b2b74a3f0d
115 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
UtsavBalar1231
|
0074f618ea |
Merge remote-tracking branch 'aosp/android-4.19-stable' into android12-base
* aosp/android-4.19-stable:
ANDROID: GKI: fix crc issue with commit
|
||
|
UtsavBalar1231
|
fb6d011c26 |
Revert "block: use current active bfqq to update statistics"
Conflits with UPSTREAM patch
This reverts commit
|
||
Paolo Valente
|
f990f0985e |
Revert "Revert "block, bfq: honor already-setup queue merges""
[ Upstream commit 15729ff8143f8135b03988a100a19e66d7cb7ecd ]
A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").
So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Link: https://lore.kernel.org/r/20211125181510.15004-1-paolo.valente@linaro.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Zhang Wensheng
|
74e610b5ee |
bfq: fix use-after-free in bfq_dispatch_request
[ Upstream commit ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a ] KASAN reports a use-after-free report when doing normal scsi-mq test [69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8 [69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [69832.249069] Workqueue: kblockd blk_mq_run_work_fn [69832.250022] Call Trace: [69832.250541] dump_stack+0x9b/0xce [69832.251232] ? bfq_dispatch_request+0x1045/0x44b0 [69832.252243] print_address_description.constprop.6+0x3e/0x60 [69832.253381] ? __cpuidle_text_end+0x5/0x5 [69832.254211] ? vprintk_func+0x6b/0x120 [69832.254994] ? bfq_dispatch_request+0x1045/0x44b0 [69832.255952] ? bfq_dispatch_request+0x1045/0x44b0 [69832.256914] kasan_report.cold.9+0x22/0x3a [69832.257753] ? bfq_dispatch_request+0x1045/0x44b0 [69832.258755] check_memory_region+0x1c1/0x1e0 [69832.260248] bfq_dispatch_request+0x1045/0x44b0 [69832.261181] ? bfq_bfqq_expire+0x2440/0x2440 [69832.262032] ? blk_mq_delay_run_hw_queues+0xf9/0x170 [69832.263022] __blk_mq_do_dispatch_sched+0x52f/0x830 [69832.264011] ? blk_mq_sched_request_inserted+0x100/0x100 [69832.265101] __blk_mq_sched_dispatch_requests+0x398/0x4f0 [69832.266206] ? blk_mq_do_dispatch_ctx+0x570/0x570 [69832.267147] ? __switch_to+0x5f4/0xee0 [69832.267898] blk_mq_sched_dispatch_requests+0xdf/0x140 [69832.268946] __blk_mq_run_hw_queue+0xc0/0x270 [69832.269840] blk_mq_run_work_fn+0x51/0x60 [69832.278170] process_one_work+0x6d4/0xfe0 [69832.278984] worker_thread+0x91/0xc80 [69832.279726] ? __kthread_parkme+0xb0/0x110 [69832.280554] ? process_one_work+0xfe0/0xfe0 [69832.281414] kthread+0x32d/0x3f0 [69832.282082] ? kthread_park+0x170/0x170 [69832.282849] ret_from_fork+0x1f/0x30 [69832.283573] [69832.283886] Allocated by task 7725: [69832.284599] kasan_save_stack+0x19/0x40 [69832.285385] __kasan_kmalloc.constprop.2+0xc1/0xd0 [69832.286350] kmem_cache_alloc_node+0x13f/0x460 [69832.287237] bfq_get_queue+0x3d4/0x1140 [69832.287993] bfq_get_bfqq_handle_split+0x103/0x510 [69832.289015] bfq_init_rq+0x337/0x2d50 [69832.289749] bfq_insert_requests+0x304/0x4e10 [69832.290634] blk_mq_sched_insert_requests+0x13e/0x390 [69832.291629] blk_mq_flush_plug_list+0x4b4/0x760 [69832.292538] blk_flush_plug_list+0x2c5/0x480 [69832.293392] io_schedule_prepare+0xb2/0xd0 [69832.294209] io_schedule_timeout+0x13/0x80 [69832.295014] wait_for_common_io.constprop.1+0x13c/0x270 [69832.296137] submit_bio_wait+0x103/0x1a0 [69832.296932] blkdev_issue_discard+0xe6/0x160 [69832.297794] blk_ioctl_discard+0x219/0x290 [69832.298614] blkdev_common_ioctl+0x50a/0x1750 [69832.304715] blkdev_ioctl+0x470/0x600 [69832.305474] block_ioctl+0xde/0x120 [69832.306232] vfs_ioctl+0x6c/0xc0 [69832.306877] __se_sys_ioctl+0x90/0xa0 [69832.307629] do_syscall_64+0x2d/0x40 [69832.308362] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [69832.309382] [69832.309701] Freed by task 155: [69832.310328] kasan_save_stack+0x19/0x40 [69832.311121] kasan_set_track+0x1c/0x30 [69832.311868] kasan_set_free_info+0x1b/0x30 [69832.312699] __kasan_slab_free+0x111/0x160 [69832.313524] kmem_cache_free+0x94/0x460 [69832.314367] bfq_put_queue+0x582/0x940 [69832.315112] __bfq_bfqd_reset_in_service+0x166/0x1d0 [69832.317275] bfq_bfqq_expire+0xb27/0x2440 [69832.318084] bfq_dispatch_request+0x697/0x44b0 [69832.318991] __blk_mq_do_dispatch_sched+0x52f/0x830 [69832.319984] __blk_mq_sched_dispatch_requests+0x398/0x4f0 [69832.321087] blk_mq_sched_dispatch_requests+0xdf/0x140 [69832.322225] __blk_mq_run_hw_queue+0xc0/0x270 [69832.323114] blk_mq_run_work_fn+0x51/0x60 [69832.323942] process_one_work+0x6d4/0xfe0 [69832.324772] worker_thread+0x91/0xc80 [69832.325518] kthread+0x32d/0x3f0 [69832.326205] ret_from_fork+0x1f/0x30 [69832.326932] [69832.338297] The buggy address belongs to the object at ffff88802622b968 [69832.338297] which belongs to the cache bfq_queue of size 512 [69832.340766] The buggy address is located 288 bytes inside of [69832.340766] 512-byte region [ffff88802622b968, ffff88802622bb68) [69832.343091] The buggy address belongs to the page: [69832.344097] page:ffffea0000988a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802622a528 pfn:0x26228 [69832.346214] head:ffffea0000988a00 order:2 compound_mapcount:0 compound_pincount:0 [69832.347719] flags: 0x1fffff80010200(slab|head) [69832.348625] raw: 001fffff80010200 ffffea0000dbac08 ffff888017a57650 ffff8880179fe840 [69832.354972] raw: ffff88802622a528 0000000000120008 00000001ffffffff 0000000000000000 [69832.356547] page dumped because: kasan: bad access detected [69832.357652] [69832.357970] Memory state around the buggy address: [69832.358926] ffff88802622b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [69832.360358] ffff88802622ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [69832.361810] >ffff88802622ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [69832.363273] ^ [69832.363975] ffff88802622bb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [69832.375960] ffff88802622bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [69832.377405] ================================================================== In bfq_dispatch_requestfunction, it may have function call: bfq_dispatch_request __bfq_dispatch_request bfq_select_queue bfq_bfqq_expire __bfq_bfqd_reset_in_service bfq_put_queue kmem_cache_free In this function call, in_serv_queue has beed expired and meet the conditions to free. In the function bfq_dispatch_request, the address of in_serv_queue pointing to has been released. For getting the value of idle_timer_disabled, it will get flags value from the address which in_serv_queue pointing to, then the problem of use-after-free happens; Fix the problem by check in_serv_queue == bfqd->in_service_queue, to get the value of idle_timer_disabled if in_serve_queue is equel to bfqd->in_service_queue. If the space of in_serv_queue pointing has been released, this judge will aviod use-after-free problem. And if in_serv_queue may be expired or finished, the idle_timer_disabled will be false which would not give effects to bfq_update_dispatch_stats. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com> Link: https://lore.kernel.org/r/20220303070334.3020168-1-zhangwensheng5@huawei.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
UtsavBalar1231
|
61bba85e05 |
Merge tag 'ASB-2022-03-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2022-03-01 CVE-2020-29368 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-3655 * tag 'ASB-2022-03-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: Linux 4.19.232 tty: n_gsm: fix encoding of control signal octet bit DV xhci: Prevent futile URB re-submissions due to incorrect return value. xhci: re-initialize the HC during resume if HCE was set usb: dwc3: gadget: Let the interrupt handler disable bottom halves. usb: dwc3: pci: Fix Bay Trail phy GPIO mappings USB: serial: option: add Telit LE910R1 compositions USB: serial: option: add support for DW5829e tracefs: Set the group ownership in apply_options() not parse_options() USB: gadget: validate endpoint index for xilinx udc usb: gadget: rndis: add spinlock for rndis response list Revert "USB: serial: ch341: add new Product ID for CH341A" ata: pata_hpt37x: disable primary channel on HPT371 iio: adc: men_z188_adc: Fix a resource leak in an error handling path tracing: Have traceon and traceoff trigger honor the instance fget: clarify and improve __fget_files() implementation memblock: use kfree() to release kmalloced memblock regions Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" gpio: tegra186: Fix chip_data type confusion tty: n_gsm: fix proper link termination after failed open RDMA/ib_srp: Fix a deadlock configfs: fix a race in configfs_{,un}register_subsystem() net/mlx5e: Fix wrong return value on ioctl EEPROM query failure drm/edid: Always set RGB444 openvswitch: Fix setting ipv6 fields causing hw csum failure gso: do not skip outer ip header in case of ipip and net_failover tipc: Fix end of loop tests for list_for_each_entry() net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends ping: remove pr_err from ping_lookup USB: zaurus: support another broken Zaurus sr9700: sanity check for packet length parisc/unaligned: Fix ldw() and stw() unalignment handlers parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel vhost/vsock: don't check owner in vhost_vsock_stop() while releasing cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug Linux 4.19.231 net: macb: Align the dma and coherent dma masks net: usb: qmi_wwan: Add support for Dell DW5829e tracing: Fix tp_printk option related with tp_printk_stop_on_boot ata: libata-core: Disable TRIM on M88V29 kconfig: let 'shell' return enough output for deep path names arm64: dts: meson-gx: add ATF BL32 reserved-memory region netfilter: conntrack: don't refresh sctp entries in closed state irqchip/sifive-plic: Add missing thead,c900-plic match string ARM: OMAP2+: hwmod: Add of_node_put() before break KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Drivers: hv: vmbus: Expose monitor data only when monitor pages are used mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status mtd: rawnand: brcmnand: Refactored code to introduce helper functions lib/iov_iter: initialize "flags" in new pipe_buffer i2c: brcmstb: fix support for DSL and CM variants dmaengine: sh: rcar-dmac: Check for error num after setting mask net: sched: limit TC_ACT_REPEAT loops EDAC: Fix calculation of returned address and next offset in edac_align_ptr() mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() NFS: Do not report writeback errors in nfs_getattr() NFS: LOOKUP_DIRECTORY is also ok with symlinks block/wbt: fix negative inflight counter when remove scsi device ext4: check for out-of-order index extents in ext4_valid_extent_entries() powerpc/lib/sstep: fix 'ptesync' build error ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ALSA: hda: Fix missing codec probe on Shenker Dock 15 ALSA: hda: Fix regression on forced probe mask option libsubcmd: Fix use-after-free for realloc(..., 0) bonding: fix data-races around agg_select_timer drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit ping: fix the dif and sdif check in ping_lookup net: ieee802154: ca8210: Fix lifs/sifs periods net: dsa: lan9303: fix reset on probe iwlwifi: pcie: gen2: fix locking when "HW not ready" iwlwifi: pcie: fix locking when "HW not ready" vsock: remove vsock from connected table when connect is interrupted by a signal mmc: block: fix read single on recovery logic taskstats: Cleanup the use of task->exit_code xfrm: Don't accidentally set RTO_ONLINK in decode_session4() drm/radeon: Fix backlight control on iMac 12,1 iwlwifi: fix use-after-free Revert "module, async: async_synchronize_full() on module init iff async is used" nvme-rdma: fix possible use-after-free in transport error_recovery work nvme: fix a possible use-after-free in controller reset during load quota: make dquot_quota_sync return errors from ->sync_fs vfs: make freeze_super abort when sync_filesystem returns error ax25: improve the incomplete fix to avoid UAF and NPD bugs selftests/zram: Adapt the situation that /dev/zram0 is being used selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Skip max_comp_streams interface on newer kernel net: ieee802154: at86rf230: Stop leaking skb's btrfs: send: in case of IO error log it parisc: Fix sglist access in ccio-dma.c parisc: Fix data TLB miss in sba_unmap_sg serial: parisc: GSC: fix build when IOSAPIC is not set net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Makefile.extrawarn: Move -Wunaligned-access to W=1 Linux 4.19.230 perf: Fix list corruption in perf_cgroup_switch() hwmon: (dell-smm) Speed up setting of fan speed seccomp: Invalidate seccomp mode to catch death failures USB: serial: cp210x: add CPI Bulk Coin Recycler id USB: serial: cp210x: add NCR Retail IO box id USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: option: add ZTE MF286D modem USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: gadget: validate interface OS descriptor requests usb: dwc3: gadget: Prevent core from processing stale TRBs usb: ulpi: Call of_node_put correctly usb: ulpi: Move of_node_put to ulpi_dev_release n_tty: wake up poll(POLLRDNORM) on receiving data vt_ioctl: add array_index_nospec to VT_ACTIVATE vt_ioctl: fix array_index_nospec in vt_setactivate net: amd-xgbe: disable interrupts during pci removal tipc: rate limit warning for received illegal binding update veth: fix races around rq->rx_notify_masked net: fix a memleak when uncloning an skb dst and its metadata net: do not keep the dst cache when uncloning an skb dst and its metadata ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path bonding: pair enable_port with slave_arr_updates ixgbevf: Require large buffers for build_skb on 82599VF usb: f_fs: Fix use-after-free for epfile ARM: dts: imx6qdl-udoo: Properly describe the SD card detect staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: meson: Fix the UART compatible strings perf probe: Fix ppc64 'perf probe add events failed' case net: bridge: fix stale eth hdr pointer in br_dev_xmit ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group bpf: Add kconfig knob for disabling unpriv bpf by default net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend scsi: target: iscsi: Make sure the np under each tpg is unique net: sched: Clarify error message when qdisc kind is unknown NFSv4 expose nfs_parse_server_name function NFSv4 remove zero number of fs_locations entries error check NFSv4.1: Fix uninitialised variable in devicenotify nfs: nfs4clinet: check the return value of kstrdup() NFSv4 only print the label when its queried NFSD: Fix offset type in I/O trace points NFSD: Clamp WRITE offsets NFS: Fix initialisation of nfs_client cl_flags field net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs mmc: sdhci-of-esdhc: Check for error num after setting mask ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Remove ima_policy file before directory integrity: check the return value of audit_log_start() FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file Revert "tracefs: Have tracefs directories not set OTH permission bits by default" ANDROID: GKI: Enable CONFIG_SERIAL_8250_RUNTIME_UARTS=0 Linux 4.19.229 tipc: improve size validations for received domain records moxart: fix potential use-after-free on remove path cgroup-v1: Require capabilities to set release_agent Linux 4.19.228 ext4: fix error handling in ext4_restore_inline_data() EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing rtc: cmos: Evaluate century appropriate selftests: futex: Use variable MAKE instead of make nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe ASoC: max9759: fix underflow in speaker_gain_control_put() ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name ASoC: fsl: Add missing error handling in pcm030_fabric_probe drm/i915/overlay: Prevent divide by zero bugs in scaling net: stmmac: ensure PTP time register reads are consistent net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: ieee802154: Return meaningful error codes from the netlink helpers net: ieee802154: ca8210: Stop leaking skb's net: ieee802154: mcr20a: Fix lifs/sifs periods net: ieee802154: hwsim: Ensure proper channel selection at probe time spi: meson-spicc: add IRQ check in meson_spicc_probe spi: mediatek: Avoid NULL pointer crash in interrupt spi: bcm-qspi: check for valid cs before applying chip select iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() RDMA/mlx4: Don't continue event handler after memory allocation failure Revert "ASoC: mediatek: Check for error clk pointer" block: bio-integrity: Advance seed correctly for larger interval sizes drm/nouveau: fix off by one in BIOS boundary checking ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() audit: improve audit queue handling when "audit=1" on cmdline af_packet: fix data-race in packet_setsockopt / packet_setsockopt rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback tcp: fix possible socket leaks in internal pacing mode netfilter: nat: limit port clash resolution attempts netfilter: nat: remove l4 protocol port rovers ipv4: tcp: send zero IPID in SYNACK messages ipv4: raw: lock the socket in raw_bind() yam: fix a memory leak in yam_siocdevprivate() ibmvnic: don't spin in tasklet ibmvnic: init ->running_cap_crqs early phylib: fix potential use-after-free NFS: Ensure the server has an up to date ctime before renaming NFS: Ensure the server has an up to date ctime before hardlinking ipv6: annotate accesses to fn->fn_sernum drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm: Fix wrong size calculation net-procfs: show net devices bound packet types NFSv4: nfs_atomic_open() can race when looking up a non-regular file NFSv4: Handle case where the lookup of a directory fails hwmon: (lm90) Reduce maximum conversion rate for G781 ipv4: avoid using shared IP generator for connected sockets ping: fix the sk_bound_dev_if match in ping_lookup net: fix information leakage in /proc/net/ptype ipv6_tunnel: Rate limit warning messages scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev i40e: fix unsigned stat widths i40e: Fix queues reservation for XDP i40e: Fix issue when maximum queues is exceeded i40e: Increase delay to 1 s after global EMP reset powerpc/32: Fix boot failure with GCC latent entropy plugin net: sfp: ignore disabled SFP node usb: typec: tcpm: Do not disconnect while receiving VBUS off USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS usb: common: ulpi: Fix crash in ulpi_match() usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge tty: Add support for Brainboxes UC cards. tty: n_gsm: fix SW flow control encoding/handling serial: stm32: fix software flow control transfer serial: 8250: of: Fix mapped region size when using reg-offset property netfilter: nft_payload: do not update layer 4 checksum when mangling fragments drm/etnaviv: relax submit size limits PM: wakeup: simplify the output logic of pm_show_wakelocks() udf: Fix NULL ptr deref when converting from inline format udf: Restore i_lenAlloc when inode expansion fails scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices s390/hypfs: include z/VM guests with access control group set Bluetooth: refactor malicious adv data check ANDROID: Increase x86 cmdline size to 4k Change-Id: Icc3c578b223a53feb469666071df2e1715fa8698 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: drivers/usb/dwc3/gadget.c drivers/usb/gadget/function/f_fs.c |
||
|
UtsavBalar1231
|
e89cfa51e1 |
Merge tag 'ASB-2022-01-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2022-01-01 CVE-2020-14305 CVE-2020-29368 CVE-2021-39633 CVE-2021-39634 * tag 'ASB-2022-01-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: Linux 4.19.224 net: fix use-after-free in tw_timer_handler Input: spaceball - fix parsing of movement data packets Input: appletouch - initialize work before device registration scsi: vmw_pvscsi: Set residual data length conditionally binder: fix async_free_space accounting for empty parcels usb: mtu3: set interval of FS intr and isoc endpoint usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. uapi: fix linux/nfc.h userspace compilation errors nfc: uapi: use kernel size_t to fix user-space builds i2c: validate user data in compat ioctl fsl/fman: Fix missing put_device() call in fman_port_probe selftests/net: udpgso_bench_tx: fix dst ip argument net/mlx5e: Fix wrong features assignment in case of error NFC: st21nfca: Fix memory leak in device probe and remove net: usb: pegasus: Do not drop long Ethernet frames sctp: use call_rcu to free endpoint selftests: Calculate udpgso segment count without header adjustment udp: using datalen to cap ipv6 udp max gso segments scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() selinux: initialize proto variable in selinux_ip_postroute_compat() recordmcount.pl: fix typo in s390 mcount regex platform/x86: apple-gmux: use resource_size() with res Input: i8042 - enable deferred probe quirk for ASUS UM325UA Input: i8042 - add deferred probe support tee: handle lookup of shm with reference count 0 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option Linux 4.19.223 phonet/pep: refuse to enable an unbound pipe hamradio: improve the incomplete fix to avoid NPD hamradio: defer ax25 kfree after unregister_netdev ax25: NPD bug when detaching AX25 device hwmon: (lm90) Do not report 'busy' status bit as alarm KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state usb: gadget: u_ether: fix race in setting MAC address in setup phase f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines x86/pkey: Fix undefined behaviour with PKRU_WD_BIT parisc: Correct completer in lws start ipmi: fix initialization when workqueue allocation fails ipmi: bail out if init_srcu_struct fails Input: atmel_mxt_ts - fix double free in mxt_read_info_block ALSA: drivers: opl3: Fix incorrect use of vp->state ALSA: jack: Check the return value of kstrdup() hwmon: (lm90) Fix usage of CONFIG2 register in detect function sfc: falcon: Check null pointer of rx_queue->page_ring drivers: net: smc911x: Check for error irq fjes: Check for error irq bonding: fix ad_actor_system option setting to default ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module net: skip virtio_net_hdr_set_proto if protocol already set net: accept UFOv6 packages in virtio_net_hdr_to_skb qlcnic: potential dereference null pointer of rx_queue->page_ring netfilter: fix regression in looped (broad|multi)cast's MAC handling IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() spi: change clk_disable_unprepare to clk_unprepare arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode HID: holtek: fix mouse probing block, bfq: fix use after free in bfq_bfqq_expire block, bfq: fix queue removal from weights tree block, bfq: fix decrement of num_active_groups block, bfq: fix asymmetric scenarios detection block, bfq: improve asymmetric scenarios detection net: usb: lan78xx: add Allied Telesis AT29M2-AF Revert "ARM: 8800/1: use choice for kernel unwinders" Linux 4.19.222 xen/netback: don't queue unlimited number of packages xen/netback: fix rx queue stall detection xen/console: harden hvc_xen against event channel storms xen/netfront: harden netfront against event channel storms xen/blkfront: harden blkfront against event channel storms scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() ovl: fix warning in ovl_create_real() fuse: annotate lock in fuse_reverse_inval_entry() media: mxl111sf: change mutex_init() location ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name firmware: arm_scpi: Fix string overflow in SCPI genpd driver Input: touchscreen - avoid bitwise vs logical OR warning ARM: 8800/1: use choice for kernel unwinders mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO ARM: 8805/2: remove unneeded naked function usage net: lan78xx: Avoid unnecessary self assignment mac80211: validate extended element ID is present net: systemport: Add global locking for descriptor lifecycle drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE libata: if T_LENGTH is zero, dma direction should be DMA_NONE timekeeping: Really make sure wall_to_monotonic isn't positive USB: serial: option: add Telit FN990 compositions USB: serial: cp210x: fix CP2105 GPIO registration PCI/MSI: Mask MSI-X vectors only on success PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) USB: gadget: bRequestType is a bitfield, not a enum sit: do not call ipip6_dev_free() from sit_init_net() net/packet: rx_owner_map depends on pg_vec netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc ixgbe: set X550 MDIO speed before talking to PHY igbvf: fix double free in `igbvf_probe` igb: Fix removal of unicast MAC filters of VFs soc/tegra: fuse: Fix bitwise vs. logical OR warning rds: memory leak in __rds_conn_create() dmaengine: st_fdma: fix MODULE_ALIAS sch_cake: do not call cake_destroy() from cake_init() ARM: socfpga: dts: fix qspi node compatible mac80211: track only QoS data frames for admission control x86/sme: Explicitly map new EFI memmap table as encrypted x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol nfsd: fix use-after-free due to delegation race audit: improve robustness of the audit queue handling dm btree remove: fix use after free in rebalance_children() recordmcount.pl: look for jgnop instruction as well as bcrl on s390 mac80211: send ADDBA requests using the tid/queue of the aggregation session hwmon: (dell-smm) Fix warning on /proc/i8k creation error tracing: Fix a kmemleak false positive in tracing_map net: netlink: af_netlink: Prevent empty skb by adding a check on len. i2c: rk3x: Handle a spurious start completion interrupt flag parisc/agp: Annotate parisc agp init functions with __init net/mlx4_en: Update reported link modes for 1/10G drm/msm/dsi: set default num_data_lanes nfc: fix segfault in nfc_genl_dump_devices_done stable: clamp SUBLEVEL in 4.19 FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum ANDROID: GKI: abi workaround for 4.19.221 Linux 4.19.221 net: sched: make function qdisc_free_cb() static net_sched: fix a crash in tc_new_tfilter() irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL irqchip/armada-370-xp: Fix support for Multi-MSI interrupts irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: adc: axp20x_adc: fix charging current reporting on AXP22x iio: at91-sama5d2: Fix incorrect sign extension iio: dln2: Check return value of devm_iio_trigger_register() iio: dln2-adc: Fix lockdep complaint iio: itg3200: Call iio_trigger_notify_done() on error iio: kxsd9: Don't return error code in trigger handler iio: ltr501: Don't return error code in trigger handler iio: mma8452: Fix trigger reference couting iio: stk3310: Don't return error code in interrupt handler iio: trigger: stm32-timer: fix MODULE_ALIAS iio: trigger: Fix reference counting xhci: avoid race between disable slot command and host runtime suspend usb: core: config: using bit mask instead of individual bits xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending usb: core: config: fix validation of wMaxPacketValue entries USB: gadget: zero allocate endpoint 0 buffers USB: gadget: detect too-big endpoint 0 requests net/qla3xxx: fix an error code in ql_adapter_up() net, neigh: clear whole pneigh_entry at alloc time net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net: altera: set a couple error code in probe() net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero tools build: Remove needless libpython-version feature check that breaks test-all fast path mtd: rawnand: fsmc: Take instruction delay into account i40e: Fix pre-set max number of queues for VF ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer qede: validate non LSO skb length block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) tracefs: Set all files to the same group ownership as the mount option aio: fix use-after-free due to missing POLLFREE handling aio: keep poll requests on waitqueue until completed signalfd: use wake_up_pollfree() binder: use wake_up_pollfree() wait: add wake_up_pollfree() libata: add horkage for ASMedia 1092 can: m_can: Disable and ignore ELO interrupt can: pch_can: pch_can_rx_normal: fix use after free clk: qcom: regmap-mux: fix parent clock lookup tracefs: Have new files inherit the ownership of their parent ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: ctl: Fix copy of updated id with element read/write mm: bdi: initialize bdi_min_ratio when bdi is unregistered IB/hfi1: Correct guard on eager buffer deallocation udp: using datalen to cap max gso segments seg6: fix the iif in the IPv6 socket control block nfp: Fix memory leak in nfp_cpp_area_cache_add() bonding: make tx_rebalance_counter an atomic ice: ignore dropped packets during init bpf: Fix the off-by-two error in range markings nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done net: sched: use Qdisc rcu API instead of relying on rtnl lock net: sched: add helper function to take reference to Qdisc net: sched: extend Qdisc with rcu net: sched: rename qdisc_destroy() to qdisc_put() net: core: netlink: add helper refcount dec and lock function can: sja1000: fix use after free in ems_pcmcia_add_card() can: kvaser_usb: get CAN clock frequency from device HID: check for valid USB device for many HID drivers HID: wacom: fix problems when device is not a valid USB device HID: add USB_HID dependancy on some USB HID drivers HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy to hid-prodikeys HID: add hid_is_usb() function to make it simpler for USB detection HID: google: add eel USB id UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Linux 4.19.220 ipmi: msghandler: Make symbol 'remove_work_wq' static parisc: Mark cr16 CPU clocksource unstable on all SMP machines serial: core: fix transmit-buffer reset and memleak serial: pl011: Add ACPI SBSA UART match id tty: serial: msm_serial: Deactivate RX DMA for polling support x86/64/mm: Map all kernel memory into trampoline_pgd usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub xhci: Fix commad ring abort, write all 64 bits to CRCR register. vgacon: Propagate console boot parameters before calling `vc_resize' parisc: Fix "make install" on newer debian releases parisc: Fix KBUILD_IMAGE for self-extracting kernel drm/msm: Do hw_init() before capturing GPU state net/smc: Keep smc_close_final rc during active close net/rds: correct socket tunable error in rds_tcp_tune() net: annotate data-races on txq->xmit_lock_owner net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() siphash: use _unaligned version by default net: mpls: Fix notifications when deleting a device net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() natsemi: xtensa: fix section mismatch warnings i2c: stm32f7: stop dma transfer in case of NACK i2c: stm32f7: recover the bus on access timeout fget: check that the fd still exists after getting a ref to it fs: add fget_many() and fput_many() sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl ipmi: Move remove_work to dedicated workqueue kprobes: Limit max data_size of the kretprobe instances vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit perf hist: Fix memory leak of a perf_hpp_fmt net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile scsi: iscsi: Unblock session then wake up error handler thermal: core: Reset previous low and high trip during thermal zone init btrfs: check-integrity: fix a warning on write caching disabled disk s390/setup: avoid using memblock_enforce_memory_limit platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep net: return correct error code atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait gfs2: Fix length of holes reported at end-of-file of: clk: Make <linux/of_clk.h> self-contained NFSv42: Fix pagecache invalidation after COPY/CLONE shm: extend forced shm destroy to support objects from several IPC nses Change-Id: Ib3edd8f66275790a09e0b5fd3c485679119cfaa4 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: arch/Kconfig drivers/usb/gadget/composite.c fs/file_table.c |
