2501 Commits

Author	SHA1	Message	Date
Greg Kroah-Hartman	131b12d50f	Merge tag 'android12-5.10.110_r01' into android12-5.10 ... This is the merge of the upstream LTS release of 5.4.110 into the android12-5.10 branch. It contains the following commits: e08dd85cc9 ANDROID: fix up abi issue with struct snd_pcm_runtime, again 8f4bd2a63f Revert "coredump: Snapshot the vmas in do_coredump" b7dbb1ee1f Revert "coredump: Remove the WARN_ON in dump_vma_snapshot" 5f24894332 Revert "coredump: Use the vma snapshot in fill_files_note" c4eb663fca Revert "pstore: Don't use semaphores in always-atomic-context code" 562c3bd65c Revert "PCI: Reduce warnings on possible RW1C corruption" 0038e1f40c ANDROID: GKI: fix crc issue with commit ce1927b8cf ("block: don't merge across cgroup boundaries if blkcg is enabled") 62fa3399b4 ANDROID: remove CONFIG_HW_RANDOM_CAVIUM from arm64 gki_defconfig 95f4203fc9 Merge 5.10.110 into android12-5.10-lts 3238bffaf9 Linux 5.10.110 cf342cbfb3 PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup" a25864c5bc arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones 558564db44 coredump: Use the vma snapshot in fill_files_note b7933f145a coredump/elf: Pass coredump_params into fill_note_info b043ae637a coredump: Remove the WARN_ON in dump_vma_snapshot 936c8be4d1 coredump: Snapshot the vmas in do_coredump 5318cdf4fd can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path 869016a293 can: m_can: m_can_tx_handler(): fix use after free of skb e90518d10c KVM: x86/mmu: do compare-and-exchange of gPTE via the user address e36c45263a openvswitch: Fixed nd target mask field in the flow dump. 415edc68b6 docs: sysctl/kernel: add missing bit to panic_print 272c74323d um: Fix uml_mconsole stop/go c0a6a54738 ARM: dts: spear13xx: Update SPI dma properties ea3912af8b ARM: dts: spear1340: Update serial node properties 74f7971985 ASoC: topology: Allow TLV control to be either read or write 3ca47556d9 ubi: fastmap: Return error code if memory allocation fails in add_aeb() 7704f243cb dt-bindings: spi: mxic: The interrupt property is not mandatory 648ab1dcc1 dt-bindings: mtd: nand-controller: Fix a comment in the examples 71917e45e1 dt-bindings: mtd: nand-controller: Fix the reg property description 73f2f37417 bpf: Fix comment for helper bpf_current_task_under_cgroup() 90805175a2 bpf: Adjust BPF stack helper functions to accommodate skip > 0 86489492e8 mm/usercopy: return 1 from hardened_usercopy __setup() handler 81a04b9a32 mm/memcontrol: return 1 from cgroup.memory __setup() handler f321621f5c ARM: 9187/1: JIVE: fix return value of __setup handler d57feed3b1 mm/mmap: return 1 from stack_guard_gap __setup() handler 73f7cbb151 batman-adv: Check ptr for NULL before reducing its refcnt f6da750bfa ASoC: soc-compress: Change the check for codec_dai d3f786b7cf staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet 12e380bb6f proc: bootconfig: Add null pointer check 90ec1b1538 can: isotp: restore accidentally removed MSG_PEEK feature 16960ac92b platform/chrome: cros_ec_typec: Check for EC device e5b681822c ACPI: CPPC: Avoid out of bounds access when parsing _CPC data 785a53373c riscv module: remove (NOLOAD) b27de7011c io_uring: fix memory leak of uid in files registration 20499ed3c0 ARM: iop32x: offset IRQ numbers by 1 432b057f8e ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl f28a857a61 ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs ecfc3f8a63 pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() 503868a7c0 pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() d9afc5146b watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function 402b53dc7c pinctrl: pinconf-generic: Print arguments for bias-pull-* 7169f60110 watch_queue: Free the page array when watch_queue is dismantled e64dc94990 crypto: arm/aes-neonbs-cbc - Select generic cbc and aes a16f5ae8ad mailbox: imx: fix wakeup failure from freeze mode 051360e513 rxrpc: Fix call timer start racing with call destruction a94d98e06e net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware c73af4bc8a gfs2: Make sure FITRIM minlen is rounded up to fs block size 33c204266c rtc: check if __rtc_read_time was successful 381636f33f XArray: Update the LRU list in xas_split() 3b9fabe8f6 can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value ef0acc5141 can: mcba_usb: properly check endpoint type 0801a51d79 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path 1ac49c8fd4 XArray: Fix xas_create_range() when multi-order entry present 49f77ab50a wireguard: socket: ignore v6 endpoints when ipv6 is disabled 096f9d35ca wireguard: socket: free skb in send6 when ipv6 is disabled cd032f218c wireguard: queueing: use CFI-safe ptr_ring cleanup function 8a0c70c238 ubifs: rename_whiteout: correct old_dir size computing c34ae24a25 ubifs: Fix to add refcount once page is set private 07a209fade ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() d07a242169 ubifs: setflags: Make dirtied_ino_d 8 bytes aligned 13b2a8151e ubifs: Add missing iput if do_tmpfile() failed in rename whiteout 83e42a7842 ubifs: Fix deadlock in concurrent rename whiteout and inode writeback a90e2dbe66 ubifs: rename_whiteout: Fix double free for whiteout_ui->data 0c307349fe ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM 0fb470eb48 KVM: SVM: fix panic on out-of-bounds guest IRQ cd8c2d7c7c KVM: x86: fix sending PV IPI eccfee4494 KVM: Prevent module exit until all VMs are freed 09c771c45c KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated aea4ffdcf3 platform: chrome: Split trace include file d3a913ba1f scsi: qla2xxx: Use correct feature type field during RFF_ID processing 633450063c scsi: qla2xxx: Reduce false trigger to login dd48727cab scsi: qla2xxx: Fix N2N inconsistent PLOGI 0910a791a6 scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests f296e888e9 scsi: qla2xxx: Fix hang due to session stuck edea037716 scsi: qla2xxx: Fix incorrect reporting of task management failure 9dc104edd7 scsi: qla2xxx: Fix disk failure to rediscover f97316dd39 scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() 0e4a89efc2 scsi: qla2xxx: Check for firmware dump already collected ef10a7530c scsi: qla2xxx: Add devids and conditionals for 28xx bad77c9a47 scsi: qla2xxx: Fix device reconnect in loop topology 8b52e20c22 scsi: qla2xxx: Fix warning for missing error code 7c9745421d scsi: qla2xxx: Fix wrong FDMI data for 64G adapter 7fef50214d scsi: qla2xxx: Fix scheduling while atomic c45147018d scsi: qla2xxx: Fix stuck session in gpdb 031547f4c6 powerpc: Fix build errors with newer binutils 68fa67e939 powerpc/lib/sstep: Fix build errors with newer binutils ad806b4022 powerpc/lib/sstep: Fix 'sthcx' instruction f39a330939 powerpc/kasan: Fix early region not updated correctly 89e5a42687 KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU a3ad453008 ALSA: hda/realtek: Add alc256-samsung-headphone fixup aa2ad067cd media: atomisp: fix bad usage at error handling logic 2412a5d294 mmc: host: Return an error when ->enable_sdio_irq() ops is missing 808990afd8 media: hdpvr: initialize dev->worker at hdpvr_register_videodev 32582f82df media: Revert "media: em28xx: add missing em28xx_close_extension" b1c2857752 video: fbdev: sm712fb: Fix crash in smtcfb_write() e7bb29df2a ARM: mmp: Fix failure to remove sram device add823a9a5 ARM: tegra: tamonten: Fix I2C3 pad setting 08ec8450f3 lib/test_lockup: fix kernel pointer check for separate address spaces 40a5c93a74 uaccess: fix type mismatch warnings from access_ok() a49b687a75 media: cx88-mpeg: clear interrupt status register before streaming video 4606350268 ASoC: soc-core: skip zero num_dai component in searching dai name a840fc067e ARM: dts: bcm2711: Add the missing L1/L2 cache information 681a317034 video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit a7c624abf6 video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() 543dae0a46 video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() 910715c4b4 arm64: defconfig: build imx-sdma as a module 14df2556a1 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk c241cfd0a5 ARM: ftrace: avoid redundant loads or clobbering IP 41082d6432 media: atomisp: fix dummy_ptr check to avoid duplicate active_bo b554196e6d media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards 370b50492e ASoC: madera: Add dependencies on MFD 0020667edc ARM: dts: bcm2837: Add the missing L1/L2 cache information f040c08102 ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 da210b1b55 video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit 8c7e2141fb video: fbdev: cirrusfb: check pixclock to avoid divide by zero 1e33f19746 video: fbdev: w100fb: Reset global state 08dff48201 video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow 99e3f83539 media: ir_toy: free before error exiting d658178b5a media: staging: media: zoran: fix various V4L2 compliance errors bafec1a6ba media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com bd01629315 media: staging: media: zoran: move videodev alloc b230f2d944 ntfs: add sanity check on allocation size f7e8aff062 f2fs: compress: fix to print raw data size in error path of lz4 decompression d91d1e681c NFSD: Fix nfsd_breaker_owns_lease() return values 498b7088db f2fs: fix to do sanity check on curseg->alloc_type 330d0e44fc ext4: don't BUG if someone dirty pages without asking ext4 first cd6d719534 ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit 69d2421b55 ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb ecd384c436 locking/lockdep: Iterate lock_classes directly when reading lockdep files 3ad817f1bd spi: tegra20: Use of_device_get_match_data() 1c200c8bce nvme-tcp: lockdep: annotate in-kernel sockets 7e4967e913 parisc: Fix handling off probe non-access faults ede1ef1a7d PM: core: keep irq flags in device_pm_check_callbacks() 227718c8bb ACPI/APEI: Limit printable size of BERT table data cc051f497e Revert "Revert "block, bfq: honor already-setup queue merges"" 1b69302bfa lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 1b87ce6a77 ACPICA: Avoid walking the ACPI Namespace if it is not there df6e00b1a5 bfq: fix use-after-free in bfq_dispatch_request dd85ed4af8 fs/binfmt_elf: Fix AT_PHDR for unusual ELF files 9fc899ce5a irqchip/nvic: Release nvic_base upon failure 4bbd910de1 irqchip/qcom-pdc: Fix broken locking f038185b6a Fix incorrect type in assignment of ipv6 port for audit 012c572007 loop: use sysfs_emit() in the sysfs xxx show() 448857f580 selinux: allow FIOCLEX and FIONCLEX with policy capability 4b9b60b5bf selinux: use correct type for context length 7507ead1e9 block, bfq: don't move oom_bfqq 79b16d00de pinctrl: npcm: Fix broken references to chip->parent_device 9d1d8e5e42 gcc-plugins/stackleak: Exactly match strings instead of prefixes b0f2f89d74 regulator: rpi-panel: Handle I2C errors/timing to the Atmel 2784604c8c LSM: general protection fault in legacy_parse_param e600b5973e fs: fix fd table size alignment properly 327f07e370 lib/test: use after free in register_test_dev_kmod() 00d2b9fe5e fs: fd tables have to be multiples of BITS_PER_LONG 1752fcd404 net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator edb91a475d NFSv4/pNFS: Fix another issue with a list iterator pointing to the head 5c94b6205e net/x25: Fix null-ptr-deref caused by x25_disconnect 4896c308a5 qlcnic: dcb: default to returning -EOPNOTSUPP 2165d0ebfb selftests: test_vxlan_under_vrf: Fix broken test case f98dc124a4 net: phy: broadcom: Fix brcm_fet_config_init() 3e7a483af3 net: hns3: fix bug when PF set the duplicate MAC address for VFs 3eb92660e6 net: enetc: report software timestamping via SO_TIMESTAMPING e9445a7a59 xen: fix is_xen_pmu() af0c3ced24 clk: Initialize orphan req_rate 845e734f97 clk: qcom: gcc-msm8994: Fix gpll4 width e2a2625392 kdb: Fix the putarea helper function a9fa7d48a1 NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error 8cd30d28da netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options fbd56a61ce jfs: fix divide error in dbNextAG acb96e62e6 driver core: dd: fix return value of __setup handler 89748be18f firmware: google: Properly state IOMEM dependency 3d934d7b90 kgdbts: fix return value of __setup handler f65ba8b988 serial: 8250: fix XOFF/XON sending when DMA is used 45e95a7bf8 kgdboc: fix return value of __setup handler 96038b1cf4 tty: hvc: fix return value of __setup handler 566e30289d pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe 669b05ff43 pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe 9d095fe2fb pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs 861946289d pinctrl: mediatek: paris: Fix pingroup pin config state readback 7675fb2aaf pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() 901e192ac9 pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback 72ea0fefea pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init fddbfe43bf staging: mt7621-dts: fix GB-PC2 devicetree 00e0739ca1 staging: mt7621-dts: fix pinctrl properties for ethernet 47c31fe8ca staging: mt7621-dts: fix formatting 59ec187d7c staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree 942f68bf29 NFS: remove unneeded check in decode_devicenotify_args() e025c66387 clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver 54c8128297 clk: clps711x: Terminate clk_div_table with sentinel element 9ff533033d clk: loongson1: Terminate clk_div_table with sentinel element bb680cabf2 clk: actions: Terminate clk_div_table with sentinel element 431f8a9cec nvdimm/region: Fix default alignment for small regions f7210ca29a remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region 7a494580a8 remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region 5c1d484d96 remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region f95fd61dd8 dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma d047d68ff0 clk: qcom: clk-rcg2: Update the frac table for pixel clock 334720f418 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG 639744b242 clk: at91: sama7g5: fix parents of PDMCs' GCLK 0553ecbce9 clk: imx7d: Remove audio_mclk_root_clk 867258d3f3 dma-debug: fix return value of __setup handlers 2f3885514e NFS: Return valid errors from nfs2/3_decode_dirent() 7b59afe84a habanalabs: Add check for pci_enable_device afcbc63752 iio: adc: Add check for devm_request_threaded_irq df2dc4cf71 serial: 8250: Fix race condition in RTS-after-send handling 469ce5119f NFS: Use of mapping_set_error() results in spurious errors 659fe4d653 serial: 8250_lpss: Balance reference count for PCI DMA device 0aebb3944a serial: 8250_mid: Balance reference count for PCI DMA device c92bd51313 phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) 80805f555e clk: qcom: ipq8074: Use floor ops for SDCC1 clock fd2601e366 pinctrl: renesas: checker: Fix miscalculation of number of states c5cf977515 pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel b5db33a81e staging:iio:adc:ad7280a: Fix handing of device address bit reversing. f5b01abf5f iio: mma8452: Fix probe failing when an i2c_device_id is used 8b89c9e68a clk: qcom: ipq8074: fix PCI-E clock oops a70d5dbe2e soundwire: intel: fix wrong register name in intel_shim_wake 091704a9a7 cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse f90ad94322 misc: alcor_pci: Fix an error handling path 553541c453 fsi: Aspeed: Fix a potential double free cb212c3f0d fsi: aspeed: convert to devm_platform_ioremap_resource c0b3c06414 pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() 2cd05c38a2 mxser: fix xmit_buf leak in activate when LSR == 0xff 8513c93ead mfd: asic3: Add missing iounmap() on error asic3_mfd_probe 084be6309f tipc: fix the timer expires after interval 100ms 5d8162371c openvswitch: always update flow key after nat 4593c76a65 tcp: ensure PMTU updates are processed during fastopen b26091a020 net: bcmgenet: Use stronger register read/writes to assure ordering 9088614323 PCI: Avoid broken MSI on SB600 USB devices 75a4a97b74 selftests/bpf/test_lirc_mode2.sh: Exit with proper code 0d3ad6142a i2c: mux: demux-pinctrl: do not deactivate a master that is not active c483f8002d i2c: meson: Fix wrong speed use from probe b089836218 af_netlink: Fix shift out of bounds in group mask calculation 40f3b8dada ipv4: Fix route lookups when handling ICMP redirects and PMTU updates 70a6cf749d Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt b441fcdff2 Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed 876cfe1380 selftests/bpf: Fix error reporting from sock_fields programs ac1ec6f319 bareudp: use ipv6_mod_enabled to check if IPv6 enabled c037e13539 can: isotp: support MSG_TRUNC flag when reading from socket f402c49865 can: isotp: return -EADDRNOTAVAIL when reading from unbound socket 8a9d996d4e USB: storage: ums-realtek: fix error code in rts51x_read_mem() f9a6661009 samples/bpf, xdpsock: Fix race when running for fix duration of time cd84ea3920 bpf, sockmap: Fix double uncharge the mem of sk_msg 7b812a369e bpf, sockmap: Fix more uncharged while msg has more_data bec34a91eb bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full c98d903ff9 RDMA/mlx5: Fix memory leak in error flow for subscribe event routine a3587259ae mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init fa3d444245 MIPS: pgalloc: fix memory leak caused by pgd_free() 8c4808ff9e MIPS: RB532: fix return value of __setup handler ef1728e3cb mips: cdmm: Fix refcount leak in mips_cdmm_phys_base 315772133a ath10k: Fix error handling in ath10k_setup_msa_resources 71f311b123 vxcan: enable local echo for sent CAN frames 3c2a397849 powerpc: 8xx: fix a return value error in mpc8xx_pic_init 956fab99ad platform/x86: huawei-wmi: check the return value of device_create_file() 1ba28cb692 selftests/bpf: Make test_lwt_ip_encap more stable and faster 08ab406781 libbpf: Unmap rings when umem deleted 6fa8edfc90 mfd: mc13xxx: Add check for mc13xxx_irq_request bcf93175ed powerpc/sysdev: fix incorrect use to determine if list is empty ab0a335b54 mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n bbd91cdb62 net: axienet: fix RX ring refill allocation failure handling 9ec698984d PCI: Reduce warnings on possible RW1C corruption a84cb039d2 IB/hfi1: Allow larger MTU without AIP 48d23ef901 power: supply: wm8350-power: Add missing free in free_charger_irq 9d3dab40af power: supply: wm8350-power: Handle error for wm8350_register_irq 5cf1371628 i2c: xiic: Make bus names unique f01e08083c hv_balloon: rate-limit "Unhandled message" warning ba2c6e353b KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() fa9089949d KVM: x86: Fix emulation in writing cr8 3e7e73ae2b powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit 05abd49972 powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() 3e04a837db libbpf: Skip forward declaration when counting duplicated type names 6bb107332d gpu: host1x: Fix a memory leak in 'host1x_remove()' d1c7759304 bpf, arm64: Feed byte-offset into bpf line info 694398af5f bpf, arm64: Call build_prologue() first in first JIT pass 06a0001366 drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt a3d53f0005 scsi: hisi_sas: Change permission of parameter prot_mask 705c70399e power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return 1e06710c43 drm/tegra: Fix reference leak in tegra_dsi_ganged_probe 9ffa07c699 ext2: correct max file size computing 60605acf5b TOMOYO: fix __setup handlers return values adb7c8d1de drm/amd/display: Remove vupdate_int_entry definition e462b0f518 RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR 279f318bd7 scsi: pm8001: Fix abort all task initialization 780c668a2d scsi: pm8001: Fix NCQ NON DATA command completion handling f7a3f9e4e8 scsi: pm8001: Fix NCQ NON DATA command task initialization f76bbee39e scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() 6bc86bca35 scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() 27ccdcaa01 scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() 6c0e850c22 scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() edde1ede76 scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() 257a55622c scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() f55a7bc38f scsi: pm8001: Fix command initialization in pm80XX_send_read_log() 5349cde1df dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS d4862bea08 drm/msm/dpu: fix dp audio condition 7b52fb813c drm/msm/dpu: add DSPP blocks teardown 413c62697b drm/msm/dp: populate connector of struct dp_panel 441a83ff27 iwlwifi: mvm: Fix an error code in iwl_mvm_up() c12692c3e9 iwlwifi: Fix -EIO error code that is never returned ec376f5c11 dax: make sure inodes are flushed before destroy cache 5e6b030ac3 IB/cma: Allow XRC INI QPs to set their local ACK timeout 9c384e1afa drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug 80b96ac9d2 drm/amd/pm: enable pm sysfs write for one VF mode 06e778d184 iommu/ipmmu-vmsa: Check for error num after setting mask ab63b24ae6 HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports 879356a6a0 power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init f03ef518c1 drm/bridge: dw-hdmi: use safe format when first in bridge chain e0e25e131d PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge b1af8b9ec0 livepatch: Fix build failure on 32 bits processors 6f095441f8 scripts/dtc: Call pkg-config POSIXly correct 080822563b net: dsa: mv88e6xxx: Enable port policy support on 6097 2ac4f049db mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update 2430af1241 mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update 232c1cc986 mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv 253cc4aafc mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode b5d363ff17 powerpc/perf: Don't use perf_hw_context for trace IMC PMU c18b538617 KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init 8b64c158a0 powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch be703360ed ray_cs: Check ioremap return value 43f2fe2a69 power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe da71a1483b i40e: respect metadata on XSK Rx to skb b2e48cd141 i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb e8fe653fa7 KVM: PPC: Fix vmx/vsx mixup in mmio emulation 11cb9eba06 RDMA/core: Set MR type in ib_reg_user_mr 11f11ac281 ath9k_htc: fix uninit value bugs 6e669baa33 drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function 19a7eba284 drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() 9abee51534 drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() 47402eaf88 ionic: fix type complaint in ionic_dev_cmd_clean() 1ba10e5c39 drm/edid: Don't clear formats if using deep color d99e7feaed mtd: rawnand: gpmi: fix controller timings setting 364b2eee62 mtd: onenand: Check for error irq 96ea88eb9b Bluetooth: hci_serdev: call init_rwsem() before p->open() b267a8118c udmabuf: validate ubuf->pagecount 56722aa77b libbpf: Fix possible NULL pointer dereference when destroying skeleton 4a9c268a40 drm/panfrost: Check for error num after setting mask 5d1114ede5 ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern fb2be762a4 drm: bridge: adv7511: Fix ADV7535 HPD enablement d9d61beb21 drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe 064e7f7532 drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe d8db734df6 drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev ec3924eab5 drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops a1c665f5b7 ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS 1f24716e38 ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data abefbf602c ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe 90ac679aa6 ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe ec26e3ce3c ASoC: atmel: sam9x5_wm8731: use devm_snd_soc_register_card() 541251b903 mmc: davinci_mmc: Handle error for clk_enable 19eb5c7957 ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe 42042c7a3d ASoC: imx-es8328: Fix error return code in imx_es8328_probe() fe4db4ea21 ASoC: fsl_spdif: Disable TX clock when stop 86b6cf9894 ASoC: mxs: Fix error handling in mxs_sgtl5000_probe c8c981cfc0 ASoC: dmaengine: do not use a NULL prepare_slave_config() callback f452cff025 ASoC: SOF: Add missing of_node_put() in imx8m_probe 0d82401d46 ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe 7e8b0fd0eb ASoC: rockchip: i2s: Use devm_platform_get_and_ioremap_resource() b5664a584e ivtv: fix incorrect device_caps for ivtvfb ebd4f1501e media: saa7134: fix incorrect use to determine if list is empty dd67315994 media: saa7134: convert list_for_each to entry variant 066d9b48f9 video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of 20da8404e4 ASoC: fsi: Add check for clk_enable db1c00a025 ASoC: wm8350: Handle error for wm8350_register_irq 662ee5ac6b ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe 663e7a7287 media: vidtv: Check for null return of vzalloc 4d68603cc4 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED b02752d753 m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined 9ca3635a0a arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly 7e6f578662 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction 64eee4127c memory: emif: check the pointer temp in get_device_details() 330a9b0d38 memory: emif: Add check for setup_interrupts 4639c1d97f ASoC: soc-compress: prevent the potentially use of null pointer a6ee60d4a9 ASoC: dwc-i2s: Handle errors for clk_enable 39bee81e30 ASoC: atmel_ssc_dai: Handle errors for clk_enable dc947d175c ASoC: mxs-saif: Handle errors for clk_enable a754ea0de3 printk: fix return value of printk.devkmsg __setup handler 87a265e292 arm64: dts: broadcom: Fix sata nodename f63122803d arm64: dts: ns2: Fix spi-cpol and spi-cpha property 5d6a0dc6ba ALSA: spi: Add check for clk_enable() 039fae34f8 ASoC: ti: davinci-i2s: Add check for clk_enable() 94cb9fe5d8 ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() 7ce3e6e103 uaccess: fix nios2 and microblaze get_user_8() 19894751f6 ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put f126dcbe70 media: cedrus: h264: Fix neighbour info buffer size c011ae1665 media: cedrus: H265: Fix neighbour info buffer size 44973633b0 media: usb: go7007: s2250-board: fix leak in probe() ec8a37b2d9 media: em28xx: initialize refcount before kref_get 1b46f57d51 media: video/hdmi: handle short reads of hdmi info frame. 