This reverts commit ac88a1f4.

Reason for revert: b/368521111

Bug: 376144398
Change-Id: Iea69f9b85deda941e240113c00c1b6d1efa236e3
Signed-off-by: Jason-jh Lin <jason-jh.lin@mediatek.corp-partner.google.com>
(cherry picked from commit 400d91a8)

Leaf changes summary: 1 artifact changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function

1.Add function:
    'function int clk_hw_get_parent_index(struct clk_hw *hw)'

Bug: 375086240
Bug: 375726176
Signed-off-by: Yugang Wang <yugang.wang@mediatek.com>
Signed-off-by: Bosser Ye <bo.ye@mediatek.com>
Change-Id: I05105a9ad55b573da977963c5bfe3fa77c64dd79

We don't need to handle them separately. Instead, just let them
decompose/casefold to themselves.

Change-Id: I01c3f2c98ae4d84269586cec09f18239cbee0abb
Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
(cherry picked from commit 5c26d2f1)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Signed-off-by: Lee Jones <joneslee@google.com>

Bug: 360292914
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I8fcacc81353e32b33bf8cf225e6044c1286a8f92

If GET_SEGNO return NULL_SEGNO for some unecpected case,
update_sit_entry will access invalid memory address,
cause system crash. It is better to do sanity check about
GET_SEGNO just like update_segment_mtime & locate_dirty_segment.

Also remove some redundant judgment code.

Bug: 365944734
Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit fb7f3bdc)
Change-Id: Ie980a9b2512b00da4eeeff91bf40494a68aa6084
(cherry picked from commit 7c61d7e3)

[ Upstream commit 4e7aaa6b ]

Lion Ackermann reported that there is a race condition between namespace cleanup
in ipset and the garbage collection of the list:set type. The namespace
cleanup can destroy the list:set type of sets while the gc of the set type is
waiting to run in rcu cleanup. The latter uses data from the destroyed set which
thus leads use after free. The patch contains the following parts:

- When destroying all sets, first remove the garbage collectors, then wait
  if needed and then destroy the sets.
- Fix the badly ordered "wait then remove gc" for the destroy a single set
  case.
- Fix the missing rcu locking in the list:set type in the userspace test
  case.
- Use proper RCU list handlings in the list:set type.

The patch depends on c1193d9b (netfilter: ipset: Add list flush to cancel_gc).

Bug: 347636817
Fixes: 97f7cf1c (netfilter: ipset: fix performance regression in swap operation)
Reported-by: Lion Ackermann <nnamrec@gmail.com>
Tested-by: Lion Ackermann <nnamrec@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 390b353d)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I92a8681d8a0f475aa20c34c17daa222d02cf7935

This config option was not requested by any partner and has non-zero
overhead on process creation. Disable it.

Bug: 191150949
Bug: 365466166
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ia9547c989c22246c46ed9624a0707c6369ee4de0

Remove the gen-hyprel binary added accidentally while backporting a
patch into an older branch. The tool gets generated in newer builds and
wasn't part of the gitignore file here.

Fixes: 4938d035 ("BACKPORT: FROMGIT: binder: frozen notification")
Change-Id: I103358cb2ca9c5fb934f047033e44c04fe85298d
Signed-off-by: Carlos Llamas <cmllamas@google.com>

The patches to support binder's frozen notification feature break the
KMI. This change fixes such issues by (1) moving proc->delivered_freeze
into the existing proc_wrapper struction, (2) dropping the frozen stats
support and (3) amending the STG due to a harmless enum binder_work_type
addition.

These are the reported KMI issues fixed by this patch:

  function symbol 'int __traceiter_binder_transaction_received(void*, struct binder_transaction*)' changed
    CRC changed from 0x74e9c98b to 0xfe0f8640

  type 'struct binder_proc' changed
    byte size changed from 584 to 632
    member 'struct list_head delivered_death' changed
      offset changed by 256
    member 'struct list_head delivered_freeze' was added
    13 members ('u32 max_threads' .. 'u64 android_oem_data1') changed
      offset changed by 384

  type 'struct binder_thread' changed
    byte size changed from 464 to 496
    2 members ('atomic_t tmp_ref' .. 'bool is_dead') changed
      offset changed by 224
    4 members ('struct task_struct* task' .. 'enum binder_prio_state prio_state') changed
      offset changed by 256

  type 'struct binder_stats' changed
    byte size changed from 216 to 244
    member changed from 'atomic_t br[21]' to 'atomic_t br[23]'
      type changed from 'atomic_t[21]' to 'atomic_t[23]'
        number of elements changed from 21 to 23
    member changed from 'atomic_t bc[19]' to 'atomic_t bc[22]'
      offset changed from 672 to 736
      type changed from 'atomic_t[19]' to 'atomic_t[22]'
        number of elements changed from 19 to 22
    member changed from 'atomic_t obj_created[7]' to 'atomic_t obj_created[8]'
      offset changed from 1280 to 1440
      type changed from 'atomic_t[7]' to 'atomic_t[8]'
        number of elements changed from 7 to 8
    member changed from 'atomic_t obj_deleted[7]' to 'atomic_t obj_deleted[8]'
      offset changed from 1504 to 1696
      type changed from 'atomic_t[7]' to 'atomic_t[8]'
        number of elements changed from 7 to 8

  type 'enum binder_work_type' changed
    enumerator 'BINDER_WORK_FROZEN_BINDER' (10) was added
    enumerator 'BINDER_WORK_CLEAR_FREEZE_NOTIFICATION' (11) was added

Bug: 363013421
Change-Id: If9f1f14a2eda215a4c9cb0823c50c8e0e8079ef1
Signed-off-by: Carlos Llamas <cmllamas@google.com>

Add a flag to binder_features to indicate that the freeze notification
feature is available.

Signed-off-by: Yu-Ting Tseng <yutingtseng@google.com>
Acked-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20240709070047.4055369-6-yutingtseng@google.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 363013421
(cherry picked from commit 30b968b002a92870325a5c9d1ce78eba0ce386e7
 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git


 char-misc-next)
Change-Id: Ic26c8ae42d27c6fd8f5daed5eecabd1652e29502
[cmllamas: fix trivial conflicts due to missing extended_error]
Signed-off-by: Carlos Llamas <cmllamas@google.com>

Frozen processes present a significant challenge in binder transactions.
When a process is frozen, it cannot, by design, accept and/or respond to
binder transactions. As a result, the sender needs to adjust its
behavior, such as postponing transactions until the peer process
unfreezes. However, there is currently no way to subscribe to these
state change events, making it impossible to implement frozen-aware
behaviors efficiently.

Introduce a binder API for subscribing to frozen state change events.
This allows programs to react to changes in peer process state,
mitigating issues related to binder transactions sent to frozen
processes.

Implementation details:
For a given binder_ref, the state of frozen notification can be one of
the followings:
1. Userspace doesn't want a notification. binder_ref->freeze is null.
2. Userspace wants a notification but none is in flight.
   list_empty(&binder_ref->freeze->work.entry) = true
3. A notification is in flight and waiting to be read by userspace.
   binder_ref_freeze.sent is false.
4. A notification was read by userspace and kernel is waiting for an ack.
   binder_ref_freeze.sent is true.

When a notification is in flight, new state change events are coalesced into
the existing binder_ref_freeze struct. If userspace hasn't picked up the
notification yet, the driver simply rewrites the state. Otherwise, the
notification is flagged as requiring a resend, which will be performed
once userspace acks the original notification that's inflight.

See https://r.android.com/3070045

 for how userspace is going to use this
feature.

Signed-off-by: Yu-Ting Tseng <yutingtseng@google.com>
Acked-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20240709070047.4055369-4-yutingtseng@google.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 363013421
(cherry picked from commit d579b04a
 git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git


 char-misc-next)
Change-Id: I5dd32abba932ca7d03ae58660143e075ed778b81
[cmllamas: fix merge conflicts due to missing 0567461a]
Signed-off-by: Carlos Llamas <cmllamas@google.com>

The change https://r.android.com/c/2578319 was merged before it landed
in the upstream 5.15 LTS kernel which resulted in merge conflicts when
5.15.128 was merged (https://r.android.com/2729653) that were not
properly resolved. Later when 5.15.149 was merged
(https://r.android.com/3044992

), which had the backported change, the
merge conflicts again were not properly resolved. As it stands today,
the upstream change: commit 39674be5 is
partially reverted. Fix this to bring back the proper functionality.

Bug: 364171072
Signed-off-by: Will McVicker <willmcvicker@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:53be7c8abe115da0ea109a44829b46385e9a2240)
Merged-In: I0957229f29ef6715dc3e88943e015e713a91ed71
Change-Id: I0957229f29ef6715dc3e88943e015e713a91ed71

Update symbol list to support QEP8121 Ethernet phy driver.

2 function symbol(s) added
  'void mdio_device_reset(mdio_device*, int)'
  'int regulator_list_voltage_table(regulator_dev*, unsigned int)'

Bug: 364799306
Change-Id: I91d05c606b89acd2d7bb4ff5c3d7e06a15aee63a
Signed-off-by: Fudong Zhang <quic_fudozhan@quicinc.com>

[ Upstream commit cfa1a232 ]

The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.

Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.

One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.

Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.

For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.

Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.

Bug: 349976340
Fixes: 457f4436 ("bpf: Implement BPF ring buffer and verifier support for it")
Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Reported-by: Muhammad Ramdhan <ramdhan@starlabs.sg>
Co-developed-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Co-developed-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240621140828.18238-1-daniel@iogearbox.net


Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit d1b9df04)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I57847858a13e15118ef18a00257e45f96597e938

169 function symbol(s) added
  'bool __bio_try_merge_page(struct bio *, struct page *, unsigned int, unsigned int, bool *)'
  'int __invalidate_device(struct block_device *, bool)'
  'int __mmc_send_status(struct mmc_card *, u32 *, unsigned int)'
  'int __sbitmap_queue_get_shallow(struct sbitmap_queue *, unsigned int)'
  'struct scsi_device * __scsi_device_lookup(struct Scsi_Host *, uint, uint, u64)'
  'struct scsi_device * __scsi_device_lookup_by_target(struct scsi_target *, u64)'
  'size_t __scsi_format_command(char *, size_t, const unsigned char *, size_t)'
  'void __scsi_init_queue(struct Scsi_Host *, struct request_queue *)'
  'void __starget_for_each_device(struct scsi_target *, void *, void(*)(struct scsi_device *, void *))'
  'int __traceiter_android_vh_ufs_mcq_retry_complete(void *, struct ufs_hba *)'
  'int __traceiter_block_unplug(void *, struct request_queue *, unsigned int, bool)'
  'int _atomic_dec_and_lock_irqsave(atomic_t *, spinlock_t *, unsigned long int *)'
  'void add_disk_randomness(struct gendisk *)'
  'void bd_abort_claiming(struct block_device *, void *)'
  'int bd_prepare_to_claim(struct block_device *, void *)'
  'int bdev_disk_changed(struct gendisk *, bool)'
  'int bio_add_pc_page(struct request_queue *, struct bio *, struct page *, unsigned int, unsigned int)'
  'void bio_advance(struct bio *, unsigned int)'
  'struct bio * bio_alloc_kiocb(struct kiocb *, unsigned short int, struct bio_set *)'
  'const char * bio_devname(struct bio *, char *)'
  'void bio_free_pages(struct bio *)'
  'int bio_iov_iter_get_pages(struct bio *, struct iov_iter *)'
  'struct bio * bio_kmalloc(gfp_t, unsigned short int)'
  'void bio_release_pages(struct bio *, bool)'
  'void bio_uninit(struct bio *)'
  'struct blk_plug_cb * blk_check_plugged(blk_plug_cb_fn, void *, int)'
  'void blk_clear_pm_only(struct request_queue *)'
  'void blk_io_schedule()'
  'void blk_ksm_destroy(struct blk_keyslot_manager *)'
  'void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *, unsigned long int)'
  'void blk_mq_delay_run_hw_queues(struct request_queue *, unsigned long int)'
  'void blk_mq_kick_requeue_list(struct request_queue *)'
  'void blk_mq_quiesce_queue_nowait(struct request_queue *)'
  'int blk_poll(struct request_queue *, blk_qc_t, bool)'
  'void blk_post_runtime_resume(struct request_queue *)'
  'void blk_post_runtime_suspend(struct request_queue *, int)'
  'void blk_pre_runtime_resume(struct request_queue *)'
  'int blk_pre_runtime_suspend(struct request_queue *)'
  'bool blk_queue_can_use_dma_map_merging(struct request_queue *, struct device *)'
  'void blk_queue_segment_boundary(struct request_queue *, unsigned long int)'
  'void blk_queue_set_zoned(struct gendisk *, enum blk_zoned_model)'
  'int blk_rq_append_bio(struct request *, struct bio *)'
  'unsigned int blk_rq_err_bytes(const struct request *)'
  'void blk_rq_init(struct request_queue *, struct request *)'
  'void blk_set_default_limits(struct queue_limits *)'
  'void blk_set_pm_only(struct request_queue *)'
  'void blk_set_queue_depth(struct request_queue *, unsigned int)'
  'void blk_set_runtime_active(struct request_queue *)'
  'int blkdev_ioctl(struct block_device *, fmode_t, unsigned int, unsigned long int)'
  'struct bsg_device * bsg_register_queue(struct request_queue *, struct device *, const char *, bsg_sg_io_fn *)'
  'void bsg_unregister_queue(struct bsg_device *)'
  'void buffer_check_dirty_writeback(struct page *, bool *, bool *)'
  'void class_dev_iter_exit(struct class_dev_iter *)'
  'void class_dev_iter_init(struct class_dev_iter *, struct class *, struct device *, const struct device_type *)'
  'struct device * class_dev_iter_next(struct class_dev_iter *)'
  'int class_interface_register(struct class_interface *)'
  'unsigned long int clock_t_to_jiffies(unsigned long int)'
  'size_t copy_page_from_iter(struct page *, size_t, size_t, struct iov_iter *)'
  'size_t copy_page_to_iter(struct page *, size_t, size_t, struct iov_iter *)'
  'int devcgroup_check_permission(short int, u32, u32, short int)'
  'void disk_update_readahead(struct gendisk *)'
  'unsigned long int dma_get_merge_boundary(struct device *)'
  'blk_status_t errno_to_blk_status(int)'
  'errseq_t errseq_sample(errseq_t *)'
  'int execute_in_process_context(work_func_t, struct execute_work *)'
  'int filemap_fdatawait_keep_errors(struct address_space *)'
  'int generic_writepages(struct address_space *, struct writeback_control *)'
  'int import_single_range(int, void *, size_t, struct iovec *, struct iov_iter *)'
  'unsigned long int iov_iter_gap_alignment(const struct iov_iter *)'
  'int iov_iter_npages(const struct iov_iter *, int)'
  'int kblockd_mod_delayed_work_on(int, struct delayed_work *, unsigned long int)'
  'int kblockd_schedule_work(struct work_struct *)'
  'struct kobject * kobject_get_unless_zero(struct kobject *)'
  'void kvfree_sensitive(void *, size_t)'
  'unsigned long int lcm_not_zero(unsigned long int, unsigned long int)'
  'size_t match_strlcpy(char *, const substring_t *, size_t)'
  'int match_u64(substring_t *, u64 *)'
  'void mempool_exit(mempool_t *)'
  'int mempool_init(mempool_t *, int, mempool_alloc_t *, mempool_free_t *, void *)'
  'int mmc_app_cmd(struct mmc_host *, struct mmc_card *)'
  'unsigned int mmc_calc_max_discard(struct mmc_card *)'
  'int mmc_can_erase(struct mmc_card *)'
  'int mmc_can_secure_erase_trim(struct mmc_card *)'
  'int mmc_can_trim(struct mmc_card *)'
  'int mmc_card_alternative_gpt_sector(struct mmc_card *, sector_t *)'
  'int mmc_cqe_recovery(struct mmc_host *)'
  'int mmc_cqe_start_req(struct mmc_host *, struct mmc_request *)'
  'void mmc_crypto_prepare_req(struct mmc_queue_req *)'
  'void mmc_crypto_setup_queue(struct request_queue *, struct mmc_host *)'
  'int mmc_detect_card_removed(struct mmc_host *)'
  'int mmc_erase(struct mmc_card *, unsigned int, unsigned int, unsigned int)'
  'int mmc_erase_group_aligned(struct mmc_card *, unsigned int, unsigned int)'
  'int mmc_poll_for_busy(struct mmc_card *, unsigned int, bool, enum mmc_busy_cmd)'
  'int mmc_register_driver(struct mmc_driver *)'
  'void mmc_retune_pause(struct mmc_host *)'
  'void mmc_retune_unpause(struct mmc_host *)'
  'void mmc_run_bkops(struct mmc_card *)'
  'int mmc_sanitize(struct mmc_card *, unsigned int)'
  'int mmc_start_request(struct mmc_host *, struct mmc_request *)'
  'void mmc_unregister_driver(struct mmc_driver *)'
  'void percpu_ref_kill_and_confirm(struct percpu_ref *, percpu_ref_func_t *)'
  'void percpu_ref_resurrect(struct percpu_ref *)'
  'void pm_runtime_set_memalloc_noio(struct device *, bool)'
  'void sbitmap_bitmap_show(struct sbitmap *, struct seq_file *)'
  'void sbitmap_finish_wait(struct sbitmap_queue *, struct sbq_wait_state *, struct sbq_wait *)'
  'int sbitmap_get(struct sbitmap *)'
  'void sbitmap_prepare_to_wait(struct sbitmap_queue *, struct sbq_wait_state *, struct sbq_wait *, int)'
  'void sbitmap_queue_wake_all(struct sbitmap_queue *)'
  'void sbitmap_queue_wake_up(struct sbitmap_queue *)'
  'void sbitmap_resize(struct sbitmap *, unsigned int)'
  'unsigned int sbitmap_weight(const struct sbitmap *)'
  'void scmd_printk(const char *, const struct scsi_cmnd *, const char *, ...)'
  'blk_status_t scsi_alloc_sgtables(struct scsi_cmnd *)'
  'unsigned char * scsi_bios_ptable(struct block_device *)'
  'void scsi_build_sense_buffer(int, u8 *, u8, u8, u8)'
  'enum scsi_disposition scsi_check_sense(struct scsi_cmnd *)'
  'bool scsi_command_normalize_sense(const struct scsi_cmnd *, struct scsi_sense_hdr *)'
  'int scsi_dev_info_add_list(enum scsi_devinfo_key, const char *)'
  'int scsi_dev_info_list_add_keyed(int, char *, char *, char *, blist_flags_t, enum scsi_devinfo_key)'
  'int scsi_dev_info_remove_list(enum scsi_devinfo_key)'
  'struct scsi_device * scsi_device_lookup_by_target(struct scsi_target *, u64)'
  'void scsi_device_resume(struct scsi_device *)'
  'int scsi_device_set_state(struct scsi_device *, enum scsi_device_state)'
  'const char * scsi_device_type(unsigned int)'
  'void scsi_eh_finish_cmd(struct scsi_cmnd *, struct list_head *)'
  'void scsi_eh_flush_done_q(struct list_head *)'
  'int scsi_eh_get_sense(struct list_head *, struct list_head *)'
  'void scsi_free_sgtables(struct scsi_cmnd *)'
  'blist_flags_t scsi_get_device_flags_keyed(struct scsi_device *, const unsigned char *, const unsigned char *, enum scsi_devinfo_key)'
  'bool scsi_get_sense_info_fld(const u8 *, int, u64 *)'
  'int scsi_get_vpd_page(struct scsi_device *, u8, unsigned char *, int)'
  'struct Scsi_Host * scsi_host_get(struct Scsi_Host *)'
  'int scsi_internal_device_block_nowait(struct scsi_device *)'
  'int scsi_internal_device_unblock_nowait(struct scsi_device *, enum scsi_device_state)'
  'int scsi_is_sdev_device(const struct device *)'
  'int scsi_is_target_device(const struct device *)'
  'int scsi_mode_select(struct scsi_device *, int, int, int, unsigned char *, int, int, int, struct scsi_mode_data *, struct scsi_sense_hdr *)'
  'int scsi_mode_sense(struct scsi_device *, int, int, unsigned char *, int, int, int, struct scsi_mode_data *, struct scsi_sense_hdr *)'
  'bool scsi_partsize(struct block_device *, sector_t, int *)'
  'void scsi_print_result(const struct scsi_cmnd *, const char *, int)'
  'void scsi_print_sense(const struct scsi_cmnd *)'
  'int scsi_report_opcode(struct scsi_device *, unsigned char *, unsigned int, unsigned char)'
  'void scsi_rescan_device(struct device *)'
  'void scsi_sanitize_inquiry_string(unsigned char *, int)'
  'int scsi_set_medium_removal(struct scsi_device *, char)'
  'int scsi_track_queue_full(struct scsi_device *, int)'
  'int scsi_vpd_lun_id(struct scsi_device *, char *, size_t)'
  'int scsicam_bios_param(struct block_device *, sector_t, int *)'
  'u64 scsilun_to_int(struct scsi_lun *)'
  'struct scsi_event * sdev_evt_alloc(enum scsi_device_event, gfp_t)'
  'void sdev_evt_send(struct scsi_device *, struct scsi_event *)'
  'void sdev_evt_send_simple(struct scsi_device *, enum scsi_device_event, gfp_t)'
  'void starget_for_each_device(struct scsi_target *, void *, void(*)(struct scsi_device *, void *))'
  'struct kernfs_node * sysfs_break_active_protection(struct kobject *, const struct attribute *)'
  'void sysfs_unbreak_active_protection(struct kernfs_node *)'
  'void trace_seq_puts(struct trace_seq *, const char *)'
  'int transport_add_device(struct device *)'
  'void transport_configure_device(struct device *)'
  'void transport_destroy_device(struct device *)'
  'void transport_remove_device(struct device *)'
  'void transport_setup_device(struct device *)'
  'void usb_deregister_device_driver(struct usb_device_driver *)'
  'void usb_enable_lpm(struct usb_device *)'
  'int usb_register_device_driver(struct usb_device_driver *, struct module *)'
  'int usb_set_configuration(struct usb_device *, int)'
  'int usbnet_cdc_bind(struct usbnet *, struct usb_interface *)'
  'void usbnet_cdc_status(struct usbnet *, struct urb *)'
  'int usbnet_manage_power(struct usbnet *, int)'
  'void zero_fill_bio(struct bio *)'

