March 2024 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.81 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/x86/boot.rst | 2 Documentation/x86/mds.rst | 38 MAINTAINERS | 7 Makefile | 2 arch/arm/boot/dts/imx23.dtsi | 2 arch/arm/boot/dts/imx28.dtsi | 2 arch/arm/boot/dts/imx6qdl.dtsi | 2 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/arm/boot/dts/imx6ul.dtsi | 2 arch/arm/boot/dts/imx7s.dtsi | 3 arch/arm64/crypto/aes-neonbs-glue.c | 11 arch/arm64/include/asm/efi.h | 1 arch/powerpc/platforms/pseries/iommu.c | 156 ++- arch/riscv/include/asm/ftrace.h | 5 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/Makefile | 2 arch/riscv/kernel/return_address.c | 48 arch/x86/Kconfig | 17 arch/x86/boot/compressed/Makefile | 13 arch/x86/boot/compressed/acpi.c | 14 arch/x86/boot/compressed/cmdline.c | 4 arch/x86/boot/compressed/efi_mixed.S | 328 ++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ---- arch/x86/boot/compressed/head_32.S | 38 arch/x86/boot/compressed/head_64.S | 593 ++---------- arch/x86/boot/compressed/ident_map_64.c | 7 arch/x86/boot/compressed/kaslr.c | 26 arch/x86/boot/compressed/mem_encrypt.S | 152 ++- arch/x86/boot/compressed/misc.c | 85 + arch/x86/boot/compressed/misc.h | 3 arch/x86/boot/compressed/pgtable.h | 10 arch/x86/boot/compressed/pgtable_64.c | 94 - arch/x86/boot/compressed/sev.c | 114 +- arch/x86/boot/header.S | 2 arch/x86/boot/tools/build.c | 2 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 11 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/boot.h | 10 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/efi.h | 14 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/nospec-branch.h | 27 arch/x86/include/asm/sev.h | 7 arch/x86/kernel/cpu/bugs.c | 15 arch/x86/kernel/cpu/intel.c | 178 +-- arch/x86/kernel/e820.c | 8 arch/x86/kernel/nmi.c | 3 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 12 drivers/bluetooth/btqca.c | 104 +- drivers/bluetooth/btqca.h | 23 drivers/bluetooth/hci_qca.c | 310 +++++- drivers/clk/tegra/clk-tegra20.c | 28 drivers/cpufreq/intel_pstate.c | 3 drivers/dma/fsl-qdma.c | 21 drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/firmware/efi/efi.c | 22 drivers/firmware/efi/libstub/Makefile | 1 drivers/firmware/efi/libstub/alignedmem.c | 7 drivers/firmware/efi/libstub/arm64-stub.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 2 drivers/firmware/efi/libstub/efistub.h | 32 drivers/firmware/efi/libstub/mem.c | 5 drivers/firmware/efi/libstub/randomalloc.c | 17 drivers/firmware/efi/libstub/x86-5lvl.c | 95 + drivers/firmware/efi/libstub/x86-stub.c | 315 +++--- drivers/firmware/efi/libstub/x86-stub.h | 17 drivers/firmware/efi/vars.c | 13 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 drivers/gpu/drm/drm_buddy.c | 10 drivers/gpu/drm/meson/meson_drv.c | 23 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/tegra/drm.c | 23 drivers/infiniband/core/cm_trace.h | 2 drivers/infiniband/core/cma.c | 255 ++--- drivers/infiniband/core/cma_trace.h | 2 drivers/infiniband/core/user_mad.c | 23 drivers/input/joystick/xpad.c | 5 drivers/interconnect/core.c | 18 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 16 drivers/iommu/sprd-iommu.c | 29 drivers/mmc/core/mmc.c | 2 drivers/mmc/host/mmci_stm32_sdmmc.c | 24 drivers/mmc/host/sdhci-xenon-phy.c | 48 drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/Kconfig | 2 drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 10 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 5 drivers/net/veth.c | 40 drivers/of/overlay.c | 2 drivers/of/property.c | 2 drivers/pci/controller/dwc/pci-layerscape-ep.c | 119 ++ drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/scsi/scsi_lib.c | 52 - drivers/scsi/sd.c | 26 drivers/soc/qcom/rpmhpd.c | 7 drivers/usb/gadget/composite.c | 18 drivers/usb/gadget/configfs.c | 3 drivers/usb/gadget/udc/core.c | 27 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/video/fbdev/core/fbcon.c | 8 drivers/xen/events/events_base.c | 5 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 fs/btrfs/disk-io.c | 22 fs/btrfs/disk-io.h | 2 fs/btrfs/ioctl.c | 2 fs/btrfs/send.c | 17 fs/btrfs/transaction.c | 2 fs/efivarfs/vars.c | 17 fs/exportfs/expfs.c | 8 fs/lockd/svc4proc.c | 1 fs/lockd/svclock.c | 17 fs/lockd/svcproc.c | 1 fs/lockd/svcsubs.c | 4 fs/locks.c | 24 fs/nfs/nfs4trace.h | 6 fs/nfs/nfstrace.h | 6 fs/nfs/write.c | 4 fs/nfsd/Kconfig | 19 fs/nfsd/Makefile | 5 fs/nfsd/blocklayout.c | 1 fs/nfsd/blocklayoutxdr.c | 1 fs/nfsd/export.h | 1 fs/nfsd/filecache.c | 39 