170ad3942b ARM: dts: imx: Add missing LVDS decoder on M53Menlo 2a0eb50d9a ARM: dts: sun8i: v3s: Move the csi1 block to follow address order 77406ac6ef soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe 18b2ec361a firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined 8395a17ef6 arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc d19248e23f arm64: dts: qcom: sdm845: fix microphone bias properties and values 2042c6fbfb soc: qcom: aoss: remove spurious IRQF_ONESHOT flags 5a990a65d4 soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem b5d6eba719 soc: qcom: rpmpd: Check for null return of devm_kcalloc 0c11cb8db4 ARM: dts: qcom: ipq4019: fix sleep clock 22474dfd0c firmware: qcom: scm: Remove reassignment to desc following initializer bf4bad1114 video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() 6de6a64f23 video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() 64ec3e678d video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() 0dff86aeb1 video: fbdev: controlfb: Fix COMPILE_TEST build ec1c20b02a video: fbdev: controlfb: Fix set but not used warnings f8bf19f7f3 video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen 3187a1d4d5 media: aspeed: Correct value for h-total-pixels 245561612b media: hantro: Fix overfill bottom register field name 032b141a91 media: meson: vdec: potential dereference of null pointer d3e5106c67 media: coda: Fix missing put_device() call in coda_get_vdoa_data c9f4586d99 ASoC: generic: simple-card-utils: remove useless assignment 2c357e0277 ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting 712dd2ac26 media: bttv: fix WARNING regression on tunerless devices bc2573abc6 media: mtk-vcodec: potential dereference of null pointer 8a83731a09 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls c76188715d media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size f622bd0758 kunit: make kunit_test_timeout compatible with comment 9e63bcb71d selftests, x86: fix how check_cc.sh is being invoked d2c53e77b0 f2fs: fix compressed file start atomic write may cause data corruption 1c4d94e4f0 f2fs: compress: remove unneeded read when rewrite whole cluster 2c4741d1b0 btrfs: fix unexpected error path when reflinking an inline extent 3ef3bc75cd f2fs: fix to avoid potential deadlock 85cc399b65 nfsd: more robust allocation failure handling in nfsd_file_cache_init 1a11a87374 f2fs: fix missing free nid in f2fs_handle_failed_inode c0cffc1fb3 perf/x86/intel/pt: Fix address filter config for 32-bit kernel 13c8e37e1f perf/core: Fix address filter parser for multiple filters a9faa5beda rseq: Remove broken uapi field layout on 32-bit little endian f0250e05e5 rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs() ecc17de4b9 sched/core: Export pelt_thermal_tp 40732cab51 sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa 2b5d41bcf2 f2fs: fix to enable ATGC correctly via gc_idle sysfs interface 9d92be1a09 watch_queue: Actually free the watch 5ae75b4ed3 watch_queue: Fix NULL dereference in error cleanup 509565faed io_uring: terminate manual loop iterator loop correctly for non-vecs 44a77e52bd clocksource: acpi_pm: fix return value of __setup handler d678f002f0 hwmon: (pmbus) Add Vin unit off handling 7ca525b4cc hwrng: nomadik - Change clk_disable to clk_disable_unprepare e4c777fd8c amba: Make the remove callback return void 1c6ac39763 vfio: platform: simplify device removal c93017c8d5 crypto: ccree - Fix use after free in cc_cipher_exit() 78622926fe crypto: ccp - ccp_dmaengine_unregister release dma channels 9eeee6f684 ACPI: APEI: fix return value of __setup handlers 0b45bf1659 clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() b33c753cff clocksource/drivers/timer-microchip-pit64b: Use notrace db9d00461b clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts d4e13c4a6f clocksource/drivers/exynos_mct: Refactor resources allocation 42d331a279 clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix aedff03da4 crypto: vmx - add missing dependencies 51939008ca crypto: amlogic - call finalize with bh disabled 24857d87cc crypto: sun8i-ce - call finalize with bh disabled bf4814d58b crypto: sun8i-ss - call finalize with bh disabled a4067ccb97 hwrng: atmel - disable trng on failure path b7940bef6f spi: spi-zynqmp-gqspi: Handle error for dma_set_mask 3928a04bc6 PM: suspend: fix return value of __setup handler 052a218db0 PM: hibernate: fix __setup handler error handling 0b5924a14d block: don't delete queue kobject before its children 40b288a861 nvme: cleanup __nvme_check_ids 32c4db2a52 hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING ec8536f701 hwmon: (pmbus) Add mutex to regulator ops 18a18594ae spi: pxa2xx-pci: Balance reference count for PCI DMA device 55259cb374 crypto: ccree - don't attempt 0 len DMA mappings d788ad472f EVM: fix the evm= __setup handler return value a137f93ae5 audit: log AUDIT_TIME_* records only from rules 5e9501e60b crypto: rockchip - ECB does not need IV 8265bea7d8 selftests/x86: Add validity check and allow field splitting f7d9249af3 arm64/mm: avoid fixmap race condition when create pud mapping 99a8dfce7c spi: tegra114: Add missing IRQ check in tegra_spi_probe 71dba67138 thermal: int340x: Check for NULL after calling kmemdup() 8e57117142 crypto: mxs-dcp - Fix scatterlist processing ec1d372974 crypto: authenc - Fix sleep in atomic context in decrypt_tail fdfaafeb4b crypto: sun8i-ss - really disable hash on A80 19693838c8 hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER bc20294cc8 hwrng: cavium - Check health status while reading random data 962d1f59d5 selinux: check return value of sel_make_avc_files 1ae9b020dd regulator: qcom_smd: fix for_each_child.cocci warnings c20975954e PCI: xgene: Revert "PCI: xgene: Fix IB window setup" 0f56f24015 PCI: pciehp: Clear cmd_busy bit in polling mode 89ddcc8191 drm/i915/gem: add missing boundary check in vm_access b84857c06e drm/i915/opregion: check port number bounds for SWSCI display power state 88975951d4 brcmfmac: pcie: Fix crashes due to early IRQs 1cbcf93a93 brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio f3820ddaf4 brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path daa07f2902 brcmfmac: firmware: Allocate space for default boardrev in nvram 1dd031eb99 xtensa: fix xtensa_wsr always writing 0 dac518bbce xtensa: fix stop_machine_cpuslocked call in patch_text 20f974dce5 media: davinci: vpif: fix unbalanced runtime PM enable 7c9b915b94 media: davinci: vpif: fix unbalanced runtime PM get cde90e8291 media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC 785ffce44a DEC: Limit PMAX memory probing to R3k systems 8dde2296ec bcache: fixup multiple threads crash 37d2b4fa5c crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() b89fb8b882 crypto: rsa-pkcs1pad - restore signature length check f38c318068 crypto: rsa-pkcs1pad - correctly get hash from source scatterlist c1db3f44f2 crypto: rsa-pkcs1pad - only allow with rsa 27a6f495b6 exec: Force single empty string when argv is empty b02d33171d lib/raid6/test: fix multiple definition linking error bf057eac9a thermal: int340x: Increase bitmap size 86a926c3f0 pstore: Don't use semaphores in always-atomic-context code b26f400e4f carl9170: fix missing bit-wise or operator for tx_params 3aef4df6e1 mgag200 fix memmapsl configuration in GCTL6 register ef1df91685 ARM: dts: exynos: add missing HDMI supplies on SMDK5420 3cde68a1eb ARM: dts: exynos: add missing HDMI supplies on SMDK5250 5ac205c414 ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 7187c9beb7 ARM: dts: at91: sama5d2: Fix PMERRLOC resource size 2ca2a5552a video: fbdev: atari: Atari 2 bpp (STe) palette bugfix 72af881092 video: fbdev: sm712fb: Fix crash in smtcfb_read() ba09b04173 drm/edid: check basic audio support on CEA extension block ce1927b8cf block: don't merge across cgroup boundaries if blkcg is enabled 6e0d24598c block: limit request dispatch loop duration 958e9b56de mailbox: tegra-hsp: Flush whole channel f67a140078 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() b35eb48471 ext4: fix fs corruption when tring to remove a non-empty directory with IO error a1e6884b2d ext4: fix ext4_fc_stats trace point c119fb65f6 coredump: Also dump first pages of non-executable ELF libraries 7ad5ccc3da ACPI: properties: Consistently return -ENOENT if there are no more references ef3a87e0c4 arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs 18864e8b83 arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs e85fa9f4e9 arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs 7ce550a01b arm64: signal: nofpsimd: Do not allocate fp/simd context when not available 210e7b43d4 udp: call udp_encap_enable for v6 sockets when enabling encap e1a58498ef powerpc/kvm: Fix kvm_use_magic_page d72866a7f5 can: isotp: sanitize CAN ID checks in isotp_bind() fde8c5cad0 drbd: fix potential silent data corruption b101e74f9a dm integrity: set journal entry unused when shrinking device d5d5804acc mm/kmemleak: reset tag when compare object pointer bc2f58b8e4 mm,hwpoison: unmap poisoned page before invalidation 608c501d70 Revert "mm: madvise: skip unmapped vma holes passed to process_madvise" 8b354e3032 mm: madvise: return correct bytes advised with process_madvise 928c06c114 mm: madvise: skip unmapped vma holes passed to process_madvise 51f7557c3c ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 9017201e8d ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 7b7a03d8b5 ALSA: hda: Avoid unsol event during RPM suspending a55e2d7423 ALSA: cs4236: fix an incorrect NULL check on list iterator edefc4b2a8 cifs: fix NULL ptr dereference in smb2_ioctl_query_info() 9963ccea60 cifs: prevent bad output lengths in smb2_ioctl_query_info() b75198edda Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" 34bc1f69bf riscv: Increase stack size under KASAN 24b9b8e95c riscv: Fix fill_callchain return value 0f8c0bd0a4 qed: validate and restrict untrusted VFs vlan promisc mode a3af3d4319 qed: display VF trust config aa28075f06 scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands 4bcefc78c8 mempolicy: mbind_range() set_policy() after vma_merge() fa37c17143 mm: invalidate hwpoison page cache page in fault path 7188e7c96f mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node 51dbb5e36d jffs2: fix memory leak in jffs2_scan_medium 607d3aab73 jffs2: fix memory leak in jffs2_do_mount_fs 7bb7428dd7 jffs2: fix use-after-free in jffs2_clear_xattr_subsystem b417f9c505 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path 3a21ee89bc mtd: rawnand: protect access to rawnand devices while in suspend 145a63201d spi: mxic: Fix the transmit path be22ebe79e pinctrl: samsung: drop pin banks references on error paths b97b305656 remoteproc: Fix count check in rproc_coredump_write() 784630df17 f2fs: fix to do sanity check on .cp_pack_total_block_count e58ee6bd93 f2fs: quota: fix loop condition at f2fs_quota_sync() ec67040703 f2fs: fix to unlock page correctly in error path of is_alive() 7af164fa2f NFSD: prevent integer overflow on 32 bit systems 65e21cc042 NFSD: prevent underflow in nfssvc_decode_writeargs() b7b430104a SUNRPC: avoid race between mod_timer() and del_timer_sync() f51ab2f60a HID: intel-ish-hid: Use dma_alloc_coherent for firmware update a1df8e60f2 firmware: stratix10-svc: add missing callback parameter on RSU e94f5fbe7a Documentation: update stable tree link f4bab992ee Documentation: add link to stable release candidate tree 10ee5662d5 KEYS: fix length validation in keyctl_pkey_params_get_2() 5a41a3033a ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE 2775d8e364 clk: uniphier: Fix fixed-rate initialization 25cd5872d9 greybus: svc: fix an error handling bug in gb_svc_hello() 9f0cd81174 iio: inkern: make a best effort on offset calculation 19e533452f iio: inkern: apply consumer scale when no channel scale is available e10dbe7f6a iio: inkern: apply consumer scale on IIO_VAL_INT cases 9f4fffc2ab iio: afe: rescale: use s64 for temporary scale calculations 9cd1b02655 coresight: Fix TRCCONFIGR.QE sysfs interface 7b478cb67b mei: avoid iterator usage outside of list_for_each_entry ec8975417d mei: me: add Alder Lake N device id. 0a0c61dd07 xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() 811f403519 xhci: make xhci_handshake timeout for xhci_reset() adjustable 3a820d1ca1 xhci: fix runtime PM imbalance in USB2 resume c41387f96a xhci: fix garbage USBSTS being logged in some cases 1e0f089f70 USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c 39a70732eb virtio-blk: Use blk_validate_block_size() to validate block size 290e05f346 tpm: fix reference counting for struct tpm_chip fcd3c31dd1 iommu/iova: Improve 32-bit free space estimate 68c80088f5 locking/lockdep: Avoid potential access of invalid memory in lock_class f19d8dfad6 net: dsa: microchip: add spi_device_id tables 8d3f4ad430 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register ef1a6ab36d Input: zinitix - do not report shadow fingers 21680aabc4 spi: Fix erroneous sgs value with min_t() 8fb7af1b5a Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)" 18a4417a19 net:mcf8390: Use platform_get_irq() to get the interrupt 102d7f6c2e spi: Fix invalid sgs value a4f4ce3dee gpio: Revert regression in sysfs-gpio (gpiolib.c) fc9a35627c ethernet: sun: Free the coherent when failing in probing 3c84471925 tools/virtio: fix virtio_test execution 6d98dc2369 vdpa/mlx5: should verify CTRL_VQ feature exists for MQ c97ffb4184 virtio_console: break out of buf poll on remove 0c00d38337 ARM: mstar: Select HAVE_ARM_ARCH_TIMER a7e75e5ed4 xfrm: fix tunnel model fragmentation behavior e05ae08ea8 HID: logitech-dj: add new lightspeed receiver id ff919a7ad9 netdevice: add the case if dev is NULL c4dc584a2d hv: utils: add PTP_1588_CLOCK to Kconfig to fix build d136a2574a USB: serial: simple: add Nokia phone driver 38e3d48ffe USB: serial: pl2303: add IBM device IDs d4d975e792 swiotlb: fix info leak with DMA_FROM_DEVICE 414e6c8e94 ANDROID: fix up abi issue with struct snd_pcm_runtime 51790ed529 Merge 5.10.109 into android12-5.10-lts d9c5818a0b Linux 5.10.109 163960a7de llc: only change llc->dev when bind() succeeds 2b5a6d7714 nds32: fix access_ok() checks in get/put_user c064268eb8 wcn36xx: Differentiate wcn3660 from wcn3620 95193d12f1 tpm: use try_get_ops() in tpm-space.c 5d3ff9542a mac80211: fix potential double free on mesh join fcc9797d0d rcu: Don't deboost before reporting expedited quiescent state 87f7ed7c36 Revert "ath: add support for special 0x0 regulatory domain" c971e6a1c8 crypto: qat - disable registration of algorithms 9f4e64611e ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU 0b2ffba2de ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 2724b72b22 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board 2c74374c2e netfilter: nf_tables: initialize registers in nft_do_chain() eb1ba8d1c3 drivers: net: xgene: Fix regression in CRC stripping a2368d10b7 ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec 6936d2ecf8 ALSA: cmipci: Restore aux vol on suspend/resume cbd27127af ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB 0ae81ef3ea ALSA: pcm: Add stream lock during PCM reset ioctl operations b560d670c8 ALSA: pcm: Fix races among concurrent prealloc proc writes a38440f006 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls 8527c8f052 ALSA: pcm: Fix races among concurrent read/write and buffer changes 0f6947f5f5 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls 014c81dfb3 ALSA: hda/realtek: Add quirk for ASUS GA402 05256f3fd6 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 ca8247b4df ALSA: hda/realtek: Add quirk for Clevo NP50PNJ 26fe8f3103 ALSA: hda/realtek: Add quirk for Clevo NP70PNJ 80eab86a86 ALSA: usb-audio: add mapping for new Corsair Virtuoso SE 5ce74ff705 ALSA: oss: Fix PCM OSS buffer allocation overflow db03abd0da ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call 571df3393f llc: fix netdevice reference leaks in llc_ui_bind() 56dc187b35 staging: fbtft: fb_st7789v: reset display before initialization 351493858e tpm: Fix error handling in async work ea21245cdc cgroup-v1: Correct privileges check in release_agent writes 824a950c3f cgroup: Use open-time cgroup namespace for process migration perm checks f28364fe38 cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv 9eeaa2d7d5 exfat: avoid incorrectly releasing for root inode ae8ec5eabb net: ipv6: fix skb_over_panic in __ip6_append_data 25c23fe40e nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION ab2d1d40a1 Revert "vsock: each transport cycles only on its own sockets" 644c989f41 Merge 5.10.108 into android12-5.10-lts 9940314ebf Linux 5.10.108 37119edab8 Revert "selftests/bpf: Add test for bpf_timer overwriting crash" 9248694dac esp: Fix possible buffer overflow in ESP transformation 96340cdd55 smsc95xx: Ignore -ENODEV errors when device is unplugged e27b51af54 net: usb: Correct reset handling of smsc95xx b54daeafc1 net: usb: Correct PHY handling of smsc95xx 204d38dc6a perf symbols: Fix symbol size calculation condition f0d43d22d2 Input: aiptek - properly check endpoint type 98e7a654a5 scsi: mpt3sas: Page fault in reply q processing 10a805334a usb: usbtmc: Fix bug in pipe direction for control transfers 00bdd9bf1a usb: gadget: Fix use-after-free bug by not setting udc->dev.driver 28bc026739 usb: gadget: rndis: prevent integer overflow in rndis_set_response() 2c010c61e6 arm64: fix clang warning about TRAMP_VALIAS 277b7f6394 net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload 2550afba2a net: bcmgenet: skip invalid partial checksums bf5b7aae86 bnx2x: fix built-in kernel driver load failure c07fdba12f net: phy: mscc: Add MODULE_FIRMWARE macros ba50073cf4 net: dsa: Add missing of_node_put() in dsa_port_parse_of a630ad5e8b net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() 336b6be6ad drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings 9d45aec02f drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() 9b763ceda6 hv_netvsc: Add check for kvmalloc_array 09a7264fb0 atm: eni: Add check for dma_map_single 70b7b3c055 net/packet: fix slab-out-of-bounds access in packet_recvmsg() 169add82d2 net: phy: marvell: Fix invalid comparison in the resume and suspend functions 01fac1ca8a esp6: fix check on ipv6_skip_exthdr's return value d9fe590970 vsock: each transport cycles only on its own sockets ac7dd60946 efi: fix return value of __setup handlers fa3aa103e7 mm: swap: get rid of livelock in swapin readahead df3301dc60 ocfs2: fix crash when initialize filecheck kobj fails 0f9b7b8df1 crypto: qcom-rng - ensure buffer for generate is completely filled 9a559b8868 Merge branch 'android12-5.10' into `android12-5.10-lts` 8646e92696 Merge 5.10.107 into android12-5.10-lts 4c8814277b Linux 5.10.107 7a0d13ef67 arm64: kvm: Fix copy-and-paste error in bhb templates for v5.10 stable dc1163203a io_uring: return back safer resurrect 8fdaab341b kselftest/vm: fix tests build with old libc 2490695ffd sfc: extend the locking on mcdi->seqno 2fad5b6948 tcp: make tcp_read_sock() more robust 3f9a8f8a95 nl80211: Update bss channel on channel switch for P2P_CLIENT 0ba557d330 drm/vrr: Set VRR capable prop only if it is attached to connector 9a8e4a5c5b iwlwifi: don't advertise TWT support c5ea0221c8 atm: firestream: check the return value of ioremap() in fs_init() efdd92c18e can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready ebe106eac6 ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE e8ad9ecc40 MIPS: smp: fill in sibling and core maps earlier 8c70b9b470 mac80211: refuse aggregations sessions before authorized d687d7559e ARM: dts: rockchip: fix a typo on rk3288 crypto-controller 6f0a94931c ARM: dts: rockchip: reorder rk322x hmdi clocks 6493c6aa8b arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" c5c8c649fe arm64: dts: rockchip: reorder rk3399 hdmi clocks f7f062919f arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity ca142038a5 xfrm: Fix xfrm migrate issues when address family changes d8889a445b xfrm: Check if_id in xfrm_migrate 6056abc99b sctp: fix the processing for INIT chunk bdf0316982 Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" 5287773dba Merge 5.10.106 into android12-5.10-lts 9e8aa4cec7 Merge 5.10.105 into android12-5.10-lts 55d57b8929 Merge b65b87e718 ("arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting") into android12-5.10-lts 9fddd6c893 UPSTREAM: arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting 531b5ce9dd UPSTREAM: arm64: Use the clearbhb instruction in mitigations d05b159f71 UPSTREAM: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated 11bed3edbd UPSTREAM: arm64: Mitigate spectre style branch history side channels 9bc6a2543d UPSTREAM: arm64: Do not include __READ_ONCE() block in assembly files 2434153e7e UPSTREAM: KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A cfa82070a7 UPSTREAM: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 5195a80d07 UPSTREAM: arm64: Add percpu vectors for EL1 9e96a3d6ae Merge 56cf5326bd ("arm64: entry: Add macro for reading symbol addresses from the trampoline") into android12-5.10-lts 327f1e7d81 Linux 5.10.106 648895da69 watch_queue: Fix filter limit check 8bb5b72dbd ARM: fix Thumb2 regression with Spectre BHB 6b1249db9e ext4: add check to prevent attempting to resize an fs with sparse_super2 b297cf764d x86/traps: Mark do_int3() NOKPROBE_SYMBOL 29f6f35001 x86/boot: Add setup_indirect support in early_memremap_is_setup_data() b3444e5b64 x86/boot: Fix memremap of setup_indirect structures 24d268130e watch_queue: Make comment about setting ->defunct more accurate ec03510e0a watch_queue: Fix lack of barrier/sync/lock between post and read 06ab844439 watch_queue: Free the alloc bitmap when the watch_queue is torn down 880acbb718 watch_queue: Fix the alloc bitmap size to reflect notes allocated e2b52ca498 watch_queue: Fix to always request a pow-of-2 pipe ring size 2039900aad watch_queue: Fix to release page in ->release() d729d4e99f watch_queue, pipe: Free watchqueue state after clearing pipe ring 573a3228ca virtio: acknowledge all features before access bf52b627cf virtio: unexport virtio_finalize_features 8bfb959ea2 arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 1ef5fe3dba riscv: Fix auipc+jalr relocation range checks a69aa422b4 mmc: meson: Fix usage of meson_mmc_post_req() 0c6eeaf8c1 net: macb: Fix lost RX packet wakeup race in NAPI receive 6d9700b445 staging: gdm724x: fix use after free in gdm_lte_rx() 8c1bc04c8c staging: rtl8723bs: Fix access-point mode deadlock ab5595b45f fuse: fix pipe buffer lifetime for direct_io f2c52a4baf ARM: Spectre-BHB: provide empty stub for non-config f1f5d089fc selftests/memfd: clean up mapping in mfd_fail_write 71013d071b selftest/vm: fix map_fixed_noreplace test failure 8d276f10e8 tracing: Ensure trace buffer is at least 4096 bytes large ae7597b47d ipv6: prevent a possible race condition with lifetimes 8c0c50e9fc Revert "xen-netback: Check for hotplug-status existence before watching" 625c04b523 Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" a0e2768fb9 gpio: Return EPROBE_DEFER if gc->to_irq is NULL 65d4e9d130 hwmon: (pmbus) Clear pmbus fault/warning bits after read d15c9f6e33 net-sysfs: add check for netdevice being present to speed_show 8c023c3039 spi: rockchip: terminate dma transmission when slave abort 889254f98e spi: rockchip: Fix error in getting num-cs property 4fb9be675b selftests/bpf: Add test for bpf_timer overwriting crash dc1c2b47b5 net: bcmgenet: Don't claim WOL when its not available b7e4d9ba2d sctp: fix kernel-infoleak for SCTP sockets 3cf533f120 net: phy: DP83822: clear MISR2 register to disable interrupts 21044e679e gianfar: ethtool: Fix refcount leak in gfar_get_ts_info 3a4cd1c51e gpio: ts4900: Do not set DAT and OE together 7702e7e9e3 selftests: pmtu.sh: Kill tcpdump processes launched by subshell. 2b1c85f565 NFC: port100: fix use-after-free in port100_send_complete 1fdabf2cf4 net/mlx5e: Lag, Only handle events from highest priority multipath entry f3331bc174 net/mlx5: Fix a race on command flush flow 5f1340963b net/mlx5: Fix size field in bufferx_reg struct e2201ef32f ax25: Fix NULL pointer dereference in ax25_kill_by_device cc7679079c net: ethernet: lpc_eth: Handle error for clk_enable b3e4fcb539 net: ethernet: ti: cpts: Handle error for clk_enable 5e42f90d72 tipc: fix incorrect order of state message data sanity check 979b418b96 ethernet: Fix error handling in xemaclite_of_probe 506d61bc1b ice: Fix curr_link_speed advertised speed 852a9e97d3 ice: Rename a couple of variables b21ffd5469 ice: Remove unnecessary checker loop 875967aff5 ice: Align macro names to the specification 8c613f7cd3 ice: stop disabling VFs due to PF error responses d9ee2cbff2 i40e: stop disabling VFs due to PF error responses 965070a2b7 ARM: dts: aspeed: Fix AST2600 quad spi group 96b01b8541 net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() ed5bb00d86 drm/sun4i: mixer: Fix P010 and P210 format numbers 93223495bc qed: return status of qed_iov_get_link 5bee2ed050 esp: Fix BEET mode inter address family tunneling on GSO 16386479ef net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() 33c74f8085 isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() cca9d5035b virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero a3d5fcc6cf mISDN: Fix memory leak in dsp_pipeline_build() f97ad179d1 mISDN: Remove obsolete PIPELINE_DEBUG debugging information 2de76d37d4 tipc: fix kernel panic when enabling bearer ea3a5e6df5 arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias 2c6a75ea32 HID: vivaldi: fix sysfs attributes leak 2a18a38cbc clk: qcom: gdsc: Add support to update GDSC transition delay 0d6882dd15 ARM: boot: dts: bcm2711: Fix HVS register range 5c5685cc64 Merge 7ae8127e41 ("arm64: Add HWCAP for self-synchronising virtual counter") into android12-5.10-lts 19787ca417 Merge b19eaa004f ("arm64: Add Cortex-A510 CPU part definition") into android12-5.10-lts 199789221d Merge fc8070a9c5 ("arm64: Add Neoverse-N2, Cortex-A710 CPU part definition") into android-mainline f14cf58208 UPSTREAM: ARM: fix Thumb2 regression with Spectre BHB 74562af594 UPSTREAM: ARM: Spectre-BHB: provide empty stub for non-config b0ff4e14b1 UPSTREAM: ARM: fix build warning in proc-v7-bugs.c f3ec5e6124 UPSTREAM: ARM: Do not use NOCROSSREFS directive with ld.lld 5c1f913cd2 UPSTREAM: ARM: fix co-processor register typo 4c5218ead0 UPSTREAM: ARM: fix build error when BPF_SYSCALL is disabled 7ab81873bd Merge 302754d023 ("ARM: include unprivileged BPF status in Spectre V2 reporting") into android12-5.10-lts d221da1d6f Merge d04937ae94 ("x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT") into android12-5.10-lts 0773736e48 Merge 5.10.104 into android12-5.10-lts 56d625a4ce ANDROID: fix up rndis ABI breakage 67c781d938 Linux 5.10.105 561e91e5fe Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE" 206c8e271b xen/netfront: react properly to failing gnttab_end_foreign_access_ref() 39c00d0928 xen/gnttab: fix gnttab_end_foreign_access() without page specified c4b16486d6 xen/pvcalls: use alloc/free_pages_exact() 8357d75bfd xen/9p: use alloc/free_pages_exact() 17f01b7206 xen: remove gnttab_query_foreign_access() 5f36ae75b8 xen/gntalloc: don't use gnttab_query_foreign_access() 3047255182 xen/scsifront: don't use gnttab_query_foreign_access() for mapped status f6690dd944 xen/netfront: don't use gnttab_query_foreign_access() for mapped status 96219af4e5 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status 3d81e85f30 xen/grant-table: add gnttab_try_end_foreign_access() 5c600371b8 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case b65b87e718 arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting 90f59cc2f2 ARM: fix build warning in proc-v7-bugs.c 551717cf3b arm64: Use the clearbhb instruction in mitigations 8c4192d126 ARM: Do not use NOCROSSREFS directive with ld.lld 38c26bdb3c KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated 1749b553d7 ARM: fix co-processor register typo e192c8baa6 arm64: Mitigate spectre style branch history side channels a330601c63 ARM: fix build error when BPF_SYSCALL is disabled 192023e6ba KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A 13a807a0a0 arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 56cf5326bd arm64: entry: Add macro for reading symbol addresses from the trampoline 1f63326a52 arm64: Add percpu vectors for EL1 3f21b7e355 arm64: entry: Add vectors that have the bhb mitigation sequences 4937955296 arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations 26211252c1 arm64: entry: Allow the trampoline text to occupy multiple pages 73ee716a1f arm64: entry: Make the kpti trampoline's kpti sequence optional 8c691e5308 arm64: entry: Move trampoline macros out of ifdef'd section e550250632 arm64: entry: Don't assume tramp_vectors is the start of the vectors 5275fb5ea5 arm64: entry: Allow tramp_alias to access symbols after the 4K boundary bda8960281 arm64: entry: Move the trampoline data page before the text page d93b25a665 arm64: entry: Free up another register on kpti's tramp_exit path 7ae8127e41 arm64: Add HWCAP for self-synchronising virtual counter b19eaa004f arm64: Add Cortex-A510 CPU part definition fc8070a9c5 arm64: Add Neoverse-N2, Cortex-A710 CPU part definition 5242d6971e arm64: entry: Make the trampoline cleanup optional 8617156931 arm64: Add Cortex-X2 CPU part definition 7048a21086 arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit dc5b630c0d arm64: entry.S: Add ventry overflow sanity checks 97d8bdf331 arm64: cpufeature: add HWCAP for FEAT_RPRES 162aa002ec arm64: cpufeature: add HWCAP for FEAT_AFP dbcfa98539 arm64: add ID_AA64ISAR2_EL1 sys register 302754d023 ARM: include unprivileged BPF status in Spectre V2 reporting d04937ae94 x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT f3c12fc53e arm64: cputype: Add CPU implementor & types for the Apple M1 cores 3f9c958e35 ARM: Spectre-BHB workaround cc9e3e55bd x86/speculation: Warn about Spectre v2 LFENCE mitigation 29d9b56df1 ARM: use LOADADDR() to get load address of sections e335384560 