl 03d4462b fget: check that the fd still exists after getting a ref to it a78b607e s390/pci: move pseudo-MMIO to prevent MIO overlap 006edd73 cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() 648813c2 ipmi: Move remove_work to dedicated workqueue 3f8f7eef rt2x00: do not mark device gone on EPROTO errors during start c2e2ccaa kprobes: Limit max data_size of the kretprobe instances 03ee5e8c vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit f82013d1 net/smc: Avoid warning of possible recursive locking df5990db perf report: Fix memory leaks around perf_tip() b380d09e perf hist: Fix memory leak of a perf_hpp_fmt 57247f70 net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() 77ff1669 net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound 99bb25cb ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() 0f89c59e ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile 36c8f686 scsi: iscsi: Unblock session then wake up error handler dbbc8aea thermal: core: Reset previous low and high trip during thermal zone init ebc8aed3 btrfs: check-integrity: fix a warning on write caching disabled disk 5db28ea9 s390/setup: avoid using memblock_enforce_memory_limit 5d93fc22 platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep 96274948 net: return correct error code 89d15a2e atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait d6e981ec net/smc: Transfer remaining wait queue entries during fallback a1671b22 mac80211: do not access the IV when it was stripped 3200cf7b drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY 7ef99036 gfs2: Fix length of holes reported at end-of-file fe915dbd can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM fb158a26 arm64: dts: mcbin: support 2W SFP modules 39b3b131 of: clk: Make <linux/of_clk.h> self-contained aad716bd NFSv42: Fix pagecache invalidation after COPY/CLONE f0bd3f65 Revert "net: ipv6: add fib6_nh_release_dsts stub" e9602557 Revert "net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group" ac1da9a2 Revert "mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB" c2531fc2 Merge 5.4.163 into android11-5.4-lts 57899c4e Linux 5.4.163 6c728efe tty: hvc: replace BUG_ON() with negative return value c3024e19 xen/netfront: don't trust the backend response data blindly 828b1d38 xen/netfront: disentangle tx_skb_freelist 5b757077 xen/netfront: don't read data from request on the ring page 5c374d83 xen/netfront: read response from backend only once 3456a076 xen/blkfront: don't trust the backend response data blindly 6392f51a xen/blkfront: don't take local copy of a request from the ring page ce011335 xen/blkfront: read response from backend only once 61826a78 xen: sync include/xen/interface/io/ring.h with Xen's newest version 54f682cd fuse: release pipe buf after last use eff32973 NFC: add NCI_UNREG flag to eliminate the race 43788453 shm: extend forced shm destroy to support objects from several IPC nses b23c0c4c s390/mm: validate VMA in PGSTE manipulation functions 3c9a213e tracing: Check pid filtering when creating events dda227cc vhost/vsock: fix incorrect used length reported to the guest 2eacc0ac smb3: do not error on fsync when readonly 51be334d f2fs: set SBI_NEED_FSCK flag when inconsistent node block found 3ceecea0 net: mscc: ocelot: correctly report the timestamping RX filters in ethtool ee4e3f9d net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP 0ea2e549 net: hns3: fix VF RSS failed problem after PF enable multi-TCs 3b961640 net/smc: Don't call clcsock shutdown twice when smc shutdown 5e441788 net: vlan: fix underflow for the real_dev refcnt 296139e1 MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 9f583847 igb: fix netpoll exit with traffic 25980820 nvmet: use IOCB_NOWAIT only if the filesystem supports it d54662a9 tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows 562fe6a6 PM: hibernate: use correct mode for swsusp_close() 2654e6cf net/ncsi : Add payload to be 32-bit aligned to fix dropped packets 080f6b69 nvmet-tcp: fix incomplete data digest send 6c0ab2ca net/smc: Ensure the active closing peer first closes clcsock 7854de57 scsi: core: sysfs: Fix setting device state to SDEV_RUNNING 67a6f64a net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group cca61bb1 net: ipv6: add fib6_nh_release_dsts stub ddd0518c nfp: checking parameter process for rx-usecs/tx-usecs is invalid b638eb32 ipv6: fix typos in __ip6_finish_output() 8029ced6 iavf: Prevent changing static ITR values if adaptive moderation is on 4374e414 drm/vc4: fix error code in vc4_create_object() 7e324f73 scsi: mpt3sas: Fix kernel panic during drive powercycle test dc9eb93d ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE a078967d NFSv42: Don't fail clone() unless the OP_CLONE operation failed ce50e97a firmware: arm_scmi: pm: Propagate return value to caller 7360abf3 net: ieee802154: handle iftypes as u32 4421a196 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls 76867d0c ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer a848a22e ARM: dts: BCM5301X: Add interrupt properties to GPIO node 03f7379e ARM: dts: BCM5301X: Fix I2C controller interrupt 17a763ea netfilter: ipvs: Fix reuse connection if RS weight is 0 fd7974c5 proc/vmcore: fix clearing user buffer by properly using clear_user() 66d6eacb arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function 3a4baf07 pinctrl: armada-37xx: Correct PWM pins definitions 08622604 PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge 7c517d7b PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge 44b2776a PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge bbc62011 PCI: aardvark: Fix link training 3d770a20 PCI: aardvark: Simplify initialization of rootcap on virtual bridge a06ace0d PCI: aardvark: Implement re-issuing config requests on CRS response 75faadcc PCI: aardvark: Fix PCIe Max Payload Size setting c697885a PCI: aardvark: Configure PCIe resources from 'ranges' DT property e3c51ac7 PCI: pci-bridge-emul: Fix array overruns, improve safety ea6eef03 PCI: aardvark: Update comment about disabling link training fe8a8c3a PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() 14311e77 PCI: aardvark: Fix compilation on s390 93491c5d PCI: aardvark: Don't touch PCIe registers if no card connected 8b0f7b8b PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros e090b2e2 PCI: aardvark: Issue PERST via GPIO 0ad291db PCI: aardvark: Improve link training 063a98c0 PCI: aardvark: Train link immediately after enabling training bbe213fd PCI: aardvark: Fix big endian support 5551081d PCI: aardvark: Wait for endpoint to be ready before training link 65d96219 PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() 57c7d46e mdio: aspeed: Fix "Link is Down" issue e4662786 mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB e09e868c tracing: Fix pid filtering when triggers are attached f5bbebfd tracing/uprobe: Fix uprobe_perf_open probes iteration 5c895828 KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB 4f1adc3f xen: detect uninitialized xenbus in xenbus_init 173fe1ae xen: don't continue xenstore initialization in case of errors 2e1ec01a staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() e72e981d staging/fbtft: Fix backlight 9b406e39 HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts c03ad972 Revert "parisc: Fix backtrace to always include init funtion names" 4a6f918a media: cec: copy sequence field for the reply 8d0b9ea1 ALSA: ctxfi: Fix out-of-range access aaa83768 binder: fix test regression due to sender_euid change d797fde8 usb: hub: Fix locking issues with address0_mutex 4b354aee usb: hub: Fix usb enumeration issue due to address0 race d00bf013 usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts 7b6f4485 net: nexthop: fix null pointer dereference when IPv6 is not enabled 9ad421ae usb: dwc2: hcd_queue: Fix use of floating point literal e44a934f usb: dwc2: gadget: Fix ISOC flow for elapsed frames c2e05c4e USB: serial: option: add Fibocom FM101-GL variants ee034eae USB: serial: option: add Telit LE910S1 0x9200 composition fe0ed45e Merge 5.4.162 into android11-5.4-lts 9334f48f Linux 5.4.162 46a8e16f ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() 29338573 ALSA: hda: hdac_ext_stream: fix potential locking issues 201340ca hugetlbfs: flush TLBs correctly after huge_pmd_unshare e7891b22 tlb: mmu_gather: add tlb_flush_*_range APIs 10e34766 ice: Delete always true check of PF pointer 101485e5 usb: max-3421: Use driver data instead of maintaining a list of bound devices 4e1b3e71 ASoC: DAPM: Cover regression by kctl change notification fix 56a32c82 batman-adv: Don't always reallocate the fragmentation skb head 08bceb1e batman-adv: Reserve needed_*room for fragments 374c55d4 batman-adv: Consider fragmentation for needed_headroom 9eff9854 perf/core: Avoid put_page() when GUP fails e0122ea1 Revert "net: mvpp2: disable force link UP during port init procedure" 4efa2509 drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors c0276de0 drm/i915/dp: Ensure sink rate values are always valid 1c4af56f drm/nouveau: use drm_dev_unplug() during device removal 9e98622a drm/udl: fix control-message timeout 52affc20 cfg80211: call cfg80211_stop_ap when switch from P2P_GO type ca9834a1 parisc/sticon: fix reverse colors 670f6b38 btrfs: fix memory ordering between normal and ordered