November 2022 - Linux-stable-mirror

[PATCH 5.4 and earlier only] mm: Fix '.data.once' orphan section warning

by Nathan Chancellor

Portions of upstream commit a4055888629b ("mm/memcg: warning on !memcg after readahead page charged") were backported as commit cfe575954ddd ("mm: add VM_WARN_ON_ONCE_PAGE() macro"). Unfortunately, the backport did not account for the lack of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") in kernels prior to 5.10, resulting in the following orphan section warnings on PowerPC clang builds with CONFIG_DEBUG_VM=y: powerpc64le-linux-gnu-ld: warning: orphan section `".data.once"' from `mm/huge_memory.o' being placed in section `".data.once"' powerpc64le-linux-gnu-ld: warning: orphan section `".data.once"' from `mm/huge_memory.o' being placed in section `".data.once"' powerpc64le-linux-gnu-ld: warning: orphan section `".data.once"' from `mm/huge_memory.o' being placed in section `".data.once"' This is a difference between how clang and gcc handle macro stringification, which was resolved for the kernel by not stringifying the argument to the __section() macro. Since that change was deemed not suitable for the stable kernels by commit 59f89518f510 ("once: fix section mismatch on clang builds"), do that same thing as that change and remove the quotes from the argument to __section(). Fixes: cfe575954ddd ("mm: add VM_WARN_ON_ONCE_PAGE() macro") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- As far as I can tell, this should be applied to 5.4 and earlier. It should apply cleanly but let me know if not. include/linux/mmdebug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mmdebug.h b/include/linux/mmdebug.h index 5d0767cb424a..4ed52879ce55 100644 --- a/include/linux/mmdebug.h +++ b/include/linux/mmdebug.h @@ -38,7 +38,7 @@ void dump_mm(const struct mm_struct *mm); } \ } while (0) #define VM_WARN_ON_ONCE_PAGE(cond, page) ({ \ - static bool __section(".data.once") __warned; \ + static bool __section(.data.once) __warned; \ int __ret_warn_once = !!(cond); \ \ if (unlikely(__ret_warn_once && !__warned)) { \ base-commit: 4d2a309b5c28a2edc0900542d22fec3a5a22243b -- 2.38.1

1 year, 4 months

3
6
0 0

[PATCH 5.4 1/2] nvme: restrict management ioctls to admin

by Ovidiu Panait

From: Keith Busch <kbusch(a)kernel.org> commit 23e085b2dead13b51fe86d27069895b740f749c0 upstream. The passthrough commands already have this restriction, but the other operations do not. Require the same capabilities for all users as all of these operations, which include resets and rescans, can be disruptive. Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com> --- These backports are for CVE-2022-3169. drivers/nvme/host/core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 6627fb531f33..3b5e5fb158be 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -3027,11 +3027,17 @@ static long nvme_dev_ioctl(struct file *file, unsigned int cmd, case NVME_IOCTL_IO_CMD: return nvme_dev_user_cmd(ctrl, argp); case NVME_IOCTL_RESET: + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; dev_warn(ctrl->device, "resetting controller\n"); return nvme_reset_ctrl_sync(ctrl); case NVME_IOCTL_SUBSYS_RESET: + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; return nvme_reset_subsystem(ctrl); case NVME_IOCTL_RESCAN: + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; nvme_queue_scan(ctrl); return 0; default: -- 2.38.1

1 year, 4 months

2
2
0 0

[PATCH 4.14 1/1] tcp/udp: Fix memory leak in ipv6_renew_options().

