- Linux-stable-mirror - lists.linaro.org

[PATCH v6 04/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit()

by Jarkko Sakkinen

Always call tpm2_flush_space() on failure in tpm_try_transmit() so that the volatile memory of the TPM gets cleared. If /dev/tpm0 does not have sufficient permissions (usually it has), this could lead to the leakage of TPM objects. Through /dev/tpmrm0 this issue does not raise any new security concerns. Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: stable(a)vger.kernel.org Fixes: 745b361e989a ("tpm:tpm: infrastructure for TPM spaces") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com> --- drivers/char/tpm/tpm-interface.c | 33 +++++++++++++++----------------- drivers/char/tpm/tpm.h | 1 + drivers/char/tpm/tpm2-space.c | 2 +- 3 files changed, 17 insertions(+), 19 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 64510ed81b46..c9efd1b9fd2c 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -224,14 +224,14 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) - goto out; + goto out_idle; rc = chip->ops->send(chip, buf, count); if (rc < 0) { if (rc != -EPIPE) dev_err(&chip->dev, "%s: tpm_send: error %d\n", __func__, rc); - goto out; + goto out_space; } if (chip->flags & TPM_CHIP_FLAG_IRQ) @@ -247,7 +247,7 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, if (chip->ops->req_canceled(chip, status)) { dev_err(&chip->dev, "Operation Canceled\n"); rc = -ECANCELED; - goto out; + goto out_space; } tpm_msleep(TPM_TIMEOUT_POLL); @@ -257,30 +257,27 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, chip->ops->cancel(chip); dev_err(&chip->dev, "Operation Timed out\n"); rc = -ETIME; - goto out; + goto out_space; out_recv: len = chip->ops->recv(chip, buf, bufsiz); if (len < 0) { rc = len; - dev_err(&chip->dev, - "tpm_transmit: tpm_recv: error %d\n", rc); - goto out; - } else if (len < TPM_HEADER_SIZE) { + dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc); + } else if (len < TPM_HEADER_SIZE || len != be32_to_cpu(header->length)) rc = -EFAULT; - goto out; - } - if (len != be32_to_cpu(header->length)) { - rc = -EFAULT; - goto out; +out_space: + if (rc) { + tpm2_flush_space(chip); + } else { + rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", + rc); } - rc = tpm2_commit_space(chip, space, ordinal, buf, &len); - if (rc) - dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); - -out: +out_idle: /* may fail but do not override previous error value in rc */ tpm_go_idle(chip, flags); diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 49bca4d1e786..229ac42b644e 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -579,6 +579,7 @@ int tpm2_probe(struct tpm_chip *chip); int tpm2_find_cc(struct tpm_chip *chip, u32 cc); int tpm2_init_space(struct tpm_space *space); void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space); +void tpm2_flush_space(struct tpm_chip *chip); int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc, u8 *cmd); int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 1131a8e7b79b..d53c882268ff 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -162,7 +162,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, return 0; } -static void tpm2_flush_space(struct tpm_chip *chip) +void tpm2_flush_space(struct tpm_chip *chip) { struct tpm_space *space = &chip->work_space; int i; -- 2.19.1

6 years, 11 months

1
0
0 0

[RESEND PATCH] mfd: tps6586x: Handle interrupts on suspend

by Jon Hunter

From: Jonathan Hunter <jonathanh(a)nvidia.com> The tps6586x driver creates an irqchip that is used by its various child devices for managing interrupts. The tps6586x-rtc device is one of its children that uses the tps6586x irqchip. When using the tps6586x-rtc as a wake-up device from suspend, the following is seen: PM: Syncing filesystems ... done. Freezing user space processes ... (elapsed 0.001 seconds) done. OOM killer disabled. Freezing remaining freezable tasks ... (elapsed 0.000 seconds) done. Disabling non-boot CPUs ... Entering suspend state LP1 Enabling non-boot CPUs ... CPU1 is up tps6586x 3-0034: failed to read interrupt status tps6586x 3-0034: failed to read interrupt status The reason why the tps6586x interrupt status cannot be read is because the tps6586x interrupt is not masked during suspend and when the tps6586x-rtc interrupt occurs, to wake-up the device, the interrupt is seen before the i2c controller has been resumed in order to read the tps6586x interrupt status. The tps6586x-rtc driver sets it's interrupt as a wake-up source during suspend, which gets propagated to the parent tps6586x interrupt. However, the tps6586x-rtc driver cannot disable it's interrupt during suspend otherwise we would never be woken up and so the tps6586x must disable it's interrupt instead. Prevent the tps6586x interrupt handler from executing on exiting suspend before the i2c controller has been resumed by disabling the tps6586x interrupt on entering suspend and re-enabling it on resuming from suspend. Cc: stable(a)vger.kernel.org Signed-off-by: Jon Hunter <jonathanh(a)nvidia.com> Reviewed-by: Dmitry Osipenko <digetx(a)gmail.com> Tested-by: Dmitry Osipenko <digetx(a)gmail.com> Acked-by: Thierry Reding <treding(a)nvidia.com> --- drivers/mfd/tps6586x.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/mfd/tps6586x.c b/drivers/mfd/tps6586x.c index b89379782741..9c7925ca13cf 100644 --- a/drivers/mfd/tps6586x.c +++ b/drivers/mfd/tps6586x.c @@ -592,6 +592,29 @@ static int tps6586x_i2c_remove(struct i2c_client *client) return 0; } +static int __maybe_unused tps6586x_i2c_suspend(struct device *dev) +{ + struct tps6586x *tps6586x = dev_get_drvdata(dev); + + if (tps6586x->client->irq) + disable_irq(tps6586x->client->irq); + + return 0; +} + +static int __maybe_unused tps6586x_i2c_resume(struct device *dev) +{ + struct tps6586x *tps6586x = dev_get_drvdata(dev); + + if (tps6586x->client->irq) + enable_irq(tps6586x->client->irq); + + return 0; +} + +static SIMPLE_DEV_PM_OPS(tps6586x_pm_ops, tps6586x_i2c_suspend, + tps6586x_i2c_resume); + static const struct i2c_device_id tps6586x_id_table[] = { { "tps6586x", 0 }, { }, @@ -602,6 +625,7 @@ static struct i2c_driver tps6586x_driver = { .driver = { .name = "tps6586x", .of_match_table = of_match_ptr(tps6586x_of_match), + .pm = &tps6586x_pm_ops, }, .probe = tps6586x_i2c_probe, .remove = tps6586x_i2c_remove, -- 2.7.4

6 years, 11 months

2
1
0 0

[PATCH] mfd: tps6586x: Handle interrupts on suspend

by Jon Hunter

From: Jonathan Hunter <jonathanh(a)nvidia.com> The tps6586x driver creates an irqchip that is used by its various child devices for managing interrupts. The tps6586x-rtc device is one of its children that uses the tps6586x irqchip. When using the tps6586x-rtc as a wake-up device from suspend, the following is seen: PM: Syncing filesystems ... done. Freezing user space processes ... (elapsed 0.001 seconds) done. OOM killer disabled. Freezing remaining freezable tasks ... (elapsed 0.000 seconds) done. Disabling non-boot CPUs ... Entering suspend state LP1 Enabling non-boot CPUs ... CPU1 is up tps6586x 3-0034: failed to read interrupt status tps6586x 3-0034: failed to read interrupt status The reason why the tps6586x interrupt status cannot be read is because the tps6586x interrupt is not masked during suspend and when the tps6586x-rtc interrupt occurs, to wake-up the device, the interrupt is seen before the i2c controller has been resumed in order to read the tps6586x interrupt status. The tps6586x-rtc driver sets it's interrupt as a wake-up source during suspend, which gets propagated to the parent tps6586x interrupt. However, the tps6586x-rtc driver cannot disable it's interrupt during suspend otherwise we would never be woken up and so the tps6586x must disable it's interrupt instead. Prevent the tps6586x interrupt handler from executing on exiting suspend before the i2c controller has been resumed by disabling the tps6586x interrupt on entering suspend and re-enabling it on resuming from suspend. Cc: stable(a)vger.kernel.org Signed-off-by: Jon Hunter <jonathanh(a)nvidia.com> --- drivers/mfd/tps6586x.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/mfd/tps6586x.c b/drivers/mfd/tps6586x.c index b89379782741..9c7925ca13cf 100644 --- a/drivers/mfd/tps6586x.c +++ b/drivers/mfd/tps6586x.c @@ -592,6 +592,29 @@ static int tps6586x_i2c_remove(struct i2c_client *client) return 0; } +static int __maybe_unused tps6586x_i2c_suspend(struct device *dev) +{ + struct tps6586x *tps6586x = dev_get_drvdata(dev); + + if (tps6586x->client->irq) + disable_irq(tps6586x->client->irq); + + return 0; +} + +static int __maybe_unused tps6586x_i2c_resume(struct device *dev) +{ + struct tps6586x *tps6586x = dev_get_drvdata(dev); + + if (tps6586x->client->irq) + enable_irq(tps6586x->client->irq); + + return 0; +} + +static SIMPLE_DEV_PM_OPS(tps6586x_pm_ops, tps6586x_i2c_suspend, + tps6586x_i2c_resume); + static const struct i2c_device_id tps6586x_id_table[] = { { "tps6586x", 0 }, { }, @@ -602,6 +625,7 @@ static struct i2c_driver tps6586x_driver = { .driver = { .name = "tps6586x", .of_match_table = of_match_ptr(tps6586x_of_match), + .pm = &tps6586x_pm_ops, }, .probe = tps6586x_i2c_probe, .remove = tps6586x_i2c_remove, -- 2.7.4

