This is the start of the stable review cycle for the 5.4.19 release.
There are 309 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.4.19-rc1
Christophe Leroy <[email protected]>
powerpc/kuap: Fix set direction in allow/prevent_user_access()
Stephen Rothwell <[email protected]>
regulator fix for "regulator: core: Add regulator_is_equal() helper"
David Howells <[email protected]>
rxrpc: Fix service call disconnection
Song Liu <[email protected]>
perf/core: Fix mlock accounting in perf_mmap()
Konstantin Khlebnikov <[email protected]>
clocksource: Prevent double add_timer_on() for watchdog_timer
Thomas Gleixner <[email protected]>
x86/apic/msi: Plug non-maskable MSI affinity race
Aurelien Aptel <[email protected]>
cifs: fix mode bits from dir listing when mounted with modefromsid
Ronnie Sahlberg <[email protected]>
cifs: fail i/o on soft mounts if sessionsetup errors out
Sean Christopherson <[email protected]>
KVM: Play nice with read-only memslots when querying host page size
Sean Christopherson <[email protected]>
KVM: Use vcpu-specific gva->hva translation when querying host page size
Miaohe Lin <[email protected]>
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
Paolo Bonzini <[email protected]>
KVM: x86: fix overlap between SPTE_MMIO_MASK and generation
Sean Christopherson <[email protected]>
KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM
Paolo Bonzini <[email protected]>
KVM: x86: use CPUID to locate host page table reserved bits
Sean Christopherson <[email protected]>
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
Wayne Lin <[email protected]>
drm/dp_mst: Remove VCPI while disabling topology mgr
Josef Bacik <[email protected]>
btrfs: free block groups after free'ing fs trees
Anand Jain <[email protected]>
btrfs: use bool argument in free_root_pointers()
Thomas Gleixner <[email protected]>
x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode
Matti Vaittinen <[email protected]>
mfd: bd70528: Fix hour register mask
Andreas Kemnade <[email protected]>
mfd: rn5t618: Mark ADC control register volatile
Marco Felsch <[email protected]>
mfd: da9062: Fix watchdog compatible string
Cezary Rojewski <[email protected]>
ASoC: Intel: skl_hda_dsp_common: Fix global-out-of-bounds bug
Tariq Toukan <[email protected]>
net/mlx5: Deprecate usage of generic TLS HW capability bit
Maor Gottlieb <[email protected]>
net/mlx5: Fix deadlock in fs_core
Ido Schimmel <[email protected]>
drop_monitor: Do not cancel uninitialized work item
Sudarsana Reddy Kalluru <[email protected]>
qed: Fix timestamping issue for L2 unicast ptp packets.
Eric Dumazet <[email protected]>
ipv6/addrconf: fix potential NULL deref in inet6_set_link_af()
Vinicius Costa Gomes <[email protected]>
taprio: Fix dropping packets when using taprio + ETF offloading
Vinicius Costa Gomes <[email protected]>
taprio: Use taprio_reset_tc() to reset Traffic Classes configuration
Vinicius Costa Gomes <[email protected]>
taprio: Add missing policy validation for flags
Vinicius Costa Gomes <[email protected]>
taprio: Fix still allowing changing the flags during runtime
Vinicius Costa Gomes <[email protected]>
taprio: Fix enabling offload with wrong number of traffic classes
Harini Katakam <[email protected]>
net: macb: Limit maximum GEM TX length in TSO
Harini Katakam <[email protected]>
net: macb: Remove unnecessary alignment check for TSO
Raed Salem <[email protected]>
net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx
Raed Salem <[email protected]>
net/mlx5: IPsec, Fix esp modify function attribute
Florian Fainelli <[email protected]>
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
Dejin Zheng <[email protected]>
net: stmmac: fix a possible endless loop
Cong Wang <[email protected]>
net_sched: fix a resource leak in tcindex_set_parms()
Lorenzo Bianconi <[email protected]>
net: mvneta: move rx_dropped and rx_errors in per-cpu stats
Razvan Stefanescu <[email protected]>
net: dsa: microchip: enable module autoprobe
Florian Fainelli <[email protected]>
net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port
Florian Fainelli <[email protected]>
net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
Madalin Bucur <[email protected]>
dpaa_eth: support all modes with rate adapting PHYs
Jacob Keller <[email protected]>
devlink: report 0 after hitting end in region read
Eric Dumazet <[email protected]>
bonding/alb: properly access headers in bond_alb_xmit()
Marek Vasut <[email protected]>
ASoC: sgtl5000: Fix VDDA and VDDIO comparison
Marek Vasut <[email protected]>
regulator: core: Add regulator_is_equal() helper
Quanyang Wang <[email protected]>
ubifs: Fix memory leak from c->sup_node
Dan Carpenter <[email protected]>
ubi: Fix an error pointer dereference in error handling code
Sascha Hauer <[email protected]>
ubi: fastmap: Fix inverted logic in seen selfcheck
David Hildenbrand <[email protected]>
virtio_balloon: Fix memory leaks on errors in virtballoon_probe()
David Hildenbrand <[email protected]>
virtio-balloon: Fix memory leak when unloading while hinting is in progress
Trond Myklebust <[email protected]>
nfsd: Return the correct number of bytes written to the file
Arnd Bergmann <[email protected]>
nfsd: fix jiffies/time_t mixup in LRU list
Arnd Bergmann <[email protected]>
nfsd: fix delay timer on 32-bit architectures
Yishai Hadas <[email protected]>
IB/core: Fix ODP get user pages flow
Prabhath Sajeepa <[email protected]>
IB/mlx5: Fix outstanding_pi index for GSI qps
Nathan Chancellor <[email protected]>
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
Nathan Chancellor <[email protected]>
net: smc911x: Adjust indentation in smc911x_phy_configure
Nathan Chancellor <[email protected]>
ppp: Adjust indentation into ppp_async_input
Nathan Chancellor <[email protected]>
NFC: pn544: Adjust indentation in pn544_hci_check_presence
Nathan Chancellor <[email protected]>
drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
Nathan Chancellor <[email protected]>
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
Nathan Chancellor <[email protected]>
ext2: Adjust indentation in ext2_fill_super
Nathan Chancellor <[email protected]>
phy: qualcomm: Adjust indentation in read_poll_timeout
Vignesh Raghavendra <[email protected]>
mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two
Asutosh Das <[email protected]>
scsi: ufs: Recheck bkops level if bkops is disabled
Nathan Chancellor <[email protected]>
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
Nathan Chancellor <[email protected]>
scsi: csiostor: Adjust indentation in csio_device_reset
Bart Van Assche <[email protected]>
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
Jerome Brunet <[email protected]>
ASoC: meson: axg-fifo: fix fifo threshold setup
Erdem Aktas <[email protected]>
percpu: Separate decrypted varaibles anytime encryption can be enabled
Casey Schaufler <[email protected]>
broken ping to ipv6 linklocal addresses on debian buster
Miklos Szeredi <[email protected]>
fix up iter on short count in fuse_direct_io()
Daniel Verkamp <[email protected]>
virtio-pci: check name when counting MSI-X vectors
Daniel Verkamp <[email protected]>
virtio-balloon: initialize all vq callbacks
Lyude Paul <[email protected]>
drm/amd/dm/mst: Ignore payload update failures
Stephen Warren <[email protected]>
clk: tegra: Mark fuse clock as critical
Peter Zijlstra <[email protected]>
mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush
Niklas Cassel <[email protected]>
arm64: dts: qcom: qcs404-evb: Set vdd_apc regulator in high power mode
David Hildenbrand <[email protected]>
mm/page_alloc.c: fix uninitialized memmaps on a partially populated last section
Gang He <[email protected]>
ocfs2: fix oops when writing cloned file
Christian Borntraeger <[email protected]>
KVM: s390: do not clobber registers during guest reset/store status
Sean Christopherson <[email protected]>
KVM: x86: Revert "KVM: X86: Fix fpu state crash in kvm guest"
Sean Christopherson <[email protected]>
KVM: x86: Ensure guest's FPU state is loaded when accessing for emulation
Sean Christopherson <[email protected]>
KVM: x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu()
Sean Christopherson <[email protected]>
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
Sean Christopherson <[email protected]>
KVM: x86: Don't let userspace set host-reserved cr4 bits
Sean Christopherson <[email protected]>
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
Boris Ostrovsky <[email protected]>
x86/KVM: Clean up host's steal time structure
Boris Ostrovsky <[email protected]>
x86/kvm: Cache gfn to pfn translation
Boris Ostrovsky <[email protected]>
x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
Boris Ostrovsky <[email protected]>
x86/kvm: Introduce kvm_(un)map_gfn()
Boris Ostrovsky <[email protected]>
x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
John Allen <[email protected]>
kvm/svm: PKU not currently supported
Sean Christopherson <[email protected]>
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
Sean Christopherson <[email protected]>
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
Sean Christopherson <[email protected]>
KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
Marios Pomonis <[email protected]>
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
Marios Pomonis <[email protected]>
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
Marios Pomonis <[email protected]>
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
Jens Axboe <[email protected]>
aio: prevent potential eventfd recursion on poll
Jens Axboe <[email protected]>
eventfd: track eventfd_signal() recursion depth
Coly Li <[email protected]>
bcache: add readahead cache policy options via sysfs interface
Vladis Dronov <[email protected]>
watchdog: fix UAF in reboot notifier handling in watchdog core code
Juergen Gross <[email protected]>
xen/balloon: Support xend-based toolstack take two
Gavin Shan <[email protected]>
tools/kvm_stat: Fix kvm_exit filter name
Sean Young <[email protected]>
media: rc: ensure lirc is initialized before registering input device
Johan Hovold <[email protected]>
media: iguanair: fix endpoint sanity check
Ville Syrjälä <[email protected]>
drm/rect: Avoid division by zero
Peter Rosin <[email protected]>
drm: atmel-hlcdc: prefer a lower pixel-clock than requested
Claudiu Beznea <[email protected]>
drm: atmel-hlcdc: enable clock before configuring timing engine
Claudiu Beznea <[email protected]>
drm: atmel-hlcdc: use double rate for pixel clock only if supported
Andreas Gruenbacher <[email protected]>
gfs2: fix O_SYNC write handling
Christoph Hellwig <[email protected]>
gfs2: move setting current->backing_dev_info
Abhi Das <[email protected]>
gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0
Roberto Bergantinos Corpas <[email protected]>
sunrpc: expiry_time should be seconds not timeval
Brian Norris <[email protected]>
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
Luca Coelho <[email protected]>
iwlwifi: don't throw error when trying to remove IGTK
Stephen Warren <[email protected]>
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
Nikolay Borisov <[email protected]>
btrfs: Correctly handle empty trees in find_first_clear_extent_bit
Josef Bacik <[email protected]>
btrfs: flush write bio if we loop in extent_write_cache_pages
Filipe Manana <[email protected]>
Btrfs: fix race between adding and putting tree mod seq elements and nodes
Josef Bacik <[email protected]>
btrfs: drop log root for dropped roots
Josef Bacik <[email protected]>
btrfs: set trans->drity in btrfs_commit_transaction
Filipe Manana <[email protected]>
Btrfs: fix infinite loop during fsync after rename operations
Filipe Manana <[email protected]>
Btrfs: make deduplication with range including the last block work
Filipe Manana <[email protected]>
Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES
Eric Biggers <[email protected]>
ext4: fix race conditions in ->d_compare() and ->d_hash()
Eric Biggers <[email protected]>
ext4: fix deadlock allocating crypto bounce page from mempool
Vasily Averin <[email protected]>
jbd2_seq_info_next should increase position index
Trond Myklebust <[email protected]>
nfsd: fix filecache lookup
Trond Myklebust <[email protected]>
NFS: Directory page cache pages need to be locked when read
Trond Myklebust <[email protected]>
NFS: Fix memory leaks and corruption in readdir
Arun Easi <[email protected]>
scsi: qla2xxx: Fix unbound NVME response length
Michael Ellerman <[email protected]>
powerpc/futex: Fix incorrect user access blocking
Chuhong Yuan <[email protected]>
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