||
|
UtsavBalar1231
|
0ac5096a10 |
Merge tag 'ASB-2021-12-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-12-01 CVE-2021-33909 CVE-2021-38204 CVE-2021-0961 * tag 'ASB-2021-12-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: BACKPORT: arm64: vdso32: suppress error message for 'make mrproper' Linux 4.19.219 tty: hvc: replace BUG_ON() with negative return value xen/netfront: don't trust the backend response data blindly xen/netfront: disentangle tx_skb_freelist xen/netfront: don't read data from request on the ring page xen/netfront: read response from backend only once xen/blkfront: don't trust the backend response data blindly xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: read response from backend only once xen: sync include/xen/interface/io/ring.h with Xen's newest version fuse: release pipe buf after last use NFC: add NCI_UNREG flag to eliminate the race hugetlbfs: flush TLBs correctly after huge_pmd_unshare s390/mm: validate VMA in PGSTE manipulation functions tracing: Check pid filtering when creating events vhost/vsock: fix incorrect used length reported to the guest net: hns3: fix VF RSS failed problem after PF enable multi-TCs net/smc: Don't call clcsock shutdown twice when smc shutdown MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows PM: hibernate: use correct mode for swsusp_close() net/smc: Ensure the active closing peer first closes clcsock ipv6: fix typos in __ip6_finish_output() drm/vc4: fix error code in vc4_create_object() scsi: mpt3sas: Fix kernel panic during drive powercycle test ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE NFSv42: Don't fail clone() unless the OP_CLONE operation failed firmware: arm_scmi: pm: Propagate return value to caller net: ieee802154: handle iftypes as u32 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ARM: dts: BCM5301X: Add interrupt properties to GPIO node ARM: dts: BCM5301X: Fix I2C controller interrupt netfilter: ipvs: Fix reuse connection if RS weight is 0 arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function arm64: dts: marvell: armada-37xx: declare PCIe reset pin pinctrl: armada-37xx: Correct PWM pins definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct mpp definitions PCI: aardvark: Fix checking for link up via LTSSM state PCI: aardvark: Fix link training PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Update comment about disabling link training PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Fix compilation on s390 PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Improve link training PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Fix a leaked reference by adding missing of_node_put() proc/vmcore: fix clearing user buffer by properly using clear_user() xtensa: use CONFIG_USE_OF instead of CONFIG_OF tracing: Fix pid filtering when triggers are attached xen: detect uninitialized xenbus in xenbus_init xen: don't continue xenstore initialization in case of errors fuse: fix page stealing staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts media: cec: copy sequence field for the reply ALSA: ctxfi: Fix out-of-range access binder: fix test regression due to sender_euid change usb: hub: Fix locking issues with address0_mutex usb: hub: Fix usb enumeration issue due to address0 race usb: dwc2: hcd_queue: Fix use of floating point literal USB: serial: option: add Fibocom FM101-GL variants USB: serial: option: add Telit LE910S1 0x9200 composition Revert "net: sched: update default qdisc visibility after Tx queue cnt changes" Revert "serial: core: Fix initializing and restoring termios speed" ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE Linux 4.19.218 soc/tegra: pmc: Fix imbalanced clock disabling in error code path usb: max-3421: Use driver data instead of maintaining a list of bound devices ASoC: DAPM: Cover regression by kctl change notification fix RDMA/netlink: Add __maybe_unused to static inline in C file batman-adv: Don't always reallocate the fragmentation skb head batman-adv: Reserve needed_*room for fragments batman-adv: Consider fragmentation for needed_headroom batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN perf/core: Avoid put_page() when GUP fails drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors drm/udl: fix control-message timeout cfg80211: call cfg80211_stop_ap when switch from P2P_GO type parisc/sticon: fix reverse colors btrfs: fix memory ordering between normal and ordered work functions udf: Fix crash after seekdir x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag ipc: WARN if trying to remove ipc object which is absent hexagon: export raw I/O routines for modules tun: fix bonding active backup with arp monitoring perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server NFC: reorder the logic in nfc_{un,}register_device NFC: reorganize the functions in nci_request i40e: Fix display error code in dmesg i40e: Fix changing previously set num_queue_pairs for PFs i40e: Fix NULL ptr dereference on VSI filter sync i40e: Fix correct max_pkt_size on VF RX queue net: virtio_net_hdr_to_skb: count transport header in UFO platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' mips: lantiq: add support for clk_get_parent() mips: bcm63xx: add support for clk_get_parent() MIPS: generic/yamon-dt: fix uninitialized variable error iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset iavf: check for null in iavf_fix_features net: bnx2x: fix variable dereferenced before check drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set sh: define __BIG_ENDIAN for math-emu sh: fix kconfig unmet dependency warning for FRAME_POINTER f2fs: fix up f2fs_lookup tracepoints maple: fix wrong return value of maple_bus_init(). sh: check return code of request_irq powerpc/dcr: Use cmplwi instead of 3-argument cmpli ALSA: gus: fix null pointer dereference on pointer block powerpc/5200: dts: fix memory node unit name scsi: target: Fix alua_tg_pt_gps_count tracking scsi: target: Fix ordered tag handling MIPS: sni: Fix the build tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc ALSA: ISA: not for M68K usb: host: ohci-tmio: check return value after calling platform_get_resource() ARM: dts: omap: fix gpmc,mux-add-data type firmware_loader: fix pre-allocated buf built-in firmware use scsi: advansys: Fix kernel pointer leak ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect arm64: dts: freescale: fix arm,sp805 compatible string usb: typec: tipd: Remove WARN_ON in tps6598x_block_read usb: musb: tusb6010: check return value after calling platform_get_resource() arm64: dts: hisilicon: fix arm,sp805 compatible string scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() arm64: zynqmp: Fix serial compatible string arm64: zynqmp: Do not duplicate flash partition label property erofs: fix unsafe pagevec reuse of hooked pclusters erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() PCI: Add MSI masking quirk for Nvidia ION AHCI PCI/MSI: Deal with devices lying about their MSI mask capability PCI/MSI: Destroy sysfs before freeing entries parisc/entry: fix trace test in syscall exit path fortify: Explicitly disable Clang support ext4: fix lazy initialization next schedule time computation in more granular unit x86/cpu: Fix migration safety with X86_BUG_NULL_SEL fuse: truncate pagecache on atomic_o_trunc PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros s390/tape: fix timer initialization in tape_std_assign() s390/cio: check the subchannel validity for dev_busid video: backlight: Drop maximum brightness override for brightness zero backlight: gpio-backlight: Correct initial power state handling mm, oom: do not trigger out_of_memory from the #PF mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC powerpc/security: Add a helper to query stf_barrier type powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 powerpc/bpf: Validate branch ranges powerpc/lib: Add helper to check if offset is within conditional branch range 9p/net: fix missing error check in p9_check_errors f2fs: should use GFP_NOFS for directory inodes ARM: 9156/1: drop cc-option fallbacks for architecture selection ARM: 9155/1: fix early early_iounmap() USB: chipidea: fix interrupt deadlock cxgb4: fix eeprom len when diagnostics not implemented vsock: prevent unnecessary refcnt inc for nonblocking connect arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails llc: fix out-of-bound array index in llc_sk_dev_hash() zram: off by one in read_block_state() mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses net: davinci_emac: Fix interrupt pacing disable xen-pciback: Fix return in pm_ctrl_init() i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' scsi: qla2xxx: Turn off target reset during issue_lip scsi: qla2xxx: Fix gnl list corruption ar7: fix kernel builds for compiler test watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT m68k: set a default value for MEMORY_RESERVE dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` netfilter: nfnetlink_queue: fix OOB when mac header was cleared auxdisplay: ht16k33: Fix frame buffer device blanking auxdisplay: ht16k33: Connect backlight to fbdev auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() fs: orangefs: fix error return code of orangefs_revalidate_lookup() NFS: Fix deadlocks in nfs_scan_commit_list() PCI: aardvark: Don't spam about PIO Response Status drm/plane-helper: fix uninitialized variable reference pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined apparmor: fix error check power: supply: bq27xxx: Fix kernel crash on IRQ handler register error mips: cm: Convert to bitfield API to fix out-of-bounds access serial: xilinx_uartps: Fix race condition causing stuck TX phy: qcom-qusb2: Fix a memory leak on probe ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER ASoC: cs42l42: Correct some register default values RDMA/mlx4: Return missed an error if device doesn't support steering scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() power: supply: rt5033_battery: Change voltage values to µV usb: gadget: hid: fix error code in do_config() serial: 8250_dw: Drop wrong use of ACPI_PTR() video: fbdev: chipsfb: use memset_io() instead of memset() memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe soc/tegra: Fix an error handling path in tegra_powergate_power_up() arm: dts: omap3-gta04a4: accelerometer irq fix ALSA: hda: Reduce udelay() at SKL+ position reporting JFS: fix memleak in jfs_mount MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT scsi: dc395: Fix error case unwinding ARM: dts: at91: tse850: the emac<->phy interface is rmii RDMA/bnxt_re: Fix query SRQ failure arm64: dts: rockchip: Fix GPU register width for RK3328 ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() RDMA/rxe: Fix wrong port_cap_flags ibmvnic: Process crqs after enabling interrupts selftests/bpf: Fix fclose/pclose mismatch in test_progs crypto: pcrypt - Delay write to padata->info net: phylink: avoid mvneta warning when setting pause parameters net: amd-xgbe: Toggle PLL settings during rate change wcn36xx: add proper DMA memory barriers in rx path libertas: Fix possible memory leak in probe and disconnect libertas_tf: Fix possible memory leak in probe and disconnect KVM: s390: Fix handle_sske page fault handling samples/kretprobes: Fix return value if register_kretprobe() failed tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() irq: mips: avoid nested irq_enter() s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi drm/msm: Fix potential NULL dereference in DPU SSPP clocksource/drivers/timer-ti-dm: Select TIMER_OF PM: hibernate: fix sparse warnings nvme-rdma: fix error code in nvme_rdma_setup_ctrl phy: micrel: ksz8041nl: do not use power down mode mwifiex: Send DELBA requests according to spec rsi: stop thread firstly in rsi_91x_init() error handling platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning mmc: mxs-mmc: disable regulator on error and in the remove function net: stream: don't purge sk_error_queue in sk_stream_kill_queues() drm/msm: uninitialized variable in msm_gem_import() ath10k: fix max antenna gain unit hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff hwmon: Fix possible memleak in __hwmon_device_register() memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() memstick: avoid out-of-range warning mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured b43: fix a lower bounds test b43legacy: fix a lower bounds test hwrng: mtk - Force runtime pm ops for sleep ops crypto: qat - disregard spurious PFVF interrupts crypto: qat - detect PFVF collision after ACK media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() ath9k: Fix potential interrupt storm on queue reset media: em28xx: Don't use ops->suspend if it is NULL cpuidle: Fix kobject memory leaks in error paths media: cx23885: Fix snd_card_free call on null card pointer media: si470x: Avoid card name truncation media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' media: dvb-usb: fix ununit-value in az6027_rc_query media: em28xx: add missing em28xx_close_extension drm/amdgpu: fix warning for overflow check net: dsa: rtl8366rb: Fix off-by-one bug cgroup: Make rebind_subsystems() disable v2 controllers all at once Bluetooth: fix init and cleanup of sco_conn.timeout_work parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling parisc/unwind: fix unwinder when CONFIG_64BIT is enabled task_stack: Fix end_of_stack() for architectures with upwards-growing stack parisc: fix warning in flush_tlb_all x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE ARM: clang: Do not rely on lr register for stacktrace smackfs: use __GFP_NOFAIL for smk_cipso_doi() iwlwifi: mvm: disable RX-diversity in powersave PM: hibernate: Get block device exclusively in swsusp_check() mwl8k: Fix use-after-free in mwl8k_fw_state_machine() tracing/cfi: Fix cmp_entries_* functions signature mismatch workqueue: make sysfs of unbound kworker cpumask more clever lib/xz: Validate the value before assigning it to an enum variable lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression memstick: r592: Fix a UAF bug when removing the driver leaking_addresses: Always print a trailing newline ACPI: battery: Accept charges over the design capacity as full ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() tracefs: Have tracefs directories not set OTH permission bits by default media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() ACPICA: Avoid evaluating methods too early during system resume media: rcar-csi2: Add checking to rcsi2_start_receiver() ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK media: mceusb: return without resubmitting URB in case of -EPROTO error. media: s5p-mfc: Add checking to s5p_mfc_probe(). media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() media: uvcvideo: Return -EIO for control errors media: uvcvideo: Set capability in s_param media: netup_unidvb: handle interrupt properly according to the firmware media: mt9p031: Fix corrupted frame after restarting stream mwifiex: Properly initialize private structure on interface type changes mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type x86: Increase exception stack sizes smackfs: Fix use-after-free in netlbl_catmap_walk() net: sched: update default qdisc visibility after Tx queue cnt changes locking/lockdep: Avoid RCU-induced noinstr fail MIPS: lantiq: dma: reset correct number of channel MIPS: lantiq: dma: add small delay after reset platform/x86: wmi: do not fail if disabling fails Bluetooth: fix use-after-free error in lock_sock_nested() Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 USB: iowarrior: fix control-message timeouts USB: serial: keyspan: fix memleak on probe errors iio: dac: ad5446: Fix ad5622_write() return value pinctrl: core: fix possible memory leak in pinctrl_enable() quota: correct error number in free_dqentry() quota: check block number when reading the block in quota file PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG PCI: aardvark: Fix return value of MSI domain .alloc() method PCI: aardvark: Do not unmask unused interrupts PCI: aardvark: Do not clear status bits of masked interrupts xen/balloon: add late_initcall_sync() for initial ballooning done ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume ALSA: mixer: oss: Fix racy access to slots serial: core: Fix initializing and restoring termios speed powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found power: supply: max17042_battery: use VFSOC for capacity when no rsns power: supply: max17042_battery: Prevent int underflow in set_soc_threshold signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT signal: Remove the bogus sigkill_pending in ptrace_stop RDMA/qedr: Fix NULL deref for query_qp on the GSI QP rsi: Fix module dev_oper_mode parameter description rsi: fix rate mask set leading to P2P failure rsi: fix key enabled check causing unwanted encryption for vap_id > 0 rsi: fix occasional initialisation failure with BT coex wcn36xx: handle connection loss indication libata: fix checking of DMA state mwifiex: Read a PCI register after writing the TX ring write pointer wcn36xx: Fix HT40 capability for 2Ghz band evm: mark evm_fixmode as __ro_after_init rtl8187: fix control-message timeouts PCI: Mark Atheros QCA6174 to avoid bus reset ath10k: fix division by zero in send path ath10k: fix control-message timeout ath6kl: fix control-message timeout ath6kl: fix division by zero in send path mwifiex: fix division by zero in fw download path EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled hwmon: (pmbus/lm25066) Add offset coefficients ia64: kprobes: Fix to pass correct trampoline address to the handler btrfs: call btrfs_check_rw_degradable only if there is a missing device btrfs: fix lost error handling when replaying directory deletes btrfs: clear MISSING device status bit in btrfs_close_one_device vmxnet3: do not stop tx queues after netif_device_detach() watchdog: Fix OMAP watchdog early handling spi: spl022: fix Microwire full duplex mode xen/netfront: stop tx queues during live migration bpf: Prevent increasing bpf_jit_limit above max drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 mmc: winbond: don't build on M68K hyperv/vmbus: include linux/bitops.h sfc: Don't use netif_info before net_device setup cavium: Fix return values of the probe function scsi: qla2xxx: Fix unmap of already freed sgl cavium: Return negative value when pci_alloc_irq_vectors() fails x86/irq: Ensure PI wakeup handler is unregistered before module unload x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c ALSA: timer: Unconditionally unlink slave instances, too ALSA: timer: Fix use-after-free problem ALSA: synth: missing check for possible NULL after the call to kstrdup ALSA: usb-audio: Add registration quirk for JBL Quantum 400 ALSA: line6: fix control and interrupt message timeouts ALSA: 6fire: fix control and bulk message timeouts ALSA: ua101: fix division by zero at probe ALSA: hda/realtek: Add quirk for Clevo PC70HS media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers media: ite-cir: IR receiver stop working after receive overflow crypto: s5p-sss - Add error handling in s5p_aes_probe() firmware/psci: fix application of sizeof to pointer tpm: Check for integer overflow in tpm2_map_response_body() parisc: Fix ptrace check on syscall return mmc: dw_mmc: Dont wait for DRTO on Write RSP error ocfs2: fix data corruption on truncate libata: fix read log timeout value Input: i8042 - Add quirk for Fujitsu Lifebook T725 Input: elantench - fix misreporting trackpoint coordinates binder: use cred instead of task for selinux checks binder: use euid from cred instead of using task xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request UPSTREAM: binder: use cred instead of task for getsecid FROMGIT: binder: fix test regression due to sender_euid change BACKPORT: binder: use cred instead of task for selinux checks UPSTREAM: binder: use euid from cred instead of using task ANDROID: setlocalversion: make KMI_GENERATION optional Linux 4.19.217 rsi: fix control-message timeout staging: rtl8192u: fix control-message timeouts staging: r8712u: fix control-message timeout comedi: vmk80xx: fix bulk and interrupt message timeouts comedi: vmk80xx: fix bulk-buffer overflow comedi: vmk80xx: fix transfer-buffer overflows comedi: ni_usb6501: fix NULL-deref in command paths comedi: dt9812: fix DMA buffers on stack isofs: Fix out of bound access for corrupted isofs image printk/console: Allow to disable console output by using console="" or console=null usb-storage: Add compatibility quirk flags for iODD 2531/2541 usb: musb: Balance list entry in musb_gadget_queue usb: gadget: Mark USB_FSL_QE broken on 64-bit usb: ehci: handshake CMD_RUN instead of STS_HALT Revert "x86/kvm: fix vcpu-id indexed array sizes" Linux 4.19.216 ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed sfc: Fix reading non-legacy supported link modes IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields IB/qib: Use struct_size() helper media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() scsi: core: Put LLD module refcnt after SCSI device is released UPSTREAM: security: selinux: allow per-file labeling for bpffs Linux 4.19.215 sctp: add vtag check in sctp_sf_ootb sctp: add vtag check in sctp_sf_do_8_5_1_E_sa sctp: add vtag check in sctp_sf_violation sctp: fix the processing for COOKIE_ECHO chunk sctp: use init_tag from inithdr for ABORT chunk net: nxp: lpc_eth.c: avoid hang when bringing interface down net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST net: Prevent infinite while loop in skb_tx_hash() net: batman-adv: fix error handling regmap: Fix possible double-free in regcache_rbtree_exit() arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node RDMA/mlx5: Set user priority for DCT net: lan78xx: fix division by zero in send path mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit mmc: sdhci: Map more voltage level to SDHCI_POWER_330 mmc: dw_mmc: exynos: fix the finding clock sample value mmc: cqhci: clear HALT state after CQE enable mmc: vub300: fix control-message timeouts ipv6: make exception cache less predictible ipv6: use siphash in rt6_exception_hash() ipv4: use siphash instead of Jenkins in fnhe_hashfun() Revert "net: mdiobus: Fix memory leak in __mdiobus_register" nfc: port100: fix using -ERRNO as command type mask ata: sata_mv: Fix the error handling of mv_chip_id() usbnet: fix error return code in usbnet_probe() usbnet: sanity check for maxpacket ARM: 8819/1: Remove '-p' from LDFLAGS arm64: Avoid premature usercopy failure powerpc/bpf: Fix BPF_MOD when imm == 1 ARM: 9141/1: only warn about XIP address when not compile testing ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype ARM: 9134/1: remove duplicate memcpy() definition ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure Linux 4.19.214 ARM: 9122/1: select HAVE_FUTEX_CMPXCHG tracing: Have all levels of checks prevent recursion net: mdiobus: Fix memory leak in __mdiobus_register scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() ALSA: hda: avoid write to STATESTS if controller is in reset platform/x86: intel_scu_ipc: Update timeout value in comment isdn: mISDN: Fix sleeping function called from invalid context ARM: dts: spear3xx: Fix gmac node net: stmmac: add support for dwmac 3.40a btrfs: deal with errors when checking if a dir entry exists during log replay gcc-plugins/structleak: add makefile var for disabling structleak netfilter: Kconfig: use 'default y' instead of 'm' for bool config option isdn: cpai: check ctr->cnr to avoid array index out of bound nfc: nci: fix the UAF of rf_conn_info object mm, slub: fix mismatch between reconstructed freelist depth and cnt ASoC: DAPM: Fix missing kctl change notifications ALSA: hda/realtek: Add quirk for Clevo PC50HS ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset vfs: check fd has read access in kernel_read_file_from_fd() elfcore: correct reference to CONFIG_UML ocfs2: mount fails with buffer overflow in strlen ocfs2: fix data corruption after conversion from inline format can: peak_pci: peak_pci_remove(): fix UAF can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification can: rcar_can: fix suspend/resume net: hns3: disable sriov before unload hclge layer net: hns3: add limit ets dwrr bandwidth cannot be 0 NIOS2: irqflags: rename a redefined register name lan78xx: select CRC32 netfilter: ipvs: make global sysctl readonly in non-init netns ASoC: wm8960: Fix clock