7 variable symbol(s) added
  'struct tracepoint __tracepoint_android_vh_ufs_mcq_retry_complete'
  'struct tracepoint __tracepoint_block_unplug'
  'unsigned long int empty_zero_page[512]'
  'struct cgroup_subsys io_cgrp_subsys'
  'int laptop_mode'
  'struct bus_type scsi_bus_type'
  'struct async_domain scsi_sd_pm_domain'

Bug: 362145409

Change-Id: I3f9c37d3d02aa0ad0777a4cb8e0fd321327a6806
Signed-off-by: hao lv <hao.lv5@transsion.com>

[ Upstream commit affc18fd ]

q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.

Bug: 349777785
Fixes: c2999f7f ("net: sched: multiq: don't call qdisc_put() while holding tree lock")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 0f208fad)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Iec8413c39878596795420ae58bbe6974890cf2de

This merges up to the 5.15.153 LTS release into android13-5.15.
Included in here are the following commits:

* e787d6ac Revert "cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value"
* 1a31a694 Revert "bpf: Defer the free of inner map when necessary"
* c2cfd7ac Revert "pwm: atmel-hlcdc: Convert to platform remove callback returning void"
* 362ee3e8 Revert "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()"
*   7af57fa3 Merge 5.15.153 into android13-5.15-lts
|\
| * 9465fef4 Linux 5.15.153
| * d180150e remoteproc: stm32: fix incorrect optional pointers
| * 85e26c4a regmap: Add missing map->bus check
| * c10fed32 spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
| * 839308cf net: dsa: mt7530: fix handling of all link-local frames
| * cb302aa9 net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
| * 70424a8f net: dsa: mt7530: fix handling of 802.1X PAE frames
| * c210fb3c net: dsa: mt7530: fix handling of LLDP frames
| * 387daae8 bpf: report RCU QS in cpumap kthread
| * 2f1d402d net: report RCU QS on threaded NAPI repolling
| * 083657dc rcu: add a helper to report consolidated flavor QS
| * 640dbf68 netfilter: nf_tables: do not compare internal table flags on updates
| * 36250850 netfilter: nft_set_pipapo: release elements in clone only from destroy path
| * 772f18de octeontx2-af: Use separate handlers for interrupts
| * 8ffcd3cc net/bnx2x: Prevent access to a freed page in page_pool
| * f1e560cd net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
| * 5deee0f7 hsr: Handle failures in module init
| * 8c378cc5 rds: introduce acquire/release ordering in acquire/release_in_xmit()
| * d691be84 wireguard: receive: annotate data-race around receiving_counter.counter
| * 2b2f8d16 vdpa/mlx5: Allow CVQ size changes
| * 4d61084c net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
| * f85c87a8 net: veth: do not manipulate GRO when using XDP
| * d35b62c2 packet: annotate data-races around ignore_outgoing
| * 9fcadd12 net: ethernet: mtk_eth_soc: fix PPE hanging issue
| * 448cc8b5 net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
| * c5c0760a net: mtk_eth_soc: move MAC_MCR setting to mac_finish()
| * a809bbfd hsr: Fix uninit-value access in hsr_get_node()
| * ccafa081 soc: fsl: dpio: fix kcalloc() argument order
| * 4b9d7249 s390/vtime: fix average steal time calculation
| * 8fdc7b40 octeontx2-af: Use matching wake_up API variant in CGX command interface
| * aa5ab5ce nouveau: reset the bo resource bus info after an eviction
| * deb59462 io_uring: don't save/restore iowait state
| * 1049fa4d usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
| * 463c429b staging: greybus: fix get_channel_from_mode() failure path
| * 6c619223 serial: 8250_exar: Don't remove GPIO device on suspend
| * f867ba8e rtc: mt6397: select IRQ_DOMAIN instead of depending on it
| * 04dd6133 kconfig: fix infinite loop when expanding a macro at the end of file
| * 3019ad4a arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
| * c2203780 tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
| * e6011abe serial: max310x: fix syntax error in IRQ error message
| * 19b21318 tty: vt: fix 20 vs 0x20 typo in EScsiignore
| * ea34c1c1 remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef
| * dd68756a remoteproc: stm32: Fix incorrect type in assignment for va
| * a48c24cc remoteproc: stm32: use correct format strings on 64-bit
| * da0ad1bd comedi: comedi_test: Prevent timers rescheduling during deletion
| * a6ffae61 afs: Revert "afs: Hide silly-rename files from userspace"
| * fa3ac8b1 f2fs: compress: fix reserve_cblocks counting error when out of space
| * 6ca2ea69 NFS: Fix an off by one in root_nfs_cat()
| * 704dc013 watchdog: stm32_iwdg: initialize default timeout
| * 446f55d0 NFSv4.2: fix listxattr maximum XDR buffer size
| * 9d52865f NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
| * 6233dbe9 net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
| * 83edcda1 scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
| * 16a5bed6 RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
| * ed3e66d8 RDMA/device: Fix a race between mad_client and cm_client init
| * a27984f6 scsi: csiostor: Avoid function pointer casts
| * 4a411fc3 f2fs: compress: fix to check unreleased compressed cluster
| * 7d420eaa f2fs: compress: fix to cover normal cluster write with cp_rwsem
| * ed22aef7 f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
| * b2713af1 f2fs: invalidate meta pages only for post_read required inode
| * 6117d8b7 f2fs: fix to invalidate META_MAPPING before DIO write
| * 5d553a56 f2fs: replace congestion_wait() calls with io_schedule_timeout()
| * bc7e7e7d f2fs: invalidate META_MAPPING before IPU/DIO write
| * 4a543790 f2fs: multidevice: support direct IO
| * 6413e780 RDMA/srpt: Do not register event handler until srpt device is fully setup
| * 9af1658b ALSA: usb-audio: Stop parsing channels bits when all channels are found.
| * e9fbee06 ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
| * 01511ac7 clk: zynq: Prevent null pointer dereference caused by kmalloc failure
| * 0efb9ef6 clk: Fix clk_core_get NULL dereference
| * d83d70b2 sparc32: Fix section mismatch in leon_pci_grpci
| * e4723c6b backlight: lp8788: Fully initialize backlight_properties during probe
| * 73f547f2 backlight: lm3639: Fully initialize backlight_properties during probe
| * d01286f9 backlight: da9052: Fully initialize backlight_properties during probe
| * 28e37f97 backlight: lm3630a: Don't set bl->props.brightness in get_brightness
| * a80fb03d backlight: lm3630a: Initialize backlight_properties on init
| * f28b7216 leds: sgm3140: Add missing timer cleanup and flash gpio control
| * 663dea03 leds: aw2013: Unlock mutex before destroying it
| * d63abda6 powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
| * 6a3d4afc modules: wait do_free_init correctly
| * a91eef04 module: Add support for default value for module async_probe
| * 6304ed16 drm/msm/dpu: add division of drm_display_mode's hskew parameter
| * f4108b28 powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
| * 9beec711 drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
| * e5aaa9f8 media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
| * 24e51d6e media: ttpci: fix two memleaks in budget_av_attach
| * 790fa2c0 media: go7007: fix a memleak in go7007_load_encoder
| * d20b64f1 media: dvb-frontends: avoid stack overflow warnings with clang
| * eb6e9dce media: pvrusb2: fix uaf in pvr2_context_set_notify
| * d8e83a62 drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
| * 815d1f1c HID: amd_sfh: Update HPD sensor structure elements
| * 8abf014e ASoC: meson: axg-tdm-interface: add frame rate constraint
| * 84410122 ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
| * e3adf126 mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
| * 7178a272 mtd: maps: physmap-core: fix flash size larger than 32-bit
| * 3ae4bd81 drm/tidss: Fix initial plane zpos values
| * 9cc74634 crypto: arm/sha - fix function cast warnings
| * 010cf12f mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref
| * 1d50e295 mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
| * 240c4f11 drm/tegra: put drm_gem_object ref on error in tegra_fb_create
| * 3f8445f1 clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
| * 62d92b35 clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
| * 118a7113 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
| * 75464601 drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
| * 4e37c534 clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
| * fe68cf27 media: pvrusb2: fix pvr2_stream_callback casts
| * 4f2a1657 media: pvrusb2: remove redundant NULL check
| * 8e19050a media: go7007: add check of return value of go7007_read_addr()
| * b1d0eeba media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
| * f27bcdae media: sun8i-di: Fix chroma difference threshold
| * de09db4e media: sun8i-di: Fix power on/off sequences
| * 4bdc1b35 media: sun8i-di: Fix coefficient writes
| * a62b9f3d NTB: fix possible name leak in ntb_register_device()
| * 87d306cd NTB: EPF: fix possible memory leak in pci_vntb_probe()
| * e2b6ef72 PCI: endpoint: Support NTB transfer between RC and EP
| * caf5cf09 powerpc: Force inlining of arch_vmap_p{u/m}d_supported()
| * 4eb47ae9 ASoC: meson: t9015: fix function pointer type mismatch
| * a3fec474 ASoC: meson: aiu: fix function pointer type mismatch
| * a26425b7 ASoC: meson: Use dev_err_probe() helper
| * 3d1d0297 perf stat: Avoid metric-only segv