Herbert Xu <[email protected]>
crypto: api - Fix race condition in crypto_spawn_alg
Tudor Ambarus <[email protected]>
crypto: atmel-aes - Fix counter overflow in CTR mode
Herbert Xu <[email protected]>
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
Ard Biesheuvel <[email protected]>
crypto: arm64/ghash-neon - bump priority to 150
Ard Biesheuvel <[email protected]>
crypto: ccp - set max RSA modulus size for v3 platform devices as well
Jonathan Cameron <[email protected]>
crypto: hisilicon - Use the offset fields in sqe to avoid need to split scatterlists
Herbert Xu <[email protected]>
crypto: api - fix unexpectedly getting generic implementation
Lorenz Bauer <[email protected]>
selftests: bpf: Ignore FIN packets for reuseport tests
Lorenz Bauer <[email protected]>
selftests: bpf: Use a temporary file in test_sockmap
Hangbin Liu <[email protected]>
selftests/bpf: Skip perf hw events test if the setup disabled it
Alexei Starovoitov <[email protected]>
selftests/bpf: Fix test_attach_probe
Jesper Dangaard Brouer <[email protected]>
samples/bpf: Xdp_redirect_cpu fix missing tracepoint attach
Toke Høiland-Jørgensen <[email protected]>
samples/bpf: Don't try to remove user's homedir on clean
Davide Caratti <[email protected]>
tc-testing: fix eBPF tests failure on linux fresh clones
Andrii Nakryiko <[email protected]>
libbpf: Fix realloc usage in bpf_core_find_cands
Amol Grover <[email protected]>
bpf, devmap: Pass lockdep expression to RCU lists
Andrii Nakryiko <[email protected]>
selftests/bpf: Fix perf_buffer test on systems w/ offline CPUs
Björn Töpel <[email protected]>
riscv, bpf: Fix broken BPF tail calls
Nikolay Borisov <[email protected]>
btrfs: Handle another split brain scenario with metadata uuid feature
Josef Bacik <[email protected]>
btrfs: fix improper setting of scanned for range cyclic write cache pages
Herbert Xu <[email protected]>
crypto: pcrypt - Avoid deadlock by using per-instance padata queues
Steven Rostedt (VMware) <[email protected]>
ftrace: Protect ftrace_graph_hash with ftrace_sync
Steven Rostedt (VMware) <[email protected]>
ftrace: Add comment to why rcu_dereference_sched() is open coded
Amol Grover <[email protected]>
tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu
Amol Grover <[email protected]>
tracing: Annotate ftrace_graph_hash pointer with __rcu
Pierre-Louis Bossart <[email protected]>
ASoC: SOF: core: release resources on errors in probe_continue
Ranjani Sridharan <[email protected]>
ASoC: SOF: Introduce state machine for FW boot
Quinn Tran <[email protected]>
scsi: qla2xxx: Fix stuck login session using prli_pend_timer
Mike Snitzer <[email protected]>
dm: fix potential for q->make_request_fn NULL pointer
Mike Snitzer <[email protected]>
dm thin metadata: use pool locking at end of dm_pool_metadata_close
Milan Broz <[email protected]>
dm crypt: fix benbi IV constructor crash if used in authenticated mode
Mikulas Patocka <[email protected]>
dm crypt: fix GFP flags passed to skcipher_request_alloc()
Mikulas Patocka <[email protected]>
dm writecache: fix incorrect flush sequence when doing SSD mode commit
Joe Thornber <[email protected]>
dm space map common: fix to ensure new block isn't already in use
Dmitry Fomichev <[email protected]>
dm zoned: support zone sizes smaller than 128MiB
Chen-Yu Tsai <[email protected]>
ARM: dma-api: fix max_pfn off-by-one error in __dma_supported()
Michael Ellerman <[email protected]>
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
Rafael J. Wysocki <[email protected]>
cpufreq: Avoid creating excessively large stack frames
Rafael J. Wysocki <[email protected]>
PM: core: Fix handling of devices deleted during system-wide resume
Eric Biggers <[email protected]>
f2fs: fix race conditions in ->d_compare() and ->d_hash()
Eric Biggers <[email protected]>
f2fs: fix dcache lookup of !casefolded directories
Chengguang Xu <[email protected]>
f2fs: code cleanup for f2fs_statfs_project()
Chengguang Xu <[email protected]>
f2fs: fix miscounted block limit in f2fs_statfs_project()
Chengguang Xu <[email protected]>
f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
Miklos Szeredi <[email protected]>
ovl: fix lseek overflow on 32bit
Amir Goldstein <[email protected]>
ovl: fix wrong WARN_ON() in ovl_cache_update_ino()
Sven Van Asbroeck <[email protected]>
power: supply: ltc2941-battery-gauge: fix use-after-free
Samuel Holland <[email protected]>
power: supply: axp20x_ac_power: Fix reporting online status
Thomas Renninger <[email protected]>
cpupower: Revert library ABI changes from commit ae2917093fb60bdc1ed3e
Quinn Tran <[email protected]>
scsi: qla2xxx: Fix mtcp dump collection failure
Anand Lodnoor <[email protected]>
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
Gao Xiang <[email protected]>
erofs: fix out-of-bound read for shifted uncompressed block
Geert Uytterhoeven <[email protected]>
scripts/find-unused-docs: Fix massive false positives
Filipe Manana <[email protected]>
fs: allow deduplication of eof block into the end of the destination file
Herbert Xu <[email protected]>
padata: Remove broken queue flushing
Gilad Ben-Yossef <[email protected]>
crypto: ccree - fix PM race condition
Ofir Drang <[email protected]>
crypto: ccree - fix FDE descriptor sequence
Gilad Ben-Yossef <[email protected]>
crypto: ccree - fix pm wrongful error reporting
Gilad Ben-Yossef <[email protected]>
crypto: ccree - fix AEAD decrypt auth fail
Gilad Ben-Yossef <[email protected]>
crypto: ccree - fix backlog memory leak
Herbert Xu <[email protected]>
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
Bitan Biswas <[email protected]>
nvmem: core: fix memory abort in cleanup path
Samuel Holland <[email protected]>
mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
Tianyu Lan <[email protected]>
hv_balloon: Balloon up according to request page number
Pierre-Louis Bossart <[email protected]>
ASoC: SOF: core: free trace on errors
Michał Mirosław <[email protected]>
mmc: sdhci-of-at91: fix memleak on clk_get failure
Zhihao Cheng <[email protected]>
ubifs: Fix deadlock in concurrent bulk-read and writepage
Eric Biggers <[email protected]>
ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
Sascha Hauer <[email protected]>
ubifs: Fix wrong memory allocation
Eric Biggers <[email protected]>
ubifs: don't trigger assertion on invalid no-key filename
Eric Biggers <[email protected]>
fscrypt: don't print name of busy file when removing key
Stephen Boyd <[email protected]>
alarmtimer: Unregister wakeup source when module get fails
Hans de Goede <[email protected]>
ACPI / battery: Deal better with neither design nor full capacity not being reported
Hans de Goede <[email protected]>
ACPI / battery: Use design-cap for capacity calculations if full-cap is not available
Hans de Goede <[email protected]>
ACPI / battery: Deal with design or full capacity being reported as -1
Hans de Goede <[email protected]>
ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards
Linus Walleij <[email protected]>
mmc: spi: Toggle SPI polarity, do not hardcode it
Kishon Vijay Abraham I <[email protected]>
PCI: keystone: Fix error handling when "num-viewport" DT property is not populated
Yurii Monakov <[email protected]>
PCI: keystone: Fix link training retries initiation
Yurii Monakov <[email protected]>
PCI: keystone: Fix outbound region mapping
David Engraf <[email protected]>
PCI: tegra: Fix return value check of pm_runtime_get_sync()
Tom Zanussi <[email protected]>
tracing: Fix now invalid var_ref_vals assumption in trace action
Christophe Leroy <[email protected]>
powerpc/32s: Fix CPU wake-up from sleep mode
Christophe Leroy <[email protected]>
powerpc/32s: Fix bad_kuap_fault()
Pingfan Liu <[email protected]>
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
Sukadev Bhattiprolu <[email protected]>
powerpc/xmon: don't access ASDR in VMs
Christophe Leroy <[email protected]>
powerpc/ptdump: Fix W+X verification
Aneesh Kumar K.V <[email protected]>
powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case
Gerald Schaefer <[email protected]>
s390/mm: fix dynamic pagetable upgrade for hugetlbfs
Alexander Lobakin <[email protected]>
MIPS: boot: fix typo in 'vmlinux.lzma.its' target
Alexander Lobakin <[email protected]>
MIPS: fix indentation of the 'RELOCS' message
Alexander Lobakin <[email protected]>
MIPS: syscalls: fix indentation of the 'SYSNR' message
Christoffer Dall <[email protected]>
KVM: arm64: Only sign-extend MMIO up to register width
Mark Rutland <[email protected]>
KVM: arm/arm64: Correct AArch32 SPSR on exception entry
Mark Rutland <[email protected]>
KVM: arm/arm64: Correct CPSR on exception entry
Mark Rutland <[email protected]>
KVM: arm64: Correct PSTATE on exception entry
Mark Rutland <[email protected]>
arm64: acpi: fix DAIF manipulation with pNMI
Yong Zhi <[email protected]>
ALSA: hda: Add JasperLake PCI ID and codec vid
Hans de Goede <[email protected]>
ALSA: hda: Add Clevo W65_67SB the power_save blacklist
Takashi Iwai <[email protected]>
ALSA: hda: Apply aligned MMIO access only conditionally
Mika Westerberg <[email protected]>
platform/x86: intel_scu_ipc: Fix interrupt support
Pawan Gupta <[email protected]>
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
Kevin Hao <[email protected]>
irqdomain: Fix a memory leak in irq_domain_push_irq()
Gustavo A. R. Silva <[email protected]>
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
Helen Koike <[email protected]>
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
Arnd Bergmann <[email protected]>
media: v4l2-core: compat: ignore native command codes
John Hubbard <[email protected]>
media/v4l2-core: set pages dirty upon releasing DMA buffers
Yang Shi <[email protected]>
mm: move_pages: report the number of non-attempted pages
Wei Yang <[email protected]>
mm: thp: don't need care deferred split queue in memcg charge move path
Dan Williams <[email protected]>
mm/memory_hotplug: fix remove_memory() lockdep splat
Amir Goldstein <[email protected]>
utimes: Clamp the timestamps in notify_change()
zhengbin <[email protected]>
mmc: sdhci-pci: Make function amd_sdhci_reset static
Pingfan Liu <[email protected]>
mm/sparse.c: reset section's mem_map when fully deactivated
Theodore Ts'o <[email protected]>
memcg: fix a crash in wb_workfn when a device disappears
Takashi Iwai <[email protected]>
ALSA: dummy: Fix PCM format loop in proc output
Takashi Iwai <[email protected]>
ALSA: usb-audio: Annotate endianess in Scarlett gen2 quirk
Takashi Iwai <[email protected]>
ALSA: usb-audio: Fix endianess in descriptor validation
Bryan O'Donoghue <[email protected]>
usb: gadget: f_ecm: Use atomic_t to track in-flight request
Bryan O'Donoghue <[email protected]>
usb: gadget: f_ncm: Use atomic_t to track in-flight request
Roger Quadros <[email protected]>
usb: gadget: legacy: set max_speed to super-speed
Peter Chen <[email protected]>
usb: gadget: f_fs: set req->num_sgs as 0 for non-sg transfer
Olof Johansson <[email protected]>
objtool: Silence build output
Jun Li <[email protected]>
usb: typec: tcpci: mask event interrupts when remove driver
Thinh Nguyen <[email protected]>
usb: dwc3: gadget: Delay starting transfer
Thinh Nguyen <[email protected]>
usb: dwc3: gadget: Check END_TRANSFER completion
Navid Emamdoost <[email protected]>
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
Kai-Heng Feng <[email protected]>
Bluetooth: btusb: Disable runtime suspend on Realtek devices
Colin Ian King <[email protected]>
Bluetooth: btusb: fix memory leak on fw
Israel Rukshin <[email protected]>
nvmet: Fix controller use after free
Israel Rukshin <[email protected]>
nvmet: Fix error print message at nvmet_install_queue function
Paul E. McKenney <[email protected]>
rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
Paul E. McKenney <[email protected]>
srcu: Apply *_ONCE() to ->srcu_last_gp_end
Eric Dumazet <[email protected]>
rcu: Avoid data-race in rcu_gp_fqs_check_wake()
Paul E. McKenney <[email protected]>
rcu: Use *_ONCE() to protect lockless ->expmask accesses
Mathieu Desnoyers <[email protected]>
tracing: Fix sched switch start/stop refcount racy updates
Steven Rostedt (VMware) <[email protected]>
tracing/kprobes: Have uname use __get_str() in print_fmt
Lu Shuaibing <[email protected]>
ipc/msg.c: consolidate all xxxctl_down() functions
Kadlecsik József <[email protected]>
netfilter: ipset: fix suspicious RCU usage in find_set_and_id
Oliver Neukum <[email protected]>
mfd: dln2: More sanity checking for endpoints
Will Deacon <[email protected]>
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
Vasundhara Volam <[email protected]>
bnxt_en: Fix logic that disables Bus Master during firmware reset.