configuration on slave mode dma-debug: fix sg checks in debug_dma_map_sg() NFSD: Keep existing listeners on portlist error xtensa: xtfpga: Try software restart before simulating CPU reset xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default UPSTREAM: crypto: arm/blake2s - fix for big endian ANDROID: gki_defconfig: enable BLAKE2b support BACKPORT: crypto: arm/blake2b - add NEON-accelerated BLAKE2b BACKPORT: crypto: blake2b - update file comment BACKPORT: crypto: blake2b - sync with blake2s implementation UPSTREAM: wireguard: Kconfig: select CRYPTO_BLAKE2S_ARM UPSTREAM: crypto: arm/blake2s - add ARM scalar optimized BLAKE2s UPSTREAM: crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> UPSTREAM: crypto: blake2s - adjust include guard naming UPSTREAM: crypto: blake2s - add comment for blake2s_state fields UPSTREAM: crypto: blake2s - optimize blake2s initialization BACKPORT: crypto: blake2s - share the "shash" API boilerplate code UPSTREAM: crypto: blake2s - move update and final logic to internal/blake2s.h UPSTREAM: crypto: blake2s - remove unneeded includes UPSTREAM: crypto: x86/blake2s - define shash_alg structs using macros UPSTREAM: crypto: blake2s - define shash_alg structs using macros UPSTREAM: crypto: lib/blake2s - Move selftest prototype into header file UPSTREAM: crypto: blake2b - Fix clang optimization for ARMv7-M UPSTREAM: crypto: blake2b - rename tfm context and _setkey callback UPSTREAM: crypto: blake2b - merge _update to api callback UPSTREAM: crypto: blake2b - open code set last block helper UPSTREAM: crypto: blake2b - delete unused structs or members UPSTREAM: crypto: blake2b - simplify key init UPSTREAM: crypto: blake2b - merge blake2 init to api callback UPSTREAM: crypto: blake2b - merge _final implementation to callback BACKPORT: crypto: testmgr - add test vectors for blake2b BACKPORT: crypto: blake2b - add blake2b generic implementation Linux 4.19.213 r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 qed: Fix missing error code in qed_slowpath_start() mqprio: Correct stats in mqprio_dump_class_stats(). acpi/arm64: fix next_platform_timer() section mismatch error drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() drm/msm: Fix null pointer dereference on pointer edp platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call pata_legacy: fix a couple uninitialized variable bugs NFC: digital: fix possible memory leak in digital_in_send_sdd_req() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() nfc: fix error handling of nfc_proto_register() ethernet: s2io: fix setting mac address during resume net: encx24j600: check error in devm_regmap_init_encx24j600 net: korina: select CRC32 net: arc: select CRC32 sctp: account stream padding length for reconf chunk iio: dac: ti-dac5571: fix an error code in probe() iio: ssp_sensors: fix error code in ssp_print_mcu_debug() iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: light: opt3001: Fixed timeout error when 0 lux iio: adc128s052: Fix the error handling path of 'adc128_probe()' iio: adc: aspeed: set driver data when adc probe. x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells virtio: write back F_VERSION_1 before validate USB: serial: option: add prod. id for Quectel EG91 USB: serial: option: add Telit LE910Cx composition 0x1204 USB: serial: option: add Quectel EC200S-CN module support USB: serial: qcserial: add EM9191 QDL support Input: xpad - add support for another USB ID of Nacon GC-100 usb: musb: dsps: Fix the probe error path efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() efi/cper: use stack buffer for error record decoding cb710: avoid NULL pointer subtraction xhci: Enable trust tx length quirk for Fresco FL11 USB controller xhci: Fix command ring pointer corruption while aborting a command xhci: guard accesses to ep_state in xhci_endpoint_reset() mei: me: add Ice Lake-N device id. x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails btrfs: check for error when looking up inode during dir entry replay btrfs: deal with errors when adding inode reference during log replay btrfs: deal with errors when replaying dir entry during log replay s390: fix strrchr() implementation nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' ALSA: hda/realtek - ALC236 headset MIC recording issue ALSA: hda/realtek: Add quirk for Clevo X170KM-G ALSA: hda/realtek: Complete partial device name to avoid ambiguity ALSA: seq: Fix a potential UAF by wrong private_free call order Linux 4.19.212 sched: Always inline is_percpu_thread() perf/x86: Reset destroy callback on event init failure scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" scsi: ses: Fix unsigned comparison with less than zero net: sun: SUNVNET_COMMON should depend on INET mac80211: check return value of rhashtable_init net: prevent user from passing illegal stab size m68k: Handle arrivals of multiple signals correctly mac80211: Drop frames from invalid MAC address in ad-hoc mode netfilter: ip6_tables: zero-initialize fragment offset HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS net: phy: bcm7xxx: Fixed indirect MMD operations Revert "lib/timerqueue: Rely on rbtree semantics for next timer" Linux 4.19.211 x86/Kconfig: Correct reference to MWINCHIP3D i2c: acpi: fix resource leak in reconfiguration device addition i40e: Fix freeing of uninitialized misc IRQ vector i40e: fix endless loop under rtnl rtnetlink: fix if_nlmsg_stats_size() under estimation drm/nouveau/debugfs: fix file release memory leak netlink: annotate data races around nlk->bound net: sfp: Fix typo in state machine debug string net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence ptp_pch: Load module automatically if ID matches powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 net_sched: fix NULL deref in fifo_set_limit() phy: mdio: fix memory leak bpf: Fix integer overflow in prealloc_elems_and_freelist() bpf, arm: Fix register clobbering in div/mod implementation xtensa: call irqchip_init only when CONFIG_USE_OF is selected bpf, mips: Validate conditional branch offsets ARM: dts: qcom: apq8064: use compatible which contains chipid ARM: dts: omap3430-sdp: Fix NAND device node xen/balloon: fix cancelled balloon action nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero ovl: fix missing negative dentry check in ovl_rename() xen/privcmd: fix error handling in mmap-resource processing USB: cdc-acm: fix break reporting USB: cdc-acm: fix racy tty buffer accesses Partially revert "usb: Kconfig: using select for USB_COMMON dependency" ANDROID: Different fix for KABI breakage in 4.19.209 in struct sock ANDROID: GKI: update .xml file for struct sock change Linux 4.19.210 lib/timerqueue: Rely on rbtree semantics for next timer libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. tools/vm/page-types: remove dependency on opt_file for idle page tracking scsi: ses: Retry failed Send/Receive Diagnostic commands selftests: be sure to make khdr before other targets usb: dwc2: check return value after calling platform_get_resource() usb: testusb: Fix for showing the connection speed scsi: sd: Free scsi_disk device via put_device() ext2: fix sleeping in atomic bugs on error sparc64: fix pci_iounmap() when CONFIG_PCI is not set xen-netback: correct success/error reporting for the SKB-with-fraglist case net: mdio: introduce a shutdown method to mdio device drivers ANDROID: Fix up KABI breakage in 4.19.209 in struct sock FROMLIST: dm-verity: skip verity_handle_error on I/O errors Linux 4.19.209 cred: allow get_cred() and put_cred() to be given NULL. HID: usbhid: free raw_report buffers in usbhid_stop netfilter: ipset: Fix oversized kvmalloc() calls HID: betop: fix slab-out-of-bounds Write in betop_probe crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() usb: hso: remove the bailout parameter usb: hso: fix error handling code of hso_create_net_device hso: fix bailout in error case of probe ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE ARM: 9079/1: ftrace: Add MODULE_PLTS support ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() ARM: 9077/1: PLT: Move struct plt_entries definition to header EDAC/synopsys: Fix wrong value type assignment for edac_mode net: udp: annotate data race around udp_sk(sk)->corkflag ext4: fix potential infinite loop in ext4_dx_readdir() ipack: ipoctal: fix module reference leak ipack: ipoctal: fix missing allocation-failure check ipack: ipoctal: fix tty-registration error handling ipack: ipoctal: fix tty registration race ipack: ipoctal: fix stack information leak elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings af_unix: fix races in sk_peer_pid and sk_peer_cred accesses scsi: csiostor: Add module softdep on cxgb4 Revert "block, bfq: honor already-setup queue merges" e100: fix buffer overrun in e100_get_regs e100: fix length calculation in e100_get_regs_len hwmon: (tmp421) fix rounding for negative values hwmon: (tmp421) report /PVLD condition as fault hwmon: (tmp421) Replace S_<PERMS> with octal values sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 drm/amd/display: Pass PCI deviceid into DC x86/kvmclock: Move this_cpu_pvti into kvmclock.h mac80211: fix use-after-free in CCMP/GCMP RX cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory cpufreq: schedutil: Use kobject release() method to free sugov_tunables tty: Fix out-of-bound vmalloc access in imageblit qnx4: work around gcc false positive warning bug xen/balloon: fix balloon kthread freezing tcp: adjust rto_base in retransmits_timed_out() tcp: create a helper to model exponential backoff tcp: always set retrans_stamp on recovery tcp: address problems caused by EDT misshaps PCI: aardvark: Fix checking for PIO status arm64: dts: marvell: armada-37xx: Extend PCIe MEM space erofs: fix up erofs_lookup tracepoint spi: Fix tegra20 build with CONFIG_PM=n net: 6pack: Fix tx timeout and slot time alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile arm64: Mark __stack_chk_guard as __ro_after_init parisc: Use absolute_pointer() to define PAGE0 qnx4: avoid stringop-overread errors sparc: avoid stringop-overread errors net: i825xx: Use absolute_pointer for memcpy from fixed memory location compiler.h: Introduce absolute_pointer macro nvme-multipath: fix ANA state updates when a namespace is not present xen/balloon: use a kernel thread instead a workqueue m68k: Double cast io functions to unsigned long net: stmmac: allow CSR clock of 300MHz net: macb: fix use after free on rmmod blktrace: Fix uaf in blk_trace access after removing by sysfs md: fix a lock order reversal in md_alloc irqchip/gic-v3-its: Fix potential VPE leak on error irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build thermal/core: Potential buffer overflow in thermal_build_list_of_policies() fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() fpga: machxo2-spi: Return an error on failure tty: synclink_gt: rename a conflicting function name tty: synclink_gt, drop unneeded forward declarations scsi: iscsi: Adjust iface sysfs attr detection net/mlx4_en: Don't allow aRFS for encapsulated packets gpio: uniphier: Fix void functions to remove return value net/smc: add missing error check in smc_clc_prfx_set() bnxt_en: Fix TX timeout when TX ring size is set to the smallest net: hso: fix muxed tty registration serial: mvebu-uart: fix driver's tx_empty callback mcb: fix error handling in mcb_alloc_bus() USB: serial: option: add device id for Foxconn T99W265 USB: serial: option: remove duplicate USB device ID USB: serial: option: add Telit LN920 compositions USB: serial: mos7840: remove duplicated 0xac24 device ID Re-enable UAS for LaCie Rugged USB3-FW with fk quirk staging: greybus: uart: fix tty use after free USB: cdc-acm: fix minor-number release USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c xen/x86: fix PV trap handling on secondary processors cifs: fix incorrect check for null pointer in header_assemble usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA usb: gadget: r8a66597: fix a loop in set_feature() ocfs2: drop acl cache for directories too ANDROID: GKI: update ABI xml ANDROID: GKI: Update aarch64 cuttlefish symbol list ANDROID: GKI: rework the ANDROID_KABI_USE() macro to not use __UNIQUE() BACKPORT: loop: Set correct device size when using LOOP_CONFIGURE Linux 4.19.208 drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() pwm: stm32-lp: Don't modify HW state in .remove() callback pwm: rockchip: Don't modify HW state in .remove() callback pwm: img: Don't modify HW state in .remove() callback nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: xilinx_dma: Set DMA mask for coherent APIs dmaengine: ioat: depends on !UML dmaengine: sprd: Add missing MODULE_DEVICE_TABLE parisc: Move pci_dev_is_behind_card_dino to where it is used drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered profiling: fix shift-out-of-bounds bugs nilfs2: use refcount_dec_and_lock() to fix potential UAF prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() dmaengine: acpi: Avoid comparison GSI with Linux vIRQ sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup tracing/kprobe: Fix kprobe_on_func_entry() modification crypto: talitos - fix max key size for sha384 and sha512 apparmor: remove duplicate macro list_entry_is_head() rcu: Fix missed wakeup of exp_wq waiters KVM: remember position in kvm->vcpus array s390/bpf: Fix optimizing out zero-extensions Linux 4.19.207 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor ip_gre: validate csum_start only on pull qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom fq_codel: reject silly quantum parameters netfilter: socket: icmp6: fix use-after-scope net: dsa: b53: Fix calculating number of switch ports ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n KVM: arm64: Handle PSCI resets before userspace touches vCPU state PCI: Fix pci_dev_str_match_path() alloc while atomic bug mfd: axp20x: Update AXP288 volatile ranges NTB: perf: Fix an error code in perf_setup_inbuf() ethtool: Fix an error code in cxgb2.c block, bfq: honor already-setup queue merges net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 PCI: Add ACS quirks for Cavium multi-function devices mfd: Don't use irq_create_mapping() to resolve a mapping dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation KVM: s390: index kvm->arch.idle_mask by vcpu_idx mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() net: hns3: pad the short tunnel frame before sending to hardware ibmvnic: check failover_pending in login response qed: Handle management FW error tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup net/af_unix: fix a data-race in unix_dgram_poll events: Reuse value read using READ_ONCE instead of re-reading it net/mlx5: Fix potential sleeping in atomic context perf machine: Initialize srcline string member in add_location struct tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) tipc: fix an use-after-free issue in tipc_recvmsg x86/mm: Fix kern_addr_valid() to cope with existing but not present entries PCI: Add AMD GPU multi-function power dependencies PM: base: power: don't try to use non-existing RTC for storing data arm64/sve: Use correct size when reinitialising SVE state bnx2x: Fix enabling network interfaces without VFs xen: reset legacy rtc flag for PV domU dm thin metadata: Fix use-after-free in dm_bm_set_read_only drm/amdgpu: Fix BUG_ON assert platform/chrome: cros_ec_proto: Send command again when timeout occurs memcg: enable accounting for pids in nested pid namespaces mm/hugetlb: initialize hugetlb_usage in mm_init cpufreq: powernv: Fix init_chip_info initialization in numa=off scsi: qla2xxx: Sync queue idx with queue_pair_map idx scsi: BusLogic: Fix missing pr_cont() use ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() parisc: fix crash with signals and alloca net: w5100: check return value after calling platform_get_resource() net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix sleeping in atomic context ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B ASoC: rockchip: i2s: Fix regmap_ops hang usbip:vhci_hcd USB port can get stuck in the disabled state usbip: give back URBs for unsent unlink requests during cleanup usb: musb: musb_dsps: request_irq() after initializing musb Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path mmc: core: Return correct emmc response in case of ioctl error selftests/bpf: Enlarge select() timeout for test_maps mmc: rtsx_pci: Fix long reads when clock is prescaled mmc: sdhci-of-arasan: Check return value of non-void funtions of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS gfs2: Don't call dlm after protocol is unmounted staging: rts5208: Fix get_ms_information() heap buffer size rpc: fix gss_svc_init cleanup on failure tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD serial: sh-sci: fix break handling for sysrq Bluetooth: Fix handling of LE Enhanced Connection Complete ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: avoid circular locks in sco_sock_connect Bluetooth: schedule SCO timeouts with delayed_work net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() arm64: dts: qcom: sdm660: use reg value for memory node ARM: dts: imx53-ppd: Fix ACHC entry media: tegra-cec: Handle errors of clk_prepare_enable() media: TDA1997x: fix tda1997x_query_dv_timings() return value media: v4l2-dv-timings.c: fix wrong condition in two for-loops media: imx258: Limit the max analogue gain to 480 media: imx258: Rectify mismatch of VTS value ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() Bluetooth: skip invalid hci_sync_conn_complete_evt ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() samples: bpf: Fix tracex7 error raised on the missing argument staging: ks7010: Fix the initialization of the 'sleep_status' structure serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug flow_dissector: Fix out-of-bounds warnings ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex tty: serial: jsm: hold port lock when reporting modem line changes staging: board: Fix uninitialized spinlock when attaching genpd usb: gadget: composite: Allow bMaxPower=0 if self-powered usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet usb: host: fotg210: fix the endpoint's transactional opportunities calculation Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input ARM: dts: qcom: apq8064: correct clock names iio: dac: ad5624r: Fix incorrect handling of an optional regulator. tipc: keep the skb in rcv queue until the whole data is read PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data media: dib8000: rewrite the init prbs logic userfaultfd: prevent concurrent API initialization MIPS: Malta: fix alignment of the devicetree buffer f2fs: fix to unmap pages from userspace process in punch_hole() f2fs: fix to account missing .skipped_gc_rwsem fscache: Fix cookie key hashing platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call scsi: qedi: Fix error codes in qedi_alloc_global_queues() pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally powerpc/stacktrace: Include linux/delay.h vfio: Use config not menuconfig for VFIO_NOIOMMU pinctrl: samsung: Fix pinctrl bank pin count docs: Fix infiniband uverbs minor number RDMA/iwcm: Release resources if iw_cm module initialization fails HID: input: do not report stylus battery state as "full" PCI: aardvark: Fix masking and unmasking legacy INTx interrupts PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response PCI: xilinx-nwl: Enable the clock through CCF PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() power: supply: max17042: handle fails of reading status register block: bfq: fix bfq_set_next_ioprio_data() crypto: public_key: fix overflow during implicit conversion arm64: head: avoid over-mapping in map_memory soc: aspeed: lpc-ctrl: Fix boundary check for mmap tools/thermal/tmon: Add cross compiling support bpf: Fix pointer arithmetic mask tightening under state pruning bpf: verifier: Allocate idmap scratch in verifier env bpf: Fix leakage due to insufficient speculative store bypass mitigation bpf: Introduce BPF nospec instruction for mitigating Spectre v4 selftests/bpf: fix tests due to const spill/fill bpf: track spill/fill of constants selftests/bpf: Test variable offset stack access bpf: Sanity check max value for var_off stack access bpf: Reject indirect var_off stack access in unpriv mode bpf: Reject indirect var_off stack access in raw mode bpf: Support variable offset stack access from helpers bpf: correct slot_type marking logic to allow more stack slot sharing bpf/verifier: per-register parent pointers 9p/xen: Fix end of loop tests for list_for_each_entry include/linux/list.h: add a macro to test if entry is pointing to the head xen: fix setting of max_pfn in shared_info powerpc/perf/hv-gpci: Fix counter value parsing PCI/MSI: Skip masking MSI-X on Xen PV blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN blk-zoned: allow zone management send operations without CAP_SYS_ADMIN btrfs: reset replace target device to allocation state on close rtc: tps65910: Correct driver module alias clk: kirkwood: Fix a clocking boot regression backlight: pwm_bl: Improve bootloader/kernel device handover fbmem: don't allow too huge resolutions IMA: remove the dependency on CRYPTO_MD5 IMA: remove -Wmissing-prototypes warning KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted x86/resctrl: Fix a maybe-uninitialized build warning treated as error tty: Fix data race between tiocsti() and flush_to_ldisc() ubifs: report correct st_size for encrypted symlinks f2fs: report correct st_size for encrypted symlinks ext4: report correct st_size for encrypted symlinks fscrypt: add fscrypt_symlink_getattr() for computing st_size netns: protect netns ID lookups with RCU ipv4: fix endianness issue in inet_rtm_getroute_build_skb() net: qualcomm: fix QCA7000 checksum handling net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() tty: serial: fsl_lpuart: fix the wrong mapbase value usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC mac80211: Fix insufficient headroom issue for AMSDU usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow soc: qcom: smsm: Fix missed interrupts if state changes while masked PCI: PM: Enable PME if it can be signaled from D3cold PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently media: venus: venc: Fix potential null pointer dereference on pointer fmt media: em28xx-input: fix refcount bug in em28xx_usb_disconnect i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally media: TDA1997x: enable EDID support spi: sprd: Fix the wrong WDG_LOAD_VAL certs: Trigger creation of RSA module signing key if it's not an RSA key crypto: qat - use proper type for vf_mask clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel lib/mpi: use kcalloc in mpi_resize spi: spi-pic32: Fix issue with uninitialized dma_slave_config spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. fcntl: fix potential deadlock for &fasync_struct.fa_lock crypto: qat - do not export adf_iov_putmsg() crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - fix reuse of completion variable crypto: qat - handle both source of interrupt in VF ISR crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() s390/cio: add dev_busid sysfs entry for each subchannel power: supply: max17042_battery: fix typo in MAx17042_TOFF nvme-rdma: don't update queue count when failing to set io queues bcache: add proper error unwinding in bcache_device_init isofs: joliet: Fix iocharset=utf8 mount option udf: Check LVID earlier hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() sched/deadline: Fix missing clock update in migrate_task_rq_dl() crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors sched/deadline: Fix reset_on_fork reporting of DL tasks crypto: mxs-dcp - Check for DMA mapping errors regmap: fix the offset of register error log locking/mutex: Fix HANDOFF condition PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions usb: mtu3: fix the wrong HS mult value usb: mtu3: use @mult for HS isoc or intr usb: host: xhci-rcar: Don't reload firmware after the completion ALSA: usb-audio: Add registration quirk for JBL Quantum 800 Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling crypto: talitos - reduce max key size for SEC1 SUNRPC/nfs: Fix return value for nfs4_callback_compound() ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) USB: serial: mos7720: improve OOM-handling in read_mos_reg() igmp: Add ip_mc_list lock in ip_check_mc_rcu ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init ARM: imx: add missing clk_disable_unprepare() media: stkwebcam: fix memory leak in stk_camera_probe clk: fix build warning for orphan_list ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning perf/x86/amd/ibs: Work around erratum #1197 perf/x86/intel/pt: Fix mask of num_address_ranges qede: Fix memset corruption net: macb: Add a NULL check on desc_ptp qed: Fix the VF msix vectors flow gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Change-Id: I08884d5bddbf0379ea1fa1b8adea086f4fd5a87d Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: arch/arm/Makefile drivers/clk/clk.c drivers/nvmem/core.c include/trace/events/f2fs.h kernel/sched/cpufreq_schedutil.c kernel/time/hrtimer.c mm/page_alloc.c net/ipv4/tcp_timer.c |
||
|
UtsavBalar1231
|
71c433299b |