6 years, 11 months

4
11
0 0

[PATCH AUTOSEL 4.4 01/11] bfs: add sanity check at bfs_fill_super()

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit 9f2df09a33aa2c76ce6385d382693f98d7f2f07e ] syzbot is reporting too large memory allocation at bfs_fill_super() [1]. Since file system image is corrupted such that bfs_sb->s_start == 0, bfs_fill_super() is trying to allocate 8MB of continuous memory. Fix this by adding a sanity check on bfs_sb->s_start, __GFP_NOWARN and printf(). [1] https://syzkaller.appspot.com/bug?id=16a87c236b951351374a84c8a32f40edbc034e… Link: http://lkml.kernel.org/r/1525862104-3407-1-git-send-email-penguin-kernel@I-… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+71c6b5d68e91149fc8a4(a)syzkaller.appspotmail.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Tigran Aivazian <aivazian.tigran(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/bfs/inode.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c index fdcb4d69f430..4714c55c1ae5 100644 --- a/fs/bfs/inode.c +++ b/fs/bfs/inode.c @@ -350,7 +350,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) s->s_magic = BFS_MAGIC; - if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { + if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end) || + le32_to_cpu(bfs_sb->s_start) < BFS_BSIZE) { printf("Superblock is corrupted\n"); goto out1; } @@ -359,9 +360,11 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) sizeof(struct bfs_inode) + BFS_ROOT_INO - 1; imap_len = (info->si_lasti / 8) + 1; - info->si_imap = kzalloc(imap_len, GFP_KERNEL); - if (!info->si_imap) + info->si_imap = kzalloc(imap_len, GFP_KERNEL | __GFP_NOWARN); + if (!info->si_imap) { + printf("Cannot allocate %u bytes\n", imap_len); goto out1; + } for (i = 0; i < BFS_ROOT_INO; i++) set_bit(i, info->si_imap); -- 2.17.1

6 years, 11 months

1
10
0 0

[PATCH AUTOSEL 4.14 01/26] bfs: add sanity check at bfs_fill_super()

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit 9f2df09a33aa2c76ce6385d382693f98d7f2f07e ] syzbot is reporting too large memory allocation at bfs_fill_super() [1]. Since file system image is corrupted such that bfs_sb->s_start == 0, bfs_fill_super() is trying to allocate 8MB of continuous memory. Fix this by adding a sanity check on bfs_sb->s_start, __GFP_NOWARN and printf(). [1] https://syzkaller.appspot.com/bug?id=16a87c236b951351374a84c8a32f40edbc034e… Link: http://lkml.kernel.org/r/1525862104-3407-1-git-send-email-penguin-kernel@I-… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+71c6b5d68e91149fc8a4(a)syzkaller.appspotmail.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Tigran Aivazian <aivazian.tigran(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/bfs/inode.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c index 9a69392f1fb3..d81c148682e7 100644 --- a/fs/bfs/inode.c +++ b/fs/bfs/inode.c @@ -350,7 +350,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) s->s_magic = BFS_MAGIC; - if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { + if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end) || + le32_to_cpu(bfs_sb->s_start) < BFS_BSIZE) { printf("Superblock is corrupted\n"); goto out1; } @@ -359,9 +360,11 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) sizeof(struct bfs_inode) + BFS_ROOT_INO - 1; imap_len = (info->si_lasti / 8) + 1; - info->si_imap = kzalloc(imap_len, GFP_KERNEL); - if (!info->si_imap) + info->si_imap = kzalloc(imap_len, GFP_KERNEL | __GFP_NOWARN); + if (!info->si_imap) { + printf("Cannot allocate %u bytes\n", imap_len); goto out1; + } for (i = 0; i < BFS_ROOT_INO; i++) set_bit(i, info->si_imap); -- 2.17.1

6 years, 11 months

1
25
0 0

[PATCH AUTOSEL 4.19 01/44] bfs: add sanity check at bfs_fill_super()

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit 9f2df09a33aa2c76ce6385d382693f98d7f2f07e ] syzbot is reporting too large memory allocation at bfs_fill_super() [1]. Since file system image is corrupted such that bfs_sb->s_start == 0, bfs_fill_super() is trying to allocate 8MB of continuous memory. Fix this by adding a sanity check on bfs_sb->s_start, __GFP_NOWARN and printf(). [1] https://syzkaller.appspot.com/bug?id=16a87c236b951351374a84c8a32f40edbc034e… Link: http://lkml.kernel.org/r/1525862104-3407-1-git-send-email-penguin-kernel@I-… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+71c6b5d68e91149fc8a4(a)syzkaller.appspotmail.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Tigran Aivazian <aivazian.tigran(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/bfs/inode.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c index 9a69392f1fb3..d81c148682e7 100644 --- a/fs/bfs/inode.c +++ b/fs/bfs/inode.c @@ -350,7 +350,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) s->s_magic = BFS_MAGIC; - if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { + if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end) || + le32_to_cpu(bfs_sb->s_start) < BFS_BSIZE) { printf("Superblock is corrupted\n"); goto out1; } @@ -359,9 +360,11 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) sizeof(struct bfs_inode) + BFS_ROOT_INO - 1; imap_len = (info->si_lasti / 8) + 1; - info->si_imap = kzalloc(imap_len, GFP_KERNEL); - if (!info->si_imap) + info->si_imap = kzalloc(imap_len, GFP_KERNEL | __GFP_NOWARN); + if (!info->si_imap) { + printf("Cannot allocate %u bytes\n", imap_len); goto out1; + } for (i = 0; i < BFS_ROOT_INO; i++) set_bit(i, info->si_imap); -- 2.17.1