fs/nfsd/flexfilelayout.c | 1 fs/nfsd/netns.h | 2 fs/nfsd/nfs4callback.c | 72 + fs/nfsd/nfs4idmap.c | 1 fs/nfsd/nfs4proc.c | 31 fs/nfsd/nfs4state.c | 312 ++++-- fs/nfsd/nfs4xdr.c | 771 ++++++++-------- fs/nfsd/nfsctl.c | 13 fs/nfsd/nfsd.h | 9 fs/nfsd/nfsfh.h | 10 fs/nfsd/nfsproc.c | 66 - fs/nfsd/nfssvc.c | 8 fs/nfsd/state.h | 11 fs/nfsd/trace.h | 106 ++ fs/nfsd/vfs.c | 64 + fs/nfsd/vfs.h | 1 fs/nfsd/xdr4.h | 5 fs/nfsd/xdr4cb.h | 6 fs/ntfs3/frecord.c | 5 fs/ntfs3/fsntfs.c | 1 fs/ntfs3/index.c | 11 include/linux/bvec.h | 2 include/linux/decompress/mm.h | 2 include/linux/efi.h | 1 include/linux/fs.h | 14 include/linux/netfilter.h | 4 include/linux/nfs4.h | 13 include/linux/usb/composite.h | 2 include/linux/usb/gadget.h | 8 include/net/ipv6_stubs.h | 5 include/net/mctp.h | 1 include/net/netfilter/nf_conntrack.h | 8 include/scsi/scsi_device.h | 52 - include/trace/events/fs.h | 122 -- include/trace/events/nfs.h | 375 ------- include/trace/events/rdma.h | 168 --- include/trace/events/rpcgss.h | 2 include/trace/events/rpcrdma.h | 4 include/trace/events/sunrpc.h | 2 include/trace/events/sunrpc_base.h | 18 include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 ++++++++ include/trace/misc/rdma.h | 168 +++ include/trace/misc/sunrpc.h | 18 include/uapi/linux/bpf.h | 31 include/uapi/linux/in6.h | 2 lib/nlattr.c | 4 mm/huge_memory.c | 4 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/hci_sync.c | 7 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 + net/bridge/netfilter/nf_conntrack_bridge.c | 30 net/core/filter.c | 30 net/core/rtnetlink.c | 11 net/hsr/hsr_forward.c | 2 net/ipv4/ip_tunnel.c | 28 net/ipv4/netfilter/nf_reject_ipv4.c | 1 net/ipv6/addrconf.c | 7 net/ipv6/af_inet6.c | 1 net/ipv6/netfilter/nf_reject_ipv6.c | 1 net/mctp/route.c | 10 net/mptcp/diag.c | 5 net/mptcp/pm_netlink.c | 48 net/mptcp/pm_userspace.c | 12 net/mptcp/protocol.c | 56 + net/mptcp/protocol.h | 13 net/mptcp/subflow.c | 15 net/netfilter/core.c | 16 net/netfilter/nf_conntrack_core.c | 13 net/netfilter/nf_conntrack_proto_tcp.c | 35 net/netfilter/nf_tables_api.c | 7 net/netfilter/nft_compat.c | 20 net/netlink/af_netlink.c | 2 net/tls/tls_sw.c | 11 net/unix/garbage.c | 21 net/wireless/nl80211.c | 2 security/landlock/fs.c | 4 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/firewire/amdtp-stream.c | 2 sound/pci/hda/patch_realtek.c | 3 tools/include/uapi/linux/bpf.h | 31 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 227 files changed, 5027 insertions(+), 3096 deletions(-) Abdun Nihaal (1): fs/ntfs3: Fix NULL dereference in ni_write_inode Alex Deucher (2): Revert "drm/amd/pm: resolve reboot exception for si oland" drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Alexander Lobakin (1): x86/boot: Robustify calling startup_{32,64}() from the decompressor code Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Alexander Stein (1): phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Anna Schumaker (1): NFSD: Simplify READ_PLUS Ard Biesheuvel (49): crypto: arm64/neonbs - fix out-of-bounds access on short input efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S x86/boot/compressed: Move 32-bit entrypoint code into .text section x86/boot/compressed: Move bootargs parsing out of 32-bit startup code x86/boot/compressed: Move efi32_pe_entry into .text section x86/boot/compressed: Move efi32_entry out of head_64.S x86/boot/compressed: Move efi32_pe_entry() out of head_64.S x86/boot/compressed, efi: Merge multiple definitions of image_offset into one x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() x86/boot/compressed: Pull global variable reference into startup32_load_idt() x86/boot/compressed: Move startup32_load_idt() into .text section x86/boot/compressed: Move startup32_load_idt() out of head_64.S x86/boot/compressed: Move startup32_check_sev_cbit() into .text x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y x86/efi: Make the deprecated EFI handover protocol optional x86/efistub: Branch straight to kernel entry point from C code x86/decompressor: Store boot_params pointer in callee save register x86/decompressor: Assign paging related global variables earlier x86/decompressor: Call trampoline as a normal function x86/decompressor: Use standard calling convention for trampoline x86/decompressor: Avoid the need for a stack in the 32-bit trampoline x86/decompressor: Call trampoline directly from C code x86/decompressor: Only call the trampoline when changing paging levels x86/decompressor: Pass pgtable