by Ovidiu Panait

From: Kuniyuki Iwashima <kuniyu(a)amazon.com> commit 3c52c6bb831f6335c176a0fc7214e26f43adbd11 upstream. syzbot reported a memory leak [0] related to IPV6_ADDRFORM. The scenario is that while one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM, another thread calls do_ipv6_setsockopt() and allocates memory to inet6_sk(sk)->XXX after conversion. Then, the converted sk with (tcp|udp)_prot never frees the IPv6 resources, which inet6_destroy_sock() should have cleaned up. setsockopt(IPV6_ADDRFORM) setsockopt(IPV6_DSTOPTS) +-----------------------+ +----------------------+ - do_ipv6_setsockopt(sk, ...) - sockopt_lock_sock(sk) - do_ipv6_setsockopt(sk, ...) - lock_sock(sk) ^._ called via tcpv6_prot - WRITE_ONCE(sk->sk_prot, &tcp_prot) before WRITE_ONCE() - xchg(&np->opt, NULL) - txopt_put(opt) - sockopt_release_sock(sk) - release_sock(sk) - sockopt_lock_sock(sk) - lock_sock(sk) - ipv6_set_opt_hdr(sk, ...) - ipv6_update_options(sk, opt) - xchg(&inet6_sk(sk)->opt, opt) ^._ opt is never freed. - sockopt_release_sock(sk) - release_sock(sk) Since IPV6_DSTOPTS allocates options under lock_sock(), we can avoid this memory leak by testing whether sk_family is changed by IPV6_ADDRFORM after acquiring the lock. This issue exists from the initial commit between IPV6_ADDRFORM and IPV6_PKTOPTIONS. [0]: BUG: memory leak unreferenced object 0xffff888009ab9f80 (size 96): comm "syz-executor583", pid 328, jiffies 4294916198 (age 13.034s) hex dump (first 32 bytes): 01 00 00 00 48 00 00 00 08 00 00 00 00 00 00 00 ....H........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002ee98ae1>] kmalloc include/linux/slab.h:605 [inline] [<000000002ee98ae1>] sock_kmalloc+0xb3/0x100 net/core/sock.c:2566 [<0000000065d7b698>] ipv6_renew_options+0x21e/0x10b0 net/ipv6/exthdrs.c:1318 [<00000000a8c756d7>] ipv6_set_opt_hdr net/ipv6/ipv6_sockglue.c:354 [inline] [<00000000a8c756d7>] do_ipv6_setsockopt.constprop.0+0x28b7/0x4350 net/ipv6/ipv6_sockglue.c:668 [<000000002854d204>] ipv6_setsockopt+0xdf/0x190 net/ipv6/ipv6_sockglue.c:1021 [<00000000e69fdcf8>] tcp_setsockopt+0x13b/0x2620 net/ipv4/tcp.c:3789 [<0000000090da4b9b>] __sys_setsockopt+0x239/0x620 net/socket.c:2252 [<00000000b10d192f>] __do_sys_setsockopt net/socket.c:2263 [inline] [<00000000b10d192f>] __se_sys_setsockopt net/socket.c:2260 [inline] [<00000000b10d192f>] __x64_sys_setsockopt+0xbe/0x160 net/socket.c:2260 [<000000000a80d7aa>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<000000000a80d7aa>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80 [<000000004562b5c6>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com> --- net/ipv6/ipv6_sockglue.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 3f44316db51b..3c099742c58e 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -166,6 +166,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, rtnl_lock(); lock_sock(sk); + /* Another thread has converted the socket into IPv4 with + * IPV6_ADDRFORM concurrently. + */ + if (unlikely(sk->sk_family != AF_INET6)) + goto unlock; + switch (optname) { case IPV6_ADDRFORM: @@ -905,6 +911,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, break; } +unlock: release_sock(sk); if (needs_rtnl) rtnl_unlock(); -- 2.38.1

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] tracing/ring-buffer: Have polling block on watermark" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 42fb0a1e84ff ("tracing/ring-buffer: Have polling block on watermark") 7e9fbbb1b776 ("ring-buffer: Add ring_buffer_wake_waiters()") 13292494379f ("tracing: Make struct ring_buffer less ambiguous") 1c5eb4481e01 ("tracing: Rename trace_buffer to array_buffer") 2d6425af6116 ("tracing: Declare newly exported APIs in include/linux/trace.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42fb0a1e84ff525ebe560e2baf9451ab69127e2b Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 20 Oct 2022 23:14:27 -0400 Subject: [PATCH] tracing/ring-buffer: Have polling block on watermark Currently the way polling works on the ring buffer is broken. It will return immediately if there's any data in the ring buffer whereas a read will block until the watermark (defined by the tracefs buffer_percent file) is hit. That is, a select() or poll() will return as if there's data available, but then the following read will block. This is broken for the way select()s and poll()s are supposed to work. Have the polling on the ring buffer also block the same way reads and splice does on the ring buffer. Link: https://lkml.kernel.org/r/20221020231427.41be3f26@gandalf.local.home Cc: Linux Trace Kernel <linux-trace-kernel(a)vger.kernel.org> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Primiano Tucci <primiano(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 1e0d6714aceb7 ("ring-buffer: Do not wake up a splice waiter when page is not full") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h index 2504df9a0453..3c7d295746f6 100644 --- a/include/linux/ring_buffer.h +++ b/include/linux/ring_buffer.h @@ -100,7 +100,7 @@ __ring_buffer_alloc(unsigned long size, unsigned flags, struct lock_class_key *k int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full); __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, - struct file *filp, poll_table *poll_table); + struct file *filp, poll_table *poll_table, int full); void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu); #define RING_BUFFER_ALL_CPUS -1 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 9712083832f4..089b1ec9cb3b 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -907,6 +907,21 @@ size_t ring_buffer_nr_dirty_pages(struct trace_buffer *buffer, int cpu) return cnt - read; } +static __always_inline bool full_hit(struct trace_buffer *buffer, int cpu, int full) +{ + struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu]; + size_t nr_pages; + size_t dirty; + + nr_pages = cpu_buffer->nr_pages; + if (!nr_pages || !full) + return true; + + dirty = ring_buffer_nr_dirty_pages(buffer, cpu); + + return (dirty * 100) > (full * nr_pages); +} + /* * rb_wake_up_waiters - wake up tasks waiting for ring buffer input * @@ -1046,22 +1061,20 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) !ring_buffer_empty_cpu(buffer, cpu)) { unsigned long flags; bool pagebusy; - size_t nr_pages; - size_t dirty; + bool done; if (!full) break; raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page; - nr_pages = cpu_buffer->nr_pages; - dirty = ring_buffer_nr_dirty_pages(buffer, cpu); + done = !pagebusy && full_hit(buffer, cpu, full); + if (!cpu_buffer->shortest_full || cpu_buffer->shortest_full > full) cpu_buffer->shortest_full = full; raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); - if (!pagebusy && - (!nr_pages || (dirty * 100) > full * nr_pages)) + if (done) break; } @@ -1087,6 +1100,7 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) * @cpu: the cpu buffer to wait on * @filp: the file descriptor * @poll_table: The poll descriptor + * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS * * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon * as data is added to any of the @buffer's cpu buffers. Otherwise @@ -1096,14 +1110,15 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full) * zero otherwise. */ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, - struct file *filp, poll_table *poll_table) + struct file *filp, poll_table *poll_table, int full) { struct ring_buffer_per_cpu *cpu_buffer; struct rb_irq_work *work; - if (cpu == RING_BUFFER_ALL_CPUS) + if (cpu == RING_BUFFER_ALL_CPUS) { work = &buffer->irq_work; - else { + full = 0; + } else { if (!cpumask_test_cpu(cpu, buffer->cpumask)) return -EINVAL; @@ -1111,8 +1126,14 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, work = &cpu_buffer->irq_work; } - poll_wait(filp, &work->waiters, poll_table); - work->waiters_pending = true; + if (full) { + poll_wait(filp, &work->full_waiters, poll_table); + work->full_waiters_pending = true; + } else { + poll_wait(filp, &work->waiters, poll_table); + work->waiters_pending = true; + } + /* * There's a tight race between setting the waiters_pending and * checking if the ring buffer is empty. Once the waiters_pending bit @@ -1128,6 +1149,9 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, */ smp_mb(); + if (full) + return full_hit(buffer, cpu, full) ? EPOLLIN | EPOLLRDNORM : 0; + if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) || (cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu))) return EPOLLIN | EPOLLRDNORM; @@ -3155,10 +3179,6 @@ static void rb_commit(struct ring_buffer_per_cpu *cpu_buffer, static __always_inline void rb_wakeups(struct trace_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer) { - size_t nr_pages; - size_t dirty; - size_t full; - if (buffer->irq_work.waiters_pending) { buffer->irq_work.waiters_pending = false; /* irq_work_queue() supplies it's own memory barriers */ @@ -3182,10 +3202,7 @@ rb_wakeups(struct trace_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->last_pages_touch = local_read(&cpu_buffer->pages_touched); - full = cpu_buffer->shortest_full; - nr_pages = cpu_buffer->nr_pages; - dirty = ring_buffer_nr_dirty_pages(buffer, cpu_buffer->cpu); - if (full && nr_pages && (dirty * 100) <= full * nr_pages) + if (!full_hit(buffer, cpu_buffer->cpu, cpu_buffer->shortest_full)) return; cpu_buffer->irq_work.wakeup_full = true; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 47a44b055a1d..c6c7a0af3ed2 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -6681,7 +6681,7 @@ trace_poll(struct trace_iterator *iter, struct file *filp, poll_table *poll_tabl return EPOLLIN | EPOLLRDNORM; else return ring_buffer_poll_wait(iter->array_buffer->buffer, iter->cpu_file, - filp, poll_table); + filp, poll_table, iter->tr->buffer_percent); } static __poll_t