| * 3cae4f41 ALSA: seq: fix function cast warnings
| * 7378234e drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
| * abb9bea4 perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
| * 03e6d4e9 crypto: xilinx - call finalize with bh disabled
| * ce6e3c04 PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
| * 0bdb56ea PCI/P2PDMA: Fix a sleeping issue in a RCU read section
| * 56cad01c quota: Fix rcu annotations of inode dquot pointers
| * 1ca72a3d quota: Fix potential NULL pointer dereference
| * f2ddd810 quota: simplify drop_dquot_ref()
| * f630ba23 clk: qcom: reset: Ensure write completion on reset de/assertion
| * e5bb4f43 clk: qcom: reset: Commonize the de/assert functions
| * e8c71db0 pinctrl: mediatek: Drop bogus slew rate register range for MT8192
| * 0d3fe80b media: edia: dvbdev: fix a use-after-free
| * dc866b69 media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
| * 770a5792 media: v4l2-tpg: fix some memleaks in tpg_alloc
| * e9d05d5d media: em28xx: annotate unchecked call to media_device_register()
| * a03ed007 clk: meson: Add missing clocks to axg_clk_regmaps
| * 54985391 perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
| * 6ac7c7a3 drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
| * 440f0598 drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
| * d54877c8 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
| * d9f8bbc6 perf record: Fix possible incorrect free in record__switch_output()
| * 87658f16 PCI/DPC: Print all TLP Prefixes, not just the first
| * b8505a1a media: tc358743: register v4l2 async device only after successful setup
| * 4c309e06 dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
| * 746606d3 drm/lima: fix a memleak in lima_heap_alloc
| * 1bb5fea9 drm/rockchip: lvds: do not print scary message when probing defer
| * f3afb536 drm/rockchip: lvds: do not overwrite error code
| * 03b10726 drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
| * 5eaa1597 drm/ttm: add ttm_resource_fini v2
| * 2fa491a1 drm: Don't treat 0 as -1 in drm_fixp2int_ceil
| * c780f008 drm/rockchip: inno_hdmi: Fix video timing
| * 13c12127 drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe()
| * 5c8dc26e drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()
| * 7ec1d3ca drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()
| * 527bf2ad drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+
| * bfd52f7d drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
| * 1d2f14eb drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
| * 26827907 drm/tegra: dsi: Make use of the helper function dev_err_probe()
| * 56ec754f drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe
| * 49ebcae0 drm/tegra: dpaux: Populate AUX bus
| * 93128052 drm/tegra: dsi: Add missing check for of_find_device_by_node
| * 03ad5ad5 dm: call the resume method on internal suspend
| * 85177297 dm raid: fix false positive for requeue needed during reshape
| * 0d387dc5 nfp: flower: handle acti_netdevs allocation failure
| * 3538d11d net/x25: fix incorrect parameter validation in the x25_getsockopt() function
| * 382df231 net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
| * 3a32dce1 udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
| * 6482113f l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
| * 3988110e ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
| * 71ce163f bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
| * 07aa35a5 bpf: net: Change sk_getsockopt() to take the sockptr_t argument
| * 25e5c9b2 net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
| * 40029850 tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
| * c09fc677 OPP: debugfs: Fix warning around icc_get_name()
| * 78a60f91 net: phy: dp83822: Fix RGMII TX delay configuration
| * fedd8c7d net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
| * f82d65e8 net: hns3: fix port duplex configure error in IMP reset
| * 23ec1cec net: hns3: fix kernel crash when 1588 is received on HIP08 devices
| * 0e939a00 net: phy: fix phy_get_internal_delay accessing an empty array
| * 5c033870 net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
| * 65fb1d27 ipv6: fib6_rules: flush route cache when rule is changed
| * ca1f06e7 bpf: Fix stackmap overflow check on 32-bit arches
| * 3b08cfc6 bpf: Fix hashtab overflow check on 32-bit arches
| * c826502b bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
| * 276873ae sr9800: Add check for usbnet_get_endpoints
| * 2e845867 Bluetooth: hci_core: Fix possible buffer overflow
| * 89c69e83 Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
| * 9609476b Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
| * 88f846f3 Bluetooth: Remove superfluous call to hci_conn_check_pending()
| * 4b5dc615 igb: Fix missing time sync events
| * 5cd7afd6 igb: move PEROUT and EXTTS isr logic to separate functions
| * d70f1c85 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
| * 626b03da PCI: Make pci_dev_is_disconnected() helper public for other drivers
| * 4137f25b wifi: rtw88: 8821c: Fix false alarm count
| * 250a7886 mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
| * dd292e88 SUNRPC: fix some memleaks in gssx_dec_option_array
| * c7cff978 x86, relocs: Ignore relocations in .notes section
| * 40876d07 ACPI: scan: Fix device check notification handling
| * 10e607fb ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
| * cc06efd8 ACPI: resource: Do IRQ override on Lunnen Ground laptops
| * b5398582 ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
| * 95531c0d arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
| * 941c6ee6 ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
| * ff54c712 ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
| * 3ebcd8f1 ARM: dts: imx6dl-yapp4: Move phy reset into switch node
| * ce92a8c7 arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes
| * a022251c arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values
| * 3c0cc753 ARM: dts: arm: realview: Fix development chip ROM compatible value
| * 276f4abe net: ena: Remove ena_select_queue
| * 90613c76 wifi: brcmsmac: avoid function pointer casts
| * b96bc1b2 iommu/amd: Mark interrupt as managed
| * 6a87552d bus: tegra-aconnect: Update dependency to ARCH_TEGRA
| * 1cbaf4c7 ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
| * fe20e3d5 wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
| * 0454915c wireless: Remove redundant 'flush_workqueue()' calls
| * 487eff91 bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
| * fcd58c69 arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
| * e66285df arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs
| * 657633a0 arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables
| * ecec3579 arm64: dts: mt8183: kukui: Add Type C node
| * 9d159d66 ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
| * a6a50788 s390/vdso: drop '-fPIC' from LDFLAGS
| * f94625ec wifi: iwlwifi: mvm: don't set replay counters to 0xff
| * 4745cba3 pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
| * 55908ea9 pwm: sti: Implement .apply() callback
| * e888c446 wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
| * d20d4563 net: blackhole_dev: fix build warning for ethh set but not used
| * 95ac8e3e pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
| * a1716999 pwm: atmel-hlcdc: Use consistent variable naming
| * 81f0b319 pwm: atmel-hlcdc: Convert to platform remove callback returning void
| * 98b0d469 arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
| * 128a7fb7 wifi: iwlwifi: fix EWRD table validity check
| * 96aa4076 wifi: iwlwifi: dbg-tlv: ensure NUL termination
| * 3a5d424c wifi: iwlwifi: mvm: report beacon protection failures
| * f8ff4b4d wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
| * 4287534c arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board
| * d01012b6 arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage
| * 41af98f2 arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card
| * db25bbd2 arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board
| * f7e55ad7 arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
| * d7fcdcf4 cpufreq: mediatek-hw: Don't error out if supply is not found
| * 8a029ee1 af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
| * e0d29c4d bpftool: Silence build warning about calloc()
| * 3b71a698 inet_diag: annotate data-races around inet_diag_table[]
| * 00d40ab2 sock_diag: annotate data-races around sock_diag_handlers[family]
| * 0f632a68 cpufreq: mediatek-hw: Wait for CPU supplies before probing
| * 2cb670b2 cpufreq: Explicitly include correct DT includes
| * d951cf51 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
| * f75e3536 wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
| * df783774 wifi: wilc1000: fix multi-vif management when deleting a vif
| * ac512507 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
| * d80fc436 wifi: wilc1000: fix RCU usage in connect path
| * 11b56499 wifi: wilc1000: fix declarations ordering
| * bc4bc746 wifi: b43: Disable QoS for bcm4331
| * 66ef38ad wifi: b43: Stop correct queue in DMA worker when QoS is disabled
| * b05f6cd6 wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
| * 04a2b6ef wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
| * 4c4e5922 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