Merge tag 'ASB-2021-09-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-09-01 CVE-2021-0695 * tag 'ASB-2021-09-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: Linux 4.19.206 net: don't unconditionally copy_from_user a struct ifreq for socket ioctls Revert "floppy: reintroduce O_NDELAY fix" KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs fbmem: add margin check to fb_check_caps() vt_kdsetmode: extend console locking net/rds: dma_map_sg is entitled to merge entries drm/nouveau/disp: power down unused DP links during init drm: Copy drm_wait_vblank to user before returning qed: Fix null-pointer dereference in qed_rdma_create_qp() qed: qed ll2 race condition fixes vringh: Use wiov->used to check for read/write desc order virtio_pci: Support surprise removal of virtio pci device virtio: Improve vq->broken access to avoid any compiler optimization opp: remove WARN when no valid OPPs remain usb: gadget: u_audio: fix race condition on endpoint stop net: hns3: fix get wrong pfc_en when query PFC configuration net: marvell: fix MVNETA_TX_IN_PRGRS bit number xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' ip_gre: add validation for csum_start e1000e: Fix the max snoop/no-snoop latency for 10M IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() usb: dwc3: gadget: Stop EP0 transfers during pullup disable usb: dwc3: gadget: Fix dwc3_calc_trbs_left() USB: serial: option: add new VID/PID to support Fibocom FG150 Revert "USB: serial: ch341: fix character loss at high transfer rates" can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters once: Fix panic when module unload netfilter: conntrack: collect all entries in one cycle ARC: Fix CONFIG_STACKDEPOT bpf: Fix truncation handling for mod32 dst reg wrt zero bpf: Fix 32 bit src register truncation on div/mod bpf: Do not use ax register in interpreter on div/mod net: qrtr: fix another OOB Read in qrtr_endpoint_post Revert "net: igmp: fix data-race in igmp_ifc_timer_expire()" Revert "net: igmp: increase size of mr_ifc_count" Revert "PCI/MSI: Protect msi_desc::masked for multi-MSI" ANDROID: update ABI representation Linux 4.19.205 netfilter: nft_exthdr: fix endianness of tcp option cast fs: warn about impending deprecation of mandatory locks locks: print a warning when mount fails due to lack of "mand" support ASoC: intel: atom: Fix breakage for PCM buffer address setup PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI btrfs: prevent rename2 from exchanging a subvol with a directory from different parents ipack: tpci200: fix memory leak in the tpci200_register ipack: tpci200: fix many double free issues in tpci200_pci_probe slimbus: ngd: reset dma setup during runtime pm slimbus: messaging: check for valid transaction id slimbus: messaging: start transaction ids from 1 instead of zero tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name ALSA: hda - fix the 'Capture Switch' value change notifications mmc: dw_mmc: Fix hang on data CRC error net: mdio-mux: Handle -EPROBE_DEFER correctly net: mdio-mux: Don't ignore memory allocation errors net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 ptp_pch: Restore dependency on PCI net: 6pack: fix slab-out-of-bounds in decode_data bnxt: disable napi before canceling DIM bnxt: don't lock the tx queue from napi poll vhost: Fix the calculation in vhost_overflow() dccp: add do-while-0 stubs for dccp_pr_debug macros cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant Bluetooth: hidp: use correct wait queue when removing ctrl_wait net: usb: lan78xx: don't modify phy_device state concurrently ARM: dts: nomadik: Fix up interrupt controller node names scsi: core: Avoid printing an error if target_alloc() returns -ENXIO scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218 dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers ath9k: Postpone key cache entry deletion for TXQ frames reference it ath: Modify ath_key_delete() to not need full key entry ath: Export ath_hw_keysetmac() ath9k: Clear key cache explicitly on disabling hardware ath: Use safer key clearing with key cache entries x86/fpu: Make init_fpstate correct with optimized XSAVE KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) mac80211: drop data frames without key on encrypted links iommu/vt-d: Fix agaw for a supported 48 bit guest address width vmlinux.lds.h: Handle clang's module.{c,d}tor sections PCI/MSI: Enforce MSI[X] entry updates to be visible PCI/MSI: Enforce that MSI-X table entry is masked for update PCI/MSI: Mask all unused MSI-X entries PCI/MSI: Protect msi_desc::masked for multi-MSI PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() PCI/MSI: Correct misleading comments PCI/MSI: Do not set invalid bits in MSI mask PCI/MSI: Enable and mask MSI-X early genirq/msi: Ensure deactivation on teardown x86/resctrl: Fix default monitoring groups reporting x86/ioapic: Force affinity setup before startup x86/msi: Force affinity setup before startup genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP x86/tools: Fix objdump version check again powerpc/kprobes: Fix kprobe Oops happens in booke vsock/virtio: avoid potential deadlock when vsock device remove xen/events: Fix race in set_evtchn_to_irq net: igmp: increase size of mr_ifc_count tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets net: bridge: fix memleak in br_add_if() net: dsa: lan9303: fix broken backpressure in .port_fdb_dump net: igmp: fix data-race in igmp_ifc_timer_expire() net: Fix memory leak in ieee802154_raw_deliver psample: Add a fwd declaration for skbuff ppp: Fix generating ifname when empty IFLA_IFNAME is specified net: dsa: mt7530: add the missing RxUnicast MIB counter ASoC: cs42l42: Fix LRCLK frame start edge ASoC: cs42l42: Remove duplicate control for WNF filter frequency ASoC: cs42l42: Fix inversion of ADC Notch Switch control ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J ASoC: cs42l42: Correct definition of ADC Volume control ieee802154: hwsim: fix GPF in hwsim_new_edge_nl ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi ACPI: NFIT: Fix support for virtual SPA ranges i2c: dev: zero out array used for i2c reads from userspace ASoC: intel: atom: Fix reference to PCM buffer address iio: adc: Fix incorrect exit of for-loop iio: humidity: hdc100x: Add margin to the conversion time ANDROID: xt_quota2: set usersize in xt_match registration object ANDROID: xt_quota2: clear quota2_log message before sending ANDROID: xt_quota2: remove trailing junk which might have a digit in it Linux 4.19.204 net: xilinx_emaclite: Do not print real IOMEM pointer ovl: prevent private clone if bind mount is not allowed ppp: Fix generating ppp unit id when ifname is not specified USB:ehci:fix Kunpeng920 ehci hardware problem KVM: X86: MMU: Use the correct inherited permissions to get shadow page bpf, selftests: Adjust few selftest outcomes wrt unreachable code bpf: Fix leakage under speculation on mispredicted branches bpf: Do not mark insn as seen under speculative path verification bpf: Inherit expanded/patched seen count from old aux data tracing: Reject string operand in the histogram expression KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB Linux 4.19.203 ARM: imx: add mmdc ipg clock operation for mmdc net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset alpha: Send stop IPI to send to online CPUs reiserfs: check directory items on read from disk reiserfs: add check for root_inode in reiserfs_fill_super libata: fix ata_pio_sector for CONFIG_HIGHMEM qmi_wwan: add network device usage statistics for qmimux devices perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest spi: meson-spicc: fix memory leak in meson_spicc_remove KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds KVM: x86: accept userspace interrupt only if no event is injected pcmcia: i82092: fix a null pointer dereference bug MIPS: Malta: Do not byte-swap accesses to the CBUS UART serial: 8250: Mask out floating 16/32-bit bus bits ext4: fix potential htree corruption when growing large_dir directories pipe: increase minimum default pipe size to 2 pages media: rtl28xxu: fix zero-length control request staging: rtl8723bs: Fix a resource leak in sd_int_dpc optee: Clear stale cache entries during initialization tracing/histogram: Rename "cpu" to "common_cpu" tracing / histogram: Give calculation hist_fields a size scripts/tracing: fix the bug that can't parse raw_trace_func usb: otg-fsm: Fix hrtimer list corruption usb: gadget: f_hid: idle uses the highest byte for duration usb: gadget: f_hid: fixed NULL pointer dereference usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers ALSA: usb-audio: Add registration quirk for JBL Quantum 600 firmware_loader: fix use-after-free in firmware_fallback_sysfs firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 USB: serial: ch341: fix character loss at high transfer rates USB: serial: option: add Telit FD980 composition 0x1056 USB: usbtmc: Fix RCU stall warning Bluetooth: defer cleanup of resources in hci_unregister_dev() blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() net: vxge: fix use-after-free in vxge_device_unregister net: fec: fix use-after-free in fec_drv_remove net: pegasus: fix uninit-value in get_interrupt_interval bnx2x: fix an error code in bnx2x_nic_load() mips: Fix non-POSIX regexp net: ipv6: fix returned variable type in ip6_skb_dst_mtu nfp: update ethtool reporting of pauseframe control sctp: move the active_key update after sh_keys is added net: natsemi: Fix missing pci_disable_device() in probe and remove media: videobuf2-core: dequeue if start_streaming fails scsi: sr: Return correct event when media event code is 3 omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator clk: stm32f4: fix post divisor setup for I2S/SAI PLLs ALSA: usb-audio: fix incorrect clock source setting ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz ARM: imx: add missing iounmap() ALSA: seq: Fix racy deletion of subscriber Revert "ACPICA: Fix memory leak caused by _CID repair function" Revert "bdi: add a ->dev_name field to struct backing_dev_info" Revert "padata: validate cpumask without removed CPU during offline" Revert "padata: add separate cpuhp node for CPUHP_PADATA_DEAD" Linux 4.19.202 spi: mediatek: Fix fifo transfer padata: add separate cpuhp node for CPUHP_PADATA_DEAD padata: validate cpumask without removed CPU during offline Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" firmware: arm_scmi: Ensure drivers provide a probe function drm/i915: Ensure intel_engine_init_execlist() builds with Clang Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" bdi: add a ->dev_name field to struct backing_dev_info bdi: use bdi_dev_name() to get device name bdi: move bdi_dev_name out of line net: Fix zero-copy head len calculation. qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() r8152: Fix potential PM refcount imbalance ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits regulator: rt5033: Fix n_voltages settings for BUCK and LDO btrfs: mark compressed range uptodate only if all bio succeed Linux 4.19.201 i40e: Add additional info to PHY type error Revert "perf map: Fix dso->nsinfo refcounting" powerpc/pseries: Fix regression while building external modules can: hi311x: fix a signedness bug in hi3110_cmd() sis900: Fix missing pci_disable_device() in probe and remove tulip: windbond-840: Fix missing pci_disable_device() in probe and remove sctp: fix return value check in __sctp_rcv_asconf_lookup net/mlx5: Fix flow table chaining net: llc: fix skb_over_panic mlx4: Fix missing error code in mlx4_load_one() tipc: fix sleeping in tipc accept routine i40e: Fix log TC creation failure when max num of queues is exceeded i40e: Fix logic of disabling queues netfilter: nft_nat: allow to specify layer 4 protocol NAT only netfilter: conntrack: adjust stop timestamp to real expiry value cfg80211: Fix possible memory leak in function cfg80211_bss_update nfc: nfcsim: fix use after free during module unload NIU: fix incorrect error return, missed in previous revert can: esd_usb2: fix memory leak can: ems_usb: fix memory leak can: usb_8dev: fix memory leak can: mcba_usb_start(): add missing urb->transfer_dma initialization can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF ocfs2: issue zeroout to EOF blocks ocfs2: fix zero out valid data x86/kvm: fix vcpu-id indexed array sizes btrfs: fix rw device counting in __btrfs_free_extra_devids x86/asm: Ensure asm/proto.h can be included stand-alone gro: ensure frag0 meets IP header alignment virtio_net: Do not pull payload in skb->head Change-Id: Ib9cbb4d2a34913231716321681a1b6c488a5dfe4 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: drivers/slimbus/messaging.c drivers/slimbus/qcom-ngd-ctrl.c drivers/usb/dwc3/gadget.c drivers/usb/gadget/function/f_hid.c net/qrtr/qrtr.c |
||
|
UtsavBalar1231
|
7f11ea40c4 |
Merge tag 'ASB-2021-04-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-04-01 CVE-2020-15436 CVE-2020-29368 CVE-2020-25705 * tag 'ASB-2021-04-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: ANDROID: Add OWNERS files referring to the respective android-mainline OWNERS BACKPORT: drm/virtio: Use vmalloc for command buffer allocations. UPSTREAM: drm/virtio: Rewrite virtio_gpu_queue_ctrl_buffer using fenced version. ANDROID: Make vsock virtio packet buff size configurable ANDROID: fix up ext4 build from 4.19.183 ANDROID: refresh ABI XML to new version ANDROID: refresh ABI XML Linux 4.19.183 cifs: Fix preauth hash corruption x86/apic/of: Fix CPU devicetree-node lookups genirq: Disable interrupts for force threaded handlers ext4: fix potential error in ext4_do_update_inode ext4: do not try to set xattr into ea_inode if value is empty ext4: find old entry again if failed to rename whiteout x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() x86: Move TS_COMPAT back to asm/thread_info.h kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() x86/ioapic: Ignore IRQ2 again perf/x86/intel: Fix a crash caused by zero PEBS status PCI: rpadlpar: Fix potential drc_name corruption in store functions iio: hid-sensor-temperature: Fix issues of timestamp channel iio: hid-sensor-prox: Fix scale not correct issue iio: hid-sensor-humidity: Fix alignment issue of timestamp channel iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler iio: adis16400: Fix an error code in adis16400_initial_setup() iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel iio:adc:stm32-adc: Add HAS_IOMEM dependency usb: gadget: configfs: Fix KASAN use-after-free USB: replace hardcode maximum usb string length by definition usbip: Fix incorrect double assignment to udc->ud.tcp_rx usb-storage: Add quirk to defeat Kindle's automatic unload powerpc: Force inlining of cpu_has_feature() to avoid build failure nvme-rdma: fix possible hang when failing to set io queues scsi: lpfc: Fix some error codes in debugfs net/qrtr: fix __netdev_alloc_skb call sunrpc: fix refcount leak for rpc auth modules svcrdma: disable timeouts on rdma backchannel NFSD: Repair misuse of sv_lock in 5.10.16-rt30. nvmet: don't check iosqes,iocqes for discovery controllers ASoC: fsl_ssi: Fix TDM slot setup for I2S mode btrfs: fix slab cache flags for free space tree bitmap btrfs: fix race when cloning extent buffer during rewind of an old root tools build: Check if gettid() is available before providing helper tools build feature: Check if eventfd() is available tools build feature: Check if get_current_dir_name() is available perf tools: Use %define api.pure full instead of %pure-parser lkdtm: don't move ctors to .rodata vmlinux.lds.h: Create section for protection against instrumentation Revert "PM: runtime: Update device status before letting suppliers suspend" ALSA: hda: generic: Fix the micmute led init state ASoC: ak5558: Add MODULE_DEVICE_TABLE ASoC: ak4458: Add MODULE_DEVICE_TABLE ANDROID: clang: update to 12.0.4 Linux 4.19.182 net: dsa: b53: Support setting learning on port net: dsa: tag_mtk: fix 802.1ad VLAN egress bpf: Add sanity check for upper ptr_limit bpf: Simplify alu_limit masking for pointer arithmetic bpf: Fix off-by-one for area size in creating mask to left bpf: Prohibit alu ops for pointer types not defining ptr_limit KVM: arm64: nvhe: Save the SPE context early ext4: check journal inode extents more carefully Revert "net: Introduce parse_protocol header_ops callback" Revert "net: check if protocol extracted by virtio_net_hdr_set_proto is correct" Linux 4.19.181 xen/events: avoid handling the same event on two cpus at the same time xen/events: don't unmask an event channel when an eoi is pending xen/events: reset affinity of 2-level event when tearing it down KVM: arm64: Fix exclusive limit for IPA size hwmon: (lm90) Fix max6658 sporadic wrong temperature reading x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 binfmt_misc: fix possible deadlock in bm_register_write powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() include/linux/sched/mm.h: use rcu_dereference in in_vfork() stop_machine: mark helpers __always_inline hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() configfs: fix a use-after-free in __configfs_open_file block: rsxx: fix error return code of rsxx_pci_probe() NFSv4.2: fix return value of _nfs4_get_security_label() sh_eth: fix TRSCER mask for R7S72100 staging: comedi: pcl818: Fix endian problem for AI command data staging: comedi: pcl711: Fix endian problem for AI command data staging: comedi: me4000: Fix endian problem for AI command data staging: comedi: dmm32at: Fix endian problem for AI command data staging: comedi: das800: Fix endian problem for AI command data staging: comedi: das6402: Fix endian problem for AI command data staging: comedi: adv_pci1710: Fix endian problem for AI command data staging: comedi: addi_apci_1500: Fix endian problem for command sample staging: comedi: addi_apci_1032: Fix endian problem for COS sample staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() staging: rtl8712: unterminated string leads to read overflow staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() usbip: fix vudc usbip_sockfd_store races leading to gpf usbip: fix vhci_hcd attach_store() races leading to gpf usbip: fix stub_dev usbip_sockfd_store() races leading to gpf usbip: fix vudc to check for stream socket usbip: fix vhci_hcd to check for stream socket usbip: fix stub_dev to check for stream socket USB: serial: cp210x: add some more GE USB IDs USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter USB: serial: ch341: add new Product ID USB: serial: io_edgeport: fix memory leak in edge_startup usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing xhci: Improve detection of device initiated wake signal. usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM USB: usblp: fix a hang in poll() if disconnected usb: dwc3: qcom: Honor wakeup enabled/disabled state usb: gadget: f_uac1: stop playback on function disable usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot USB: gadget: u_ether: Fix a configfs return code Goodix Fingerprint device is not a modem mmc: cqhci: Fix random crash when remove mmc module/card mmc: core: Fix partition switch time for eMMC s390/dasd: fix hanging IO request during DASD driver unbind s390/dasd: fix hanging DASD driver unbind Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") ALSA: usb-audio: Apply the control quirk to Plantronics headsets ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar ALSA: hda: Avoid spurious unsol event handling during S3/S4 ALSA: hda: Drop the BATCH workaround for AMD controllers ALSA: hda/hdmi: Cancel pending works before suspend ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk scsi: target: core: Prevent underflow for service actions scsi: target: core: Add cmd length set before cmd complete scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling s390/smp: __smp_rescan_cpus() - move cpumask away from stack i40e: Fix memory leak in i40e_probe PCI: Fix pci_register_io_range() memory leak PCI: mediatek: Add missing of_node_put() to fix reference leak PCI: xgene-msi: Fix race in installing chained irq handler sparc64: Use arch_validate_flags() to validate ADI flag sparc32: Limit memblock allocation to low memory powerpc/perf: Record counter overflow always if SAMPLE_IP is unset powerpc: improve handling of unrecoverable system reset powerpc/pci: Add ppc_md.discover_phbs() mmc: mediatek: fix race condition between msdc_request_timeout and irq mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' udf: fix silent AED tagLocation corruption i2c: rcar: optimize cacheline to minimize HW race condition net: phy: fix save wrong speed and duplex problem if autoneg is on media: v4l: vsp1: Fix bru null pointer access media: v4l: vsp1: Fix uif null pointer access media: usbtv: Fix deadlock on suspend sh_eth: fix TRSCER mask for R7S9210 s390/cio: return -EFAULT if copy_to_user() fails drm: meson_drv add shutdown function drm/compat: Clear bounce structures s390/cio: return -EFAULT if copy_to_user() fails again perf traceevent: Ensure read cmdlines are null terminated. selftests: forwarding: Fix race condition in mirror installation net: stmmac: fix watchdog timeout during suspend/resume stress test net: stmmac: stop each tx channel independently net: qrtr: fix error return code of qrtr_sendmsg() net: davicom: Fix regulator not turned off on driver removal net: davicom: Fix regulator not turned off on failed probe net: lapbether: Remove netif_start_queue / netif_stop_queue cipso,calipso: resolve a number of problems with the DOI refcounts net: usb: qmi_wwan: allow qmimux add/del with master up net: sched: avoid duplicates in classes dump net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 net/mlx4_en: update moderation when config reset net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 net: check if protocol extracted by virtio_net_hdr_set_proto is correct sh_eth: fix TRSCER mask for SH771x Revert "mm, slub: consider rest of partial list if acquire_slab() fails" scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names cifs: return proper error code in statfs(2) tcp: add sanity tests to TCP_QUEUE_SEQ tcp: annotate tp->write_seq lockless reads tcp: annotate tp->copied_seq lockless reads mt76: dma: do not report truncated frames to mac80211 netfilter: x_tables: gpf inside xt_find_revision() can: flexcan: enable RX FIFO after FRZ/HALT valid can: flexcan: assert FRZ bit in flexcan_chip_freeze() can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership net: Introduce parse_protocol header_ops callback net: Fix gro aggregation for udp encaps with zero csum ath9k: fix transmitting to stations in dynamic SMPS mode ethernet: alx: fix order of calls on resume uapi: nfnetlink_cthelper.h: fix userspace compilation error FROMGIT: configfs: fix a use-after-free in __configfs_open_file ANDROID: GKI: Enable CONFIG_BT for x86 Revert "Revert "zram: close udev startup race condition as default groups"" Revert "block: genhd: add 'groups' argument to device_add_disk" Revert "nvme: register ns_id attributes as default sysfs groups" Revert "aoe: register default groups with device_add_disk()" Revert "zram: register default groups with device_add_disk()" Revert "virtio-blk: modernize sysfs attribute creation" Linux 4.19.180 mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 media: cx23885: add more quirks for reset DMA on some AMD IOMMU HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag platform/x86: acer-wmi: Add new force_caps module parameter platform/x86: acer-wmi: Cleanup accelerometer device handling platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines mwifiex: pcie: skip cancel_work_sync() on reset failure path iommu/amd: Fix sleeping in atomic in increase_address_space() dm table: fix zoned iterate_devices based device capability checks dm table: fix DAX iterate_devices based device capability checks dm table: fix iterate_devices based device capability checks net: dsa: add GRO support via gro_cells r8169: fix resuming from suspend on RTL8105e if machine runs on battery dm verity: fix FEC for RS roots unaligned to block size rsxx: Return -EFAULT if copy_to_user() fails RDMA/rxe: Fix missing kconfig dependency on CRYPTO ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits virtio-blk: modernize sysfs attribute creation zram: register default groups with device_add_disk() aoe: register default groups with device_add_disk() nvme: register ns_id attributes as default sysfs groups block: genhd: add 'groups' argument to device_add_disk Revert "zram: close udev startup race condition as default groups" usbip: tools: fix build error for multiple definition drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size PM: runtime: Update device status before letting suppliers suspend btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl btrfs: fix raid6 qstripe kmap btrfs: raid56: simplify tracking of Q stripe presence ANDROID: GKI: hack up fs/sysfs/file.c to prevent GENKSYMS change Revert "arm64: Avoid redundant type conversions in xchg() and cmpxchg()" Linux 4.19.179 ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board ALSA: hda/realtek: Add quirk for Clevo NH55RZQ media: v4l: ioctl: Fix memory leak in video_usercopy swap: fix swapfile read/write offset zsmalloc: account the number of compacted pages correctly xen-netback: respect gnttab_map_refs()'s return value Xen/gnttab: handle p2m update errors on a per-slot basis scsi: iscsi: Verify lengths on passthrough PDUs scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output scsi: iscsi: Restrict sessions and handles to admin capabilities ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet parisc: Bump 64-bit IRQ stack size to 64 KB btrfs: fix error handling in commit_fs_roots f2fs: fix to set/clear I_LINKABLE under i_lock f2fs: handle unallocated section and zone on pinned/atgc media: uvcvideo: Allow entities with no pads drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse crypto: tcrypt - avoid signed overflow in byte count staging: most: sound: add sanity check for function argument Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data x86/build: Treat R_386_PLT32 relocation as R_386_PC32 ath10k: fix wmi mgmt tx queue full due to race condition pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl wlcore: Fix command execute failure 19 for wl12xx vt/consolemap: do font sum unsigned x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk staging: fwserial: Fix error handling in fwserial_create rsi: Move card interrupt handling to RX thread rsi: Fix TX EAPOL packet handling against iwlwifi AP dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/ net: bridge: use switchdev for port flags set through sysfs too mm/hugetlb.c: fix unnecessary address expansion of pmd sharing net: fix up truesize of cloned skb in skb_prepare_for_shift() smackfs: restrict bytes count in smackfs write functions xfs: Fix assert failure in xfs_setattr_size() media: mceusb: sanity check for prescaler value udlfb: Fix memory leak in dlfb_usb_probe JFS: more checks for invalid superblock MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target=' arm64: Use correct ll/sc atomic constraints arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint arm64: Avoid redundant type conversions in xchg() and cmpxchg() arm64 module: set plt* section addresses to 0x0 virtio/s390: implement virtio-ccw revision 2 correctly drm/virtio: use kvmalloc for large allocations hugetlb: fix update_and_free_page contig page struct assumption net: usb: qmi_wwan: support ZTE P685M modem ANDROID: clang: update to 12.0.3 Revert "block: split .sysfs_lock into two locks" Revert "block: fix race between switching elevator and removing queues" Revert "block: don't release queue's sysfs lock during switching elevator" Revert "dm: fix deadlock when swapping to encrypted device" Linux 4.19.178 ARM: dts: aspeed: Add LCLK to lpc-snoop net: qrtr: Fix memory leak in qrtr_tun_open dm era: Update in-core bitset after committing the metadata net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending ipv6: silence compilation warning for non-IPV6 builds ipv6: icmp6: avoid indirect call for icmpv6_send() xfrm: interface: use icmp_ndo_send helper sunvnet: use icmp_ndo_send helper gtp: use icmp_ndo_send helper icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n icmp: introduce helper for nat'd source address in network device context dm era: only resize metadata in preresume dm era: Reinitialize bitset cache before digesting a new writeset dm era: Use correct value size in equality function of writeset tree dm era: Fix bitset memory leaks dm era: Verify the data block size hasn't changed dm era: Recover committed writeset after crash dm: fix deadlock when swapping to encrypted device gfs2: Don't skip dlm unlock if glock has an lvb sparc32: fix a user-triggerable oops in clear_user() f2fs: fix out-of-repair __setattr_copy() cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available printk: fix deadlock when kernel panic gpio: pcf857x: Fix missing first interrupt mmc: sdhci-esdhc-imx: fix kernel panic when remove module module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 libnvdimm/dimm: Avoid race between probe and available_slots_show() hugetlb: fix copy_huge_page_from_user contig page struct assumption x86: fix seq_file iteration for pat/memtype.c seq_file: document how per-entry resources are managed. fs/affs: release old buffer head on error path mtd: spi-nor: hisi-sfc: Put child node np on error path watchdog: mei_wdt: request stop on unregister arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing floppy: reintroduce O_NDELAY fix x86/reboot: Force all cpus to exit VMX root if VMX is supported media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table staging: gdm724x: Fix DMA from stack staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c dts64: mt7622: fix slow sd card access pstore: Fix typo in compression option name drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue misc: rtsx: init of rts522a add OCP power off when no card is present seccomp: Add missing return in non-void function crypto: sun4i-ss - handle BigEndian for cipher crypto: sun4i-ss - checking sg length is not sufficient crypto: arm64/sha - add missing module aliases btrfs: fix extent buffer leak on failure to copy root btrfs: fix reloc root leak with 0 ref reloc roots on recovery btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root KEYS: trusted: Fix migratable=1 failing tpm_tis: Clean up locality release tpm_tis: Fix check_locality for correct locality acquisition ALSA: hda/realtek: modify EAPD in the ALC886 USB: serial: mos7720: fix error code in mos7720_write() USB: serial: mos7840: fix error code in mos7840_write() USB: serial: ftdi_sio: fix FTX sub-integer prescaler usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 usb: musb: Fix runtime PM race in musb_queue_resume_work USB: serial: option: update interface mapping for ZTE P685M Input: i8042 - add ASUS Zenbook Flip to noselftest list Input: joydev - prevent potential read overflow in ioctl Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Input: raydium_ts_i2c - do not send zero length HID: wacom: Ignore attempts to overwrite the touch_max value from HID ACPI: configfs: add missing check after configfs_register_default_group() ACPI: property: Fix fwnode string properties matching blk-settings: align max_sectors on "logical_block_size" boundary scsi: bnx2fc: Fix Kconfig warning & CNIC build errors mm/rmap: fix potential pte_unmap on an not mapped pte i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition arm64: Add missing ISB after invalidating TLB in __primary_switch r8169: fix jumbo packet handling on RTL8168e mm/hugetlb: fix potential double free in hugetlb_register_node() error path mm/memory.c: fix potential pte_unmap_unlock pte error ocfs2: fix a use after free on error vxlan: move debug check after netdev unregister net/mlx4_core: Add missed mlx4_free_cmd_mailbox() i40e: Fix add TC filter for IPv6 i40e: Fix VFs not created i40e: Fix overwriting flow control settings during driver loading i40e: Add zero-initialization of AQ command structures i40e: Fix flow for IPv6 next header (extension header) regmap: sdw: use _no_pm functions in regmap_read/write ext4: fix potential htree index checksum corruption drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) PCI: Align checking of syscall user config accessors VMCI: Use set_page_dirty_lock() when unregistering guest memory pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users misc: eeprom_93xx46: Fix module alias to enable module autoprobe sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set Input: elo - fix an error code in elo_connect() perf test: Fix unaligned access in sample parsing test perf intel-pt: Fix missing CYC processing in PSB Input: sur40 - fix an error code in sur40_probe() spi: pxa2xx: Fix the controller numbering for Wildcat Point clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs powerpc/8xx: Fix software emulation interrupt powerpc/pseries/dlpar: handle ibm, configure-connector delay status mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() spi: stm32: properly handle 0 byte transfer RDMA/rxe: Correct skb on loopback path RDMA/rxe: Fix coding error in rxe_recv.c perf tools: Fix DSO filtering when not finding a map for a sampled address tracepoint: Do not fail unregistering a probe due to memory failure amba: Fix resource leak for drivers without .remove ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe powerpc/47x: Disable 256k page size KVM: PPC: Make the VMX instruction emulation routines static IB/umad: Return EPOLLERR in case of when device disassociated IB/umad: Return EIO in case of when device disassociated auxdisplay: ht16k33: Fix refresh rate handling isofs: release buffer head before return regulator: s5m8767: Drop regulators OF node reference spi: atmel: Put allocated master before return certs: Fix blacklist flag type confusion regulator: axp20x: Fix reference cout leak clk: sunxi-ng: h6: Fix clock divider range on some clocks RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined rtc: s5m: select REGMAP_I2C power: reset: at91-sama5d2_shdwc: fix wkupdbc mask of/fdt: Make sure no-map does not remove already reserved regions fdt: Properly handle "no-map" field in the memory region mfd: bd9571mwv: Use devm_mfd_add_devices() dmaengine: hsu: disable spurious interrupt dmaengine: owl-dma: Fix a resource leak in the remove function dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function dmaengine: fsldma: Fix a resource leak in the remove function HID: core: detect and skip invalid inputs to snto32() clk: sunxi-ng: h6: Fix CEC clock spi: cadence-quadspi: Abort read if dummy cycles required are too many quota: Fix memory leak when handling corrupted quota file clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL capabilities: Don't allow writing ambiguous v3 file capabilities jffs2: fix use after free in jffs2_sum_write_data() fs/jfs: fix potential integer overflow on shift of a int ima: Free IMA measurement buffer after kexec syscall ima: Free IMA measurement buffer on error crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() hwrng: timeriomem - Fix cooldown period calculation btrfs: clarify error returns values in __load_free_space_cache Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() f2fs: fix to avoid inconsistent quota data ASoC: cpcap: fix microphone timeslot mask ata: ahci_brcm: Add back regulators management crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values media: pxa_camera: declare variable when DEBUG is defined media: cx25821: Fix a bug when reallocating some dma memory media: qm1d1c0042: fix error return code in qm1d1c0042_init() media: lmedm04: Fix misuse of comma drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction. crypto: bcm - Rename struct device_private to bcm_device_private ASoC: cs42l56: fix up error handling in probe media: tm6000: Fix memleak in tm6000_start_stream media: media/pci: Fix memleak in empress_init media: em28xx: Fix use-after-free in em28xx_alloc_urbs media: vsp1: Fix an error handling path in the probe function media: camss: missing error code in msm_video_register() media: i2c: ov5670: Fix PIXEL_RATE minimum value MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 MIPS: c-r4k: Fix section mismatch for loongson2_sc_init drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition crypto: sun4i-ss - fix kmap usage gma500: clean up error handling in init drm/gma500: Fix error return code in psb_driver_load() fbdev: aty: SPARC64 requires FB_ATY_CT net: mvneta: Remove per-cpu queue mapping for Armada 3700 net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP net: amd-xgbe: Reset link when the link never comes back net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout ibmvnic: skip send_request_unmap for timeout reset ibmvnic: add memory barrier to protect long term buffer b43: N-PHY: Fix the update of coef for the PHY revision >= 3case cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds tcp: fix SO_RCVLOWAT related hangs under mem pressure bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx mac80211: fix potential overflow when multiplying to u32 integers xen/netback: fix spurious event detection for common event case bnxt_en: reverse order of TX disable and carrier off ibmvnic: Set to CLOSED state even on error ath9k: fix data bus crash when setting nf_override via debugfs bpf_lru_list: Read double-checked variable once without lock soc: aspeed: snoop: Add clock control logic ARM: s3c: fix fiq for clang IAS arm64: dts: msm8916: Fix reserved and rfsa nodes unit address ARM: dts: armada388-helios4: assign pinctrl to each fan ARM: dts: armada388-helios4: assign pinctrl to LEDs staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules usb: dwc2: Make "trimming xfer length" a debug message usb: dwc2: Abort transaction after errors with unknown reason usb: dwc2: Do not update data length if it is 0 on inbound transfers ARM: dts: Configure missing thermal interrupt for 4430 memory: ti-aemif: Drop child node when jumping out loop Bluetooth: Put HCI device if inquiry procedure interrupts Bluetooth: drop HCI device reference before return usb: gadget: u_audio: Free requests only after callback ACPICA: Fix exception code class checks cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() cpufreq: brcmstb-avs-cpufreq: Free resources in error path arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card arm64: dts: allwinner: A64: properly connect USB PHY to port 0 bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso arm64: dts: exynos: correct PMIC interrupt trigger level on TM2 ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa ARM: dts: exynos: correct PMIC interrupt trigger level on Spring ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato ARM: dts: exynos: correct PMIC interrupt trigger level on Monk ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 Bluetooth: Fix initializing response id after clearing struct Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function ath10k: Fix error handling in case of CE pipe init failure random: fix the RNDRESEEDCRNG ioctl MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode bfq: Avoid false bfq queue merging PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 kdb: Make memory allocations more robust vmlinux.lds.h: add DWARF v5 sections locking/static_key: Fix false positive warnings on concurrent dec/inc jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations scripts/recordmcount.pl: support big endian for ARCH sh cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath. NET: usb: qmi_wwan: Adding support for Cinterion MV31 block: don't release queue's sysfs lock during switching elevator block: fix race between switching elevator and removing queues block: split .sysfs_lock into two locks block: add helper for checking if queue is registered scripts: set proper OpenSSL include dir also for sign-file scripts: use pkg-config to locate libcrypto arm64: tegra: Add power-domain for Tegra210 HDA ntfs: check for valid standard information attribute usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable USB: quirks: sort quirk entries HID: make arrays usage and value to be the same ANDROID: syscalls/x86: use a weak function for IA32 compat syscalls ANDROID: Adding kprobes build configs for Cuttlefish Change-Id: Ibe55302772a7f7de016842280a9997c992262ea8 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: arch/arm64/kernel/cpufeature.c drivers/block/zram/zram_drv.c drivers/iio/adc/qcom-spmi-vadc.c drivers/md/dm-verity-fec.c drivers/usb/gadget/configfs.c net/ipv4/tcp_ipv4.c net/ipv6/tcp_ipv6.c net/qrtr/qrtr.c |
||
|
UtsavBalar1231
|
b6e6dcae95 |
Merge tag 'ASB-2021-03-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-03-01 CVE-2021-0399 * tag 'ASB-2021-03-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: UPSTREAM: locking/static_key: Fix false positive warnings on concurrent dec/inc UPSTREAM: jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations ANDROID: Add symbol of _proc_mkdir Linux 4.19.177 kvm: check tlbs_dirty directly scsi: qla2xxx: Fix crash during driver load on big endian machines xen-blkback: fix error handling in xen_blkbk_map() xen-scsiback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-blkback: don't "handle" error by BUG() xen/arm: don't ignore return errors from set_phys_to_machine Xen/gntdev: correct error checking in gntdev_map_grant_pages() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/x86: don't bail early from clear_foreign_p2m_mapping() net: qrtr: Fix port ID for control messages KVM: SEV: fix double locking due to incorrect backport x86/build: Disable CET instrumentation in the kernel for 32-bit too ovl: expand warning in ovl_d_real() net/qrtr: restrict user-controlled length in qrtr_tun_write_iter() net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS vsock: fix locking in vsock_shutdown() vsock/virtio: update credit only if socket is not closed net: watchdog: hold device global xmit lock during tx disable net/vmw_vsock: improve locking in vsock_connect_timeout() net: fix iteration for sctp transport seq_files usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one usb: dwc3: ulpi: fix checkpatch warning h8300: fix PREEMPTION build, TI_PRE_COUNT undefined i2c: stm32f7: fix configuration of the digital filter firmware_loader: align .builtin_fw to 8 net: hns3: add a check for queue_id in hclge_reset_vf_queue() netfilter: conntrack: skip identical origin tuple in same zone only net: stmmac: set TxQ mode back to DCB after disabling CBS xen/netback: avoid race in xenvif_rx_ring_slots_available() netfilter: flowtable: fix tcp and udp header checksum update netfilter: xt_recent: Fix attempt to update deleted entry bpf: Check for integer overflow when using roundup_pow_of_two() mt76: dma: fix a possible memory leak in mt76_add_fragment() ARM: kexec: fix oops after TLB are invalidated ARM: ensure the signal page contains defined contents ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL bfq-iosched: Revert "bfq: Fix computation of shallow depth" riscv: virt_addr_valid must check the address belongs to linear mapping drm/amd/display: Free atomic state after drm_atomic_commit drm/amd/display: Fix dc_sink kref count in emulated_link_detect ovl: skip getxattr of security labels cap: fix conversions on getxattr ovl: perform vfs_getxattr() with mounter creds platform/x86: hp-wmi: Disable tablet-mode reporting by default arm64: dts: rockchip: Fix PCIe DT properties on rk3399 arm/xen: Don't probe xenbus as part of an early initcall tracing: Check length before giving out the filter buffer tracing: Do not count ftrace events in top level enable output ANDROID: build_config: drop CONFIG_KASAN_PANIC_ON_WARN Linux 4.19.176 regulator: Fix lockdep warning resolving supplies regulator: core: Clean enabling always-on regulators + their supplies regulator: core: enable power when setting up constraints squashfs: add more sanity checks in xattr id lookup squashfs: add more sanity checks in inode lookup squashfs: add more sanity checks in id lookup blk-mq: don't hold q->sysfs_lock in blk_mq_map_swqueue block: don't hold q->sysfs_lock in elevator_init_mq Fix unsynchronized access to sev members through svm_register_enc_region memcg: fix a crash in wb_workfn when a device disappears include/trace/events/writeback.h: fix -Wstringop-truncation warnings lib/string: Add strscpy_pad() function SUNRPC: Handle 0 length opaque XDR object data properly SUNRPC: Move simple_get_bytes and simple_get_netobj into private header iwlwifi: mvm: guard against device removal in reprobe iwlwifi: pcie: fix context info memory leak iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() chtls: Fix potential resource leak regulator: core: avoid regulator_resolve_supply() race condition af_key: relax availability checks for skb size calculation remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load fgraph: Initialize tracing_graph_pause at task creation block: fix NULL pointer dereference in register_disk tracing/kprobe: Fix to support kretprobe events on unloaded modules BACKPORT: bpf: add bpf_ktime_get_boot_ns() Linux 4.19.175 net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add net: ip_tunnel: fix mtu calculation md: Set prev_flush_start and flush_bio in an atomic way iommu/vt-d: Do not use flush-queue when caching-mode is on Input: xpad - sync supported devices with fork on GitHub x86/apic: Add extra serialization for non-serializing MSRs x86/build: Disable CET instrumentation in the kernel mm: thp: fix MADV_REMOVE deadlock on shmem THP mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active mm: hugetlb: fix a race between isolating and freeing page mm: hugetlb: fix a race between freeing and dissolving the page mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page ARM: footbridge: fix dc21285 PCI configuration accessors KVM: SVM: Treat SVM as unsupported when running as an SEV guest nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs mmc: core: Limit retries when analyse of SDIO tuples fails smb3: Fix out-of-bounds bug in SMB2_negotiate() cifs: report error instead of invalid when revalidating a dentry fails xhci: fix bounce buffer usage for non-sg list case genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set kretprobe: Avoid re-registration of the same kretprobe earlier mac80211: fix station rate table updates on assoc ovl: fix dentry leak in ovl_get_redirect usb: dwc3: fix clock issue during resume in OTG mode usb: dwc2: Fix endpoint direction check in ep_from_windex usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() USB: usblp: don't call usb_set_interface if there's a single alt USB: gadget: legacy: fix an error code in eth_bind() memblock: do not start bottom-up allocations with kernel_end net: mvpp2: TCAM entry enable should be written after SRAM data net: lapb: Copy the skb before sending a packet arm64: dts: ls1046a: fix dcfg address range rxrpc: Fix deadlock around release of dst cached on udp tunnel Input: i8042 - unbreak Pegatron C15B elfcore: fix building with clang USB: serial: option: Adding support for Cinterion MV31 USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 USB: serial: cp210x: add pid/vid for WSDA-200-USB UPSTREAM: dma-buf: Fix SET_NAME ioctl uapi ANDROID: GKI: Update ABI for coresight-clk-amba-dummy.ko. Linux 4.19.174 workqueue: Restrict affinity change to rescuer kthread: Extract KTHREAD_IS_PER_CPU objtool: Don't fail on missing symbol table selftests/powerpc: Only test lwm/stmw on big endian scsi: ibmvfc: Set default timeout to avoid crash during migration mac80211: fix fast-rx encryption check scsi: libfc: Avoid invoking response handler twice if ep is already completed scsi: scsi_transport_srp: Don't block target in failfast state x86: __always_inline __{rd,wr}msr() platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet phy: cpcap-usb: Fix warning for missing regulator_disable net_sched: gen_estimator: support large ewma log sysctl: handle overflow in proc_get_long ACPI: thermal: Do not call acpi_thermal_check() directly ibmvnic: Ensure that CRQ entry read are correctly ordered net: dsa: bcm_sf2: put device node before return Linux 4.19.173 tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN team: protect features update by RCU to avoid deadlock NFC: fix possible resource leak NFC: fix resource leak when target index is invalid rxrpc: Fix memory leak in rxrpc_lookup_local iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built iommu/vt-d: Gracefully handle DMAR units with no supported address widths can: dev: prevent potential information leak in can_fill_info() net/mlx5: Fix memory leak on flow table creation error flow mac80211: pause TX while changing interface type iwlwifi: pcie: reschedule in long-running memory reads iwlwifi: pcie: use jiffies for memory read spin time limit pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() RDMA/cxgb4: Fix the reported max_recv_sge value xfrm: fix disable_xfrm sysctl when used on xfrm interfaces xfrm: Fix oops in xfrm_replay_advance_bmp netfilter: nft_dynset: add timeout extension to template ARM: imx: build suspend-imx6.S with arm instruction set xen-blkfront: allow discard-* nodes to be optional mt7601u: fix rx buffer refcounting mt7601u: fix kernel crash unplugging the device leds: trigger: fix potential deadlock with libata xen: Fix XenStore initialisation for XS_LOCAL KVM: x86: get smi pending status correctly KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs PM: hibernate: flush swap writer after marking net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family wext: fix NULL-ptr-dereference with cfg80211's lack of commit() ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming media: rc: ensure that uevent can be read directly after rc device register ALSA: hda/via: Apply the workaround generically for Clevo machines xen/privcmd: allow fetching resource sizes kernel: kexec: remove the lock operation of system_transition_mutex ACPI: sysfs: Prefer "compatible" modalias nbd: freeze the queue while we're adding connections Revert "Revert "ANDROID: enable LLVM_IAS=1 for clang's integrated assembler for x86_64"" ANDROID: GKI: Update ABI ANDROID: GKI: Update cuttlefish symbol list Change-Id: I75ef9f3aeeda9819bd49ccdc55effeb22c98574e Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
UtsavBalar1231
|
5d353c7fc5 |
Merge tag 'ASB-2021-02-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-02-01 CVE-2017-18509 CVE-2020-10767 * tag 'ASB-2021-02-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: ANDROID: GKI: fix up abi issues with 4.19.172 Linux 4.19.172 fs: fix lazytime expiration handling in __writeback_single_inode() writeback: Drop I_DIRTY_TIME_EXPIRE dm integrity: conditionally disable "recalculate" feature tools: Factor HOSTCC, HOSTLD, HOSTAR definitions tracing: Fix race in trace_open and buffer resize call HID: wacom: Correct NULL dereference on AES pen proximity futex: Handle faults correctly for PI futexes futex: Simplify fixup_pi_state_owner() futex: Use pi_state_update_owner() in put_pi_state() rtmutex: Remove unused argument from rt_mutex_proxy_unlock() futex: Provide and use pi_state_update_owner() futex: Replace pointless printk in fixup_owner() futex: Ensure the correct return value from futex_lock_pi() futex: Prevent exit livelock futex: Provide distinct return value when owner is exiting futex: Add mutex around futex exit futex: Provide state handling for exec() as well futex: Sanitize exit state handling futex: Mark the begin of futex exit explicitly futex: Set task::futex_state to DEAD right after handling futex exit futex: Split futex_mm_release() for exit/exec exit/exec: Seperate mm_release() futex: Replace PF_EXITPIDONE with a state futex: Move futex exit handling into futex code Revert "mm/slub: fix a memory leak in sysfs_slab_add()" gpio: mvebu: fix pwm .get_state period calculation FROMGIT: f2fs: flush data when enabling checkpoint back ANDROID: GKI: Added the get_task_pid function Linux 4.19.171 net: dsa: b53: fix an off by one in checking "vlan->vid" net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled net: mscc: ocelot: allow offloading of bridge on top of LAG ipv6: set multicast flag on the multicast route net_sched: reject silly cell_log in qdisc_get_rtab() net_sched: avoid shift-out-of-bounds in tcindex_set_parms() ipv6: create multicast route with RTPROT_KERNEL udp: mask TOS bits in udp_v4_early_demux() kasan: fix incorrect arguments passing in kasan_add_zero_shadow kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too sh_eth: Fix power down vs. is_opened flag ordering sh: dma: fix kconfig dependency for G2_DMA netfilter: rpfilter: mask ecn bits before fib lookup driver core: Extend device_is_dependent() xhci: tegra: Delay for disabling LFPS detector xhci: make sure TRB is fully written before giving it to the controller usb: bdc: Make bdc pci driver depend on BROKEN usb: udc: core: Use lock when write to soft_connect usb: gadget: aspeed: fix stop dma register setting. USB: ehci: fix an interrupt calltrace error ehci: fix EHCI host controller initialization sequence serial: mvebu-uart: fix tx lost characters at power off stm class: Fix module init return on allocation failure intel_th: pci: Add Alder Lake-P support irqchip/mips-cpu: Set IPI domain parent chip iio: ad5504: Fix setting power-down state can: peak_usb: fix use after free bugs can: vxcan: vxcan_xmit: fix use after free bug can: dev: can_restart: fix use after free bug selftests: net: fib_tests: remove duplicate log test platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list i2c: octeon: check correct size of maximum RECV_LEN packet scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 drm/nouveau/mmu: fix vram heap sizing drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields drm/nouveau/privring: ack interrupts the same way as RM drm/nouveau/bios: fix issue shadowing expansion ROMs xen: Fix event channel callback via INTX/GSI clk: tegra30: Add hda clock default rates to clock driver HID: Ignore battery for Elan touchscreen on ASUS UX550 riscv: Fix kernel time_init() scsi: qedi: Correct max length of CHAP secret scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback ASoC: Intel: haswell: Add missing pm_ops drm/atomic: put state on error path dm integrity: fix a crash if "recalculate" used without "internal_hash" dm: avoid filesystem lookup in dm_get_dev_t() mmc: sdhci-xenon: fix 1.8v regulator stabilization mmc: core: don't initialize block size from ext_csd if not present btrfs: fix lockdep splat in btrfs_recover_relocation ACPI: scan: Make acpi_bus_get_device() clear return pointer on error ALSA: hda/via: Add minimum mute flag ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() i2c: bpmp-tegra: Ignore unknown I2C_M flags Revert "ANDROID: Incremental fs: RCU locks instead of mutex for pending_reads." Revert "ANDROID: Incremental fs: Fix minor bugs" Revert "ANDROID: Incremental fs: dentry_revalidate should not return -EBADF." Revert "ANDROID: Incremental fs: Remove annoying pr_debugs" Revert "ANDROID: Incremental fs: Remove unnecessary dependencies" Revert "ANDROID: Incremental fs: Use R/W locks to read/write segment blockmap." Revert "ANDROID: Incremental fs: Stress tool" Revert "ANDROID: Incremental fs: Adding perf test" Revert "ANDROID: Incremental fs: Allow running a single test" Revert "ANDROID: Incremental fs: Fix incfs to work on virtio-9p" Revert "ANDROID: Incremental fs: Don't allow renaming .index directory." Revert "ANDROID: Incremental fs: Create mapped file" Revert "ANDROID: Incremental fs: Add UID to pending_read" Revert "ANDROID: Incremental fs: Separate pseudo-file code" Revert "ANDROID: Incremental fs: Add .blocks_written file" Revert "ANDROID: Incremental fs: Remove attributes from file" Revert "ANDROID: Incremental fs: Remove back links and crcs" Revert "ANDROID: Incremental fs: Remove block HASH flag" Revert "ANDROID: Incremental fs: Make compatible with existing files" Revert "ANDROID: Incremental fs: Add INCFS_IOC_GET_BLOCK_COUNT" Revert "ANDROID: Incremental fs: Add hash block counts to IOC_IOCTL_GET_BLOCK_COUNT" Revert "ANDROID: Incremental fs: Fix filled block count from get filled blocks" Revert "ANDROID: Incremental fs: Fix uninitialized variable" Revert "ANDROID: Incremental fs: Fix dangling else" Revert "ANDROID: Incremental fs: Add .incomplete folder" Revert "ANDROID: Incremental fs: Add per UID read timeouts" Revert "ANDROID: Incremental fs: Fix misuse of cpu_to_leXX and poll return" Revert "ANDROID: Incremental fs: Fix read_log_test which failed sporadically" Revert "ANDROID: Incremental fs: Initialize mount options correctly" Revert "ANDROID: Incremental fs: Small improvements" Revert "ANDROID: Incremental fs: Add zstd compression support" Revert "ANDROID: Incremental fs: Add zstd feature flag" Revert "ANDROID: Incremental fs: Add v2 feature flag" Revert "ANDROID: Incremental fs: Change per UID timeouts to microseconds" Revert "ANDROID: Incremental fs: Fix incfs_test use of atol, open" Revert "ANDROID: Incremental fs: Set credentials before reading/writing" ANDROID: GKI: Update ABI for clang bump ANDROID: clang: update to 12.0.1 Revert "ANDROID: enable LLVM_IAS=1 for clang's integrated assembler for x86_64" ANDROID: enable LLVM_IAS=1 for clang's integrated assembler for x86_64 Linux 4.19.170 spi: cadence: cache reference clock rate during probe net: ipv6: Validate GSO SKB before finish IPv6 processing net: skbuff: disambiguate argument and member for skb_list_walk_safe helper net: introduce skb_list_walk_safe for skb segment walking tipc: fix NULL deref in tipc_link_xmit() rxrpc: Fix handling of an unsupported token type in rxrpc_read() net: avoid 32 x truesize under-estimation for tiny skbs net: sit: unregister_netdevice on newlink's error path net: stmmac: Fixed mtu channged by cache aligned rxrpc: Call state should be read with READ_ONCE() under some circumstances net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands net: dcb: Validate netlink message in DCB handler esp: avoid unneeded kmap_atomic call rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request net: mvpp2: Remove Pause and Asym_Pause support netxen_nic: fix MSI/MSI-x interrupts udp: Prevent reuseport_select_sock from reading uninitialized socks nfsd4: readdirplus shouldn't return parent of export crypto: x86/crc32c - fix building with clang ias dm integrity: fix flush with external metadata device compiler.h: Raise minimum version of GCC to 5.1 for arm64 usb: ohci: Make distrust_firmware param default to false ANDROID: GKI: Update the ABI xml and symbol list ANDROID: GKI: genirq: export `kstat_irqs_usr` for watchdog ANDROID: GKI: soc: qcom: export `irq_stack_ptr` ANDROID: ASoC: core: add locked version of soc_find_component ANDROID: dm-user: Fix the list walk-and-delete code Linux 4.19.169 kbuild: enforce -Werror=return-type netfilter: nf_nat: Fix memleak in nf_nat_init netfilter: conntrack: fix reading nf_conntrack_buckets ALSA: fireface: Fix integer overflow in transmit_midi_msg() ALSA: firewire-tascam: Fix integer overflow in midi_port_work() dm: eliminate