6 years, 11 months

1
43
0 0

[PATCH 4.18 000/350] 4.18.19-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.19 release. There are 350 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Nov 13 22:15:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.19-rc1 Daniel Colascione <dancol(a)google.com> bpf: wait for running BPF programs when updating map-in-map Jann Horn <jannh(a)google.com> userns: also map extents in the reverse map to kernel IDs David Ahern <dsahern(a)gmail.com> net: sched: Remove TCA_OPTIONS from policy Filipe Manana <fdmanana(a)suse.com> Btrfs: fix use-after-free when dumping free space Filipe Manana <fdmanana(a)suse.com> Btrfs: fix use-after-free during inode eviction Josef Bacik <josef(a)toxicpanda.com> btrfs: move the dio_sem higher up the callchain Josef Bacik <josef(a)toxicpanda.com> btrfs: don't run delayed_iputs in commit Josef Bacik <josef(a)toxicpanda.com> btrfs: fix insert_reserved error handling Josef Bacik <josef(a)toxicpanda.com> btrfs: only free reserved extent if we didn't insert it Josef Bacik <jbacik(a)fb.com> btrfs: don't use ctl->free_space for max_extent_size Josef Bacik <jbacik(a)fb.com> btrfs: set max_extent_size properly Josef Bacik <josef(a)toxicpanda.com> btrfs: reset max_extent_size properly Filipe Manana <fdmanana(a)suse.com> Btrfs: fix deadlock when writing out free space caches Filipe Manana <fdmanana(a)suse.com> Btrfs: fix assertion on fsync of regular file when using no-holes feature Filipe Manana <fdmanana(a)suse.com> Btrfs: fix null pointer dereference on compressed write path error Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Dirty all qgroups before rescan Filipe Manana <fdmanana(a)suse.com> Btrfs: fix wrong dentries after fsync of file that got its parent replaced Filipe Manana <fdmanana(a)suse.com> Btrfs: fix warning when replaying log after fsync of a tmpfile Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure we create all new block groups Josef Bacik <jbacik(a)fb.com> btrfs: reset max_extent_size on clear in a bitmap Josef Bacik <josef(a)toxicpanda.com> btrfs: protect space cache inode alloc with GFP_NOFS Josef Bacik <josef(a)toxicpanda.com> btrfs: release metadata before running delayed refs Chris Mason <clm(a)fb.com> Btrfs: don't clean dirty pages during buffered writes Josef Bacik <josef(a)toxicpanda.com> btrfs: wait on caching when putting the bg cache Jeff Mahoney <jeffm(a)suse.com> btrfs: keep trim from interfering with transaction commits Jeff Mahoney <jeffm(a)suse.com> btrfs: don't attempt to trim devices that don't support it Jeff Mahoney <jeffm(a)suse.com> btrfs: iterate all devices during trim, instead of fs_devices::alloc_list Qu Wenruo <wqu(a)suse.com> btrfs: Ensure btrfs_trim_fs can trim the whole filesystem Qu Wenruo <wqu(a)suse.com> btrfs: Enhance btrfs_trim_fs function to handle error better Jeff Mahoney <jeffm(a)suse.com> btrfs: fix error handling in btrfs_dev_replace_start Jeff Mahoney <jeffm(a)suse.com> btrfs: fix error handling in free_log_tree Qu Wenruo <wqu(a)suse.com> btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock Qu Wenruo <wqu(a)suse.com> btrfs: Handle owner mismatch gracefully when walking up tree Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled Masami Hiramatsu <mhiramat(a)kernel.org> tracing: Return -ENOENT if there is no target synthetic event Breno Leitao <leitao(a)debian.org> selftests/powerpc: Fix ptrace tm failure Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Fix synthetic event test to delete event correctly Johan Hovold <johan(a)kernel.org> soc/tegra: pmc: Fix child-node lookup Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: rmtfs-mem: Validate that scm is available Thor Thayer <thor.thayer(a)linux.intel.com> arm64: dts: stratix10: Correct System Manager register size Thor Thayer <thor.thayer(a)linux.intel.com> ARM: dts: socfpga: Fix SDRAM node address for Arria10 Nicolas Pitre <nicolas.pitre(a)linaro.org> Cramfs: fix abad comparison when wrap-arounds occur Colin Ian King <colin.king(a)canonical.com> rpmsg: smd: fix memory leak on channel create Tri Vo <trong(a)android.com> arm64: lse: remove -fcall-used-x0 flag Hans Verkuil <hansverk(a)cisco.com> media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC Hans Verkuil <hverkuil(a)xs4all.nl> media: replace ADOBERGB by OPRGB Hans Verkuil <hansverk(a)cisco.com> media: media colorspaces*.rst: rename AdobeRGB to opRGB Johan Hovold <johan(a)kernel.org> drm/mediatek: fix OF sibling-node lookup Hans Verkuil <hans.verkuil(a)cisco.com> media: adv7842: when the EDID is cleared, unconfigure CEC as well Hans Verkuil <hans.verkuil(a)cisco.com> media: adv7604: when the EDID is cleared, unconfigure CEC as well Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: em28xx: fix handler for vidioc_s_input() Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: em28xx: make v4l2-compliance happier by starting sequence on zero Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: em28xx: fix input name for Terratec AV 350 Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: tvp5150: avoid going past array on v4l2_querymenu() Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: em28xx: use a default format if TRY_FMT fails Hans Verkuil <hverkuil(a)xs4all.nl> media: cec: forgot to cancel delayed work Hans Verkuil <hans.verkuil(a)cisco.com> media: cec: fix the Signal Free Time calculation Hans Verkuil <hans.verkuil(a)cisco.com> media: cec: add new tx/rx status bits to detect aborts/timeouts Manjunath Patil <manjunath.b.patil(a)oracle.com> xen-blkfront: fix kernel panic with negotiate_mq error path Juergen Gross <jgross(a)suse.com> xen: remove size limit of privcmd-buf mapping interface Juergen Gross <jgross(a)suse.com> xen: fix xen_qlock_wait() Hans Verkuil <hans.verkuil(a)cisco.com> media: cec: integrate cec_validate_phys_addr() in cec-api.c Hans Verkuil <hans.verkuil(a)cisco.com> media: cec: make cec_get_edid_spa_location() an inline function He Zhe <zhe.he(a)windriver.com> kgdboc: Passing ekgdboc to command line causes panic Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Johan Hovold <johan(a)kernel.org> net: bcmgenet: fix OF child-node lookup Maciej W. Rozycki <macro(a)linux-mips.org> TC: Set DMA masks for devices Will Deacon <will.deacon(a)arm.com> iommu/arm-smmu: Ensure that page-table updates are visible before TLBI Christophe Lombard <clombard(a)linux.vnet.ibm.com> ocxl: Fix access to the AFU Descriptor Data Johan Hovold <johan(a)kernel.org> power: supply: twl4030-charger: fix OF sibling-node lookup Maciej W. Rozycki <macro(a)linux-mips.org> rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI Maciej W. Rozycki <macro(a)linux-mips.org> rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt' Soeren Moch <smoch(a)web.de> rtc: ds1307: fix ds1339 wakealarm support Aaro Koskinen <aaro.koskinen(a)iki.fi> MIPS: OCTEON: fix out of bounds array access on CN68XX Maciej W. Rozycki <macro(a)linux-mips.org> MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 Michael Neuling <mikey(a)neuling.org> powerpc/tm: Fix HFSCR bit for no suspend case Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/msi: Fix compile error on mpc83xx Jan Kara <jack(a)suse.cz> fsnotify: Fix busy inodes during unmount Lubomir Rintel <lkundrak(a)v3.sk> media: ov7670: make "xclk" clock optional Damien Le Moal <damien.lemoal(a)wdc.com> dm zoned: fix various dmz_get_mblock() issues Damien Le Moal <damien.lemoal(a)wdc.com> dm zoned: fix metadata block ref counting Wenwen Wang <wang6495(a)umn.edu> dm ioctl: harden copy_params()'s copy_from_user() from malicious users Amir Goldstein <amir73il(a)gmail.com> lockd: fix access beyond unterminated strings in prints Trond Myklebust <trondmy(a)gmail.com> nfsd: Fix an Oops in free_session() Andrew Elble <aweits(a)rit.edu> nfsd: correctly decrement odstate refcount in error path Benjamin Coddington <bcodding(a)redhat.com> nfs: Fix a missed page unlock after pg_doio() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix the r/wsize checking Johan Hovold <johan(a)kernel.org> NFC: nfcmrvl_uart: fix OF child-node lookup Lukas Wunner <lukas(a)wunner.de> genirq: Fix race on spurious interrupt detection He Zhe <zhe.he(a)windriver.com> printk: Fix panic caused by passing log_buf_len to command line Steve French <stfrench(a)microsoft.com> smb3: on kerberos mount if server doesn't specify auth type use krb5 Steve French <stfrench(a)microsoft.com> smb3: do not attempt cifs operation in smb3 query info error path Steve French <stfrench(a)microsoft.com> smb3: allow stats which track session and share reconnects to be reset Andreas Kemnade <andreas(a)kemnade.info> w1: omap-hdq: fix missing bus unregister at removal Eugen Hristev <eugen.hristev(a)microchip.com> iio: adc: at91: fix wrong channel number in triggered buffer mode Eugen Hristev <eugen.hristev(a)microchip.com> iio: adc: at91: fix acking DRDY irq on simple conversions Alexey Khoroshilov <khoroshilov(a)ispras.ru> iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Lars-Peter Clausen <lars(a)metafoo.de> iio: ad5064: Fix regulator handling Arnd Bergmann <arnd(a)arndb.de> kbuild: fix kernel/bounds.c 'W=1' warning Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Fix caching of host MDCR_EL2 value Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Ensure only THP is candidate for adjustment Ralph Campbell <rcampbell(a)nvidia.com> mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback Ralph Campbell <rcampbell(a)nvidia.com> mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly Mike Kravetz <mike.kravetz(a)oracle.com> hugetlbfs: dirty pages as they are added to pagecache Eric Biggers <ebiggers(a)google.com> ima: fix showing large 'violations' or 'runtime_measurements_count' Vlastimil Babka <vbabka(a)suse.cz> mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Jason A. Donenfeld <Jason(a)zx2c4.com> crypto: speck - remove Speck Ard Biesheuvel <ard.biesheuvel(a)linaro.org> crypto: aegis/generic - fix for big endian systems Ard Biesheuvel <ard.biesheuvel(a)linaro.org> crypto: morus/generic - fix for big endian systems Mikulas Patocka <mpatocka(a)redhat.com> crypto: aesni - don't use GFP_ATOMIC allocation if the request doesn't cross a page in gcm Horia Geantă <horia.geanta(a)nxp.com> crypto: tcrypt - fix ghash-generic speed test Ondrej Mosnacek <omosnace(a)redhat.com> crypto: lrw - Fix out-of bounds access on counter overflow Eric W. Biederman <ebiederm(a)xmission.com> signal: Guard against negative signal numbers in copy_siginfo_from_user32 Eric W. Biederman <ebiederm(a)xmission.com> signal/GenWQE: Fix sending of SIGKILL Keith Busch <keith.busch(a)intel.com> PCI: vmd: White list for fast interrupt handlers Bin Meng <bmeng.cn(a)gmail.com> PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk Lukas Wunner <lukas(a)wunner.de> PCI/ASPM: Fix link_state teardown on device removal Vignesh R <vigneshr(a)ti.com> ARM: dts: dra7: Fix up unaligned access setting for PCIe EP Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC, skx_edac: Fix logical channel intermediate decoding Tony Luck <tony.luck(a)intel.com> EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting Michael Jin <mikhail.jin(a)gmail.com> EDAC, amd64: Add Family 17h, models 10h-2fh support Breno Leitao <leitao(a)debian.org> HID: hiddev: fix potential Spectre v1 Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 Stephen Smalley <sds(a)tycho.nsa.gov> selinux: fix mounting of cgroup2 under older policies Theodore Ts'o <tytso(a)mit.edu> ext4: fix use-after-free race in ext4_remount()'s error path Wang Shilong <wshilong(a)ddn.com> ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR Wang Shilong <wangshilong1991(a)gmail.com> ext4: fix setattr project check in fssetxattr ioctl Lukas Czerner <lczerner(a)redhat.com> ext4: initialize retries variable in ext4_da_write_inline_data_begin() Theodore Ts'o <tytso(a)mit.edu> ext4: fix EXT4_IOC_SWAP_BOOT Al Viro <viro(a)zeniv.linux.org.uk> gfs2_meta: ->mount() can get NULL dev_name Jan Kara <jack(a)suse.cz> jbd2: fix use after free in jbd2_log_do_checkpoint() Jason Gunthorpe <jgg(a)ziepe.ca> IB/rxe: Revise the ib_wr_opcode enum Artemy Kovalyov <artemyko(a)mellanox.com> IB/mlx5: Fix MR cache initialization Daniel Mack <daniel(a)zonque.org> ASoC: sta32x: set ->component pointer in private struct Takashi Iwai <tiwai(a)suse.de> ASoC: intel: skylake: Add missing break in skl_tplg_get_token() Dan Williams <dan.j.williams(a)intel.com> libnvdimm, pmem: Fix badblocks population for 'raw' namespaces Dan Williams <dan.j.williams(a)intel.com> libnvdimm, region: Fail badblocks listing for inactive regions Alexander Duyck <alexander.h.duyck(a)linux.intel.com> libnvdimm: Hold reference on parent while scheduling async init Christian Lamparter <chunkeey(a)gmail.com> dmaengine: ppc4xx: fix off-by-one build failure Stefan Nuernberger <snu(a)amazon.com> net/ipv4: defensive cipso option parsing Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() Felix Fietkau <nbd(a)nbd.name> mt76: mt76x2: fix multi-interface beacon configuration Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten Lubomir Rintel <lkundrak(a)v3.sk> libertas: don't set URB_ZERO_PACKET on IN USB transfer Juergen Gross <jgross(a)suse.com> xen/pvh: don't try to unplug emulated devices Roger Pau Monne <roger.pau(a)citrix.com> xen/pvh: increase early stack size Juergen Gross <jgross(a)suse.com> xen: make xen_qlock_wait() nestable Juergen Gross <jgross(a)suse.com> xen: fix race in xen_qlock_wait() Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen/balloon: Support xend-based toolstack Vasilis Liaskovitis <vliaskovitis(a)suse.com> xen/blkfront: avoid NULL blkfront_info dereference on device removal Dr. Greg Wettstein <greg(a)wind.enjellic.com> tpm: Restore functionality to xen vtpm driver. Joe Jin <joe.jin(a)oracle.com> xen-swiotlb: use actually allocated size on check physical continuous Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: exynos: Add missing cooling device properties for CPUs Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Free OPP table properly on performance state irregularities Chao Yu <yuchao0(a)huawei.com> f2fs: fix to account IO correctly Chao Yu <yuchao0(a)huawei.com> f2fs: fix to recover cold bit of inode block during POR Jaegeuk Kim <jaegeuk(a)kernel.org> Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" Prarit Bhargava <prarit(a)redhat.com> cpupower: Fix AMD Family 0x17 msr_pstate size Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Check the non-cached stream buffers more explicitly Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: fix for duplicate request processing and ack psns Paul Cercueil <paul(a)crapouillou.net> dmaengine: dma-jz4780: Return error if not probed from DT Alexandre Belloni <alexandre.belloni(a)bootlin.com> mfd: menelaus: Fix possible race condition and leak Eric W. Biederman <ebiederm(a)xmission.com> signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init Yunlei He <heyunlei(a)huawei.com> f2fs: report error if quota off error during umount Zhikang Zhang <zhangzhikang1(a)huawei.com> f2fs: avoid sleeping under spin_lock James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Correct race with abort on completion path James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Correct soft lockup when running mds diagnostics Alexandre Belloni <alexandre.belloni(a)bootlin.com> uio: ensure class is registered before devices Moni Shoua <monis(a)mellanox.com> IB/mlx5: Allow transition of DCI QP to reset Stephen Boyd <swboyd(a)chromium.org> firmware: coreboot: Unmap ioregion after device population Waiman Long <longman(a)redhat.com> driver/dma/ioat: Call del_timer_sync() without holding prep_lock Casey Schaufler <casey.schaufler(a)intel.com> Smack: ptrace capability use fixes Loic Poulain <loic.poulain(a)linaro.org> usb: chipidea: Prevent unbalanced IRQ disable Horia Geantă <horia.geanta(a)nxp.com> crypto: caam - fix implicit casts in endianness helpers Vignesh R <vigneshr(a)ti.com> PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: etb10: Fix handling of perf mode Tonghao Zhang <xiangxia.m.yue(a)gmail.com> PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice Chao Yu <yuchao0(a)huawei.com> f2fs: fix to recover inode's i_flags during POR Chao Yu <yuchao0(a)huawei.com> f2fs: fix to recover inode's crtime during POR Anshuman Gupta <anshuman.gupta(a)intel.com> xhci: Avoid USB autosuspend when resuming USB2 ports. Bartosz Golaszewski <bgolaszewski(a)baylibre.com> nvmem: check the return value of nvmem_add_cells() Shaohua Li <shli(a)fb.com> MD: fix invalid stored role for a disk Theodore Ts'o <tytso(a)mit.edu> ext4: fix argument checking in EXT4_IOC_MOVE_EXT Alexandre Belloni <alexandre.belloni(a)bootlin.com> usb: gadget: udc: atmel: handle at91sam9rl PMC Fabrice Gasnier <fabrice.gasnier(a)st.com> usb: dwc2: fix a race with external vbus supply Lina Iyer <ilina(a)codeaurora.org> irqchip/pdc: Setup all edge interrupts as rising edge at GIC Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Reset credit grant properly after a disconnect Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI / ACPI: Enable wake automatically for power managed bridges Jorgen Hansen <jhansen(a)vmware.com> VMCI: Resource wildcard match fixed Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: clear PageError on the read path Javier Martinez Canillas <javierm(a)redhat.com> tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> usb: typec: tcpm: Report back negotiated PPS voltage and current Alan Douglas <adouglas(a)cadence.com> PCI: cadence: Use AXI region 0 to signal interrupts from EP Honghui Zhang <honghui.zhang(a)mediatek.com> PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic Tudor.Ambarus(a)microchip.com <Tudor.Ambarus(a)microchip.com> usb: host: ohci-at91: fix request of irq for optional gpio Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix recursive