Taehee Yoo <[email protected]>
netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init()
Lukas Bulwahn <[email protected]>
MAINTAINERS: correct entries for ISDN/mISDN section
Shannon Nelson <[email protected]>
ionic: fix rxq comp packet type mask
Eric Dumazet <[email protected]>
tcp: clear tp->segs_{in|out} in tcp_disconnect()
Eric Dumazet <[email protected]>
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
Eric Dumazet <[email protected]>
tcp: clear tp->delivered in tcp_disconnect()
Eric Dumazet <[email protected]>
tcp: clear tp->total_retrans in tcp_disconnect()
David Howells <[email protected]>
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
David Howells <[email protected]>
rxrpc: Fix missing active use pinning of rxrpc_local object
David Howells <[email protected]>
rxrpc: Fix insufficient receive notification generation
David Howells <[email protected]>
rxrpc: Fix use-after-free in rxrpc_put_local()
Michael Chan <[email protected]>
bnxt_en: Fix TC queue mapping.
Nicolin Chen <[email protected]>
net: stmmac: Delete txtimer in suspend()
Cong Wang <[email protected]>
net_sched: fix an OOB access in cls_tcindex
Eric Dumazet <[email protected]>
net: hsr: fix possible NULL deref in hsr_handle_frame()
Ridge Kennedy <[email protected]>
l2tp: Allow duplicate session creation with UDP
Taehee Yoo <[email protected]>
gtp: use __GFP_NOWARN to avoid memalloc warning
Eric Dumazet <[email protected]>
cls_rsvp: fix rsvp_policy
Vasundhara Volam <[email protected]>
bnxt_en: Move devlink_register before registering netdev
Arnd Bergmann <[email protected]>
sparc32: fix struct ipc64_perm type definition
-------------
Diffstat:
MAINTAINERS | 6 +-
Makefile | 4 +-
arch/Kconfig | 3 -
arch/arm/include/asm/kvm_emulate.h | 22 ++
arch/arm/include/asm/kvm_mmio.h | 2 +
arch/arm/mach-tegra/sleep-tegra30.S | 11 +
arch/arm/mm/dma-mapping.c | 2 +-
arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 1 +
arch/arm64/crypto/ghash-ce-glue.c | 2 +-
arch/arm64/include/asm/daifflags.h | 11 +-
arch/arm64/include/asm/kvm_emulate.h | 37 ++
arch/arm64/include/asm/kvm_mmio.h | 6 +-
arch/arm64/include/asm/ptrace.h | 1 +
arch/arm64/include/uapi/asm/ptrace.h | 1 +
arch/arm64/kernel/acpi.c | 2 +-
arch/arm64/kvm/inject_fault.c | 70 +++-
arch/mips/Makefile.postlink | 2 +-
arch/mips/boot/Makefile | 2 +-
arch/mips/kernel/syscalls/Makefile | 2 +-
arch/powerpc/Kconfig | 4 +-
arch/powerpc/boot/4xx.c | 2 +-
arch/powerpc/include/asm/book3s/32/kup.h | 22 +-
arch/powerpc/include/asm/book3s/32/pgalloc.h | 8 -
arch/powerpc/include/asm/book3s/64/kup-radix.h | 14 +-
arch/powerpc/include/asm/book3s/64/pgalloc.h | 2 -
arch/powerpc/include/asm/futex.h | 10 +-
arch/powerpc/include/asm/kup.h | 36 +-
arch/powerpc/include/asm/nohash/32/kup-8xx.h | 7 +-
arch/powerpc/include/asm/nohash/pgalloc.h | 8 -
arch/powerpc/include/asm/tlb.h | 11 +
arch/powerpc/include/asm/uaccess.h | 4 +-
arch/powerpc/kernel/entry_32.S | 3 +-
arch/powerpc/kvm/book3s_hv.c | 4 +-
arch/powerpc/kvm/book3s_pr.c | 4 +-
arch/powerpc/kvm/book3s_xive_native.c | 2 +-
arch/powerpc/mm/book3s64/pgtable.c | 7 -
arch/powerpc/mm/fault.c | 2 +-
arch/powerpc/mm/ptdump/ptdump.c | 4 +-
arch/powerpc/platforms/pseries/hotplug-memory.c | 4 +-
arch/powerpc/xmon/xmon.c | 9 +-
arch/riscv/net/bpf_jit_comp.c | 13 +-
arch/s390/include/asm/page.h | 2 +
arch/s390/kvm/kvm-s390.c | 6 +-
arch/s390/mm/hugetlbpage.c | 100 ++++-
arch/sparc/Kconfig | 1 -
arch/sparc/include/asm/tlb_64.h | 9 +
arch/sparc/include/uapi/asm/ipcbuf.h | 22 +-
arch/x86/include/asm/apic.h | 10 +
arch/x86/include/asm/kvm_host.h | 13 +-
arch/x86/include/asm/x86_init.h | 2 +
arch/x86/kernel/apic/apic.c | 23 +-
arch/x86/kernel/apic/msi.c | 128 +++++-
arch/x86/kernel/cpu/tsx.c | 13 +-
arch/x86/kernel/time.c | 12 +-
arch/x86/kernel/x86_init.c | 1 +
arch/x86/kvm/cpuid.c | 4 +-
arch/x86/kvm/emulate.c | 66 +++-
arch/x86/kvm/hyperv.c | 10 +-
arch/x86/kvm/i8259.c | 6 +-
arch/x86/kvm/ioapic.c | 15 +-
arch/x86/kvm/lapic.c | 13 +-
arch/x86/kvm/mmu.c | 107 ++---
arch/x86/kvm/mmutrace.h | 12 +-
arch/x86/kvm/mtrr.c | 8 +-
arch/x86/kvm/paging_tmpl.h | 25 +-
arch/x86/kvm/pmu.h | 18 +-
arch/x86/kvm/svm.c | 6 +
arch/x86/kvm/vmx/capabilities.h | 5 +
arch/x86/kvm/vmx/nested.c | 4 +-
arch/x86/kvm/vmx/pmu_intel.c | 24 +-
arch/x86/kvm/vmx/vmx.c | 3 +
arch/x86/kvm/x86.c | 196 +++++++---
arch/x86/kvm/x86.h | 2 +-
arch/x86/xen/enlighten_pv.c | 1 +
crypto/algapi.c | 46 ++-
crypto/api.c | 7 +-
crypto/internal.h | 1 -
crypto/pcrypt.c | 37 +-
drivers/acpi/battery.c | 75 +++-
drivers/acpi/video_detect.c | 13 +
drivers/base/power/main.c | 42 +-
drivers/bluetooth/btusb.c | 6 +-
drivers/clk/tegra/clk-tegra-periph.c | 6 +-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq-nforce2.c | 2 +-
drivers/cpufreq/cpufreq.c | 147 ++++---
drivers/cpufreq/freq_table.c | 4 +-
drivers/cpufreq/gx-suspmod.c | 2 +-
drivers/cpufreq/intel_pstate.c | 38 +-
drivers/cpufreq/longrun.c | 6 +-
drivers/cpufreq/pcc-cpufreq.c | 2 +-
drivers/cpufreq/sh-cpufreq.c | 2 +-
drivers/cpufreq/unicore2-cpufreq.c | 2 +-
drivers/crypto/atmel-aes.c | 37 +-
drivers/crypto/ccp/ccp-dev-v3.c | 1 +
drivers/crypto/ccree/cc_aead.c | 2 +-
drivers/crypto/ccree/cc_cipher.c | 48 ++-
drivers/crypto/ccree/cc_driver.h | 1 +
drivers/crypto/ccree/cc_pm.c | 30 +-
drivers/crypto/ccree/cc_request_mgr.c | 51 +--
drivers/crypto/ccree/cc_request_mgr.h | 8 -
drivers/crypto/hisilicon/Kconfig | 1 -
drivers/crypto/hisilicon/zip/zip.h | 4 +
drivers/crypto/hisilicon/zip/zip_crypto.c | 92 ++---
drivers/crypto/picoxcell_crypto.c | 15 +-
.../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 +-
drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 18 +-
drivers/gpu/drm/drm_dp_mst_topology.c | 12 +
drivers/gpu/drm/drm_rect.c | 7 +-
drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c | 2 +-
drivers/hv/hv_balloon.c | 13 +-
drivers/infiniband/core/umem_odp.c | 2 +-
drivers/infiniband/hw/mlx5/gsi.c | 3 +-
drivers/md/bcache/bcache.h | 3 +
drivers/md/bcache/request.c | 17 +-
drivers/md/bcache/sysfs.c | 22 ++
drivers/md/dm-crypt.c | 12 +-
drivers/md/dm-thin-metadata.c | 10 +-
drivers/md/dm-writecache.c | 42 +-
drivers/md/dm-zoned-metadata.c | 23 +-
drivers/md/dm.c | 9 +-
drivers/md/persistent-data/dm-space-map-common.c | 27 ++
drivers/md/persistent-data/dm-space-map-common.h | 2 +
drivers/md/persistent-data/dm-space-map-disk.c | 6 +-
drivers/md/persistent-data/dm-space-map-metadata.c | 5 +-
drivers/media/rc/iguanair.c | 2 +-
drivers/media/rc/rc-main.c | 27 +-
drivers/media/usb/uvc/uvc_driver.c | 12 +
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 148 +++----
drivers/media/v4l2-core/videobuf-dma-sg.c | 5 +-
drivers/mfd/axp20x.c | 2 +-
drivers/mfd/da9062-core.c | 2 +-
drivers/mfd/dln2.c | 13 +-
drivers/mfd/rn5t618.c | 1 +
drivers/mmc/host/mmc_spi.c | 11 +-
drivers/mmc/host/sdhci-of-at91.c | 9 +-
drivers/mmc/host/sdhci-pci-core.c | 2 +-
drivers/mtd/spi-nor/spi-nor.c | 9 +-
drivers/mtd/ubi/fastmap.c | 23 +-
drivers/net/bonding/bond_alb.c | 44 ++-
drivers/net/dsa/b53/b53_common.c | 2 +-
drivers/net/dsa/bcm_sf2.c | 4 +-
drivers/net/dsa/microchip/ksz9477_spi.c | 6 +
drivers/net/ethernet/broadcom/bcmsysport.c | 3 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 25 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c | 1 -
drivers/net/ethernet/cadence/macb_main.c | 14 +-
drivers/net/ethernet/dec/tulip/dmfe.c | 7 +-
drivers/net/ethernet/dec/tulip/uli526x.c | 4 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 14 +-