potential source of excessive kernel log noise net: sunrpc: interpret the return value of kstrtou32 correctly mm, slub: consider rest of partial list if acquire_slab() fails RDMA/mlx5: Fix wrong free of blue flame register on error RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp ext4: fix superblock checksum failure when setting password salt NFS: nfs_igrab_and_active must first reference the superblock NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter pNFS: Mark layout for return if return-on-close was not sent NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock ASoC: Intel: fix error code cnl_set_dsp_D0() ASoC: meson: axg-tdm-interface: fix loopback dump_common_audit_data(): fix racy accesses to ->d_name ima: Remove __init annotation from ima_pcrread() ARM: picoxcell: fix missing interrupt-parent properties drm/msm: Call msm_init_vram before binding the gpu ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI net: ethernet: fs_enet: Add missing MODULE_LICENSE misdn: dsp: select CONFIG_BITREVERSE arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC bfq: Fix computation of shallow depth ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan ARC: build: add boot_targets to PHONY ARC: build: add uImage.lzma to the top-level target ARC: build: remove non-existing bootpImage from KBUILD_IMAGE ext4: fix bug for rename with RENAME_WHITEOUT r8152: Add Lenovo Powered USB-C Travel Hub dm integrity: fix the maximum number of arguments dm snapshot: flush merged data before committing metadata mm/hugetlb: fix potential missing huge page size info ACPI: scan: Harden acpi_device_add() against device ID overflows MIPS: relocatable: fix possible boot hangup with KASLR enabled MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB tracing/kprobes: Do the notrace functions check without kprobes on ftrace x86/hyperv: check cpu mask after interrupt has been disabled ASoC: dapm: remove widget from dirty list on free Revert "BACKPORT: FROMGIT: mm: improve mprotect(R|W) efficiency on pages referenced once" Linux 4.19.168 regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet block: fix use-after-free in disk_part_iter_next KVM: arm64: Don't access PMCR_EL0 when no PMU is available wan: ds26522: select CONFIG_BITREVERSE regmap: debugfs: Fix a memory leak when calling regmap_attach_dev net/mlx5e: Fix two double free cases net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups iommu/intel: Fix memleak in intel_irq_remapping_alloc lightnvm: select CONFIG_CRC32 block: rsxx: select CONFIG_CRC32 wil6210: select CONFIG_CRC32 dmaengine: xilinx_dma: fix mixed_enum_type coverity warning dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() dmaengine: xilinx_dma: check dma_async_device_register return value dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function spi: stm32: FIFO threshold level - fix align packet size cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() i2c: sprd: use a specific timeout to avoid system hang up issue ARM: OMAP2+: omap_device: fix idling of devices during probe HID: wacom: Fix memory leakage caused by kfifo_alloc iio: imu: st_lsm6dsx: fix edge-trigger interrupts iio: imu: st_lsm6dsx: flip irq return logic spi: pxa2xx: Fix use-after-free on unbind drm/i915: Fix mismatch between misplaced vma check and vma insert vmlinux.lds.h: Add PGO and AutoFDO input sections x86/resctrl: Don't move a task to the same resource group x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR chtls: Fix chtls resources release sequence chtls: Added a check to avoid NULL pointer dereference chtls: Replace skb_dequeue with skb_peek chtls: Fix panic when route to peer not configured chtls: Remove invalid set_tcb call chtls: Fix hardware tid leak net: ipv6: fib: flush exceptions when purging route net: fix pmtu check in nopmtudisc mode net: ip: always refragment ip defragmented packets net/sonic: Fix some resource leaks in error handling paths net: vlan: avoid leaks on register_vlan_dev() failures net: stmmac: dwmac-sun8i: Balance internal PHY power net: stmmac: dwmac-sun8i: Balance internal PHY resource references net: hns3: fix the number of queues actually used by ARQ net: cdc_ncm: correct overhead in delayed_ndp_size BACKPORT: FROMGIT: mm: improve mprotect(R|W) efficiency on pages referenced once ANDROID: dm-user: fix typo in channel_free ANDROID: dm-user: Add some missing static Linux 4.19.167 scsi: target: Fix XCOPY NAA identifier lookup KVM: x86: fix shift out of bounds reported by UBSAN x86/mtrr: Correct the range check before performing MTRR type lookups netfilter: xt_RATEEST: reject non-null terminated string from userspace netfilter: ipset: fix shift-out-of-bounds in htable_bits() netfilter: x_tables: Update remaining dereference to RCU xen/pvh: correctly setup the PV EFI interface for dom0 Revert "device property: Keep secondary firmware node secondary by type" btrfs: send: fix wrong file path when there is an inode with a pending rmdir ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 ALSA: hda/conexant: add a new hda codec CX11970 ALSA: hda/via: Fix runtime PM for Clevo W35xSS x86/mm: Fix leak of pmd ptlock USB: serial: keyspan_pda: remove unused variable usb: gadget: configfs: Fix use-after-free issue with udc_name usb: gadget: configfs: Preserve function ordering after bind failure usb: gadget: Fix spinlock lockup on usb_function_deactivate USB: gadget: legacy: fix return error code in acm_ms_bind() usb: gadget: u_ether: Fix MTU size mismatch with RX packet size usb: gadget: function: printer: Fix a memory leak for interface descriptor usb: gadget: f_uac2: reset wMaxPacketSize usb: gadget: select CONFIG_CRC32 ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks USB: usblp: fix DMA to stack USB: yurex: fix control-URB timeout handling USB: serial: option: add Quectel EM160R-GL USB: serial: option: add LongSung M5710 module support USB: serial: iuu_phoenix: fix DMA from stack usb: uas: Add PNY USB Portable SSD to unusual_uas usb: usbip: vhci_hcd: protect shift size USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). USB: cdc-acm: blacklist another IR Droid device usb: gadget: enable super speed plus staging: mt7621-dma: Fix a resource leak in an error handling path crypto: ecdh - avoid buffer overflow in ecdh_set_secret() video: hyperv_fb: Fix the mmap() regression for v5.4.y and older Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc net-sysfs: take the rtnl lock when storing xps_rxqs net: sched: prevent invalid Scell_log shift count vhost_net: fix ubuf refcount incorrectly when sendmsg fails r8169: work around power-saving bug on some chip versions net: usb: qmi_wwan: add Quectel EM160R-GL CDC-NCM: remove "connected" log message net: hdlc_ppp: Fix issues when mod_timer is called while timer is running erspan: fix version 1 check in gre_parse_header() net: hns: fix return value check in __lb_other_process() ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc net-sysfs: take the rtnl lock when storing xps_cpus net: ethernet: Fix memleak in ethoc_probe net/ncsi: Use real net-device for response handler virtio_net: Fix recursive call to cpus_read_lock() qede: fix offload for IPIP tunnel packets net: mvpp2: Fix GoP port 3 Networking Complex Control configurations atm: idt77252: call pci_disable_device() on error path ethernet: ucc_geth: set dev->max_mtu to 1518 ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() net: mvpp2: prs: fix PPPoE with ipv6 packet parse net: mvpp2: Add TCAM entry to drop flow control pause frames i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs proc: fix lookup in /proc/net subdirectories after setns(2) proc: change ->nlink under proc_subdir_lock depmod: handle the case of /sbin/depmod without /sbin in PATH lib/genalloc: fix the overflow when size is too big scsi: scsi_transport_spi: Set RQF_PM for domain validation commands scsi: ide: Do not set the RQF_PREEMPT flag for sense requests scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() scsi: ufs: Fix wrong print message in dev_err() workqueue: Kick a worker based on the actual activation of delayed works kbuild: don't hardcode depmod path ANDROID: enable LLVM_IAS=1 for clang's integrated assembler for aarch64 Revert "ANDROID: arm64: lse: fix LSE atomics with LTO" ANDROID: uapi: Add dm-user structure definition ANDROID: dm: dm-user: New target that proxies BIOs to userspace ANDROID: GKI: Enable XFRM_MIGRATE Linux 4.19.166 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start iio:magnetometer:mag3110: Fix alignment and data leak issues. iio:imu:bmi160: Fix alignment and data leak issues kdev_t: always inline major/minor helper functions dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() dmaengine: at_hdmac: Substitute kzalloc with kmalloc Revert "mtd: spinand: Fix OOB read" Linux 4.19.165 dm verity: skip verity work if I/O error when system is shutting down ALSA: pcm: Clear the full allocated memory at hw_params module: delay kobject uevent until after module init call NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() quota: Don't overflow quota file offsets module: set MODULE_STATE_GOING state when a module fails to load rtc: sun6i: Fix memleak in sun6i_rtc_clk_init fcntl: Fix potential deadlock in send_sig{io, urg}() ALSA: rawmidi: Access runtime->avail always in spinlock ALSA: seq: Use bool for snd_seq_queue internal flags media: gp8psk: initialize stats at power control logic misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() reiserfs: add check for an invalid ih_entry_count Bluetooth: hci_h5: close serdev device and free hu in h5_close of: fix linker-section match-table corruption null_blk: Fix zone size initialization xen/gntdev.c: Mark pages as dirty powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses uapi: move constants from <linux/kernel.h> to <linux/const.h> ext4: don't remount read-only with errors=continue on reboot vfio/pci: Move dummy_resources_list init in vfio_pci_probe() ubifs: prevent creating duplicate encrypted filenames f2fs: prevent creating duplicate encrypted filenames ext4: prevent creating duplicate encrypted filenames fscrypt: add fscrypt_is_nokey_name() md/raid10: initialize r10_bio->read_slot before use. ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect() ANDROID: usb: f_accessory: Avoid bitfields for shared variables ANDROID: usb: f_accessory: Cancel any pending work before teardown ANDROID: usb: f_accessory: Don't corrupt global state on double registration ANDROID: usb: f_accessory: Fix teardown ordering in acc_release() ANDROID: usb: f_accessory: Add refcounting to global 'acc_dev' ANDROID: usb: f_accessory: Wrap '_acc_dev' in get()/put() accessors ANDROID: usb: f_accessory: Remove useless assignment ANDROID: usb: f_accessory: Remove useless non-debug prints ANDROID: usb: f_accessory: Remove stale comments ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request ANDROID: usb: gadget: f_accessory: fix CTS test stuck Change-Id: I0a8e8e2b9b66be8cc73bd1ad084264b522ac34a3 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
Laibin Qiu
|
38c7f8c059 |
block/wbt: fix negative inflight counter when remove scsi device
commit e92bc4cd34de2ce454bdea8cd198b8067ee4e123 upstream.
Now that we disable wbt by set WBT_STATE_OFF_DEFAULT in
wbt_disable_default() when switch elevator to bfq. And when
we remove scsi device, wbt will be enabled by wbt_enable_default.
If it become false positive between wbt_wait() and wbt_track()
when submit write request.
The following is the scenario that triggered the problem.
T1 T2 T3
elevator_switch_mq
bfq_init_queue
wbt_disable_default <= Set
rwb->enable_state (OFF)
Submit_bio
blk_mq_make_request
rq_qos_throttle
<= rwb->enable_state (OFF)
scsi_remove_device
sd_remove
del_gendisk
blk_unregister_queue
elv_unregister_queue
wbt_enable_default
<= Set rwb->enable_state (ON)
q_qos_track
<= rwb->enable_state (ON)
^^^^^^ this request will mark WBT_TRACKED without inflight add and will
lead to drop rqw->inflight to -1 in wbt_done() which will trigger IO hung.
Fix this by move wbt_enable_default() from elv_unregister to
bfq_exit_queue(). Only re-enable wbt when bfq exit.
Fixes: 76a8040817b4b ("blk-wbt: make sure throttle is enabled properly")
Remove oneline stale comment, and kill one oneshot local variable.
Signed-off-by: Ming Lei <ming.lei@rehdat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/linux-block/20211214133103.551813-1-qiulaibin@huawei.com/
Signed-off-by: Laibin Qiu <qiulaibin@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Paolo Valente
|
57f93eaff4 |
block, bfq: fix use after free in bfq_bfqq_expire
commit eed47d19d9362bdd958e4ab56af480b9dbf6b2b6 upstream.
The function bfq_bfqq_expire() invokes the function
__bfq_bfqq_expire(), and the latter may free the in-service bfq-queue.
If this happens, then no other instruction of bfq_bfqq_expire() must
be executed, or a use-after-free will occur.
Basing on the assumption that __bfq_bfqq_expire() invokes
bfq_put_queue() on the in-service bfq-queue exactly once, the queue is
assumed to be freed if its refcounter is equal to one right before
invoking __bfq_bfqq_expire().
But, since commit 9dee8b3b057e ("block, bfq: fix queue removal from
weights tree") this assumption is false. __bfq_bfqq_expire() may also
invoke bfq_weights_tree_remove() and, since commit 9dee8b3b057e
("block, bfq: fix queue removal from weights tree"), also
the latter function may invoke bfq_put_queue(). So __bfq_bfqq_expire()
may invoke bfq_put_queue() twice, and this is the actual case where
the in-service queue may happen to be freed.
To address this issue, this commit moves the check on the refcounter
of the queue right around the last bfq_put_queue() that may be invoked
on the queue.
Fixes: 9dee8b3b057e ("block, bfq: fix queue removal from weights tree")
Reported-by: Dmitrii Tcvetkov <demfloro@demfloro.ru>
Reported-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Dmitrii Tcvetkov <demfloro@demfloro.ru>
Tested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Paolo Valente
|
99ada24490 |
block, bfq: fix queue removal from weights tree
commit 9dee8b3b057e1da26f85f1842f2aaf3bb200fb94 upstream. bfq maintains an ordered list, through a red-black tree, of unique weights of active bfq_queues. This list is used to detect whether there are active queues with differentiated weights. The weight of a queue is removed from the list when both the following two conditions become true: (1) the bfq_queue is flagged as inactive (2) the has no in-flight request any longer; Unfortunately, in the rare cases where condition (2) becomes true before condition (1), the removal fails, because the function to remove the weight of the queue (bfq_weights_tree_remove) is rightly invoked in the path that deactivates the bfq_queue, but mistakenly invoked *before* the function that actually performs the deactivation (bfq_deactivate_bfqq). This commits moves the invocation of bfq_weights_tree_remove for condition (1) to after bfq_deactivate_bfqq. As a consequence of this move, it is necessary to add a further reference to the queue when the weight of a queue is added, because the queue might otherwise be freed before bfq_weights_tree_remove is invoked. This commit adds this reference and makes all related modifications. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Yu Kuai <yukuai3@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Paolo Valente
|
7d0efcc69c |
block, bfq: fix decrement of num_active_groups
commit ba7aeae5539c7a7cccc4cf07a2bc61281a93c50e upstream.
Since commit '2d29c9f89fcd ("block, bfq: improve asymmetric scenarios
detection")', if there are process groups with I/O requests waiting for
completion, then BFQ tags the scenario as 'asymmetric'. This detection
is needed for preserving service guarantees (for details, see comments
on the computation * of the variable asymmetric_scenario in the
function bfq_better_to_idle).
Unfortunately, commit '2d29c9f89fcd ("block, bfq: improve asymmetric
scenarios detection")' contains an error exactly in the updating of
the number of groups with I/O requests waiting for completion: if a
group has more than one descendant process, then the above number of
groups, which is renamed from num_active_groups to a more appropriate
num_groups_with_pending_reqs by this commit, may happen to be wrongly
decremented multiple times, namely every time one of the descendant
processes gets all its pending I/O requests completed.
A correct, complete solution should work as follows. Consider a group
that is inactive, i.e., that has no descendant process with pending
I/O inside BFQ queues. Then suppose that num_groups_with_pending_reqs
is still accounting for this group, because the group still has some
descendant process with some I/O request still in
flight. num_groups_with_pending_reqs should be decremented when the
in-flight request of the last descendant process is finally completed
(assuming that nothing else has changed for the group in the meantime,
in terms of composition of the group and active/inactive state of
child groups and processes). To accomplish this, an additional
pending-request counter must be added to entities, and must be
updated correctly.
To avoid this additional field and operations, this commit resorts to
the following tradeoff between simplicity and accuracy: for an
inactive group that is still counted in num_groups_with_pending_reqs,
this commit decrements num_groups_with_pending_reqs when the first
descendant process of the group remains with no request waiting for
completion.
This simplified scheme provides a fix to the unbalanced decrements
introduced by 2d29c9f89fcd. Since this error was also caused by lack
of comments on this non-trivial issue, this commit also adds related
comments.
Fixes: 2d29c9f89fcd ("block, bfq: improve asymmetric scenarios detection")
Reported-by: Steven Barrett <steven@liquorix.net>
Tested-by: Steven Barrett <steven@liquorix.net>
Tested-by: Lucjan Lucjanov <lucjan.lucjanov@gmail.com>
Reviewed-by: Federico Motta <federico@willer.it>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Federico Motta
|
e4cd53c650 |
block, bfq: improve asymmetric scenarios detection
commit 2d29c9f89fcd9bf408fcdaaf515c90a169f22ecd upstream. bfq defines as asymmetric a scenario where an active entity, say E (representing either a single bfq_queue or a group of other entities), has a higher weight than some other entities. If the entity E does sync I/O in such a scenario, then bfq plugs the dispatch of the I/O of the other entities in the following situation: E is in service but temporarily has no pending I/O request. In fact, without this plugging, all the times that E stops being temporarily idle, it may find the internal queues of the storage device already filled with an out-of-control number of extra requests, from other entities. So E may have to wait for the service of these extra requests, before finally having its own requests served. This may easily break service guarantees, with E getting less than its fair share of the device throughput. Usually, the end result is that E gets the same fraction of the throughput as the other entities, instead of getting more, according to its higher weight. Yet there are two other more subtle cases where E, even if its weight is actually equal to or even lower than the weight of any other active entities, may get less than its fair share of the throughput in case the above I/O plugging is not performed: 1. other entities issue larger requests than E; 2. other entities contain more active child entities than E (or in general tend to have more backlog than E). In the first case, other entities may get more service than E because they get larger requests, than those of E, served during the temporary idle periods of E. In the second case, other entities get more service because, by having many child entities, they have many requests ready for dispatching while E is temporarily idle. This commit addresses this issue by extending the definition of asymmetric scenario: a scenario is asymmetric when - active entities representing bfq_queues have differentiated weights, as in the original definition or (inclusive) - one or more entities representing groups of entities are active. This broader definition makes sure that I/O plugging will be performed in all the above cases, provided that there is at least one active group. Of course, this definition is very coarse, so it will trigger I/O plugging also in cases where it is not needed, such as, e.g., multiple active entities with just one child each, and all with the same I/O-request size. The reason for this coarse definition is just that a finer-grained definition would be rather heavy to compute. On the opposite end, even this new definition does not trigger I/O plugging in all cases where there is no active group, and all bfq_queues have the same weight. So, in these cases some unfairness may occur if there are asymmetries in I/O-request sizes. We made this choice because I/O plugging may lower throughput, and probably a user that has not created any group cares more about throughput than about perfect fairness. At any rate, as for possible applications that may care about service guarantees, bfq already guarantees a high responsiveness and a low latency to soft real-time applications automatically. Signed-off-by: Federico Motta <federico@willer.it> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Yu Kuai <yukuai3@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jens Axboe
|
9676ed4dd1 |
Revert "block, bfq: honor already-setup queue merges"
[ Upstream commit ebc69e897e17373fbe1daaff1debaa77583a5284 ] This reverts commit 2d52c58b9c9bdae0ca3df6a1eab5745ab3f7d80b. We have had several folks complain that this causes hangs for them, which is especially problematic as the commit has also hit stable already. As no resolution seems to be forthcoming right now, revert the patch. Link: https://bugzilla.kernel.org/show_bug.cgi?id=214503 Fixes: 2d52c58b9c9b ("block, bfq: honor already-setup queue merges") Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Paolo Valente
|
2c1b184835 |
block, bfq: honor already-setup queue merges
[ Upstream commit 2d52c58b9c9bdae0ca3df6a1eab5745ab3f7d80b ] The function bfq_setup_merge prepares the merging between two bfq_queues, say bfqq and new_bfqq. To this goal, it assigns bfqq->new_bfqq = new_bfqq. Then, each time some I/O for bfqq arrives, the process that generated that I/O is disassociated from bfqq and associated with new_bfqq (merging is actually a redirection). In this respect, bfq_setup_merge increases new_bfqq->ref in advance, adding the number of processes that are expected to be associated with new_bfqq. Unfortunately, the stable-merging mechanism interferes with this setup. After bfqq->new_bfqq has been set by bfq_setup_merge, and before all the expected processes have been associated with bfqq->new_bfqq, bfqq may happen to be stably merged with a different queue than the current bfqq->new_bfqq. In this case, bfqq->new_bfqq gets changed. So, some of the processes that have been already accounted for in the ref counter of the previous new_bfqq will not be associated with that queue. This creates an unbalance, because those references will never be decremented. This commit fixes this issue by reestablishing the previous, natural behaviour: once bfqq->new_bfqq has been set, it will not be changed until all expected redirections have occurred. Signed-off-by: Davide Zini <davidezini2@gmail.com> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Link: https://lore.kernel.org/r/20210802141352.74353-2-paolo.valente@linaro.org Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Damien Le Moal
|
35a276f173 |
block: bfq: fix bfq_set_next_ioprio_data()
commit a680dd72ec336b81511e3bff48efac6dbfa563e7 upstream.
For a request that has a priority level equal to or larger than
IOPRIO_BE_NR, bfq_set_next_ioprio_data() prints a critical warning but
defaults to setting the request new_ioprio field to IOPRIO_BE_NR. This
is not consistent with the warning and the allowed values for priority
levels. Fix this by setting the request new_ioprio field to
IOPRIO_BE_NR - 1, the lowest priority level allowed.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Yufen Yu
|
19a845e19d |
bdi: use bdi_dev_name() to get device name
[ Upstream commit d51cfc53ade3189455a1b88ec7a2ff0c24597cf8 ] Use the common interface bdi_dev_name() to get device name. Signed-off-by: Yufen Yu <yuyufen@huawei.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Add missing <linux/backing-dev.h> include BFQ Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jan Kara
|
904e295323 |
bfq: Avoid false bfq queue merging
commit 41e76c85660c022c6bf5713bfb6c21e64a487cec upstream.
bfq_setup_cooperator() uses bfqd->in_serv_last_pos so detect whether it
makes sense to merge current bfq queue with the in-service queue.
However if the in-service queue is freshly scheduled and didn't dispatch
any requests yet, bfqd->in_serv_last_pos is stale and contains value
from the previously scheduled bfq queue which can thus result in a bogus
decision that the two queues should be merged. This bug can be observed
for example with the following fio jobfile:
[global]
direct=0
ioengine=sync
invalidate=1
size=1g
rw=read
[reader]
numjobs=4
directory=/mnt
where the 4 processes will end up in the one shared bfq queue although
they do IO to physically very distant files (for some reason I was able to
observe this only with slice_idle=1ms setting).
Fix the problem by invalidating bfqd->in_serv_last_pos when switching
in-service queue.
Fixes: 058fdecc6de7 ("block, bfq: fix in-service-queue check for queue merging")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Acked-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Lin Feng
|
c869f17315 |
bfq-iosched: Revert "bfq: Fix computation of shallow depth"
[ Upstream commit 388c705b95f23f317fa43e6abf9ff07b583b721a ]
This reverts commit 6d4d273588378c65915acaf7b2ee74e9dd9c130a.
bfq.limit_depth passes word_depths[] as shallow_depth down to sbitmap core
sbitmap_get_shallow, which uses just the number to limit the scan depth of
each bitmap word, formula:
scan_percentage_for_each_word = shallow_depth / (1 << sbimap->shift) * 100%
That means the comments's percentiles 50%, 75%, 18%, 37% of bfq are correct.
But after commit patch 'bfq: Fix computation of shallow depth', we use
sbitmap.depth instead, as a example in following case:
sbitmap.depth = 256, map_nr = 4, shift = 6; sbitmap_word.depth = 64.
The resulsts of computed bfqd->word_depths[] are {128, 192, 48, 96}, and
three of the numbers exceed core dirver's 'sbitmap_word.depth=64' limit
nothing.
Signed-off-by: Lin Feng <linf@wangsu.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Jan Kara
|
9f8b5931be |
bfq: Fix computation of shallow depth
[ Upstream commit 6d4d273588378c65915acaf7b2ee74e9dd9c130a ] BFQ computes number of tags it allows to be allocated for each request type based on tag bitmap. However it uses 1 << bitmap.shift as number of available tags which is wrong. 'shift' is just an internal bitmap value containing logarithm of how many bits bitmap uses in each bitmap word. Thus number of tags allowed for some request types can be far to low. Use proper bitmap.depth which has the number of tags instead. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Zhiqiang Liu
|
d999063be0 |
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
[ Upstream commit 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 ]
In bfq_idle_slice_timer func, bfqq = bfqd->in_service_queue is
not in bfqd-lock critical section. The bfqq, which is not
equal to NULL in bfq_idle_slice_timer, may be freed after passing
to bfq_idle_slice_timer_body. So we will access the freed memory.
In addition, considering the bfqq may be in race, we should
firstly check whether bfqq is in service before doing something
on it in bfq_idle_slice_timer_body func. If the bfqq in race is
not in service, it means the bfqq has been expired through
__bfq_bfqq_expire func, and wait_request flags has been cleared in
__bfq_bfqd_reset_in_service func. So we do not need to re-clear the
wait_request of bfqq which is not in service.