lock warning in debug kernel Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case Denis Drozdov <denisd(a)mellanox.com> IB/ipoib: Clear IPCB before icmp_send Parav Pandit <parav(a)mellanox.com> RDMA/core: Do not expose unsupported counters Wenwen Wang <wang6495(a)umn.edu> scsi: megaraid_sas: fix a missing-check bug Jim Mattson <jmattson(a)google.com> KVM: nVMX: Clear reserved bits of #DB exit qualification David Howells <dhowells(a)redhat.com> UAPI: ndctl: Fix g++-unsupported initialisation in headers Evan Green <evgreen(a)chromium.org> scsi: ufs: Schedule clk gating work on correct queue Finn Thain <fthain(a)telegraphics.com.au> scsi: esp_scsi: Track residual for PIO transfers Jack Wang <jinpu.wang(a)profitbricks.com> md: fix memleak for mempool Xiao Ni <xni(a)redhat.com> MD: Memory leak when flush bio size is zero Chao Yu <yuchao0(a)huawei.com> f2fs: fix to account IO correctly for cgroup writeback Johan Hovold <johan(a)kernel.org> net: stmmac: dwmac-sun8i: fix OF child-node lookup Michal Hocko <mhocko(a)suse.com> cgroup, netclassid: add a preemption point to write_classid Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: da9062/61: Prevent hardware access during system suspend Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: rcar_thermal: Prevent doing work after unbind Diego Viola <diego.viola(a)gmail.com> libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 Martin Willi <martin(a)strongswan.org> ath10k: schedule hardware restart if WMI command times out Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbevf: VF2VF TCP RSS Shannon Nelson <shannon.nelson(a)oracle.com> ixgbe: disallow IPsec Tx offload when in SR-IOV mode Justin Chen <justinpopo6(a)gmail.com> gpio: brcmstb: allow 0 width GPIO banks Sara Sharon <sara.sharon(a)intel.com> iwlwifi: mvm: fix BAR seq ctrl reporting Siva Rebbagondla <siva.rebbagondla(a)redpinesignals.com> rsi: fix memory alignment issue in ARM32 platforms Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix writing to a PHY page. Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for vf vlan delete failed problem Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix ping exited problem when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Preserve vlan 0 in hardware table Douglas Anderson <dianders(a)chromium.org> pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant Douglas Anderson <dianders(a)chromium.org> pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant Arnaldo Carvalho de Melo <acme(a)redhat.com> perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo YueHaibing <yuehaibing(a)huawei.com> failover: Add missing check to validate 'slave_dev' in net_failover_slave_unregister Alexei Starovoitov <ast(a)kernel.org> bpf/verifier: fix verifier instability Stephen Boyd <swboyd(a)chromium.org> pinctrl: qcom: spmi-mpp: Fix drive strength setting Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers Linus Walleij <linus.walleij(a)linaro.org> spi: gpio: No MISO does not imply no RX Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() Will Deacon <will.deacon(a)arm.com> arm64: entry: Allow handling of undefined instructions from EL1 Paolo Valente <paolo.valente(a)linaro.org> block, bfq: correctly charge and reset entity service in all cases Antoine Tenart <antoine.tenart(a)bootlin.com> net: phy: phylink: ensure the carrier is off when starting phylink Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Set STATE_DOWN bit of hdev state when stopping net Peng Li <lipeng321(a)huawei.com> net: hns3: Check hdev state when getting link status Arend van Spriel <arend.vanspriel(a)broadcom.com> brcmfmac: fix for proper support of 160MHz bandwidth YueHaibing <yuehaibing(a)huawei.com> pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux YueHaibing <yuehaibing(a)huawei.com> pinctrl: sunxi: fix 'pctrl->functions' allocation in sunxi_pinctrl_build_state Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix ets validate issue Jian Shen <shenjian15(a)huawei.com> net: hns3: Add nic state check before calling netif_tx_wake_queue Ben Hutchings <ben(a)decadent.org.uk> x86: boot: Fix EFI stub alignment Christian Hewitt <christianshewitt(a)gmail.com> Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for packet buffer setting bug Jacob Keller <jacob.e.keller(a)intel.com> ice: update fw version check logic Bruce Allan <bruce.w.allan(a)intel.com> ice: fix changing of ring descriptor size (ethtool -G) Will Deacon <will.deacon(a)arm.com> signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Gustavo A. R. Silva <gustavo(a)embeddedor.com> mtd: rawnand: atmel: Fix potential NULL pointer dereference Xiaochen Shen <xiaochen.shen(a)intel.com> x86/intel_rdt: Show missing resctrl mount options Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: dt: Try freeing static OPPs only if we have added them Dou Liyang <douly.fnst(a)cn.fujitsu.com> ACPI / processor: Fix the return value of acpi_processor_ids_walk() Rajneesh Bhardwaj <rajneesh.bhardwaj(a)linux.intel.com> ACPI / PM: LPIT: Register sysfs attributes based on FADT Jeffrey Hugo <jhugo(a)codeaurora.org> ACPI/PPTT: Handle architecturally unknown cache types Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: use a private workqueue for delete Lubomir Rintel <lkundrak(a)v3.sk> x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: mvm: check for n_profiles validity in EWRD ACPI Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface Shaul Triebitz <shaul.triebitz(a)intel.com> iwlwifi: pcie: avoid empty free RB queue Masahiro Yamada <yamada.masahiro(a)socionext.com> mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset Wang Dongsheng <dongsheng.wang(a)hxt-semitech.com> sdhci: acpi: add free_slot callback Yu Zhao <yuzhao(a)google.com> mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 Ben Peddell <klightspeed(a)killerwolves.net> bcache: Populate writeback_rate_minimum attribute Prarit Bhargava <prarit(a)redhat.com> cpupower: Fix coredump on VMWare Sanskriti Sharma <sansharm(a)redhat.com> perf strbuf: Match va_{add,copy} with va_end Sanskriti Sharma <sansharm(a)redhat.com> perf tools: Cleanup trace-event-info 'tdata' leak Sanskriti Sharma <sansharm(a)redhat.com> perf tools: Free temporary 'sys' string in read_event_files() Nathan Chancellor <natechancellor(a)gmail.com> spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} Javier González <javier(a)cnexlabs.com> lightnvm: pblk: fix race condition on metadata I/O Jia-Ju Bai <baijiaju1990(a)gmail.com> lightnvm: pblk: fix two sleep-in-atomic-context bugs Javier González <javier(a)cnexlabs.com> lightnvm: pblk: fix race on sysfs line state Thierry Reding <treding(a)nvidia.com> hwmon: (pwm-fan) Set fan speed to 0 on suspend Janosch Frank <frankja(a)linux.ibm.com> s390/sthyi: Fix machine name validity indication Serhey Popovych <serhe.popovych(a)gmail.com> tun: Consistently configure generic netdev params via rtnetlink Ryan C Goodfellow <rgoodfel(a)isi.edu> nfp: devlink port split support for 1x100G CXP NIC Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: cpufeature: ctr: Fix cpu capability check for late CPUs Omar Sandoval <osandov(a)fb.com> swim: fix cleanup on setup error Omar Sandoval <osandov(a)fb.com> ataflop: fix error handling during setup Paolo Abeni <pabeni(a)redhat.com> netfilter: xt_nat: fix DNAT target for shifted portmap ranges Waiman Long <longman(a)redhat.com> locking/lockdep: Fix debug_locks off performance problem Masahisa Kojima <masahisa.kojima(a)linaro.org> net: socionext: Reset tx queue in ndo_stop Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: cleanup DMA for all kinds of failure Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add synthetic event syntax testcase Leo Li <sunpeng.li(a)amd.com> drm: Get ref on CRTC commit object when waiting for flip_done Heiner Kallweit <hkallweit1(a)gmail.com> r8169: re-enable MSI-X on RTL8168g Nathan Chancellor <natechancellor(a)gmail.com> net: qla3xxx: Remove overflowing shift statement Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> x86/fpu: Remove second definition of fpu in __fpu__restore_sig() Milian Wolff <milian.wolff(a)kdab.com> perf report: Don't crash on invalid inline debug information David Miller <davem(a)davemloft.net> perf cpu_map: Align cpu map synthesized events properly. Jarod Wilson <jarod(a)redhat.com> perf tools: Fix use of alternatives to find JDIR Jiri Olsa <jolsa(a)redhat.com> perf evsel: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus Song Muchun <smuchun(a)gmail.com> sched/fair: Fix the min_vruntime update logic in dequeue_entity() Pieter Jansen van Vuuren <pieter.jansenvanvuuren(a)netronome.com> nfp: flower: use offsets provided by pedit instead of index for ipv6 Pieter Jansen van Vuuren <pieter.jansenvanvuuren(a)netronome.com> nfp: flower: fix pedit set actions for multiple partial masks Jian-Hong Pan <jian-hong(a)endlessm.com> r8169: Enable MSI-X on RTL8106e Jiri Olsa <jolsa(a)redhat.com> perf