x86/speculation: Update link to AMD speculation whitepaper 46deb22468 ARM: early traps initialisation 2fdf67a1d2 x86/speculation: Use generic retpoline by default on AMD b7f1e73c4d ARM: report Spectre v2 status through sysfs afc2d635b5 x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting 071e8b69d7 Documentation/hw-vuln: Update spectre doc a6a119d647 x86/speculation: Add eIBRS + Retpoline options f38774bb6e x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE 206cfe2dac x86,bugs: Unconditionally allow spectre_v2=retpoline,amd 97581b56b5 Linux 5.10.104 dbbe09d953 hamradio: fix macro redefine warning dcd03efd7e Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" 292e1c88b8 btrfs: add missing run of delayed items after unlink during log replay 41712c5fa5 btrfs: qgroup: fix deadlock between rescan worker and remove qgroup 6e0319e770 btrfs: fix lost prealloc extents beyond eof after full fsync 827172ffa9 tracing: Fix return value of __setup handlers 78059b1cfc tracing/histogram: Fix sorting on old "cpu" value 0e188fde82 HID: add mapping for KEY_ALL_APPLICATIONS f276ea5035 HID: add mapping for KEY_DICTATE 3b8f2a7aed Input: samsung-keypad - properly state IOMEM dependency a621ae6394 Input: elan_i2c - fix regulator enable count imbalance after suspend/resume 1397bbcd81 Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() 988f4f29cc net: dcb: disable softirqs in dcbnl_flush_dev() 6828da5dea drm/amdgpu: fix suspend/resume hang regression f5e496ef73 nl80211: Handle nla_memdup failures in handle_nan_filter 64e4305a03 iavf: Refactor iavf state machine tracking e6bc597fbc net: chelsio: cxgb3: check the return value of pci_find_capability() 320980b249 ibmvnic: complete init_done on transport events 86027004bb ARM: tegra: Move panels to AUX bus fbb810825a soc: fsl: qe: Check of ioremap return value 2824f6939e soc: fsl: guts: Add a missing memory allocation failure check 3afe488d5c soc: fsl: guts: Revert commit 3c0d64e867 4470913079 ARM: dts: Use 32KiHz oscillator on devkit8000 298f6fae54 ARM: dts: switch timer config to common devkit8000 devicetree 8b20c1999d s390/extable: fix exception table sorting 49aa9c9c7f memfd: fix F_SEAL_WRITE after shmem huge page allocated 6acbc88752 ibmvnic: free reset-work-item when flushing 9d8a11d74d igc: igc_write_phy_reg_gpy: drop premature return 223744f521 pinctrl: sunxi: Use unique lockdep classes for IRQs 2851b76e5f selftests: mlxsw: tc_police_scale: Make test more robust 85bf489c5c ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions 6b63410490 ARM: Fix kgdb breakpoint for Thumb2 fefe4cb4a6 igc: igc_read_phy_reg_gpy: drop premature return 0632854fb1 arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output 43eaf1b178 can: gs_usb: change active_channels's type from atomic_t to u8 daaed6ced8 ASoC: cs4265: Fix the duplicated control name 8b8ac465bf firmware: arm_scmi: Remove space in MODULE_ALIAS name 667df6fe3e efivars: Respect "block" flag in efivar_entry_set_safe() 283c37e542 ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() 5f394102ee net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() 92b791771a ibmvnic: register netdev after init of adapter 6e0f986032 net: sxgbe: fix return value of __setup handler e1a82db1eb iavf: Fix missing check for running netdev c9a066fe45 mac80211: treat some SAE auth steps as final e6d7f57f91 net: stmmac: fix return value of __setup handler fa65989a48 mac80211: fix forwarded mesh frames AC & queue selection dcc3423c1d ia64: ensure proper NUMA distance and possible map initialization 1312ef5ad0 sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() d753aecb3d sched/topology: Make sched_init_numa() use a set for the deduplicating sort 05ae1f0fe9 ice: fix concurrent reset and removal of VFs 41edeeaae5 ice: Fix race conditions between virtchnl handling and VF ndo ops 0c145262ac rcu/nocb: Fix missed nocb_timer requeue 9bb7237cc7 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server d7eb662625 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client 2e8d465b83 net/smc: fix connection leak 6a8a4dc2a2 net: dcb: flush lingering app table entries for unregistered devices f4c63b24de net: ipv6: ensure we call ipv6_mc_down() at most once a9c4a74ad5 batman-adv: Don't expect inter-netns unique iflink indices 3dae11d21f batman-adv: Request iflink once in batadv_get_real_netdevice dcf10d78ff batman-adv: Request iflink once in batadv-on-batadv check 81f817f3e5 netfilter: nf_queue: handle socket prefetch 4d05239203 netfilter: nf_queue: fix possible use-after-free 3b9ba964f7 netfilter: nf_queue: don't assume sk is full socket 4e178ed14b net: fix up skbs delta_truesize in UDP GRO frag_list eb5e444fe3 e1000e: Correct NVM checksum verification flow b53d4bfd1a xfrm: enforce validity of offload input flags 2f0e6d80e8 xfrm: fix the if_id check in changelink 24efaae03b bpf, sockmap: Do not ignore orig_len parameter 8b0142c414 netfilter: fix use-after-free in __nf_register_net_hook() 4952faa77d xfrm: fix MTU regression e93f2be33d mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls 912186db09 ntb: intel: fix port config status offset for SPR 1c0b51e62a thermal: core: Fix TZ_GET_TRIP NULL pointer dereference a1753d5c29 xen/netfront: destroy queues before real_num_tx_queues is zeroed ce41d80391 drm/i915: s/JSP2/ICP2/ PCH 61a895da48 iommu/amd: Recover from event log overflow 6951a58881 ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min dd9dd24fd7 riscv: Fix config KASAN && DEBUG_VIRTUAL 7211aab288 riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP 00fb385f0a riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value 336872601c ALSA: intel_hdmi: Fix reference to PCM buffer address e57dfaf66f tracing: Add ustring operation to filtering string pointers 4a9d2390f3 drm/amdgpu: check vm ready by amdgpu_vm->evicting flag 67e25eb1b4 ata: pata_hpt37x: fix PCI clock detection 335f11ff74 serial: stm32: prevent TDR register overwrite when sending x_char c999c5927e tracing: Add test for user space strings when filtering on string pointers db36a94ed6 exfat: fix i_blocks for files truncated over 4 GiB 1b810d5cb6 exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() fdd64084e4 usb: gadget: clear related members when goto fail c13159a588 usb: gadget: don't release an existing dev->buf 00d5ac05af net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 16f903afba i2c: qup: allow COMPILE_TEST 57c333ad8c i2c: cadence: allow COMPILE_TEST 9d6285e632 dmaengine: shdma: Fix runtime PM imbalance on error 37b06d5ebf selftests/seccomp: Fix seccomp failure by adding missing headers df9db1a2af cifs: fix double free race when mount fails in cifs_get_root() e3850e211d tipc: fix a bit overflow in tipc_crypto_key_rcv() 6d4985b8a0 KVM: arm64: vgic: Read HW interrupt pending state from the HW 5d4b00e053 Input: clear BTN_RIGHT/MIDDLE on buttonpads 6e7015d982 regulator: core: fix false positive in regulator_late_cleanup() 467d664e5f ASoC: rt5682: do not block workqueue if card is unbound 0b050b7a0d ASoC: rt5668: do not block workqueue if card is unbound 11956c6eeb i2c: bcm2835: Avoid clock stretching timeouts 13f0ea8d11 mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work 46f6d66219 mac80211_hwsim: report NOACK frames in tx_status d172937367 Merge 5.10.103 into android12-5.10-lts 915a747ac7 Linux 5.10.103 78706b051a memblock: use kfree() to release kmalloced memblock regions 4185b788d3 gpio: tegra186: Fix chip_data type confusion bb2e0a7723 tty: n_gsm: fix deadlock in gsmtty_open() e4c8cb95d0 tty: n_gsm: fix wrong tty control line for flow control 1f0641dd0b tty: n_gsm: fix NULL pointer access due to DLCI release 1e35cb9e12 tty: n_gsm: fix proper link termination after failed open 90b47e617f tty: n_gsm: fix encoding of control signal octet bit DV 9e2dbc31e3 riscv: fix oops caused by irqsoff latency tracer e098933866 thermal: int340x: fix memory leak in int3400_notify() 5b1cef5798 RDMA/cma: Do not change route.addr.src_addr outside state checks 8fe4da5524 driver core: Free DMA range map when device is released 2148247643 xhci: Prevent futile URB re-submissions due to incorrect return value. 0b0a229da1 xhci: re-initialize the HC during resume if HCE was set 328faee6d4 usb: dwc3: gadget: Let the interrupt handler disable bottom halves. e57bdee866 usb: dwc3: pci: Fix Bay Trail phy GPIO mappings 99b2425d91 usb: dwc2: drd: fix soft connect when gadget is unconfigured c786688037 USB: serial: option: add Telit LE910R1 compositions 220ba174f1 USB: serial: option: add support for DW5829e 3a1dd56e56 tracefs: Set the group ownership in apply_options() not parse_options() bfa8ffbaaa USB: gadget: validate endpoint index for xilinx udc 4ce247af3f usb: gadget: rndis: add spinlock for rndis response list ddc254fc88 Revert "USB: serial: ch341: add new Product ID for CH341A" d3fce1b6bd ata: pata_hpt37x: disable primary channel on HPT371 18701d8afa sc16is7xx: Fix for incorrect data being transmitted d5ddd7343a iio: Fix error handling for PM eabcc609cb iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot b8d411a962 iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits 1aa12ecfdc iio: adc: men_z188_adc: Fix a resource leak in an error handling path afbeee13be tracing: Have traceon and traceoff trigger honor the instance 99eb8d6941 RDMA/ib_srp: Fix a deadlock a7ab53d3c2 configfs: fix a race in configfs_{,un}register_subsystem() 0ecd3e35d7 RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close b0ecf9e594 RDMA/rtrs-clt: Kill wait_for_inflight_permits 8260f1800f RDMA/rtrs-clt: Fix possible double free in error case dc64aa4c7d regmap-irq: Update interrupt clear register for proper reset 2efece1368 spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() 67819b983e net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets be55d3e76c net/mlx5: Fix wrong limitation of metadata match on ecpf 8d617110d7 net/mlx5: Fix possible deadlock on rule deletion 1c59128955 udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() a184f4dd9b surface: surface3_power: Fix battery readings on batteries without a serial number 91f56a8527 net/smc: Use a mutex for locking "struct smc_pnettable" 7e9880e81d netfilter: nf_tables: fix memory leak during stateful obj update af4bc921d3 nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() 58a6d5f24f net: Force inlining of checksum functions in net/checksum.h 550d98ab30 net: ll_temac: check the return value of devm_kmalloc() 0fc1847359 net/sched: act_ct: Fix flow table lookup after ct clear or switching zones bc8f768af3 net/mlx5e: Fix wrong return value on ioctl EEPROM query failure fd020eaaa2 drm/edid: Always set RGB444 1df9d552fe openvswitch: Fix setting ipv6 fields causing hw csum failure dac2490d9e gso: do not skip outer ip header in case of ipip and net_failover b692d5dc6f tipc: Fix end of loop tests for list_for_each_entry() c5722243d0 net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends 4a93c65946 io_uring: add a schedule point in io_add_buffers() 7ef94bfb08 bpf: Add schedule points in batch ops 4f5d47e6b4 selftests: bpf: Check bpf_msg_push_data return value d0caa7218d bpf: Do not try bpf_msg_push_data with len 0 962b2a3188 hwmon: Handle failure to register sensor with thermal zone correctly d8b78314c5 bnxt_en: Fix active FEC reporting to ethtool 7e1eae5d1a bnx2x: fix driver load from initrd 51e96061c6 perf data: Fix double free in perf_session__delete() 5419b5be88 ping: remove pr_err from ping_lookup 5da17865c7 optee: use driver internal tee_context for some rpc eb35461384 tee: export teedev_open() and teedev_close_context() bae7fc6f0d x86/fpu: Correct pkru/xstate inconsistency 68f19845f5 netfilter: nf_tables_offload: incorrect flow offload action array size 69560efa00 CDC-NCM: avoid overflow in sanity checking 2aeba1ea7c USB: zaurus: support another broken Zaurus 4f5f5411f0 sr9700: sanity check for packet length 55eec5c630 drm/i915: Correctly populate use_sagv_wm for all pipes ff9134882d drm/amdgpu: disable MMHUB PG for Picasso 72fdfc75d4 KVM: x86/mmu: make apf token non-zero to fix bug 646b532f32 parisc/unaligned: Fix ldw() and stw() unalignment handlers 397b5433f7 parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel 698dc7d13c vhost/vsock: don't check owner in vhost_vsock_stop() while releasing 84e303b4d5 clk: jz4725b: fix mmc0 clock gating 72a5b01875 btrfs: tree-checker: check item_size for dev_item 5c967dd073 btrfs: tree-checker: check item_size for inode_item fcec42dd28 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug e1b86e7f5c Merge branch 'android12-5.10' into `android12-5.10-lts` cbfab5c59c Revert "ipv6: per-netns exclusive flowlabel checks" 79553fad5c Merge 5.10.102 into android12-5.10-lts 47667effb7 Linux 5.10.102 6062d1267f lockdep: Correct lock_classes index mapping f333c1916f i2c: brcmstb: fix support for DSL and CM variants 9fee985f9a copy_process(): Move fd_install() out of sighand->siglock critical section e3fdbc40b7 i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() b5b2a92117 i2c: qcom-cci: don't delete an unregistered adapter 3b6d25d1b6 dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size 2c35c95d36 dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe 4f907b6eb7 dmaengine: sh: rcar-dmac: Check for error num after setting mask 797b380f07 net: sched: limit TC_ACT_REPEAT loops 595c259f75 EDAC: Fix calculation of returned address and next offset in edac_align_ptr() f6ce4e3289 scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop 3680b2b810 kconfig: fix failing to generate auto.conf b6787e284d net: macb: Align the dma and coherent dma masks 439171a291 net: usb: qmi_wwan: Add support for Dell DW5829e 15616ba17d tracing: Fix tp_printk option related with tp_printk_stop_on_boot 5a253a23d9 drm/rockchip: dw_hdmi: Do not leave clock enabled in error case 1e7433fb95 xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create a21f472fb5 soc: aspeed: lpc-ctrl: Block error printing on probe defer cases fecb05b1ce ata: libata-core: Disable TRIM on M88V29 b19ec7afa9 lib/iov_iter: initialize "flags" in new pipe_buffer 3045532278 kconfig: let 'shell' return enough output for deep path names e05dde47f5 selftests: fixup build warnings in pidfd / clone3 tests 531a56c2e0 pidfd: fix test failure due to stack overflow on some arches 429ef36c4f arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 1415f22ee5 arm64: dts: meson-g12: add ATF BL32 reserved-memory region 605080f19e arm64: dts: meson-gx: add ATF BL32 reserved-memory region eefb68794f netfilter: conntrack: don't refresh sctp entries in closed state 1ab4824857 irqchip/sifive-plic: Add missing thead,c900-plic match string 98bc06c46d phy: usb: Leave some clocks running during suspend 717f2fa858 ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of 6932353af7 ARM: OMAP2+: hwmod: Add of_node_put() before break 521dcc107e NFS: Don't set NFS_INO_INVALID_XATTR if there is no xattr cache fb00319afb KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW 0ee4bb8ce8 KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event 99cd2a0437 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() 91d8866ca5 Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj a176d559e8 mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status 1a49b1b0b0 mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() 8c848744c1 tty: n_tty: do not look ahead for EOL character past the end of the buffer 8daa0436ce NFS: Do not report writeback errors in nfs_getattr() f9b7385c0f NFS: LOOKUP_DIRECTORY is also ok with symlinks 598dbaf74b block/wbt: fix negative inflight counter when remove scsi device dc6faa0ede ASoC: tas2770: Insert post reset delay 9dcedbe943 KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests a4eeeaca50 mtd: rawnand: gpmi: don't leak PM reference in error path fb26219b40 powerpc/lib/sstep: fix 'ptesync' build error 54f76366cd ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() 0df1badfdf ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() 1ef76832fe ALSA: hda: Fix missing codec probe on Shenker Dock 15 c72c3b597a ALSA: hda: Fix regression on forced probe mask option 63b1602c2f ALSA: hda/realtek: Fix deadlock by COEF mutex b6a5e8f45f ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 67de71b943 selftests/exec: Add non-regular to TEST_GEN_PROGS d3018a1962 perf bpf: Defer freeing string after possible strlen() on it 016e3ca9c5 dpaa2-eth: Initialize mutex used in one step timestamping path 50f3b00d4c libsubcmd: Fix use-after-free for realloc(..., 0) ffa8df4f0e bonding: fix data-races around agg_select_timer d9bd9d4c60 net_sched: add __rcu annotation to netdev->qdisc 877a05672f drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit a0e004e620 bonding: force carrier update when releasing slave 8dec3c4e73 ping: fix the dif and sdif check in ping_lookup 6793a9b028 net: ieee802154: ca8210: Fix lifs/sifs periods f48bd34137 net: dsa: lantiq_gswip: fix use after free in gswip_remove() d9b2203e5a net: dsa: lan9303: fix reset on probe 4f523f15e5 ipv6: per-netns exclusive flowlabel checks 100344200a netfilter: nft_synproxy: unregister hooks on init error path 26931971db selftests: netfilter: fix exit value for nft_concat_range b26ea3f6b7 iwlwifi: pcie: gen2: fix locking when "HW not ready" 8867f99379 iwlwifi: pcie: fix locking when "HW not ready" f3c1910257 drm/i915/gvt: Make DRM_I915_GVT depend on X86 87cd1bbd66 vsock: remove vsock from connected table when connect is interrupted by a signal eb7bf11e8e drm/i915/opregion: check port number bounds for SWSCI display power state 5564d83ebc drm/radeon: Fix backlight control on iMac 12,1 008508c16a iwlwifi: fix use-after-free 44b81136e8 kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled 8b53e5f737 kbuild: lto: merge module sections 45102b538a random: wake up /dev/random writers after zap 143aaf79ba gcc-plugins/stackleak: Use noinstr in favor of notrace de55891e16 Revert "module, async: async_synchronize_full() on module init iff async is used" 3c958dbcba x86/Xen: streamline (and fix) PV CPU enumeration e76d0a9692 drm/amdgpu: fix logic inversion in check 324f5bdc52 nvme-rdma: fix possible use-after-free in transport error_recovery work e192184cf8 nvme-tcp: fix possible use-after-free in transport error_recovery work 0ead57ceb2 nvme: fix a possible use-after-free in controller reset during load fe9ac3eaa2 scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task d872e7b5fe scsi: pm8001: Fix use-after-free for aborted TMF sas_task 1e73f5cfc1 quota: make dquot_quota_sync return errors from ->sync_fs c405640aad vfs: make freeze_super abort when sync_filesystem returns error b9a229fd48 ax25: improve the incomplete fix to avoid UAF and NPD bugs 139fce2992 selftests: skip mincore.check_file_mmap when fs lacks needed support 204a2390da selftests: openat2: Skip testcases that fail with EOPNOTSUPP 2be48bfac7 selftests: openat2: Add missing dependency in Makefile 74a30666b4 selftests: openat2: Print also errno in failure messages bfc84cfd90 selftests/zram: Adapt the situation that /dev/zram0 is being used f0eba714c1 selftests/zram01.sh: Fix compression ratio calculation 7bb704b69f selftests/zram: Skip max_comp_streams interface on newer kernel 0fd484644c net: ieee802154: at86rf230: Stop leaking skb's 0c18a75193 kselftest: signal all child processes 1136141f19 selftests: rtc: Increase test timeout so that all tests run 79175b6ee6 platform/x86: ISST: Fix possible circular locking dependency detected 066c905ed0 platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 0b17d4b51c btrfs: send: in case of IO error log it 78a68bbebd parisc: Add ioread64_lo_hi() and iowrite64_lo_hi() ade1077c7f PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology 254090925e mm: don't try to NUMA-migrate COW pages that have other uses ab2b4e65a1 mmc: block: fix read single on recovery logic 7756716872 parisc: Fix sglist access in ccio-dma.c f8f519d7df parisc: Fix data TLB miss in sba_unmap_sg 4d569b959e parisc: Drop __init from map_pages declaration 8e3f9a098e serial: parisc: GSC: fix build when IOSAPIC is not set fe383750d4 Revert "svm: Add warning message for AVIC IPI invalid target" 126382b556 HID:Add support for UGTABLET WP5540 f100e758ce scsi: lpfc: Fix mailbox command failure during driver initialization 4578b979ef can: isotp: add SF_BROADCAST support for functional addressing 5d42865fc3 can: isotp: prevent race between isotp_bind() and isotp_setsockopt() db3f3636e4 fs/proc: task_mmu.c: don't read mapcount for migration entry 0849f83e47 fget: clarify and improve __fget_files() implementation 657991fb06 rcu: Do not report strict GPs for outgoing CPUs 8c8385972e mm: memcg: synchronize objcg lists with a dedicated spinlock d0f4aa2d97 drm/nouveau/pmu/gm200-: use alternate falcon reset sequence add227a8d8 Merge branch 'android12-5.10' into `android12-5.10-lts` The .xml abi file was also updated due to changes required from the -lts branch that were merged there: Leaf changes summary: 1 artifact changed Changed leaf types summary: 1 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 'struct snd_pcm_runtime at pcm.h:344:1' changed: type size changed from 6144 to 6592 (in bits) 2 data member insertions: 'mutex buffer_mutex', at offset 6144 (in bits) at pcm.h:432:1 'atomic_t buffer_accessing', at offset 6528 (in bits) at pcm.h:433:1 114 impacted interfaces Change-Id: Ie9262400472eda3e30d1ef26738df1d5dd4c319d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2022-05-27 09:24:14 -07:00
Johannes Berg	31beefbf14	BACKPORT: nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size ... commit 6624bb34b4 upstream. We need this to be at least two bytes, so we can access alpha2[0] and alpha2[1]. It may be three in case some userspace used NUL-termination since it was NLA_STRING (and we also push it out with NUL-termination). Cc: stable@vger.kernel.org Reported-by: Lee Jones <lee.jones@linaro.org> Link: https://lore.kernel.org/r/20220411114201.fd4a31f06541.Ie7ff4be2cf348d8cc28ed0d626fc54becf7ea799@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Change-Id: Ib76876c2aa89aacf4c31d95b751f8b2d27788559	2022-04-21 13:49:49 +00:00
Greg Kroah-Hartman	8646e92696	This is the 5.10.107 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmI10EMACgkQONu9yGCS aT7X8RAAzSm2h1ZrCRX5vuaV9iVA5LIpYsEo+plqpQCNVGqfjb1ShzxLERN1cLxJ pWpFXuJ6BDhq7vdUmpd3QSaX94Tw0i22LBi3FDN/X2LSlcMZikRYNNNG5auYwJzQ MbuK9TDZUZVjnxTMTtcZ8UA39ACmaYjzDUaXpnYI7ezft4D2aqreNiObLrXo3gDz JQaPc63ePQr7jzgo69gbS7RWMXn8CYQu940NXYnIRogA1YtIKeh0cmopd2H8acar ZGjyKPNCGh2iGIw290ZUovV7P79rPxrPUJerZ4mNSqTzB2xdFYq2xAzEKJCunedR FGE7dMFuHOEDTtx6iaedyu3ynCA+wSuWJq+wwxn9SXihYOQXB9K08o8ccLCaJS4W sS7EofhbLi5Bs7D9nWSzwcp/WkBB8+V1epVCVYC1JgtpnTSP7+G1H2Uw7SgRhDq1 nWIXJ5dMY0BUjaG9MC/C7jHVR4dm+3a0ATPIAQwUkWIu5ahVgOOZavJhgEmwKXH/ XUxTprPRMheZ6TDPquXeZW4xqRw0WpwY+ODuZ0HpDNHi+mtE88QE99MU+tmCKkRD 8OHQiq+qTHrpgHZGuW1GRE7yrA58Nrf/ljQX9ExQyMMz8z1ANRRizGfsGPsPp0/7 dwYy9goRdnsvyyUVfkwZUWAQCc4wF9ZNBka43oGSsh74AFuJKsw= =IYgF -----END PGP SIGNATURE----- Merge 5.10.107 into android12-5.10-lts Changes in 5.10.107 Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" sctp: fix the processing for INIT chunk xfrm: Check if_id in xfrm_migrate xfrm: Fix xfrm migrate issues when address family changes arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity arm64: dts: rockchip: reorder rk3399 hdmi clocks arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" ARM: dts: rockchip: reorder rk322x hmdi clocks ARM: dts: rockchip: fix a typo on rk3288 crypto-controller mac80211: refuse aggregations sessions before authorized MIPS: smp: fill in sibling and core maps earlier ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready atm: firestream: check the return value of ioremap() in fs_init() iwlwifi: don't advertise TWT support drm/vrr: Set VRR capable prop only if it is attached to connector nl80211: Update bss channel on channel switch for P2P_CLIENT tcp: make tcp_read_sock() more robust sfc: extend the locking on mcdi->seqno kselftest/vm: fix tests build with old libc io_uring: return back safer resurrect arm64: kvm: Fix copy-and-paste error in bhb templates for v5.10 stable Linux 5.10.107 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9775c8530d22ce5493bf7d83503640acf704b848	2022-03-19 14:12:20 +01:00
Sreeramya Soratkal	3f9a8f8a95	nl80211: Update bss channel on channel switch for P2P_CLIENT ... [ Upstream commit e50b88c4f0 ] The wdev channel information is updated post channel switch only for the station mode and not for the other modes. Due to this, the P2P client still points to the old value though it moved to the new channel when the channel change is induced from the P2P GO. Update the bss channel after CSA channel switch completion for P2P client interface as well. Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com> Link: https://lore.kernel.org/r/1646114600-31479-1-git-send-email-quic_ssramya@quicinc.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2022-03-19 13:44:45 +01:00
Greg Kroah-Hartman	0773736e48	This is the 5.10.104 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmInm+kACgkQONu9yGCS aT4/lw/6AoFz3oHbzlft4tCUn4UXQIut8gIiJfrXBnIqw6pa5YQPA1E7hgQBxTnG v9llnwDRFR7qouXq1qhoXU01vETiRqZ2ClkT/MnvLfRMQcHgtS9B61VgwnpNuNBg qStZORcqFi6rQHXySUgs2ObF6NZQ3BRyHY2LYqZPj0YkuHIdQo48WtQ9cy0XWZLV WT49LIVxkTZ6D0fs/k10qRv+M4lmeOzCqEZf4591F0sjoVuTFj3F1xMsSbu8W3xZ xXxE0hPbN0If3JFhnb3DqdQ20kRNSmrrV1CzYaN09jyP7KHpdIDVT8R1hSau3TFP 3zd2fBWmOP0FPzOVkNnqetMuKspKH8p3kKW2rkTyHYcGtUFzh54Hm0QRpA3CVB3L JZje9HCkxWiBSl1mwypmBGp88kWOe+n3NRUOhX3yqPoT3R2n45coBV+sfSOakkxv K8mUw1FFbJTPjgJtMCs57zzxybInnMrAF5/7XA2MgHCr3SVvYQA7+joSPn3CO+0K zKO4kTdEmD9jTT+3vMDL4Z3VSmOJMVcxCHBTUrac/OBIiBz+7y9WQSc7a6aRbfdu k3wy7HJ98pmjYB6g73MJcXOtTwXuoTqur4QWU5MCgTw6+qglgRQHr5ILSs35ZeAV LO1zvAsklOWFMc/3fD8heLmKGBZ0GHcn+0Y7ZqfFKLmqOTnx7tA= =W+lo -----END PGP SIGNATURE----- Merge 5.10.104 into android12-5.10-lts Changes in 5.10.104 mac80211_hwsim: report NOACK frames in tx_status mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work i2c: bcm2835: Avoid clock stretching timeouts ASoC: rt5668: do not block workqueue if card is unbound ASoC: rt5682: do not block workqueue if card is unbound regulator: core: fix false positive in regulator_late_cleanup() Input: clear BTN_RIGHT/MIDDLE on buttonpads KVM: arm64: vgic: Read HW interrupt pending state from the HW tipc: fix a bit overflow in tipc_crypto_key_rcv() cifs: fix double free race when mount fails in cifs_get_root() selftests/seccomp: Fix seccomp failure by adding missing headers dmaengine: shdma: Fix runtime PM imbalance on error i2c: cadence: allow COMPILE_TEST i2c: qup: allow COMPILE_TEST net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 usb: gadget: don't release an existing dev->buf usb: gadget: clear related members when goto fail exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() exfat: fix i_blocks for files truncated over 4 GiB tracing: Add test for user space strings when filtering on string pointers serial: stm32: prevent TDR register overwrite when sending x_char ata: pata_hpt37x: fix PCI clock detection drm/amdgpu: check vm ready by amdgpu_vm->evicting flag tracing: Add ustring operation to filtering string pointers ALSA: intel_hdmi: Fix reference to PCM buffer address riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP riscv: Fix config KASAN && DEBUG_VIRTUAL ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min iommu/amd: Recover from event log overflow drm/i915: s/JSP2/ICP2/ PCH xen/netfront: destroy queues before real_num_tx_queues is zeroed thermal: core: Fix TZ_GET_TRIP NULL pointer dereference ntb: intel: fix port config status offset for SPR mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls xfrm: fix MTU regression netfilter: fix use-after-free in __nf_register_net_hook() bpf, sockmap: Do not ignore orig_len parameter xfrm: fix the if_id check in changelink xfrm: enforce validity of offload input flags e1000e: Correct NVM checksum verification flow net: fix up skbs delta_truesize in UDP GRO frag_list netfilter: nf_queue: don't assume sk is full socket netfilter: nf_queue: fix possible use-after-free netfilter: nf_queue: handle socket prefetch batman-adv: Request iflink once in batadv-on-batadv check batman-adv: Request iflink once in batadv_get_real_netdevice batman-adv: Don't expect inter-netns unique iflink indices net: ipv6: ensure we call ipv6_mc_down() at most once net: dcb: flush lingering app table entries for unregistered devices net/smc: fix connection leak net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server rcu/nocb: Fix missed nocb_timer requeue ice: Fix race conditions between virtchnl handling and VF ndo ops ice: fix concurrent reset and removal of VFs sched/topology: Make sched_init_numa() use a set for the deduplicating sort sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() ia64: ensure proper NUMA distance and possible map initialization mac80211: fix forwarded mesh frames AC & queue selection net: stmmac: fix return value of __setup handler mac80211: treat some SAE auth steps as final iavf: Fix missing check for running netdev net: sxgbe: fix return value of __setup handler ibmvnic: register netdev after init of adapter net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() efivars: Respect "block" flag in efivar_entry_set_safe() firmware: arm_scmi: Remove space in MODULE_ALIAS name ASoC: cs4265: Fix the duplicated control name can: gs_usb: change active_channels's type from atomic_t to u8 arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output igc: igc_read_phy_reg_gpy: drop premature return ARM: Fix kgdb breakpoint for Thumb2 ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions selftests: mlxsw: tc_police_scale: Make test more robust pinctrl: sunxi: Use unique lockdep classes for IRQs igc: igc_write_phy_reg_gpy: drop premature return ibmvnic: free reset-work-item when flushing memfd: fix F_SEAL_WRITE after shmem huge page allocated s390/extable: fix exception table sorting ARM: dts: switch timer config to common devkit8000 devicetree ARM: dts: Use 32KiHz oscillator on devkit8000 soc: fsl: guts: Revert commit 3c0d64e867 soc: fsl: guts: Add a missing memory allocation failure check soc: fsl: qe: Check of ioremap return value ARM: tegra: Move panels to AUX bus ibmvnic: complete init_done on transport events net: chelsio: cxgb3: check the return value of pci_find_capability() iavf: Refactor iavf state machine tracking nl80211: Handle nla_memdup failures in handle_nan_filter drm/amdgpu: fix suspend/resume hang regression net: dcb: disable softirqs in dcbnl_flush_dev() Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() Input: elan_i2c - fix regulator enable count imbalance after suspend/resume Input: samsung-keypad - properly state IOMEM dependency HID: add mapping for KEY_DICTATE HID: add mapping for KEY_ALL_APPLICATIONS tracing/histogram: Fix sorting on old "cpu" value tracing: Fix return value of __setup handlers btrfs: fix lost prealloc extents beyond eof after full fsync btrfs: qgroup: fix deadlock between rescan worker and remove qgroup btrfs: add missing run of delayed items after unlink during log replay Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" hamradio: fix macro redefine warning Linux 5.10.104 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I24dabeba483a0b0123a4e8c10d1a568b11dfb9c8	2022-03-12 13:57:09 +01:00
Jiasheng Jiang	f5e496ef73	nl80211: Handle nla_memdup failures in handle_nan_filter ... [ Upstream commit 6ad27f522c ] As there's potential for failure of the nla_memdup(), check the return value. Fixes: a442b761b2 ("cfg80211: add add_nan_func / del_nan_func") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cn Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2022-03-08 19:09:37 +01:00
Greg Kroah-Hartman	8d21bcc704	This is the 5.10.82 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGgq10ACgkQONu9yGCS aT6KDA/+N9ysKF4cH2zdUMhDAkjCKB3YqTEsJxSfGBkJu2wuncAEEtrKy9jxC+lv fz6BE1tduit/IQIhGTCXJlfe9NIxwU87f2v5JlHnYeXg4dz72c+Ei236l7ZvkSNE ii8/ikHGvbbhKv+BTgcRg7jVUMMy6eEpS6iJwMNLB/sHROjZXPogFoiYjbO+Jzc5 0jTciMZv6r4yNhrdHBjhWHe6ZhB94H//Jy8MVYk37NGc5EbJmrMN83GM5ceSmhOZ PgxxyrVTv+SdGm0XViyK+94HXWGQHLXQF+Nsu3YEZfnNI+HNSPQKTqBLPM1hV7Ak h+IYW6VHPmcBmQzEdSA67uMKJayKtEwpkqO6aLRcj/NIThRiZoznbrtZOoGSXaU1 0MzQRPum76GA5/SVGgtB8FrE6kcFm74eq82mXvUD+rgCp0HTbIpYQK9ZKSmbFOkv fYjcpWHZ8PEmffMbtIlVKSffVxcUILoNuQwnr21NGiRUrd54DhNPgVahmCKnvUTb 847bGU/wQJPIF/2SO1rdpaA9MrPqZ/9sMEX3nSdx7xS8D+h2wfJqAJkLq0KBYt7R sbsXbfqbri893VHBo2YUqby3+7x3uNr118SjyiA8zpHHJpTBrVVImxSnW1z626HT KNJU4MSulLs+settJKAw1PHGRIGuW5TGSGF94p5LcsZDM2uIabU= =Wg4d -----END PGP SIGNATURE----- Merge 5.10.82 into android12-5.10-lts Changes in 5.10.82 arm64: zynqmp: Do not duplicate flash partition label property arm64: zynqmp: Fix serial compatible string ARM: dts: sunxi: Fix OPPs node name arm64: dts: allwinner: h5: Fix GPU thermal zone node name arm64: dts: allwinner: a100: Fix thermal zone node name staging: wfx: ensure IRQ is ready before enabling it ARM: dts: NSP: Fix mpcore, mmc node names scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() arm64: dts: rockchip: Disable CDN DP on Pinebook Pro arm64: dts: hisilicon: fix arm,sp805 compatible string RDMA/bnxt_re: Check if the vlan is valid before reporting bus: ti-sysc: Add quirk handling for reinit on context lost bus: ti-sysc: Use context lost quirk for otg usb: musb: tusb6010: check return value after calling platform_get_resource() usb: typec: tipd: Remove WARN_ON in tps6598x_block_read ARM: dts: ux500: Skomer regulator fixes staging: rtl8723bs: remove possible deadlock when disconnect (v2) ARM: BCM53016: Specify switch ports for Meraki MR32 arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property arm64: dts: freescale: fix arm,sp805 compatible string ASoC: SOF: Intel: hda-dai: fix potential locking issue clk: imx: imx6ul: Move csi_sel mux to correct base register ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect scsi: advansys: Fix kernel pointer leak ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec firmware_loader: fix pre-allocated buf built-in firmware use ARM: dts: omap: fix gpmc,mux-add-data type usb: host: ohci-tmio: check return value after calling platform_get_resource() ARM: dts: ls1021a: move thermal-zones node out of soc/ ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash ALSA: ISA: not for M68K tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc MIPS: sni: Fix the build scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() scsi: target: Fix ordered tag handling scsi: target: Fix alua_tg_pt_gps_count tracking iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() powerpc/5200: dts: fix memory node unit name ARM: dts: qcom: fix memory and mdio nodes naming for RB3011 ALSA: gus: fix null pointer dereference on pointer block powerpc/dcr: Use cmplwi instead of 3-argument cmpli powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST sh: check return code of request_irq maple: fix wrong return value of maple_bus_init(). f2fs: fix up f2fs_lookup tracepoints f2fs: fix to use WHINT_MODE sh: fix kconfig unmet dependency warning for FRAME_POINTER sh: math-emu: drop unused functions sh: define __BIG_ENDIAN for math-emu f2fs: compress: disallow disabling compress on non-empty compressed file f2fs: fix incorrect return value in f2fs_sanity_check_ckpt() clk: ingenic: Fix bugs with divided dividers clk/ast2600: Fix soc revision for AHB clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() perf/x86/vlbr: Add c->flags to vlbr event constraints blkcg: Remove extra blkcg_bio_issue_init tracing/histogram: Do not copy the fixed-size char array field over the field size perf bpf: Avoid memory leak from perf_env__insert_btf() perf bench futex: Fix memory leak of perf_cpu_map__new() perf tests: Remove bash construct from record+zstd_comp_decomp.sh drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame net-zerocopy: Copy straggler unaligned data for TCP Rx. zerocopy. net-zerocopy: Refactor skb frag fast-forward op. tcp: Fix uninitialized access in skb frags array for Rx 0cp. tracing: Add length protection to histogram string copies net: ipa: disable HOLB drop when updating timer net: bnx2x: fix variable dereferenced before check bnxt_en: reject indirect blk offload when hw-tc-offload is off tipc: only accept encrypted MSG_CRYPTO msgs net: reduce indentation level in sk_clone_lock() sock: fix /proc/net/sockstat underflow in sk_clone_lock() net/smc: Make sure the link_id is unique iavf: Fix return of set the new channel count iavf: check for null in iavf_fix_features iavf: free q_vectors before queues in iavf_disable_vf iavf: Fix failure to exit out from last all-multicast mode iavf: prevent accidental free of filter structure iavf: validate pointers iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset iavf: Fix for setting queues to 0 MIPS: generic/yamon-dt: fix uninitialized variable error mips: bcm63xx: add support for clk_get_parent() mips: lantiq: add support for clk_get_parent() platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() net/mlx5: Lag, update tracker when state change event received net/mlx5: E-Switch, Change mode lock from mutex to rw semaphore net/mlx5: E-Switch, return error if encap isn't supported scsi: core: sysfs: Fix hang when device state is set via sysfs net: sched: act_mirred: drop dst for the direction from egress to ingress net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove net: virtio_net_hdr_to_skb: count transport header in UFO i40e: Fix correct max_pkt_size on VF RX queue i40e: Fix NULL ptr dereference on VSI filter sync i40e: Fix changing previously set num_queue_pairs for PFs i40e: Fix ping is lost after configuring ADq on VF i40e: Fix warning message and call stack during rmmod i40e driver i40e: Fix creation of first queue by omitting it if is not power of two i40e: Fix display error code in dmesg NFC: reorganize the functions in nci_request NFC: reorder the logic in nfc_{un,}register_device net: nfc: nci: Change the NCI close sequence NFC: add NCI_UNREG flag to eliminate the race e100: fix device suspend/resume KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() pinctrl: qcom: sdm845: Enable dual edge errata perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server s390/kexec: fix return code handling net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices arm64: vdso32: suppress error message for 'make mrproper' tun: fix bonding active backup with arp monitoring hexagon: export raw I/O routines for modules hexagon: clean up timer-regs.h tipc: check for null after calling kmemdup ipc: WARN if trying to remove ipc object which is absent mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() s390/kexec: fix memory leak of ipl report buffer block: Check ADMIN before NICE for IOPRIO_CLASS_RT KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load udf: Fix crash after seekdir net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform btrfs: fix memory ordering between normal and ordered work functions parisc/sticon: fix reverse colors cfg80211: call cfg80211_stop_ap when switch from P2P_GO type drm/amd/display: Update swizzle mode enums drm/udl: fix control-message timeout drm/nouveau: Add a dedicated mutex for the clients list drm/nouveau: use drm_dev_unplug() during device removal drm/nouveau: clean up all clients on device removal drm/i915/dp: Ensure sink rate values are always valid drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors scsi: ufs: core: Fix task management completion scsi: ufs: core: Fix task management completion timeout race hugetlbfs: flush TLBs correctly after huge_pmd_unshare RDMA/netlink: Add __maybe_unused to static inline in C file selinux: fix NULL-pointer dereference when hashtab allocation fails ASoC: DAPM: Cover regression by kctl change notification fix usb: max-3421: Use driver data instead of maintaining a list of bound devices ice: Delete always true check of PF pointer fs: export an inode_update_time helper btrfs: update device path inode time instead of bd_inode x86/Kconfig: Fix an unused variable error in dell-smm-hwmon ALSA: hda: hdac_ext_stream: fix potential locking issues ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() Revert "perf: Rework perf_event_exit_event()" Linux 5.10.82 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I56e067875dafc27c2e86fc3b8c47abb3296c6a18	2021-11-26 15:37:44 +01:00
Nguyen Dinh Phi	7b97b5776d	cfg80211: call cfg80211_stop_ap when switch from P2P_GO type ... commit 563fbefed4 upstream. If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com> Reported-by: syzbot+bbf402b783eeb6d908db@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20211027173722.777287-1-phind.uet@gmail.com Cc: stable@vger.kernel.org Fixes: ac800140c2 ("cfg80211: .stop_ap when interface is going down") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-26 10:39:20 +01:00
Greg Kroah-Hartman	a739489620	This is the 5.10.77 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGBh/8ACgkQONu9yGCS aT4Eqw/+KclqUpaZ3Jb6e7CBIWYg5+XmVdTmnnvOZC82XbHDoRK9ZWfGqhFB6ODv 1KAp5kEBXh0hEmXi94ZQtzhiqr29R0H+rTBRpcpEVg/7PtLyrOQ+MAp8pszaJChO 3zhtN4NkEYV8hfl1T8fo0etcplZvnlK4HDEewFgQ0/WgZciN2J7Cqc47snx9tFia wnUiSOqM8yalsnLjoFnqQYZF2YouH8pqb5UblWSTUGcjdNBRpRqzdW0Ybokzzj5L SsZPV3EqNMZg28yBsFB/XMVriJ/jYpHES8m0wJPxE4SJlrI5wcwm/QhufMZbRorJ hQeTkvQTggk0d2O/RNA2vLFIYhBkHd6w4+PkFpsC+kbwQmArW8x5cNM83KsBL6N0 sc3pF9vVxTroObczgVa6nh9Ux2AhfdtmYGSqXZCX4wHb35QYTyNv4if89WnOLZDm hri3MfnVs7meLSFXUNH6RTdxz/nqp+TRd3hzLtNmp7EJ3U0CMeqB9G1nzbMi6vhD 1VYSJIuhGiuh3md9U5+xvimqVlckzbRztZBcnKhpV2ZS3Zq++Emf7cNKmRTpnXwC SDX6ngYdYGvVuyW6UubPINEcGPzGnN/PSVNAEzTw0YsIpZGnjYVsKIlDj3LXDKdo cSX60b6aEKoCT+LJHHDEMB6MaOVdH+FtDmyNz3fn7BFg9N/711s= =bsKj -----END PGP SIGNATURE----- Merge 5.10.77 into android12-5.10-lts Changes in 5.10.77 ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ARM: 9134/1: remove duplicate memcpy() definition ARM: 9138/1: fix link warning with XIP + frame-pointer ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype ARM: 9141/1: only warn about XIP address when not compile testing io_uring: don't take uring_lock during iowq cancel powerpc/bpf: Fix BPF_MOD when imm == 1 arm64: Avoid premature usercopy failure ext4: fix possible UAF when remounting r/o a mmp-protected file system usbnet: sanity check for maxpacket usbnet: fix error return code in usbnet_probe() Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" pinctrl: amd: disable and mask interrupts on probe ata: sata_mv: Fix the error handling of mv_chip_id() tipc: fix size validations for the MSG_CRYPTO type nfc: port100: fix using -ERRNO as command type mask Revert "net: mdiobus: Fix memory leak in __mdiobus_register" net/tls: Fix flipped sign in tls_err_abort() calls mmc: vub300: fix control-message timeouts mmc: cqhci: clear HALT state after CQE enable mmc: mediatek: Move cqhci init behind ungate clock mmc: dw_mmc: exynos: fix the finding clock sample value mmc: sdhci: Map more voltage level to SDHCI_POWER_330 mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit ocfs2: fix race between searching chunks and release journal_head from buffer_head nvme-tcp: fix H2CData PDU send accounting (again) cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() cfg80211: fix management registrations locking net: lan78xx: fix division by zero in send path mm, thp: bail out early in collapse_file for writeback page drm/ttm: fix memleak in ttm_transfered_destroy drm/amdgpu: fix out of bounds write cgroup: Fix memory leak caused by missing cgroup_bpf_offline riscv, bpf: Fix potential NULL dereference tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function bpf: Fix potential race in tail call compatibility check bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch() IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields IB/hfi1: Fix abba locking issue with sc_disable() nvmet-tcp: fix data digest pointer calculation nvme-tcp: fix data digest pointer calculation nvme-tcp: fix possible req->offset corruption octeontx2-af: Display all enabled PF VF rsrc_alloc entries. RDMA/mlx5: Set user priority for DCT arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node reset: brcmstb-rescal: fix incorrect polarity of status bit regmap: Fix possible double-free in regcache_rbtree_exit() net: batman-adv: fix error handling net-sysfs: initialize uid and gid before calling net_ns_get_ownership cfg80211: correct bridge/4addr mode check net: Prevent infinite while loop in skb_tx_hash() RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string gpio: xgs-iproc: fix parsing of ngpios property nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST mlxsw: pci: Recycle received packet upon allocation failure net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent net: nxp: lpc_eth.c: avoid hang when bringing interface down net/tls: Fix flipped sign in async_wait.err assignment phy: phy_ethtool_ksettings_get: Lock the phy for consistency phy: phy_ethtool_ksettings_set: Move after phy_start_aneg phy: phy_start_aneg: Add an unlocked version phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings sctp: use init_tag from inithdr for ABORT chunk sctp: fix the processing for INIT_ACK chunk sctp: fix the processing for COOKIE_ECHO chunk sctp: add vtag check in sctp_sf_violation sctp: add vtag check in sctp_sf_do_8_5_1_E_sa sctp: add vtag check in sctp_sf_ootb lan743x: fix endianness when accessing descriptors KVM: s390: clear kicked_mask before sleeping again KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu scsi: ufs: ufs-exynos: Correct timeout value setting registers riscv: fix misalgned trap vector base address riscv: Fix asan-stack clang build perf script: Check session->header.env.arch before using it Linux 5.10.77 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4cd89af4d20b7a8a1a6d9906233d1aaf026659a8	2021-11-02 20:03:12 +01:00
Janusz Dziedzic	04121b10cd	cfg80211: correct bridge/4addr mode check ... commit 689a0a9f50 upstream. Without the patch we fail: $ sudo brctl addbr br0 $ sudo brctl addif br0 wlp1s0 $ sudo iw wlp1s0 set 4addr on command failed: Device or resource busy (-16) Last command failed but iface was already in 4addr mode. Fixes: ad4bb6f888 ("cfg80211: disallow bridging managed/adhoc interfaces") Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com> Link: https://lore.kernel.org/r/20211024201546.614379-1-janusz.dziedzic@gmail.com [add fixes tag, fix indentation, edit commit log] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-02 19:48:22 +01:00
Johannes Berg	4c22227e39	cfg80211: fix management registrations locking ... commit 09b1d5dc6c upstream. The management registrations locking was broken, the list was locked for each wdev, but cfg80211_mgmt_registrations_update() iterated it without holding all the correct spinlocks, causing list corruption. Rather than trying to fix it with fine-grained locking, just move the lock to the wiphy/rdev (still need the list on each wdev), we already need to hold the wdev lock to change it, so there's no contention on the lock in any case. This trivially fixes the bug since we hold one wdev's lock already, and now will hold the lock that protects all lists. Cc: stable@vger.kernel.org Reported-by: Jouni Malinen <j@w1.fi> Fixes: 6cd536fe62 ("cfg80211: change internal management frame registration API") Link: https://lore.kernel.org/r/20211025133111.5cf733eab0f4.I7b0abb0494ab712f74e2efcd24bb31ac33f7eee9@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-02 19:48:20 +01:00
Johannes Berg	fa29cec42c	cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() ... commit a2083eeb11 upstream. The SSID pointer is pointing to RCU protected data, so we need to have it under rcu_read_lock() for the entire use. Fix this. Cc: stable@vger.kernel.org Fixes: 0b8fb8235b ("cfg80211: Parsing of Multiple BSSID information in scanning") Link: https://lore.kernel.org/r/20210930131120.6ddfc603aa1d.I2137344c4e2426525b1a8e4ce5fca82f8ecbfe7e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-02 19:48:20 +01:00
Greg Kroah-Hartman	8b444656fa	This is the 5.10.56 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEKcCUACgkQONu9yGCS aT7sMw/7BNJDmX9w+p1lgTIJJzSuz8C/eNgbeZgK7CE4DovO+WL9oEm53vqYcDDo j5REnrRhxcBYxwG/GXl1Oniv1wHqw0SplV+5G2NH1RMy23eSFGCw+8G+YOEJnU3P 94hJuEs/43Py7eZV/VtyO2UMdDRnGI6MlNvu18YjnRJcdqIIl2gln1G8wbyySYVb wR1rudvtiEdrmTQr7qGxeIrZNKGwFl0KxEl8j9X/aqxvfe8PRVYKlmtwblf5rybe TElQxz2XGRgk8g2yWQmnNoU6rfFHdZ4lTnCwfpFA1XE6/HBA64/1p22QTJUZvyOU pbQc1MRaoUncGV9UFAMY1j38JFsVar7YHHOcpp9YIJOjoyiAw4aatGDcntdWDCiG X1mCSLs10/xGRPaJJXulp786MH4aTR5qIeoNg8mu3Z3In4ElbBW5xr0wa3N8gs3O lEnK/gT2MHiQ1boa+Qy3W+XZmOjWtL69JgbOyRcOYS6lkHL4DFlGL2Nn5u8qGfL4 hzohJzH36W5SUHDQiYTt1wLNu4iHpAECjxcnk9fCvlcHA5Yu1bqgyQ62i3C9RA6a /aO0B0yraHmvCAboemDsESwylxmpiRB3caqKtzlaZjoiOfPydcBwJM46ZfbzLNPh l+/YKK2tLOXWyRIhEv8183tVeu7mZ02xjsetPtLltZPJqR+SJKE= =8nLw -----END PGP SIGNATURE----- Merge 5.10.56 into android12-5.10-lts Changes in 5.10.56 selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c io_uring: fix null-ptr-deref in io_sq_offload_start() x86/asm: Ensure asm/proto.h can be included stand-alone pipe: make pipe writes always wake up readers btrfs: fix rw device counting in __btrfs_free_extra_devids btrfs: mark compressed range uptodate only if all bio succeed Revert "ACPI: resources: Add checks for ACPI IRQ override" ACPI: DPTF: Fix reading of attributes x86/kvm: fix vcpu-id indexed array sizes KVM: add missing compat KVM_CLEAR_DIRTY_LOG ocfs2: fix zero out valid data ocfs2: issue zeroout to EOF blocks can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF can: peak_usb: pcan_usb_handle_bus_evt(): fix reading rxerr/txerr values can: mcba_usb_start(): add missing urb->transfer_dma initialization can: usb_8dev: fix memory leak can: ems_usb: fix memory leak can: esd_usb2: fix memory leak alpha: register early reserved memory in memblock HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT NIU: fix incorrect error return, missed in previous revert drm/amd/display: ensure dentist display clock update finished in DCN20 drm/amdgpu: Avoid printing of stack contents on firmware load error drm/amdgpu: Fix resource leak on probe error path blk-iocost: fix operation ordering in iocg_wake_fn() nfc: nfcsim: fix use after free during module unload cfg80211: Fix possible memory leak in function cfg80211_bss_update RDMA/bnxt_re: Fix stats counters bpf: Fix OOB read when printing XDP link fdinfo mac80211: fix enabling 4-address mode on a sta vif after assoc netfilter: conntrack: adjust stop timestamp to real expiry value netfilter: nft_nat: allow to specify layer 4 protocol NAT only i40e: Fix logic of disabling queues i40e: Fix firmware LLDP agent related warning i40e: Fix queue-to-TC mapping on Tx i40e: Fix log TC creation failure when max num of queues is exceeded tipc: fix implicit-connect for SYN+ tipc: fix sleeping in tipc accept routine net: Set true network header for ECN decapsulation net: qrtr: fix memory leaks ionic: remove intr coalesce update from napi ionic: fix up dim accounting for tx and rx ionic: count csum_none when offload enabled tipc: do not write skb_shinfo frags when doing decrytion octeontx2-pf: Fix interface down flag on error mlx4: Fix missing error code in mlx4_load_one() KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK access net: llc: fix skb_over_panic drm/msm/dpu: Fix sm8250_mdp register length drm/msm/dp: Initialize the INTF_CONFIG register skmsg: Make sk_psock_destroy() static net/mlx5: Fix flow table chaining net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() sctp: fix return value check in __sctp_rcv_asconf_lookup tulip: windbond-840: Fix missing pci_disable_device() in probe and remove sis900: Fix missing pci_disable_device() in probe and remove can: hi311x: fix a signedness bug in hi3110_cmd() bpf: Introduce BPF nospec instruction for mitigating Spectre v4 bpf: Fix leakage due to insufficient speculative store bypass mitigation bpf: Remove superfluous aux sanitation on subprog rejection bpf: verifier: Allocate idmap scratch in verifier env bpf: Fix pointer arithmetic mask tightening under state pruning SMB3: fix readpage for large swap cache powerpc/pseries: Fix regression while building external modules Revert "perf map: Fix dso->nsinfo refcounting" i40e: Add additional info to PHY type error can: j1939: j1939_session_deactivate(): clarify lifetime of session object Linux 5.10.56 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib3c9244afb7ee5d6ee8d3235efe8956898f486c4	2021-08-04 15:02:23 +02:00
Nguyen Dinh Phi	c8667cb406	cfg80211: Fix possible memory leak in function cfg80211_bss_update ... commit f9a5c358c8 upstream. When we exceed the limit of BSS entries, this function will free the new entry, however, at this time, it is the last door to access the inputed ies, so these ies will be unreferenced objects and cause memory leak. Therefore we should free its ies before deallocating the new entry, beside of dropping it from hidden_list. Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com> Link: https://lore.kernel.org/r/20210628132334.851095-1-phind.uet@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-08-04 12:46:41 +02:00
Greg Kroah-Hartman	8db62be3c3	This is the 5.10.51 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmD1LZUACgkQONu9yGCS aT7gERAArjYemBSkD4/nq5HvxoVu7ueEyqI2orJCyB6b5npPrBZjlKna3SuYuNUF CmcX5Y2Ynxd3gWJvYFEJdAAQAEtKAzPdPv0QJ+KiLSP2bEZ4Q5grEJXfzcgxcB4L fUfaCZnUwjoII5xzW1+U2zCJ7YtGx5hZySLKMxSEc0IzawDlfMx4HdwlohXzczsA Zq3/sTJcW30PWSp6MSuMOH//lPh7sAoCnksAv4Yb8MZYZjC8JNnKFn+IwRUGWEMZ sFtNbq51sMgGq4TjYBIdO6wBElP4dgWJhYc4cO0667cDvgp6iod/bKlOLJSiwIVX uPWkyPihH9ZUvNVY0TxjjnxS1rnM0QhH+cEXNGn+SE7KaNmzsI2MaR+DVA2yWcFr 9edqTq5x2CJJ0R/oXHP4nYFtsvlV/QcirlrF0OZHYwz84b16f37Ac7tHOQpr3kNO N29AW0l5XmpxbfHgo1Iaoi02seouLC47vRkvjTpS9mValGUC0ciXTb97CK4FremE 34rskxIRWBU8HECYioFOeHTAi0+xb/9tOj87BnB5CJ28CD2Md27TTdorsISnqPb0 /ER89QfVtlJLi17wGB0rlAm8fDF3Cy6BnA57QIql1z1NbJGc1cxenEAFiIOnbQ5G t6SLs3mgqpQizsKUFYimCWa04ZzY4Bg8H9bAI+M+9w7J6yujQzI= =dGMa -----END PGP SIGNATURE----- Merge 5.10.51 into android12-5.10-lts Changes in 5.10.51 drm/mxsfb: Don't select DRM_KMS_FB_HELPER drm/zte: Don't select DRM_KMS_FB_HELPER drm/ast: Fixed CVE for DP501 drm/amd/display: fix HDCP reset sequence on reinitialize drm/amd/amdgpu/sriov disable all ip hw status by default drm/vc4: fix argument ordering in vc4_crtc_get_margins() drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() drm/amd/display: fix use_max_lb flag for 420 pixel formats clk: renesas: rcar-usb2-clock-sel: Fix error handling in .probe() hugetlb: clear huge pte during flush function on mips platform atm: iphase: fix possible use-after-free in ia_module_exit() mISDN: fix possible use-after-free in HFC_cleanup() atm: nicstar: Fix possible use-after-free in nicstar_cleanup() net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() net: mdio: ipq8064: add regmap config to disable REGCACHE drm/bridge: lt9611: Add missing MODULE_DEVICE_TABLE reiserfs: add check for invalid 1st journal block drm/virtio: Fix double free on probe failure net: mdio: provide shim implementation of devm_of_mdiobus_register net/sched: cls_api: increase max_reclassify_loop pinctrl: equilibrium: Add missing MODULE_DEVICE_TABLE drm/scheduler: Fix hang when sched_entity released drm/sched: Avoid data corruptions udf: Fix NULL pointer dereference in udf_symlink function drm/vc4: Fix clock source for VEC PixelValve on BCM2711 drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() e100: handle eeprom as little endian igb: handle vlan types with checker enabled igb: fix assignment on big endian machines drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() clk: renesas: r8a77995: Add ZA2 clock net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec packet net/mlx5: Fix lag port remapping logic drm: rockchip: add missing registers for RK3188 drm: rockchip: add missing registers for RK3066 net: stmmac: the XPCS obscures a potential "PHY not found" error RDMA/rtrs: Change MAX_SESS_QUEUE_DEPTH clk: tegra: Fix refcounting of gate clocks clk: tegra: Ensure that PLLU configuration is applied properly drm: bridge: cdns-mhdp8546: Fix PM reference leak in virtio-net: Add validation for used length ipv6: use prandom_u32() for ID generation MIPS: cpu-probe: Fix FPU detection on Ingenic JZ4760(B) MIPS: ingenic: Select CPU_SUPPORTS_CPUFREQ && MIPS_EXTERNAL_TIMER drm/amd/display: Avoid HDCP over-read and corruption drm/amdgpu: remove unsafe optimization to drop preamble ib net: tcp better handling of reordering then loss cases RDMA/cxgb4: Fix missing error code in create_qp() dm space maps: don't reset space map allocation cursor when committing dm writecache: don't split bios when overwriting contiguous cache content dm: Fix dm_accept_partial_bio() relative to zone management commands net: bridge: mrp: Update ring transitions. pinctrl: mcp23s08: fix race condition in irq handler ice: set the value of global config lock timeout longer ice: fix clang warning regarding deadcode.DeadStores virtio_net: Remove BUG() to avoid machine dead net: mscc: ocelot: check return value after calling platform_get_resource() net: bcmgenet: check return value after calling platform_get_resource() net: mvpp2: check return value after calling platform_get_resource() net: micrel: check return value after calling platform_get_resource() net: moxa: Use devm_platform_get_and_ioremap_resource() drm/amd/display: Fix DCN 3.01 DSCCLK validation drm/amd/display: Update scaling settings on modeset drm/amd/display: Release MST resources on switch from MST to SST drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 drm/amd/display: Fix off-by-one error in DML net: phy: realtek: add delay to fix RXC generation issue selftests: Clean forgotten resources as part of cleanup() net: sgi: ioc3-eth: check return value after calling platform_get_resource() drm/amdkfd: use allowed domain for vmbo validation fjes: check return value after calling platform_get_resource() selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check xfrm: Fix error reporting in xfrm_state_construct. dm writecache: commit just one block, not a full page wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP wl1251: Fix possible buffer overflow in wl1251_cmd_scan cw1200: add missing MODULE_DEVICE_TABLE drm/amdkfd: fix circular locking on get_wave_state drm/amdkfd: Fix circular lock in nocpsch path bpf: Fix up register-based shifts in interpreter to silence KUBSAN ice: fix incorrect payload indicator on PTYPE ice: mark PTYPE 2 as reserved mt76: mt7615: fix fixed-rate tx status reporting net: fix mistake path for netdev_features_strings net: ipa: Add missing of_node_put() in ipa_firmware_load() net: sched: fix error return code in tcf_del_walker() io_uring: fix false WARN_ONCE drm/amdgpu: fix bad address translation for sienna_cichlid drm/amdkfd: Walk through list with dqm lock hold mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode rtl8xxxu: Fix device info for RTL8192EU devices MIPS: add PMD table accounting into MIPS'pmd_alloc_one net: fec: add ndo_select_queue to fix TX bandwidth fluctuations atm: nicstar: use 'dma_free_coherent' instead of 'kfree' atm: nicstar: register the interrupt handler in the right place vsock: notify server to shutdown when client has pending signal RDMA/rxe: Don't overwrite errno from ib_umem_get() iwlwifi: mvm: don't change band on bound PHY contexts iwlwifi: mvm: fix error print when session protection ends iwlwifi: pcie: free IML DMA memory allocation iwlwifi: pcie: fix context info freeing sfc: avoid double pci_remove of VFs sfc: error code if SRIOV cannot be disabled wireless: wext-spy: Fix out-of-bounds warning cfg80211: fix default HE tx bitrate mask in 2G band mac80211: consider per-CPU statistics if present mac80211_hwsim: add concurrent channels scanning support over virtio IB/isert: Align target max I/O size to initiator size media, bpf: Do not copy more entries than user space requested net: ip: avoid OOM kills with large UDP sends over loopback RDMA/cma: Fix rdma_resolve_route() memory leak Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip. Bluetooth: Fix the HCI to MGMT status conversion table Bluetooth: Fix alt settings for incoming SCO with transparent coding format Bluetooth: Shutdown controller after workqueues are flushed or cancelled Bluetooth: btusb: Add a new QCA_ROME device (0cf3:e500) Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails Bluetooth: L2CAP: Fix invalid access on ECRED Connection response Bluetooth: btusb: Add support USB ALT 3 for WBS Bluetooth: mgmt: Fix the command returns garbage parameter value Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. sched/fair: Ensure _sum and _avg values stay consistent bpf: Fix false positive kmemleak report in bpf_ringbuf_area_alloc() flow_offload: action should not be NULL when it is referenced sctp: validate from_addr_param return sctp: add size validation when walking chunks MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops MIPS: set mips32r5 for virt extensions selftests/resctrl: Fix incorrect parsing of option "-t" MIPS: MT extensions are not available on MIPS32r1 ath11k: unlock on error path in ath11k_mac_op_add_interface() arm64: dts: rockchip: add rk3328 dwc3 usb controller node arm64: dts: rockchip: Enable USB3 for rk3328 Rock64 loop: fix I/O error on fsync() in detached loop devices mm,hwpoison: return -EBUSY when migration fails io_uring: simplify io_remove_personalities() io_uring: Convert personality_idr to XArray io_uring: convert io_buffer_idr to XArray scsi: iscsi: Fix race condition between login and sync thread scsi: iscsi: Fix iSCSI cls conn state powerpc/mm: Fix lockup on kernel exec fault powerpc/barrier: Avoid collision with clang's __lwsync macro powerpc/powernv/vas: Release reference to tgid during window close drm/amdgpu: Update NV SIMD-per-CU to 2 drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 drm/vc4: txp: Properly set the possible_crtcs mask drm/vc4: crtc: Skip the TXP drm/vc4: hdmi: Prevent clock unbalance drm/dp: Handle zeroed port counts in drm_dp_read_downstream_info() drm/rockchip: dsi: remove extra component_del() call drm/amd/display: fix incorrrect valid irq check pinctrl/amd: Add device HID for new AMD GPIO controller drm/amd/display: Reject non-zero src_y and src_x for video planes drm/tegra: Don't set allow_fb_modifiers explicitly drm/msm/mdp4: Fix modifier support enabling drm/arm/malidp: Always list modifiers drm/nouveau: Don't set allow_fb_modifiers explicitly drm/i915/display: Do not zero past infoframes.vsc mmc: sdhci-acpi: Disable write protect detection on Toshiba Encore 2 WT8-B mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode mmc: core: clear flags before allowing to retune mmc: core: Allow UHS-I voltage switch for SDSC cards if supported ata: ahci_sunxi: Disable DIPM arm64: tlb: fix the TTL value of tlb_get_level cpu/hotplug: Cure the cpusets trainwreck clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround fpga: stratix10-soc: Add missing fpga_mgr_free() call ASoC: tegra: Set driver_name=tegra for all machine drivers i40e: fix PTP on 5Gb links qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute ipmi/watchdog: Stop watchdog timer when the current action is 'none' thermal/drivers/int340x/processor_thermal: Fix tcc setting ubifs: Fix races between xattr_{set|get} and listxattr operations power: supply: ab8500: Fix an old bug mfd: syscon: Free the allocated name field of struct regmap_config nvmem: core: add a missing of_node_put lkdtm/bugs: XFAIL UNALIGNED_LOAD_STORE_WRITE selftests/lkdtm: Fix expected text for CR4 pinning extcon: intel-mrfld: Sync hardware and software state on init seq_buf: Fix overflow in seq_buf_putmem_hex() rq-qos: fix missed wake-ups in rq_qos_throttle try two tracing: Simplify & fix saved_tgids logic tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe coresight: Propagate symlink failure coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() dm zoned: check zone capacity dm writecache: flush origin device when writing and cache is full dm btree remove: assign new_root only when removal succeeds PCI: Leave Apple Thunderbolt controllers on for s2idle or standby PCI: aardvark: Fix checking for PIO Non-posted Request PCI: aardvark: Implement workaround for the readback value of VEND_ID media: subdev: disallow ioctl for saa6588/davinci media: dtv5100: fix control-request directions media: zr364xx: fix memory leak in zr364xx_start_readpipe media: gspca/sq905: fix control-request direction media: gspca/sunplus: fix zero-length control requests media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K io_uring: fix clear IORING_SETUP_R_DISABLED in wrong function dm writecache: write at least 4k when committing pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() drm/ast: Remove reference to struct drm_device.pdev jfs: fix GPF in diFree smackfs: restrict bytes count in smk_set_cipso() ext4: fix memory leak in ext4_fill_super f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances Linux 5.10.51 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Icb10fed733a0050848ecc23db13ae3d134895acd	2021-07-19 17:29:53 +02:00
Ping-Ke Shih	1b728869a1	cfg80211: fix default HE tx bitrate mask in 2G band ... [ Upstream commit 9df66d5b9f ] In 2G band, a HE sta can only supports HT and HE, but not supports VHT. In this case, default HE tx bitrate mask isn't filled, when we use iw to set bitrates without any parameter. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://lore.kernel.org/r/20210609075944.51130-1-pkshih@realtek.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2021-07-19 09:44:53 +02:00
Gustavo A. R. Silva	0a7ba5d373	wireless: wext-spy: Fix out-of-bounds warning ... [ Upstream commit e93bdd7840 ] Fix the following out-of-bounds warning: net/wireless/wext-spy.c:178:2: warning: 'memcpy' offset [25, 28] from the object at 'threshold' is out of the bounds of referenced subobject 'low' with type 'struct iw_quality' at offset 20 [-Warray-bounds] The problem is that the original code is trying to copy data into a couple of struct members adjacent to each other in a single call to memcpy(). This causes a legitimate compiler warning because memcpy() overruns the length of &threshold.low and &spydata->spy_thr_low. As these are just a couple of struct members, fix this by using direct assignments, instead of memcpy(). This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422200032.GA168995@embeddedor Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2021-07-19 09:44:52 +02:00
Greg Kroah-Hartman	194be71cc6	Linux 5.10.47 ... -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmDcbDgACgkQ3qZv95d3 LNwUuQ//VDlmBPk/3w1FYvg9N9q/t1GHkVJXmD8TY/ClLdJtgxPYeoRu1VNLR/xf Y2kwZEF07yMA88RME56Zwt3p+LBbacrp5MoNdzEA48kb7auGBPk1HIscBg2PXC+C AnlC/O4/NAW6Okb+lLFL7XFM4xrlDBkNr5yTz2HmQSQC3JFfov0FcrON3KKTL5Bi aeyWjhn1NnhkKCDaKUl7kKlCQ2x7buu/YmvJK2OdGmuLZVywzto76RS+Xx3X0CnK pPkmciZSS7Gxi6UJel/zza0UwlKg5+IhFzfYVt0nsTFMjk/4QStAoevu7TFnbVD3 yM7nzJpAQmVLs/X9sC0rgg9rCBUyp9d4ddba8bCUqaxpPQfMObWI8S5F8tfzBnK/ h8P5xfs8u4O1AzpRr+YSN2Hbvak47e/4c5UOvvYj6z8NaIEb7DGbaUv/JE5YRVZ0 ZEVZ1auEpHcSVAGz6DUwuwzc8Rk0NdskES5DD53QxNLXDoF1CVdsD44xUuJH1/HA //3S1SWxvwF9UQ+w+sk/Z6pzUj+CdFigou3QzwB+vAZ04n0JawRSuqyijkCqFOP5 88iCMgxZ5qAYJ1TzQ6gV7cA0tSbteBF/HERNmdadyGvse9KtxkaBAfFmvIpd9D8J fTepYVuneP9cGqaGDUtsqHzM5YLrIkCSxABjgIvpNTt0eJL5c2k= =TKhf -----END PGP SIGNATURE----- Merge 5.10.47 into android12-5.10-lts Changes in 5.10.47 module: limit enabling module.sig_enforce Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue." Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell." drm: add a locked version of drm_is_current_master drm/nouveau: wait for moving fence after pinning v2 drm/radeon: wait for moving fence after pinning drm/amdgpu: wait for moving fence after pinning ARM: 9081/1: fix gcc-10 thumb2-kernel regression mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk MIPS: generic: Update node names to avoid unit addresses arm64: Ignore any DMA offsets in the max_zone_phys() calculation arm64: Force NO_BLOCK_MAPPINGS if crashkernel reservation is required spi: spi-nxp-fspi: move the register operation after the clock enable Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" drm/vc4: hdmi: Move the HSM clock enable to runtime_pm drm/vc4: hdmi: Make sure the controller is powered in detect x86/entry: Fix noinstr fail in __do_fast_syscall_32() x86/xen: Fix noinstr fail in exc_xen_unknown_trap() locking/lockdep: Improve noinstr vs errors perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context perf/x86/intel/lbr: Zero the xstate buffer on allocation dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() dmaengine: stm32-mdma: fix PM reference leak in stm32_mdma_alloc_chan_resourc() dmaengine: xilinx: dpdma: Add missing dependencies to Kconfig dmaengine: xilinx: dpdma: Limit descriptor IDs to 16 bits mac80211: remove warning in ieee80211_get_sband() mac80211_hwsim: drop pending frames on stop cfg80211: call cfg80211_leave_ocb when switching away from OCB dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() dmaengine: mediatek: free the proper desc in desc_free handler dmaengine: mediatek: do not issue a new desc if one is still current dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma net: ipv4: Remove unneed BUG() function mac80211: drop multicast fragments net: ethtool: clear heap allocations for ethtool function inet: annotate data race in inet_send_prepare() and inet_dgram_connect() ping: Check return value of function 'ping_queue_rcv_skb' net: annotate data race in sock_error() inet: annotate date races around sk->sk_txhash net/packet: annotate data race in packet_sendmsg() net: phy: dp83867: perform soft reset and retain established link riscv32: Use medany C model for modules net: caif: fix memory leak in ldisc_open net/packet: annotate accesses to po->bind net/packet: annotate accesses to po->ifindex r8152: Avoid memcpy() over-reading of ETH_SS_STATS sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS r8169: Avoid memcpy() over-reading of ETH_SS_STATS KVM: selftests: Fix kvm_check_cap() assertion net: qed: Fix memcpy() overflow of qed_dcbx_params() mac80211: reset profile_periodicity/ema_ap mac80211: handle various extensible elements correctly recordmcount: Correct st_shndx handling PCI: Add AMD RS690 quirk to enable 64-bit DMA net: ll_temac: Add memory-barriers for TX BD access net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY perf/x86: Track pmu in per-CPU cpu_hw_events pinctrl: stm32: fix the reported number of GPIO lines per bank i2c: i801: Ensure that SMBHSTSTS_INUSE_STS is cleared when leaving i801_access gpiolib: cdev: zero padding during conversion to gpioline_info_changed scsi: sd: Call sd_revalidate_disk() for ioctl(BLKRRPART) nilfs2: fix memory leak in nilfs_sysfs_delete_device_group s390/stack: fix possible register corruption with stack switch helper KVM: do not allow mapping valid but non-reference-counted pages i2c: robotfuzz-osif: fix control-request directions ceph: must hold snap_rwsem when filling inode for async create kthread_worker: split code for canceling the delayed work timer kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() x86/fpu: Make init_fpstate correct with optimized XSAVE mm: add VM_WARN_ON_ONCE_PAGE() macro mm/rmap: remove unneeded semicolon in page_not_mapped() mm/rmap: use page_not_mapped in try_to_unmap() mm, thp: use head page in __migration_entry_wait() mm/thp: fix __split_huge_pmd_locked() on shmem migration entry mm/thp: make is_huge_zero_pmd() safe and quicker mm/thp: try_to_unmap() use TTU_SYNC for safe splitting mm/thp: fix vma_address() if virtual address below file offset mm/thp: fix page_address_in_vma() on file THP tails mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split mm: page_vma_mapped_walk(): use page for pvmw->page mm: page_vma_mapped_walk(): settle PageHuge on entry mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block mm: page_vma_mapped_walk(): crossing page table boundary mm: page_vma_mapped_walk(): add a level of indentation mm: page_vma_mapped_walk(): use goto instead of while (1) mm: page_vma_mapped_walk(): get vma_address_end() earlier mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() mm, futex: fix shared futex pgoff on shmem huge page KVM: SVM: Call SEV Guest Decommission if ASID binding fails swiotlb: manipulate orig_addr when tlb_addr has offset netfs: fix test for whether we can skip read when writing beyond EOF Revert "drm: add a locked version of drm_is_current_master" certs: Add EFI_CERT_X509_GUID support for dbx entries certs: Move load_system_certificate_list to a common function certs: Add ability to preload revocation certs integrity: Load mokx variables into the blacklist keyring Linux 5.10.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I68f731ad78a5db003c41093e4faf59f6f9f2e446	2021-06-30 19:38:46 +02:00
Du Cheng	6a07cf3606	cfg80211: call cfg80211_leave_ocb when switching away from OCB ... [ Upstream commit a64b6a25dd ] If the userland switches back-and-forth between NL80211_IFTYPE_OCB and NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), there is a chance where the cleanup cfg80211_leave_ocb() is not called. This leads to initialization of in-use memory (e.g. init u.ibss while in-use by u.ocb) due to a shared struct/union within ieee80211_sub_if_data: struct ieee80211_sub_if_data { ... union { struct ieee80211_if_ap ap; struct ieee80211_if_vlan vlan; struct ieee80211_if_managed mgd; struct ieee80211_if_ibss ibss; // <- shares address struct ieee80211_if_mesh mesh; struct ieee80211_if_ocb ocb; // <- shares address struct ieee80211_if_mntr mntr; struct ieee80211_if_nan nan; } u; ... } Therefore add handling of otype == NL80211_IFTYPE_OCB, during cfg80211_change_iface() to perform cleanup when leaving OCB mode. link to syzkaller bug: https://syzkaller.appspot.com/bug?id=0612dbfa595bf4b9b680ff7b4948257b8e3732d5 Reported-by: syzbot+105896fac213f26056f9@syzkaller.appspotmail.com Signed-off-by: Du Cheng <ducheng2@gmail.com> Link: https://lore.kernel.org/r/20210428063941.105161-1-ducheng2@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2021-06-30 08:47:19 -04:00
Greg Kroah-Hartman	948d38f94d	This is the 5.10.46 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmDTLFUACgkQONu9yGCS aT5eThAApQAh1A++P729NJOTeoewU5YH0/1c+ZVN4nfxxEOApeBpfA4tTDvfHJeI MYx10AI1UiLPHfLtHI5exvG00/Ll4lb0fs2bpVL2b/SQKCm2G3kZf7xOdJOBtoy4 DEaTORhmZ001weapZN+G4oz+FEnNZEyR/rThqKTA0G/PS1MxNl4ZBhY9BrySpH1V Cq7OFX18IbTh3/XXmcPotZa2sXE6Z+jjWQb5GLZ+ZjicbzgLiWWcnrm8bzLahVC4 N7TToeGv9zOLKgrE+HVR52UoFB1+2vRUEaRVOiFbDViLjoF5KWw5rAzioTCvfXW+ g/ldoAuDQBNGUrYfVUrSNwj5JuWCI2Cltt//9f/xGfPPn0HNjAxSM7ExpnMNVhVK 1gjTco+0kWzv2BGjgpNAe7+aLka5sQkLEOYlSExI6VVuF5CCcIywWjWZ6zHG0CF1 7kW8CfINV4BFP+IYw5Gnt5K3hUTulDt+alX9WgsdPxpsZ9gbIscO1/awnRrAyDyO 2EeCbZ3WWSuvFL6qAjJERiDbhDPRaZV0cwGPxzLZ7NN8ZPXLxTVv7Nc6QoiNXYkk E+LYcMua9dxFXjoHA0imKxlxqJD64mh3oUkdpTGOwIxrE5bavnKGrO2B3Nl7zWVn u8mazeKHWpJ+t+dDZ47CjrNTul0SOvryKmog//DCkvAIYSjRzVc= =WRWw -----END PGP SIGNATURE----- Merge 5.10.46 into android12-5.10-lts Changes in 5.10.46 dmaengine: idxd: add missing dsa driver unregister dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions dmaengine: xilinx: dpdma: initialize registers before request_irq dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM dmaengine: SF_PDMA depends on HAS_IOMEM dmaengine: stedma40: add missing iounmap() on error in d40_probe() afs: Fix an IS_ERR() vs NULL check mm/memory-failure: make sure wait for page writeback in memory_failure kvm: LAPIC: Restore guard to prevent illegal APIC register access fanotify: fix copy_event_to_user() fid error clean up batman-adv: Avoid WARN_ON timing related checks mac80211: fix skb length check in ieee80211_scan_rx() mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 mlxsw: core: Set thermal zone polling delay argument to real value at init libbpf: Fixes incorrect rx_ring_setup_done net: ipv4: fix memory leak in netlbl_cipsov4_add_std vrf: fix maximum MTU net: rds: fix memory leak in rds_recvmsg net: dsa: felix: re-enable TX flow control in ocelot_port_flush() net: lantiq: disable interrupt before sheduling NAPI netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local ice: add ndo_bpf callback for safe mode netdev ops ice: parameterize functions responsible for Tx ring management udp: fix race between close() and udp_abort() rtnetlink: Fix regression in bridge VLAN configuration net/sched: act_ct: handle DNAT tuple collision net/mlx5e: Remove dependency in IPsec initialization flows net/mlx5e: Fix page reclaim for dead peer hairpin net/mlx5: Consider RoCE cap before init RDMA resources net/mlx5: DR, Allow SW steering for sw_owner_v2 devices net/mlx5: DR, Don't use SW steering when RoCE is not supported net/mlx5e: Block offload of outer header csum for UDP tunnels netfilter: synproxy: Fix out of bounds when parsing TCP options mptcp: Fix out of bounds when parsing TCP options sch_cake: Fix out of bounds when parsing TCP options and header mptcp: try harder to borrow memory from subflow under pressure mptcp: do not warn on bad input from the network selftests: mptcp: enable syncookie only in absence of reorders alx: Fix an error handling path in 'alx_probe()' cxgb4: fix endianness when flashing boot image cxgb4: fix sleep in atomic when flashing PHY firmware cxgb4: halt chip before flashing PHY firmware image net: stmmac: dwmac1000: Fix extended MAC address registers definition net: make get_net_ns return error if NET_NS is disabled net: qualcomm: rmnet: Update rmnet device MTU based on real device net: qualcomm: rmnet: don't over-count statistics ethtool: strset: fix message length calculation qlcnic: Fix an error handling path in 'qlcnic_probe()' netxen_nic: Fix an error handling path in 'netxen_nic_probe()' cxgb4: fix wrong ethtool n-tuple rule lookup ipv4: Fix device used for dst_alloc with local routes net: qrtr: fix OOB Read in qrtr_endpoint_post bpf: Fix leakage under speculation on mispredicted branches ptp: improve max_adj check against unreasonable values net: cdc_ncm: switch to eth%d interface naming lantiq: net: fix duplicated skb in rx descriptor ring net: usb: fix possible use-after-free in smsc75xx_bind net: fec_ptp: fix issue caused by refactor the fec_devtype net: ipv4: fix memory leak in ip_mc_add1_src net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock net/mlx5: E-Switch, Read PF mac address net/mlx5: E-Switch, Allow setting GUID for host PF vport net/mlx5: Reset mkey index on creation be2net: Fix an error handling path in 'be_probe()' net: hamradio: fix memory leak in mkiss_close net: cdc_eem: fix tx fixup skb leak cxgb4: fix wrong shift. bnxt_en: Rediscover PHY capabilities after firmware reset bnxt_en: Fix TQM fastpath ring backing store computation bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path icmp: don't send out ICMP messages with a source address of 0.0.0.0 net: ethernet: fix potential use-after-free in ec_bhf_remove regulator: cros-ec: Fix error code in dev_err message regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting platform/x86: thinkpad_acpi: Add X1 Carbon Gen 9 second fan support ASoC: rt5659: Fix the lost powers for the HDA header phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() ASoC: fsl-asoc-card: Set .owner attribute when registering card. regulator: rtmv20: Fix to make regcache value first reading back from HW spi: spi-zynq-qspi: Fix some wrong goto jumps & missing error code sched/pelt: Ensure that *_sum is always synced with *_avg ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device ASoC: qcom: lpass-cpu: Fix pop noise during audio capture begin radeon: use memcpy_to/fromio for UVD fw upload hwmon: (scpi-hwmon) shows the negative temperature properly mm: relocate 'write_protect_seq' in struct mm_struct irqchip/gic-v3: Workaround inconsistent PMR setting on NMI entry bpf: Inherit expanded/patched seen count from old aux data bpf: Do not mark insn as seen under speculative path verification can: bcm: fix infoleak in struct bcm_msg_head can: bcm/raw/isotp: use per module netdevice notifier can: j1939: fix Use-after-Free, hold skb ref while in use can: mcba_usb: fix memory leak in mcba_usb usb: core: hub: Disable autosuspend for Cypress CY7C65632 usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection tracing: Do not stop recording cmdlines when tracing is off tracing: Do not stop recording comms if the trace file is being read tracing: Do no increment trace_clock_global() by one PCI: Mark TI C667X to avoid bus reset PCI: Mark some NVIDIA GPUs to avoid bus reset PCI: aardvark: Fix kernel panic during PIO transfer PCI: Add ACS quirk for Broadcom BCM57414 NIC PCI: Work around Huawei Intelligent NIC VF FLR erratum KVM: x86: Immediately reset the MMU context when the SMM flag is cleared KVM: x86/mmu: Calculate and check "full" mmu_role for nested MMU KVM: X86: Fix x86_emulator slab cache leak s390/mcck: fix calculation of SIE critical section size s390/ap: Fix hanging ioctl caused by wrong msg counter ARCv2: save ABI registers across signal handling x86/mm: Avoid truncating memblocks for SGX memory x86/process: Check PF_KTHREAD and not current->mm for kernel threads x86/ioremap: Map EFI-reserved memory as encrypted for SEV x86/pkru: Write hardware init value to PKRU when xstate is init x86/fpu: Prevent state corruption in __fpu__restore_sig() x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer x86/fpu: Reset state for all signal restore failures crash_core, vmcoreinfo: append 'SECTION_SIZE_BITS' to vmcoreinfo dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc mac80211: Fix NULL ptr deref for injected rate info cfg80211: make certificate generation more robust cfg80211: avoid double free of PMSR request drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell. drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue. net: ll_temac: Make sure to free skb when it is completely used net: ll_temac: Fix TX BD buffer overwrite net: bridge: fix vlan tunnel dst null pointer dereference net: bridge: fix vlan tunnel dst refcnt when egressing mm/swap: fix pte_same_as_swp() not removing uffd-wp bit when compare mm/slub: clarify verification reporting mm/slub: fix redzoning for small allocations mm/slub: actually fix freelist pointer vs redzoning mm/slub.c: include swab.h net: stmmac: disable clocks in stmmac_remove_config_dt() net: fec_ptp: add clock rate zero check tools headers UAPI: Sync linux/in.h copy with the kernel sources perf beauty: Update copy of linux/socket.h with the kernel sources usb: dwc3: debugfs: Add and remove endpoint dirs dynamically usb: dwc3: core: fix kernel panic when do reboot Linux 5.10.46 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I99f37c9f257f90ccdb091306f3d4cfb7c32e3880	2021-06-23 17:53:08 +02:00
Avraham Stern	96b4126f8c	cfg80211: avoid double free of PMSR request ... commit 0288e5e16a upstream. If cfg80211_pmsr_process_abort() moves all the PMSR requests that need to be freed into a local list before aborting and freeing them. As a result, it is possible that cfg80211_pmsr_complete() will run in parallel and free the same PMSR request. Fix it by freeing the request in cfg80211_pmsr_complete() only if it is still in the original pmsr list. Cc: stable@vger.kernel.org Fixes: 9bb7e0f24e ("cfg80211: add peer measurement with FTM initiator API") Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20210618133832.1fbef57e269a.I00294bebdb0680b892f8d1d5c871fd9dbe785a5e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-06-23 14:42:53 +02:00
Johannes Berg	5493b0c2a7	cfg80211: make certificate generation more robust ... commit b5642479b0 upstream. If all net/wireless/certs/*.hex files are deleted, the build will hang at this point since the 'cat' command will have no arguments. Do "echo | cat - ..." so that even if the "..." part is empty, the whole thing won't hang. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20210618133832.c989056c3664.Ic3b77531d00b30b26dcd69c64e55ae2f60c3f31e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-06-23 14:42:53 +02:00
Greg Kroah-Hartman	c5d480cd47	Merge 5.10.42 into android12-5.10 ... Changes in 5.10.42 ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i ALSA: hda/realtek: Headphone volume is controlled by Front mixer ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci ALSA: usb-audio: scarlett2: Improve driver startup messages cifs: set server->cipher_type to AES-128-CCM for SMB3.0 NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() iommu/vt-d: Fix sysfs leak in alloc_iommu() perf intel-pt: Fix sample instruction bytes perf intel-pt: Fix transaction abort handling perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report perf scripts python: exported-sql-viewer.py: Fix Array TypeError perf scripts python: exported-sql-viewer.py: Fix warning display proc: Check /proc/$pid/attr/ writes against file opener net: hso: fix control-request directions net/sched: fq_pie: re-factor fix for fq_pie endless loop net/sched: fq_pie: fix OOB access in the traffic path netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version mac80211: assure all fragments are encrypted mac80211: prevent mixed key and fragment cache attacks mac80211: properly handle A-MSDUs that start with an RFC 1042 header cfg80211: mitigate A-MSDU aggregation attacks mac80211: drop A-MSDUs on old ciphers mac80211: add fragment cache to sta_info mac80211: check defrag PN against current frame mac80211: prevent attacks on TKIP/WEP as well mac80211: do not accept/forward invalid EAPOL frames mac80211: extend protection against mixed key and fragment cache attacks ath10k: add CCMP PN replay protection for fragmented frames for PCIe ath10k: drop fragments with multicast DA for PCIe ath10k: drop fragments with multicast DA for SDIO ath10k: drop MPDU which has discard flag set by firmware for SDIO ath10k: Fix TKIP Michael MIC verification for PCIe ath10k: Validate first subframe of A-MSDU before processing the list ath11k: Clear the fragment cache during key install dm snapshot: properly fix a crash when an origin has no snapshots drm/amd/pm: correct MGpuFanBoost setting drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate selftests/gpio: Use TEST_GEN_PROGS_EXTENDED selftests/gpio: Move include of lib.mk up selftests/gpio: Fix build when source tree is read only kgdb: fix gcc-11 warnings harder Documentation: seccomp: Fix user notification documentation seccomp: Refactor notification handler to prepare for new semantics serial: core: fix suspicious security_locked_down() call misc/uss720: fix memory leak in uss720_probe thunderbolt: usb4: Fix NVM read buffer bounds and offset issue thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue KVM: X86: Fix vCPU preempted state from guest's point of view KVM: arm64: Prevent mixed-width VM creation mei: request autosuspend after sending rx flow control staging: iio: cdc: ad7746: avoid overwrite of num_channels iio: gyro: fxas21002c: balance runtime power in error path iio: dac: ad5770r: Put fwnode in error case during ->probe() iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() iio: adc: ad7124: Fix missbalanced regulator enable / disable on error. iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers iio: adc: ad7923: Fix undersized rx buffer. iio: adc: ad7793: Add missing error code in ad7793_setup() iio: adc: ad7192: Avoid disabling a clock that was never enabled. iio: adc: ad7192: handle regulator voltage error first serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART serial: 8250_dw: Add device HID for new AMD UART controller serial: 8250_pci: Add support for new HPE serial device serial: 8250_pci: handle FL_NOIRQ board flag USB: trancevibrator: fix control-request direction Revert "irqbypass: do not start cons/prod when failed connect" USB: usbfs: Don't WARN about excessively large memory allocations drivers: base: Fix device link removal serial: tegra: Fix a mask operation that is always true serial: sh-sci: Fix off-by-one error in FIFO threshold register setting serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' USB: serial: ti_usb_3410_5052: add startech.com device id USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 USB: serial: ftdi_sio: add IDs for IDS GmbH Products USB: serial: pl2303: add device id for ADLINK ND-6530 GC thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID usb: dwc3: gadget: Properly track pending and queued SG usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() usb: typec: mux: Fix matching with typec_altmode_desc net: usb: fix memory leak in smsc75xx_bind Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails fs/nfs: Use fatal_signal_pending instead of signal_pending NFS: fix an incorrect limit in filelayout_decode_layout() NFS: Fix an Oopsable condition in __nfs_pageio_add_request() NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config drm/meson: fix shutdown crash when component not probed net/mlx5e: reset XPS on error flow if netdev isn't registered yet net/mlx5e: Fix multipath lag activation net/mlx5e: Fix error path of updating netdev queues {net,vdpa}/mlx5: Configure interface MAC into mpfs L2 table net/mlx5e: Fix nullptr in add_vlan_push_action() net/mlx5: Set reformat action when needed for termination rules net/mlx5e: Fix null deref accessing lag dev net/mlx4: Fix EEPROM dump support net/mlx5: Set term table as an unmanaged flow table SUNRPC in case of backlog, hand free slots directly to waiting task Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" tipc: wait and exit until all work queues are done tipc: skb_linearize the head skb when reassembling msgs spi: spi-fsl-dspi: Fix a resource leak in an error handling path netfilter: flowtable: Remove redundant hw refresh bit net: dsa: mt7530: fix VLAN traffic leaks net: dsa: fix a crash if ->get_sset_count() fails net: dsa: sja1105: update existing VLANs from the bridge VLAN list net: dsa: sja1105: use 4095 as the private VLAN for untagged traffic net: dsa: sja1105: error out on unsupported PHY mode net: dsa: sja1105: add error handling in sja1105_setup() net: dsa: sja1105: call dsa_unregister_switch when allocating memory fails net: dsa: sja1105: fix VL lookup command packing for P/Q/R/S i2c: s3c2410: fix possible NULL pointer deref on read message after write i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset i2c: i801: Don't generate an interrupt on bus reset i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E afs: Fix the nlink handling of dir-over-dir rename perf jevents: Fix getting maximum number of fds nvmet-tcp: fix inline data size comparison in nvmet_tcp_queue_response mptcp: avoid error message on infinite mapping mptcp: drop unconditional pr_warn on bad opt mptcp: fix data stream corruption platform/x86: hp_accel: Avoid invoking _INI to speed up resume gpio: cadence: Add missing MODULE_DEVICE_TABLE Revert "crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions" Revert "media: usb: gspca: add a missed check for goto_low_power" Revert "ALSA: sb: fix a missing check of snd_ctl_add" Revert "serial: max310x: pass return value of spi_register_driver" serial: max310x: unregister uart driver in case of failure and abort Revert "net: fujitsu: fix a potential NULL pointer dereference" net: fujitsu: fix potential null-ptr-deref Revert "net/smc: fix a NULL pointer dereference" net/smc: properly handle workqueue allocation failure Revert "net: caif: replace BUG_ON with recovery code" net: caif: remove BUG_ON(dev == NULL) in caif_xmit Revert "char: hpet: fix a missing check of ioremap" char: hpet: add checks after calling ioremap Revert "ALSA: gus: add a check of the status of snd_ctl_add" Revert "ALSA: usx2y: Fix potential NULL pointer dereference" Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info Revert "dmaengine: qcom_hidma: Check for driver register failure" dmaengine: qcom_hidma: comment platform_driver_register call Revert "libertas: add checks for the return value of sysfs_create_group" libertas: register sysfs groups properly Revert "ASoC: cs43130: fix a NULL pointer dereference" ASoC: cs43130: handle errors in cs43130_probe() properly Revert "media: dvb: Add check on sp8870_readreg" media: dvb: Add check on sp8870_readreg return Revert "media: gspca: mt9m111: Check write_bridge for timeout" media: gspca: mt9m111: Check write_bridge for timeout Revert "media: gspca: Check the return value of write_bridge for timeout" media: gspca: properly check for errors in po1030_probe() Revert "net: liquidio: fix a NULL pointer dereference" net: liquidio: Add missing null pointer checks Revert "brcmfmac: add a check for the status of usb_register" brcmfmac: properly check for bus register errors btrfs: return whole extents in fiemap scsi: ufs: ufs-mediatek: Fix power down spec violation scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic openrisc: Define memory barrier mb scsi: pm80xx: Fix drives missing during rmmod/insmod loop btrfs: release path before starting transaction when cloning inline extent btrfs: do not BUG_ON in link_to_fixup_dir platform/x86: hp-wireless: add AMD's hardware id to the supported list platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet SMB3: incorrect file id in requests compounded with open drm/amd/display: Disconnect non-DP with no EDID drm/amd/amdgpu: fix refcount leak drm/amdgpu: Fix a use-after-free drm/amd/amdgpu: fix a potential deadlock in gpu reset drm/amdgpu: stop touching sched.ready in the backend platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet block: fix a race between del_gendisk and BLKRRPART linux/bits.h: fix compilation error with GENMASK net: netcp: Fix an error message net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count interconnect: qcom: bcm-voter: add a missing of_node_put() interconnect: qcom: Add missing MODULE_DEVICE_TABLE ASoC: cs42l42: Regmap must use_single_read/write net: stmmac: Fix MAC WoL not working if PHY does not support WoL net: ipa: memory region array is variable size vfio-ccw: Check initialized flag in cp_init() spi: Assume GPIO CS active high in ACPI case net: really orphan skbs tied to closing sk net: packetmmap: fix only tx timestamp on request net: fec: fix the potential memory leak in fec_enet_init() chelsio/chtls: unlock on error in chtls_pt_recvmsg() net: mdio: thunder: Fix a double free issue in the .remove function net: mdio: octeon: Fix some double free issues cxgb4/ch_ktls: Clear resources when pf4 device is removed openvswitch: meter: fix race when getting now_ms. tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT net: sched: fix packet stuck problem for lockless qdisc net: sched: fix tx action rescheduling issue during deactivation net: sched: fix tx action reschedule issue with stopped queue net: hso: check for allocation failure in hso_create_bulk_serial_device() net: bnx2: Fix error return code in bnx2_init_board() bnxt_en: Include new P5 HV definition in VF check. bnxt_en: Fix context memory setup for 64K page size. mld: fix panic in mld_newpack() net/smc: remove device from smcd_dev_list after failed device_add() gve: Check TX QPL was actually assigned gve: Update mgmt_msix_idx if num_ntfy changes gve: Add NULL pointer checks when freeing irqs. gve: Upgrade memory barrier in poll routine gve: Correct SKB queue index validation. iommu/virtio: Add missing MODULE_DEVICE_TABLE net: hns3: fix incorrect resp_msg issue net: hns3: put off calling register_netdev() until client initialize complete iommu/vt-d: Use user privilege for RID2PASID translation cxgb4: avoid accessing registers when clearing filters staging: emxx_udc: fix loop in _nbu2ss_nuke() ASoC: cs35l33: fix an error code in probe() bpf, offload: Reorder offload callback 'prepare' in verifier bpf: Set mac_len in bpf_skb_change_head ixgbe: fix large MTU request from VF ASoC: qcom: lpass-cpu: Use optional clk APIs scsi: libsas: Use _safe() loop in sas_resume_port() net: lantiq: fix memory corruption in RX ring ipv6: record frag_max_size in atomic fragments in input path ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88 sch_dsmark: fix a NULL deref in qdisc_reset() net: hsr: fix mac_len checks MIPS: alchemy: xxs1500: add gpio-au1000.h header file MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c net: zero-initialize tc skb extension on allocation net: mvpp2: add buffer header handling in RX i915: fix build warning in intel_dp_get_link_status() samples/bpf: Consider frame size in tx_only of xdpsock sample net: hns3: check the return of skb_checksum_help() bpftool: Add sock_release help info for cgroup attach/prog load command SUNRPC: More fixes for backlog congestion Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference"" net: hso: bail out on interrupt URB allocation failure scripts/clang-tools: switch explicitly to Python 3 neighbour: Prevent Race condition in neighbour subsytem usb: core: reduce power-on-good delay time of root hub Linux 5.10.42 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I05d98d1355a080e0951b4b2ae77f0a9ccb6dfc5d	2021-06-03 18:47:38 +02:00
Mathy Vanhoef	c730d72aa6	cfg80211: mitigate A-MSDU aggregation attacks ... commit 2b8a1fee34 upstream. Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP) header, and if so dropping the complete A-MSDU frame. This mitigates known attacks, although new (unknown) aggregation-based attacks may remain possible. This defense works because in A-MSDU aggregation injection attacks, a normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042 header. In other words, the destination MAC address of the first A-MSDU subframe contains the start of an RFC1042 header during an aggregation attack. We can detect this and thereby prevent this specific attack. For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation". Note that for kernel 4.9 and above this patch depends on "mac80211: properly handle A-MSDUs that start with a rfc1042 header". Otherwise this patch has no impact and attacks will remain possible. Cc: stable@vger.kernel.org Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> Link: https://lore.kernel.org/r/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-06-03 09:00:29 +02:00
Mathy Vanhoef	e3561d5af0	mac80211: properly handle A-MSDUs that start with an RFC 1042 header ... commit a1d5ff5651 upstream. Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042 header. This can occur in practice when the destination MAC address equals AA:AA:03:00:00:00. More importantly, this simplifies the next patch to mitigate A-MSDU injection attacks. Cc: stable@vger.kernel.org Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> Link: https://lore.kernel.org/r/20210511200110.0b2b886492f0.I23dd5d685fe16d3b0ec8106e8f01b59f499dffed@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-06-03 09:00:29 +02:00
Greg Kroah-Hartman	e054456ced	Merge 5.10.37 into android12-5.10 ... Changes in 5.10.37 Bluetooth: verify AMP hci_chan before amp_destroy bluetooth: eliminate the potential race condition when removing the HCI controller net/nfc: fix use-after-free llcp_sock_bind/connect io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() tty: moxa: fix TIOCSSERIAL jiffies conversions tty: amiserial: fix TIOCSSERIAL permission check USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions staging: greybus: uart: fix TIOCSSERIAL jiffies conversions USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check staging: fwserial: fix TIOCSSERIAL jiffies conversions tty: moxa: fix TIOCSSERIAL permission check staging: fwserial: fix TIOCSSERIAL permission check drm: bridge: fix LONTIUM use of mipi_dsi_() functions usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply usb: typec: tcpm: update power supply once partner accepts usb: xhci-mtk: remove or operator for setting schedule parameters usb: xhci-mtk: improve bandwidth scheduling with TT ASoC: samsung: tm2_wm5110: check of of_parse return value ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function ASoC: tlv320aic32x4: Register clocks before registering component ASoC: tlv320aic32x4: Increase maximum register in regmap MIPS: pci-mt7620: fix PLL lock check MIPS: pci-rt2880: fix slot 0 configuration FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR PCI: Allow VPD access for QLogic ISP2722 KVM: x86: Defer the MMU unload to the normal path on an global INVPCID PCI: xgene: Fix cfg resource mapping PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c PM / devfreq: Unlock mutex and free devfreq struct in error path soc/tegra: regulators: Fix locking up when voltage-spread is out of range iio: inv_mpu6050: Fully validate gyro and accel scale writes iio:accel:adis16201: Fix wrong axis assignment that prevents loading iio:adc:ad7476: Fix remove handling sc16is7xx: Defer probe if device read fails phy: cadence: Sierra: Fix PHY power_on sequence misc: lis3lv02d: Fix false-positive WARN on various HP models phy: ti: j721e-wiz: Invoke wiz_init() before of_platform_device_create() misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct misc: vmw_vmci: explicitly initialize vmci_datagram payload selinux: add proper NULL termination to the secclass_map permissions x86, sched: Treat Intel SNC topology as default, COD as exception async_xor: increase src_offs when dropping destination page md/bitmap: wait for external bitmap writes to complete during tear down md-cluster: fix use-after-free issue when removing rdev md: split mddev_find md: factor out a mddev_find_locked helper from mddev_find md: md_open returns -EBUSY when entering racing area md: Fix missing unused status line of /proc/mdstat mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put() ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() cfg80211: scan: drop entry from hidden_list on overflow rtw88: Fix array overrun in rtw_get_tx_power_params() mt76: fix potential DMA mapping leak FDDI: defxx: Make MMIO the configuration default except for EISA drm/i915/gvt: Fix virtual display setup for BXT/APL drm/i915/gvt: Fix vfio_edid issue for BXT/APL drm/qxl: use ttm bo priorities drm/panfrost: Clear MMU irqs before handling the fault drm/panfrost: Don't try to map pages that are already mapped drm/radeon: fix copy of uninitialized variable back to userspace drm/dp_mst: Revise broadcast msg lct & lcr drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast drm: bridge/panel: Cleanup connector on bridge detach drm/amd/display: Reject non-zero src_y and src_x for video planes drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries ALSA: hda/realtek: Re-order ALC269 HP quirk table entries ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries ALSA: hda/realtek: Re-order ALC662 quirk table entries ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 KVM: s390: VSIE: correctly handle MVPG when in VSIE KVM: s390: split kvm_s390_logical_to_effective KVM: s390: fix guarded storage control register handling s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility KVM: s390: VSIE: fix MVPG handling for prefixing and MSO KVM: s390: split kvm_s390_real_to_abs KVM: s390: extend kvm_s390_shadow_fault to return entry pointer KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit KVM: x86: Remove emulator's broken checks on CR0/CR3/CR4 loads KVM: nSVM: Set the shadow root level to the TDP level for nested NPT KVM: SVM: Don't strip the C-bit from CR2 on #PF interception KVM: SVM: Do not allow SEV/SEV-ES initialization after vCPUs are created KVM: SVM: Inject #GP on guest MSR_TSC_AUX accesses if RDTSCP unsupported KVM: nVMX: Defer the MMU reload to the normal path on an EPTP switch KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit KVM: nVMX: Truncate base/index GPR value on address calc in !64-bit KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU KVM: Stop looking for coalesced MMIO zones if the bus is destroyed KVM: arm64: Fully zero the vcpu state on reset KVM: arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST_REGION read Revert "drivers/net/wan/hdlc_fr: Fix a double free in pvc_xmit" Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" ovl: fix missing revert_creds() on error path Revert "drm/qxl: do not run release if qxl failed to init" usb: gadget: pch_udc: Revert d3cb25a121 completely Revert "tools/power turbostat: adjust for temperature offset" firmware: xilinx: Fix dereferencing freed memory firmware: xilinx: Add a blank line after function declaration firmware: xilinx: Remove zynqmp_pm_get_eemi_ops() in IS_REACHABLE(CONFIG_ZYNQMP_FIRMWARE) fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER crypto: sun8i-ss - fix result memory leak on error path memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] ARM: dts: exynos: correct fuel gauge interrupt trigger level on GT-I9100 ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 ARM: dts: exynos: correct PMIC interrupt trigger level on Snow ARM: dts: s5pv210: correct fuel gauge interrupt trigger level on Fascinate family ARM: dts: renesas: Add mmc aliases into R-Car Gen2 board dts files arm64: dts: renesas: Add mmc aliases into board dts files x86/platform/uv: Set section block size for hubless architectures serial: stm32: fix code cleaning warnings and checks serial: stm32: add "_usart" prefix in functions name serial: stm32: fix probe and remove order for dma serial: stm32: Use of_device_get_match_data() serial: stm32: fix startup by enabling usart for reception serial: stm32: fix incorrect characters on console serial: stm32: fix TX and RX FIFO thresholds serial: stm32: fix a deadlock condition with wakeup event serial: stm32: fix wake-up flag handling serial: stm32: fix a deadlock in set_termios serial: stm32: fix tx dma completion, release channel serial: stm32: call stm32_transmit_chars locked serial: stm32: fix FIFO flush in startup and set_termios serial: stm32: add FIFO flush when port is closed serial: stm32: fix tx_empty condition usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS usb: typec: tps6598x: Fix return value check in tps6598x_probe() usb: typec: stusb160x: fix return value check in stusb160x_probe() regmap: set debugfs_name to NULL after it is freed spi: rockchip: avoid objtool warning mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() mtd: rawnand: qcom: Return actual error code instead of -ENODEV mtd: don't lock when recursively deleting partitions mtd: maps: fix error return code of physmap_flash_remove() ARM: dts: stm32: fix usart 2 & 3 pinconf to wake up with flow control arm64: dts: qcom: sm8250: Fix level triggered PMU interrupt polarity arm64: dts: qcom: sm8250: Fix timer interrupt to specify EL2 physical timer arm64: dts: qcom: sdm845: fix number of pins in 'gpio-ranges' arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges' arm64: dts: qcom: sm8250: fix number of pins in 'gpio-ranges' arm64: dts: qcom: db845c: fix correct powerdown pin for WSA881x crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map spi: stm32: drop devres version of spi_register_master regulator: bd9576: Fix return from bd957x_probe() arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding spi: stm32: Fix use-after-free on unbind x86/microcode: Check for offline CPUs before requesting new microcode devtmpfs: fix placement of complete() call usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() usb: gadget: pch_udc: Check if driver is present before calling ->setup() usb: gadget: pch_udc: Check for DMA mapping error usb: gadget: pch_udc: Initialize device pointer before use usb: gadget: pch_udc: Provide a GPIO line used on Intel Minnowboard (v1) crypto: ccp - fix command queuing to TEE ring buffer crypto: qat - don't release uninitialized resources crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init fotg210-udc: Fix DMA on EP0 for length > max packet size fotg210-udc: Fix EP0 IN requests bigger than two packets fotg210-udc: Remove a dubious condition leading to fotg210_done fotg210-udc: Mask GRP2 interrupts we don't handle fotg210-udc: Don't DMA more than the buffer can take fotg210-udc: Complete OUT requests on short packets usb: gadget: s3c: Fix incorrect resources releasing usb: gadget: s3c: Fix the error handling path in 's3c2410_udc_probe()' dt-bindings: serial: stm32: Use 'type: object' instead of false for 'additionalProperties' mtd: require write permissions for locking and badblock ioctls arm64: dts: renesas: r8a779a0: Fix PMU interrupt bus: qcom: Put child node before return soundwire: bus: Fix device found flag correctly phy: ti: j721e-wiz: Delete "clk_div_sel" clk provider during cleanup phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally arm64: dts: mediatek: fix reset GPIO level on pumpkin NFSD: Fix sparse warning in nfs4proc.c NFSv4.2: fix copy stateid copying for the async copy crypto: poly1305 - fix poly1305_core_setkey() declaration crypto: qat - fix error path in adf_isr_resource_alloc() usb: gadget: aspeed: fix dma map failure USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() drivers: nvmem: Fix voltage settings for QTI qfprom-efuse driver core: platform: Declare early_platform_cleanup() prototype memory: pl353: fix mask of ECC page_size config register soundwire: stream: fix memory leak in stream config error path m68k: mvme147,mvme16x: Don't wipe PCC timer config bits firmware: qcom_scm: Make __qcom_scm_is_call_available() return bool firmware: qcom_scm: Reduce locking section for __get_convention() firmware: qcom_scm: Workaround lack of "is available" call on SC7180 iio: adc: Kconfig: make AD9467 depend on ADI_AXI_ADC symbol mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init irqchip/gic-v3: Fix OF_BAD_ADDR error handling staging: comedi: tests: ni_routes_test: Fix compilation error staging: rtl8192u: Fix potential infinite loop staging: fwserial: fix TIOCSSERIAL implementation staging: fwserial: fix TIOCGSERIAL implementation staging: greybus: uart: fix unprivileged TIOCCSERIAL soc: qcom: pdr: Fix error return code in pdr_register_listener PM / devfreq: Use more accurate returned new_freq as resume_freq clocksource/drivers/timer-ti-dm: Fix posted mode status check order clocksource/drivers/timer-ti-dm: Add missing set_state_oneshot_stopped clocksource/drivers/ingenic_ost: Fix return value check in ingenic_ost_probe() spi: Fix use-after-free with devm_spi_alloc_* spi: fsl: add missing iounmap() on error in of_fsl_spi_probe() soc: qcom: mdt_loader: Validate that p_filesz < p_memsz soc: qcom: mdt_loader: Detect truncated read of segments PM: runtime: Replace inline function pm_runtime_callbacks_present() cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration ACPI: CPPC: Replace cppc_attr with kobj_attribute crypto: allwinner - add missing CRYPTO_ prefix crypto: sun8i-ss - Fix memory leak of pad crypto: sa2ul - Fix memory leak of rxd crypto: qat - Fix a double free in adf_create_ring cpufreq: armada-37xx: Fix setting TBG parent for load levels clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock cpufreq: armada-37xx: Fix the AVS value for load L1 clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 cpufreq: armada-37xx: Fix driver cleanup when registration failed cpufreq: armada-37xx: Fix determining base CPU frequency spi: spi-zynqmp-gqspi: use wait_for_completion_timeout to make zynqmp_qspi_exec_op not interruptible spi: spi-zynqmp-gqspi: add mutex locking for exec_op spi: spi-zynqmp-gqspi: transmit dummy circles by using the controller's internal functionality spi: spi-zynqmp-gqspi: fix incorrect operating mode in zynqmp_qspi_read_op spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() usb: gadget: r8a66597: Add missing null check on return from platform_get_resource USB: cdc-acm: fix unprivileged TIOCCSERIAL USB: cdc-acm: fix TIOCGSERIAL implementation tty: actually undefine superseded ASYNC flags tty: fix return value for unsupported ioctls tty: Remove dead termiox code tty: fix return value for unsupported termiox ioctls serial: core: return early on unsupported ioctls firmware: qcom-scm: Fix QCOM_SCM configuration node: fix device cleanups in error handling code crypto: chelsio - Read rxchannel-id from firmware usbip: vudc: fix missing unlock on error in usbip_sockfd_store() m68k: Add missing mmap_read_lock() to sys_cacheflush() spi: spi-zynqmp-gqspi: Fix missing unlock on error in zynqmp_qspi_exec_op() memory: renesas-rpc-if: fix possible NULL pointer dereference of resource memory: samsung: exynos5422-dmc: handle clk_set_parent() failure security: keys: trusted: fix TPM2 authorizations platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table ARM: dts: aspeed: Rainier: Fix humidity sensor bus address Drivers: hv: vmbus: Use after free in __vmbus_open() spi: spi-zynqmp-gqspi: fix clk_enable/disable imbalance issue spi: spi-zynqmp-gqspi: fix hang issue when suspend/resume spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails x86/platform/uv: Fix !KEXEC build failure hwmon: (pmbus/pxe1610) don't bail out when not all pages are active Drivers: hv: vmbus: Increase wait time for VMbus unload PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. usb: dwc2: Fix hibernation between host and device modes. ttyprintk: Add TTY hangup callback. serial: omap: don't disable rs485 if rts gpio is missing serial: omap: fix rs485 half-duplex filtering xen-blkback: fix compatibility bug with single page rings soc: aspeed: fix a ternary sign expansion bug drm/tilcdc: send vblank event when disabling crtc drm/stm: Fix bus_flags handling drm/amd/display: Fix off by one in hdmi_14_process_transaction() drm/mcde/panel: Inverse misunderstood flag sched/fair: Fix shift-out-of-bounds in load_balance() afs: Fix updating of i_mode due to 3rd party change rcu: Remove spurious instrumentation_end() in rcu_nmi_enter() media: vivid: fix assignment of dev->fbuf_out_flags media: saa7134: use sg_dma_len when building pgtable media: saa7146: use sg_dma_len when building pgtable media: omap4iss: return error code when omap4iss_get() failed media: rkisp1: rsz: crash fix when setting src format media: aspeed: fix clock handling logic drm/probe-helper: Check epoch counter in output_poll_execute() media: venus: core: Fix some resource leaks in the error path of 'venus_probe()' media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() media: m88ds3103: fix return value check in m88ds3103_probe() media: docs: Fix data organization of MEDIA_BUS_FMT_RGB101010_1X30 media: [next] staging: media: atomisp: fix memory leak of object flash media: atomisp: Fixed error handling path media: m88rs6000t: avoid potential out-of-bounds reads on arrays media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() drm/amdkfd: fix build error with AMD_IOMMU_V2=m of: overlay: fix for_each_child.cocci warnings x86/kprobes: Fix to check non boostable prefixes correctly selftests: fix prepending $(OUTPUT) to $(TEST_PROGS) pata_arasan_cf: fix IRQ check pata_ipx4xx_cf: fix IRQ check sata_mv: add IRQ checks ata: libahci_platform: fix IRQ check seccomp: Fix CONFIG tests for Seccomp_filters nvme-tcp: block BH in sk state_change sk callback nvmet-tcp: fix incorrect locking in state_change sk callback clk: imx: Fix reparenting of UARTs not associated with stdout power: supply: bq25980: Move props from battery node nvme: retrigger ANA log update if group descriptor isn't found media: i2c: imx219: Move out locking/unlocking of vflip and hflip controls from imx219_set_stream media: i2c: imx219: Balance runtime PM use-count media: v4l2-ctrls.c: fix race condition in hdl->requests list vfio/fsl-mc: Re-order vfio_fsl_mc_probe() vfio/pci: Move VGA and VF initialization to functions vfio/pci: Re-order vfio_pci_probe() vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback clk: zynqmp: pll: add set_pll_mode to check condition in zynqmp_pll_enable drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE clk: qcom: apss-ipq-pll: Add missing MODULE_DEVICE_TABLE drm/amd/display: use GFP_ATOMIC in dcn20_resource_construct drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() clk: uniphier: Fix potential infinite loop scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() scsi: pm80xx: Fix potential infinite loop scsi: ufs: ufshcd-pltfrm: Fix deferred probing scsi: hisi_sas: Fix IRQ checks scsi: jazz_esp: Add IRQ check scsi: sun3x_esp: Add IRQ check scsi: sni_53c710: Add IRQ check scsi: ibmvfc: Fix invalid state machine BUG_ON() mailbox: sprd: Introduce refcnt when clients requests/free channels mfd: stm32-timers: Avoid clearing auto reload register nvmet-tcp: fix a segmentation fault during io parsing error nvme-pci: don't simple map sgl when sgls are disabled media: cedrus: Fix H265 status definitions HSI: core: fix resource leaks in hsi_add_client_from_dt() x86/events/amd/iommu: Fix sysfs type mismatch perf/amd/uncore: Fix sysfs type mismatch io_uring: fix overflows checks in provide buffers sched/debug: Fix cgroup_path[] serialization drivers/block/null_blk/main: Fix a double free in null_init. xsk: Respect device's headroom and tailroom on generic xmit path HID: plantronics: Workaround for double volume key presses perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars ASoC: Intel: boards: sof-wm8804: add check for PLL setting ASoC: Intel: Skylake: Compile when any configuration is selected RDMA/mlx5: Fix mlx5 rates to IB rates map wilc1000: write value to WILC_INTR2_ENABLE register KVM: x86/mmu: Retry page faults that hit an invalid memslot Bluetooth: avoid deadlock between hci_dev->lock and socket lock net: lapbether: Prevent racing when checking whether the netif is running libbpf: Add explicit padding to bpf_xdp_set_link_opts bpftool: Fix maybe-uninitialized warnings iommu: Check dev->iommu in iommu_dev_xxx functions iommu/vt-d: Reject unsupported page request modes selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed libbpf: Add explicit padding to btf_dump_emit_type_decl_opts powerpc/fadump: Mark fadump_calculate_reserve_size as __init powerpc/prom: Mark identical_pvr_fixup as __init MIPS: fix local_irq_{disable,enable} in asmmacro.h ima: Fix the error code for restoring the PCR value inet: use bigger hash table for IP ID generation pinctrl: pinctrl-single: remove unused parameter pinctrl: pinctrl-single: fix pcs_pin_dbg_show() when bits_per_mux is not zero MIPS: loongson64: fix bug when PAGE_SIZE > 16KB ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK RDMA/mlx5: Fix drop packet rule in egress table IB/isert: Fix a use after free in isert_connect_request powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration MIPS/bpf: Enable bpf_probe_read{, str}() on MIPS again gpio: guard gpiochip_irqchip_add_domain() with GPIOLIB_IRQCHIP ALSA: core: remove redundant spin_lock pair in snd_card_disconnect net: phy: lan87xx: fix access to wrong register of LAN87xx udp: never accept GSO_FRAGLIST packets powerpc/pseries: Only register vio drivers if vio bus exists net/tipc: fix missing destroy_workqueue() on error in tipc_crypto_start() bug: Remove redundant condition check in report_bug RDMA/core: Fix corrupted SL on passive side nfc: pn533: prevent potential memory corruption net: hns3: Limiting the scope of vector_ring_chain variable mips: bmips: fix syscon-reboot nodes iommu/vt-d: Don't set then clear private data in prq_event_thread() iommu: Fix a boundary issue to avoid performance drop iommu/vt-d: Report right snoop capability when using FL for IOVA iommu/vt-d: Report the right page fault address iommu/vt-d: Preset Access/Dirty bits for IOVA over FL iommu/vt-d: Remove WO permissions on second-level paging entries iommu/vt-d: Invalidate PASID cache when root/context entry changed ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls HID: lenovo: Use brightness_set_blocking callback for setting LEDs brightness HID: lenovo: Fix lenovo_led_set_tp10ubkbd() error handling HID: lenovo: Check hid_get_drvdata() returns non NULL in lenovo_event() HID: lenovo: Map mic-mute button to KEY_F20 instead of KEY_MICMUTE KVM: arm64: Initialize VCPU mdcr_el2 before loading it ASoC: simple-card: fix possible uninitialized single_cpu local variable liquidio: Fix unintented sign extension of a left shift of a u16 IB/hfi1: Use kzalloc() for mmu_rb_handler allocation powerpc/64s: Fix pte update for kernel memory on radix powerpc/perf: Fix PMU constraint check for EBB events powerpc: iommu: fix build when neither PCI or IBMVIO is set mac80211: bail out if cipher schemes are invalid perf vendor events amd: Fix broken L2 Cache Hits from L2 HWPF metric xfs: fix return of uninitialized value in variable error rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() mt7601u: fix always true expression mt76: mt7615: fix tx skb dma unmap mt76: mt7915: fix tx skb dma unmap mt76: mt7915: fix aggr len debugfs node mt76: mt7615: fix mib stats counter reporting to mac80211 mt76: mt7915: fix mib stats counter reporting to mac80211 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation mt76: mt7663s: fix the possible device hang in high traffic KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit ovl: invalidate readdir cache on changes to dir with origin RDMA/qedr: Fix error return code in qedr_iw_connect() IB/hfi1: Fix error return code in parse_platform_config() RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() cxgb4: Fix unintentional sign extension issues net: thunderx: Fix unintentional sign extension issue RDMA/srpt: Fix error return code in srpt_cm_req_recv() RDMA/rtrs-clt: destroy sysfs after removing session from active list i2c: cadence: fix reference leak when pm_runtime_get_sync fails i2c: img-scb: fix reference leak when pm_runtime_get_sync fails i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails i2c: imx: fix reference leak when pm_runtime_get_sync fails i2c: omap: fix reference leak when pm_runtime_get_sync fails i2c: sprd: fix reference leak when pm_runtime_get_sync fails i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails i2c: xiic: fix reference leak when pm_runtime_get_sync fails i2c: cadence: add IRQ check i2c: emev2: add IRQ check i2c: jz4780: add IRQ check i2c: mlxbf: add IRQ check i2c: rcar: make sure irq is not threaded on Gen2 and earlier i2c: rcar: protect against supurious interrupts on V3U i2c: rcar: add IRQ check i2c: sh7760: add IRQ check powerpc/xive: Drop check on irq_data in xive_core_debug_show() powerpc/xive: Fix xmon command "dxi" ASoC: ak5558: correct reset polarity net/mlx5: Fix bit-wise and with zero net/packet: make packet_fanout.arr size configurable up to 64K net/packet: remove data races in fanout operations drm/i915/gvt: Fix error code in intel_gvt_init_device() iommu/amd: Put newline after closing bracket in warning perf beauty: Fix fsconfig generator drm/amd/pm: fix error code in smu_set_power_limit() MIPS: pci-legacy: stop using of_pci_range_to_resource powerpc/pseries: extract host bridge from pci_bus prior to bus removal powerpc/smp: Reintroduce cpu_core_mask KVM: x86: dump_vmcs should not assume GUEST_IA32_EFER is valid rtlwifi: 8821ae: upgrade PHY and RF parameters wlcore: fix overlapping snprintf arguments in debugfs i2c: sh7760: fix IRQ error path i2c: mediatek: Fix wrong dma sync flag mwl8k: Fix a double Free in mwl8k_probe_hw netfilter: nft_payload: fix C-VLAN offload support netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector netfilter: nftables_offload: special ethertype handling for VLAN vsock/vmci: log once the failed queue pair allocation libbpf: Initialize the bpf_seq_printf parameters array field by field net: ethernet: ixp4xx: Set the DMA masks explicitly gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check RDMA/cxgb4: add missing qpid increment RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails sfc: ef10: fix TX queue lookup in TX event handling vsock/virtio: free queued packets when closing socket net: marvell: prestera: fix port event handling on init net: davinci_emac: Fix incorrect masking of tx and rx error channel mt76: mt7615: fix memleak when mt7615_unregister_device() crypto: ccp: Detect and reject "invalid" addresses destined for PSP nfp: devlink: initialize the devlink port attribute "lanes" net: stmmac: fix TSO and TBS feature enabling during driver open net: renesas: ravb: Fix a stuck issue when a lot of frames are received net: phy: intel-xway: enable integrated led functions RDMA/rxe: Fix a bug in rxe_fill_ip_info() RDMA/core: Add CM to restrack after successful attachment to a device powerpc/64: Fix the definition of the fixmap area ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices ath10k: Fix a use after free in ath10k_htc_send_bundle ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock wlcore: Fix buffer overrun by snprintf due to incorrect buffer size powerpc/perf: Fix the threshold event selection for memory events in power10 powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add') net: phy: marvell: fix m88e1011_set_downshift net: phy: marvell: fix m88e1111_set_downshift net: enetc: fix link error again bnxt_en: fix ternary sign extension bug in bnxt_show_temp() ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry static selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test bnxt_en: Fix RX consumer index logic in the error path. KVM: VMX: Intercept FS/GS_BASE MSR accesses for 32-bit KVM net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro selftests/bpf: Fix field existence CO-RE reloc tests selftests/bpf: Fix core_reloc test runner bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds RDMA/siw: Fix a use after free in siw_alloc_mr RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res net: bridge: mcast: fix broken length + header check for MRDv6 Adv. net:nfc:digital: Fix a double free in digital_tg_recv_dep_req perf tools: Change fields type in perf_record_time_conv perf jit: Let convert_timestamp() to be backwards-compatible perf session: Add swap operation for event TIME_CONV ia64: fix EFI_DEBUG build kfifo: fix ternary sign extension bugs mm/sl?b.c: remove ctor argument from kmem_cache_flags mm: memcontrol: slab: fix obtain a reference to a freeing memcg mm/sparse: add the missing sparse_buffer_fini() in error branch mm/memory-failure: unnecessary amount of unmapping afs: Fix speculative status fetches bpf: Fix alu32 const subreg bound tracking on bitwise operations bpf, ringbuf: Deny reserve of buffers larger than ringbuf bpf: Prevent writable memory-mapping of read-only ringbuf pages arm64: Remove arm64_dma32_phys_limit and its uses net: Only allow init netns to set default tcp cong to a restricted algo smp: Fix smp_call_function_single_async prototype Revert "net/sctp: fix race condition in sctp_destroy_sock" sctp: delay auto_asconf init until binding the first addr Linux 5.10.37 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5bee89c285d9dd72de967b0e70d96951ae4e06ae	2021-05-15 09:28:55 +02:00
Johannes Berg	9e7fcf39e2	cfg80211: scan: drop entry from hidden_list on overflow ... commit 010bfbe768 upstream. If we overflow the maximum number of BSS entries and free the new entry, drop it from any hidden_list that it may have been added to in the code above or in cfg80211_combine_bsses(). Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-05-14 09:50:00 +02:00
Greg Kroah-Hartman	9a705f0463	Merge 5.10.30 into android12-5.10 ... Changes in 5.10.30 xfrm/compat: Cleanup WARN()s that can be user-triggered ALSA: aloop: Fix initialization of controls ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model ASoC: intel: atom: Stop advertising non working S24LE support nfc: fix refcount leak in llcp_sock_bind() nfc: fix refcount leak in llcp_sock_connect() nfc: fix memory leak in llcp_sock_connect() nfc: Avoid endless loops caused by repeated llcp_sock_connect() selinux: make nslot handling in avtab more robust selinux: fix cond_list corruption when changing booleans selinux: fix race between old and new sidtab xen/evtchn: Change irq_info lock to raw_spinlock_t net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock net: dsa: lantiq_gswip: Don't use PHY auto polling net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG bits drm/i915: Fix invalid access to ACPI _DSM objects ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS LOOKUP_MOUNTPOINT: we are cleaning "jumped" flag too late gcov: re-fix clang-11+ support ia64: fix user_stack_pointer() for ptrace() nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff ocfs2: fix deadlock between setattr and dio_end_io_write fs: direct-io: fix missing sdio->boundary ethtool: fix incorrect datatype in set_eee ops of: property: fw_devlink: do not link ".*,nr-gpios" parisc: parisc-agp requires SBA IOMMU driver parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field ice: Continue probe on link/PHY errors ice: Increase control queue timeout ice: prevent ice_open and ice_stop during reset ice: fix memory allocation call ice: remove DCBNL_DEVRESET bit from PF state ice: Fix for dereference of NULL pointer ice: Use port number instead of PF ID for WoL ice: Cleanup fltr list in case of allocation issues iwlwifi: pcie: properly set LTR workarounds on 22000 devices ice: fix memory leak of aRFS after resuming from suspend net: hso: fix null-ptr-deref during tty device unregistration libbpf: Fix bail out from 'ringbuf_process_ring()' on error bpf: Enforce that struct_ops programs be GPL-only bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx libbpf: Ensure umem pointer is non-NULL before dereferencing libbpf: Restore umem state after socket create failure libbpf: Only create rx and tx XDP rings when necessary bpf: Refcount task stack in bpf_get_task_stack bpf, sockmap: Fix sk->prot unhash op reset bpf, sockmap: Fix incorrect fwd_alloc accounting net: ensure mac header is set in virtio_net_hdr_to_skb() i40e: Fix sparse warning: missing error code 'err' i40e: Fix sparse error: 'vsi->netdev' could be null i40e: Fix sparse error: uninitialized symbol 'ring' i40e: Fix sparse errors in i40e_txrx.c vdpa/mlx5: Fix suspend/resume index restoration net: sched: sch_teql: fix null-pointer dereference net: sched: fix action overwrite reference counting nl80211: fix beacon head validation nl80211: fix potential leak of ACL params cfg80211: check S1G beacon compat element length mac80211: fix time-is-after bug in mlme mac80211: fix TXQ AC confusion net: hsr: Reset MAC header for Tx path net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() net: let skb_orphan_partial wake-up waiters. thunderbolt: Fix a leak in tb_retimer_add() thunderbolt: Fix off by one in tb_port_find_retimer() usbip: add sysfs_lock to synchronize sysfs code paths usbip: stub-dev synchronize sysfs code paths usbip: vudc synchronize sysfs code paths usbip: synchronize event handler with sysfs code paths driver core: Fix locking bug in deferred_probe_timeout_work_func() scsi: pm80xx: Fix chip initialization failure scsi: target: iscsi: Fix zero tag inside a trace event percpu: make pcpu_nr_empty_pop_pages per chunk type i2c: turn recovery error on init to debug KVM: x86/mmu: change TDP MMU yield function returns to match cond_resched KVM: x86/mmu: Merge flush and non-flush tdp_mmu_iter_cond_resched KVM: x86/mmu: Rename goal_gfn to next_last_level_gfn KVM: x86/mmu: Ensure forward progress when yielding in TDP MMU iter KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed KVM: x86/mmu: Ensure TLBs are flushed when yielding during GFN range zap KVM: x86/mmu: Ensure TLBs are flushed for TDP MMU during NX zapping KVM: x86/mmu: Don't allow TDP MMU to yield when recovering NX pages KVM: x86/mmu: preserve pending TLB flush across calls to kvm_tdp_mmu_zap_sp net: sched: fix err handler in tcf_action_init() ice: Refactor DCB related variables out of the ice_port_info struct ice: Recognize 860 as iSCSI port in CEE mode xfrm: interface: fix ipv4 pmtu check to honor ip header df xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume remoteproc: qcom: pil_info: avoid 64-bit division regulator: bd9571mwv: Fix AVS and DVFS voltage range ARM: OMAP4: Fix PMIC voltage domains for bionic ARM: OMAP4: PM: update ROM return address for OSWR and OFF net: xfrm: Localize sequence counter per network namespace esp: delete NETIF_F_SCTP_CRC bit from features for esp offload ASoC: SOF: Intel: HDA: fix core status verification ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips xfrm: Fix NULL pointer dereference on policy lookup virtchnl: Fix layout of RSS structures i40e: Added Asym_Pause to supported link modes i40e: Fix kernel oops when i40e driver removes VF's hostfs: fix memory handling in follow_link() amd-xgbe: Update DMA coherency values vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply sch_red: fix off-by-one checks in red_check_params() drivers/net/wan/hdlc_fr: Fix a double free in pvc_xmit arm64: dts: imx8mm/q: Fix pad control of SD1_DATA0 xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE can: isotp: fix msg_namelen values depending on CAN_REQUIRED_SIZE mlxsw: spectrum: Fix ECN marking in tunnel decapsulation ethernet: myri10ge: Fix a use after free in myri10ge_sw_tso gianfar: Handle error code at MAC address change net: dsa: Fix type was not set for devlink port cxgb4: avoid collecting SGE_QBASE regs during traffic net:tipc: Fix a double free in tipc_sk_mcast_rcv ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces net/ncsi: Avoid channel_monitor hrtimer deadlock net: qrtr: Fix memory leak on qrtr_tx_wait failure nfp: flower: ignore duplicate merge hints from FW net: phy: broadcom: Only advertise EEE for supported modes I2C: JZ4780: Fix bug for Ingenic X1000. ASoC: sunxi: sun4i-codec: fill ASoC card owner net/mlx5e: Fix mapping of ct_label zero net/mlx5e: Fix ethtool indication of connector type net/mlx5: Don't request more than supported EQs net/rds: Fix a use after free in rds_message_map_pages xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model soc/fsl: qbman: fix conflicting alignment attributes i40e: Fix display statistics for veb_tc RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files drm/msm: Set drvdata to NULL when msm_drm_init() fails net: udp: Add support for getsockopt(..., ..., UDP_GRO, ..., ...); mptcp: forbit mcast-related sockopt on MPTCP sockets scsi: ufs: core: Fix task management request completion timeout scsi: ufs: core: Fix wrong Task Tag used in task management request UPIUs net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb net: macb: restore cmp registers on resume path clk: fix invalid usage of list cursor in register clk: fix invalid usage of list cursor in unregister workqueue: Move the position of debug_work_activate() in __queue_work() s390/cpcmd: fix inline assembly register clobbering perf inject: Fix repipe usage net: openvswitch: conntrack: simplify the return expression of ovs_ct_limit_get_default_limit() openvswitch: fix send of uninitialized stack memory in ct limit reply i2c: designware: Adjust bus_freq_hz when refuse high speed mode set iwlwifi: fix 11ax disabled bit in the regulatory capability flags can: mcp251x: fix support for half duplex SPI host controllers tipc: increment the tmp aead refcnt before attaching it net: hns3: clear VF down state bit before request link status net/mlx5: Fix placement of log_max_flow_counter net/mlx5: Fix PPLM register mapping net/mlx5: Fix PBMC register mapping RDMA/cxgb4: check for ipv6 address properly while destroying listener perf report: Fix wrong LBR block sorting RDMA/qedr: Fix kernel panic when trying to access recv_cq drm/vc4: crtc: Reduce PV fifo threshold on hvs4 i40e: Fix parameters in aq_get_phy_register() RDMA/addr: Be strict with gid size vdpa/mlx5: should exclude header length and fcs from mtu vdpa/mlx5: Fix wrong use of bit numbers RAS/CEC: Correct ce_add_elem()'s returned values clk: socfpga: fix iomem pointer cast on 64-bit lockdep: Address clang -Wformat warning printing for %hd dt-bindings: net: ethernet-controller: fix typo in NVMEM net: sched: bump refcount for new action in ACT replace mode gpiolib: Read "gpio-line-names" from a firmware node cfg80211: remove WARN_ON() in cfg80211_sme_connect net: tun: set tun->dev->addr_len during TUNSETLINK processing drivers: net: fix memory leak in atusb_probe drivers: net: fix memory leak in peak_usb_create_dev net: mac802154: Fix general protection fault net: ieee802154: nl-mac: fix check on panid net: ieee802154: fix nl802154 del llsec key net: ieee802154: fix nl802154 del llsec dev net: ieee802154: fix nl802154 add llsec key net: ieee802154: fix nl802154 del llsec devkey net: ieee802154: forbid monitor for set llsec params net: ieee802154: forbid monitor for del llsec seclevel net: ieee802154: stop dump llsec params for monitors Revert "net: sched: bump refcount for new action in ACT replace mode" Linux 5.10.30 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie8754a2e4dfef03bf1f2b878843cde19a4adab21	2021-04-15 14:23:41 +02:00
Du Cheng	26ab092615	cfg80211: remove WARN_ON() in cfg80211_sme_connect ... commit 1b5ab825d9 upstream. A WARN_ON(wdev->conn) would trigger in cfg80211_sme_connect(), if multiple send_msg(NL80211_CMD_CONNECT) system calls are made from the userland, which should be anticipated and handled by the wireless driver. Remove this WARN_ON() to prevent kernel panic if kernel is configured to "panic_on_warn". Bug reported by syzbot. Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com Signed-off-by: Du Cheng <ducheng2@gmail.com> Link: https://lore.kernel.org/r/20210407162756.6101-1-ducheng2@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-04-14 08:42:13 +02:00
Johannes Berg	cc1a702e6e	cfg80211: check S1G beacon compat element length ... commit b5ac014649 upstream. We need to check the length of this element so that we don't access data beyond its end. Fix that. Fixes: 9eaffe5078 ("cfg80211: convert S1G beacon to scan results") Link: https://lore.kernel.org/r/20210408142826.f6f4525012de.I9fdeff0afdc683a6024e5ea49d2daa3cd2459d11@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-04-14 08:42:02 +02:00
Johannes Berg	fea52345f4	nl80211: fix potential leak of ACL params ... commit abaf94ecc9 upstream. In case nl80211_parse_unsol_bcast_probe_resp() results in an error, need to "goto out" instead of just returning to free possibly allocated data. Fixes: 7443dcd1f1 ("nl80211: Unsolicited broadcast probe response support") Link: https://lore.kernel.org/r/20210408142833.d8bc2e2e454a.If290b1ba85789726a671ff0b237726d4851b5b0f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-04-14 08:42:02 +02:00
Johannes Berg	42e4450e37	nl80211: fix beacon head validation ... commit 9a6847ba17 upstream. If the beacon head attribute (NL80211_ATTR_BEACON_HEAD) is too short to even contain the frame control field, we access uninitialized data beyond the buffer. Fix this by checking the minimal required size first. We used to do this until S1G support was added, where the fixed data portion has a different size. Reported-and-tested-by: syzbot+72b99dcf4607e8c770f3@syzkaller.appspotmail.com Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Fixes: 1d47f1198d ("nl80211: correctly validate S1G beacon head") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20210408154518.d9b06d39b4ee.Iff908997b2a4067e8d456b3cb96cab9771d252b8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-04-14 08:42:02 +02:00
Vamsi Krishna	865fd5429d	UPSTREAM: cfg80211: Add support to calculate and report 4096-QAM HE rates ... Drivers supporting 4096-QAM rates as a vendor extension in HE mode need to update the correct rate info to userspace while using 4096-QAM (MCS12 and MCS13) in HE mode. Add support to calculate bitrates of HE-MCS12 and HE-MCS13 which represent the 4096-QAM modulation schemes. The MCS12 and MCS13 bitrates are defined in IEEE P802.11be/D0.1. In addition, scale up the bitrates by 3*2048 in order to accommodate calculations for the new MCS12 and MCS13 rates without losing fraction values. Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20201029183457.7005-1-jouni@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Bug: 179454829 Change-Id: I0fed84d281031313e318402b3c985d2192c45434 (cherry picked from commit 9c97c88d2f) Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>	2021-02-05 10:54:32 +00:00
Rohan Dutta	baa3ea76e4	UPSTREAM: cfg80211: Add support to configure SAE PWE value to drivers ... Add support to configure SAE PWE preference from userspace to drivers in both AP and STA modes. This is needed for cases where the driver takes care of Authentication frame processing (SME in the driver) so that correct enforcement of the acceptable PWE derivation mechanism can be performed. The userspace applications can pass the sae_pwe value using the NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and NL80211_CMD_START_AP commands to the driver. This allows selection between the hunting-and-pecking loop and hash-to-element options for PWE derivation. For backwards compatibility, this new attribute is optional and if not included, the driver is notified of the value being unspecified. Signed-off-by: Rohan Dutta <drohan@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Bug: 179454829 Change-Id: I6604da2ef738f49fc693b81009958b76043bc513 (cherry picked from commit 9f0ffa4184) Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>	2021-02-05 10:54:25 +00:00
Greg Kroah-Hartman	cf5b2483a5	Merge 5.10.13 into android12-5.10 ... Changes in 5.10.13 iwlwifi: provide gso_type to GSO packets nbd: freeze the queue while we're adding connections tty: avoid using vfs_iocb_iter_write() for redirected console writes ACPI: sysfs: Prefer "compatible" modalias ACPI: thermal: Do not call acpi_thermal_check() directly kernel: kexec: remove the lock operation of system_transition_mutex ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 ALSA: hda/via: Apply the workaround generically for Clevo machines parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES media: cec: add stm32 driver media: cedrus: Fix H264 decoding media: hantro: Fix reset_raw_fmt initialization media: rc: fix timeout handling after switch to microsecond durations media: rc: ite-cir: fix min_timeout calculation media: rc: ensure that uevent can be read directly after rc device register ARM: dts: tbs2910: rename MMC node aliases ARM: dts: ux500: Reserve memory carveouts ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming wext: fix NULL-ptr-dereference with cfg80211's lack of commit() x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled ASoC: AMD Renoir - refine DMI entries for some Lenovo products Revert "drm/amdgpu/swsmu: drop set_fan_speed_percent (v2)" drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors drm/i915: Always flush the active worker before returning from the wait drm/i915/gt: Always try to reserve GGTT address 0x0 drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes bcache: only check feature sets when sb->version >= BCACHE_SB_VERSION_CDEV_WITH_FEATURES net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family s390: uv: Fix sysfs max number of VCPUs reporting s390/vfio-ap: No need to disable IRQ after queue reset PM: hibernate: flush swap writer after marking x86/entry: Emit a symbol for register restoring thunk efi/apple-properties: Reinstate support for boolean properties crypto: marvel/cesa - Fix tdma descriptor on 64-bit drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] btrfs: fix lockdep warning due to seqcount_mutex on 32bit arch btrfs: fix possible free space tree corruption with online conversion KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() KVM: arm64: Filter out v8.1+ events on v8.0 HW KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit KVM: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration KVM: x86: get smi pending status correctly KVM: Forbid the use of tagged userspace addresses for memslots io_uring: fix wqe->lock/completion_lock deadlock xen: Fix XenStore initialisation for XS_LOCAL leds: trigger: fix potential deadlock with libata arm64: dts: broadcom: Fix USB DMA address translation for Stingray mt7601u: fix kernel crash unplugging the device mt76: mt7663s: fix rx buffer refcounting mt7601u: fix rx buffer refcounting iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit. drm/i915/gt: Clear CACHE_MODE prior to clearing residuals drm/i915/pmu: Don't grab wakeref when enabling events net/mlx5e: Fix IPSEC stats ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices drm/vc4: Correct lbm size and calculation drm/vc4: Correct POS1_SCL for hvs5 drm/nouveau/dispnv50: Restore pushing of all data. drm/i915: Check for all subplatform bits drm/i915/selftest: Fix potential memory leak uapi: fix big endian definition of ipv6_rpl_sr_hdr KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM tee: optee: replace might_sleep with cond_resched xen-blkfront: allow discard-* nodes to be optional blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in hctx_may_queue clk: imx: fix Kconfig warning for i.MX SCU clk clk: mmp2: fix build without CONFIG_PM clk: qcom: gcc-sm250: Use floor ops for sdcc clks ARM: imx: build suspend-imx6.S with arm instruction set ARM: zImage: atags_to_fdt: Fix node names on added root nodes netfilter: nft_dynset: add timeout extension to template Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion" Revert "block: simplify set_init_blocksize" to regain lost performance xfrm: Fix oops in xfrm_replay_advance_bmp xfrm: fix disable_xfrm sysctl when used on xfrm interfaces selftests: xfrm: fix test return value override issue in xfrm_policy.sh xfrm: Fix wraparound in xfrm_policy_addr_delta() arm64: dts: ls1028a: fix the offset of the reset register ARM: imx: fix imx8m dependencies ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms arm64: dts: imx8mp: Correct the gpio ranges of gpio3 firmware: imx: select SOC_BUS to fix firmware build RDMA/cxgb4: Fix the reported max_recv_sge value ASoC: dt-bindings: lpass: Fix and common up lpass dai ids ASoC: qcom: Fix incorrect volatile registers ASoC: qcom: Fix broken support to MI2S TERTIARY and QUATERNARY ASoC: qcom: lpass-ipq806x: fix bitwidth regmap field spi: altera: Fix memory leak on error path ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete powerpc/64s: prevent recursive replay_soft_interrupts causing superfluous interrupt pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn ASoC: SOF: Intel: soundwire: fix select/depend unmet dependencies ASoC: qcom: lpass: Fix out-of-bounds DAI ID lookup iwlwifi: pcie: avoid potential PNVM leaks iwlwifi: pnvm: don't skip everything when not reloading iwlwifi: pnvm: don't try to load after failures iwlwifi: pcie: set LTR on more devices iwlwifi: pcie: use jiffies for memory read spin time limit iwlwifi: pcie: reschedule in long-running memory reads mac80211: pause TX while changing interface type ice: fix FDir IPv6 flexbyte ice: Implement flow for IPv6 next header (extension header) ice: update dev_addr in ice_set_mac_address even if HW filter exists ice: Don't allow more channels than LAN MSI-X available ice: Fix MSI-X vector fallback logic i40e: acquire VSI pointer only after VF is initialized igc: fix link speed advertising net/mlx5: Fix memory leak on flow table creation error flow net/mlx5e: E-switch, Fix rate calculation for overflow net/mlx5e: free page before return net/mlx5e: Reduce tc unsupported key print level net/mlx5: Maintain separate page trees for ECPF and PF functions net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled net/mlx5e: Fix CT rule + encap slow path offload and deletion net/mlx5e: Correctly handle changing the number of queues when the interface is down net/mlx5e: Revert parameters on errors when changing trust state without reset net/mlx5e: Revert parameters on errors when changing MTU and LRO state without reset net/mlx5: CT: Fix incorrect removal of tuple_nat_node from nat rhashtable can: dev: prevent potential information leak in can_fill_info() ACPI/IORT: Do not blindly trust DMA masks from firmware of/device: Update dma_range_map only when dev has valid dma-ranges iommu/amd: Use IVHD EFR for early initialization of IOMMU features iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() nvme-multipath: Early exit if no path is available selftests: forwarding: Specify interface when invoking mausezahn rxrpc: Fix memory leak in rxrpc_lookup_local NFC: fix resource leak when target index is invalid NFC: fix possible resource leak ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default ASoC: topology: Properly unregister DAI on removal ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values() scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit team: protect features update by RCU to avoid deadlock tcp: make TCP_USER_TIMEOUT accurate for zero window probes tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN vsock: fix the race conditions in multi-transport support Linux 5.10.13 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I75f419b25f24da559e446d62f75ce6bb9b0a5396	2021-02-05 10:38:34 +01:00
Johannes Berg	d16c5dfe93	wext: fix NULL-ptr-dereference with cfg80211's lack of commit() ... commit 5122565188 upstream. Since cfg80211 doesn't implement commit, we never really cared about that code there (and it's configured out w/o CONFIG_WIRELESS_EXT). After all, since it has no commit, it shouldn't return -EIWCOMMIT to indicate commit is needed. However, EIWCOMMIT is actually an alias for EINPROGRESS, which _can_ happen if e.g. we try to change the frequency but we're already in the process of connecting to some network, and drivers could return that value (or even cfg80211 itself might). This then causes us to crash because dev->wireless_handlers is NULL but we try to check dev->wireless_handlers->standard[0]. Fix this by also checking dev->wireless_handlers. Also simplify the code a little bit. Cc: stable@vger.kernel.org Reported-by: syzbot+444248c79e117bc99f46@syzkaller.appspotmail.com Reported-by: syzbot+8b2a88a09653d4084179@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210121171621.2076e4a37d5a.I5d9c72220fe7bb133fb718751da0180a57ecba4e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-02-03 23:28:38 +01:00
Greg Kroah-Hartman	88e2d5fd10	This is the 5.10.9 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAHFpcACgkQONu9yGCS aT4Vhw/+JLscHnfK//hbS6Nx95MY95VMzy+p2ccADXRy3O/5nr0HwGKnXTKB4Bg+ 05S3Hv9ZU/XSszLWvgFQ0Z0peU241ASPz1uLTgtpziBT5plXa5eJULBZ+WknWMef dNKpvKPphpEbQ0yz6o/4sbNAdiI9BzyGCOicQ2dl9nY7R/JA9YHquUD7iHMnvbs+ yxwwawNHVwszUT/fJT3iFzOAehHGAttHdf3z/bGPS1ogy2S7J5IluJgTAibd3P7G 5o7OUUA5ujEtjBLIkA61fqeL2Qaci83Ff/8KEPEfF1JeLBbMHYcLHnz3RAwBaLZh nlM4smyTeekcnHIzyRGw16OmpoYwY3MQAt+UFLCzKhlnscB0UqCNkA9zQA9k/taw cy7/fe5hWFU9DRv4uTUT2H1tkP+pNQ5eIaejPHMtld5JlYXoDN4RyQq7sAyMQgBj CXADStYSR/f5sWWgRbRs1F7E0lrePsVpjOcqHXxbsS+52yN2CZSKazlOIJ9xArfM cTzzLUuYbMZoHjIDdMMkjA41VMmyJ+BKrqEgzu3LsJQs57o/ckjnQx4VV5YiHhci v35OL8oa9IZi8WQikB9bx2WZRWUChOGKwMNeeUwEFD4Zmye1OtyyHuzYQf9QSjRv zbf1owwsg3xnfkvLcfru8mNMgJkgG8RpuNNVPO8boWZ4pgPu2tk= =5K55 -----END PGP SIGNATURE----- Merge 5.10.9 into android12-5.10 Changes in 5.10.9 btrfs: reloc: fix wrong file extent type check to avoid false ENOENT btrfs: prevent NULL pointer dereference in extent_io_tree_panic ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines ALSA: doc: Fix reference to mixart.rst ASoC: AMD Renoir - add DMI entry for Lenovo ThinkPad X395 ASoC: dapm: remove widget from dirty list on free x86/hyperv: check cpu mask after interrupt has been disabled drm/amdgpu: add green_sardine device id (v2) drm/amdgpu: fix DRM_INFO flood if display core is not supported (bug 210921) Revert "drm/amd/display: Fixed Intermittent blue screen on OLED panel" drm/amdgpu: add new device id for Renior drm/i915: Allow the sysadmin to override security mitigations drm/i915/gt: Limit VFE threads based on GT drm/i915/backlight: fix CPU mode backlight takeover on LPT drm/bridge: sii902x: Refactor init code into separate function dt-bindings: display: sii902x: Add supply bindings drm/bridge: sii902x: Enable I/O and core VCC supplies if present tracing/kprobes: Do the notrace functions check without kprobes on ftrace tools/bootconfig: Add tracing_on support to helper scripts ext4: use IS_ERR instead of IS_ERR_OR_NULL and set inode null when IS_ERR ext4: fix wrong list_splice in ext4_fc_cleanup ext4: fix bug for rename with RENAME_WHITEOUT cifs: check pointer before freeing cifs: fix interrupted close commands riscv: Drop a duplicated PAGE_KERNEL_EXEC riscv: return -ENOSYS for syscall -1 riscv: Fixup CONFIG_GENERIC_TIME_VSYSCALL riscv: Fix KASAN memory mapping. mips: fix Section mismatch in reference mips: lib: uncached: fix non-standard usage of variable 'sp' MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB MIPS: Fix malformed NT_FILE and NT_SIGINFO in 32bit coredumps MIPS: relocatable: fix possible boot hangup with KASLR enabled RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() ACPI: scan: Harden acpi_device_add() against device ID overflows xen/privcmd: allow fetching resource sizes compiler.h: Raise minimum version of GCC to 5.1 for arm64 mm/vmalloc.c: fix potential memory leak mm/hugetlb: fix potential missing huge page size info mm/process_vm_access.c: include compat.h dm raid: fix discard limits for raid1 dm snapshot: flush merged data before committing metadata dm integrity: fix flush with external metadata device dm integrity: fix the maximum number of arguments dm crypt: use GFP_ATOMIC when allocating crypto requests from softirq dm crypt: do not wait for backlogged crypto request completion in softirq dm crypt: do not call bio_endio() from the dm-crypt tasklet dm crypt: defer decryption to a tasklet if interrupts disabled stmmac: intel: change all EHL/TGL to auto detect phy addr r8152: Add Lenovo Powered USB-C Travel Hub btrfs: tree-checker: check if chunk item end overflows ext4: don't leak old mountpoint samples io_uring: don't take files/mm for a dead task io_uring: drop mm and files after task_work_run ARC: build: remove non-existing bootpImage from KBUILD_IMAGE ARC: build: add uImage.lzma to the top-level target ARC: build: add boot_targets to PHONY ARC: build: move symlink creation to arch/arc/Makefile to avoid race ARM: omap2: pmic-cpcap: fix maximum voltage to be consistent with defaults on xt875 ath11k: fix crash caused by NULL rx_channel netfilter: ipset: fixes possible oops in mtype_resize ath11k: qmi: try to allocate a big block of DMA memory first btrfs: fix async discard stall btrfs: merge critical sections of discard lock in workfn btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan regulator: bd718x7: Add enable times ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram ARM: dts: ux500/golden: Set display max brightness habanalabs: adjust pci controller init to new firmware habanalabs/gaudi: retry loading TPC f/w on -EINTR habanalabs: register to pci shutdown callback staging: spmi: hisi-spmi-controller: Fix some error handling paths spi: altera: fix return value for altera_spi_txrx() habanalabs: Fix memleak in hl_device_reset hwmon: (pwm-fan) Ensure that calculation doesn't discard big period values lib/raid6: Let $(UNROLL) rules work with macOS userland kconfig: remove 'kvmconfig' and 'xenconfig' shorthands spi: fix the divide by 0 error when calculating xfer waiting time io_uring: drop file refs after task cancel bfq: Fix computation of shallow depth arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC misdn: dsp: select CONFIG_BITREVERSE net: ethernet: fs_enet: Add missing MODULE_LICENSE selftests: fix the return value for UDP GRO test nvme-pci: mark Samsung PM1725a as IGNORE_DEV_SUBNQN nvme: avoid possible double fetch in handling CQE nvmet-rdma: Fix list_del corruption on queue establishment failure drm/amd/display: fix sysfs amdgpu_current_backlight_pwm NULL pointer issue drm/amdgpu: fix a GPU hang issue when remove device drm/amd/pm: fix the failure when change power profile for renoir drm/amdgpu: fix potential memory leak during navi12 deinitialization usb: typec: Fix copy paste error for NVIDIA alt-mode description iommu/vt-d: Fix lockdep splat in sva bind()/unbind() ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI drm/msm: Call msm_init_vram before binding the gpu ARM: picoxcell: fix missing interrupt-parent properties poll: fix performance regression due to out-of-line __put_user() rcu-tasks: Move RCU-tasks initialization to before early_initcall() bpf: Simplify task_file_seq_get_next() bpf: Save correct stopping point in file seq iteration x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling cfg80211: select CONFIG_CRC32 nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context iommu/vt-d: Update domain geometry in iommu_ops.at(de)tach_dev net/mlx5e: CT: Use per flow counter when CT flow accounting is enabled net/mlx5: Fix passing zero to 'PTR_ERR' net/mlx5: E-Switch, fix changing vf VLANID blk-mq-debugfs: Add decode for BLK_MQ_F_TAG_HCTX_SHARED mm: fix clear_refs_write locking mm: don't play games with pinned pages in clear_page_refs mm: don't put pinned pages into the swap cache perf intel-pt: Fix 'CPU too large' error dump_common_audit_data(): fix racy accesses to ->d_name ASoC: meson: axg-tdm-interface: fix loopback ASoC: meson: axg-tdmin: fix axg skew offset ASoC: Intel: fix error code cnl_set_dsp_D0() nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY nvme: don't intialize hwmon for discovery controllers nvme-tcp: fix possible data corruption with bio merges nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock pNFS: We want return-on-close to complete when evicting the inode pNFS: Mark layout for return if return-on-close was not sent pNFS: Stricter ordering of layoutget and layoutreturn NFS: Adjust fs_context error logging NFS/pNFS: Don't call pnfs_free_bucket_lseg() before removing the request NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit() NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter NFS: nfs_delegation_find_inode_server must first reference the superblock NFS: nfs_igrab_and_active must first reference the superblock scsi: ufs: Fix possible power drain during system suspend ext4: fix superblock checksum failure when setting password salt RDMA/restrack: Don't treat as an error allocation ID wrapping RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp bnxt_en: Improve stats context resource accounting with RDMA driver loaded. RDMA/mlx5: Fix wrong free of blue flame register on error IB/mlx5: Fix error unwinding when set_has_smi_cap fails umount(2): move the flag validity checks first dm zoned: select CONFIG_CRC32 drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence drm/i915/icl: Fix initing the DSI DSC power refcount during HW readout drm/i915/gt: Restore clear-residual mitigations for Ivybridge, Baytrail mm, slub: consider rest of partial list if acquire_slab() fails riscv: Trace irq on only interrupt is enabled iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() net: sunrpc: interpret the return value of kstrtou32 correctly selftests: netfilter: Pass family parameter "-f" to conntrack tool dm: eliminate potential source of excessive kernel log noise ALSA: fireface: Fix integer overflow in transmit_midi_msg() ALSA: firewire-tascam: Fix integer overflow in midi_port_work() netfilter: conntrack: fix reading nf_conntrack_buckets netfilter: nf_nat: Fix memleak in nf_nat_init Linux 5.10.9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I609e501511889081e03d2d18ee7e1be95406f396	2021-01-19 18:49:54 +01:00
Arnd Bergmann	4ac5d20182	cfg80211: select CONFIG_CRC32 ... [ Upstream commit 152a8a6c01 ] Without crc32 support, this fails to link: arm-linux-gnueabi-ld: net/wireless/scan.o: in function `cfg80211_scan_6ghz': scan.c:(.text+0x928): undefined reference to `crc32_le' Fixes: c8cb5b854b ("nl80211/cfg80211: support 6 GHz scanning") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>	2021-01-19 18:27:28 +01:00
Sami Tolvanen	404303026b	FROMLIST: cfg80211: fix callback type mismatches in wext-compat ... Instead of casting callback functions to type iw_handler, which trips indirect call checking with Clang's Control-Flow Integrity (CFI), add stub functions with the correct function type for the callbacks. Bug: 145210207 Change-Id: Ief26496449ec985d600dd06b5e190dd21bf8eb4a Link: https://lore.kernel.org/lkml/20201117205902.405316-1-samitolvanen@google.com/ Reported-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>	2021-01-14 16:32:48 +00:00
Colin Ian King	615bc1ba5b	nl80211/cfg80211: fix potential infinite loop ... [ Upstream commit ba5c25236b ] The for-loop iterates with a u8 loop counter and compares this with the loop upper limit of request->n_ssids which is an int type. There is a potential infinite loop if n_ssids is larger than the u8 loop counter, so fix this by making the loop counter an int. Addresses-Coverity: ("Infinite loop") Fixes: c8cb5b854b ("nl80211/cfg80211: support 6 GHz scanning") Signed-off-by: Colin Ian King <colin.king@canonical.com> Link: https://lore.kernel.org/r/20201029222407.390218-1-colin.king@canonical.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2020-12-30 11:53:03 +01:00
Anant Thazhemadam	05725b40b9	nl80211: validate key indexes for cfg80211_registered_device ... commit 2d9463083c upstream. syzbot discovered a bug in which an OOB access was being made because an unsuitable key_idx value was wrongly considered to be acceptable while deleting a key in nl80211_del_key(). Since we don't know the cipher at the time of deletion, if cfg80211_validate_key_settings() were to be called directly in nl80211_del_key(), even valid keys would be wrongly determined invalid, and deletion wouldn't occur correctly. For this reason, a new function - cfg80211_valid_key_idx(), has been created, to determine if the key_idx value provided is valid or not. cfg80211_valid_key_idx() is directly called in 2 places - nl80211_del_key(), and cfg80211_validate_key_settings(). Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Suggested-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com Cc: stable@vger.kernel.org [also disallow IGTK key IDs if no IGTK cipher is supported] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-12-26 16:02:45 +01:00
Sara Sharon	f495acd885	cfg80211: initialize rekey_data ... In case we have old supplicant, the akm field is uninitialized. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.930f0ab7ebee.Ic546e384efab3f4a89f318eafddc3eb7d556aecb@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-12-04 12:35:58 +01:00
Ye Bin	db18d20d1c	cfg80211: regulatory: Fix inconsistent format argument ... Fix follow warning: [net/wireless/reg.c:3619]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int'. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Ye Bin <yebin10@huawei.com> Link: https://lore.kernel.org/r/20201009070215.63695-1-yebin10@huawei.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-10-30 10:06:56 +01:00
Johannes Berg	9bdaf3b91e	cfg80211: initialize wdev data earlier ... There's a race condition in the netdev registration in that NETDEV_REGISTER actually happens after the netdev is available, and so if we initialize things only there, we might get called with an uninitialized wdev through nl80211 - not using a wdev but using a netdev interface index. I found this while looking into a syzbot report, but it doesn't really seem to be related, and unfortunately there's no repro for it (yet). I can't (yet) explain how it managed to get into cfg80211_release_pmsr() from nl80211_netlink_notify() without the wdev having been initialized, as the latter only iterates the wdevs that are linked into the rdev, which even without the change here happened after init. However, looking at this, it seems fairly clear that the init needs to be done earlier, otherwise we might even re-init on a netns move, when data might still be pending. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20201009135821.fdcbba3aad65.Ie9201d91dbcb7da32318812effdc1561aeaf4cdc@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-10-30 10:03:59 +01:00
Jakub Kicinski	16573e7cb5	A handful of changes: ... * fixes for the recent S1G work * a docbook build time improvement * API to pass beacon rate to lower-level driver -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAl9+7MQACgkQB8qZga/f l8SOqw/8Cr0/QTy2DMNGZwsIcNgLjYvgKckZFWFhyyJtYnFHUa+VX1fVO07xoQpG PWgHnDRR39rm6ZJt0n61h0C5wxwibggU8oGBNV3cYRDTwefR/WPWJ9UJs9NSVKA+ PJQt9iqKGneEq3KjISaKvWLFdWUHePorOVyZr8tLYlerGma17kLG6nunB7gg6CCn VSQrnVyeF7oEs7agkFtdaPpIQ2ieTxD9Xl2p2y3bMFRLVJopaBGHrWaGq1e7UKme c5W9cIwOxIvieqcn03/lkwS5KEaG5OXqL+pL1zJiN69OWpjp3X4DFMP8f7xTrmFj xK9SRTnR7CU3yvlfSQuNJgJn4+2zussn+VgzY5sDBW3FPAFy0NNvlA5vVnZgPJ61 AkfE8wNiaVAPLA8ckxN6VV9CiV1JDx5w2FrnCPhA7weX0l3PpAaojA5xG6HCDEHx LfNr9NbRLiTZdz8YkDEUU+GCCfnYBAbYXO/lMQK56L2T+HOu3yVE9nYuUQNRCCkK gDr9biOYrWpYC1r3mD+i+0guaH3ZRpO/skoD0So25YxCP+j/AkDJXSjflTkaU9P2 XmgXxjxVX8JFrg29XciiGW6a4TOWS3caMvwxb0PlzfPaNREuglH3ygFHVnWsAt2G GZIgc3OggRdUIK4zoX3jsZQAgDK4B9ym70zujSY7JdIamxaHmO4= =TrMG -----END PGP SIGNATURE----- Merge tag 'mac80211-next-for-net-next-2020-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== A handful of changes: * fixes for the recent S1G work * a docbook build time improvement * API to pass beacon rate to lower-level driver ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org>	2020-10-10 09:12:52 -07:00
Jakub Kicinski	9d49aea13f	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net ... Small conflict around locking in rxrpc_process_event() - channel_lock moved to bundle in next, while state lock needs _bh() from net. Signed-off-by: Jakub Kicinski <kuba@kernel.org>	2020-10-08 15:44:50 -07:00
Anant Thazhemadam	3dc289f8f1	net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() ... In nl80211_parse_key(), key.idx is first initialized as -1. If this value of key.idx remains unmodified and gets returned, and nl80211_key_allowed() also returns 0, then rdev_del_key() gets called with key.idx = -1. This causes an out-of-bounds array access. Handle this issue by checking if the value of key.idx after nl80211_parse_key() is called and return -EINVAL if key.idx < 0. Cc: stable@vger.kernel.org Reported-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com Tested-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> Link: https://lore.kernel.org/r/20201007035401.9522-1-anant.thazhemadam@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-10-08 12:37:25 +02:00
Thomas Pedersen	c1cd35c606	cfg80211: only allow S1G channels on S1G band ... As discovered by syzbot, cfg80211 was accepting S1G channel widths on non-S1G bands. Add a check for this, and consolidate the 1MHz frequency check as it ends up being a subset of the others. Reported-by: syzbot+92715a0eccd6c881bc32@syzkaller.appspotmail.com Fixes: 11b34737b1 ("nl80211: support setting S1G channels") Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com> Link: https://lore.kernel.org/r/20201005165122.17583-1-thomas@adapt-ip.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-10-08 10:41:24 +02:00
Jakub Kicinski	66a9b9287d	genetlink: move to smaller ops wherever possible ... Bulk of the genetlink users can use smaller ops, move them. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David S. Miller <davem@davemloft.net>	2020-10-02 19:11:11 -07:00
Johannes Berg	ab10c22bc3	nl80211: fix non-split wiphy information ... When dumping wiphy information, we try to split the data into many submessages, but for old userspace we still support the old mode where this doesn't happen. However, in this case we were not resetting our state correctly and dumping multiple messages for each wiphy, which would have broken such older userspace. This was broken pretty much immediately afterwards because it only worked in the original commit where non-split dumps didn't have any more data than split dumps... Fixes: fe1abafd94 ("nl80211: re-add channel width and extended capa advertising") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20200928130717.3e6d9c6bada2.Ie0f151a8d0d00a8e1e18f6a8c9244dd02496af67@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>	2020-10-02 12:07:09 +02:00