address to trampoline directly x86/decompressor: Merge trampoline cleanup with switching code x86/decompressor: Move global symbol references to C code decompress: Use 8 byte alignment arm64: efi: Limit allocations to 48-bit addressable physical region efi: efivars: prevent double registration x86/efistub: Simplify and clean up handover entry code x86/decompressor: Avoid magic offsets for EFI handover entrypoint x86/efistub: Clear BSS in EFI handover protocol entrypoint efi/libstub: Add memory attribute protocol definitions efi/libstub: Add limit argument to efi_random_alloc() x86/efistub: Perform 4/5 level paging switch from the stub x86/decompressor: Factor out kernel decompression and relocation x86/efistub: Prefer EFI memory attributes protocol over DXE services x86/efistub: Perform SNP feature test while running in the firmware x86/efistub: Avoid legacy decompressor when doing EFI boot efi/x86: Avoid physical KASLR on older Dell systems x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: efistub: Assign global boot_params variable efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags x86/efistub: Give up if memory attribute protocol returns an error Arnd Bergmann (2): clk: tegra20: fix gcc-7 constant overflow warning efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Bjorn Helgaas (1): net: restore alpha order to Ethernet devices in config Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Chuck Lever (15): NFSD: Flesh out a documenting comment for filecache.c NFSD: Clean up nfs4_preprocess_stateid_op() call sites NFSD: Trace stateids returned via DELEGRETURN NFSD: Trace delegation revocations NFSD: Use const pointers as parameters to fh_ helpers NFSD: Update file_hashtbl() helpers NFSD: Clean up nfsd4_init_file() NFSD: Add a nfsd4_file_hash_remove() helper NFSD: Clean up find_or_add_file() NFSD: Refactor find_file() NFSD: Use rhashtable for managing nfs4_file objects NFSD: Fix licensing header in filecache.c trace: Relocate event helper files NFSD: Use only RQ_DROPME to signal the need to drop a reply NFSD: Use set_bit(RQ_DROPME) Chunyan Zhang (1): iommu/sprd: Release dma buffer to avoid memory leak Colin Ian King (1): NFSD: Remove redundant assignment to variable host_err Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization Dai Ngo (6): NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker NFSD: add support for sending CB_RECALL_ANY NFSD: add delegation reaper to react to low memory condition NFSD: add CB_RECALL_ANY tracepoints NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time NFSD: replace delayed_work with work_struct for nfsd_client_shrinker David Disseldorp (1): exportfs: use pr_debug for unreachable debug statements David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Edward Lo (1): fs/ntfs3: Add length check in indx_get_root Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Elson Roy Serrao (1): usb: gadget: Properly configure the device for remote wakeup Eniac Zhang (1): ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Filipe Manana (2): btrfs: fix double free of anonymous device after snapshot creation failure btrfs: send: don't issue unnecessary zero writes for trailing hole Florian Westphal (4): netlink: add nla be16/32 types to minlen array net: ip_tunnel: prevent perpetual headroom growth netfilter: let reset rules clean out conntrack entries netfilter: bridge: confirm multicast packets before passing them up the stack Frank Li (1): PCI: layerscape: Add the endpoint linkup notifier support Gaurav Batra (1): powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Geert Uytterhoeven (1): of: overlay: Reorder struct fragment fields kerneldoc Geliang Tang (2): mptcp: map v4 address to v6 when destroying subflow selftests: mptcp: join: add ss mptcp support check Greg Kroah-Hartman (3): Revert "interconnect: Fix locking for runpm vs reclaim" Revert "interconnect: Teach lockdep about icc_bw_lock order" Linux 6.1.81 Gustavo A. R. Silva (1): RDMA/core: Fix multiple -Warray-bounds warnings Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans Peter (1): ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ido Schimmel (2): mlxsw: spectrum_acl_tcam: Make fini symmetric to init mlxsw: spectrum_acl_tcam: Add missing mutex_destroy() Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (2): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Janaki Ramaiah Thota (1): Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jeff Layton (11): nfsd: ignore requests to