KASAN log is given as follows:
[13058.354613] ==================================================================
[13058.354640] BUG: KASAN: use-after-free in bfq_idle_slice_timer+0xac/0x290
[13058.354644] Read of size 8 at addr ffffa02cf3e63f78 by task fork13/19767
[13058.354646]
[13058.354655] CPU: 96 PID: 19767 Comm: fork13
[13058.354661] Call trace:
[13058.354667] dump_backtrace+0x0/0x310
[13058.354672] show_stack+0x28/0x38
[13058.354681] dump_stack+0xd8/0x108
[13058.354687] print_address_description+0x68/0x2d0
[13058.354690] kasan_report+0x124/0x2e0
[13058.354697] __asan_load8+0x88/0xb0
[13058.354702] bfq_idle_slice_timer+0xac/0x290
[13058.354707] __hrtimer_run_queues+0x298/0x8b8
[13058.354710] hrtimer_interrupt+0x1b8/0x678
[13058.354716] arch_timer_handler_phys+0x4c/0x78
[13058.354722] handle_percpu_devid_irq+0xf0/0x558
[13058.354731] generic_handle_irq+0x50/0x70
[13058.354735] __handle_domain_irq+0x94/0x110
[13058.354739] gic_handle_irq+0x8c/0x1b0
[13058.354742] el1_irq+0xb8/0x140
[13058.354748] do_wp_page+0x260/0xe28
[13058.354752] __handle_mm_fault+0x8ec/0x9b0
[13058.354756] handle_mm_fault+0x280/0x460
[13058.354762] do_page_fault+0x3ec/0x890
[13058.354765] do_mem_abort+0xc0/0x1b0
[13058.354768] el0_da+0x24/0x28
[13058.354770]
[13058.354773] Allocated by task 19731:
[13058.354780] kasan_kmalloc+0xe0/0x190
[13058.354784] kasan_slab_alloc+0x14/0x20
[13058.354788] kmem_cache_alloc_node+0x130/0x440
[13058.354793] bfq_get_queue+0x138/0x858
[13058.354797] bfq_get_bfqq_handle_split+0xd4/0x328
[13058.354801] bfq_init_rq+0x1f4/0x1180
[13058.354806] bfq_insert_requests+0x264/0x1c98
[13058.354811] blk_mq_sched_insert_requests+0x1c4/0x488
[13058.354818] blk_mq_flush_plug_list+0x2d4/0x6e0
[13058.354826] blk_flush_plug_list+0x230/0x548
[13058.354830] blk_finish_plug+0x60/0x80
[13058.354838] read_pages+0xec/0x2c0
[13058.354842] __do_page_cache_readahead+0x374/0x438
[13058.354846] ondemand_readahead+0x24c/0x6b0
[13058.354851] page_cache_sync_readahead+0x17c/0x2f8
[13058.354858] generic_file_buffered_read+0x588/0xc58
[13058.354862] generic_file_read_iter+0x1b4/0x278
[13058.354965] ext4_file_read_iter+0xa8/0x1d8 [ext4]
[13058.354972] __vfs_read+0x238/0x320
[13058.354976] vfs_read+0xbc/0x1c0
[13058.354980] ksys_read+0xdc/0x1b8
[13058.354984] __arm64_sys_read+0x50/0x60
[13058.354990] el0_svc_common+0xb4/0x1d8
[13058.354994] el0_svc_handler+0x50/0xa8
[13058.354998] el0_svc+0x8/0xc
[13058.354999]
[13058.355001] Freed by task 19731:
[13058.355007] __kasan_slab_free+0x120/0x228
[13058.355010] kasan_slab_free+0x10/0x18
[13058.355014] kmem_cache_free+0x288/0x3f0
[13058.355018] bfq_put_queue+0x134/0x208
[13058.355022] bfq_exit_icq_bfqq+0x164/0x348
[13058.355026] bfq_exit_icq+0x28/0x40
[13058.355030] ioc_exit_icq+0xa0/0x150
[13058.355035] put_io_context_active+0x250/0x438
[13058.355038] exit_io_context+0xd0/0x138
[13058.355045] do_exit+0x734/0xc58
[13058.355050] do_group_exit+0x78/0x220
[13058.355054] __wake_up_parent+0x0/0x50
[13058.355058] el0_svc_common+0xb4/0x1d8
[13058.355062] el0_svc_handler+0x50/0xa8
[13058.355066] el0_svc+0x8/0xc
[13058.355067]
[13058.355071] The buggy address belongs to the object at ffffa02cf3e63e70#012 which belongs to the cache bfq_queue of size 464
[13058.355075] The buggy address is located 264 bytes inside of#012 464-byte region [ffffa02cf3e63e70, ffffa02cf3e64040)
[13058.355077] The buggy address belongs to the page:
[13058.355083] page:ffff7e80b3cf9800 count:1 mapcount:0 mapping:ffff802db5c90780 index:0xffffa02cf3e606f0 compound_mapcount: 0
[13058.366175] flags: 0x2ffffe0000008100(slab|head)
[13058.370781] raw: 2ffffe0000008100 ffff7e80b53b1408 ffffa02d730c1c90 ffff802db5c90780
[13058.370787] raw: ffffa02cf3e606f0 0000000000370023 00000001ffffffff 0000000000000000
[13058.370789] page dumped because: kasan: bad access detected
[13058.370791]
[13058.370792] Memory state around the buggy address:
[13058.370797] ffffa02cf3e63e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[13058.370801] ffffa02cf3e63e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[13058.370805] >ffffa02cf3e63f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[13058.370808] ^
[13058.370811] ffffa02cf3e63f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[13058.370815] ffffa02cf3e64000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[13058.370817] ==================================================================
[13058.370820] Disabling lock debugging due to kernel taint
Here, we directly pass the bfqd to bfq_idle_slice_timer_body func.
--
V2->V3: rewrite the comment as suggested by Paolo Valente
V1->V2: add one comment, and add Fixes and Reported-by tag.
Fixes:
|
||
Pradeep P V K
|
95bd93f330 |
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
In bfq_idle_slice_timer func, bfqq = bfqd->in_service_queue is not in bfqd-lock critical section. The bfqq, which is not equal to NULL in bfq_idle_slice_timer, may be freed after passing to bfq_idle_slice_timer_body. So we will access the freed memory. In addition, considering the bfqq may be in race, we should firstly check whether bfqq is in service before doing something on it in bfq_idle_slice_timer_body func. If the bfqq in race is not in service, it means the bfqq has been expired through __bfq_bfqq_expire func, and wait_request flags has been cleared in __bfq_bfqd_reset_in_service func. So we do not need to re-clear the wait_request of bfqq which is not in service. KASAN log is given as follows: [13058.354613] ============================================================== [13058.354640] BUG: KASAN: use-after-free in bfq_idle_slice_timer+0xac/0x290 [13058.354644] Read of size 8 at addr ffffa02cf3e63f78 by task fork13/19767 [13058.354646] [13058.354655] CPU: 96 PID: 19767 Comm: fork13 [13058.354661] Call trace: [13058.354667] dump_backtrace+0x0/0x310 [13058.354672] show_stack+0x28/0x38 [13058.354681] dump_stack+0xd8/0x108 [13058.354687] print_address_description+0x68/0x2d0 [13058.354690] kasan_report+0x124/0x2e0 [13058.354697] __asan_load8+0x88/0xb0 [13058.354702] bfq_idle_slice_timer+0xac/0x290 [13058.354707] __hrtimer_run_queues+0x298/0x8b8 [13058.354710] hrtimer_interrupt+0x1b8/0x678 [13058.354716] arch_timer_handler_phys+0x4c/0x78 [13058.354722] handle_percpu_devid_irq+0xf0/0x558 [13058.354731] generic_handle_irq+0x50/0x70 [13058.354735] __handle_domain_irq+0x94/0x110 [13058.354739] gic_handle_irq+0x8c/0x1b0 [13058.354742] el1_irq+0xb8/0x140 [13058.354748] do_wp_page+0x260/0xe28 [13058.354752] __handle_mm_fault+0x8ec/0x9b0 [13058.354756] handle_mm_fault+0x280/0x460 [13058.354762] do_page_fault+0x3ec/0x890 [13058.354765] do_mem_abort+0xc0/0x1b0 [13058.354768] el0_da+0x24/0x28 [13058.354770] [13058.354773] Allocated by task 19731: [13058.354780] kasan_kmalloc+0xe0/0x190 [13058.354784] kasan_slab_alloc+0x14/0x20 [13058.354788] kmem_cache_alloc_node+0x130/0x440 [13058.354793] bfq_get_queue+0x138/0x858 [13058.354797] bfq_get_bfqq_handle_split+0xd4/0x328 [13058.354801] bfq_init_rq+0x1f4/0x1180 [13058.354806] bfq_insert_requests+0x264/0x1c98 [13058.354811] blk_mq_sched_insert_requests+0x1c4/0x488 [13058.354818] blk_mq_flush_plug_list+0x2d4/0x6e0 [13058.354826] blk_flush_plug_list+0x230/0x548 [13058.354830] blk_finish_plug+0x60/0x80 [13058.354838] read_pages+0xec/0x2c0 [13058.354842] __do_page_cache_readahead+0x374/0x438 [13058.354846] ondemand_readahead+0x24c/0x6b0 [13058.354851] page_cache_sync_readahead+0x17c/0x2f8 [13058.354858] generic_file_buffered_read+0x588/0xc58 [13058.354862] generic_file_read_iter+0x1b4/0x278 [13058.354965] ext4_file_read_iter+0xa8/0x1d8 [ext4] [13058.354972] __vfs_read+0x238/0x320 [13058.354976] vfs_read+0xbc/0x1c0 [13058.354980] ksys_read+0xdc/0x1b8 [13058.354984] __arm64_sys_read+0x50/0x60 [13058.354990] el0_svc_common+0xb4/0x1d8 [13058.354994] el0_svc_handler+0x50/0xa8 [13058.354998] el0_svc+0x8/0xc [13058.354999] [13058.355001] Freed by task 19731: [13058.355007] __kasan_slab_free+0x120/0x228 [13058.355010] kasan_slab_free+0x10/0x18 [13058.355014] kmem_cache_free+0x288/0x3f0 [13058.355018] bfq_put_queue+0x134/0x208 [13058.355022] bfq_exit_icq_bfqq+0x164/0x348 [13058.355026] bfq_exit_icq+0x28/0x40 [13058.355030] ioc_exit_icq+0xa0/0x150 [13058.355035] put_io_context_active+0x250/0x438 [13058.355038] exit_io_context+0xd0/0x138 [13058.355045] do_exit+0x734/0xc58 [13058.355050] do_group_exit+0x78/0x220 [13058.355054] __wake_up_parent+0x0/0x50 [13058.355058] el0_svc_common+0xb4/0x1d8 [13058.355062] el0_svc_handler+0x50/0xa8 [13058.355066] el0_svc+0x8/0xc. Change-Id: I510c704a6f2324741d70db33f0350e14642fe92f Acked-by: Paolo Valente <paolo.valente@linaro.org> Reported-by: Wang Wang <wangwang2@huawei.com> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> Signed-off-by: Feilong Lin <linfeilong@huawei.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Git-commit: 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block Signed-off-by: Pradeep P V K <ppvk@codeaurora.org> |
||
Ivaylo Georgiev
|
6a2f759853 |
Merge android-4.19-q.85 (8e36d3d) into msm-4.19
* refs/heads/tmp-8e36d3d: Documentation: devicetree: Remove unimac-mdio bindings from kernel Revert "media: dt-bindings: adv748x: Fix decimal unit addresses" Linux 4.19.85 slcan: Fix memory leak in error path memfd: Use radix_tree_deref_slot_protected to avoid the warning. net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused s390/vdso: correct vdso mapping for compat tasks media: ov2680: fix null dereference at power on IB/iser: Fix possible NULL deref at iser_inv_desc() fuse: use READ_ONCE on congestion_threshold and max_background usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear usb: xhci-mtk: fix ISOC error when interval is zero netfilter: masquerade: don't flush all conntracks if only one address deleted on device rtc: armada38x: fix possible race condition rtc: tx4939: fixup nvmem name and register size rtc: isl1208: avoid possible sysfs race ARM: dts: lpc32xx: Fix SPI controller node names arm64: dts: lg: Fix SPI controller node names arm64: dts: amd: Fix SPI bus warnings scsi: NCR5380: Check for bus reset scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Clear all unissued commands on host reset iwlwifi: mvm: Allow TKIP for AP mode iwlwifi: mvm: use correct FIFO length iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN iwlwifi: pcie: gen2: build A-MSDU only for GSO iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: pcie: read correct prph address for newer devices iwlwifi: fix non_shared_ant for 22000 devices iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump crypto: fix a memory leak in rsa-kcs1pad's encryption mode crypto: s5p-sss: Fix Fix argument list alignment crypto: s5p-sss: Fix race in error handling x86/hyperv: Suppress "PCI: Fatal: No config space access function found" Bluetooth: btrsi: fix bt tx timeout issue Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races firmware: dell_rbu: Make payload memory uncachable ARM: dts: realview: Fix SPI controller node names EDAC: Raise the maximum number of memory controllers RDMA: Fix dependencies for rdma_user_mmap_io f2fs: mark inode dirty explicitly in recover_inode() f2fs: fix to recover inode's project id during POR f2fs: update i_size after DIO completion PCI/ERR: Run error recovery callbacks for all affected devices net: faraday: fix return type of ndo_start_xmit function net: smsc: fix return type of ndo_start_xmit function ARM: dts: paz00: fix wakeup gpio keycode ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: dts: tegra20: restore address order ARM: dts: tegra30: fix xcvr-setup-use-fuses arm64: tegra: I2C on Tegra194 is not compatible with Tegra114 ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string arm64: dts: fsl: Fix I2C and SPI bus warnings phy: lantiq: Fix compile warning f2fs: fix remount problem of option io_bits scsi: libsas: always unregister the old device if going to discover new iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs vfio/pci: Mask buggy SR-IOV VF INTx support vfio/pci: Fix potential memory leak in vfio_msi_cap_len vmbus: keep pointer to ring buffer page misc: genwqe: should return proper error value. misc: kgdbts: Fix restrict error silmbus: ngd: register controller after power up. slimbus: ngd: return proper error code instead of zero slimbus: ngd: register ngd driver only once. coresight: dynamic-replicator: Handle multiple connections coresight: tmc: Fix byte-address alignment for RRP coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc-etr: Handle driver mode specific ETR buffers coresight: perf: Disable trace path upon source error coresight: perf: Fix per cpu path management coresight: Fix handling of sinks coresight: Use ERR_CAST instead of ERR_PTR usb: gadget: uvc: Only halt video streaming endpoint in bulk mode usb: gadget: uvc: Factor out video USB request queueing ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point phy: phy-twl4030-usb: fix denied runtime access phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws gpiolib: Fix gpio_direction_* for single direction GPIOs i2c: aspeed: fix invalid clock parameters for very large divisors ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks usb: gadget: uvc: configfs: Sort frame intervals upon writing usb: gadget: uvc: configfs: Prevent format changes after linking header usb: gadget: uvc: configfs: Drop leaked references to config items ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock media: davinci: Fix implicit enum conversion warning media: au0828: Fix incorrect error messages media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: imx: work around false-positive warning, again mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement arm64: dts: rockchip: Fix microSD in rk3399 sapphire board MIPS: kexec: Relax memory restriction EDAC: Correct DIMM capacity unit symbol x86/CPU: Change query logic so CPUID is enabled before testing x86/CPU: Use correct macros for Cyrix calls net: freescale: fix return type of ndo_start_xmit function net: micrel: fix return type of ndo_start_xmit function net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider samples/bpf: fix compilation failure PCI/ERR: Use slot reset if available PCI/AER: Don't read upstream ports below fatal errors PCI/AER: Take reference on error devices bnx2x: Ignore bandwidth attention in single function mode ARM: dts: stm32: Fix SPI controller node names ARM: dts: clearfog: fix sdhci supply property name ARM: dts: stm32: enable display on stm32mp157c-ev1 board x86/mce-inject: Reset injection struct after injection ARM: dts: marvell: Fix SPI and I2C bus warnings crypto: arm/crc32 - avoid warning when compiling with Clang cpufeature: avoid warning when compiling with clang crypto: chacha20 - Fix chacha20_block() keystream alignment (again) spi: pic32: Use proper enum in dmaengine_prep_slave_rg ARM: dts: ste: Fix SPI controller node names ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ux500: Correct SCU unit address f2fs: fix to recover inode's uid/gid during POR f2fs: avoid infinite loop in f2fs_alloc_nid ARM: dts: ti: Fix SPI and I2C bus warnings ARM: dts: am335x-evm: fix number of cpsw PCI: portdrv: Initialize service drivers directly mlxsw: spectrum: Init shaper for TCs 8..15 brcmsmac: Use kvmalloc() for ucode allocations brcmfmac: increase buffer for obtaining firmware capabilities s390/vdso: correct CFI annotations of vDSO functions s390/vdso: avoid 64-bit vdso mapping for compat tasks s390/zcrypt: enable AP bus scan without a valid default domain usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT usb: chipidea: Fix otg event handler usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started nfp: provide a better warning when ring allocation fails net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() net: hns3: Fix client initialize state issue when roce client initialize failed net: hns3: Clear client pointer when initialize client failed or unintialize finished net: hns3: Fix cmdq registers initialization issue for vf net: hns3: Fix for setting speed for phy failed problem net: sun: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: toshiba: fix return type of ndo_start_xmit function net: marvell: fix return type of ndo_start_xmit function net: mvpp2: fix the number of queues per cpu for PPv2.2 power: supply: twl4030_charger: disable eoc interrupt on linear charge power: supply: twl4030_charger: fix charging current out-of-bounds libfdt: Ensure INT_MAX is defined in libfdt_env.h of/unittest: Fix I2C bus unit-address error OPP: Protect dev_list with opp_table lock ARM: dts: atmel: Fix I2C and SPI bus warnings RDMA/i40iw: Fix incorrect iterator type powerpc: Fix duplicate const clang warning in user access code powerpc/pseries: Disable CPU hotplug across migrations powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request powerpc/64s/hash: Fix stab_rr off by one initialization selftests/powerpc: Do not fail with reschedule powerpc/iommu: Avoid derefence before pointer check net: ibm: fix return type of ndo_start_xmit function net: cavium: fix return type of ndo_start_xmit function net: hns3: fix return type of ndo_start_xmit function ipmi: fix return value of ipmi_set_my_LUN ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address ipmi_si: fix potential integer overflow on large shift ipmi_si_pci: fix NULL device in ipmi_si error message ASoC: rt5682: Fix the boost volume at the begining of playback spi: mediatek: Don't modify spi_transfer when transfer. spi/bcm63xx-hsspi: keep pll clk enabled samples/bpf: fix a compilation failure arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2 tty: serial: qcom_geni_serial: Fix serial when not used as console serial: mxs-auart: Fix potential infinite loop serial: samsung: Enable baud clock for UART reset procedure in resume serial: uartps: Fix suspend functionality ARM: dts: xilinx: Fix I2C and SPI bus warnings PCI: mediatek: Fix unchecked return value net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() PCI/ACPI: Correct error message for ASPM disabling media: ov2680: don't register the v4l2 subdevice before checking chip ID media: vsp1: Fix YCbCr planar formats pitch calculation media: vsp1: Fix vsp1_regs.h license header s390/qeth: invoke softirqs after napi_schedule() s390/qeth: uninstall IRQ handler on device removal ath9k: Fix a locking bug in ath9k_add_interface() netfilter: nf_tables: avoid BUG_ON usage ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init ip_gre: fix parsing gre header in ipgre_err kernfs: Fix range checks in kernfs_get_target_path component: fix loop condition to call unbind() if bind() fails power: supply: max8998-charger: Fix platform data retrieval power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: ab8500_fg: silence uninitialized variable warnings arm64: dts: meson: Fix erroneous SPI bus warnings blok, bfq: do not plug I/O if all queues are weight-raised block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash arm64: fix for bad_mode() handler to always result in panic cxgb4: Fix endianness issue in t4_fwcache() android: binder: no outgoing transaction when thread todo has transaction ARM: dts: sun9i: Fix I2C bus warnings pinctrl: at91: don't use the same irqchip with multiple gpiochips ARM: dts: sunxi: Fix I2C bus warnings ARM: dts: socfpga: Fix I2C bus unit-address error powerpc/vdso: Correct call frame information ARM: dts: aspeed: Fix I2C bus warnings ARM: dts: bcm: Fix SPI bus warnings arm64: dts: broadcom: Fix I2C and SPI bus warnings drivers: qcom: rpmh-rsc: clear wait_for_compl after use soc: qcom: apr: Avoid string overflow soc: qcom: wcnss_ctrl: Avoid string overflow soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value llc: avoid blocking in llc_sap_close() pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1 arm64: dts: renesas: r8a77965: Fix HS-USB compatible arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses ALSA: intel8x0m: Register irq handler after register initializations arm64: dts: meson-axg: use the proper compatible for ethmac arm64: dts: meson: libretech: update board model net: bcmgenet: Fix speed selection for reverse MII media: dvb: fix compat ioctl translation media: fix: media: pci: meye: validate offset to avoid arbitrary access ALSA: hda: Fix implicit definition of pci_iomap() on SH media: dt-bindings: adv748x: Fix decimal unit addresses nvmem: core: return error code instead of NULL from nvmem_device_get Drivers: hv: vmbus: Fix synic per-cpu context initialization net: aquantia: fix hw_atl_utils_fw_upload_dwords kprobes: Don't call BUG_ON() if there is a kprobe in use on free list scsi: pm80xx: Fixed system hang issue during kexec boot scsi: pm80xx: Corrected dma_unmap_sg() parameter ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() scsi: lpfc: Fix errors in log messages. scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN scsi: qla2xxx: Fix duplicate switch's Nport ID entries scsi: qla2xxx: Fix dropped srb resource. scsi: qla2xxx: Fix port speed display on chip reset scsi: qla2xxx: Check for Register disconnect scsi: qla2xxx: Increase abort timeout value scsi: qla2xxx: Fix deadlock between ATIO and HW lock scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Use correct qpair for ABTS/CMD f2fs: fix setattr project check upon fssetxattr ioctl f2fs: fix memory leak of percpu counter in fill_super() f2fs: fix memory leak of write_io in fill_super() signal: Properly deliver SIGSEGV from x86 uprobes signal: Properly deliver SIGILL from uprobes signal: Always ignore SIGKILL and SIGSTOP sent to the global init IB/hfi1: Missing return value in error path for user sdma RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table() dmaengine: at_xdmac: remove a stray bottom half unlock ath9k: add back support for using active monitor interfaces for tx99 rtc: pl030: fix possible race condition rtc: mt6397: fix possible race condition EDAC, sb_edac: Return early on ADDRV bit and address type test dmaengine: dma-jz4780: Further residue status fix dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 usb: mtu3: disable vbus rise/fall interrupts of ltssm ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings sched/debug: Use symbolic names for task state constants sched/debug: Explicitly cast sched_feat() to bool failover: Fix error return code in net_failover_create f2fs: submit bio after shutdown ARM: dts: omap3-gta04: keep vpll2 always on ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation ASoC: dapm: Avoid uninitialised variable warning udf: Fix crash during mount mips: txx9: fix iounmap related issue RDMA/core: Follow correct unregister order between sysfs and cgroup RDMA/core: Rate limit MAD error messages IB/ipoib: Ensure that MTU isn't less than minimum permitted IB/mlx5: Don't hold spin lock while checking device state i2c: mediatek: Use DMA safe buffers for i2c transactions ath10k: wmi: disable softirq's while calling ieee80211_rx ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: avoid possible memory access violation ASoC: sgtl5000: avoid division by zero if lo_vag is zero rtnetlink: move type calculation out of loop net: lan78xx: Bail out if lan78xx_get_endpoints fails f2fs: avoid wrong decrypted data from disk cfg80211: validate wmm rule when setting mac80211: fix saving a few HE values qxl: fix null-pointer crash during suspend IB/mlx5: Change TX affinity assignment in RoCE LAG mode mtd: rawnand: qcom: don't include dma-direct.h mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions mtd: rawnand: fsl_ifc: check result of SRAM initialization mtd: rawnand: marvell: use regmap_update_bits() for syscon access ARM: dts: meson8b: fix the clock controller register size ARM: dts: meson8: fix the clock controller register size net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 net: phy: mscc: read 'vsc8531,vddmac' as an u32 net/mlx5: Fix atomic_mode enum values net: hns3: Change the dst mac addr of loopback packet net: hns3: Fix for loopback selftest failed problem net: hns3: Fix error of checking used vlan id net: hns3: Fix for multicast failure ASoC: rsnd: ssi: Fix issue in dma data address assignment soc: imx: gpc: fix PDN delay mt76: Fix comparisons with invalid hardware key index brcmfmac: fix wrong strnchr usage mwifex: free rx_cmd skb in suspended state mwifiex: do no submit URB in suspended state rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument ARM: dts: pxa: fix power i2c base address ARM: dts: pxa: fix the rtc controller media: ov772x: Disable clk on error path media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers media: vicodec: fix out-of-range values when decoding iwlwifi: mvm: avoid sending too many BARs iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: drop packets with bad status in CD IB/rxe: fixes for rdma read retry IB/rxe: avoid back-to-back retries i40e: Prevent deleting MAC address from VF when set by PF i40evf: cancel workqueue sync for adminq when a VF is removed i40e: hold the rtnl lock on clearing interrupt scheme i40evf: Don't enable vlan stripping when rx offload is turned on i40e: Check and correct speed values for link on open i40evf: set IFF_UNICAST_FLT flag for the VF i40e: use correct length for strncpy i40evf: Validate the number of queues a PF sends ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks arm64: dts: stratix10: i2c clock running out of spec liquidio: fix race condition in instruction completion processing ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 pinctrl: ingenic: Probe driver at subsys_initcall ASoC: AMD: Change MCLK to 48Mhz ASoC: meson: axg-fifo: report interrupt request failure ASoC: dpcm: Properly initialise hw->rate_max ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl ice: Fix and update driver version string gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ice: Prevent control queue operations during reset ice: Update request resource command to latest specification ath10k: limit available channels via DT ieee80211-freq-limit wil6210: fix invalid memory access for rx_buff_mgmt debugfs wil6210: prevent usage of tx ring 0 for eDMA wil6210: set edma variables only for Talyn-MB devices wil6210: drop Rx multicast packets that are looped-back to STA ath9k: fix tx99 with monitor mode interface ath10k: skip resetting rx filter for WCN3990 ALSA: seq: Do error checks at creating system ports cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set extcon: cht-wc: Return from default case to avoid warnings remoteproc/davinci: Use %zx for formating size_t rtc: rv8803: fix the rv8803 id in the OF table rtc: sysfs: fix NULL check in rtc_add_groups() ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 ARM: dts: rcar: Correct SATA device sizes to 2 MiB y2038: make do_gettimeofday() and get_seconds() inline arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply soc/tegra: pmc: Fix pad voltage configuration for Tegra186 ALSA: pcm: signedness bug in snd_pcm_plug_alloc() arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node soundwire: intel: Fix uninitialized adev deref soundwire: Initialize completion for defer messages clk: sunxi-ng: h6: fix PWM gate/reset offset iio: dac: mcp4922: fix error handling in mcp4922_write_raw ath10k: fix kernel panic by moving pci flush after napi_disable tee: optee: take DT status property into account iio: adc: max9611: explicitly cast gain_selectors mmc: sdhci-of-at91: fix quirk2 overwrite mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: mempolicy: fix the wrong return value and potential pages leak of mbind iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros net: ethernet: dwmac-sun8i: Use the correct function in exit path ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present IB/hfi1: Use a common pad buffer for 9B and 16B packets IB/hfi1: Ensure full Gen3 speed in a Gen4 system Input: synaptics-rmi4 - destroy F54 poller workqueue when removing Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - fix video buffer size Input: ff-memless - kill timer in destroy() Btrfs: fix log context list corruption after rename exchange operation ALSA: usb-audio: Fix incorrect size check for processing/extension units ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() ALSA: usb-audio: not submit urb for stopped endpoint ALSA: usb-audio: Fix missing error check at mixer resolution test slip: Fix memory leak in slip_open error path net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules net: gemini: add missed free_netdev ipmr: Fix skb headroom in ipmr_get_route(). ax88172a: fix information leak on short answers scsi: core: Handle drivers which set sg_tablesize to zero MIPS: BCM63XX: fix switch core reset on BCM6368 KVM: x86: introduce is_pae_paging Conflicts: drivers/hwtracing/coresight/coresight-etm-perf.c drivers/hwtracing/coresight/coresight-tmc-etr.c drivers/hwtracing/coresight/coresight-tmc.h drivers/hwtracing/coresight/coresight.c drivers/net/wireless/ath/wil6210/pcie_bus.c drivers/net/wireless/ath/wil6210/txrx.c drivers/scsi/ufs/ufshcd.c drivers/slimbus/qcom-ngd-ctrl.c include/linux/libfdt_env.h Change-Id: Iba6cbaecffd0ef9fd94503df06397ca4cce9b4fb Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Paolo Valente
|
89f4d27c1b |
blok, bfq: do not plug I/O if all queues are weight-raised
[ Upstream commit c8765de0adfcaaf4ffb2d951e07444f00ffa9453 ] To reduce latency for interactive and soft real-time applications, bfq privileges the bfq_queues containing the I/O of these applications. These privileged queues, referred-to as weight-raised queues, get a much higher share of the device throughput w.r.t. non-privileged queues. To preserve this higher share, the I/O of any non-weight-raised queue must be plugged whenever a sync weight-raised queue, while being served, remains temporarily empty. To attain this goal, bfq simply plugs any I/O (from any queue), if a sync weight-raised queue remains empty while in service. Unfortunately, this plugging typically lowers throughput with random I/O, on devices with internal queueing (because it reduces the filling level of the internal queues of the device). This commit addresses this issue by restricting the cases where plugging is performed: if a sync weight-raised queue remains empty while in service, then I/O plugging is performed only if some of the active bfq_queues are *not* weight-raised (which is actually the only circumstance where plugging is needed to preserve the higher share of the throughput of weight-raised queues). This restriction proved able to boost throughput in really many use cases needing only maximum throughput. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Paolo Valente
|
6c9a79651b |
block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash
[ Upstream commit d0edc2473be9d70f999282e1ca7863ad6ae704dc ] The Achilles' heel of BFQ is its failing to reach a high throughput with sync random I/O on flash storage with internal queueing, in case the processes doing I/O have differentiated weights. The cause of this failure is as follows. If at least two processes do sync I/O, and have a different weight from each other, then BFQ plugs I/O dispatching every time one of these processes, while it is being served, remains temporarily without pending I/O requests. This plugging is necessary to guarantee that every process enjoys a bandwidth proportional to its weight; but it empties the internal queue(s) of the drive. And this kills throughput with random I/O. So, if some processes have differentiated weights and do both sync and random I/O, the end result is a throughput collapse. This commit tries to counter this problem by injecting the service of other processes, in a controlled way, while the process in service happens to have no I/O. This injection is performed only if the medium is non rotational and performs internal queueing, and the process in service does random I/O (service injection might be beneficial for sequential I/O too, we'll work on that). As an example of the benefits of this commit, on a PLEXTOR PX-256M5S SSD, and with five processes having differentiated weights and doing sync random 4KB I/O, this commit makes the throughput with bfq grow by 400%, from 25 to 100MB/s. This higher throughput is 10MB/s lower than that reached with none. As some less random I/O is added to the mix, the throughput becomes equal to or higher than that with none. This commit is a very first attempt to recover throughput without losing control, and certainly has many limitations. One is, e.g., that the processes whose service is injected are not chosen so as to distribute the extra bandwidth they receive in accordance to their weights. Thus there might be loss of weighted fairness in some cases. Anyway, this loss concerns extra service, which would not have been received at all without this commit. Other limitations and issues will probably show up with usage. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pradeep P V K
|
052084a6bc |
bfq-iosched: Make BFQ default to IOPS mode on SSDs
BFQ idling causes reduced IOPS throughput on non-rotational disks.