vendor events intel: Fix wrong filter_band* values for uncore events Florian Westphal <fw(a)strlen.de> xfrm: policy: use hlist rcu variants on insert Björn Töpel <bjorn.topel(a)intel.com> xsk: do not call synchronize_net() under RCU read lock Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: usbip: add wait after attach and before checking port status Jiri Olsa <jolsa(a)kernel.org> Revert "perf tools: Fix PMU term format max value calculation" Keith Busch <keith.busch(a)intel.com> nvme: remove ns sibling before clearing path Eric Dumazet <edumazet(a)google.com> bpf: do not blindly change rlimit in reuseport net selftest Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm: fix use of freed memory in drm_mode_setcrtc Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen Sai Praneeth <sai.praneeth.prakhya(a)intel.com> x86/speculation: Support Enhanced IBRS on future CPUs Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> x86/mm/pat: Disable preemption around __flush_tlb_all() He Zhe <zhe.he(a)windriver.com> x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided Juergen Gross <jgross(a)suse.com> x86/xen: Fix boot loader version reported for PVH guests Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Alex Stanoev <alex(a)astanoev.com> ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Add 2 more models to the power_save blacklist Jeremy Cline <jcline(a)redhat.com> ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix headphone pin config for ASUS G751 Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Add quirk for ASUS G751 laptop Helge Deller <deller(a)gmx.de> parisc: Fix exported address of os_hpmc handler Helge Deller <deller(a)gmx.de> parisc: Fix map_pages() to not overwrite existing pte entries John David Anglin <dave.anglin(a)bell.net> parisc: Fix address in HPMC IVA Dan Williams <dan.j.williams(a)intel.com> acpi, nfit: Fix Address Range Scrub completion tracking David Arcari <darcari(a)redhat.com> mailbox: PCC: handle parse error Jan Glauber <jglauber(a)cavium.com> ipmi: Fix timer race with module unload Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Use preempt_enable() in optimized_callback() Erik Schmauss <erik.schmauss(a)intel.com> ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes Erik Schmauss <erik.schmauss(a)intel.com> ACPICA: AML interpreter: add region addresses in global list during initialization Bart Van Assche <bvanassche(a)acm.org> ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer() Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges He Zhe <zhe.he(a)windriver.com> dma-mapping: fix panic caused by passing empty cma command line argument Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: conservative: Take limits changes into account properly Ming Lei <ming.lei(a)redhat.com> block: make sure writesame bio is aligned with logical block size Ming Lei <ming.lei(a)redhat.com> block: make sure discard bio is aligned with logical block size Ming Lei <ming.lei(a)redhat.com> block: don't deal with discard limit in blkdev_issue_discard() Jens Axboe <axboe(a)kernel.dk> block: setup bounce bio_sets properly Hou Tao <houtao1(a)huawei.com> jffs2: free jffs2_sb_info through jffs2_kill_sb() Dmitry Bazhenov <bazhenov.dn(a)gmail.com> hwmon: (pmbus) Fix page count auto-detection. Tang Junhui <tang.junhui.linux(a)gmail.com> bcache: fix miss key refill->end in writeback Tang Junhui <tang.junhui.linux(a)gmail.com> bcache: correct dirty data statistics Tang Junhui <tang.junhui.linux(a)gmail.com> bcache: trace missed reading by cache_missed Rafał Miłecki <rafal(a)milecki.pl> spi: bcm-qspi: fix calculation of address length Rafał Miłecki <rafal(a)milecki.pl> spi: bcm-qspi: switch back to reading flash using smaller chunks Chuanhua Han <chuanhua.han(a)nxp.com> spi: spi-mem: Adjust op len based on message/transfer size limitations Ahmad Fatoum <a.fatoum(a)pengutronix.de> mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus Mika Westerberg <mika.westerberg(a)linux.intel.com> mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash Liu Xiang <liu.xiang6(a)zte.com.cn> mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: marvell: fix the IRQ handler complete() condition ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 10 - Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 +- Documentation/media/uapi/v4l/biblio.rst | 10 - Documentation/media/uapi/v4l/colorspaces-defs.rst | 8 +- .../media/uapi/v4l/colorspaces-details.rst | 13 +- Documentation/media/videodev2.h.rst.exceptions | 6 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 2 +- arch/arm/boot/dts/exynos3250.dtsi | 16 + arch/arm/boot/dts/exynos4210-origen.dts | 9 + arch/arm/boot/dts/exynos4210.dtsi | 13 + arch/arm/boot/dts/exynos4412.dtsi | 9 + arch/arm/boot/dts/exynos5250.dtsi | 114 +++- arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +- arch/arm/crypto/Kconfig | 6 - arch/arm/crypto/Makefile | 2 - arch/arm/crypto/speck-neon-core.S | 434 ------------ arch/arm/crypto/speck-neon-glue.c | 288 -------- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 2 +- arch/arm64/crypto/Kconfig | 6 - arch/arm64/crypto/Makefile | 3 - arch/arm64/crypto/speck-neon-core.S | 352 ---------- arch/arm64/crypto/speck-neon-glue.c | 282 -------- arch/arm64/kernel/cpufeature.c | 22 +- arch/arm64/kernel/entry.S | 2 +- arch/arm64/kernel/traps.c | 11 +- arch/arm64/lib/Makefile | 2 +- arch/m68k/configs/amiga_defconfig | 1 - arch/m68k/configs/apollo_defconfig | 1 - arch/m68k/configs/atari_defconfig | 1 - arch/m68k/configs/bvme6000_defconfig | 1 - arch/m68k/configs/hp300_defconfig | 1 - arch/m68k/configs/mac_defconfig | 1 - arch/m68k/configs/multi_defconfig | 1 - arch/m68k/configs/mvme147_defconfig | 1 - arch/m68k/configs/mvme16x_defconfig | 1 - arch/m68k/configs/q40_defconfig | 1 - arch/m68k/configs/sun3_defconfig | 1 - arch/m68k/configs/sun3x_defconfig | 1 - arch/mips/cavium-octeon/executive/cvmx-helper.c | 2 +- arch/mips/lib/memset.S | 4 +- arch/parisc/kernel/entry.S | 2 +- arch/parisc/kernel/hpmc.S | 3 +- arch/parisc/kernel/traps.c | 3 +- arch/parisc/mm/init.c | 8 +- arch/powerpc/include/asm/mpic.h | 7 + arch/powerpc/kernel/mce_power.c | 7 + arch/powerpc/kernel/setup_64.c | 18 +- arch/powerpc/mm/hash_native_64.c | 4 +- arch/s390/defconfig | 1 - arch/s390/kernel/sthyi.c | 8 +- arch/x86/boot/tools/build.c | 7 + arch/x86/crypto/aesni-intel_glue.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/include/asm/tlbflush.h | 6 + arch/x86/kernel/check.c | 15 + arch/x86/kernel/cpu/bugs.c | 77 ++- arch/x86/kernel/cpu/common.c | 3 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 7 + arch/x86/kernel/fpu/signal.c | 1 - arch/x86/kernel/kprobes/opt.c | 2 +- arch/x86/kvm/vmx.c | 7 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/platform/olpc/olpc-xo1-rtc.c | 3 + arch/x86/xen/enlighten_pvh.c | 2 +- arch/x86/xen/platform-pci-unplug.c | 4 + arch/x86/xen/spinlock.c | 35 +- arch/x86/xen/xen-pvh.S | 2 +- block/bfq-wf2q.c | 13 +- block/blk-lib.c | 33 +- block/blk-merge.c | 3 +- block/blk.h | 10 + block/bounce.c | 37 +- crypto/Kconfig | 14 - crypto/Makefile | 1 - crypto/aegis.h | 20 +- crypto/lrw.c | 7 +- crypto/morus1280.c | 7 +- crypto/morus640.c | 16 +- crypto/speck.c | 307 --------- crypto/tcrypt.c | 3 + crypto/testmgr.c | 24 - crypto/testmgr.h | 738 --------------------- drivers/acpi/acpi_lpit.c | 6 + drivers/acpi/acpi_lpss.c | 2 + drivers/acpi/acpi_processor.c | 7 +- drivers/acpi/acpica/dsopcode.c | 4 + drivers/acpi/acpica/psloop.c | 14 +- drivers/acpi/nfit/core.c | 163 +++-- drivers/acpi/nfit/nfit.h | 9 +- drivers/acpi/osl.c | 15 +- drivers/acpi/pptt.c | 33 +- drivers/ata/libata-core.c | 1 + drivers/block/ataflop.c | 25 +- drivers/block/swim.c | 13 +- drivers/block/xen-blkfront.c | 4 + drivers/bluetooth/btbcm.c | 1 + drivers/char/ipmi/ipmi_ssif.c | 10 +- drivers/char/tpm/tpm-interface.c | 3 +- drivers/char/tpm/xen-tpmfront.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 34 +- drivers/cpufreq/cpufreq_conservative.c | 6 +- drivers/crypto/caam/regs.h | 28 +- drivers/dma/dma-jz4780.c | 5 + drivers/dma/ioat/init.c | 9 +- drivers/dma/ppc4xx/adma.c | 2 +- drivers/edac/amd64_edac.c | 14 + drivers/edac/amd64_edac.h | 3 + drivers/edac/i7core_edac.c | 1 + drivers/edac/sb_edac.c | 1 + drivers/edac/skx_edac.c | 3 +- drivers/firmware/google/coreboot_table.c | 7 +- drivers/gpio/gpio-brcmstb.c | 15 +- drivers/gpu/drm/drm_atomic.c | 5 + drivers/gpu/drm/drm_atomic_helper.c | 12 +- drivers/gpu/drm/drm_crtc.c | 10 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +- drivers/hid/usbhid/hiddev.c | 18 +- drivers/hid/wacom_wac.c | 19 + drivers/hv/channel_mgmt.c | 14 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/pmbus/pmbus_core.c | 5 +- drivers/hwmon/pwm-fan.c | 12 +- drivers/hwtracing/coresight/coresight-etb10.c | 4 + drivers/i2c/busses/i2c-rcar.c | 6 +- drivers/iio/adc/at91_adc.c | 6 +- drivers/iio/adc/fsl-imx25-gcq.c | 6 + drivers/iio/dac/ad5064.c | 53 +- drivers/infiniband/core/sysfs.c | 19 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 +- drivers/infiniband/hw/mlx5/mr.