disable unsupported versions nfsd: move nfserrno() to vfs.c nfsd: allow disabling NFSv2 at compile time filelock: add a new locks_inode_context accessor function lockd: use locks_inode_context helper nfsd: use locks_inode_context helper nfsd: fix up the filecache laundrette scheduling lockd: set missing fl_flags field when retrieving args lockd: ensure we use the correct file descriptor when unlocking lockd: fix file selection in nlmsvc_cancel_blocked nfsd: don't destroy global nfs4_file table in per-net shutdown Jeremy Kerr (1): net: mctp: take ownership of skb in mctp_local_output Jia-Ju Bai (1): fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() Jiri Bohac (1): x86/e820: Don't reserve SETUP_RNG_SEED in e820 Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Johan Hovold (1): efi: verify that variable services are supported Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Jonas Dreßler (1): Bluetooth: hci_sync: Check the correct flag before starting a scan Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Kees Cook (1): NFSD: Avoid clashing function prototypes Krzysztof Kozlowski (1): Bluetooth: hci_qca: mark OF related data as maybe unused Kuniyuki Iwashima (2): af_unix: Fix task hung while purging oob_skb in GC. af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Louis DeLosSantos (1): bpf: Add table ID to bpf_fib_lookup BPF helper Luca Weiss (1): Bluetooth: btqca: Add WCN3988 support Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix accept_list when attempting to suspend Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Lukasz Majewski (1): net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Manivannan Sadhasivam (1): iommu/arm-smmu-qcom: Limit the SMR groups to 128 Marek Vasut (1): ARM: dts: imx7s: Drop dma-apb interrupt-names Martin Blumenstingl (1): drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (1): scsi: sd: usb_storage: uas: Access media prior to querying device properties Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Matthew Auld (1): drm/buddy: fix range bias Matthieu Baerts (NGI0) (1): mptcp: continue marking the first subflow as UNCONNECTED Maximilian Heyne (1): xen/events: close evtchn after mapping cleanup Mickaël Salaün (1): landlock: Fix asymmetric private inodes referring Mike Christie (1): scsi: core: Add struct for args to execution functions Min-Hua Chen (1): Bluetooth: btqca: use le32_to_cpu for ver.soc_id Ming Lei (1): block: define bvec_iter as __packed __aligned(4) Neil Armstrong (3): drm/meson: fix unbind path if HDMI fails to bind Bluetooth: qca: use switch case for soc type behavior Bluetooth: qca: add support for WCN7850 NeilBrown (1): NFS: Fix data corruption caused by congestion. Oleksij Rempel (3): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: lan78xx: fix "softirq work is pending" error igb: extend PTP timestamp adjustments to i211 Pablo Neira Ayuso (1): netfilter: nf_tables: disallow timeout for anonymous sets Paolo Abeni (6): mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation mptcp: push at DSS boundaries mptcp: fix snd_wnd initialization for passive socket mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Patrisious Haddad (1): RDMA/core: Refactor rdma_bind_addr Pawan Gupta (6): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (2): tls: decrement decrypt_pending if no async completion will be called tls: fix peeking with sync+async decryption Saravana Kannan (1): of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Shiraz Saleem (1): RDMA/core: Update CMA destination address on rdma_resolve_addr Steev Klimaszewski (1): Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 Stefan Wahren (1): ARM: dts: imx: Adjust dma-apbh node name Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Thierry Reding (1): drm/tegra: Remove existing framebuffer only if we support display Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Tomas Krcka (1): iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any Vicki Pfau (1): Input: xpad - add constants for GIP interface numbers Xiaowei Bao (1): PCI: layerscape: Add workaround for lost link capabilities during reset Xiu Jianfeng (1): NFSD: Use struct_size() helper in alloc_session() Yang Shi (1): mm: huge_memory: don't force huge page alignment on 32 bit Ye Bin (1): fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (2): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: qca: Fix wrong event type for patch config command Zong Li (1): riscv: add CALLER_ADDRx support