drivers/net/ethernet/marvell/mvneta.c | 27 +-
.../net/ethernet/mellanox/mlx5/core/accel/tls.h | 2 +-
.../mellanox/mlx5/core/en_accel/tls_rxtx.c | 2 +-
.../net/ethernet/mellanox/mlx5/core/fpga/ipsec.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 +-
drivers/net/ethernet/mellanox/mlx5/core/fw.c | 2 +-
drivers/net/ethernet/pensando/ionic/ionic_if.h | 2 +-
drivers/net/ethernet/qlogic/qed/qed_ptp.c | 4 +-
drivers/net/ethernet/smsc/smc911x.c | 2 +-
.../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 1 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +
drivers/net/gtp.c | 4 +-
drivers/net/netdevsim/dev.c | 2 +-
drivers/net/ppp/ppp_async.c | 18 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 1 +
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 10 +-
drivers/net/wireless/marvell/mwifiex/sta_ioctl.c | 1 +
drivers/nfc/pn544/pn544.c | 2 +-
drivers/nvme/target/fabrics-cmd.c | 15 +-
drivers/nvmem/core.c | 8 +-
drivers/of/Kconfig | 4 +
drivers/of/address.c | 6 +-
drivers/pci/controller/dwc/pci-keystone.c | 6 +-
drivers/pci/controller/pci-tegra.c | 2 +-
drivers/phy/qualcomm/phy-qcom-apq8064-sata.c | 2 +-
drivers/platform/x86/intel_scu_ipc.c | 21 +-
drivers/power/supply/axp20x_ac_power.c | 31 +-
drivers/power/supply/ltc2941-battery-gauge.c | 2 +-
drivers/regulator/helpers.c | 14 +
drivers/scsi/csiostor/csio_scsi.c | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 3 +-
drivers/scsi/megaraid/megaraid_sas_fusion.c | 3 +-
drivers/scsi/megaraid/megaraid_sas_fusion.h | 1 +
drivers/scsi/qla2xxx/qla_dbg.c | 6 -
drivers/scsi/qla2xxx/qla_dbg.h | 6 +
drivers/scsi/qla2xxx/qla_def.h | 5 +
drivers/scsi/qla2xxx/qla_init.c | 34 +-
drivers/scsi/qla2xxx/qla_isr.c | 12 +
drivers/scsi/qla2xxx/qla_mbx.c | 3 +-
drivers/scsi/qla2xxx/qla_nx.c | 7 +-
drivers/scsi/qla2xxx/qla_target.c | 1 +
drivers/scsi/qla4xxx/ql4_os.c | 2 +-
drivers/scsi/ufs/ufshcd.c | 3 +
drivers/usb/dwc3/core.h | 2 +
drivers/usb/dwc3/ep0.c | 4 +-
drivers/usb/dwc3/gadget.c | 17 +-
drivers/usb/gadget/function/f_ecm.c | 16 +-
drivers/usb/gadget/function/f_fs.c | 2 +
drivers/usb/gadget/function/f_ncm.c | 17 +-
drivers/usb/gadget/legacy/cdc2.c | 2 +-
drivers/usb/gadget/legacy/g_ffs.c | 2 +-
drivers/usb/gadget/legacy/multi.c | 2 +-
drivers/usb/gadget/legacy/ncm.c | 2 +-
drivers/usb/typec/tcpm/tcpci.c | 6 +
drivers/virtio/virtio_balloon.c | 19 +-
drivers/virtio/virtio_pci_common.c | 2 +-
drivers/watchdog/watchdog_core.c | 35 ++
drivers/watchdog/watchdog_dev.c | 36 +-
drivers/xen/xen-balloon.c | 2 +-
fs/aio.c | 20 +-
fs/attr.c | 23 +-
fs/btrfs/ctree.c | 8 +-
fs/btrfs/ctree.h | 6 +-
fs/btrfs/delayed-ref.c | 8 +-
fs/btrfs/disk-io.c | 22 +-
fs/btrfs/extent_io.c | 55 ++-
fs/btrfs/ioctl.c | 3 +-
fs/btrfs/tests/btrfs-tests.c | 1 -
fs/btrfs/tests/extent-io-tests.c | 9 +
fs/btrfs/transaction.c | 30 +-
fs/btrfs/tree-log.c | 432 +++++++--------------
fs/btrfs/volumes.c | 17 +-
fs/cifs/readdir.c | 3 +-
fs/cifs/smb2pdu.c | 10 +-
fs/configfs/inode.c | 9 +-
fs/crypto/keyring.c | 15 +-
fs/erofs/decompressor.c | 22 +-
fs/eventfd.c | 15 +
fs/ext2/super.c | 6 +-
fs/ext4/dir.c | 9 +-
fs/ext4/page-io.c | 19 +-
fs/f2fs/dir.c | 11 +-
fs/f2fs/file.c | 18 +-
fs/f2fs/super.c | 14 +-
fs/fs-writeback.c | 2 +-
fs/fuse/file.c | 5 +-
fs/gfs2/file.c | 72 ++--
fs/gfs2/lops.c | 2 +-
fs/jbd2/journal.c | 1 +
fs/nfs/dir.c | 47 ++-
fs/nfsd/filecache.c | 6 +
fs/nfsd/nfs4layouts.c | 2 +-
fs/nfsd/nfs4state.c | 2 +-
fs/nfsd/state.h | 2 +-
fs/nfsd/vfs.c | 1 +
fs/ntfs/inode.c | 18 +-
fs/ocfs2/file.c | 14 +-
fs/overlayfs/file.c | 2 +-
fs/overlayfs/readdir.c | 8 +-
fs/read_write.c | 10 +-
fs/ubifs/dir.c | 2 +
fs/ubifs/file.c | 22 +-
fs/ubifs/ioctl.c | 3 +-
fs/ubifs/sb.c | 2 +-
fs/ubifs/super.c | 2 +
fs/utimes.c | 4 +-
include/asm-generic/tlb.h | 22 +-
include/linux/backing-dev.h | 10 +
include/linux/cpufreq.h | 32 +-
include/linux/eventfd.h | 14 +
include/linux/irq.h | 18 +
include/linux/irqdomain.h | 7 +
include/linux/kvm_host.h | 13 +-
include/linux/kvm_types.h | 9 +-
include/linux/mfd/rohm-bd70528.h | 2 +-
include/linux/mlx5/mlx5_ifc.h | 7 +-
include/linux/padata.h | 34 +-
include/linux/percpu-defs.h | 3 +-
include/linux/regulator/consumer.h | 7 +
include/media/v4l2-rect.h | 8 +-
include/net/ipx.h | 5 -
include/sound/hdaudio.h | 77 ++--
include/trace/events/writeback.h | 37 +-
ipc/msg.c | 19 +-
kernel/bpf/devmap.c | 3 +-
kernel/events/core.c | 10 +-
kernel/irq/debugfs.c | 1 +
kernel/irq/irqdomain.c | 1 +
kernel/irq/msi.c | 5 +-
kernel/padata.c | 275 ++++++++-----
kernel/rcu/srcutree.c | 7 +-
kernel/rcu/tree_exp.h | 19 +-
kernel/rcu/tree_plugin.h | 13 +-
kernel/time/alarmtimer.c | 8 +-
kernel/time/clocksource.c | 11 +-
kernel/trace/ftrace.c | 15 +-
kernel/trace/trace.h | 29 +-
kernel/trace/trace_events_hist.c | 53 ++-
kernel/trace/trace_probe.c | 6 +-
kernel/trace/trace_sched_switch.c | 4 +-
lib/test_kasan.c | 1 +
mm/backing-dev.c | 1 +
mm/memcontrol.c | 18 -
mm/memory_hotplug.c | 9 +-
mm/migrate.c | 25 +-
mm/mmu_gather.c | 16 +-
mm/page_alloc.c | 14 +-
mm/sparse.c | 2 +-
net/core/devlink.c | 6 +
net/core/drop_monitor.c | 4 +-
net/hsr/hsr_slave.c | 2 +
net/ipv4/tcp.c | 6 +
net/ipv6/addrconf.c | 3 +
net/l2tp/l2tp_core.c | 7 +-
net/netfilter/ipset/ip_set_core.c | 41 +-
net/rxrpc/af_rxrpc.c | 2 +
net/rxrpc/ar-internal.h | 11 +
net/rxrpc/call_object.c | 4 +-
net/rxrpc/conn_client.c | 3 +-
net/rxrpc/conn_event.c | 30 +-
net/rxrpc/conn_object.c | 3 +-
net/rxrpc/input.c | 6 +-
net/rxrpc/local_object.c | 23 +-
net/rxrpc/output.c | 27 +-
net/rxrpc/peer_event.c | 42 +-
net/sched/cls_rsvp.h | 6 +-
net/sched/cls_tcindex.c | 43 +-
net/sched/sch_taprio.c | 92 +++--
net/sunrpc/auth_gss/svcauth_gss.c | 4 +
samples/bpf/Makefile | 2 +-
samples/bpf/xdp_redirect_cpu_user.c | 59 ++-
scripts/find-unused-docs.sh | 2 +-
security/smack/smack_lsm.c | 41 +-
sound/drivers/dummy.c | 2 +-
sound/pci/hda/hda_intel.c | 4 +
sound/pci/hda/hda_tegra.c | 1 +
sound/pci/hda/patch_hdmi.c | 1 +
sound/soc/codecs/sgtl5000.c | 3 +-
sound/soc/intel/boards/skl_hda_dsp_common.c | 21 +-
sound/soc/meson/axg-fifo.c | 27 +-
sound/soc/meson/axg-fifo.h | 6 +-
sound/soc/meson/axg-frddr.c | 24 +-
sound/soc/meson/axg-toddr.c | 21 +-
sound/soc/sof/core.c | 87 +++--
sound/soc/sof/intel/hda-loader.c | 1 -
sound/soc/sof/intel/hda.c | 4 +-
sound/soc/sof/ipc.c | 17 +-
sound/soc/sof/loader.c | 19 +-
sound/soc/sof/pm.c | 25 +-
sound/soc/sof/sof-priv.h | 11 +-
sound/usb/mixer_scarlett_gen2.c | 46 +--
sound/usb/validate.c | 6 +-
tools/kvm/kvm_stat/kvm_stat | 8 +-
tools/lib/bpf/libbpf.c | 4 +-
tools/objtool/sync-check.sh | 2 -
tools/power/cpupower/lib/cpufreq.c | 78 +++-
tools/power/cpupower/lib/cpufreq.h | 20 +-
tools/power/cpupower/utils/cpufreq-info.c | 12 +-
.../selftests/bpf/prog_tests/attach_probe.c | 7 +-
.../testing/selftests/bpf/prog_tests/perf_buffer.c | 29 +-
.../bpf/prog_tests/stacktrace_build_id_nmi.c | 8 +-
.../bpf/progs/test_select_reuseport_kern.c | 6 +
tools/testing/selftests/bpf/test_sockmap.c | 15 +-
.../tc-testing/plugin-lib/buildebpfPlugin.py | 2 +-
virt/kvm/arm/aarch32.c | 117 +++++-
virt/kvm/arm/mmio.c | 6 +
virt/kvm/async_pf.c | 10 +-
virt/kvm/kvm_main.c | 117 +++++-
358 files changed, 3990 insertions(+), 2199 deletions(-)
From: Cong Wang <[email protected]>
[ Upstream commit 599be01ee567b61f4471ee8078870847d0a11e8e ]
As Eric noticed, tcindex_alloc_perfect_hash() uses cp->hash
to compute the size of memory allocation, but cp->hash is
set again after the allocation, this caused an out-of-bound
access.