Since disk head seeking is not applicable to SSDs, it doesn't really
help performance by anticipating future near-by IO requests.
Idling due to anticipation of future near-by IO requests and wait on
completion of submitted requests, will also effect the other bfq-queues
by causing delay in their scheduling and there by effecting some time
bounded applications.
By turning off idling (and switching to IOPS mode), we allow other
processes(bfq-queues) to dispatch IO requests down to the driver and
so increase IO throughput.
Following FIO benchmark results were taken on a local SSD run:
RandomReads:
Idling iops avg-lat(us) stddev bw
----------------------------------------------------
On 4136 1189.07 17221.65 16.9MB/s
Off 7246 670.11 1054.76 29.7MB/s
fio --name=temp --size=5G --time_based --ioengine=sync \
--randrepeat=0 --direct=1 --invalidate=1 --verify=0 \
--verify_fatal=0 --rw=randread --blocksize=4k \
--group_reporting=1 --directory=/data --runtime=10 \
--iodepth=64 --numjobs=5
RandomWrites:
Idling iops avg-lat(us) stddev bw
---------------------------------------------------
On 1368 3631.38 28234.55 5.47MB/s
Off 4746 1024.61 12184.00 19.4MB/s
fio --name=temp --size=5G --time_based --ioengine=sync \
--randrepeat=0 --direct=1 --invalidate=1 --verify=0 \
--verify_fatal=0 --rw=randwrite --blocksize=4k \
--group_reporting=1 --directory=/data --runtime=10 \
--iodepth=64 --numjobs=5
Change-Id: I9e55eee03917a1ab07fbd3f04635ca1a6541b860
Signed-off-by: Pradeep P V K <ppvk@codeaurora.org>
|
||
qctecmdr
|
b978816fc1 | Merge "block: use current active bfqq to update statistics" | ||
|
Pradeep P V K
|
1852d0be8d |
block: use current active bfqq to update statistics
Use the current active bfq-queue to update bfq-group statitics. It could be possible that the current active serving bfq-queue can expire if the allocated time/budget for the queue got expired. During this time, it will select a new queue that to be served for its service tree. If there were no more queues to be served, then it will choose a next group of queues to be served from its group service tree. So, the selection of the new request from its new group and queue are updated via __bfq_dispatch_request() fn. As "in_serv_queue" variable is not updated again the group associated with "in_serv_queue" queue can be freed, if there were no more active queues. So, with picking in_serv_queue as active queue, and updating its group statistics one will see a kernel panic as below. [ 120.572960] Hardware name: Qualcomm Technologies, Inc. Lito MTP (DT) [ 120.572973] Workqueue: kblockd blk_mq_run_work_fn [ 120.572979] pstate: a0c00085 (NzCv daIf +PAN +UAO) [ 120.572987] pc : bfqg_stats_update_idle_time+0x14/0x50 [ 120.572992] lr : bfq_dispatch_request+0x398/0x948 [ 121.185249] Call trace: [ 121.187772] bfqg_stats_update_idle_time+0x14/0x50 [ 121.192700] bfq_dispatch_request+0x398/0x948 [ 121.197187] blk_mq_do_dispatch_sched+0x84/0x118 [ 121.198270] CPU7: update max cpu_capacity 1024 [ 121.206504] blk_mq_sched_dispatch_requests+0x130/0x190 [ 121.211873] __blk_mq_run_hw_queue+0xcc/0x148 [ 121.216359] blk_mq_run_work_fn+0x24/0x30 [ 121.220489] process_one_work+0x328/0x6b0 [ 121.224619] worker_thread+0x330/0x4d0 [ 121.228475] kthread+0x128/0x138 [ 121.231806] ret_from_fork+0x10/0x1c To avoid this, always use the current active bfq-queue, which is derived from the current active serving request. Change-Id: I51d5b9d2020da9f3a3a31378b06257463afd08eb Signed-off-by: Pradeep P V K <ppvk@codeaurora.org> |
||
|
Paolo Valente
|
7aa8dfa450 |
block, bfq: handle NULL return value by bfq_init_rq()
[ Upstream commit fd03177c33b287c6541f4048f1d67b7b45a1abc9 ] As reported in [1], the call bfq_init_rq(rq) may return NULL in case of OOM (in particular, if rq->elv.icq is NULL because memory allocation failed in failed in ioc_create_icq()). This commit handles this circumstance. [1] https://lkml.org/lkml/2019/7/22/824 Cc: Hsin-Yi Wang <hsinyi@google.com> Cc: Nicolas Boichat <drinkcat@chromium.org> Cc: Doug Anderson <dianders@chromium.org> Reported-by: Guenter Roeck <linux@roeck-us.net> Reported-by: Hsin-Yi Wang <hsinyi@google.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Douglas Anderson
|
018524b758 |
block, bfq: NULL out the bic when it's no longer valid
commit dbc3117d4ca9e17819ac73501e914b8422686750 upstream. In reboot tests on several devices we were seeing a "use after free" when slub_debug or KASAN was enabled. The kernel complained about: Unable to handle kernel paging request at virtual address 6b6b6c2b ...which is a classic sign of use after free under slub_debug. The stack crawl in kgdb looked like: 0 test_bit (addr=<optimized out>, nr=<optimized out>) 1 bfq_bfqq_busy (bfqq=<optimized out>) 2 bfq_select_queue (bfqd=<optimized out>) 3 __bfq_dispatch_request (hctx=<optimized out>) 4 bfq_dispatch_request (hctx=<optimized out>) 5 0xc056ef00 in blk_mq_do_dispatch_sched (hctx=0xed249440) 6 0xc056f728 in blk_mq_sched_dispatch_requests (hctx=0xed249440) 7 0xc0568d24 in __blk_mq_run_hw_queue (hctx=0xed249440) 8 0xc0568d94 in blk_mq_run_work_fn (work=<optimized out>) 9 0xc024c5c4 in process_one_work (worker=0xec6d4640, work=0xed249480) 10 0xc024cff4 in worker_thread (__worker=0xec6d4640) Digging in kgdb, it could be found that, though bfqq looked fine, bfqq->bic had been freed. Through further digging, I postulated that perhaps it is illegal to access a "bic" (AKA an "icq") after bfq_exit_icq() had been called because the "bic" can be freed at some point in time after this call is made. I confirmed that there certainly were cases where the exact crashing code path would access the "bic" after bfq_exit_icq() had been called. Sspecifically I set the "bfqq->bic" to (void *)0x7 and saw that the bic was 0x7 at the time of the crash. To understand a bit more about why this crash was fairly uncommon (I saw it only once in a few hundred reboots), you can see that much of the time bfq_exit_icq_fbqq() fully frees the bfqq and thus it can't access the ->bic anymore. The only case it doesn't is if bfq_put_queue() sees a reference still held. However, even in the case when bfqq isn't freed, the crash is still rare. Why? I tracked what happened to the "bic" after the exit routine. It doesn't get freed right away. Rather, put_io_context_active() eventually called put_io_context() which queued up freeing on a workqueue. The freeing then actually happened later than that through call_rcu(). Despite all these delays, some extra debugging showed that all the hoops could be jumped through in time and the memory could be freed causing the original crash. Phew! To make a long story short, assuming it truly is illegal to access an icq after the "exit_icq" callback is finished, this patch is needed. Cc: stable@vger.kernel.org Reviewed-by: Paolo Valente <paolo.valente@unimore.it> Signed-off-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Paolo Valente
|
b5a185ee30 |
block, bfq: increase idling for weight-raised queues
[ Upstream commit 778c02a236a8728bb992de10ed1f12c0be5b7b0e ] If a sync bfq_queue has a higher weight than some other queue, and remains temporarily empty while in service, then, to preserve the bandwidth share of the queue, it is necessary to plug I/O dispatching until a new request arrives for the queue. In addition, a timeout needs to be set, to avoid waiting for ever if the process associated with the queue has actually finished its I/O. Even with the above timeout, the device is however not fed with new I/O for a while, if the process has finished its I/O. If this happens often, then throughput drops and latencies grow. For this reason, the timeout is kept rather low: 8 ms is the current default. Unfortunately, such a low value may cause, on the opposite end, a violation of bandwidth guarantees for a process that happens to issue new I/O too late. The higher the system load, the higher the probability that this happens to some process. This is a problem in scenarios where service guarantees matter more than throughput. One important case are weight-raised queues, which need to be granted a very high fraction of the bandwidth. To address this issue, this commit lower-bounds the plugging timeout for weight-raised queues to 20 ms. This simple change provides relevant benefits. For example, on a PLEXTOR PX-256M5S, with which gnome-terminal starts in 0.6 seconds if there is no other I/O in progress, the same applications starts in - 0.8 seconds, instead of 1.2 seconds, if ten files are being read sequentially in parallel - 1 second, instead of 2 seconds, if, in parallel, five files are being read sequentially, and five more files are being written sequentially Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jens Axboe
|
824c212908 |
bfq: update internal depth state when queue depth changes
commit 77f1e0a52d26242b6c2dba019f6ebebfb9ff701e upstream
A previous commit moved the shallow depth and BFQ depth map calculations
to be done at init time, moving it outside of the hotter IO path. This
potentially causes hangs if the users changes the depth of the scheduler
map, by writing to the 'nr_requests' sysfs file for that device.
Add a blk-mq-sched hook that allows blk-mq to inform the scheduler if
the depth changes, so that the scheduler can update its internal state.
Signed-off-by: Eric Wheeler <bfq@linux.ewheeler.net>
Tested-by: Kai Krakow <kai@kaishome.de>
Reported-by: Paolo Valente <paolo.valente@linaro.org>
Fixes:
|
||
|
Paolo Valente
|
06666a19d5 |
block, bfq: fix in-service-queue check for queue merging
[ Upstream commit 058fdecc6de7cdecbf4c59b851e80eb2d6c5295f ]
When a new I/O request arrives for a bfq_queue, say Q, bfq checks
whether that request is close to
(a) the head request of some other queue waiting to be served, or
(b) the last request dispatched for the in-service queue (in case Q
itself is not the in-service queue)
If a queue, say Q2, is found for which the above condition holds, then
bfq merges Q and Q2, to hopefully get a more sequential I/O in the
resulting merged queue, and thus a possibly higher throughput.
Case (b) is checked by comparing the new request for Q with the last
request dispatched, assuming that the latter necessarily belonged to the
in-service queue. Unfortunately, this assumption is no longer always
correct, since commit d0edc2473be9 ("block, bfq: inject other-queue I/O
into seeky idle queues on NCQ flash").
When the assumption does not hold, queues that must not be merged may be
merged, causing unexpected loss of control on per-queue service
guarantees.
This commit solves this problem by adding an extra field, which stores
the actual last request dispatched for the in-service queue, and by
using this new field to correctly check case (b).
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Paolo Valente
|
d5801088a7 |
block, bfq: reduce write overcharge
When a sync request is dispatched, the queue that contains that request, and all the ancestor entities of that queue, are charged with the number of sectors of the request. In constrast, if the request is async, then the queue and its ancestor entities are charged with the number of sectors of the request, multiplied by an overcharge factor. This throttles the bandwidth for async I/O, w.r.t. to sync I/O, and it is done to counter the tendency of async writes to steal I/O throughput to reads. On the opposite end, the lower this parameter, the stabler I/O control, in the following respect. The lower this parameter is, the less the bandwidth enjoyed by a group decreases - when the group does writes, w.r.t. to when it does reads; - when other groups do reads, w.r.t. to when they do writes. The fixes "block, bfq: always update the budget of an entity when needed" and "block, bfq: readd missing reset of parent-entity service" improved I/O control in bfq to such an extent that it has been possible to revise this overcharge factor downwards. This commit introduces the resulting, new value. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
8a511ba5fe |
block, bfq: readd missing reset of parent-entity service
The received-service counter needs to be equal to 0 when an entity is
set in service. Unfortunately, commit "block, bfq: fix service being
wrongly set to zero in case of preemption" mistakenly removed the
resetting of this counter for the parent entities of the bfq_queue
being set in service. This commit fixes this issue by resetting
service for parent entities, directly on the expiration of the
in-service bfq_queue.
Fixes:
|
||
|
Paolo Valente
|
277a4a9b56 |
block, bfq: give a better name to bfq_bfqq_may_idle
The actual goal of the function bfq_bfqq_may_idle is to tell whether it is better to perform device idling (more precisely: I/O-dispatch plugging) for the input bfq_queue, either to boost throughput or to preserve service guarantees. This commit improves the name of the function accordingly. Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
9fae8dd59f |
block, bfq: fix service being wrongly set to zero in case of preemption
If - a bfq_queue Q preempts another queue, because one request of Q arrives in time, - but, after this preemption, Q is not the queue that is set in service, then Q->entity.service is set to 0 when Q is eventually set in service. But Q should have continued receiving service with its old budget (which is why preemption has occurred) and its old service. This commit addresses this issue by resetting service on queue real expiration. Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
4420b095cc |
block, bfq: do not expire a queue that will deserve dispatch plugging
For some bfq_queues, BFQ plugs I/O dispatching when the queue becomes idle, and keeps the plug until a new request of the queue arrives, or a timeout fires. BFQ does so either to boost throughput or to preserve service guarantees for the queue. More precisely, for such a queue, plugging starts when the queue happens to have either no request enqueued, or no request in flight, that is, no request already dispatched but not yet completed. On the opposite end, BFQ may happen to expire a queue with no request enqueued, without doing any plugging, if the queue still has some request in flight. Unfortunately, such a premature expiration causes the queue to lose its chance to enjoy dispatch plugging a moment later, i.e., when its in-flight requests finally get completed. This breaks service guarantees for the queue. This commit prevents BFQ from expiring an empty queue if the latter still has in-flight requests. Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
0471559c2f |
block, bfq: add/remove entity weights correctly
To keep I/O throughput high as often as possible, BFQ performs I/O-dispatch plugging (aka device idling) only when beneficial exactly for throughput, or when needed for service guarantees (low latency, fairness). An important case where the latter condition holds is when the scenario is 'asymmetric' in terms of weights: i.e., when some bfq_queue or whole group of queues has a higher weight, and thus has to receive more service, than other queues or groups. Without dispatch plugging, lower-weight queues/groups may unjustly steal bandwidth to higher-weight queues/groups. To detect asymmetric scenarios, BFQ checks some sufficient conditions. One of these conditions is that active groups have different weights. BFQ controls this condition by maintaining a special set of unique weights of active groups (group_weights_tree). To this purpose, in the function bfq_active_insert/bfq_active_extract BFQ adds/removes the weight of a group to/from this set. Unfortunately, the function bfq_active_extract may happen to be invoked also for a group that is still active (to preserve the correct update of the next queue to serve, see comments in function bfq_no_longer_next_in_service() for details). In this case, removing the weight of the group makes the set group_weights_tree inconsistent. Service-guarantee violations follow. This commit addresses this issue by moving group_weights_tree insertions from their previous location (in bfq_active_insert) into the function __bfq_activate_entity, and by moving group_weights_tree extractions from bfq_active_extract to when the entity that represents a group remains throughly idle, i.e., with no request either enqueued or dispatched. Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
Davide Sapienza
|
f6c3ca0e58 |
block, bfq: prevent soft_rt_next_start from being stuck at infinity
BFQ can deem a bfq_queue as soft real-time only if the queue - periodically becomes completely idle, i.e., empty and with no still-outstanding I/O request; - after becoming idle, gets new I/O only after a special reference time soft_rt_next_start. In this respect, after commit "block, bfq: consider also past I/O in soft real-time detection", the value of soft_rt_next_start can never decrease. This causes a problem with the following special updating case for soft_rt_next_start: to prevent queues that are not completely idle to be wrongly detected as soft real-time (when they become non-empty again), soft_rt_next_start is temporarily set to infinity for empty queues with still outstanding I/O requests. But, if such an update is actually performed, then, because of the above commit, soft_rt_next_start will be stuck at infinity forever, and the queue will have no more chance to be considered soft real-time. On slow systems, this problem does cause actual soft real-time applications to be occasionally not detected as such. This commit addresses this issue by eliminating the pushing of soft_rt_next_start to infinity, and by changing the way non-empty queues are prevented from being wrongly detected as soft real-time. Simply, a queue that becomes non-empty again can now be detected as soft real-time only if it has no outstanding I/O request. Signed-off-by: Davide Sapienza <sapienza.dav@gmail.com> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Davide Sapienza
|
d450542e3c |
block, bfq: increase weight-raising duration for interactive apps
The maximum possible duration of the weight-raising period for interactive applications is limited to 13 seconds, as this is the time needed to load the largest application that we considered when tuning weight raising. Unfortunately, in such an evaluation, we did not consider the case of very slow virtual machines. For example, on a QEMU/KVM virtual machine - running in a slow PC; - with a virtual disk stacked on a slow low-end 5400rpm HDD; - serving a heavy I/O workload, such as the sequential reading of several files; mplayer takes 23 seconds to start, if constantly weight-raised. To address this issue, this commit conservatively sets the upper limit for weight-raising duration to 25 seconds. Signed-off-by: Davide Sapienza <sapienza.dav@gmail.com> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
e24f1c245f |
block, bfq: remove slow-system class
BFQ computes the duration of weight raising for interactive applications automatically, using some reference parameters. In particular, BFQ uses the best durations (see comments in the code for how these durations have been assessed) for two classes of systems: slow and fast ones. Examples of slow systems are old phones or systems using micro HDDs. Fast systems are all the remaining ones. Using these parameters, BFQ computes the actual duration of the weight raising, for the system at hand, as a function of the relative speed of the system w.r.t. the speed of a reference system, belonging to the same class of systems as the system at hand. This slow vs fast differentiation proved to be useful in the past, but happens to have little meaning with current hardware. Even worse, it does cause problems in virtual systems, where the speed of the system can vary frequently, and so widely to just confuse the class-detection mechanism, and, as we have verified experimentally, to cause BFQ to compute non-sensical weight-raising durations. This commit addresses this issue by removing the slow class and the class-detection mechanism. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
4029eef1be |
block, bfq: add description of weight-raising heuristics
A description of how weight raising works is missing in BFQ sources. In addition, the code for handling weight raising is scattered across a few functions. This makes it rather hard to understand the mechanism and its rationale. This commits adds such a description at the beginning of the main source file. Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
Filippo Muzzini
|
ac857e0d54 |
block, bfq: remove the removal of 'next' rq in bfq_requests_merged
Since bfq_finish_request() is always called on the request 'next', after bfq_requests_merged() is finished, and bfq_finish_request() removes 'next' from its bfq_queue if needed, it isn't necessary to do such a removal in advance in bfq_merged_requests(). This commit removes such a useless 'next' removal. Signed-off-by: Filippo Muzzini <filippo.muzzini@outlook.it> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Paolo Valente
|
8abfa4d6fd |
block, bfq: remove wrong check in bfq_requests_merged
The request rq passed to the function bfq_requests_merged is always in a bfq_queue, so the check !RB_EMPTY_NODE(&rq->rb_node) at the beginning of bfq_requests_merged always succeeds, and the control flow systematically skips to the end of the function. This implies that the body of the function is never executed, i.e., the repositioning of rq is never performed. On the opposite end, a control is missing in the body of the function: 'next' must be removed only if it is inside a bfq_queue. This commit removes the wrong check on rq, and adds the missing check on 'next'. In addition, this commit adds comments on bfq_requests_merged. Signed-off-by: Filippo Muzzini <filippo.muzzini@outlook.it> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Filippo Muzzini
|
a12bffebc0 |
block, bfq: remove wrong lock in bfq_requests_merged
In bfq_requests_merged(), there is a deadlock because the lock on bfqq->bfqd->lock is held by the calling function, but the code of this function tries to grab the lock again. This deadlock is currently hidden by another bug (fixed by next commit for this source file), which causes the body of bfq_requests_merged() to be never executed. This commit removes the deadlock by removing the lock/unlock pair. Signed-off-by: Filippo Muzzini <filippo.muzzini@outlook.it> Signed-off-by: Paolo Valente <paolo.valente@linaro.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Jens Axboe
|
483b7bf2e4 |
bfq-iosched: update shallow depth to smallest one used
If our shallow depth is smaller than the wake batching of sbitmap, we can introduce hangs. Ensure that sbitmap knows how low we'll go. Acked-by: Paolo Valente <paolo.valente@linaro.org> Reviewed-by: Omar Sandoval <osandov@fb.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> |