| * b10ff113 sched/fair: Take the scheduling domain into account in select_idle_core()
| * 3c1122ae timekeeping: Fix cross-timestamp interpolation for non-x86
| * aa74fd5c timekeeping: Fix cross-timestamp interpolation corner case decision
| * 48c70f35 timekeeping: Fix cross-timestamp interpolation on counter wrap
| * 7dd09fa8 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
| * 53609f5c rtc: test: Fix invalid format specifier.
| * 3eafb681 time: test: Fix incorrect format specifier
| * 770332c1 lib/cmdline: Fix an invalid format specifier in an assertion msg
| * 01db522d md: Don't clear MD_CLOSING when the raid is about to stop
| * 25d99f7b fs/select: rework stack allocation hack for clang
| * 98e60b53 nbd: null check for nla_nest_start
| * edbdb0d9 s390/dasd: fix double module refcount decrement
| * bb126ed2 s390/dasd: Use dev_*() for device log messages
| * 3404d535 s390/dasd: add autoquiesce feature
| * 932600a2 s390/dasd: add copy pair setup
| * 2c42dab8 s390/dasd: add query PPRC function
| * 81534821 s390/dasd: put block allocation in separate function
| * 423b6bdf do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
| * 50982ce0 ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
| * 2a239a94 ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
| * 648bd8ef ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
| * aa345a4d Input: gpio_keys_polled - suppress deferred probe error for gpio
| * 4bd9d06b ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
| * 91b4bfed firewire: core: use long bus reset on gap count error
| * 8d175397 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
| * 9a1de3ad drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
| * c4e2f608 ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
| * d157b06c scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
| * 0c255fb9 dm-verity, dm-crypt: align "struct bvec_iter" correctly
| * f6cbb484 block: sed-opal: handle empty atoms when parsing response
| * d7c5c033 parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
| * 59be50a3 net/iucv: fix the allocation size of iucv_path_table array
| * e8a67fe3 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
| * e2d5cf0d x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
| * 7e13a78e riscv: dts: sifive: add missing #interrupt-cells to pmic
| * cf71090a RDMA/mlx5: Relax DEVX access upon modify commands
| * 60ba938a RDMA/mlx5: Fix fortify source warning while accessing Eth segment
| * e524979a gen_compile_commands: fix invalid escape sequence warning
| * 802eb025 HID: multitouch: Add required quirk for Synaptics 0xcddc device
| * 581d99d2 MIPS: Clear Cause.BD in instruction_pointer_set
| * 8082bccb x86/xen: Add some null pointer checking to smp.c
| * 333de5a9 ASoC: rt5645: Make LattePanda board DMI match more precise
| * 0d7cfe2e selftests: tls: use exact comparison in recv_partial
| * 37d98fb9 bpf: Defer the free of inner map when necessary
| * d8140159 rcu-tasks: Provide rcu_trace_implies_rcu_gp()
| * d909d381 io_uring: drop any code related to SCM_RIGHTS
| * 9dd3863e io_uring/unix: drop usage of io_uring socket
* | 70e1a731 Revert "regmap: Add bulk read/write callbacks into regmap_config"
* | 994050d1 Revert "serial: max310x: make accessing revision id interface-agnostic"
* | f1de722d Revert "serial: max310x: fix IO data corruption in batched operations"
* | 1b26a8c7 Merge 5.15.152 into android13-5.15-lts
|\|
| * b95c01af Linux 5.15.152
| * a1211bbf serial: max310x: fix IO data corruption in batched operations
| * 0ba485f9 serial: max310x: make accessing revision id interface-agnostic
| * 31642219 regmap: Add bulk read/write callbacks into regmap_config
| * fbddd48f regmap: allow to define reg_update_bits for no bus configuration
* | d0a6506e Merge cad6da86 ("ALSA: usb-audio: Sort quirk table entries") into android13-5.15-lts
|\|
| * cad6da86 ALSA: usb-audio: Sort quirk table entries
| * 36dba3f4 ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless
* | 7be477e7 Merge bfd36b1d ("ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()") into android13-5.15-lts
|\|
| * bfd36b1d ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()
* | 2a0742ac Merge a6f53df5 ("ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all") into android13-5.15-lts
|\|
| * a6f53df5 ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all
* | 4edafe6c Merge fd63fb84 ("fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()") into android13-5.15-lts
|\|
| * fd63fb84 fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()
| * 9b383427 proc: Use task_is_running() for wchan in /proc/$pid/stat
| * 3c1b2776 getrusage: use sig->stats_lock rather than lock_task_sighand()
| * ef2734e5 getrusage: use __for_each_thread()
| * 18c7394e getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
| * c5579e72 getrusage: add the "signal_struct *sig" local variable
| * 63e09c1f drm/amd/display: Increase frame-larger-than for all display_mode_vba files
| * f4442513 drm/amd/display: remove DML Makefile duplicate lines
| * b4bab464 drm/amd/display: move calcs folder into DML
| * b00e4d44 drm/amd/display: Re-arrange FPU code structure for dcn2x
| * b6d46f30 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
| * c4cfa93e hv_netvsc: use netif_is_bond_master() instead of open code
| * 760d0df3 selftests: mptcp: decrease BW in simult flows
| * 9a9d00c2 drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
| * f5743189 drm/amd/pm: do not expose the API used internally only in kv_dpm.c
| * 0afbf40c serial: max310x: prevent infinite while() loop in port startup
| * 2fbf2c76 serial: max310x: use a separate regmap for each port
| * 2161c541 serial: max310x: use regmap methods for SPI batch operations
| * 2aa7bcfd xhci: handle isoc Babble and Buffer Overrun events properly
| * 56e9aeb2 xhci: process isoc TD properly when there was a transaction error mid TD.
| * 0d29b474 selftests: mm: fix map_hugetlb failure on 64K page size systems
| * 0b08eb63 selftests/mm: switch to bash from sh
| * fdfc5fab nfp: flower: add hardware offload check for post ct entry
| * 245332d4 nfp: flower: add goto_chain_index for ct entry
| * 666334fd drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions
* | 82f8d92c Revert "geneve: make sure to pull inner header in geneve_rx()"
* | 16007567 Revert "Merge f354086d ("ALSA: usb-audio: add quirk for RODE NT-USB+") into android13-5.15-lts"
* | 7df91f56 Merge f354086d ("ALSA: usb-audio: add quirk for RODE NT-USB+") into android13-5.15-lts
|\|
| * f354086d ALSA: usb-audio: add quirk for RODE NT-USB+
| * 80326ce1 ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
| * f1a68c6a ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless
| * d16ae911 ALSA: usb-audio: Add quirk for Tascam Model 12
| * 7ce0a888 ALSA: usb-audio: Avoid superfluous endpoint setup
| * 3191a00d ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
| * 06b6de69 ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params()
| * 539493f1 ALSA: usb-audio: Properly refcounting clock rate
| * 56e28371 ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
| * 8ca3315b ALSA: usb-audio: Clear fixed clock rate at closing EP
| * 9830e738 ALSA: usb-audio: Refcount multiple accesses on the single clock
* | f1d7c141 Merge 0866afaf ("netrom: Fix data-races around sysctl_net_busy_read") into android13-5.15-lts
|\|
| * 0866afaf netrom: Fix data-races around sysctl_net_busy_read
| * c558e54f netrom: Fix a data-race around sysctl_netrom_link_fails_count
| * f9c4d424 netrom: Fix a data-race around sysctl_netrom_routing_control
| * 4eacb242 netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
| * 489e05c6 netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
| * 85f34d35 netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
| * 33081e0f netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
| * f84f7709 netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
| * b8006cb0 netrom: Fix a data-race around sysctl_netrom_transport_timeout
| * 775ed354 netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
| * b3f0bc3a netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
| * bbc21f13 netrom: Fix a data-race around sysctl_netrom_default_path_quality
| * 101277e3 erofs: apply proper VMA alignment for memory mapped files on THP
| * b3c0f553 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
| * bd9c9092 netfilter: nft_ct: fix l3num expectations with inet pseudo family
| * b562ebe2 net/rds: fix WARNING in rds_conn_connect_if_down
| * f0363af9 cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
| * cae33032 net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
| * 8d95465d net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
| * e46274df net: sparx5: Fix use after free inside sparx5_del_mact_entry
| * e77e0b0f geneve: make sure to pull inner header in geneve_rx()
| * be3be07d tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
| * e72b4e5e i40e: disable NAPI right after disabling irqs when handling xsk_pool
| * 533953fa ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
| * ea4e938d net: lan78xx: fix runtime PM count underflow on link stop
| * 5ae5060e mmc: mmci: stm32: fix DMA API overlapping mappings warning
| * 28709304 mmc: mmci: stm32: use a buffer for unaligned DMA requests
* 5356d2f1 Merge branch 'android13-5.15' into branch 'android13-5.15-lts'