So we have to move all cp->hash initialization and computation
before the memory allocation. Move cp->mask and cp->shift together
as cp->hash may need them for computation too.
Reported-and-tested-by: [email protected]
Fixes: 331b72922c5f ("net: sched: RCU cls_tcindex")
Cc: Eric Dumazet <[email protected]>
Cc: John Fastabend <[email protected]>
Cc: Jamal Hadi Salim <[email protected]>
Cc: Jiri Pirko <[email protected]>
Cc: Jakub Kicinski <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/sched/cls_tcindex.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
--- a/net/sched/cls_tcindex.c
+++ b/net/sched/cls_tcindex.c
@@ -333,12 +333,31 @@ tcindex_set_parms(struct net *net, struc
cp->fall_through = p->fall_through;
cp->tp = tp;
+ if (tb[TCA_TCINDEX_HASH])
+ cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
+
+ if (tb[TCA_TCINDEX_MASK])
+ cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
+
+ if (tb[TCA_TCINDEX_SHIFT])
+ cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
+
+ if (!cp->hash) {
+ /* Hash not specified, use perfect hash if the upper limit
+ * of the hashing index is below the threshold.
+ */
+ if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
+ cp->hash = (cp->mask >> cp->shift) + 1;
+ else
+ cp->hash = DEFAULT_HASH_SIZE;
+ }
+
if (p->perfect) {
int i;
if (tcindex_alloc_perfect_hash(net, cp) < 0)
goto errout;
- for (i = 0; i < cp->hash; i++)
+ for (i = 0; i < min(cp->hash, p->hash); i++)
cp->perfect[i].res = p->perfect[i].res;
balloc = 1;
}
@@ -350,15 +369,6 @@ tcindex_set_parms(struct net *net, struc
if (old_r)
cr = r->res;
- if (tb[TCA_TCINDEX_HASH])
- cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
-
- if (tb[TCA_TCINDEX_MASK])
- cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
-
- if (tb[TCA_TCINDEX_SHIFT])
- cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
-
err = -EBUSY;
/* Hash already allocated, make sure that we still meet the
@@ -376,16 +386,6 @@ tcindex_set_parms(struct net *net, struc
if (tb[TCA_TCINDEX_FALL_THROUGH])
cp->fall_through = nla_get_u32(tb[TCA_TCINDEX_FALL_THROUGH]);
- if (!cp->hash) {
- /* Hash not specified, use perfect hash if the upper limit
- * of the hashing index is below the threshold.
- */
- if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
- cp->hash = (cp->mask >> cp->shift) + 1;
- else
- cp->hash = DEFAULT_HASH_SIZE;
- }
-
if (!cp->perfect && !cp->h)
cp->alloc_hash = cp->hash;
From: Thinh Nguyen <[email protected]>
commit c58d8bfc77a2c7f6ff6339b58c9fca7ae6f57e70 upstream.
While the END_TRANSFER command is sent but not completed, any request
dequeue during this time will cause the driver to issue the END_TRANSFER
command. The driver needs to submit the command only once to stop the
controller from processing further. The controller may take more time to
process the same command multiple times unnecessarily. Let's add a flag
DWC3_EP_END_TRANSFER_PENDING to check for this condition.
Fixes: 3aec99154db3 ("usb: dwc3: gadget: remove DWC3_EP_END_TRANSFER_PENDING")
Signed-off-by: Thinh Nguyen <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/dwc3/core.h | 1 +
drivers/usb/dwc3/ep0.c | 4 +++-
drivers/usb/dwc3/gadget.c | 6 +++++-
3 files changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -688,6 +688,7 @@ struct dwc3_ep {
#define DWC3_EP_STALL BIT(1)
#define DWC3_EP_WEDGE BIT(2)
#define DWC3_EP_TRANSFER_STARTED BIT(3)
+#define DWC3_EP_END_TRANSFER_PENDING BIT(4)
#define DWC3_EP_PENDING_REQUEST BIT(5)
/* This last one is specific to EP0 */
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -1136,8 +1136,10 @@ void dwc3_ep0_interrupt(struct dwc3 *dwc
case DWC3_DEPEVT_EPCMDCMPLT:
cmd = DEPEVT_PARAMETER_CMD(event->parameters);
- if (cmd == DWC3_DEPCMD_ENDTRANSFER)
+ if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
+ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
+ }
break;
}
}
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2625,6 +2625,7 @@ static void dwc3_endpoint_interrupt(stru
cmd = DEPEVT_PARAMETER_CMD(event->parameters);
if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
+ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
dwc3_gadget_ep_cleanup_cancelled_requests(dep);
}
@@ -2683,7 +2684,8 @@ static void dwc3_stop_active_transfer(st
u32 cmd;
int ret;
- if (!(dep->flags & DWC3_EP_TRANSFER_STARTED))
+ if (!(dep->flags & DWC3_EP_TRANSFER_STARTED) ||
+ (dep->flags & DWC3_EP_END_TRANSFER_PENDING))
return;
/*
@@ -2728,6 +2730,8 @@ static void dwc3_stop_active_transfer(st
if (!interrupt)
dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
+ else
+ dep->flags |= DWC3_EP_END_TRANSFER_PENDING;
if (dwc3_is_usb31(dwc) || dwc->revision < DWC3_REVISION_310A)
udelay(100);
From: Eric Dumazet <[email protected]>
[ Upstream commit 2b5b8251bc9fe2f9118411f037862ee17cf81e97 ]
hsr_port_get_rcu() can return NULL, so we need to be careful.
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 PID: 10249 Comm: syz-executor.5 Not tainted 5.5.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:199 [inline]
RIP: 0010:hsr_addr_is_self+0x86/0x330 net/hsr/hsr_framereg.c:44
Code: 04 00 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 e8 6b ff 94 f9 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 75 02 00 00 48 8b 43 30 49 39 c6 49 89 47 c0 0f
RSP: 0018:ffffc90000da8a90 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87e0cc33
RDX: 0000000000000006 RSI: ffffffff87e035d5 RDI: 0000000000000000
RBP: ffffc90000da8b20 R08: ffff88808e7de040 R09: ffffed1015d2707c
R10: ffffed1015d2707b R11: ffff8880ae9383db R12: ffff8880a689bc5e
R13: 1ffff920001b5153 R14: 0000000000000030 R15: ffffc90000da8af8
FS: 00007fd7a42be700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32338000 CR3: 00000000a928c000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
hsr_handle_frame+0x1c5/0x630 net/hsr/hsr_slave.c:31
__netif_receive_skb_core+0xfbc/0x30b0 net/core/dev.c:5099
__netif_receive_skb_one_core+0xa8/0x1a0 net/core/dev.c:5196
__netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5312
process_backlog+0x206/0x750 net/core/dev.c:6144
napi_poll net/core/dev.c:6582 [inline]
net_rx_action+0x508/0x1120 net/core/dev.c:6650
__do_softirq+0x262/0x98c kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
</IRQ>
Fixes: c5a759117210 ("net/hsr: Use list_head (and rcu) instead of array for slave devices.")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: syzbot <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/hsr/hsr_slave.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/hsr/hsr_slave.c
+++ b/net/hsr/hsr_slave.c
@@ -27,6 +27,8 @@ static rx_handler_result_t hsr_handle_fr
rcu_read_lock(); /* hsr->node_db, hsr->ports */
port = hsr_port_get_rcu(skb->dev);
+ if (!port)
+ goto finish_pass;
if (hsr_addr_is_self(port->hsr, eth_hdr(skb)->h_source)) {
/* Directly kill frames sent by ourselves */
From: Mathieu Desnoyers <[email protected]>
commit 64ae572bc7d0060429e40e1c8d803ce5eb31a0d6 upstream.
Reading the sched_cmdline_ref and sched_tgid_ref initial state within
tracing_start_sched_switch without holding the sched_register_mutex is
racy against concurrent updates, which can lead to tracepoint probes
being registered more than once (and thus trigger warnings within
tracepoint.c).