work functions 1c388221 udf: Fix crash after seekdir f79957d2 s390/kexec: fix memory leak of ipl report buffer b0e44dfb x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails f2e0cd42 mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag 95de3703 ipc: WARN if trying to remove ipc object which is absent 8997bb6d hexagon: export raw I/O routines for modules 01a7ecd3 tun: fix bonding active backup with arp monitoring 7c8f778f arm64: vdso32: suppress error message for 'make mrproper' e636f65b s390/kexec: fix return code handling cc093e5a perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server cc63a789 perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server 47a81081 KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() 307d2e6c NFC: reorder the logic in nfc_{un,}register_device da3a87ee drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame e418bb55 NFC: reorganize the functions in nci_request bbb8376d i40e: Fix display error code in dmesg 69e5d27a i40e: Fix creation of first queue by omitting it if is not power of two 5564e912 i40e: Fix ping is lost after configuring ADq on VF 8509178d i40e: Fix changing previously set num_queue_pairs for PFs c30162da i40e: Fix NULL ptr dereference on VSI filter sync 0a0308af i40e: Fix correct max_pkt_size on VF RX queue fb2dbc12 net: virtio_net_hdr_to_skb: count transport header in UFO d74ff10e net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove 8b2c66b0 net: sched: act_mirred: drop dst for the direction from egress to ingress edd78316 scsi: core: sysfs: Fix hang when device state is set via sysfs 446882f2 platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' 453b5b61 mips: lantiq: add support for clk_get_parent() 477653f3 mips: bcm63xx: add support for clk_get_parent() 426fed21 MIPS: generic/yamon-dt: fix uninitialized variable error 67334abd iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset 98f3badc iavf: validate pointers 92cecf34 iavf: prevent accidental free of filter structure 63f032a9 iavf: Fix failure to exit out from last all-multicast mode 926e8c83 iavf: free q_vectors before queues in iavf_disable_vf f0222e7e iavf: check for null in iavf_fix_features b5638bc6 net: bnx2x: fix variable dereferenced before check fbba0692 perf tests: Remove bash construct from record+zstd_comp_decomp.sh 9e0df711 perf bench futex: Fix memory leak of perf_cpu_map__new() 642fc222 perf bpf: Avoid memory leak from perf_env__insert_btf() 6bf55230 RDMA/netlink: Add __maybe_unused to static inline in C file ef82c371 tracing/histogram: Do not copy the fixed-size char array field over the field size 80b77760 tracing: Save normal string variables 8928e31a sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() a93a58ba mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set 05311b91 clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk ee1317e1 clk/ast2600: Fix soc revision for AHB d6c32b4c clk: ingenic: Fix bugs with divided dividers 982d31ba sh: define __BIG_ENDIAN for math-emu 214cd15d sh: math-emu: drop unused functions 3d774e77 sh: fix kconfig unmet dependency warning for FRAME_POINTER 7727659e f2fs: fix up f2fs_lookup tracepoints d7c612f6 maple: fix wrong return value of maple_bus_init(). 9823ba8f sh: check return code of request_irq 94292e45 powerpc/dcr: Use cmplwi instead of 3-argument cmpli c6d2cefd ALSA: gus: fix null pointer dereference on pointer block 513543f1 powerpc/5200: dts: fix memory node unit name 3a9eae47 iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() a3ecee8a scsi: target: Fix alua_tg_pt_gps_count tracking 14934afd scsi: target: Fix ordered tag handling 1ab3b4f4 MIPS: sni: Fix the build d491c84d tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc 80709bed ALSA: ISA: not for M68K 2f8cda43 ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash 723c1af0 ARM: dts: ls1021a: move thermal-zones node out of soc/ f98986b7 usb: host: ohci-tmio: check return value after calling platform_get_resource() e187c2f3 ARM: dts: omap: fix gpmc,mux-add-data type 3b9d8d3e firmware_loader: fix pre-allocated buf built-in firmware use cc248790 scsi: advansys: Fix kernel pointer leak bcc1eac0 ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect c9428e13 clk: imx: imx6ul: Move csi_sel mux to correct base register e5f8c43c ASoC: SOF: Intel: hda-dai: fix potential locking issue cb074c00 arm64: dts: freescale: fix arm,sp805 compatible string a14d7038 arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency 30dcfcda usb: typec: tipd: Remove WARN_ON in tps6598x_block_read 3ee15f1a usb: musb: tusb6010: check return value after calling platform_get_resource() ba9579f8 RDMA/bnxt_re: Check if the vlan is valid before reporting bf6a633b arm64: dts: hisilicon: fix arm,sp805 compatible string 16bcbfb5 scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() 51c94d6a ARM: dts: NSP: Fix mpcore, mmc node names 1390f32e arm64: zynqmp: Fix serial compatible string 31df0f0f arm64: zynqmp: Do not duplicate flash partition label property Signed-off-by:
Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1a6bc17e217ed13d976d558d7eb3b0208d810db6
-
- 20 Mar, 2022 2 commits
-
-
Alan Stern authored
The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at addr ffff88802b934098 by task udevd/3689 CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 dev_uevent+0x712/0x780 drivers/base/core.c:2320 uevent_show+0x1b8/0x380 drivers/base/core.c:2391 dev_attr_show+0x4b/0x90 drivers/base/core.c:2094 Although the bug manifested in the driver core, the real cause was a race with the gadget core. dev_uevent() does: if (dev->driver) add_uevent_var(env, "DRIVER=%s", dev->driver->name); and between the test and the dereference of dev->driver, the gadget core sets dev->driver to NULL. The race wouldn't occur if the gadget core registered its devices on a real bus, using the standard synchronization techniques of the driver core. However, it's not necessary to make such a large change in order to fix this bug; all we need to do is make sure that udc->dev.driver is always NULL. In fact, there is no reason for udc->dev.driver ever to be set to anything, let alone to the value it currently gets: the address of the gadget's driver. After all, a gadget driver only knows how to manage a gadget, not how to manage a UDC. This patch simply removes the statements in the gadget core that touch udc->dev.driver. Fixes: 2ccea03a ("usb: gadget: introduce UDC Class") CC: <stable@vger.kernel.org> Reported-and-tested-by:
<syzbot+348b571beb5eeb70a582@syzkaller.appspotmail.com> Signed-off-by:
-
Dan Carpenter authored
If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. Bug: 213172319 Cc: stable@kernel.org Fixes: 38ea1eac ("usb: gadget: rndis: check size of RNDIS_MSG_SET command") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/20220301080424.GA17208@kili Signed-off-by:
-
- 19 Mar, 2022 1 commit
-
-
James Morse authored
__sdei_asm_trampoline_next_handler shouldn't have its own name as the tramp_data_read_var takes the symbol name, and generates the name for the value in the data page if CONFIG_RANDOMIZE_BASE is clear. This means when CONFIG_RANDOMIZE_BASE is clear, this code won't compile as __sdei_asm_trampoline_next_handler doesn't exist. Use the proper name, and let the macro do its thing. Bug: 215557547 Reported-by:
Florian Fainelli <f.fainelli@gmail.com> Tested-by:
James Morse <james.morse@arm.com> Signed-off-by:
-
- 17 Mar, 2022 23 commits
-
-
James Morse authored
commit 228a26b9 upstream. Future CPUs may implement a clearbhb instruction that is sufficient to mitigate SpectreBHB. CPUs that implement this instruction, but not CSV2.3 must be affected by Spectre-BHB. Add support to use this instruction as the BHB mitigation on CPUs that support it. The instruction is in the hint space, so it will be treated by a NOP as older CPUs. Bug: 215557547 Reviewed-by:
Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Reviewed-by:
Catalin Marinas <catalin.marinas@arm.com> [ modified for stable: Use a KVM vector template instead of alternatives, removed bitmap of mitigations ] Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
-
James Morse authored
commit a5905d6a upstream. KVM allows the guest to discover whether the ARCH_WORKAROUND SMCCC are implemented, and to preserve that state during migration through its firmware register interface. Add the necessary boiler plate for SMCCC_ARCH_WORKAROUND_3. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit 558c303c upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation. When taking an exception from user-space, a sequence of branches or a firmware call overwrites or invalidates the branch history. The sequence of branches is added to the vectors, and should appear before the first indirect branch. For systems using KPTI the sequence is added to the kpti trampoline where it has a free register as the exit from the trampoline is via a 'ret'. For systems not using KPTI, the same register tricks are used to free up a register in the vectors. For the firmware call, arch-workaround-3 clobbers 4 registers, so there is no choice but to save them to the EL1 stack. This only happens for entry from EL0, so if we take an exception due to the stack access, it will not become re-entrant. For KVM, the existing branch-predictor-hardening vectors are used. When a spectre version of these vectors is in use, the firmware call is sufficient to mitigate against Spectre-BHB. For the non-spectre versions, the sequence of branches is added to the indirect vector. Bug: 215557547 Reviewed-by:
-
James Morse authored
KVM writes the Spectre-v2 mitigation template at the beginning of each vector when a CPU requires a specific sequence to run. Because the template is copied, it can not be modified by the alternatives at runtime. Add templates for calling ARCH_WORKAROUND_3 and one for each value of K in the brancy-loop. Instead of adding dummy functions for 'fn', which would disable the Spectre-v2 mitigation, add template_start to indicate that a template (and which one) is in use. Finally add a copy of install_bp_hardening_cb() that is able to install these. Bug: 215557547 Signed-off-by:
-
James Morse authored
commit dee435be upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation as part of a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that previously reported 'Not affected' are now moderately mitigated by CSV2. Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 to also show the state of the BHB mitigation. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit bd09128d upstream. The Spectre-BHB workaround adds a firmware call to the vectors. This is needed on some CPUs, but not others. To avoid the unaffected CPU in a big/little pair from making the firmware call, create per cpu vectors. The per-cpu vectors only apply when returning from EL0. Systems using KPTI can use the canonical 'full-fat' vectors directly at EL1, the trampoline exit code will switch to this_cpu_vector on exit to EL0. Systems not using KPTI should always use this_cpu_vector. this_cpu_vector will point at a vector in tramp_vecs or __bp_harden_el1_vectors, depending on whether KPTI is in use. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit b28a8eeb upstream. The trampoline code needs to use the address of symbols in the wider kernel, e.g. vectors. PC-relative addressing wouldn't work as the trampoline code doesn't run at the address the linker expected. tramp_ventry uses a literal pool, unless CONFIG_RANDOMIZE_BASE is set, in which case it uses the data page as a literal pool because the data page can be unmapped when running in user-space, which is required for CPUs vulnerable to meltdown. Pull this logic out as a macro, instead of adding a third copy of it. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit ba268923 upstream. Some CPUs affected by Spectre-BHB need a sequence of branches, or a firmware call to be run before any indirect branch. This needs to go in the vectors. No CPU needs both. While this can be patched in, it would run on all CPUs as there is a single set of vectors. If only one part of a big/little combination is affected, the unaffected CPUs have to run the mitigation too. Create extra vectors that include the sequence. Subsequent patches will allow affected CPUs to select this set of vectors. Later patches will modify the loop count to match what the CPU requires. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit aff65393 upstream. kpti is an optional feature, for systems not using kpti a set of vectors for the spectre-bhb mitigations is needed. Add another set of vectors, __bp_harden_el1_vectors, that will be used if a mitigation is needed and kpti is not in use. The EL1 ventries are repeated verbatim as there is no additional work needed for entry from EL1. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit a9c406e6 upstream. Adding a second set of vectors to .entry.tramp.text will make it larger than a single 4K page. Allow the trampoline text to occupy up to three pages by adding two more fixmap slots. Previous changes to tramp_valias allowed it to reach beyond a single page. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit c47e4d04 upstream. Spectre-BHB needs to add sequences to the vectors. Having one global set of vectors is a problem for big/little systems where the sequence is costly on cpus that are not vulnerable. Making the vectors per-cpu in the style of KVM's bh_harden_hyp_vecs requires the vectors to be generated by macros. Make the kpti re-mapping of the kernel optional, so the macros can be used without kpti. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit 13d7a083 upstream. The macros for building the kpti trampoline are all behind CONFIG_UNMAP_KERNEL_AT_EL0, and in a region that outputs to the .entry.tramp.text section. Move the macros out so they can be used to generate other kinds of trampoline. Only the symbols need to be guarded by CONFIG_UNMAP_KERNEL_AT_EL0 and appear in the .entry.tramp.text section. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit ed50da77 upstream. The tramp_ventry macro uses tramp_vectors as the address of the vectors when calculating which ventry in the 'full fat' vectors to branch to. While there is one set of tramp_vectors, this will be true. Adding multiple sets of vectors will break this assumption. Move the generation of the vectors to a macro, and pass the start of the vectors as an argument to tramp_ventry. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit 6c5bf79b upstream. Systems using kpti enter and exit the kernel through a trampoline mapping that is always mapped, even when the kernel is not. tramp_valias is a macro to find the address of a symbol in the trampoline mapping. Adding extra sets of vectors will expand the size of the entry.tramp.text section to beyond 4K. tramp_valias will be unable to generate addresses for symbols beyond 4K as it uses the 12 bit immediate of the add instruction. As there are now two registers available when tramp_alias is called, use the extra register to avoid the 4K limit of the 12 bit immediate. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit c091fb6a upstream. The trampoline code has a data page that holds the address of the vectors, which is unmapped when running in user-space. This ensures that with CONFIG_RANDOMIZE_BASE, the randomised address of the kernel can't be discovered until after the kernel has been mapped. If the trampoline text page is extended to include multiple sets of vectors, it will be larger than a single page, making it tricky to find the data page without knowing the size of the trampoline text pages, which will vary with PAGE_SIZE. Move the data page to appear before the text page. This allows the data page to be found without knowing the size of the trampoline text pages. 'tramp_vectors' is used to refer to the beginning of the .entry.tramp.text section, do that explicitly. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit 03aff3a7 upstream. Kpti stashes x30 in far_el1 while it uses x30 for all its work. Making the vectors a per-cpu data structure will require a second register. Allow tramp_exit two registers before it unmaps the kernel, by leaving x30 on the stack, and stashing x29 in far_el1. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit d739da16 upstream. Subsequent patches will add additional sets of vectors that use the same tricks as the kpti vectors to reach the full-fat vectors. The full-fat vectors contain some cleanup for kpti that is patched in by alternatives when kpti is in use. Once there are additional vectors, the cleanup will be needed in more cases. But on big/little systems, the cleanup would be harmful if no trampoline vector were in use. Instead of forcing CPUs that don't need a trampoline vector to use one, make the trampoline cleanup optional. Entry at the top of the vectors will skip the cleanup. The trampoline vectors can then skip the first instruction, triggering the cleanup to run. Bug: 215557547 Reviewed-by:
-
James Morse authored
commit 4330e2c5 upstream. Subsequent patches add even more code to the ventry slots. Ensure kernels that overflow a ventry slot don't get built. Bug: 215557547 Reviewed-by:
-
Anshuman Khandual authored
commit 72bb9dcb upstream. Add the CPU Partnumbers for the new Arm designs. Bug: 215557547 Cc: Will Deacon <will@kernel.org> Cc: Suzuki Poulose <suzuki.poulose@arm.com> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by:
Anshuman Khandual <anshuman.khandual@arm.com> Reviewed-by:
Suzuki K Poulose <suzuki.poulose@arm.com> Link: https://lore.kernel.org/r/1642994138-25887-2-git-send-email-anshuman.khandual@arm.com Signed-off-by:
-
Joey Gouly authored
commit 9e45365f upstream. This is a new ID register, introduced in 8.7. Bug: 215557547 Signed-off-by:
Joey Gouly <joey.gouly@arm.com> Cc: Will Deacon <will@kernel.org> Cc: Marc Zyngier <maz@kernel.org> Cc: James Morse <james.morse@arm.com> Cc: Alexandru Elisei <alexandru.elisei@arm.com> Cc: Suzuki K Poulose <suzuki.poulose@arm.com> Cc: Reiji Watanabe <reijiw@google.com> Acked-by:
Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20211210165432.8106-3-joey.gouly@arm.com Signed-off-by:
-
Suzuki K Poulose authored
commit 2d0d6567 upstream. Add the CPU Partnumbers for the new Arm designs. Bug: 215557547 Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Will Deacon <will@kernel.org> Acked-by:
Will Deacon <will@kernel.org> Signed-off-by:
-
Rob Herring authored
commit 8a6b88e6 upstream. Add the MIDR part number info for the Arm Cortex-A77. Bug: 215557547 Signed-off-by:
Rob Herring <robh@kernel.org> Acked-by:
-
Xin Long authored
commit eae57839 upstream. This patch fixes the problems below: 1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and sctp_sf_do_5_2_2_dupinit(): chunk length check should be done before any checks that may cause to send abort, as making packet for abort will access the init_tag from init_hdr in sctp_ootb_pkt_new(). 2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack(): The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed for sctp_sf_do_9_2_reshutack(). Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by:
Xin Long <lucien.xin@gmail.com> Acked-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by:
-
- 15 Mar, 2022 1 commit
-
-
Lee Jones authored
Bug: 195565510 Change-Id: Ic87a27d3ffe51b5290a7ff7a87fddd8305fd42af Signed-off-by:
-
- 14 Mar, 2022 10 commits
-
-
Russell King (Oracle) authored
commit 6c7cb60b upstream. When building for Thumb2, the vectors make use of a local label. Sadly, the Spectre BHB code also uses a local label with the same number which results in the Thumb2 reference pointing at the wrong place. Fix this by changing the number used for the Spectre BHB local label. Bug: 215557547 Fixes: b9baf5c8 ("ARM: Spectre-BHB workaround") Tested-by:
Nathan Chancellor <nathan@kernel.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
Randy Dunlap authored
commit 68453767 upstream. When CONFIG_GENERIC_CPU_VULNERABILITIES is not set, references to spectre_v2_update_state() cause a build error, so provide an empty stub for that function when the Kconfig option is not set. Fixes this build error: arm-linux-gnueabi-ld: arch/arm/mm/proc-v7-bugs.o: in function `cpu_v7_bugs_init': proc-v7-bugs.c:(.text+0x52): undefined reference to `spectre_v2_update_state' arm-linux-gnueabi-ld: proc-v7-bugs.c:(.text+0x82): undefined reference to `spectre_v2_update_state' Bug: 215557547 Fixes: b9baf5c8 ("ARM: Spectre-BHB workaround") Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Reported-by:
kernel test robot <lkp@intel.com> Cc: Russell King <rmk+kernel@armlinux.org.uk> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: linux-arm-kernel@lists.infradead.org Cc: patches@armlinux.org.uk Acked-by:
-
Russell King (Oracle) authored
commit b1a384d2 upstream. The kernel test robot discovered that building without HARDEN_BRANCH_PREDICTOR issues a warning due to a missing argument to pr_info(). Add the missing argument. Bug: 215557547 Reported-by:
-
Nathan Chancellor authored
commit 36168e38 upstream. ld.lld does not support the NOCROSSREFS directive at the moment, which breaks the build after commit b9baf5c8 ("ARM: Spectre-BHB workaround"): ld.lld: error: ./arch/arm/kernel/vmlinux.lds:34: AT expected, but got NOCROSSREFS Support for this directive will eventually be implemented, at which point a version check can be added. To avoid breaking the build in the meantime, just define NOCROSSREFS to nothing when using ld.lld, with a link to the issue for tracking. Bug: 215557547 Cc: stable@vger.kernel.org Fixes: b9baf5c8 ("ARM: Spectre-BHB workaround") Link: https://github.com/ClangBuiltLinux/linux/issues/1609 Signed-off-by:
-
Russell King (Oracle) authored
commit 33970b03 upstream. In the recent Spectre BHB patches, there was a typo that is only exposed in certain configurations: mcr p15,0,XX,c7,r5,4 should have been mcr p15,0,XX,c7,c5,4 Bug: 215557547 Reported-by:
-
Emmanuel Gil Peyrot authored
commit 330f4c53 upstream. It was missing a semicolon. Bug: 215557547 Signed-off-by:
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> Reviewed-by:
-
Russell King (Oracle) authored
commit 25875aa7 upstream. The mitigations for Spectre-BHB are only applied when an exception is taken, but when unprivileged BPF is enabled, userspace can load BPF programs that can be used to exploit the problem. When unprivileged BPF is enabled, report the vulnerable status via the spectre_v2 sysfs file. Bug: 215557547 Signed-off-by:
-
Russell King (Oracle) authored
commit b9baf5c8 upstream. Workaround the Spectre BHB issues for Cortex-A15, Cortex-A57, Cortex-A72, Cortex-A73 and Cortex-A75. We also include Brahma B15 as well to be safe, which is affected by Spectre V2 in the same ways as Cortex-A15. Bug: 215557547 Reviewed-by:
-
Russell King (Oracle) authored
commit 8d9d651f upstream. Use the linker's LOADADDR() macro to get the load address of the sections, and provide a macro to set the start and end symbols. Bug: 215557547 Acked-by:
-
Russell King (Oracle) authored
commit 04e91b73 upstream. Provide a couple of helpers to copy the vectors and stubs, and also to flush the copied vectors and stubs. Bug: 215557547 Acked-by:
-