1 year, 4 months

3
2
0 0

[PATCH 4.14] efi: random: Properly limit the size of the random seed

by Ben Hutchings

Commit be36f9e7517e ("efi: READ_ONCE rng seed size before munmap") added a READ_ONCE() and also changed the call to add_bootloader_randomness() to use the local size variable. Neither of these changes was actually needed and this was not backported to the 4.14 stable branch. Commit 161a438d730d ("efi: random: reduce seed size to 32 bytes") reverted the addition of READ_ONCE() and added a limit to the value of size. This depends on the earlier commit, because size can now differ from seed->size, but it was wrongly backported to the 4.14 stable branch by itself. Apply the missing change to the add_bootloader_randomness() parameter (except that here we are still using add_device_randomness()). Fixes: 700485f70e50 ("efi: random: reduce seed size to 32 bytes") Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> --- drivers/firmware/efi/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index ed981f5e29ae..cc64869d8420 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -541,7 +541,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz, seed = early_memremap(efi.rng_seed, sizeof(*seed) + size); if (seed != NULL) { - add_device_randomness(seed->bits, seed->size); + add_device_randomness(seed->bits, size); early_memunmap(seed, sizeof(*seed) + size); pr_notice("seeding entropy pool\n"); } else {

1 year, 4 months

3
3
0 0

Stable backport request: tools and binutils' init_disassemble_info

by Daniel Díaz

Hello! Would the stable maintainers please consider backporting the following series of patches?: https://lore.kernel.org/lkml/20220801013834.156015-1-andres@anarazel.de/ Branches where this is needed are: * 5.4 * 5.10 * 5.15 Branch 6.0.y is fine, as this series is present there. Failure is seen in this form: -----8<----------8<----------8<----- util/annotate.c: In function 'symbol__disassemble_bpf': util/annotate.c:1739:9: error: too few arguments to function 'init_disassemble_info' 1739 | init_disassemble_info(&info, s, | ^~~~~~~~~~~~~~~~~~~~~ In file included from util/annotate.c:1692: /usr/include/dis-asm.h:472:13: note: declared here 472 | extern void init_disassemble_info (struct disassemble_info *dinfo, void *stream, | ^~~~~~~~~~~~~~~~~~~~~ make[4]: *** [/builds/linux/tools/build/Makefile.build:96: /home/tuxbuild/.cache/tuxmake/builds/1/build/util/annotate.o] Error 1 ----->8---------->8---------->8----- The 5.15 backport is almost straight-forward, with patches 7 and 8 requiring some small modifications. I could not get the 5.10 backport to build, and for 5.4 it was even more difficult to adapt. Thanks and greetings! Daniel Díaz daniel.diaz(a)linaro.org