1 year, 3 months

1
1
0 0

Linux 5.15.151

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.151 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/riscv/include/asm/pgtable.h | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 drivers/dma/fsl-qdma.c | 21 - drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 drivers/interconnect/core.c | 18 - drivers/mmc/core/mmc.c | 2 drivers/mmc/host/sdhci-xenon-phy.c | 48 ++- drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/net/veth.c | 40 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/rpmhpd.c | 7 drivers/video/fbdev/core/fbcon.c | 8 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 + fs/cachefiles/bind.c | 3 fs/hugetlbfs/inode.c | 6 include/linux/netfilter.h | 14 include/net/ipv6_stubs.h | 5 include/net/netfilter/nf_conntrack.h | 8 include/net/strparser.h | 4 include/net/tls.h | 11 include/uapi/linux/bpf.h | 37 ++ include/uapi/linux/in6.h | 2 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 ++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 +++- net/core/rtnetlink.c | 11 net/ipv4/ip_tunnel.c | 28 + net/ipv4/netfilter/nf_reject_ipv4.c | 1 net/ipv6/addrconf.c | 7 net/ipv6/af_inet6.c | 1 net/ipv6/netfilter/nf_reject_ipv6.c | 1 net/mptcp/diag.c | 3 net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++- net/mptcp/subflow.c | 36 -- net/netfilter/core.c | 45 ++- net/netfilter/nf_conntrack_core.c | 21 + net/netfilter/nf_conntrack_netlink.c | 4 net/netfilter/nf_conntrack_proto_tcp.c | 35 ++ net/netfilter/nf_nat_core.c | 2 net/netfilter/nf_tables_api.c | 7 net/netfilter/nfnetlink_queue.c | 10 net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 net/tls/tls_device.c | 6 net/tls/tls_sw.c | 310 ++++++++++------------ net/unix/garbage.c | 22 - net/wireless/nl80211.c | 2 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/firewire/amdtp-stream.c | 2 tools/include/uapi/linux/bpf.h | 37 ++ tools/testing/selftests/net/mptcp/config | 2 69 files changed, 984 insertions(+), 522 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (6): net: ip_tunnel: prevent perpetual headroom growth netfilter: nfnetlink_queue: silence bogus compiler warning netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook netfilter: make function op structures const netfilter: let reset rules clean out conntrack entries netfilter: bridge: confirm multicast packets before passing them up the stack Gal Pressman (1): Revert "tls: rx: move counting TlsDecryptErrors for sync" Geliang Tang (1): mptcp: add needs_id for netlink appending addr Greg Kroah-Hartman (3): Revert "interconnect: Fix locking for runpm vs reclaim" Revert "interconnect: Teach lockdep about icc_bw_lock order" Linux 5.15.151 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (16): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory tls: rx: don't store the record type in socket context tls: rx: don't store the decryption status in socket context tls: rx: don't issue wake ups when data is decrypted tls: rx: refactor decrypt_skb_update() tls: hw: rx: use return value of tls_device_decrypted() to carry status tls: rx: drop unnecessary arguments from tls_setup_from_iter() tls: rx: don't report text length from the bowels of decrypt tls: rx: wrap decryption arguments in a structure tls: rx: factor out writing ContentType to cmsg tls: rx: don't track the async count tls: rx: move counting TlsDecryptErrors for sync tls: rx: assume crypto always calls our callback tls: rx: use async as an in-out argument net: tls: fix async vs NIC crypto offload Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jean Sacren (1): mptcp: clean up harmless false expressions Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Kuniyuki Iwashima (1): af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Louis DeLosSantos (1): bpf: Add table ID to bpf_fib_lookup BPF helper Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Martin KaFai Lau (1): bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Matthieu Baerts (NGI0) (2): selftests: mptcp: add missing kconfig for NF Filter selftests: mptcp: add missing kconfig for NF Filter in v6 Max Krummenacher (1): Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oleksij Rempel (2): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected igb: extend PTP timestamp adjustments to i211 Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Pablo Neira Ayuso (1): netfilter: nf_tables: disallow timeout for anonymous sets Paolo Abeni (5): mptcp: move __mptcp_error_report in protocol.c mptcp: process pending subflow error on close mptcp: rename timer related helper to less confusing names mptcp: push at DSS boundaries mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (1): tls: decrement decrypt_pending if no async completion will be called Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Vasily Averin (1): net: enable memcg accounting for veth queues Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (1): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR

1 year, 3 months

1
1
0 0

Linux 5.10.212

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.212 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/riscv/include/asm/pgtable.h | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++++++---------- drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/dma/fsl-qdma.c | 21 +- drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 - drivers/mmc/core/mmc.c | 2 drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/spi/gigadevice.c | 81 +++++++-- drivers/net/gtp.c | 12 - drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/platform/x86/touchscreen_dmi.c | 4 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/rpmhpd.c | 7 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 ++ fs/cachefiles/bind.c | 3 fs/ext4/mballoc.c | 39 ++-- fs/hugetlbfs/inode.c | 6 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 + net/bluetooth/l2cap_core.c | 8 net/core/rtnetlink.c | 11 - net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 net/mptcp/diag.c | 3 net/mptcp/protocol.c | 49 +++++ net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 net/wireless/nl80211.c | 2 security/tomoyo/common.c | 3 sound/core/Makefile | 1 36 files changed, 426 insertions(+), 192 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (2): ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() cachefiles: fix memory leak in cachefiles_add_cache() Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Chuanhong Guo (1): mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (1): net: ip_tunnel: prevent perpetual headroom growth Greg Kroah-Hartman (1): Linux 5.10.212 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans de Goede (2): platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Paolo Abeni (1): mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Reto Schneider (1): mtd: spinand: gigadevice: Support GD5F1GQ5UExxG Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (1): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 3 months

1
1
0 0

Linux 5.4.271

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.271 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++++++++++--------------- drivers/dma/fsl-qdma.c | 21 +-- drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/mmc/core/mmc.c | 2 drivers/net/gtp.c | 12 - drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/power/supply/bq27xxx_battery_i2c.c | 4 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 +++ fs/cachefiles/bind.c | 3 fs/hugetlbfs/inode.c | 6 net/bluetooth/hci_core.c | 7 - net/bluetooth/hci_event.c | 9 + net/bluetooth/l2cap_core.c | 8 + net/core/rtnetlink.c | 11 - net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 - net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 net/wireless/nl80211.c | 2 sound/core/Makefile | 1 25 files changed, 223 insertions(+), 140 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (1): net: ip_tunnel: prevent perpetual headroom growth Greg Kroah-Hartman (1): Linux 5.4.271 Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching

1 year, 3 months

1
1
0 0

Linux 4.19.309

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.309 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 ++-- drivers/mmc/core/mmc.c | 2 ++ drivers/net/gtp.c | 12 ++++++------ drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 ++- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +++- fs/btrfs/dev-replace.c | 24 ++++++++++++++++++++---- fs/cachefiles/bind.c | 3 +++ net/bluetooth/hci_core.c | 7 ++++--- net/bluetooth/hci_event.c | 9 ++++++++- net/bluetooth/l2cap_core.c | 8 +++++++- net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 ++ sound/core/Makefile | 1 - 17 files changed, 64 insertions(+), 24 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() David Sterba (1): btrfs: dev-replace: properly validate device names Greg Kroah-Hartman (1): Linux 4.19.309 Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching

1 year, 3 months

1
1
0 0

[PATCH 6.7 000/163] 6.7.9-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.9 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 07:46:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.9-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.9-rc2 Danilo Krummrich <dakr(a)redhat.com> drm/nouveau: don't fini scheduler before entity flush Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: rm subflow with v4/v4mapped addr Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_is_v6 Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: update userspace pm test helpers Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add chk_subflows_total helper Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add evts_get_info helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: use correct function name for resetting TCE tables Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Ensure safe user copy of completion record Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Remove shadow Event Log head stored in idxd Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: qcom-qmp-usb: fix v3 offsets data Yang Yingliang <yangyingliang(a)huawei.com> phy: qcom: phy-qcom-m31: fix wrong pointer pass to PTR_ERR() Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Add HDMA remote interrupt configuration Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix the ch_count hdma callback Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Peter Ujfalusi <peter.ujfalusi(a)gmail.com> mfd: twl6030-irq: Revert to use of_match_device() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix potential wake-up event loss Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid printing warning once on client side Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Byungchul Park <byungchul(a)sk.com> mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Fix to allocate entry_data_size buffer with rethook instances Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Cristian Marussi <cristian.marussi(a)arm.com> pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix protection fault in iommufd_test_syz_conv_iova Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix iopt_access_list_id overwrite bug Nathan Chancellor <nathan(a)kernel.org> kbuild: Add -Wa,--fatal-warnings to as-instr invocation Thomas Weißschuh <linux(a)weissschuh.net> power: supply: mm8013: select REGMAP_I2C Samuel Holland <samuel.holland(a)sifive.com> riscv: Save/restore envcfg CSR during CPU suspend Samuel Holland <samuel.holland(a)sifive.com> riscv: Add a custom ISA extension for the [ms]envcfg CSR Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix enabling cbo.zero when running in M-mode Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Nathan Chancellor <nathan(a)kernel.org> RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH Xiubo Li <xiubli(a)redhat.com> ceph: switch to corrected encoding of max_xattr_size in mdsmap Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Rob Clark <robdclark(a)chromium.org> soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin <tsung-hua.lin(a)amd.com> drm/amd/display: Add monitor patch for specific eDP Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the power1_min_cap value Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Elad Nachman <enachman(a)marvell.com> mtd: rawnand: marvell: fix layouts Nhat Pham <nphamcs(a)gmail.com> mm: cachestat: fix folio read-after-free in cache walk Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Willian Wang <git(a)willian.wang> ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Gergo Koteles <soyer(a)irl.hu> ALSA: hda/realtek: tas2781: enable subwoofer volume control Jay Ajit Mate <jay.mate15(a)gmail.com> ALSA: hda/realtek: Fix top speaker connection on Dell Inspiron 16 Plus 7630 Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Sid Pranjale <sidpranjale127(a)protonmail.com> drm/nouveau: keep DMA buffers required for suspend/resume Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between ordered extent completion and fiemap Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix pte_leaf_size() for NAPOT Alexandre Ghiti <alexghiti(a)rivosinc.com> Revert "riscv: mm: support Svnapot in huge vmap" Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: ctr_get_width function for legacy is not defined Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: added capabilities for legacy PMU Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Prevent potential buffer overflow in map_hw_resources David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Conor Dooley <conor(a)kernel.org> RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix for initializing ASP1 mixer registers Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Don't add the same register patch multiple times Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Yangyu Chen <cyy(a)cyyself.name> riscv: mm: fix NOCACHE_THEAD does not set bit[61] correctly Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Skip reset assert on Tegra186 Colin Ian King <colin.i.king(a)gmail.com> ASoC: qcom: Fix uninitialized pointer dmactl Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Jisheng Zhang <jszhang(a)kernel.org> riscv: tlb: fix __p*d_free_tlb() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <o.rempel(a)pengutronix.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix handling of multiple mcast groups Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix triggering coredump implementation Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <o.rempel(a)pengutronix.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix pin phase adjust updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll periodic work data updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll and dpll_pin data access on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll input pin phase_adjust value updates Yochai Hagvi <yochai.hagvi(a)intel.com> ice: fix connection state of DPLL and out pin Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking ------------- Diffstat: Documentation/arch/x86/mds.rst | 34 +++- Makefile | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 ++ arch/powerpc/include/asm/rtas.h | 4 +- arch/powerpc/kernel/rtas.c | 9 +- arch/powerpc/platforms/pseries/iommu.c | 156 +++++++++++------ arch/riscv/Kconfig | 1 - arch/riscv/include/asm/csr.h | 2 + arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/hugetlb.h | 2 + arch/riscv/include/asm/hwcap.h | 2 + arch/riscv/include/asm/pgalloc.h | 20 ++- arch/riscv/include/asm/pgtable-64.h | 2 +- arch/riscv/include/asm/pgtable.h | 6 +- arch/riscv/include/asm/suspend.h | 1 + arch/riscv/include/asm/vmalloc.h | 61 +------ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cpufeature.c | 31 +++- arch/riscv/kernel/return_address.c | 48 +++++ arch/riscv/kernel/suspend.c | 4 + arch/riscv/mm/hugetlbpage.c | 2 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 -- arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++--------- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 20 ++- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/hci_bcm4377.c | 3 +- drivers/bluetooth/hci_qca.c | 22 ++- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/dw-edma/dw-edma-v0-core.c | 17 ++ drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +++-- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 +- drivers/dma/fsl-edma-common.c | 2 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/dma/idxd/cdev.c | 2 +- drivers/dma/idxd/debugfs.c | 2 +- drivers/dma/idxd/idxd.h | 1 - drivers/dma/idxd/init.c | 15 +- drivers/dma/idxd/irq.c | 3 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 9 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 9 +- drivers/gpu/drm/drm_buddy.c | 10 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 +- drivers/gpu/drm/tegra/drm.c | 23 ++- drivers/gpu/host1x/dev.c | 15 +- drivers/gpu/host1x/dev.h | 6 + drivers/iommu/iommufd/io_pagetable.c | 9 +- drivers/iommu/iommufd/selftest.c | 27 ++- drivers/mfd/twl6030-irq.c | 10 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 +++ drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 18 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 91 ++++++++-- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 ++--- drivers/of/property.c | 2 +- drivers/perf/riscv_pmu.c | 18 +- drivers/perf/riscv_pmu_legacy.c | 10 +- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 10 +- drivers/pmdomain/arm/scmi_perf_domain.c | 3 + drivers/pmdomain/qcom/rpmhpd.c | 7 +- drivers/power/supply/Kconfig | 1 + drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/pmic_glink.c | 21 +-- drivers/spi/spi-cadence-quadspi.c | 11 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/btrfs/disk-io.c | 22 +-- fs/btrfs/disk-io.h | 2 +- fs/btrfs/extent_io.c | 165 ++++++++++++++--- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/ceph/mdsmap.c | 7 +- fs/ceph/mdsmap.h | 6 +- fs/efivarfs/vars.c | 17 +- fs/nfs/write.c | 4 +- include/linux/bvec.h | 2 +- include/linux/netfilter.h | 1 + include/net/mctp.h | 1 + include/sound/soc-card.h | 2 + include/uapi/linux/in6.h | 2 +- kernel/trace/fprobe.c | 14 +- lib/nlattr.c | 4 + mm/debug_vm_pgtable.c | 8 + mm/filemap.c | 51 +++--- mm/migrate.c | 8 + net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 ++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++++ net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 +- net/mctp/route.c | 10 +- net/mptcp/diag.c | 3 + net/mptcp/options.c | 2 +- net/mptcp/pm_userspace.c | 10 ++ net/mptcp/protocol.c | 52 +++++- net/mptcp/protocol.h | 21 +-- net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 40 +++-- net/unix/garbage.c | 21 +-- net/wireless/nl80211.c | 2 + scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/core/ump.c | 4 +- sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 33 +++- sound/soc/codecs/cs35l45.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 8 +- sound/soc/codecs/cs35l56.c | 195 ++++++++++++++++++--- sound/soc/codecs/cs35l56.h | 1 + sound/soc/fsl/fsl_xcvr.c | 12 +- sound/soc/qcom/lpass-cdc-dma.c | 2 +- sound/soc/soc-card.c | 24 ++- tools/net/ynl/lib/ynl.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 192 ++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 ++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 +++++---- 161 files changed, 1941 insertions(+), 831 deletions(-)