[ May be the fix for this bug ]
Link: https://lore.kernel.org/r/[email protected]
Link: http://lkml.kernel.org/r/[email protected]
Cc: [email protected]
CC: Steven Rostedt (VMware) <[email protected]>
CC: Joel Fernandes (Google) <[email protected]>
CC: Peter Zijlstra <[email protected]>
CC: Thomas Gleixner <[email protected]>
CC: Paul E. McKenney <[email protected]>
Reported-by: [email protected]
Fixes: d914ba37d7145 ("tracing: Add support for recording tgid of tasks")
Signed-off-by: Mathieu Desnoyers <[email protected]>
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/trace/trace_sched_switch.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace_sched_switch.c
+++ b/kernel/trace/trace_sched_switch.c
@@ -89,8 +89,10 @@ static void tracing_sched_unregister(voi
static void tracing_start_sched_switch(int ops)
{
- bool sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
+ bool sched_register;
+
mutex_lock(&sched_register_mutex);
+ sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
switch (ops) {
case RECORD_CMDLINE:
From: Steven Rostedt (VMware) <[email protected]>
commit 20279420ae3a8ef4c5d9fedc360a2c37a1dbdf1b upstream.
Thomas Richter reported:
> Test case 66 'Use vfs_getname probe to get syscall args filenames'
> is broken on s390, but works on x86. The test case fails with:
>
> [root@m35lp76 perf]# perf test -F 66
> 66: Use vfs_getname probe to get syscall args filenames
> :Recording open file:
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.004 MB /tmp/__perf_test.perf.data.TCdYj\
> (20 samples) ]
> Looking at perf.data file for vfs_getname records for the file we touched:
> FAILED!
> [root@m35lp76 perf]#
The root cause was the print_fmt of the kprobe event that referenced the
"ustring"
> Setting up the kprobe event using perf command:
>
> # ./perf probe "vfs_getname=getname_flags:72 pathname=filename:ustring"
>
> generates this format file:
> [root@m35lp76 perf]# cat /sys/kernel/debug/tracing/events/probe/\
> vfs_getname/format
> name: vfs_getname
> ID: 1172
> format:
> field:unsigned short common_type; offset:0; size:2; signed:0;
> field:unsigned char common_flags; offset:2; size:1; signed:0;
> field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
> field:int common_pid; offset:4; size:4; signed:1;
>
> field:unsigned long __probe_ip; offset:8; size:8; signed:0;
> field:__data_loc char[] pathname; offset:16; size:4; signed:1;
>
> print fmt: "(%lx) pathname=\"%s\"", REC->__probe_ip, REC->pathname
Instead of using "__get_str(pathname)" it referenced it directly.
Link: http://lkml.kernel.org/r/[email protected]
Cc: [email protected]
Fixes: 88903c464321 ("tracing/probe: Add ustring type for user-space string")
Acked-by: Masami Hiramatsu <[email protected]>
Reported-by: Thomas Richter <[email protected]>
Tested-by: Thomas Richter <[email protected]>
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/trace/trace_probe.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -876,7 +876,8 @@ static int __set_print_fmt(struct trace_
for (i = 0; i < tp->nr_args; i++) {
parg = tp->args + i;
if (parg->count) {
- if (strcmp(parg->type->name, "string") == 0)
+ if ((strcmp(parg->type->name, "string") == 0) ||
+ (strcmp(parg->type->name, "ustring") == 0))
fmt = ", __get_str(%s[%d])";
else
fmt = ", REC->%s[%d]";
@@ -884,7 +885,8 @@ static int __set_print_fmt(struct trace_
pos += snprintf(buf + pos, LEN_OR_ZERO,
fmt, parg->name, j);
} else {
- if (strcmp(parg->type->name, "string") == 0)
+ if ((strcmp(parg->type->name, "string") == 0) ||
+ (strcmp(parg->type->name, "ustring") == 0))
fmt = ", __get_str(%s)";
else
fmt = ", REC->%s";
From: Thinh Nguyen <[email protected]>
commit da10bcdd6f70dc9977f2cf18f4783cf78520623a upstream.
If the END_TRANSFER command hasn't completed yet, then don't send the
START_TRANSFER command. The controller may not be able to start if
that's the case. Some controller revisions depend on this. See
commit 76a638f8ac0d ("usb: dwc3: gadget: wait for End Transfer to
complete"). Let's only send START_TRANSFER command after the
END_TRANSFER command had completed.
Fixes: 3aec99154db3 ("usb: dwc3: gadget: remove DWC3_EP_END_TRANSFER_PENDING")
Signed-off-by: Thinh Nguyen <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/dwc3/core.h | 1 +
drivers/usb/dwc3/gadget.c | 11 +++++++++++
2 files changed, 12 insertions(+)
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -690,6 +690,7 @@ struct dwc3_ep {
#define DWC3_EP_TRANSFER_STARTED BIT(3)
#define DWC3_EP_END_TRANSFER_PENDING BIT(4)
#define DWC3_EP_PENDING_REQUEST BIT(5)
+#define DWC3_EP_DELAY_START BIT(6)
/* This last one is specific to EP0 */
#define DWC3_EP0_DIR_IN BIT(31)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1447,6 +1447,12 @@ static int __dwc3_gadget_ep_queue(struct
list_add_tail(&req->list, &dep->pending_list);
req->status = DWC3_REQUEST_STATUS_QUEUED;
+ /* Start the transfer only after the END_TRANSFER is completed */
+ if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) {
+ dep->flags |= DWC3_EP_DELAY_START;
+ return 0;
+ }
+
/*
* NOTICE: Isochronous endpoints should NEVER be prestarted. We must
* wait for a XferNotReady event so we will know what's the current
@@ -2628,6 +2634,11 @@ static void dwc3_endpoint_interrupt(stru
dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
dwc3_gadget_ep_cleanup_cancelled_requests(dep);
+ if ((dep->flags & DWC3_EP_DELAY_START) &&
+ !usb_endpoint_xfer_isoc(dep->endpoint.desc))
+ __dwc3_gadget_kick_transfer(dep);
+
+ dep->flags &= ~DWC3_EP_DELAY_START;
}
break;
case DWC3_DEPEVT_STREAMEVT:
From: Vasundhara Volam <[email protected]>
[ Upstream commit d407302895d3f3ca3a333c711744a95e0b1b0150 ]
The current logic that calls pci_disable_device() in __bnxt_close_nic()
during firmware reset is flawed. If firmware is still alive, we're
disabling the device too early, causing some firmware commands to
not reach the firmware.
Fix it by moving the logic to bnxt_reset_close(). If firmware is
in fatal condition, we call pci_disable_device() before we free
any of the rings to prevent DMA corruption of the freed rings. If
firmware is still alive, we call pci_disable_device() after the
last firmware message has been sent.
Fixes: 3bc7d4a352ef ("bnxt_en: Add BNXT_STATE_IN_FW_RESET state.")
Signed-off-by: Vasundhara Volam <[email protected]>
Signed-off-by: Michael Chan <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -9273,10 +9273,6 @@ static void __bnxt_close_nic(struct bnxt
bnxt_debug_dev_exit(bp);
bnxt_disable_napi(bp);
del_timer_sync(&bp->timer);
- if (test_bit(BNXT_STATE_IN_FW_RESET, &bp->state) &&
- pci_is_enabled(bp->pdev))
- pci_disable_device(bp->pdev);
-
bnxt_free_skbs(bp);
/* Save ring stats before shutdown */
@@ -10052,8 +10048,15 @@ static void bnxt_fw_reset_close(struct b
{
__bnxt_close_nic(bp, true, false);
bnxt_ulp_irq_stop(bp);
+ /* When firmware is fatal state, disable PCI device to prevent
+ * any potential bad DMAs before freeing kernel memory.
+ */
+ if (test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state))
+ pci_disable_device(bp->pdev);
bnxt_clear_int_mode(bp);
bnxt_hwrm_func_drv_unrgtr(bp);
+ if (pci_is_enabled(bp->pdev))
+ pci_disable_device(bp->pdev);
bnxt_free_ctx_mem(bp);
kfree(bp->ctx);
bp->ctx = NULL;
From: Shannon Nelson <[email protected]>
[ Upstream commit b5ce31b5e11b768b7d685b2bab7db09ad5549493 ]
Be sure to include all the packet type bits in the mask.
Fixes: fbfb8031533c ("ionic: Add hardware init and device commands")
Signed-off-by: Shannon Nelson <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/pensando/ionic/ionic_if.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/pensando/ionic/ionic_if.h
+++ b/drivers/net/ethernet/pensando/ionic/ionic_if.h
@@ -862,7 +862,7 @@ struct ionic_rxq_comp {
#define IONIC_RXQ_COMP_CSUM_F_VLAN 0x40
#define IONIC_RXQ_COMP_CSUM_F_CALC 0x80
u8 pkt_type_color;
-#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x0f
+#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x7f
};
enum ionic_pkt_type {
From: Israel Rukshin <[email protected]>
commit 0b87a2b795d66be7b54779848ef0f3901c5e46fc upstream.
Place the arguments in the correct order.
Fixes: 1672ddb8d691 ("nvmet: Add install_queue callout")
Signed-off-by: Israel Rukshin <[email protected]>
Reviewed-by: Max Gurtovoy <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Keith Busch <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/nvme/target/fabrics-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/nvme/target/fabrics-cmd.c
+++ b/drivers/nvme/target/fabrics-cmd.c
@@ -132,7 +132,7 @@ static u16 nvmet_install_queue(struct nv
if (ret) {
pr_err("failed to install queue %d cntlid %d ret %x\n",
- qid, ret, ctrl->cntlid);
+ qid, ctrl->cntlid, ret);
return ret;
}
}
From: Lukas Bulwahn <[email protected]>
[ Upstream commit dff6bc1bfd462b76dc13ec19dedc2c134a62ac59 ]
Commit 6d97985072dc ("isdn: move capi drivers to staging") cleaned up the
isdn drivers and split the MAINTAINERS section for ISDN, but missed to add
the terminal slash for the two directories mISDN and hardware. Hence, all
files in those directories were not part of the new ISDN/mISDN SUBSYSTEM,
but were considered to be part of "THE REST".
Rectify the situation, and while at it, also complete the section with two
further build files that belong to that subsystem.
This was identified with a small script that finds all files belonging to
"THE REST" according to the current MAINTAINERS file, and I investigated
upon its output.
Fixes: 6d97985072dc ("isdn: move capi drivers to staging")
Signed-off-by: Lukas Bulwahn <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
MAINTAINERS | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -8704,8 +8704,10 @@ L: [email protected] (su
L: [email protected]
W: http://www.isdn4linux.de
S: Maintained
-F: drivers/isdn/mISDN
-F: drivers/isdn/hardware
+F: drivers/isdn/mISDN/
+F: drivers/isdn/hardware/
+F: drivers/isdn/Kconfig
+F: drivers/isdn/Makefile
ISDN/CAPI SUBSYSTEM
M: Karsten Keil <[email protected]>
From: Eric Dumazet <[email protected]>
[ Upstream commit cb3c0e6bdf64d0d124e94ce43cbe4ccbb9b37f51 ]
NLA_BINARY can be confusing, since .len value represents
the max size of the blob.
cls_rsvp really wants user space to provide long enough data
for TCA_RSVP_DST and TCA_RSVP_SRC attributes.