1 year, 4 months

2
1
0 0

[stable:PATCH v5.4.225 0/2] arm64: errata: Spectre-BHB fixes

by James Morse

Hello! The first patch fixes an issue reported by Sami, where linux panic()s when bringing secondary CPUs online. The problem was the Spectre workarounds trying to allocate a new slot for mitigating KVM when those pages are no longer writeable. While debugging that issue, I spotted the Spectre-BHB KVM mitigation was over-riding the Spectre-v2 KVM Mitigation. It's supposed to happen the other way round. The backports aren't the same as mainline because the spectre mitigation code was totally rewritten for v5.10, and prior to that the KVM infrastructure is very different. Thanks, James Morse (2): arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 arch/arm64/kernel/cpu_errata.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) -- 2.30.2

1 year, 4 months

2
3
0 0

[PATCH v3 1/2] mm/migrate: Fix read-only page got writable when recover pte

by Peter Xu

Ives van Hoorne from codesandbox.io reported an issue regarding possible data loss of uffd-wp when applied to memfds on heavily loaded systems. The symptom is some read page got data mismatch from the snapshot child VMs. Here I can also reproduce with a Rust reproducer that was provided by Ives that keeps taking snapshot of a 256MB VM, on a 32G system when I initiate 80 instances I can trigger the issues in ten minutes. It turns out that we got some pages write-through even if uffd-wp is applied to the pte. The problem is, when removing migration entries, we didn't really worry about write bit as long as we know it's not a write migration entry. That may not be true, for some memory types (e.g. writable shmem) mk_pte can return a pte with write bit set, then to recover the migration entry to its original state we need to explicit wr-protect the pte or it'll has the write bit set if it's a read migration entry. For uffd it can cause write-through. The relevant code on uffd was introduced in the anon support, which is commit f45ec5ff16a7 ("userfaultfd: wp: support swap and page migration", 2020-04-07). However anon shouldn't suffer from this problem because anon should already have the write bit cleared always, so that may not be a proper Fixes target, while I'm adding the Fixes to be uffd shmem support. Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs") Reported-by: Ives van Hoorne <ives(a)codesandbox.io> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Tested-by: Ives van Hoorne <ives(a)codesandbox.io> Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/migrate.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index dff333593a8a..8b6351c08c78 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -213,8 +213,14 @@ static bool remove_migration_pte(struct folio *folio, pte = pte_mkdirty(pte); if (is_writable_migration_entry(entry)) pte = maybe_mkwrite(pte, vma); - else if (pte_swp_uffd_wp(*pvmw.pte)) + else + /* NOTE: mk_pte can have write bit set */ + pte = pte_wrprotect(pte); + + if (pte_swp_uffd_wp(*pvmw.pte)) { + WARN_ON_ONCE(pte_write(pte)); pte = pte_mkuffd_wp(pte); + } if (folio_test_anon(folio) && !is_readable_migration_entry(entry)) rmap_flags |= RMAP_EXCLUSIVE; -- 2.37.3