1 year, 3 months

6
14
0 0

[PATCH v2] mm: swap: Fix race between free_swap_and_cache() and swapoff()

by Ryan Roberts

There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Cc: stable(a)vger.kernel.org Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi Andrew, Please replace v1 of this patch in mm-unstable with this version. Changes since v1: - Added comments for get_swap_device() as suggested by David - Moved check that swap entry is not free from get_swap_device() to free_swap_and_cache() since there are some paths that legitimately call with a free offset. I haven't addressed the recommendation by Huang Ying [1] to also revert commit 23b230ba8ac3 ("mm/swap: print bad swap offset entry in get_swap_device"). It should be done separately to this, and and we need to conclude discussion first. [1] https://lore.kernel.org/all/875xy0842q.fsf@yhuang6-desk2.ccr.corp.intel.com/ Thanks, Ryan mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/mm/swapfile.c b/mm/swapfile.c index 2b3a2d85e350..1155a6304119 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_locked(struct swap_info_struct *p, * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entry) if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH 5.10 00/41] 5.10.212-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.212 release. There are 41 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 11:31:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.212-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.212-rc2 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Chuanhong Guo <gch981213(a)gmail.com> mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Reto Schneider <reto.schneider(a)husqvarnagroup.com> mtd: spinand: gigadevice: Support GD5F1GQ5UExxG zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/x86/kernel/cpu/intel.c | 178 +++++++++++---------- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++-- drivers/mtd/nand/spi/gigadevice.c | 81 ++++++++-- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/platform/x86/touchscreen_dmi.c | 4 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/cachefiles/bind.c | 3 + fs/ext4/mballoc.c | 39 ++--- fs/hugetlbfs/inode.c | 6 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 +- net/mptcp/diag.c | 3 + net/mptcp/protocol.c | 49 ++++++ net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - 36 files changed, 430 insertions(+), 196 deletions(-)

1 year, 3 months

6
5
0 0

[PATCH STABLE v6.1.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c93dd6a31c31..c5968021fde0 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -423,8 +423,12 @@ int folio_migrate_mapping(struct address_space *mapping, if (folio_test_swapbacked(folio)) { __folio_set_swapbacked(newfolio); if (folio_test_swapcache(folio)) { + int i; + folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); + for (i = 0; i < nr; i++) + set_page_private(folio_page(newfolio, i), + page_private(folio_page(folio, i))); } entries = nr; } else { -- 2.43.0

1 year, 3 months

5
9
0 0

[PATCH 5.10/5.15] scsi: add a length check for VARIABLE_LENGTH_CMD commands

by Mikhail Ukhin

Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551af7424a7dace2a1ba05a7de8eae27. Backporting this commit would require significant changes to the code so it is bettter to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> --- drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index dfa090ccd21c..77589e911d3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev) if (unlikely(!scmd->cmd_len)) goto bad_cdb_len; + + if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32) + goto bad_cdb_len; if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) { if (unlikely(scmd->cmd_len > dev->cdb_len)) -- 2.25.1

1 year, 3 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2024