BUG: KMSAN: uninit-value in rsvp_get net/sched/cls_rsvp.h:258 [inline]
BUG: KMSAN: uninit-value in gen_handle net/sched/cls_rsvp.h:402 [inline]
BUG: KMSAN: uninit-value in rsvp_change+0x1ae9/0x4220 net/sched/cls_rsvp.h:572
CPU: 1 PID: 13228 Comm: syz-executor.1 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x220 lib/dump_stack.c:118
kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
__msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
rsvp_get net/sched/cls_rsvp.h:258 [inline]
gen_handle net/sched/cls_rsvp.h:402 [inline]
rsvp_change+0x1ae9/0x4220 net/sched/cls_rsvp.h:572
tc_new_tfilter+0x31fe/0x5010 net/sched/cls_api.c:2104
rtnetlink_rcv_msg+0xcb7/0x1570 net/core/rtnetlink.c:5415
netlink_rcv_skb+0x451/0x650 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5442
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0xf9e/0x1100 net/netlink/af_netlink.c:1328
netlink_sendmsg+0x1248/0x14d0 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:639 [inline]
sock_sendmsg net/socket.c:659 [inline]
____sys_sendmsg+0x12b6/0x1350 net/socket.c:2330
___sys_sendmsg net/socket.c:2384 [inline]
__sys_sendmsg+0x451/0x5f0 net/socket.c:2417
__do_sys_sendmsg net/socket.c:2426 [inline]
__se_sys_sendmsg+0x97/0xb0 net/socket.c:2424
__x64_sys_sendmsg+0x4a/0x70 net/socket.c:2424
do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f269d43dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f269d43e6d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009c2 R14: 00000000004cb338 R15: 000000000075bfd4
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
slab_alloc_node mm/slub.c:2774 [inline]
__kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4382
__kmalloc_reserve net/core/skbuff.c:141 [inline]
__alloc_skb+0x2fd/0xac0 net/core/skbuff.c:209
alloc_skb include/linux/skbuff.h:1049 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1174 [inline]
netlink_sendmsg+0x7d3/0x14d0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:639 [inline]
sock_sendmsg net/socket.c:659 [inline]
____sys_sendmsg+0x12b6/0x1350 net/socket.c:2330
___sys_sendmsg net/socket.c:2384 [inline]
__sys_sendmsg+0x451/0x5f0 net/socket.c:2417
__do_sys_sendmsg net/socket.c:2426 [inline]
__se_sys_sendmsg+0x97/0xb0 net/socket.c:2424
__x64_sys_sendmsg+0x4a/0x70 net/socket.c:2424
do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 6fa8c0144b77 ("[NET_SCHED]: Use nla_policy for attribute validation in classifiers")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: syzbot <[email protected]>
Acked-by: Cong Wang <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/sched/cls_rsvp.h | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -463,10 +463,8 @@ static u32 gen_tunnel(struct rsvp_head *
static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = {
[TCA_RSVP_CLASSID] = { .type = NLA_U32 },
- [TCA_RSVP_DST] = { .type = NLA_BINARY,
- .len = RSVP_DST_LEN * sizeof(u32) },
- [TCA_RSVP_SRC] = { .type = NLA_BINARY,
- .len = RSVP_DST_LEN * sizeof(u32) },
+ [TCA_RSVP_DST] = { .len = RSVP_DST_LEN * sizeof(u32) },
+ [TCA_RSVP_SRC] = { .len = RSVP_DST_LEN * sizeof(u32) },
[TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) },
};
From: Eric Dumazet <[email protected]>
[ Upstream commit c13c48c00a6bc1febc73902505bdec0967bd7095 ]
total_retrans needs to be cleared in tcp_disconnect().
tcp_disconnect() is rarely used, but it is worth fixing it.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: SeongJae Park <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2622,6 +2622,7 @@ int tcp_disconnect(struct sock *sk, int
tcp_set_ca_state(sk, TCP_CA_Open);
tp->is_sack_reneg = 0;
tcp_clear_retrans(tp);
+ tp->total_retrans = 0;
inet_csk_delack_init(sk);
/* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
* issue in __tcp_select_window()
From: Oliver Neukum <[email protected]>
commit 2b8bd606b1e60ca28c765f69c1eedd7d2a2e9dca upstream.
It is not enough to check for the number of endpoints.
The types must also be correct.
Reported-and-tested-by: [email protected]
Signed-off-by: Oliver Neukum <[email protected]>
Reviewed-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Lee Jones <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/mfd/dln2.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/mfd/dln2.c
+++ b/drivers/mfd/dln2.c
@@ -722,6 +722,8 @@ static int dln2_probe(struct usb_interfa
const struct usb_device_id *usb_id)
{
struct usb_host_interface *hostif = interface->cur_altsetting;
+ struct usb_endpoint_descriptor *epin;
+ struct usb_endpoint_descriptor *epout;
struct device *dev = &interface->dev;
struct dln2_dev *dln2;
int ret;
@@ -731,12 +733,19 @@ static int dln2_probe(struct usb_interfa
hostif->desc.bNumEndpoints < 2)
return -ENODEV;
+ epin = &hostif->endpoint[0].desc;
+ epout = &hostif->endpoint[1].desc;
+ if (!usb_endpoint_is_bulk_out(epout))
+ return -ENODEV;
+ if (!usb_endpoint_is_bulk_in(epin))
+ return -ENODEV;
+
dln2 = kzalloc(sizeof(*dln2), GFP_KERNEL);
if (!dln2)
return -ENOMEM;
- dln2->ep_out = hostif->endpoint[0].desc.bEndpointAddress;
- dln2->ep_in = hostif->endpoint[1].desc.bEndpointAddress;
+ dln2->ep_out = epout->bEndpointAddress;
+ dln2->ep_in = epin->bEndpointAddress;
dln2->usb_dev = usb_get_dev(interface_to_usbdev(interface));
dln2->interface = interface;
usb_set_intfdata(interface, dln2);
From: Kadlecsik József <[email protected]>
commit 5038517119d50ed0240059b1d7fc2faa92371c08 upstream.
find_set_and_id() is called when the NFNL_SUBSYS_IPSET mutex is held.
However, in the error path there can be a follow-up recvmsg() without
the mutex held. Use the start() function of struct netlink_dump_control
instead of dump() to verify and report if the specified set does not
exist.
Thanks to Pablo Neira Ayuso for helping me to understand the subleties
of the netlink protocol.
Reported-by: [email protected]
Signed-off-by: Jozsef Kadlecsik <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/netfilter/ipset/ip_set_core.c | 41 +++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 20 deletions(-)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1293,31 +1293,34 @@ ip_set_dump_policy[IPSET_ATTR_CMD_MAX +
};
static int
-dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
+ip_set_dump_start(struct netlink_callback *cb)
{
struct nlmsghdr *nlh = nlmsg_hdr(cb->skb);
int min_len = nlmsg_total_size(sizeof(struct nfgenmsg));
struct nlattr *cda[IPSET_ATTR_CMD_MAX + 1];
struct nlattr *attr = (void *)nlh + min_len;
+ struct sk_buff *skb = cb->skb;
+ struct ip_set_net *inst = ip_set_pernet(sock_net(skb->sk));
u32 dump_type;
- ip_set_id_t index;
int ret;
ret = nla_parse(cda, IPSET_ATTR_CMD_MAX, attr,
nlh->nlmsg_len - min_len,
ip_set_dump_policy, NULL);
if (ret)
- return ret;
+ goto error;
cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
if (cda[IPSET_ATTR_SETNAME]) {
+ ip_set_id_t index;
struct ip_set *set;
set = find_set_and_id(inst, nla_data(cda[IPSET_ATTR_SETNAME]),
&index);
- if (!set)
- return -ENOENT;
-
+ if (!set) {
+ ret = -ENOENT;
+ goto error;
+ }
dump_type = DUMP_ONE;
cb->args[IPSET_CB_INDEX] = index;
} else {
@@ -1333,10 +1336,17 @@ dump_init(struct netlink_callback *cb, s
cb->args[IPSET_CB_DUMP] = dump_type;
return 0;
+
+error:
+ /* We have to create and send the error message manually :-( */
+ if (nlh->nlmsg_flags & NLM_F_ACK) {
+ netlink_ack(cb->skb, nlh, ret, NULL);
+ }
+ return ret;
}
static int
-ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
+ip_set_dump_do(struct sk_buff *skb, struct netlink_callback *cb)
{
ip_set_id_t index = IPSET_INVALID_ID, max;
struct ip_set *set = NULL;
@@ -1347,18 +1357,8 @@ ip_set_dump_start(struct sk_buff *skb, s
bool is_destroyed;
int ret = 0;
- if (!cb->args[IPSET_CB_DUMP]) {
- ret = dump_init(cb, inst);
- if (ret < 0) {
- nlh = nlmsg_hdr(cb->skb);
- /* We have to create and send the error message
- * manually :-(
- */
- if (nlh->nlmsg_flags & NLM_F_ACK)
- netlink_ack(cb->skb, nlh, ret, NULL);
- return ret;
- }
- }
+ if (!cb->args[IPSET_CB_DUMP])
+ return -EINVAL;
if (cb->args[IPSET_CB_INDEX] >= inst->ip_set_max)
goto out;
@@ -1494,7 +1494,8 @@ static int ip_set_dump(struct net *net,
{
struct netlink_dump_control c = {
- .dump = ip_set_dump_start,
+ .start = ip_set_dump_start,
+ .dump = ip_set_dump_do,
.done = ip_set_dump_done,
};
return netlink_dump_start(ctnl, skb, nlh, &c);
From: Eric Dumazet <[email protected]>
[ Upstream commit 784f8344de750a41344f4bbbebb8507a730fc99c ]
tp->segs_in and tp->segs_out need to be cleared in tcp_disconnect().
tcp_disconnect() is rarely used, but it is worth fixing it.
Fixes: 2efd055c53c0 ("tcp: add tcpi_segs_in and tcpi_segs_out to tcp_info")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Marcelo Ricardo Leitner <[email protected]>
Cc: Yuchung Cheng <[email protected]>
Cc: Neal Cardwell <[email protected]>
Acked-by: Neal Cardwell <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2635,6 +2635,8 @@ int tcp_disconnect(struct sock *sk, int
sk->sk_rx_dst = NULL;
tcp_saved_syn_free(tp);
tp->compressed_ack = 0;
+ tp->segs_in = 0;
+ tp->segs_out = 0;
tp->bytes_sent = 0;
tp->bytes_acked = 0;
tp->bytes_received = 0;
From: Eric Dumazet <[email protected]>
[ Upstream commit 2fbdd56251b5c62f96589f39eded277260de7267 ]
tp->delivered needs to be cleared in tcp_disconnect().
tcp_disconnect() is rarely used, but it is worth fixing it.
Fixes: ddf1af6fa00e ("tcp: new delivery accounting")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Yuchung Cheng <[email protected]>
Cc: Neal Cardwell <[email protected]>
Acked-by: Yuchung Cheng <[email protected]>
Acked-by: Neal Cardwell <[email protected]>
Acked-by: Soheil Hassas Yeganeh <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2618,6 +2618,7 @@ int tcp_disconnect(struct sock *sk, int
tp->snd_cwnd = TCP_INIT_CWND;
tp->snd_cwnd_cnt = 0;
tp->window_clamp = 0;
+ tp->delivered = 0;
tp->delivered_ce = 0;
tcp_set_ca_state(sk, TCP_CA_Open);
tp->is_sack_reneg = 0;
From: David Howells <[email protected]>
[ Upstream commit 5273a191dca65a675dc0bcf3909e59c6933e2831 ]
When a call is disconnected, the connection pointer from the call is
cleared to make sure it isn't used again and to prevent further attempted
transmission for the call. Unfortunately, there might be a daemon trying
to use it at the same time to transmit a packet.