1 year, 4 months

3
10
0 0

[PATCH 5.10 000/162] 5.10.157-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.157 release. There are 162 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.157-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.157-rc1 Andrzej Hajda <andrzej.hajda(a)intel.com> drm/i915: fix TLB invalidation for Gen12 video and compute engines Christian König <christian.koenig(a)amd.com> drm/amdgpu: always register an MMU notifier for userptr Lyude Paul <lyude(a)redhat.com> drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Zhen Lei <thunder.leizhen(a)huawei.com> btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Anand Jain <anand.jain(a)oracle.com> btrfs: free btrfs_path before copying subvol info to userspace Anand Jain <anand.jain(a)oracle.com> btrfs: free btrfs_path before copying fspath to userspace Josef Bacik <josef(a)toxicpanda.com> btrfs: free btrfs_path before copying root refs to userspace Luiz Capitulino <luizcap(a)amazon.com> genirq: Take the proposed affinity at face value if force==true Luiz Capitulino <luizcap(a)amazon.com> irqchip/gic-v3: Always trust the managed affinity provided by the core code Luiz Capitulino <luizcap(a)amazon.com> genirq: Always limit the affinity to online CPUs Luiz Capitulino <luizcap(a)amazon.com> genirq/msi: Shutdown managed interrupts with unsatifiable affinities Phil Turnbull <philipturnbull(a)github.com> wifi: wilc1000: validate number of channels Phil Turnbull <philipturnbull(a)github.com> wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Phil Turnbull <philipturnbull(a)github.com> wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Phil Turnbull <philipturnbull(a)github.com> wifi: wilc1000: validate pairwise and authentication suite offsets Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: clear the journal on suspend Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: flush the journal on suspend Robin Murphy <robin.murphy(a)arm.com> gpu: host1x: Avoid trying to use GART on Tegra20 Enrico Sau <enrico.sau(a)gmail.com> net: usb: qmi_wwan: add Telit 0x103a composition Gleb Mazovetskiy <glex.spb(a)gmail.com> tcp: configurable source port perturb table size Kai-Heng Feng <kai.heng.feng(a)canonical.com> platform/x86: hp-wmi: Ignore Smart Experience App event Damien Le Moal <damien.lemoal(a)opensource.wdc.com> zonefs: fix zone report size in __zonefs_io_error() Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Xiongfeng Wang <wangxiongfeng2(a)huawei.com> platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() ruanjinjie <ruanjinjie(a)huawei.com> xen/platform-pci: add missing free_irq() in error path Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Hans de Goede <hdegoede(a)redhat.com> Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Hans de Goede <hdegoede(a)redhat.com> Input: soc_button_array - add use_low_level_irq module parameter Hans de Goede <hdegoede(a)redhat.com> Input: goodix - try resetting the controller when no config is set Lukas Wunner <lukas(a)wunner.de> serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Aman Dhoot <amandhoot12(a)gmail.com> Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Alessandro Astone <ales.astone(a)gmail.com> binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 Alessandro Astone <ales.astone(a)gmail.com> binder: Address corner cases in deferred copy and fixup Arnd Bergmann <arnd(a)arndb.de> binder: fix pointer cast warning Todd Kjos <tkjos(a)google.com> binder: defer copies of pre-patched txn data Todd Kjos <tkjos(a)google.com> binder: read pre-translated fds from sender buffer Todd Kjos <tkjos(a)google.com> binder: avoid potential data leakage when copying txn Michael Kelley <mikelley(a)microsoft.com> x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: remove exit_int_info warning in svm_handle_exit Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: nSVM: leave nested mode on vCPU free Johannes Weiner <hannes(a)cmpxchg.org> mm: vmscan: fix extreme overreclaim and swap floods Mukesh Ojha <quic_mojha(a)quicinc.com> gcov: clang: fix the buffer overflow issue Chen Zhongjin <chenzhongjin(a)huawei.com> nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Clear ep descriptor last Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc3: gadget: conditionally remove requests Xiubo Li <xiubli(a)redhat.com> ceph: fix NULL pointer dereference for req->r_session Kenneth Lee <klee33(a)uw.edu> ceph: Use kcalloc for allocating multiple elements Xiubo Li <xiubli(a)redhat.com> ceph: fix possible NULL pointer dereference for req->r_session Xiubo Li <xiubli(a)redhat.com> ceph: put the requests/sessions when it fails to alloc memory Dan Carpenter <dan.carpenter(a)oracle.com> ceph: fix off by one bugs in unsafe_request_wait() Xiubo Li <xiubli(a)redhat.com> ceph: flush the mdlog before waiting on unsafe reqs Xiubo Li <xiubli(a)redhat.com> ceph: flush mdlog before umounting Xiubo Li <xiubli(a)redhat.com> ceph: make iterate_sessions a global symbol Xiubo Li <xiubli(a)redhat.com> ceph: make ceph_create_session_msg a global symbol Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Device side header file for CDNSP driver Pawel Laszczak <pawell(a)cadence.com> usb: cdns3: Add support for DRD CDNSP Brian Norris <briannorris(a)chromium.org> mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI Al Cooper <alcooperx(a)gmail.com> mmc: sdhci-brcmstb: Enable Clock Gating to save power Al Cooper <alcooperx(a)gmail.com> mmc: sdhci-brcmstb: Re-organize flags Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: emulator: update the emulation mode after rsm Randy Dunlap <rdunlap(a)infradead.org> nios2: add FORCE for vmlinuz.gz Alexandre Belloni <alexandre.belloni(a)bootlin.com> init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Chen Zhongjin <chenzhongjin(a)huawei.com> iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Alejandro Concepción Rodríguez <asconcepcion(a)acoro.eu> iio: light: apds9960: fix wrong register for gesture gain Sam James <sam(a)gentoo.org> kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Jakob Unterwurzacher <jakob.unterwurzacher(a)theobroma-systems.com> arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Baokun Li <libaokun1(a)huawei.com> ext4: fix use-after-free in ext4_ext_shift_extents Marek Szyprowski <m.szyprowski(a)samsung.com> usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> lib/vdso: use "grep -E" instead of "egrep" Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: preserve TX ring priority across reconfiguration Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: cache accesses to &priv->si->hw Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled Heiko Carstens <hca(a)linux.ibm.com> s390/crashdump: fix TOD programmable field size Yu Liao <liaoyu15(a)huawei.com> net: thunderx: Fix the ACPI memory leak Martin Faltesek <mfaltesek(a)google.com> nfc: st-nci: fix memory leaks in EVT_TRANSACTION Martin Faltesek <mfaltesek(a)google.com> nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Wang Hai <wanghai38(a)huawei.com> arcnet: fix potential memory leak in com20020_probe() Ahmed S. Darwish <a.darwish(a)linutronix.de> net: arcnet: Fix RESET flag handling Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix no record found for raw_track_access Ziyang Xuan <william.xuanziyang(a)huawei.com> ipv4: Fix error return code in fib_table_insert() Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). Felix Fietkau <nbd(a)nbd.name> netfilter: flowtable_offload: add missing locking Dawei Li <set_pte_at(a)outlook.com> dma-buf: fix racing conflict of dma_heap_add() Yang Yingliang <yangyingliang(a)huawei.com> bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Andreas Kemnade <andreas(a)kemnade.info> regulator: twl6030: re-add TWL6032_SUBCLASS Liu Shixin <liushixin2(a)huawei.com> NFC: nci: fix memory leak in nci_rx_data_packet() Xin Long <lucien.xin(a)gmail.com> net: sched: allow act_ct to be built without NF_NAT Zhang Changzhong <zhangchangzhong(a)huawei.com> sfc: fix potential memleak in __ef100_hard_start_xmit() Chen Zhongjin <chenzhongjin(a)huawei.com> xfrm: Fix ignored return value in xfrm6_init() YueHaibing <yuehaibing(a)huawei.com> tipc: check skb_linearize() return value in tipc_disc_rcv() Xin Long <lucien.xin(a)gmail.com> tipc: add an extra conn_get in tipc_conn_alloc Xin Long <lucien.xin(a)gmail.com> tipc: set con sock in tipc_conn_alloc Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix handling of entry refcount when command is not issued to FW Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix FW tracer timestamp calculation Vishwanath Pai <vpai(a)akamai.com> netfilter: ipset: regression in ip_set_hash_ip.c Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Limit the maximal range of consecutive elements to add/delete Yang Yingliang <yangyingliang(a)huawei.com> Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Yang Yingliang <yangyingliang(a)huawei.com> Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() YueHaibing <yuehaibing(a)huawei.com> macsec: Fix invalid error code set Jaco Coetzee <jaco.coetzee(a)corigine.com> nfp: add port from netdev validation for EEPROM access Diana Wang <na.wang(a)corigine.com> nfp: fill splittable of devlink_port_attrs correctly Yang Yingliang <yangyingliang(a)huawei.com> net: pch_gbe: fix pci device refcount leak while module exiting Zhang Changzhong <zhangchangzhong(a)huawei.com> net/qla3xxx: fix potential memleak in ql3xxx_send() Peter Kosyh <pkosyh(a)yandex.ru> net/mlx4: Check retval of mlx4_bitmap_init Liu Jian <liujian56(a)huawei.com> net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Fabio Estevam <festevam(a)denx.de> ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Zheng Yongjun <zhengyongjun3(a)huawei.com> ARM: mxs: fix memory leak in mxs_machine_init() Daniel Xu <dxu(a)dxuuu.xyz> netfilter: conntrack: Fix data-races around ct mark Zhengchao Shao <shaozhengchao(a)huawei.com> 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Wang Hai <wanghai38(a)huawei.com> net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Lin Ma <linma(a)zju.edu.cn> nfc/nci: fix race with opening and closing David Howells <dhowells(a)redhat.com> rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] David Howells <dhowells(a)redhat.com> rxrpc: Use refcount_t rather than atomic_t David Howells <dhowells(a)redhat.com> rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc Leon Romanovsky <leon(a)kernel.org> net: liquidio: simplify if expression Michael Grzeschik <m.grzeschik(a)pengutronix.de> ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl Yang Yingliang <yangyingliang(a)huawei.com> tee: optee: fix possible memory leak in optee_register_device() Samuel Holland <samuel(a)sholland.org> bus: sunxi-rsb: Support atomic transfers Yang Yingliang <yangyingliang(a)huawei.com> regulator: core: fix UAF in destroy_regulator() Xiongfeng Wang <wangxiongfeng2(a)huawei.com> spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Zeng Heng <zengheng4(a)huawei.com> regulator: core: fix kobject release warning and memory leak in regulator_register() Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Fix handling of srb_status and capacity change events Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open() Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Junxiao Chang <junxiao.chang(a)intel.com> ASoC: hdac_hda: fix hda pcm buffer overflow issue Dominik Haller <d.haller(a)phytec.de> ARM: dts: am335x-pcm-953: Define fixed regulators in root node Herbert Xu <herbert(a)gondor.apana.org.au> af_key: Fix send_acquire race with pfkey_register Christian Langrock <christian.langrock(a)secunet.com> xfrm: replay: Fix ESN wrap around for GSO Eyal Birger <eyal.birger(a)gmail.com> xfrm: fix "disable_policy" on ipv4 early demux Jason A. Donenfeld <Jason(a)zx2c4.com> MIPS: pic32: treat port as signed integer Nathan Chancellor <nathan(a)kernel.org> RISC-V: vdso: Do not add missing symbols to version section in linker script Kuniyuki Iwashima <kuniyu(a)amazon.com> arm64/syscall: Include asm/ptrace.h in syscall_wrapper header. Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix null pointer dereference in bfq_bio_bfqg() Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Bart Van Assche <bvanassche(a)acm.org> scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Brian King <brking(a)linux.vnet.ibm.com> scsi: ibmvfc: Avoid path failures during live migration Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: report real_dev features when HW offloading is enabled" Youlin Li <liulin063(a)gmail.com> selftests/bpf: Add verifier test for release_reference() Sean Nyekjaer <sean(a)geanix.com> spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mac80211: Fix ack frame idr leak when mesh has no route Jason A. Donenfeld <Jason(a)zx2c4.com> wifi: airo: do not assign -1 to unsigned char Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix undefined behavior in bit shift for AUDIT_BIT Emil Renner Berthing <emil.renner.berthing(a)canonical.com> riscv: dts: sifive unleashed: Add PWM controlled LEDs Jonas Jelonek <jelonek.jonas(a)gmail.com> wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support taozhang <taozhang(a)bestechnic.com> wifi: mac80211: fix memory free error when registering wiphy fail Xiubo Li <xiubli(a)redhat.com> ceph: avoid putting the realm twice when decoding snaps fails Xiubo Li <xiubli(a)redhat.com> ceph: do not update snapshot context when there is no new snapshot Mitja Spes <mitja(a)lxnav.com> iio: pressure: ms5611: fixed value compensation bug Lars-Peter Clausen <lars(a)metafoo.de> iio: ms5611: Simplify IO callback parameters Đoàn Trần Công Danh <congdanhqx(a)gmail.com> speakup: replace utils' u_char with unsigned char Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Generate speakupmap.h automatically Bean Huo <beanhuo(a)micron.com> nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Leo Savernik <l.savernik(a)aon.at> nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Simon Rettberg <simon.rettberg(a)rz.uni-freiburg.de> drm/display: Don't assume dual mode adaptors support i2c sub-addressing Ido Schimmel <idosch(a)nvidia.com> bridge: switchdev: Fix memory leaks when changing VLAN protocol Danielle Ratson <danieller(a)nvidia.com> bridge: switchdev: Notify about VLAN protocol changes Niklas Cassel <niklas.cassel(a)wdc.com> ata: libata-core: do not issue non-internal commands once EH is pending Wenchao Hao <haowenchao(a)huawei.com> ata: libata-scsi: simplify __ata_scsi_queuecmd() Yang Yingliang <yangyingliang(a)huawei.com> scsi: scsi_transport_sas: Fix error handling in sas_phy_add() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am335x-pcm-953.dtsi | 28 +- arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 + arch/arm/boot/dts/imx6q-prti6q.dts | 4 +- arch/arm/mach-mxs/mach-mxs.c | 4 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 2 +- arch/arm64/include/asm/syscall_wrapper.h | 2 +- arch/mips/include/asm/fw/fw.h | 2 +- arch/mips/pic32/pic32mzda/early_console.c | 13 +- arch/mips/pic32/pic32mzda/init.c | 2 +- arch/nios2/boot/Makefile | 2 +- .../riscv/boot/dts/sifive/hifive-unleashed-a00.dts | 38 + arch/riscv/kernel/vdso/Makefile | 3 + arch/riscv/kernel/vdso/vdso.lds.S | 2 + arch/s390/kernel/crash_dump.c | 2 +- arch/x86/kvm/emulate.c | 9 + arch/x86/kvm/svm/svm.c | 16 +- arch/x86/mm/ioremap.c | 8 +- block/bfq-cgroup.c | 4 + drivers/accessibility/speakup/.gitignore | 4 + drivers/accessibility/speakup/Makefile | 28 + drivers/accessibility/speakup/genmap.c | 162 +++ drivers/accessibility/speakup/makemapdata.c | 125 ++ drivers/accessibility/speakup/speakupmap.h | 66 - drivers/accessibility/speakup/utils.h | 102 ++ drivers/android/binder.c | 437 +++++- drivers/ata/libata-scsi.c | 55 +- drivers/bus/sunxi-rsb.c | 29 +- drivers/dma-buf/dma-heap.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 8 +- .../drm/amd/display/dc/dce120/dce120_resource.c | 3 +- drivers/gpu/drm/drm_dp_dual_mode_helper.c | 51 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.c | 4 + drivers/gpu/drm/tegra/drm.c | 4 + drivers/gpu/host1x/dev.c | 4 + drivers/hv/channel_mgmt.c | 6 +- drivers/hv/vmbus_drv.c | 1 + drivers/iio/industrialio-sw-trigger.c | 6 +- drivers/iio/light/apds9960.c | 12 +- drivers/iio/pressure/ms5611.h | 18 +- drivers/iio/pressure/ms5611_core.c | 56 +- drivers/iio/pressure/ms5611_i2c.c | 11 +- drivers/iio/pressure/ms5611_spi.c | 17 +- drivers/input/misc/soc_button_array.c | 14 +- drivers/input/mouse/synaptics.c | 1 + drivers/input/touchscreen/goodix.c | 11 + drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/md/dm-integrity.c | 20 +- drivers/mmc/host/sdhci-brcmstb.c | 68 +- drivers/net/arcnet/arc-rimi.c | 4 +- drivers/net/arcnet/arcdevice.h | 6 + drivers/net/arcnet/arcnet.c | 66 +- drivers/net/arcnet/com20020-isa.c | 4 +- drivers/net/arcnet/com20020-pci.c | 2 +- drivers/net/arcnet/com20020_cs.c | 13 +- drivers/net/arcnet/com90io.c | 4 +- drivers/net/arcnet/com90xx.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 12 +- drivers/net/ethernet/cavium/liquidio/lio_main.c | 4 +- drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc.c | 32 +- drivers/net/ethernet/freescale/enetc/enetc.h | 10 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 6 +- drivers/net/ethernet/freescale/enetc/enetc_qos.c | 83 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx4/qp.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +- drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 2 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 3 + .../net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 6 +- drivers/net/ethernet/qlogic/qla3xxx.c | 1 + drivers/net/ethernet/sfc/ef100_netdev.c | 1 + drivers/net/macsec.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/cisco/airo.c | 18 +- drivers/net/wireless/mac80211_hwsim.c | 5 + drivers/net/wireless/microchip/wilc1000/cfg80211.c | 40 +- drivers/net/wireless/microchip/wilc1000/hif.c | 21 +- drivers/nfc/st-nci/se.c | 6 +- drivers/nvme/host/pci.c | 4 + drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/asus-wmi.c | 2 + drivers/platform/x86/hp-wmi.c | 3 + drivers/platform/x86/touchscreen_dmi.c | 25 + drivers/regulator/core.c | 8 +- drivers/regulator/twl6030-regulator.c | 2 + drivers/s390/block/dasd_eckd.c | 6 +- drivers/scsi/ibmvscsi/ibmvfc.c | 14 +- drivers/scsi/scsi_debug.c | 7 + drivers/scsi/scsi_transport_sas.c | 13 +- drivers/scsi/storvsc_drv.c | 69 +- drivers/spi/spi-dw-dma.c | 3 + drivers/spi/spi-stm32.c | 2 +- drivers/tee/optee/device.c | 2 +- drivers/tty/serial/8250/8250_omap.c | 7 +- drivers/usb/cdns3/cdnsp-gadget.h | 1463 ++++++++++++++++++++ drivers/usb/cdns3/core.c | 24 +- drivers/usb/cdns3/core.h | 5 + drivers/usb/cdns3/drd.c | 101 +- drivers/usb/cdns3/drd.h | 67 +- drivers/usb/dwc3/dwc3-exynos.c | 11 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/xen/platform-pci.c | 7 +- drivers/xen/xen-pciback/conf_space_capability.c | 9 +- fs/btrfs/ioctl.c | 7 +- fs/btrfs/sysfs.c | 7 +- fs/ceph/caps.c | 105 +- fs/ceph/mds_client.c | 90 +- fs/ceph/mds_client.h | 5 + fs/ceph/snap.c | 31 +- fs/ceph/strings.c | 1 + fs/ext4/extents.c | 18 +- fs/nilfs2/sufile.c | 8 + fs/zonefs/super.c | 37 +- include/linux/ceph/ceph_fs.h | 1 + include/linux/license.h | 2 + include/linux/netfilter/ipset/ip_set.h | 3 + include/net/switchdev.h | 2 + include/trace/events/rxrpc.h | 2 +- include/uapi/linux/audit.h | 2 +- init/Kconfig | 2 +- kernel/gcov/clang.c | 2 + kernel/irq/manage.c | 31 +- kernel/irq/msi.c | 7 + lib/vdso/Makefile | 2 +- mm/vmscan.c | 10 +- net/9p/trans_fd.c | 2 + net/bridge/br_vlan.c | 33 +- net/core/flow_dissector.c | 2 +- net/dccp/ipv4.c | 2 + net/dccp/ipv6.c | 2 + net/ipv4/Kconfig | 10 + net/ipv4/esp4_offload.c | 3 + net/ipv4/fib_trie.c | 4 +- net/ipv4/inet_hashtables.c | 10 +- net/ipv4/ip_input.c | 5 + net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 +- net/ipv4/tcp_ipv4.c | 2 + net/ipv6/esp6_offload.c | 3 + net/ipv6/tcp_ipv6.c | 2 + net/ipv6/xfrm6_policy.c | 6 +- net/key/af_key.c | 32 +- net/mac80211/main.c | 8 +- net/mac80211/mesh_pathtbl.c | 2 +- net/netfilter/ipset/ip_set_hash_ip.c | 17 +- net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +- net/netfilter/ipset/ip_set_hash_ipport.c | 3 + net/netfilter/ipset/ip_set_hash_ipportip.c | 3 + net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 + net/netfilter/ipset/ip_set_hash_net.c | 11 +- net/netfilter/ipset/ip_set_hash_netiface.c | 10 +- net/netfilter/ipset/ip_set_hash_netnet.c | 16 +- net/netfilter/ipset/ip_set_hash_netport.c | 11 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 16 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nf_flow_table_offload.c | 4 + net/netfilter/nft_ct.c | 6 +- net/netfilter/xt_connmark.c | 18 +- net/nfc/nci/core.c | 2 +- net/nfc/nci/data.c | 4 +- net/openvswitch/conntrack.c | 8 +- net/rxrpc/af_rxrpc.c | 2 +- net/rxrpc/ar-internal.h | 24 +- net/rxrpc/call_accept.c | 4 +- net/rxrpc/call_object.c | 44 +- net/rxrpc/conn_client.c | 66 +- net/rxrpc/conn_object.c | 49 +- net/rxrpc/conn_service.c | 8 +- net/rxrpc/input.c | 4 +- net/rxrpc/local_object.c | 68 +- net/rxrpc/net_ns.c | 5 +- net/rxrpc/peer_object.c | 40 +- net/rxrpc/proc.c | 75 +- net/rxrpc/skbuff.c | 1 - net/sched/Kconfig | 2 +- net/sched/act_connmark.c | 4 +- net/sched/act_ct.c | 8 +- net/sched/act_ctinfo.c | 6 +- net/tipc/discover.c | 5 +- net/tipc/topsrv.c | 20 +- net/xfrm/xfrm_device.c | 15 +- net/xfrm/xfrm_replay.c | 2 +- sound/soc/codecs/hdac_hda.h | 4 +- sound/soc/codecs/sgtl5000.c | 1 + sound/soc/intel/boards/bytcht_es8316.c | 7 + sound/soc/soc-pcm.c | 5 - .../testing/selftests/bpf/verifier/ref_tracking.c | 36 + 191 files changed, 4038 insertions(+), 942 deletions(-)

1 year, 4 months

8
171
0 0

[PATCH v2 net 0/2] vmxnet3: couple of fixes

by Ronak Doshi

This series fixes following issues: Patch 1: This patch provides a fix to correctly report encapsulated LRO'ed packet. Patch 2: This patch provides a fix to use correct intrConf reference. Changes in v2: - declare generic descriptor to be used - remove white spaces - remove single quote around commit reference in patch 2 - remove if check for encap_lro Ronak Doshi (2): vmxnet3: correctly report encapsulated LRO packet vmxnet3: use correct intrConf reference when using extended queues drivers/net/vmxnet3/vmxnet3_drv.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) -- 2.11.0

1 year, 4 months

3
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2022