Change-Id: I1600e5de84134f976ab67eea3afba1523dbade41
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Binder objects are processed and copied individually into the target
buffer during transactions. Any raw data in-between these objects is
copied as well. However, this raw data copy lacks an out-of-bounds
check. If the raw data exceeds the data section size then the copy
overwrites the offsets section. This eventually triggers an error that
attempts to unwind the processed objects. However, at this point the
offsets used to index these objects are now corrupted.

Unwinding with corrupted offsets can result in decrements of arbitrary
nodes and lead to their premature release. Other users of such nodes are
left with a dangling pointer triggering a use-after-free. This issue is
made evident by the following KASAN report (trimmed):

  ==================================================================
  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c
  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743

  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1
  Hardware name: linux,dummy-virt (DT)
  Call trace:
   _raw_spin_lock+0xe4/0x19c
   binder_free_buf+0x128/0x434
   binder_thread_write+0x8a4/0x3260
   binder_ioctl+0x18f0/0x258c
  [...]

  Allocated by task 743:
   __kmalloc_cache_noprof+0x110/0x270
   binder_new_node+0x50/0x700
   binder_transaction+0x413c/0x6da8
   binder_thread_write+0x978/0x3260
   binder_ioctl+0x18f0/0x258c
  [...]

  Freed by task 745:
   kfree+0xbc/0x208
   binder_thread_read+0x1c5c/0x37d4
   binder_ioctl+0x16d8/0x258c
  [...]
  ==================================================================

To avoid this issue, let's check that the raw data copy is within the
boundaries of the data section.

Fixes: 6d98eb95 ("binder: avoid potential data leakage when copying txn")
Cc: Todd Kjos <tkjos@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Carlos Llamas <cmllamas@google.com>

Bug: 352520660
Link: https://lore.kernel.org/all/20240822182353.2129600-1-cmllamas@google.com/


Change-Id: I1b2dd8403b63e5eeb58904558b7b542141c83fc2
Signed-off-by: Carlos Llamas <cmllamas@google.com>

1 function symbol(s) added
  'int __traceiter_android_vh_mglru_new_gen(void *, void *)'

2 variable symbol(s) added
  'struct tracepoint __tracepoint_android_vh_mglru_new_gen'
  'struct kobject * mm_kobj'

Bug: 342318950
Change-Id: Ifb1f5c8ba10b38c2cdf842cf75711c3492602c83
Signed-off-by: Kameron Lutes <kalutes@google.com>

Add devm_fwnode_pwm_get to qcom abi symbol list.

Bug: 358002701
Bug: 361682076
Change-Id: I8bb3b424d3cda3da5a1eba1826726fa49daa780f
Signed-off-by: kamasali Satyanarayan <quic_kamasali@quicinc.com>
(cherry picked from commit 4ab9f756)
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>

ARC's virtio-balloon management requires MGLRU generation statistics to
be read every time a new MGLRU generation is created.

Adds a vendor hook that is called whenever a new MGLRU generation is
created.

Bug: 342318950

Change-Id: I5ab2c0c18276eb13dd015ea43fc9cfcacb122c1f
Signed-off-by: Kameron Lutes <kalutes@google.com>

This adds support for the FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY
ioctls. The FS_IOC_READ_VERITY_METADATA is missing but from the
documentation, "This is a fairly specialized use case, and most fs-verity
users won’t need this ioctl."

Change-Id: Ia357df8e14ca77d761ca8ae7ac952c7740278e3d
Signed-off-by: Richard Fung <richardfung@google.com>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
(cherry picked from commit 9fe2a036)

The upstream fix is too invasive to backport so we take a similar
fix like http://aosp/2755768

Bug: 355379840
Change-Id: I50258052fbf0c4f8ace7007427037122b4fd02b0
Link: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=cd955bdd


Signed-off-by: Tao Wu <lepton@google.com>

This reverts commit d951cf51 which is
commit f661017e upstream.

It breaks the Android kernel build and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: If757d9acc2096adb98e44845ca21e6cfa67350bd
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

This reverts commit 37d98fb9 which is
commit 87667336 upstream.

It breaks the Android kernel build and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I3540bf48363a60e704c1ed85871a2126fd365261
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

This reverts commit 81f0b319 which is
commit 5fce9417 upstream.

It breaks the Android kernel build and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I98bdae465bdbb52dad7b172899cc8fad81d6cfcd
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