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/infiniband/sw/rxe/rxe_resp.c | 8 +- drivers/infiniband/sw/rxe/rxe_verbs.h | 2 + drivers/infiniband/ulp/ipoib/ipoib_cm.c | 8 +- drivers/iommu/arm-smmu.c | 6 + drivers/irqchip/qcom-pdc.c | 1 + drivers/lightnvm/pblk-core.c | 5 +- drivers/lightnvm/pblk-recovery.c | 6 +- drivers/lightnvm/pblk-sysfs.c | 8 +- drivers/lightnvm/pblk-write.c | 14 +- drivers/mailbox/pcc.c | 7 +- drivers/md/bcache/btree.c | 2 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 3 +- drivers/md/bcache/sysfs.c | 2 + drivers/md/dm-ioctl.c | 18 +- drivers/md/dm-zoned-metadata.c | 80 ++- drivers/md/md.c | 30 +- drivers/media/cec/cec-adap.c | 94 +-- drivers/media/cec/cec-api.c | 19 +- drivers/media/cec/cec-edid.c | 60 -- drivers/media/common/v4l2-tpg/v4l2-tpg-colors.c | 262 ++++---- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +- drivers/media/i2c/adv7511.c | 6 +- drivers/media/i2c/adv7604.c | 6 +- drivers/media/i2c/adv7842.c | 4 +- drivers/media/i2c/ov7670.c | 27 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/i2c/tvp5150.c | 2 +- drivers/media/platform/vivid/vivid-core.h | 2 +- drivers/media/platform/vivid/vivid-ctrls.c | 6 +- drivers/media/platform/vivid/vivid-vid-out.c | 2 +- drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 +- drivers/media/usb/em28xx/em28xx-cards.c | 33 +- drivers/media/usb/em28xx/em28xx-video.c | 92 ++- drivers/media/usb/em28xx/em28xx.h | 8 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 12 +- drivers/mfd/menelaus.c | 13 +- drivers/misc/genwqe/card_base.h | 2 +- drivers/misc/genwqe/card_dev.c | 9 +- drivers/misc/ocxl/config.c | 4 +- drivers/misc/vmw_vmci/vmci_driver.c | 2 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/sdhci-acpi.c | 8 + drivers/mmc/host/sdhci-pci-o2micro.c | 3 + drivers/mtd/nand/raw/atmel/nand-controller.c | 4 + drivers/mtd/nand/raw/denali.c | 14 +- drivers/mtd/nand/raw/marvell_nand.c | 2 +- drivers/mtd/spi-nor/fsl-quadspi.c | 15 +- drivers/mtd/spi-nor/intel-spi-pci.c | 1 + drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 6 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 30 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 5 + drivers/net/ethernet/intel/ice/ice.h | 4 +- drivers/net/ethernet/intel/ice/ice_controlq.c | 30 +- drivers/net/ethernet/intel/ice/ice_ethtool.c | 17 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 + drivers/net/ethernet/netronome/nfp/flower/action.c | 35 +- drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 17 +- drivers/net/ethernet/qlogic/qla3xxx.c | 2 - drivers/net/ethernet/realtek/r8169.c | 12 +- drivers/net/ethernet/socionext/netsec.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 12 +- drivers/net/net_failover.c | 3 + drivers/net/phy/phylink.c | 3 + drivers/net/tun.c | 2 + drivers/net/wireless/ath/ath10k/wmi.c | 6 + .../net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 +- .../broadcom/brcm80211/include/brcmu_wifi.h | 2 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 9 +- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 32 +- drivers/net/wireless/marvell/libertas/if_usb.c | 2 - drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 3 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 11 +- drivers/nfc/nfcmrvl/uart.c | 5 +- drivers/nvdimm/bus.c | 4 + drivers/nvdimm/pmem.c | 4 +- drivers/nvdimm/region_devs.c | 11 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/rdma.c | 19 +- drivers/nvmem/core.c | 10 +- drivers/opp/of.c | 1 + drivers/pci/controller/dwc/pci-dra7xx.c | 11 +- drivers/pci/controller/pcie-cadence-ep.c | 11 +- drivers/pci/controller/pcie-mediatek.c | 11 + drivers/pci/controller/vmd.c | 13 +- drivers/pci/msi.c | 9 +- drivers/pci/pci-acpi.c | 16 +- drivers/pci/pcie/aspm.c | 2 +- drivers/pci/quirks.c | 4 + drivers/pci/remove.c | 4 +- drivers/pcmcia/ricoh.h | 35 + drivers/pcmcia/yenta_socket.c | 3 +- drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 27 +- drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 28 +- drivers/pinctrl/sunxi/pinctrl-sunxi.c | 15 +- drivers/power/supply/twl4030_charger.c | 5 +- drivers/rpmsg/qcom_smd.c | 7 +- drivers/rtc/rtc-cmos.c | 29 +- drivers/rtc/rtc-ds1307.c | 1 - drivers/scsi/esp_scsi.c | 1 + drivers/scsi/esp_scsi.h | 2 + drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/lpfc/lpfc_sli.c | 7 + drivers/scsi/mac_esp.c | 2 + drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/scsi/ufs/ufshcd.c | 5 +- drivers/soc/qcom/rmtfs_mem.c | 5 + drivers/soc/tegra/pmc.c | 2 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ep93xx.c | 36 +- drivers/spi/spi-gpio.c | 10 +- drivers/spi/spi-mem.c | 15 + drivers/tc/tc.c | 8 +- drivers/thermal/da9062-thermal.c | 4 +- drivers/thermal/rcar_thermal.c | 1 + drivers/tty/serial/kgdboc.c | 5 + drivers/uio/uio.c | 9 + drivers/usb/chipidea/otg.h | 3 +- drivers/usb/dwc2/hcd.c | 10 +- drivers/usb/gadget/udc/atmel_usba_udc.c | 2 + drivers/usb/gadget/udc/renesas_usb3.c | 3 + drivers/usb/host/ohci-at91.c | 2 + drivers/usb/host/xhci-hub.c | 5 + drivers/usb/host/xhci-ring.c | 1 + drivers/usb/typec/tcpm.c | 10 +- drivers/usb/usbip/vudc_main.c | 10 +- drivers/video/hdmi.c | 8 +- drivers/w1/masters/omap_hdq.c | 2 + drivers/xen/privcmd-buf.c | 22 +- drivers/xen/swiotlb-xen.c | 6 + drivers/xen/xen-balloon.c | 13 +- fs/btrfs/ctree.c | 17 + fs/btrfs/dev-replace.c | 7 +- fs/btrfs/extent-tree.c | 168 +++-- fs/btrfs/file.c | 41 +- fs/btrfs/free-space-cache.c | 42 +- fs/btrfs/inode.c | 15 +- fs/btrfs/ioctl.c | 11 +- fs/btrfs/qgroup.c | 5 + fs/btrfs/qgroup.h | 2 + fs/btrfs/relocation.c | 2 +- fs/btrfs/transaction.c | 15 +- fs/btrfs/tree-log.c | 86 ++- fs/cifs/cifs_debug.c | 3 + fs/cifs/cifs_spnego.c | 6 +- fs/cifs/inode.c | 10 +- fs/cramfs/inode.c | 3 +- fs/crypto/fscrypt_private.h | 4 - fs/crypto/keyinfo.c | 10 - fs/ext4/ext4.h | 3 +- fs/ext4/inline.c | 2 +- fs/ext4/ioctl.c | 97 ++- fs/ext4/move_extent.c | 8 +- fs/ext4/super.c | 73 +- fs/f2fs/data.c | 17 +- fs/f2fs/extent_cache.c | 51 +- fs/f2fs/f2fs.h | 7 +- fs/f2fs/inode.c | 6 + fs/f2fs/node.c | 9 +- fs/f2fs/recovery.c | 1 + fs/f2fs/super.c | 19 +- fs/gfs2/ops_fstype.c | 3 + fs/jbd2/checkpoint.c | 4 +- fs/jffs2/super.c | 4 +- fs/lockd/host.c | 2 +- fs/nfs/nfs4client.c | 16 +- fs/nfs/pagelist.c | 40 +- fs/nfsd/nfs4state.c | 3 +- fs/notify/fsnotify.c | 3 + fs/notify/mark.c | 39 +- fs/proc/task_mmu.c | 4 +- include/crypto/speck.h | 62 -- include/drm/drm_atomic.h | 11 + include/linux/compat.h | 3 + include/linux/fs.h | 3 + include/linux/hdmi.h | 4 +- include/linux/signal.h | 2 +- include/linux/tc.h | 1 + include/media/cec.h | 72 +- include/rdma/ib_verbs.h | 34 +- include/uapi/linux/cec.h | 3 + include/uapi/linux/fs.h | 4 +- include/uapi/linux/ndctl.h | 48 +- include/uapi/linux/videodev2.h | 23 +- include/uapi/rdma/ib_user_verbs.h | 20 +- kernel/bounds.c | 4 +- kernel/bpf/syscall.c | 13 + kernel/bpf/verifier.c | 16 +- kernel/bpf/xskmap.c | 10 +- kernel/cpu.c | 11 +- kernel/dma/contiguous.c | 6 +- kernel/irq/manage.c | 8 +- kernel/kprobes.c | 27 +- kernel/locking/lockdep.c | 4 +- kernel/printk/printk.c | 7 +- kernel/sched/fair.c | 2 +- kernel/signal.c | 18 +- kernel/trace/trace_events_hist.c | 4 +- kernel/user_namespace.c | 12 +- lib/debug_locks.c | 2 +- mm/hmm.c | 36 +- mm/hugetlb.c | 6 + mm/page_vma_mapped.c | 24 +- net/core/netclassid_cgroup.c | 1 + net/ipv4/cipso_ipv4.c | 11 +- net/netfilter/xt_nat.c | 2 + net/sched/sch_api.c | 1 - net/sunrpc/svc_xprt.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 1 + net/sunrpc/xprtrdma/transport.c | 6 + net/xdp/xsk.c | 2 + net/xfrm/xfrm_policy.c | 8 +- security/integrity/ima/ima_fs.c | 6 +- security/selinux/hooks.c | 5 + security/smack/smack_lsm.c | 13 +- sound/pci/ca0106/ca0106.h | 2 +- sound/pci/hda/hda_controller.h | 1 + sound/pci/hda/hda_intel.c | 15 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 26 + sound/soc/codecs/sta32x.c | 3 + sound/soc/intel/skylake/skl-topology.c | 1 + tools/perf/Makefile.config | 2 +- tools/perf/builtin-report.c | 1 + .../pmu-events/arch/x86/ivytown/uncore-power.json | 16 +- .../pmu-events/arch/x86/jaketown/uncore-power.json | 16 +- .../tests/shell/record+probe_libc_inet_pton.sh | 2 +- tools/perf/util/event.c | 1 + tools/perf/util/evsel.c | 3 + tools/perf/util/pmu.c | 13 +- tools/perf/util/srcline.c | 3 + tools/perf/util/strbuf.c | 10 +- tools/perf/util/trace-event-info.c | 2 + tools/perf/util/trace-event-read.c | 5 +- tools/power/cpupower/utils/cpufreq-info.c | 2 + tools/power/cpupower/utils/helpers/amd.c | 7 +- .../selftests/drivers/usb/usbip/usbip_test.sh | 4 + .../trigger-synthetic-event-createremove.tc | 12 +- .../inter-event/trigger-synthetic-event-syntax.tc | 80 +++ tools/testing/selftests/net/reuseport_bpf.c | 13 +- .../selftests/powerpc/ptrace/ptrace-tm-spd-gpr.c | 4 +- virt/kvm/arm/arm.c | 4 +- virt/kvm/arm/mmu.c | 8 +- 386 files changed, 3265 insertions(+), 4010 deletions(-)