Fix this by keeping call->conn set, but setting a flag on the call to
indicate disconnection instead.
Remove also the bits in the transmission functions where the conn pointer is
checked and a ref taken under spinlock as this is now redundant.
Fixes: 8d94aa381dab ("rxrpc: Calls shouldn't hold socket refs")
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/call_object.c | 4 ++--
net/rxrpc/conn_client.c | 3 +--
net/rxrpc/conn_object.c | 4 ++--
net/rxrpc/output.c | 27 +++++++++------------------
5 files changed, 15 insertions(+), 24 deletions(-)
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -490,6 +490,7 @@ enum rxrpc_call_flag {
RXRPC_CALL_RX_HEARD, /* The peer responded at least once to this call */
RXRPC_CALL_RX_UNDERRUN, /* Got data underrun */
RXRPC_CALL_IS_INTR, /* The call is interruptible */
+ RXRPC_CALL_DISCONNECTED, /* The call has been disconnected */
};
/*
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -493,7 +493,7 @@ void rxrpc_release_call(struct rxrpc_soc
_debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn);
- if (conn)
+ if (conn && !test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
rxrpc_disconnect_call(call);
if (call->security)
call->security->free_call_crypto(call);
@@ -569,6 +569,7 @@ static void rxrpc_rcu_destroy_call(struc
struct rxrpc_call *call = container_of(rcu, struct rxrpc_call, rcu);
struct rxrpc_net *rxnet = call->rxnet;
+ rxrpc_put_connection(call->conn);
rxrpc_put_peer(call->peer);
kfree(call->rxtx_buffer);
kfree(call->rxtx_annotations);
@@ -590,7 +591,6 @@ void rxrpc_cleanup_call(struct rxrpc_cal
ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE);
ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags));
- ASSERTCMP(call->conn, ==, NULL);
rxrpc_cleanup_ring(call);
rxrpc_free_skb(call->tx_pending, rxrpc_skb_cleaned);
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -785,6 +785,7 @@ void rxrpc_disconnect_client_call(struct
u32 cid;
spin_lock(&conn->channel_lock);
+ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
cid = call->cid;
if (cid) {
@@ -792,7 +793,6 @@ void rxrpc_disconnect_client_call(struct
chan = &conn->channels[channel];
}
trace_rxrpc_client(conn, channel, rxrpc_client_chan_disconnect);
- call->conn = NULL;
/* Calls that have never actually been assigned a channel can simply be
* discarded. If the conn didn't get used either, it will follow
@@ -908,7 +908,6 @@ out:
spin_unlock(&rxnet->client_conn_cache_lock);
out_2:
spin_unlock(&conn->channel_lock);
- rxrpc_put_connection(conn);
_leave("");
return;
--- a/net/rxrpc/conn_object.c
+++ b/net/rxrpc/conn_object.c
@@ -171,6 +171,8 @@ void __rxrpc_disconnect_call(struct rxrp
_enter("%d,%x", conn->debug_id, call->cid);
+ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
+
if (rcu_access_pointer(chan->call) == call) {
/* Save the result of the call so that we can repeat it if necessary
* through the channel, whilst disposing of the actual call record.
@@ -223,9 +225,7 @@ void rxrpc_disconnect_call(struct rxrpc_
__rxrpc_disconnect_call(conn, call);
spin_unlock(&conn->channel_lock);
- call->conn = NULL;
conn->idle_timestamp = jiffies;
- rxrpc_put_connection(conn);
}
/*
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -129,7 +129,7 @@ static size_t rxrpc_fill_out_ack(struct
int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
rxrpc_serial_t *_serial)
{
- struct rxrpc_connection *conn = NULL;
+ struct rxrpc_connection *conn;
struct rxrpc_ack_buffer *pkt;
struct msghdr msg;
struct kvec iov[2];
@@ -139,18 +139,14 @@ int rxrpc_send_ack_packet(struct rxrpc_c
int ret;
u8 reason;
- spin_lock_bh(&call->lock);
- if (call->conn)
- conn = rxrpc_get_connection_maybe(call->conn);
- spin_unlock_bh(&call->lock);
- if (!conn)
+ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
return -ECONNRESET;
pkt = kzalloc(sizeof(*pkt), GFP_KERNEL);
- if (!pkt) {
- rxrpc_put_connection(conn);
+ if (!pkt)
return -ENOMEM;
- }
+
+ conn = call->conn;
msg.msg_name = &call->peer->srx.transport;
msg.msg_namelen = call->peer->srx.transport_len;
@@ -244,7 +240,6 @@ int rxrpc_send_ack_packet(struct rxrpc_c
}
out:
- rxrpc_put_connection(conn);
kfree(pkt);
return ret;
}
@@ -254,7 +249,7 @@ out:
*/
int rxrpc_send_abort_packet(struct rxrpc_call *call)
{
- struct rxrpc_connection *conn = NULL;
+ struct rxrpc_connection *conn;
struct rxrpc_abort_buffer pkt;
struct msghdr msg;
struct kvec iov[1];
@@ -271,13 +266,11 @@ int rxrpc_send_abort_packet(struct rxrpc
test_bit(RXRPC_CALL_TX_LAST, &call->flags))
return 0;
- spin_lock_bh(&call->lock);
- if (call->conn)
- conn = rxrpc_get_connection_maybe(call->conn);
- spin_unlock_bh(&call->lock);
- if (!conn)
+ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
return -ECONNRESET;
+ conn = call->conn;
+
msg.msg_name = &call->peer->srx.transport;
msg.msg_namelen = call->peer->srx.transport_len;
msg.msg_control = NULL;
@@ -312,8 +305,6 @@ int rxrpc_send_abort_packet(struct rxrpc
trace_rxrpc_tx_packet(call->debug_id, &pkt.whdr,
rxrpc_tx_point_call_abort);
rxrpc_tx_backoff(call, ret);
-
- rxrpc_put_connection(conn);
return ret;
}
From: David Howells <[email protected]>
[ Upstream commit f71dbf2fb28489a79bde0dca1c8adfb9cdb20a6b ]
In rxrpc_input_data(), rxrpc_notify_socket() is called if the base sequence
number of the packet is immediately following the hard-ack point at the end
of the function. However, this isn't sufficient, since the recvmsg side
may have been advancing the window and then overrun the position in which
we're adding - at which point rx_hard_ack >= seq0 and no notification is
generated.
Fix this by always generating a notification at the end of the input
function.
Without this, a long call may stall, possibly indefinitely.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rxrpc/input.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -599,10 +599,8 @@ ack:
false, true,
rxrpc_propose_ack_input_data);
- if (seq0 == READ_ONCE(call->rx_hard_ack) + 1) {
- trace_rxrpc_notify_socket(call->debug_id, serial);
- rxrpc_notify_socket(call);
- }
+ trace_rxrpc_notify_socket(call->debug_id, serial);
+ rxrpc_notify_socket(call);
unlock:
spin_unlock(&call->input_lock);
From: David Howells <[email protected]>
[ Upstream commit fac20b9e738523fc884ee3ea5be360a321cd8bad ]
Fix rxrpc_put_local() to not access local->debug_id after calling
atomic_dec_return() as, unless that returned n==0, we no longer have the
right to access the object.
Fixes: 06d9532fa6b3 ("rxrpc: Fix read-after-free in rxrpc_queue_local()")
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rxrpc/local_object.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/rxrpc/local_object.c
+++ b/net/rxrpc/local_object.c
@@ -364,11 +364,14 @@ void rxrpc_queue_local(struct rxrpc_loca
void rxrpc_put_local(struct rxrpc_local *local)
{
const void *here = __builtin_return_address(0);
+ unsigned int debug_id;
int n;
if (local) {
+ debug_id = local->debug_id;
+
n = atomic_dec_return(&local->usage);
- trace_rxrpc_local(local->debug_id, rxrpc_local_put, n, here);
+ trace_rxrpc_local(debug_id, rxrpc_local_put, n, here);
if (n == 0)
call_rcu(&local->rcu, rxrpc_local_rcu);
On Mon, 10 Feb 2020 at 18:09, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.4.19 release.
> There are 309 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.4.19-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.4.y
git commit: a28430b8529be97d763450b3af54c3958cf9308c
git describe: v5.4.18-310-ga28430b8529b
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.4-oe/build/v5.4.18-310-ga28430b8529b
No regressions (compared to build v5.4.17-404-gdb4707481a60)
No fixes (compared to build v5.4.17-404-gdb4707481a60)
Ran 21744 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* linux-log-parser
* ltp-commands-tests
* ltp-containers-tests
* ltp-math-tests
* ltp-cap_bounds-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* network-basic-tests
* spectre-meltdown-checker-test
* v4l2-compliance
* perf
* kvm-unit-tests
* ltp-open-posix-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
On 10/02/2020 12:29, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.19 release.
> There are 309 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.4:
13 builds: 13 pass, 0 fail
22 boots: 22 pass, 0 fail
40 tests: 40 pass, 0 fail
Linux version: 5.4.19-rc1-ga28430b8529b
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra210-p3450-0000,
tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
On Mon, Feb 10, 2020 at 04:29:16AM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.19 release.
> There are 309 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 158 pass: 158 fail: 0
Qemu test results:
total: 396 pass: 396 fail: 0
Guenter
On 2/10/20 5:29 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.19 release.
> There are 309 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
On Mon, Feb 10, 2020 at 04:29:16AM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.19 release.
> There are 309 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
hello ,
compiled and booted 5.4.19-rc1+ . No new error according to "sudo dmesg -l err"
--
software engineer
rajagiri school of engineering and technology
On Wed, Feb 12, 2020 at 01:05:31PM +0530, Jeffrin Jose wrote:
> On Mon, Feb 10, 2020 at 04:29:16AM -0800, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.4.19 release.
> > There are 309 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > and the diffstat can be found below.
>
> hello ,
>
> compiled and booted 5.4.19-rc1+ . No new error according to "sudo dmesg -l err"
Thanks for testing, there shouldn't be a need to run 'sudo' for that
dmesg command :)
greg k-h
On Wed, Feb 12, 2020 at 05:30:37AM -0800, Greg Kroah-Hartman wrote:
> On Wed, Feb 12, 2020 at 01:05:31PM +0530, Jeffrin Jose wrote:
> > On Mon, Feb 10, 2020 at 04:29:16AM -0800, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 5.4.19 release.
> > > There are 309 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Wed, 12 Feb 2020 12:18:57 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.19-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > > and the diffstat can be found below.
> >
> > hello ,
> >
> > compiled and booted 5.4.19-rc1+ . No new error according to "sudo dmesg -l err"
>
> Thanks for testing, there shouldn't be a need to run 'sudo' for that
> dmesg command :)
>
> greg k-h
hello,
thanks for helping me improve.
i had "CONFIG_SECURITY_DMESG_RESTRICT=y"
i did related to "sudo sysctl kernel.dmesg_restrict=0"
now dmesg without sudo is working.
--
software engineer
rajagiri school of engineering and technology