This reverts commit 5c033870 which is
commit b0ec2abf upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: Ia0eb476c521977b863898ceeeaa664daf08bdb88
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Changes in 5.15.153
	io_uring/unix: drop usage of io_uring socket
	io_uring: drop any code related to SCM_RIGHTS
	rcu-tasks: Provide rcu_trace_implies_rcu_gp()
	bpf: Defer the free of inner map when necessary
	selftests: tls: use exact comparison in recv_partial
	ASoC: rt5645: Make LattePanda board DMI match more precise
	x86/xen: Add some null pointer checking to smp.c
	MIPS: Clear Cause.BD in instruction_pointer_set
	HID: multitouch: Add required quirk for Synaptics 0xcddc device
	gen_compile_commands: fix invalid escape sequence warning
	RDMA/mlx5: Fix fortify source warning while accessing Eth segment
	RDMA/mlx5: Relax DEVX access upon modify commands
	riscv: dts: sifive: add missing #interrupt-cells to pmic
	x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
	x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
	net/iucv: fix the allocation size of iucv_path_table array
	parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
	block: sed-opal: handle empty atoms when parsing response
	dm-verity, dm-crypt: align "struct bvec_iter" correctly
	scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
	ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
	drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
	Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
	firewire: core: use long bus reset on gap count error
	ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
	Input: gpio_keys_polled - suppress deferred probe error for gpio
	ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
	ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
	ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
	do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
	s390/dasd: put block allocation in separate function
	s390/dasd: add query PPRC function
	s390/dasd: add copy pair setup
	s390/dasd: add autoquiesce feature
	s390/dasd: Use dev_*() for device log messages
	s390/dasd: fix double module refcount decrement
	nbd: null check for nla_nest_start
	fs/select: rework stack allocation hack for clang
	md: Don't clear MD_CLOSING when the raid is about to stop
	lib/cmdline: Fix an invalid format specifier in an assertion msg
	time: test: Fix incorrect format specifier
	rtc: test: Fix invalid format specifier.
	aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
	timekeeping: Fix cross-timestamp interpolation on counter wrap
	timekeeping: Fix cross-timestamp interpolation corner case decision
	timekeeping: Fix cross-timestamp interpolation for non-x86
	sched/fair: Take the scheduling domain into account in select_idle_core()
	wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
	wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
	wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
	wifi: b43: Stop correct queue in DMA worker when QoS is disabled
	wifi: b43: Disable QoS for bcm4331
	wifi: wilc1000: fix declarations ordering
	wifi: wilc1000: fix RCU usage in connect path
	wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
	wifi: wilc1000: fix multi-vif management when deleting a vif
	wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
	cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
	cpufreq: Explicitly include correct DT includes
	cpufreq: mediatek-hw: Wait for CPU supplies before probing
	sock_diag: annotate data-races around sock_diag_handlers[family]
	inet_diag: annotate data-races around inet_diag_table[]
	bpftool: Silence build warning about calloc()
	af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
	cpufreq: mediatek-hw: Don't error out if supply is not found
	arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
	arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board
	arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card
	arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage
	arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board
	wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
	wifi: iwlwifi: mvm: report beacon protection failures
	wifi: iwlwifi: dbg-tlv: ensure NUL termination
	wifi: iwlwifi: fix EWRD table validity check
	arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
	pwm: atmel-hlcdc: Convert to platform remove callback returning void
	pwm: atmel-hlcdc: Use consistent variable naming
	pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
	net: blackhole_dev: fix build warning for ethh set but not used
	wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
	pwm: sti: Implement .apply() callback
	pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
	wifi: iwlwifi: mvm: don't set replay counters to 0xff
	s390/vdso: drop '-fPIC' from LDFLAGS
	ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
	arm64: dts: mt8183: kukui: Add Type C node
	arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables
	arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs
	arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
	bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
	wireless: Remove redundant 'flush_workqueue()' calls
	wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
	ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
	bus: tegra-aconnect: Update dependency to ARCH_TEGRA
	iommu/amd: Mark interrupt as managed
	wifi: brcmsmac: avoid function pointer casts
	net: ena: Remove ena_select_queue
	ARM: dts: arm: realview: Fix development chip ROM compatible value
	arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values
	arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes
	ARM: dts: imx6dl-yapp4: Move phy reset into switch node
	ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
	ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
	arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
	ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
	ACPI: resource: Do IRQ override on Lunnen Ground laptops
	ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
	ACPI: scan: Fix device check notification handling
	x86, relocs: Ignore relocations in .notes section
	SUNRPC: fix some memleaks in gssx_dec_option_array
	mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
	wifi: rtw88: 8821c: Fix false alarm count
	PCI: Make pci_dev_is_disconnected() helper public for other drivers
	iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
	igb: move PEROUT and EXTTS isr logic to separate functions
	igb: Fix missing time sync events
	Bluetooth: Remove superfluous call to hci_conn_check_pending()
	Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
	Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
	Bluetooth: hci_core: Fix possible buffer overflow
	sr9800: Add check for usbnet_get_endpoints
	bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
	bpf: Fix hashtab overflow check on 32-bit arches
	bpf: Fix stackmap overflow check on 32-bit arches
	ipv6: fib6_rules: flush route cache when rule is changed
	net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
	net: phy: fix phy_get_internal_delay accessing an empty array
	net: hns3: fix kernel crash when 1588 is received on HIP08 devices
	net: hns3: fix port duplex configure error in IMP reset
	net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
	net: phy: dp83822: Fix RGMII TX delay configuration
	OPP: debugfs: Fix warning around icc_get_name()
	tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
	net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
	bpf: net: Change sk_getsockopt() to take the sockptr_t argument
	bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
	ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
	l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
	udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
	net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
	net/x25: fix incorrect parameter validation in the x25_getsockopt() function
	nfp: flower: handle acti_netdevs allocation failure
	dm raid: fix false positive for requeue needed during reshape
	dm: call the resume method on internal suspend
	drm/tegra: dsi: Add missing check for of_find_device_by_node
	drm/tegra: dpaux: Populate AUX bus
	drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe
	drm/tegra: dsi: Make use of the helper function dev_err_probe()
	drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
	drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
	drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+
	drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()
	drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()
	drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe()
	drm/rockchip: inno_hdmi: Fix video timing
	drm: Don't treat 0 as -1 in drm_fixp2int_ceil
	drm/ttm: add ttm_resource_fini v2
	drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
	drm/rockchip: lvds: do not overwrite error code
	drm/rockchip: lvds: do not print scary message when probing defer
	drm/lima: fix a memleak in lima_heap_alloc
	dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
	media: tc358743: register v4l2 async device only after successful setup
	PCI/DPC: Print all TLP Prefixes, not just the first
	perf record: Fix possible incorrect free in record__switch_output()
	HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
	drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
	drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
	perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
	clk: meson: Add missing clocks to axg_clk_regmaps
	media: em28xx: annotate unchecked call to media_device_register()
	media: v4l2-tpg: fix some memleaks in tpg_alloc
	media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
	media: edia: dvbdev: fix a use-after-free
	pinctrl: mediatek: Drop bogus slew rate register range for MT8192
	clk: qcom: reset: Commonize the de/assert functions
	clk: qcom: reset: Ensure write completion on reset de/assertion
	quota: simplify drop_dquot_ref()
	quota: Fix potential NULL pointer dereference
	quota: Fix rcu annotations of inode dquot pointers
	PCI/P2PDMA: Fix a sleeping issue in a RCU read section
	PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
	crypto: xilinx - call finalize with bh disabled
	perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
	drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
	ALSA: seq: fix function cast warnings
	perf stat: Avoid metric-only segv
	ASoC: meson: Use dev_err_probe() helper
	ASoC: meson: aiu: fix function pointer type mismatch
	ASoC: meson: t9015: fix function pointer type mismatch
	powerpc: Force inlining of arch_vmap_p{u/m}d_supported()
	PCI: endpoint: Support NTB transfer between RC and EP
	NTB: EPF: fix possible memory leak in pci_vntb_probe()
	NTB: fix possible name leak in ntb_register_device()
	media: sun8i-di: Fix coefficient writes
	media: sun8i-di: Fix power on/off sequences
	media: sun8i-di: Fix chroma difference threshold
	media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
	media: go7007: add check of return value of go7007_read_addr()
	media: pvrusb2: remove redundant NULL check
	media: pvrusb2: fix pvr2_stream_callback casts
	clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
	drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
	PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
	clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
	clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
	drm/tegra: put drm_gem_object ref on error in tegra_fb_create
	mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
	mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref
	crypto: arm/sha - fix function cast warnings
	drm/tidss: Fix initial plane zpos values
	mtd: maps: physmap-core: fix flash size larger than 32-bit
	mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
	ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
	ASoC: meson: axg-tdm-interface: add frame rate constraint
	HID: amd_sfh: Update HPD sensor structure elements
	drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
	media: pvrusb2: fix uaf in pvr2_context_set_notify
	media: dvb-frontends: avoid stack overflow warnings with clang
	media: go7007: fix a memleak in go7007_load_encoder
	media: ttpci: fix two memleaks in budget_av_attach
	media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
	drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
	powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
	drm/msm/dpu: add division of drm_display_mode's hskew parameter
	module: Add support for default value for module async_probe
	modules: wait do_free_init correctly
	powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
	leds: aw2013: Unlock mutex before destroying it
	leds: sgm3140: Add missing timer cleanup and flash gpio control
	backlight: lm3630a: Initialize backlight_properties on init
	backlight: lm3630a: Don't set bl->props.brightness in get_brightness
	backlight: da9052: Fully initialize backlight_properties during probe
	backlight: lm3639: Fully initialize backlight_properties during probe
	backlight: lp8788: Fully initialize backlight_properties during probe
	sparc32: Fix section mismatch in leon_pci_grpci
	clk: Fix clk_core_get NULL dereference
	clk: zynq: Prevent null pointer dereference caused by kmalloc failure
	ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
	ALSA: usb-audio: Stop parsing channels bits when all channels are found.
	RDMA/srpt: Do not register event handler until srpt device is fully setup
	f2fs: multidevice: support direct IO
	f2fs: invalidate META_MAPPING before IPU/DIO write
	f2fs: replace congestion_wait() calls with io_schedule_timeout()
	f2fs: fix to invalidate META_MAPPING before DIO write
	f2fs: invalidate meta pages only for post_read required inode
	f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
	f2fs: compress: fix to cover normal cluster write with cp_rwsem
	f2fs: compress: fix to check unreleased compressed cluster
	scsi: csiostor: Avoid function pointer casts
	RDMA/device: Fix a race between mad_client and cm_client init
	RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
	scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
	net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
	NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
	NFSv4.2: fix listxattr maximum XDR buffer size
	watchdog: stm32_iwdg: initialize default timeout
	NFS: Fix an off by one in root_nfs_cat()
	f2fs: compress: fix reserve_cblocks counting error when out of space
	afs: Revert "afs: Hide silly-rename files from userspace"
	comedi: comedi_test: Prevent timers rescheduling during deletion
	remoteproc: stm32: use correct format strings on 64-bit
	remoteproc: stm32: Fix incorrect type in assignment for va
	remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef
	tty: vt: fix 20 vs 0x20 typo in EScsiignore
	serial: max310x: fix syntax error in IRQ error message
	tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
	arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
	kconfig: fix infinite loop when expanding a macro at the end of file
	rtc: mt6397: select IRQ_DOMAIN instead of depending on it
	serial: 8250_exar: Don't remove GPIO device on suspend
	staging: greybus: fix get_channel_from_mode() failure path
	usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
	io_uring: don't save/restore iowait state
	nouveau: reset the bo resource bus info after an eviction
	octeontx2-af: Use matching wake_up API variant in CGX command interface
	s390/vtime: fix average steal time calculation
	soc: fsl: dpio: fix kcalloc() argument order
	hsr: Fix uninit-value access in hsr_get_node()
	net: mtk_eth_soc: move MAC_MCR setting to mac_finish()
	net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
	net: ethernet: mtk_eth_soc: fix PPE hanging issue
	packet: annotate data-races around ignore_outgoing
	net: veth: do not manipulate GRO when using XDP
	net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
	vdpa/mlx5: Allow CVQ size changes
	wireguard: receive: annotate data-race around receiving_counter.counter
	rds: introduce acquire/release ordering in acquire/release_in_xmit()
	hsr: Handle failures in module init
	net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
	net/bnx2x: Prevent access to a freed page in page_pool
	octeontx2-af: Use separate handlers for interrupts
	netfilter: nft_set_pipapo: release elements in clone only from destroy path
	netfilter: nf_tables: do not compare internal table flags on updates
	rcu: add a helper to report consolidated flavor QS
	net: report RCU QS on threaded NAPI repolling
	bpf: report RCU QS in cpumap kthread
	net: dsa: mt7530: fix handling of LLDP frames
	net: dsa: mt7530: fix handling of 802.1X PAE frames
	net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
	net: dsa: mt7530: fix handling of all link-local frames
	spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
	regmap: Add missing map->bus check
	remoteproc: stm32: fix incorrect optional pointers
	Linux 5.15.153

Change-Id: Ic4ad7833a51ee87cc486850830eb67e58fe7b49e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Leaf changes summary: 2 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 1 Added variable

1 function symbol(s) added
  'int __traceiter_android_vh_should_end_madvise(void *, struct mm_struct *, bool *, bool *)'

1 variable symbol(s) added
  'struct tracepoint __tracepoint_android_vh_should_end_madvise'

Bug: 307846869

Change-Id: I10618eb52d8d790309e1b650b51eff9129562435
Signed-off-by: zihan ju <zihan.ju@transsion.com>

We introduce an interrupt hook in Android to manage memory compression
using madvise, improving user experience.

Currently, when a user returns to the home screen, memory compression is
triggered using madvise. The vma and PAGEOUT flag are sent to
process_madvise, initiating page reclaim.

However, if an app is re-opened soon after starting compression, the
reclaim process can cause read delays, leading to potential lag.

To resolve this, we propose to skip pte range traversal. By comparing
the vma's task uid with the current app's uid, we can identify and
interrupt the madvise operation for that vma.

Implementing this requires a vendor hook for should_end_madvise. This
allows us to skip traversal, enhancing user experience.

Bug: 307846869

Change-Id: If2bdbc200b7305e92f836353b7356aa115e00705
Signed-off-by: zihan ju <zihan.ju@transsion.com>

This reverts commit 31642219 which is
commit d77e7456 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I30c32ccdd4216c9f29ca4aa5c432518c203f444f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

This reverts commit 0ba485f9 which is
commit b3883ab5 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I0842b75614d98ce9684221054ef091385e01c029
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

This reverts commit a1211bbf which is
commit 3f42b142 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I463294b218695aefd4aea1490e350d1363d8e1ff
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Changes in 5.15.152
	mmc: mmci: stm32: use a buffer for unaligned DMA requests
	mmc: mmci: stm32: fix DMA API overlapping mappings warning
	net: lan78xx: fix runtime PM count underflow on link stop
	ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
	i40e: disable NAPI right after disabling irqs when handling xsk_pool
	tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
	geneve: make sure to pull inner header in geneve_rx()
	net: sparx5: Fix use after free inside sparx5_del_mact_entry
	net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
	net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
	cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
	net/rds: fix WARNING in rds_conn_connect_if_down
	netfilter: nft_ct: fix l3num expectations with inet pseudo family
	netfilter: nf_conntrack_h323: Add protection for bmp length out of range
	erofs: apply proper VMA alignment for memory mapped files on THP
	netrom: Fix a data-race around sysctl_netrom_default_path_quality
	netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
	netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
	netrom: Fix a data-race around sysctl_netrom_transport_timeout
	netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
	netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
	netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
	netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
	netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
	netrom: Fix a data-race around sysctl_netrom_routing_control
	netrom: Fix a data-race around sysctl_netrom_link_fails_count
	netrom: Fix data-races around sysctl_net_busy_read
	ALSA: usb-audio: Refcount multiple accesses on the single clock
	ALSA: usb-audio: Clear fixed clock rate at closing EP
	ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
	ALSA: usb-audio: Properly refcounting clock rate
	ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params()
	ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
	ALSA: usb-audio: Avoid superfluous endpoint setup
	ALSA: usb-audio: Add quirk for Tascam Model 12
	ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless
	ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
	ALSA: usb-audio: add quirk for RODE NT-USB+
	drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions
	nfp: flower: add goto_chain_index for ct entry
	nfp: flower: add hardware offload check for post ct entry
	selftests/mm: switch to bash from sh
	selftests: mm: fix map_hugetlb failure on 64K page size systems
	xhci: process isoc TD properly when there was a transaction error mid TD.
	xhci: handle isoc Babble and Buffer Overrun events properly
	serial: max310x: use regmap methods for SPI batch operations
	serial: max310x: use a separate regmap for each port
	serial: max310x: prevent infinite while() loop in port startup
	drm/amd/pm: do not expose the API used internally only in kv_dpm.c
	drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
	selftests: mptcp: decrease BW in simult flows
	hv_netvsc: use netif_is_bond_master() instead of open code
	hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
	drm/amd/display: Re-arrange FPU code structure for dcn2x
	drm/amd/display: move calcs folder into DML
	drm/amd/display: remove DML Makefile duplicate lines
	drm/amd/display: Increase frame-larger-than for all display_mode_vba files
	getrusage: add the "signal_struct *sig" local variable
	getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
	getrusage: use __for_each_thread()
	getrusage: use sig->stats_lock rather than lock_task_sighand()
	proc: Use task_is_running() for wchan in /proc/$pid/stat
	fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()
	ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all
	ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()
	ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless
	ALSA: usb-audio: Sort quirk table entries
	regmap: allow to define reg_update_bits for no bus configuration
	regmap: Add bulk read/write callbacks into regmap_config
	serial: max310x: make accessing revision id interface-agnostic
	serial: max310x: fix IO data corruption in batched operations
	Linux 5.15.152

Change-Id: Ic1bf6c6e86534d33daf79b64ebb9d475a2177778
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Even though FUSE supports d_canonical_path, the underlying server may
not implement the operation. In that case, follow the same logic for
filesystems that do not have the canonical path operation instead of
returning early from fsnotify_file with an error.

Bug: 326995824
Test: cts-tradefed run commandAndExit cts -m CtsOsTestCases -t android.os.cts.FileObserverTest

Change-Id: Iae618d4159222b06467b9a0bbb67fb67885aa65e
Signed-off-by: Tiffany Yang <ynaffit@google.com>

Steps on the way to 5.15.152

Resolves merge conflicts in:
	sound/usb/quirks.c

Change-Id: Ie7f5429b1471ab1e347e252107d48a3ce6b2939f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Merge bfd36b1d ("ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()") into android13-5.15-lts

Steps on the way to 5.15.152

Merges the above commit away as it is not needed due to previous
reverts.

Change-Id: I96b9a96c5536d0b322b80b36c948e775c13a4e59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Merge a6f53df5 ("ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all") into android13-5.15-lts

Steps on the way to 5.15.152

This reverts the above commit as it is not needed here (we reverted
other commits this was fixing so it's not needed.)

Change-Id: Ia3c76050df6ae5e1769fc8702c0ea122ce3430a1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

Android GKI kernel modules should NOT have the ability to control the
system-wide tracing functionality, nor query to determine if it is on or
not.  So remove the exports of these functions.

Upstream does not wish to do this, so an Android-only change is
required.  See the bug id for details.

Bug: 355584612
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I50f69cd9930ddc6b876c5c1dd86f51cfb2ee1bac

Merge fd63fb84 ("fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()") into android13-5.15-lts

Steps on the way to 5.15.152

Change-Id: Ib8235bdb50ea231720a6d8cd42c37e5e92ba5149
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>