6 years, 11 months

4
353
0 0

PASS: Test report for kernel 4.18.19-rc1.skt+ (linux-stable-rc)

by CKI

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: a77acf393de0 Linux 4.18.19-rc1 The results of these automated tests are provided below. Overall result: PASSED Patch merge: OK Compile: OK Hardware test: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( I ) Continuous `-',-.`-' Kernel ( K ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: arm64: make options: make INSTALL_MOD_STRIP=1 -j56 targz-pkg configuration: https://artifacts.cki-project.org/builds/aarch64/a77acf393de04dda4d98962043… powerpc: make options: make INSTALL_MOD_STRIP=1 -j56 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64le/a77acf393de04dda4d98962043… powerpc: make options: make INSTALL_MOD_STRIP=1 -j56 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64/a77acf393de04dda4d98962043a0… x86_64: make options: make INSTALL_MOD_STRIP=1 -j56 targz-pkg configuration: https://artifacts.cki-project.org/builds/x86_64/a77acf393de04dda4d98962043a…

6 years, 11 months

2
1
0 0

patch "staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5a96b2d38dc054c0bbcbcd585b116566cbd877fe Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer <benwolsieffer(a)gmail.com> Date: Sat, 3 Nov 2018 19:32:20 -0400 Subject: staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION The compatibility ioctl wrapper for VCHIQ_IOC_AWAIT_COMPLETION assumes that the native ioctl always uses a message buffer and decrements msgbufcount. Certain message types do not use a message buffer and in this case msgbufcount is not decremented, and completion->header for the message is NULL. Because the wrapper unconditionally decrements msgbufcount, the calling process may assume that a message buffer has been used even when it has not. This results in a memory leak in the userspace code that interfaces with this driver. When msgbufcount is decremented, the userspace code assumes that the buffer can be freed though the reference in completion->header, which cannot happen when the reference is NULL. This patch causes the wrapper to only decrement msgbufcount when the native ioctl decrements it. Note that we cannot simply copy the native ioctl's value of msgbufcount, because the wrapper only retrieves messages from the native ioctl one at a time, while userspace may request multiple messages. See https://github.com/raspberrypi/linux/pull/2703 for more discussion of this patch. Fixes: 5569a1260933 ("staging: vchiq_arm: Add compatibility wrappers for ioctls") Signed-off-by: Ben Wolsieffer <benwolsieffer(a)gmail.com> Acked-by: Stefan Wahren <stefan.wahren(a)i2se.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index ea789376de0f..45de21c210c1 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1795,6 +1795,7 @@ vchiq_compat_ioctl_await_completion(struct file *file, struct vchiq_await_completion32 args32; struct vchiq_completion_data32 completion32; unsigned int *msgbufcount32; + unsigned int msgbufcount_native; compat_uptr_t msgbuf32; void *msgbuf; void **msgbufptr; @@ -1906,7 +1907,11 @@ vchiq_compat_ioctl_await_completion(struct file *file, sizeof(completion32))) return -EFAULT; - args32.msgbufcount--; + if (get_user(msgbufcount_native, &args->msgbufcount)) + return -EFAULT; + + if (!msgbufcount_native) + args32.msgbufcount--; msgbufcount32 = &((struct vchiq_await_completion32 __user *)arg)->msgbufcount; -- 2.19.1

6 years, 11 months

1
0
0 0

patch "staging: mt7621-pinctrl: fix uninitialized variable ngroups" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: mt7621-pinctrl: fix uninitialized variable ngroups to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From cd56a5141331abfe218d744a3d66e1788135d482 Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Sat, 10 Nov 2018 23:28:06 +0000 Subject: staging: mt7621-pinctrl: fix uninitialized variable ngroups Currently the for_each_node_with_property loop us incrementing variable ngroups however it was not initialized and hence will contain garbage. Fix this by initializing ngroups to zero. Detected with static analysis with cppcheck: drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c:89]: (error) Uninitialized variable: ngroups Fixes: e12a1a6e087b ("staging: mt7621-pinctrl: refactor rt2880_pinctrl_dt_node_to_map function") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Reviewed-by: Sergio Paracuellos <sergio.paracuellos(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c index b8566ed898f1..aa98fbb17013 100644 --- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c +++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c @@ -82,7 +82,7 @@ static int rt2880_pinctrl_dt_node_to_map(struct pinctrl_dev *pctrldev, struct property *prop; const char *function_name, *group_name; int ret; - int ngroups; + int ngroups = 0; unsigned int reserved_maps = 0; for_each_node_with_property(np_config, "group") -- 2.19.1

6 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror